From d039609e3a537df4e15a454fdb5a004d519e9a11 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 17 May 2022 10:31:53 +0400 Subject: [PATCH 001/160] Bump njs revisions for mainline and stable. --- mainline/alpine-perl/Dockerfile | 12 ++++++------ mainline/alpine/Dockerfile | 12 ++++++------ mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 12 ++++++------ stable/alpine/Dockerfile | 12 ++++++------ stable/debian-perl/Dockerfile | 2 +- stable/debian/Dockerfile | 2 +- update.sh | 13 ++++++------- 9 files changed, 34 insertions(+), 35 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 2514aa09..67a1df19 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -8,7 +8,7 @@ FROM alpine:3.15 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.21.6 -ENV NJS_VERSION 0.7.2 +ENV NJS_VERSION 0.7.3 ENV PKG_RELEASE 1 RUN set -x \ @@ -67,16 +67,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"29ec1c635da36b7727953544e1a20e9d75bd9d2050e063b9f81f88ca07bb7ea0b65cef46d0f3cb7134b38ce9b94ecada631619f233231845a3d8a16b6ad0db82 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/688.tar.gz \ + && PKGOSSCHECKSUM=\"a8ab6ff80ab67c6c9567a9103b52a42a5962e9c1bc7091b7710aaf553a3b484af61b0797dd9b048c518e371a6f69e34d474cfaaeaa116fd2824bffa1cd9d4718 *688.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 688.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 688.tar.gz \ + && cd pkg-oss-688 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 638da921..79a1e711 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -8,7 +8,7 @@ FROM alpine:3.15 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.21.6 -ENV NJS_VERSION 0.7.2 +ENV NJS_VERSION 0.7.3 ENV PKG_RELEASE 1 RUN set -x \ @@ -66,16 +66,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"29ec1c635da36b7727953544e1a20e9d75bd9d2050e063b9f81f88ca07bb7ea0b65cef46d0f3cb7134b38ce9b94ecada631619f233231845a3d8a16b6ad0db82 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/688.tar.gz \ + && PKGOSSCHECKSUM=\"a8ab6ff80ab67c6c9567a9103b52a42a5962e9c1bc7091b7710aaf553a3b484af61b0797dd9b048c518e371a6f69e34d474cfaaeaa116fd2824bffa1cd9d4718 *688.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 688.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 688.tar.gz \ + && cd pkg-oss-688 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 28d2488f..cbf01484 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.21.6 -ENV NJS_VERSION 0.7.2 +ENV NJS_VERSION 0.7.3 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index a1afdde5..82683a4d 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.21.6 -ENV NJS_VERSION 0.7.2 +ENV NJS_VERSION 0.7.3 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 7ea9d174..9bf4be3a 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -8,7 +8,7 @@ FROM alpine:3.14 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.20.2 -ENV NJS_VERSION 0.7.0 +ENV NJS_VERSION 0.7.3 ENV PKG_RELEASE 1 RUN set -x \ @@ -67,16 +67,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"af6e7eb25594dffe2903358f7a2c5c956f5b67b8df3f4e8237c30b63e50ce28e6eada3ed453687409beef8f3afa8f551cb20df2f06bd5e235eb66df212ece2ed *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/689.tar.gz \ + && PKGOSSCHECKSUM=\"b3cb5de3d22b4db2ab478e60469638e1935cb91c20405e33bdbf7303766278cf864bace62f95ef40f4fe39e92731f53ce1c4a18192ec7f7820f4083cd9384116 *689.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 689.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 689.tar.gz \ + && cd pkg-oss-689 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 6c09b751..54f2089c 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -8,7 +8,7 @@ FROM alpine:3.14 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.20.2 -ENV NJS_VERSION 0.7.0 +ENV NJS_VERSION 0.7.3 ENV PKG_RELEASE 1 RUN set -x \ @@ -66,16 +66,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"af6e7eb25594dffe2903358f7a2c5c956f5b67b8df3f4e8237c30b63e50ce28e6eada3ed453687409beef8f3afa8f551cb20df2f06bd5e235eb66df212ece2ed *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/689.tar.gz \ + && PKGOSSCHECKSUM=\"b3cb5de3d22b4db2ab478e60469638e1935cb91c20405e33bdbf7303766278cf864bace62f95ef40f4fe39e92731f53ce1c4a18192ec7f7820f4083cd9384116 *689.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 689.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 689.tar.gz \ + && cd pkg-oss-689 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index ef7fe8b9..74063520 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.20.2 -ENV NJS_VERSION 0.7.0 +ENV NJS_VERSION 0.7.3 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index de83d24b..515b6ba1 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.20.2 -ENV NJS_VERSION 0.7.0 +ENV NJS_VERSION 0.7.3 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/update.sh b/update.sh index f2486b69..e247549c 100755 --- a/update.sh +++ b/update.sh @@ -18,8 +18,8 @@ declare -A nginx=( # Current njs versions declare -A njs=( - [mainline]='0.7.2' - [stable]='0.7.0' + [mainline]='0.7.3' + [stable]='0.7.3' ) # Current package patchlevel version @@ -44,17 +44,16 @@ declare -A alpine=( # when building alpine packages on architectures not supported by nginx.org # Remember to update pkgosschecksum when changing this. declare -A rev=( - [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' - [stable]='${NGINX_VERSION}-${PKG_RELEASE}' - #[stable]='500' + [mainline]='688' + [stable]='689' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='29ec1c635da36b7727953544e1a20e9d75bd9d2050e063b9f81f88ca07bb7ea0b65cef46d0f3cb7134b38ce9b94ecada631619f233231845a3d8a16b6ad0db82' - [stable]='af6e7eb25594dffe2903358f7a2c5c956f5b67b8df3f4e8237c30b63e50ce28e6eada3ed453687409beef8f3afa8f551cb20df2f06bd5e235eb66df212ece2ed' + [mainline]='a8ab6ff80ab67c6c9567a9103b52a42a5962e9c1bc7091b7710aaf553a3b484af61b0797dd9b048c518e371a6f69e34d474cfaaeaa116fd2824bffa1cd9d4718' + [stable]='b3cb5de3d22b4db2ab478e60469638e1935cb91c20405e33bdbf7303766278cf864bace62f95ef40f4fe39e92731f53ce1c4a18192ec7f7820f4083cd9384116' ) get_packages() { From 6e580a6f592c02f0bf3d254e0a14c57f3a71e2ff Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 25 May 2022 15:31:16 +0400 Subject: [PATCH 002/160] Updated stable nginx to 1.22.0 and njs to 0.7.4. While at it, bump base OS for Alpine-based stable builds to Alpine 3.16. --- update.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/update.sh b/update.sh index e247549c..dc0f207f 100755 --- a/update.sh +++ b/update.sh @@ -13,13 +13,13 @@ declare branches=( # Remember to update pkgosschecksum when changing this. declare -A nginx=( [mainline]='1.21.6' - [stable]='1.20.2' + [stable]='1.22.0' ) # Current njs versions declare -A njs=( [mainline]='0.7.3' - [stable]='0.7.3' + [stable]='0.7.4' ) # Current package patchlevel version @@ -36,7 +36,7 @@ declare -A debian=( declare -A alpine=( [mainline]='3.15' - [stable]='3.14' + [stable]='3.16' ) # When we bump njs version in a stable release we don't move the tag in the @@ -45,7 +45,7 @@ declare -A alpine=( # Remember to update pkgosschecksum when changing this. declare -A rev=( [mainline]='688' - [stable]='689' + [stable]='696' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code @@ -53,7 +53,7 @@ declare -A rev=( # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( [mainline]='a8ab6ff80ab67c6c9567a9103b52a42a5962e9c1bc7091b7710aaf553a3b484af61b0797dd9b048c518e371a6f69e34d474cfaaeaa116fd2824bffa1cd9d4718' - [stable]='b3cb5de3d22b4db2ab478e60469638e1935cb91c20405e33bdbf7303766278cf864bace62f95ef40f4fe39e92731f53ce1c4a18192ec7f7820f4083cd9384116' + [stable]='fabf394af60d935d7c3f5e36db65dddcced9595fd06d3dfdfabbb77aaea88a5b772ef9c1521531673bdbb2876390cdea3b81c51030d36ab76cf5bfc0bfe79230' ) get_packages() { From 40923d1dfb59f6c66bed31012c5b4e2e044b7835 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 25 May 2022 15:35:10 +0400 Subject: [PATCH 003/160] update.sh: be a bit more BSD-friendly. --- update.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/update.sh b/update.sh index dc0f207f..3017090d 100755 --- a/update.sh +++ b/update.sh @@ -150,7 +150,7 @@ for branch in "${branches[@]}"; do packages=$(get_packages "$variant" "$branch") packagever=$(get_packagever "$variant" "$branch") - sed -i \ + sed -i.bak \ -e 's,%%ALPINE_VERSION%%,'"$alpinever"',' \ -e 's,%%DEBIAN_VERSION%%,'"$debianver"',' \ -e 's,%%NGINX_VERSION%%,'"$nginxver"',' \ From b18fb328f999b28a7bb6d86e06b0756c1befa21a Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 25 May 2022 16:00:53 +0400 Subject: [PATCH 004/160] Updated Dockerfiles. --- stable/alpine-perl/Dockerfile | 18 +++++++++--------- stable/alpine/Dockerfile | 18 +++++++++--------- stable/debian-perl/Dockerfile | 4 ++-- stable/debian/Dockerfile | 4 ++-- 4 files changed, 22 insertions(+), 22 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 9bf4be3a..e3596af6 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,12 +3,12 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.14 +FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.20.2 -ENV NJS_VERSION 0.7.3 +ENV NGINX_VERSION 1.22.0 +ENV NJS_VERSION 0.7.4 ENV PKG_RELEASE 1 RUN set -x \ @@ -53,7 +53,7 @@ RUN set -x \ libc-dev \ make \ openssl-dev \ - pcre-dev \ + pcre2-dev \ zlib-dev \ linux-headers \ libxslt-dev \ @@ -67,16 +67,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/689.tar.gz \ - && PKGOSSCHECKSUM=\"b3cb5de3d22b4db2ab478e60469638e1935cb91c20405e33bdbf7303766278cf864bace62f95ef40f4fe39e92731f53ce1c4a18192ec7f7820f4083cd9384116 *689.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 689.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/696.tar.gz \ + && PKGOSSCHECKSUM=\"fabf394af60d935d7c3f5e36db65dddcced9595fd06d3dfdfabbb77aaea88a5b772ef9c1521531673bdbb2876390cdea3b81c51030d36ab76cf5bfc0bfe79230 *696.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 696.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 689.tar.gz \ - && cd pkg-oss-689 \ + && tar xzvf 696.tar.gz \ + && cd pkg-oss-696 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 54f2089c..66049768 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,12 +3,12 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.14 +FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.20.2 -ENV NJS_VERSION 0.7.3 +ENV NGINX_VERSION 1.22.0 +ENV NJS_VERSION 0.7.4 ENV PKG_RELEASE 1 RUN set -x \ @@ -52,7 +52,7 @@ RUN set -x \ libc-dev \ make \ openssl-dev \ - pcre-dev \ + pcre2-dev \ zlib-dev \ linux-headers \ libxslt-dev \ @@ -66,16 +66,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/689.tar.gz \ - && PKGOSSCHECKSUM=\"b3cb5de3d22b4db2ab478e60469638e1935cb91c20405e33bdbf7303766278cf864bace62f95ef40f4fe39e92731f53ce1c4a18192ec7f7820f4083cd9384116 *689.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 689.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/696.tar.gz \ + && PKGOSSCHECKSUM=\"fabf394af60d935d7c3f5e36db65dddcced9595fd06d3dfdfabbb77aaea88a5b772ef9c1521531673bdbb2876390cdea3b81c51030d36ab76cf5bfc0bfe79230 *696.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 696.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 689.tar.gz \ - && cd pkg-oss-689 \ + && tar xzvf 696.tar.gz \ + && cd pkg-oss-696 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 74063520..e5612bfe 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.20.2 -ENV NJS_VERSION 0.7.3 +ENV NGINX_VERSION 1.22.0 +ENV NJS_VERSION 0.7.4 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 515b6ba1..a9f05fcf 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.20.2 -ENV NJS_VERSION 0.7.3 +ENV NGINX_VERSION 1.22.0 +ENV NJS_VERSION 0.7.4 ENV PKG_RELEASE 1~bullseye RUN set -x \ From 88018137053bdda23bd31fd61249b4b521eaffcf Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 25 May 2022 16:02:16 +0400 Subject: [PATCH 005/160] generate-stackbrew-library.sh: updated stable version. --- generate-stackbrew-library.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 4ff7ea38..92ee3413 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -4,7 +4,7 @@ set -eu declare -A aliases aliases=( [mainline]='1 1.21 latest' - [stable]='1.20' + [stable]='1.22' ) self="$(basename "$BASH_SOURCE")" From 7ff24ba2bed1438c1b72f573dc69532ac26e9cdc Mon Sep 17 00:00:00 2001 From: Jesper Noordsij Date: Thu, 26 May 2022 11:23:57 +0200 Subject: [PATCH 006/160] Update mainline to Alpine 3.16 --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- update.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 67a1df19..2eeea52f 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.15 +FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 79a1e711..76e50fce 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.15 +FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " diff --git a/update.sh b/update.sh index 3017090d..039231b0 100755 --- a/update.sh +++ b/update.sh @@ -35,7 +35,7 @@ declare -A debian=( ) declare -A alpine=( - [mainline]='3.15' + [mainline]='3.16' [stable]='3.16' ) From 04226fe92cc11bed68dae464eb60fd5399daf3b1 Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Tue, 21 Jun 2022 15:57:15 -0500 Subject: [PATCH 007/160] Update NGINX to 1.23, NJS to 0.7.5 --- .gitignore | 1 + mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 4 ++-- update.sh | 4 ++-- 6 files changed, 11 insertions(+), 10 deletions(-) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..751553b3 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +*.bak diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 2eeea52f..c8dea2e0 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.6 -ENV NJS_VERSION 0.7.3 +ENV NGINX_VERSION 1.23.0 +ENV NJS_VERSION 0.7.5 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 76e50fce..c52c2411 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.6 -ENV NJS_VERSION 0.7.3 +ENV NGINX_VERSION 1.23.0 +ENV NJS_VERSION 0.7.5 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index cbf01484..a0c1781b 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.6 -ENV NJS_VERSION 0.7.3 +ENV NGINX_VERSION 1.23.0 +ENV NJS_VERSION 0.7.5 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 82683a4d..4be092e9 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.6 -ENV NJS_VERSION 0.7.3 +ENV NGINX_VERSION 1.23.0 +ENV NJS_VERSION 0.7.5 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/update.sh b/update.sh index 039231b0..17cd14db 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.21.6' + [mainline]='1.23.0' [stable]='1.22.0' ) # Current njs versions declare -A njs=( - [mainline]='0.7.3' + [mainline]='0.7.5' [stable]='0.7.4' ) From d4a47bc6602d3a1412dad48a8513b83805605ef3 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 22 Jun 2022 10:30:30 +0400 Subject: [PATCH 008/160] Moved stable to njs 0.7.5. While at it, updated revisions and checksums for current tags. --- mainline/alpine-perl/Dockerfile | 10 +++++----- mainline/alpine/Dockerfile | 10 +++++----- stable/alpine-perl/Dockerfile | 12 ++++++------ stable/alpine/Dockerfile | 12 ++++++------ stable/debian-perl/Dockerfile | 2 +- stable/debian/Dockerfile | 2 +- update.sh | 10 +++++----- 7 files changed, 29 insertions(+), 29 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index c8dea2e0..74b16afb 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -67,16 +67,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/688.tar.gz \ - && PKGOSSCHECKSUM=\"a8ab6ff80ab67c6c9567a9103b52a42a5962e9c1bc7091b7710aaf553a3b484af61b0797dd9b048c518e371a6f69e34d474cfaaeaa116fd2824bffa1cd9d4718 *688.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 688.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"678b1e9ab34777f1a1a1a8717aff0dfa08cc187cf2cf140c084d23205f3ba3af97805e72ebbed49dd7bfcb23bbeca982b150fff5c2a6c96f161ed9085101f1a4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 688.tar.gz \ - && cd pkg-oss-688 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index c52c2411..75aebbe9 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -66,16 +66,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/688.tar.gz \ - && PKGOSSCHECKSUM=\"a8ab6ff80ab67c6c9567a9103b52a42a5962e9c1bc7091b7710aaf553a3b484af61b0797dd9b048c518e371a6f69e34d474cfaaeaa116fd2824bffa1cd9d4718 *688.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 688.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"678b1e9ab34777f1a1a1a8717aff0dfa08cc187cf2cf140c084d23205f3ba3af97805e72ebbed49dd7bfcb23bbeca982b150fff5c2a6c96f161ed9085101f1a4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 688.tar.gz \ - && cd pkg-oss-688 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index e3596af6..4f89d029 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -8,7 +8,7 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.22.0 -ENV NJS_VERSION 0.7.4 +ENV NJS_VERSION 0.7.5 ENV PKG_RELEASE 1 RUN set -x \ @@ -67,16 +67,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/696.tar.gz \ - && PKGOSSCHECKSUM=\"fabf394af60d935d7c3f5e36db65dddcced9595fd06d3dfdfabbb77aaea88a5b772ef9c1521531673bdbb2876390cdea3b81c51030d36ab76cf5bfc0bfe79230 *696.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 696.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/714.tar.gz \ + && PKGOSSCHECKSUM=\"f457d5988c1f2663e04c5cdad71874c25e94754277dd9da5d73c1d37c32bdaf288b3b20d8b5d070ffb33aab363eaf4a7abbcf95fcfd72b0729a1c1908c37e30e *714.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 714.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 696.tar.gz \ - && cd pkg-oss-696 \ + && tar xzvf 714.tar.gz \ + && cd pkg-oss-714 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 66049768..5c79c906 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -8,7 +8,7 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.22.0 -ENV NJS_VERSION 0.7.4 +ENV NJS_VERSION 0.7.5 ENV PKG_RELEASE 1 RUN set -x \ @@ -66,16 +66,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/696.tar.gz \ - && PKGOSSCHECKSUM=\"fabf394af60d935d7c3f5e36db65dddcced9595fd06d3dfdfabbb77aaea88a5b772ef9c1521531673bdbb2876390cdea3b81c51030d36ab76cf5bfc0bfe79230 *696.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 696.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/714.tar.gz \ + && PKGOSSCHECKSUM=\"f457d5988c1f2663e04c5cdad71874c25e94754277dd9da5d73c1d37c32bdaf288b3b20d8b5d070ffb33aab363eaf4a7abbcf95fcfd72b0729a1c1908c37e30e *714.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 714.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 696.tar.gz \ - && cd pkg-oss-696 \ + && tar xzvf 714.tar.gz \ + && cd pkg-oss-714 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index e5612bfe..57d8a670 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.22.0 -ENV NJS_VERSION 0.7.4 +ENV NJS_VERSION 0.7.5 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index a9f05fcf..12eecb65 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.22.0 -ENV NJS_VERSION 0.7.4 +ENV NJS_VERSION 0.7.5 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/update.sh b/update.sh index 17cd14db..6f0bb000 100755 --- a/update.sh +++ b/update.sh @@ -19,7 +19,7 @@ declare -A nginx=( # Current njs versions declare -A njs=( [mainline]='0.7.5' - [stable]='0.7.4' + [stable]='0.7.5' ) # Current package patchlevel version @@ -44,16 +44,16 @@ declare -A alpine=( # when building alpine packages on architectures not supported by nginx.org # Remember to update pkgosschecksum when changing this. declare -A rev=( - [mainline]='688' - [stable]='696' + [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' + [stable]='714' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='a8ab6ff80ab67c6c9567a9103b52a42a5962e9c1bc7091b7710aaf553a3b484af61b0797dd9b048c518e371a6f69e34d474cfaaeaa116fd2824bffa1cd9d4718' - [stable]='fabf394af60d935d7c3f5e36db65dddcced9595fd06d3dfdfabbb77aaea88a5b772ef9c1521531673bdbb2876390cdea3b81c51030d36ab76cf5bfc0bfe79230' + [mainline]='678b1e9ab34777f1a1a1a8717aff0dfa08cc187cf2cf140c084d23205f3ba3af97805e72ebbed49dd7bfcb23bbeca982b150fff5c2a6c96f161ed9085101f1a4' + [stable]='f457d5988c1f2663e04c5cdad71874c25e94754277dd9da5d73c1d37c32bdaf288b3b20d8b5d070ffb33aab363eaf4a7abbcf95fcfd72b0729a1c1908c37e30e' ) get_packages() { From 3e472aef70a13fd52ebac3a6b7902c7ea8e7f7ce Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 22 Jun 2022 11:03:11 +0400 Subject: [PATCH 009/160] generate-stackbrew-library.sh: updated mainline version. --- generate-stackbrew-library.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 92ee3413..d9a24d04 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -3,7 +3,7 @@ set -eu declare -A aliases aliases=( - [mainline]='1 1.21 latest' + [mainline]='1 1.23 latest' [stable]='1.22' ) From a563dda2d52e2aae1883ad174c54add563db78c8 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 27 Jun 2022 12:33:36 +0400 Subject: [PATCH 010/160] sync-awsecr.sh: bumped mainline/stable. --- sync-awsecr.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sync-awsecr.sh b/sync-awsecr.sh index 767e03d4..3e10a9ba 100755 --- a/sync-awsecr.sh +++ b/sync-awsecr.sh @@ -6,8 +6,8 @@ registry="public.ecr.aws/z9d2n7e1" declare -A aliases aliases=( - [mainline]='1 1.21 latest' - [stable]='1.20' + [mainline]='1 1.23 latest' + [stable]='1.22' ) architectures=( amd64 arm64v8 ) From 3581b6708a9ad8f8511db4a2fd57a703b17903c2 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 29 Jun 2022 13:47:28 +0400 Subject: [PATCH 011/160] modules: added xslscript.pl to debian-based image. This should not be really required. Sometimes when building debian changelogs in pkg-oss there seems to be a timestamp issue forcing changes.xslt to be rebuilt. I can not reliable reproduce it, but a workaround seems to be just to ship the script and use it when it's needed. Fixes #677. --- modules/Dockerfile | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/modules/Dockerfile b/modules/Dockerfile index 7a4e7141..1cce673d 100644 --- a/modules/Dockerfile +++ b/modules/Dockerfile @@ -15,7 +15,17 @@ RUN set -ex \ && apt install -y --no-install-suggests --no-install-recommends \ patch make wget mercurial devscripts debhelper dpkg-dev \ quilt lsb-release build-essential libxml2-utils xsltproc \ - equivs git g++ \ + equivs git g++ libparse-recdescent-perl \ + && XSLSCRIPT_SHA512="f7194c5198daeab9b3b0c3aebf006922c7df1d345d454bd8474489ff2eb6b4bf8e2ffe442489a45d1aab80da6ecebe0097759a1e12cc26b5f0613d05b7c09ffa *stdin" \ + && wget -O /tmp/xslscript.pl https://hg.nginx.org/xslscript/raw-file/01dc9ba12e1b/xslscript.pl \ + && if [ "$(cat /tmp/xslscript.pl | openssl sha512 -r)" = "$XSLSCRIPT_SHA512" ]; then \ + echo "XSLScript checksum verification succeeded!"; \ + chmod +x /tmp/xslscript.pl; \ + mv /tmp/xslscript.pl /usr/local/bin/; \ + else \ + echo "XSLScript checksum verification failed!"; \ + exit 1; \ + fi \ && hg clone -r ${NGINX_VERSION}-${PKG_RELEASE%%~*} https://hg.nginx.org/pkg-oss/ \ && cd pkg-oss \ && mkdir /tmp/packages \ From f3d86e99ba2db5d9918ede7b094fcad7b9128cd8 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 19 Jul 2022 20:41:42 +0400 Subject: [PATCH 012/160] Updated NGINX to 1.23.1, NJS to 0.7.6 --- mainline/alpine-perl/Dockerfile | 6 +++--- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 4 ++-- stable/alpine-perl/Dockerfile | 12 ++++++------ stable/alpine/Dockerfile | 12 ++++++------ stable/debian-perl/Dockerfile | 2 +- stable/debian/Dockerfile | 2 +- update.sh | 12 ++++++------ 9 files changed, 30 insertions(+), 30 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 74b16afb..a67df4f7 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.0 -ENV NJS_VERSION 0.7.5 +ENV NGINX_VERSION 1.23.1 +ENV NJS_VERSION 0.7.6 ENV PKG_RELEASE 1 RUN set -x \ @@ -68,7 +68,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"678b1e9ab34777f1a1a1a8717aff0dfa08cc187cf2cf140c084d23205f3ba3af97805e72ebbed49dd7bfcb23bbeca982b150fff5c2a6c96f161ed9085101f1a4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"513952f1e0432e667a8e3afef791a2daa036911f35573c849712747f10418f3f5b8712faf75fcb87f91bfaf593622b1e1c4f38ad9fef830f4cae141357206ecd *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 75aebbe9..d8a995bd 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.0 -ENV NJS_VERSION 0.7.5 +ENV NGINX_VERSION 1.23.1 +ENV NJS_VERSION 0.7.6 ENV PKG_RELEASE 1 RUN set -x \ @@ -67,7 +67,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"678b1e9ab34777f1a1a1a8717aff0dfa08cc187cf2cf140c084d23205f3ba3af97805e72ebbed49dd7bfcb23bbeca982b150fff5c2a6c96f161ed9085101f1a4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"513952f1e0432e667a8e3afef791a2daa036911f35573c849712747f10418f3f5b8712faf75fcb87f91bfaf593622b1e1c4f38ad9fef830f4cae141357206ecd *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index a0c1781b..a0a4c590 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.0 -ENV NJS_VERSION 0.7.5 +ENV NGINX_VERSION 1.23.1 +ENV NJS_VERSION 0.7.6 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 4be092e9..dd378e7e 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.0 -ENV NJS_VERSION 0.7.5 +ENV NGINX_VERSION 1.23.1 +ENV NJS_VERSION 0.7.6 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 4f89d029..50cac385 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -8,7 +8,7 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.22.0 -ENV NJS_VERSION 0.7.5 +ENV NJS_VERSION 0.7.6 ENV PKG_RELEASE 1 RUN set -x \ @@ -67,16 +67,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/714.tar.gz \ - && PKGOSSCHECKSUM=\"f457d5988c1f2663e04c5cdad71874c25e94754277dd9da5d73c1d37c32bdaf288b3b20d8b5d070ffb33aab363eaf4a7abbcf95fcfd72b0729a1c1908c37e30e *714.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 714.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/725.tar.gz \ + && PKGOSSCHECKSUM=\"a6c56bb7e98be77337affe349e1316a71ddad7a732dc3b34294a794b3e740d68385022f0de72d08c090156f194580a92dcb8b5e2aa1c9c29b5a8484a6431e9b3 *725.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 725.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 714.tar.gz \ - && cd pkg-oss-714 \ + && tar xzvf 725.tar.gz \ + && cd pkg-oss-725 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 5c79c906..4bec54dc 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -8,7 +8,7 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.22.0 -ENV NJS_VERSION 0.7.5 +ENV NJS_VERSION 0.7.6 ENV PKG_RELEASE 1 RUN set -x \ @@ -66,16 +66,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/714.tar.gz \ - && PKGOSSCHECKSUM=\"f457d5988c1f2663e04c5cdad71874c25e94754277dd9da5d73c1d37c32bdaf288b3b20d8b5d070ffb33aab363eaf4a7abbcf95fcfd72b0729a1c1908c37e30e *714.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 714.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/725.tar.gz \ + && PKGOSSCHECKSUM=\"a6c56bb7e98be77337affe349e1316a71ddad7a732dc3b34294a794b3e740d68385022f0de72d08c090156f194580a92dcb8b5e2aa1c9c29b5a8484a6431e9b3 *725.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 725.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 714.tar.gz \ - && cd pkg-oss-714 \ + && tar xzvf 725.tar.gz \ + && cd pkg-oss-725 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 57d8a670..fac18e55 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.22.0 -ENV NJS_VERSION 0.7.5 +ENV NJS_VERSION 0.7.6 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 12eecb65..48258bac 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.22.0 -ENV NJS_VERSION 0.7.5 +ENV NJS_VERSION 0.7.6 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/update.sh b/update.sh index 6f0bb000..f1bb316c 100755 --- a/update.sh +++ b/update.sh @@ -12,14 +12,14 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.23.0' + [mainline]='1.23.1' [stable]='1.22.0' ) # Current njs versions declare -A njs=( - [mainline]='0.7.5' - [stable]='0.7.5' + [mainline]='0.7.6' + [stable]='0.7.6' ) # Current package patchlevel version @@ -45,15 +45,15 @@ declare -A alpine=( # Remember to update pkgosschecksum when changing this. declare -A rev=( [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' - [stable]='714' + [stable]='725' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='678b1e9ab34777f1a1a1a8717aff0dfa08cc187cf2cf140c084d23205f3ba3af97805e72ebbed49dd7bfcb23bbeca982b150fff5c2a6c96f161ed9085101f1a4' - [stable]='f457d5988c1f2663e04c5cdad71874c25e94754277dd9da5d73c1d37c32bdaf288b3b20d8b5d070ffb33aab363eaf4a7abbcf95fcfd72b0729a1c1908c37e30e' + [mainline]='513952f1e0432e667a8e3afef791a2daa036911f35573c849712747f10418f3f5b8712faf75fcb87f91bfaf593622b1e1c4f38ad9fef830f4cae141357206ecd' + [stable]='a6c56bb7e98be77337affe349e1316a71ddad7a732dc3b34294a794b3e740d68385022f0de72d08c090156f194580a92dcb8b5e2aa1c9c29b5a8484a6431e9b3' ) get_packages() { From 1dca42f99b3f032d862a1d35e8a5b951d629dc98 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 9 Sep 2022 16:54:47 +0400 Subject: [PATCH 013/160] Introduced alpine-slim image variant. --- Dockerfile-alpine-slim.template | 115 +++++++++++ generate-stackbrew-library.sh | 15 ++ .../10-listen-on-ipv6-by-default.sh | 61 ++++++ .../alpine-slim/20-envsubst-on-templates.sh | 32 +++ .../alpine-slim/30-tune-worker-processes.sh | 188 ++++++++++++++++++ mainline/alpine-slim/Dockerfile | 121 +++++++++++ mainline/alpine-slim/docker-entrypoint.sh | 38 ++++ .../10-listen-on-ipv6-by-default.sh | 61 ++++++ .../alpine-slim/20-envsubst-on-templates.sh | 32 +++ .../alpine-slim/30-tune-worker-processes.sh | 188 ++++++++++++++++++ stable/alpine-slim/Dockerfile | 121 +++++++++++ stable/alpine-slim/docker-entrypoint.sh | 38 ++++ update.sh | 24 ++- 13 files changed, 1027 insertions(+), 7 deletions(-) create mode 100644 Dockerfile-alpine-slim.template create mode 100755 mainline/alpine-slim/10-listen-on-ipv6-by-default.sh create mode 100755 mainline/alpine-slim/20-envsubst-on-templates.sh create mode 100755 mainline/alpine-slim/30-tune-worker-processes.sh create mode 100644 mainline/alpine-slim/Dockerfile create mode 100755 mainline/alpine-slim/docker-entrypoint.sh create mode 100755 stable/alpine-slim/10-listen-on-ipv6-by-default.sh create mode 100755 stable/alpine-slim/20-envsubst-on-templates.sh create mode 100755 stable/alpine-slim/30-tune-worker-processes.sh create mode 100644 stable/alpine-slim/Dockerfile create mode 100755 stable/alpine-slim/docker-entrypoint.sh diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template new file mode 100644 index 00000000..b394d05e --- /dev/null +++ b/Dockerfile-alpine-slim.template @@ -0,0 +1,115 @@ +FROM alpine:%%ALPINE_VERSION%% + +LABEL maintainer="NGINX Docker Maintainers " + +ENV NGINX_VERSION %%NGINX_VERSION%% +ENV PKG_RELEASE %%PKG_RELEASE%% + +RUN set -x \ +# create nginx user/group first, to be consistent throughout docker variants + && addgroup -g 101 -S nginx \ + && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \ + && apkArch="$(cat /etc/apk/arch)" \ + && nginxPackages="%%PACKAGES%% + " \ +# install prerequisites for public key and pkg-oss checks + && apk add --no-cache --virtual .checksum-deps \ + openssl \ + && case "$apkArch" in \ + x86_64|aarch64) \ +# arches officially built by upstream + set -x \ + && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ + && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + echo "key verification succeeded!"; \ + mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ + else \ + echo "key verification failed!"; \ + exit 1; \ + fi \ + && apk add -X "%%PACKAGEREPO%%v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published packaging sources + set -x \ + && tempDir="$(mktemp -d)" \ + && chown nobody:nobody $tempDir \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre2-dev \ + zlib-dev \ + linux-headers \ + bash \ + alpine-sdk \ + findutils \ + && su nobody -s /bin/sh -c " \ + export HOME=${tempDir} \ + && cd ${tempDir} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/%%REVISION%%.tar.gz \ + && PKGOSSCHECKSUM=\"%%PKGOSSCHECKSUM%% *%%REVISION%%.tar.gz\" \ + && if [ \"\$(openssl sha512 -r %%REVISION%%.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + echo \"pkg-oss tarball checksum verification succeeded!\"; \ + else \ + echo \"pkg-oss tarball checksum verification failed!\"; \ + exit 1; \ + fi \ + && tar xzvf %%REVISION%%.tar.gz \ + && cd pkg-oss-%%REVISION%% \ + && cd alpine \ + && make base \ + && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ + " \ + && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ + && apk del .build-deps \ + && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ + ;; \ + esac \ +# remove checksum deps + && apk del .checksum-deps \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ +# Bring in gettext so we can get `envsubst`, then throw +# the rest away. To do this, we need to install `gettext` +# then move `envsubst` out of the way so `gettext` can +# be deleted completely, then move `envsubst` back. + && apk add --no-cache --virtual .gettext gettext \ + && mv /usr/bin/envsubst /tmp/ \ + \ + && runDeps="$( \ + scanelf --needed --nobanner /tmp/envsubst \ + | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ + | sort -u \ + | xargs -r apk info --installed \ + | sort -u \ + )" \ + && apk add --no-cache $runDeps \ + && apk del .gettext \ + && mv /tmp/envsubst /usr/local/bin/ \ +# Bring in tzdata so users could set the timezones through the environment +# variables + && apk add --no-cache tzdata \ +# forward request and error logs to docker log collector + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ +# create a docker-entrypoint.d directory + && mkdir /docker-entrypoint.d + +COPY docker-entrypoint.sh / +COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 20-envsubst-on-templates.sh /docker-entrypoint.d +COPY 30-tune-worker-processes.sh /docker-entrypoint.d +ENTRYPOINT ["/docker-entrypoint.sh"] + +EXPOSE 80 + +STOPSIGNAL SIGQUIT + +CMD ["nginx", "-g", "daemon off;"] diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index d9a24d04..9bc067d2 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -98,4 +98,19 @@ for version in "${versions[@]}"; do EOE done + for variant in alpine-slim; do + commit="$(dirCommit "$version/$variant")" + + variantAliases=( "${versionAliases[@]/%/-$variant}" ) + variantAliases=( "${variantAliases[@]//latest-/}" ) + + echo + cat <<-EOE + Tags: $(join ', ' "${variantAliases[@]}") + Architectures: arm64v8, amd64 + GitCommit: $commit + Directory: $version/$variant + EOE + done + done diff --git a/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh b/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh new file mode 100755 index 00000000..9585152b --- /dev/null +++ b/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh @@ -0,0 +1,61 @@ +#!/bin/sh +# vim:sw=4:ts=4:et + +set -e + +ME=$(basename $0) +DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" + +# check if we have ipv6 available +if [ ! -f "/proc/net/if_inet6" ]; then + echo >&3 "$ME: info: ipv6 not available" + exit 0 +fi + +if [ ! -f "/$DEFAULT_CONF_FILE" ]; then + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + exit 0 +fi + +# check if the file can be modified, e.g. not on a r/o filesystem +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } + +# check if the file is already modified, e.g. on a container restart +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } + +if [ -f "/etc/os-release" ]; then + . /etc/os-release +else + echo >&3 "$ME: info: can not guess the operating system" + exit 0 +fi + +echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" + +case "$ID" in + "debian") + CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + exit 0 + } + ;; + "alpine") + CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + exit 0 + } + ;; + *) + echo >&3 "$ME: info: Unsupported distribution" + exit 0 + ;; +esac + +# enable ipv6 on default.conf listen sockets +sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE + +echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" + +exit 0 diff --git a/mainline/alpine-slim/20-envsubst-on-templates.sh b/mainline/alpine-slim/20-envsubst-on-templates.sh new file mode 100755 index 00000000..4f330295 --- /dev/null +++ b/mainline/alpine-slim/20-envsubst-on-templates.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +set -e + +ME=$(basename $0) + +auto_envsubst() { + local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" + local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" + local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + + local template defined_envs relative_path output_path subdir + defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + [ -d "$template_dir" ] || return 0 + if [ ! -w "$output_dir" ]; then + echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + return 0 + fi + find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do + relative_path="${template#$template_dir/}" + output_path="$output_dir/${relative_path%$suffix}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$output_dir/$subdir" + echo >&3 "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done +} + +auto_envsubst + +exit 0 diff --git a/mainline/alpine-slim/30-tune-worker-processes.sh b/mainline/alpine-slim/30-tune-worker-processes.sh new file mode 100755 index 00000000..56505871 --- /dev/null +++ b/mainline/alpine-slim/30-tune-worker-processes.sh @@ -0,0 +1,188 @@ +#!/bin/sh +# vim:sw=2:ts=2:sts=2:et + +set -eu + +LC_ALL=C +ME=$( basename "$0" ) +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 + +touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } + +ceildiv() { + num=$1 + div=$2 + echo $(( (num + div - 1) / div )) +} + +get_cpuset() { + cpusetroot=$1 + cpusetfile=$2 + ncpu=0 + [ -f "$cpusetroot/$cpusetfile" ] || return 1 + for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do + case "$token" in + *-*) + count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) + ncpu=$(( ncpu+count )) + ;; + *) + ncpu=$(( ncpu+1 )) + ;; + esac + done + echo "$ncpu" +} + +get_quota() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 + [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 + cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) + cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) + [ "$cfs_quota" = "-1" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return 1 + echo "$ncpu" +} + +get_quota_v2() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.max" ] || return 1 + cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) + cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) + [ "$cfs_quota" = "max" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return 1 + echo "$ncpu" +} + +get_cgroup_v1_path() { + needle=$1 + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 + + while IFS= read -r line; do + case "$needle" in + "cpuset") + case "$line" in + *cpuset*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break + ;; + esac + ;; + "cpu") + case "$line" in + *cpuset*) + ;; + *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break + ;; + esac + esac + done << __EOF__ +$( grep -F -- '- cgroup ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + controller=$( echo "$line" | cut -d: -f 2 ) + case "$needle" in + "cpuset") + case "$controller" in + cpuset) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + break + ;; + esac + ;; + "cpu") + case "$controller" in + cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + break + ;; + esac + ;; + esac +done << __EOF__ +$( grep -F -- 'cpu' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +get_cgroup_v2_path() { + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 + + while IFS= read -r line; do + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + done << __EOF__ +$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + mountpoint=$( echo "$line" | cut -d: -f 3 ) +done << __EOF__ +$( grep -F -- '0::' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "") + return 1 + ;; + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +ncpu_online=$( getconf _NPROCESSORS_ONLN ) +ncpu_cpuset= +ncpu_quota= +ncpu_cpuset_v2= +ncpu_quota_v2= + +cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online +cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online + +ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ + "$ncpu_online" \ + "$ncpu_cpuset" \ + "$ncpu_quota" \ + "$ncpu_cpuset_v2" \ + "$ncpu_quota_v2" \ + | sort -n \ + | head -n 1 ) + +sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile new file mode 100644 index 00000000..b5cfded6 --- /dev/null +++ b/mainline/alpine-slim/Dockerfile @@ -0,0 +1,121 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# +FROM alpine:3.16 + +LABEL maintainer="NGINX Docker Maintainers " + +ENV NGINX_VERSION 1.23.1 +ENV PKG_RELEASE 1 + +RUN set -x \ +# create nginx user/group first, to be consistent throughout docker variants + && addgroup -g 101 -S nginx \ + && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \ + && apkArch="$(cat /etc/apk/arch)" \ + && nginxPackages=" \ + nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ + " \ +# install prerequisites for public key and pkg-oss checks + && apk add --no-cache --virtual .checksum-deps \ + openssl \ + && case "$apkArch" in \ + x86_64|aarch64) \ +# arches officially built by upstream + set -x \ + && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ + && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + echo "key verification succeeded!"; \ + mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ + else \ + echo "key verification failed!"; \ + exit 1; \ + fi \ + && apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published packaging sources + set -x \ + && tempDir="$(mktemp -d)" \ + && chown nobody:nobody $tempDir \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre2-dev \ + zlib-dev \ + linux-headers \ + bash \ + alpine-sdk \ + findutils \ + && su nobody -s /bin/sh -c " \ + export HOME=${tempDir} \ + && cd ${tempDir} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"513952f1e0432e667a8e3afef791a2daa036911f35573c849712747f10418f3f5b8712faf75fcb87f91bfaf593622b1e1c4f38ad9fef830f4cae141357206ecd *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + echo \"pkg-oss tarball checksum verification succeeded!\"; \ + else \ + echo \"pkg-oss tarball checksum verification failed!\"; \ + exit 1; \ + fi \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && cd alpine \ + && make base \ + && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ + " \ + && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ + && apk del .build-deps \ + && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ + ;; \ + esac \ +# remove checksum deps + && apk del .checksum-deps \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ +# Bring in gettext so we can get `envsubst`, then throw +# the rest away. To do this, we need to install `gettext` +# then move `envsubst` out of the way so `gettext` can +# be deleted completely, then move `envsubst` back. + && apk add --no-cache --virtual .gettext gettext \ + && mv /usr/bin/envsubst /tmp/ \ + \ + && runDeps="$( \ + scanelf --needed --nobanner /tmp/envsubst \ + | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ + | sort -u \ + | xargs -r apk info --installed \ + | sort -u \ + )" \ + && apk add --no-cache $runDeps \ + && apk del .gettext \ + && mv /tmp/envsubst /usr/local/bin/ \ +# Bring in tzdata so users could set the timezones through the environment +# variables + && apk add --no-cache tzdata \ +# forward request and error logs to docker log collector + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ +# create a docker-entrypoint.d directory + && mkdir /docker-entrypoint.d + +COPY docker-entrypoint.sh / +COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 20-envsubst-on-templates.sh /docker-entrypoint.d +COPY 30-tune-worker-processes.sh /docker-entrypoint.d +ENTRYPOINT ["/docker-entrypoint.sh"] + +EXPOSE 80 + +STOPSIGNAL SIGQUIT + +CMD ["nginx", "-g", "daemon off;"] diff --git a/mainline/alpine-slim/docker-entrypoint.sh b/mainline/alpine-slim/docker-entrypoint.sh new file mode 100755 index 00000000..72d5cd94 --- /dev/null +++ b/mainline/alpine-slim/docker-entrypoint.sh @@ -0,0 +1,38 @@ +#!/bin/sh +# vim:sw=4:ts=4:et + +set -e + +if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + exec 3>&1 +else + exec 3>/dev/null +fi + +if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then + echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + + echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do + case "$f" in + *.sh) + if [ -x "$f" ]; then + echo >&3 "$0: Launching $f"; + "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; + *) echo >&3 "$0: Ignoring $f";; + esac + done + + echo >&3 "$0: Configuration complete; ready for start up" + else + echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + fi +fi + +exec "$@" diff --git a/stable/alpine-slim/10-listen-on-ipv6-by-default.sh b/stable/alpine-slim/10-listen-on-ipv6-by-default.sh new file mode 100755 index 00000000..9585152b --- /dev/null +++ b/stable/alpine-slim/10-listen-on-ipv6-by-default.sh @@ -0,0 +1,61 @@ +#!/bin/sh +# vim:sw=4:ts=4:et + +set -e + +ME=$(basename $0) +DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" + +# check if we have ipv6 available +if [ ! -f "/proc/net/if_inet6" ]; then + echo >&3 "$ME: info: ipv6 not available" + exit 0 +fi + +if [ ! -f "/$DEFAULT_CONF_FILE" ]; then + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + exit 0 +fi + +# check if the file can be modified, e.g. not on a r/o filesystem +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } + +# check if the file is already modified, e.g. on a container restart +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } + +if [ -f "/etc/os-release" ]; then + . /etc/os-release +else + echo >&3 "$ME: info: can not guess the operating system" + exit 0 +fi + +echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" + +case "$ID" in + "debian") + CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + exit 0 + } + ;; + "alpine") + CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + exit 0 + } + ;; + *) + echo >&3 "$ME: info: Unsupported distribution" + exit 0 + ;; +esac + +# enable ipv6 on default.conf listen sockets +sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE + +echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" + +exit 0 diff --git a/stable/alpine-slim/20-envsubst-on-templates.sh b/stable/alpine-slim/20-envsubst-on-templates.sh new file mode 100755 index 00000000..4f330295 --- /dev/null +++ b/stable/alpine-slim/20-envsubst-on-templates.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +set -e + +ME=$(basename $0) + +auto_envsubst() { + local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" + local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" + local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + + local template defined_envs relative_path output_path subdir + defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + [ -d "$template_dir" ] || return 0 + if [ ! -w "$output_dir" ]; then + echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + return 0 + fi + find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do + relative_path="${template#$template_dir/}" + output_path="$output_dir/${relative_path%$suffix}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$output_dir/$subdir" + echo >&3 "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done +} + +auto_envsubst + +exit 0 diff --git a/stable/alpine-slim/30-tune-worker-processes.sh b/stable/alpine-slim/30-tune-worker-processes.sh new file mode 100755 index 00000000..56505871 --- /dev/null +++ b/stable/alpine-slim/30-tune-worker-processes.sh @@ -0,0 +1,188 @@ +#!/bin/sh +# vim:sw=2:ts=2:sts=2:et + +set -eu + +LC_ALL=C +ME=$( basename "$0" ) +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 + +touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } + +ceildiv() { + num=$1 + div=$2 + echo $(( (num + div - 1) / div )) +} + +get_cpuset() { + cpusetroot=$1 + cpusetfile=$2 + ncpu=0 + [ -f "$cpusetroot/$cpusetfile" ] || return 1 + for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do + case "$token" in + *-*) + count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) + ncpu=$(( ncpu+count )) + ;; + *) + ncpu=$(( ncpu+1 )) + ;; + esac + done + echo "$ncpu" +} + +get_quota() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 + [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 + cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) + cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) + [ "$cfs_quota" = "-1" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return 1 + echo "$ncpu" +} + +get_quota_v2() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.max" ] || return 1 + cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) + cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) + [ "$cfs_quota" = "max" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return 1 + echo "$ncpu" +} + +get_cgroup_v1_path() { + needle=$1 + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 + + while IFS= read -r line; do + case "$needle" in + "cpuset") + case "$line" in + *cpuset*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break + ;; + esac + ;; + "cpu") + case "$line" in + *cpuset*) + ;; + *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break + ;; + esac + esac + done << __EOF__ +$( grep -F -- '- cgroup ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + controller=$( echo "$line" | cut -d: -f 2 ) + case "$needle" in + "cpuset") + case "$controller" in + cpuset) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + break + ;; + esac + ;; + "cpu") + case "$controller" in + cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + break + ;; + esac + ;; + esac +done << __EOF__ +$( grep -F -- 'cpu' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +get_cgroup_v2_path() { + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 + + while IFS= read -r line; do + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + done << __EOF__ +$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + mountpoint=$( echo "$line" | cut -d: -f 3 ) +done << __EOF__ +$( grep -F -- '0::' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "") + return 1 + ;; + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +ncpu_online=$( getconf _NPROCESSORS_ONLN ) +ncpu_cpuset= +ncpu_quota= +ncpu_cpuset_v2= +ncpu_quota_v2= + +cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online +cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online + +ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ + "$ncpu_online" \ + "$ncpu_cpuset" \ + "$ncpu_quota" \ + "$ncpu_cpuset_v2" \ + "$ncpu_quota_v2" \ + | sort -n \ + | head -n 1 ) + +sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile new file mode 100644 index 00000000..8f548539 --- /dev/null +++ b/stable/alpine-slim/Dockerfile @@ -0,0 +1,121 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# +FROM alpine:3.16 + +LABEL maintainer="NGINX Docker Maintainers " + +ENV NGINX_VERSION 1.22.0 +ENV PKG_RELEASE 1 + +RUN set -x \ +# create nginx user/group first, to be consistent throughout docker variants + && addgroup -g 101 -S nginx \ + && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \ + && apkArch="$(cat /etc/apk/arch)" \ + && nginxPackages=" \ + nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ + " \ +# install prerequisites for public key and pkg-oss checks + && apk add --no-cache --virtual .checksum-deps \ + openssl \ + && case "$apkArch" in \ + x86_64|aarch64) \ +# arches officially built by upstream + set -x \ + && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ + && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + echo "key verification succeeded!"; \ + mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ + else \ + echo "key verification failed!"; \ + exit 1; \ + fi \ + && apk add -X "https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published packaging sources + set -x \ + && tempDir="$(mktemp -d)" \ + && chown nobody:nobody $tempDir \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre2-dev \ + zlib-dev \ + linux-headers \ + bash \ + alpine-sdk \ + findutils \ + && su nobody -s /bin/sh -c " \ + export HOME=${tempDir} \ + && cd ${tempDir} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/725.tar.gz \ + && PKGOSSCHECKSUM=\"a6c56bb7e98be77337affe349e1316a71ddad7a732dc3b34294a794b3e740d68385022f0de72d08c090156f194580a92dcb8b5e2aa1c9c29b5a8484a6431e9b3 *725.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 725.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + echo \"pkg-oss tarball checksum verification succeeded!\"; \ + else \ + echo \"pkg-oss tarball checksum verification failed!\"; \ + exit 1; \ + fi \ + && tar xzvf 725.tar.gz \ + && cd pkg-oss-725 \ + && cd alpine \ + && make base \ + && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ + " \ + && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ + && apk del .build-deps \ + && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ + ;; \ + esac \ +# remove checksum deps + && apk del .checksum-deps \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ +# Bring in gettext so we can get `envsubst`, then throw +# the rest away. To do this, we need to install `gettext` +# then move `envsubst` out of the way so `gettext` can +# be deleted completely, then move `envsubst` back. + && apk add --no-cache --virtual .gettext gettext \ + && mv /usr/bin/envsubst /tmp/ \ + \ + && runDeps="$( \ + scanelf --needed --nobanner /tmp/envsubst \ + | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ + | sort -u \ + | xargs -r apk info --installed \ + | sort -u \ + )" \ + && apk add --no-cache $runDeps \ + && apk del .gettext \ + && mv /tmp/envsubst /usr/local/bin/ \ +# Bring in tzdata so users could set the timezones through the environment +# variables + && apk add --no-cache tzdata \ +# forward request and error logs to docker log collector + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ +# create a docker-entrypoint.d directory + && mkdir /docker-entrypoint.d + +COPY docker-entrypoint.sh / +COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 20-envsubst-on-templates.sh /docker-entrypoint.d +COPY 30-tune-worker-processes.sh /docker-entrypoint.d +ENTRYPOINT ["/docker-entrypoint.sh"] + +EXPOSE 80 + +STOPSIGNAL SIGQUIT + +CMD ["nginx", "-g", "daemon off;"] diff --git a/stable/alpine-slim/docker-entrypoint.sh b/stable/alpine-slim/docker-entrypoint.sh new file mode 100755 index 00000000..72d5cd94 --- /dev/null +++ b/stable/alpine-slim/docker-entrypoint.sh @@ -0,0 +1,38 @@ +#!/bin/sh +# vim:sw=4:ts=4:et + +set -e + +if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + exec 3>&1 +else + exec 3>/dev/null +fi + +if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then + echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + + echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do + case "$f" in + *.sh) + if [ -x "$f" ]; then + echo >&3 "$0: Launching $f"; + "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; + *) echo >&3 "$0: Ignoring $f";; + esac + done + + echo >&3 "$0: Configuration complete; ready for start up" + else + echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + fi +fi + +exec "$@" diff --git a/update.sh b/update.sh index f1bb316c..ddb783eb 100755 --- a/update.sh +++ b/update.sh @@ -82,16 +82,26 @@ get_packages() { esac echo -n ' \\\n' - for p in nginx nginx-module-xslt nginx-module-geoip nginx-module-image-filter $perl; do - echo -n ' '"$p"'=${NGINX_VERSION}-'"$r"'${PKG_RELEASE} \\\n' - done - for p in nginx-module-njs; do - echo -n ' '"$p"'=${NGINX_VERSION}'"$sep"'${NJS_VERSION}-'"$r"'${PKG_RELEASE} \\' - done + case "$distro" in + *-slim) + for p in nginx; do + echo -n ' '"$p"'=${NGINX_VERSION}-'"$r"'${PKG_RELEASE} \\' + done + ;; + *) + for p in nginx nginx-module-xslt nginx-module-geoip nginx-module-image-filter $perl; do + echo -n ' '"$p"'=${NGINX_VERSION}-'"$r"'${PKG_RELEASE} \\\n' + done + for p in nginx-module-njs; do + echo -n ' '"$p"'=${NGINX_VERSION}'"$sep"'${NJS_VERSION}-'"$r"'${PKG_RELEASE} \\' + done + ;; + esac } get_packagerepo() { local distro="${1%-perl}" + distro="${distro%-slim}" shift local branch="$1" shift @@ -125,7 +135,7 @@ __EOF__ for branch in "${branches[@]}"; do for variant in \ - alpine{,-perl} \ + alpine{,-perl,-slim} \ debian{,-perl}; do echo "$branch: $variant" dir="$branch/$variant" From 667512852e35b485cc557412e58648cf70a77759 Mon Sep 17 00:00:00 2001 From: JuniorJPDJ Date: Wed, 20 Jul 2022 01:23:20 +0200 Subject: [PATCH 014/160] Source entrypoint files with .envsh extension This allows reusing variables declared between entrypoint scripts --- entrypoint/docker-entrypoint.sh | 9 +++++++++ mainline/alpine-perl/docker-entrypoint.sh | 9 +++++++++ mainline/alpine-slim/docker-entrypoint.sh | 9 +++++++++ mainline/alpine/docker-entrypoint.sh | 9 +++++++++ mainline/debian-perl/docker-entrypoint.sh | 9 +++++++++ mainline/debian/docker-entrypoint.sh | 9 +++++++++ stable/alpine-perl/docker-entrypoint.sh | 9 +++++++++ stable/alpine-slim/docker-entrypoint.sh | 9 +++++++++ stable/alpine/docker-entrypoint.sh | 9 +++++++++ stable/debian-perl/docker-entrypoint.sh | 9 +++++++++ stable/debian/docker-entrypoint.sh | 9 +++++++++ 11 files changed, 99 insertions(+) diff --git a/entrypoint/docker-entrypoint.sh b/entrypoint/docker-entrypoint.sh index 72d5cd94..b8b99e14 100755 --- a/entrypoint/docker-entrypoint.sh +++ b/entrypoint/docker-entrypoint.sh @@ -16,6 +16,15 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in + *.envsh) + if [ -x "$f" ]; then + echo >&3 "$0: Sourcing $f"; + source "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; *.sh) if [ -x "$f" ]; then echo >&3 "$0: Launching $f"; diff --git a/mainline/alpine-perl/docker-entrypoint.sh b/mainline/alpine-perl/docker-entrypoint.sh index 72d5cd94..b8b99e14 100755 --- a/mainline/alpine-perl/docker-entrypoint.sh +++ b/mainline/alpine-perl/docker-entrypoint.sh @@ -16,6 +16,15 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in + *.envsh) + if [ -x "$f" ]; then + echo >&3 "$0: Sourcing $f"; + source "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; *.sh) if [ -x "$f" ]; then echo >&3 "$0: Launching $f"; diff --git a/mainline/alpine-slim/docker-entrypoint.sh b/mainline/alpine-slim/docker-entrypoint.sh index 72d5cd94..b8b99e14 100755 --- a/mainline/alpine-slim/docker-entrypoint.sh +++ b/mainline/alpine-slim/docker-entrypoint.sh @@ -16,6 +16,15 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in + *.envsh) + if [ -x "$f" ]; then + echo >&3 "$0: Sourcing $f"; + source "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; *.sh) if [ -x "$f" ]; then echo >&3 "$0: Launching $f"; diff --git a/mainline/alpine/docker-entrypoint.sh b/mainline/alpine/docker-entrypoint.sh index 72d5cd94..b8b99e14 100755 --- a/mainline/alpine/docker-entrypoint.sh +++ b/mainline/alpine/docker-entrypoint.sh @@ -16,6 +16,15 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in + *.envsh) + if [ -x "$f" ]; then + echo >&3 "$0: Sourcing $f"; + source "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; *.sh) if [ -x "$f" ]; then echo >&3 "$0: Launching $f"; diff --git a/mainline/debian-perl/docker-entrypoint.sh b/mainline/debian-perl/docker-entrypoint.sh index 72d5cd94..b8b99e14 100755 --- a/mainline/debian-perl/docker-entrypoint.sh +++ b/mainline/debian-perl/docker-entrypoint.sh @@ -16,6 +16,15 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in + *.envsh) + if [ -x "$f" ]; then + echo >&3 "$0: Sourcing $f"; + source "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; *.sh) if [ -x "$f" ]; then echo >&3 "$0: Launching $f"; diff --git a/mainline/debian/docker-entrypoint.sh b/mainline/debian/docker-entrypoint.sh index 72d5cd94..b8b99e14 100755 --- a/mainline/debian/docker-entrypoint.sh +++ b/mainline/debian/docker-entrypoint.sh @@ -16,6 +16,15 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in + *.envsh) + if [ -x "$f" ]; then + echo >&3 "$0: Sourcing $f"; + source "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; *.sh) if [ -x "$f" ]; then echo >&3 "$0: Launching $f"; diff --git a/stable/alpine-perl/docker-entrypoint.sh b/stable/alpine-perl/docker-entrypoint.sh index 72d5cd94..b8b99e14 100755 --- a/stable/alpine-perl/docker-entrypoint.sh +++ b/stable/alpine-perl/docker-entrypoint.sh @@ -16,6 +16,15 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in + *.envsh) + if [ -x "$f" ]; then + echo >&3 "$0: Sourcing $f"; + source "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; *.sh) if [ -x "$f" ]; then echo >&3 "$0: Launching $f"; diff --git a/stable/alpine-slim/docker-entrypoint.sh b/stable/alpine-slim/docker-entrypoint.sh index 72d5cd94..b8b99e14 100755 --- a/stable/alpine-slim/docker-entrypoint.sh +++ b/stable/alpine-slim/docker-entrypoint.sh @@ -16,6 +16,15 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in + *.envsh) + if [ -x "$f" ]; then + echo >&3 "$0: Sourcing $f"; + source "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; *.sh) if [ -x "$f" ]; then echo >&3 "$0: Launching $f"; diff --git a/stable/alpine/docker-entrypoint.sh b/stable/alpine/docker-entrypoint.sh index 72d5cd94..b8b99e14 100755 --- a/stable/alpine/docker-entrypoint.sh +++ b/stable/alpine/docker-entrypoint.sh @@ -16,6 +16,15 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in + *.envsh) + if [ -x "$f" ]; then + echo >&3 "$0: Sourcing $f"; + source "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; *.sh) if [ -x "$f" ]; then echo >&3 "$0: Launching $f"; diff --git a/stable/debian-perl/docker-entrypoint.sh b/stable/debian-perl/docker-entrypoint.sh index 72d5cd94..b8b99e14 100755 --- a/stable/debian-perl/docker-entrypoint.sh +++ b/stable/debian-perl/docker-entrypoint.sh @@ -16,6 +16,15 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in + *.envsh) + if [ -x "$f" ]; then + echo >&3 "$0: Sourcing $f"; + source "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; *.sh) if [ -x "$f" ]; then echo >&3 "$0: Launching $f"; diff --git a/stable/debian/docker-entrypoint.sh b/stable/debian/docker-entrypoint.sh index 72d5cd94..b8b99e14 100755 --- a/stable/debian/docker-entrypoint.sh +++ b/stable/debian/docker-entrypoint.sh @@ -16,6 +16,15 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in + *.envsh) + if [ -x "$f" ]; then + echo >&3 "$0: Sourcing $f"; + source "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; *.sh) if [ -x "$f" ]; then echo >&3 "$0: Launching $f"; From 6b94ddac1c42eab917f4060a8a1de673779e87d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Sj=C3=B6lund?= Date: Sun, 11 Sep 2022 07:49:13 +0200 Subject: [PATCH 015/160] docker-entrypoint: don't close fd 3. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The file descriptor 3 in the container might be an activated socket that was inherited from systemd via Podman and should therefore not be closed. Fixes #702. Signed-off-by: Erik Sjölund --- entrypoint/10-listen-on-ipv6-by-default.sh | 26 ++++++++++++-------- entrypoint/20-envsubst-on-templates.sh | 10 ++++++-- entrypoint/docker-entrypoint.sh | 28 +++++++++++----------- 3 files changed, 38 insertions(+), 26 deletions(-) diff --git a/entrypoint/10-listen-on-ipv6-by-default.sh b/entrypoint/10-listen-on-ipv6-by-default.sh index 9585152b..b2655860 100755 --- a/entrypoint/10-listen-on-ipv6-by-default.sh +++ b/entrypoint/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/entrypoint/20-envsubst-on-templates.sh b/entrypoint/20-envsubst-on-templates.sh index 4f330295..1a2560a4 100755 --- a/entrypoint/20-envsubst-on-templates.sh +++ b/entrypoint/20-envsubst-on-templates.sh @@ -4,6 +4,12 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" @@ -13,7 +19,7 @@ auto_envsubst() { defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/entrypoint/docker-entrypoint.sh b/entrypoint/docker-entrypoint.sh index b8b99e14..34fef79b 100755 --- a/entrypoint/docker-entrypoint.sh +++ b/entrypoint/docker-entrypoint.sh @@ -3,44 +3,44 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.envsh) if [ -x "$f" ]; then - echo >&3 "$0: Sourcing $f"; + entrypoint_log "$0: Sourcing $f"; source "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi From 4680ae8cb5a0dfc561699c9ed3dc5c93091b9e36 Mon Sep 17 00:00:00 2001 From: Konstantin Demin Date: Sat, 10 Sep 2022 00:47:58 +0300 Subject: [PATCH 016/160] 30-tune-worker-processes.sh: cgroups2 workaround cgroups2 may be set in weird way: <<< $ podman run --rm --network=host debian:stable-slim sh -c 'grep cgroup /proc/self/mountinfo ; echo ; cat /proc/self/cgroup' 754 752 0:27 /../../../../../.. /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - cgroup2 cgroup2 rw,nsdelegate,memory_recursiveprot 0::/ >>> add workaround for that case Signed-off-by: Konstantin Demin --- entrypoint/30-tune-worker-processes.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint/30-tune-worker-processes.sh b/entrypoint/30-tune-worker-processes.sh index 56505871..9aa42e98 100755 --- a/entrypoint/30-tune-worker-processes.sh +++ b/entrypoint/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac From 0d38d4931427fea915b2db39c1212db369278d5c Mon Sep 17 00:00:00 2001 From: Alex Sheplyakov Date: Tue, 13 Sep 2022 16:22:03 +0400 Subject: [PATCH 017/160] Better ENV variables handling. In case when env contain variables with newlines, the variables substitution script fails, trying to use non-existent variables. See https://github.com/nginxinc/docker-nginx/pull/560 for more details. Co-authored-by: Tianon Gravi --- entrypoint/20-envsubst-on-templates.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint/20-envsubst-on-templates.sh b/entrypoint/20-envsubst-on-templates.sh index 1a2560a4..8ca5b7e6 100755 --- a/entrypoint/20-envsubst-on-templates.sh +++ b/entrypoint/20-envsubst-on-templates.sh @@ -16,7 +16,7 @@ auto_envsubst() { local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" From ed42652f987141da65bab235b86a165b2c506cf5 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 13 Sep 2022 16:32:24 +0400 Subject: [PATCH 018/160] Updated entrypoints changed with the recent commits. --- .../10-listen-on-ipv6-by-default.sh | 26 ++++++++++------- .../alpine-perl/20-envsubst-on-templates.sh | 12 ++++++-- .../alpine-perl/30-tune-worker-processes.sh | 2 +- mainline/alpine-perl/docker-entrypoint.sh | 28 +++++++++---------- .../10-listen-on-ipv6-by-default.sh | 26 ++++++++++------- .../alpine-slim/20-envsubst-on-templates.sh | 12 ++++++-- .../alpine-slim/30-tune-worker-processes.sh | 2 +- mainline/alpine-slim/docker-entrypoint.sh | 28 +++++++++---------- .../alpine/10-listen-on-ipv6-by-default.sh | 26 ++++++++++------- mainline/alpine/20-envsubst-on-templates.sh | 12 ++++++-- mainline/alpine/30-tune-worker-processes.sh | 2 +- mainline/alpine/docker-entrypoint.sh | 28 +++++++++---------- .../10-listen-on-ipv6-by-default.sh | 26 ++++++++++------- .../debian-perl/20-envsubst-on-templates.sh | 12 ++++++-- .../debian-perl/30-tune-worker-processes.sh | 2 +- mainline/debian-perl/docker-entrypoint.sh | 28 +++++++++---------- .../debian/10-listen-on-ipv6-by-default.sh | 26 ++++++++++------- mainline/debian/20-envsubst-on-templates.sh | 12 ++++++-- mainline/debian/30-tune-worker-processes.sh | 2 +- mainline/debian/docker-entrypoint.sh | 28 +++++++++---------- .../10-listen-on-ipv6-by-default.sh | 26 ++++++++++------- .../alpine-perl/20-envsubst-on-templates.sh | 12 ++++++-- .../alpine-perl/30-tune-worker-processes.sh | 2 +- stable/alpine-perl/docker-entrypoint.sh | 28 +++++++++---------- .../10-listen-on-ipv6-by-default.sh | 26 ++++++++++------- .../alpine-slim/20-envsubst-on-templates.sh | 12 ++++++-- .../alpine-slim/30-tune-worker-processes.sh | 2 +- stable/alpine-slim/docker-entrypoint.sh | 28 +++++++++---------- stable/alpine/10-listen-on-ipv6-by-default.sh | 26 ++++++++++------- stable/alpine/20-envsubst-on-templates.sh | 12 ++++++-- stable/alpine/30-tune-worker-processes.sh | 2 +- stable/alpine/docker-entrypoint.sh | 28 +++++++++---------- .../10-listen-on-ipv6-by-default.sh | 26 ++++++++++------- .../debian-perl/20-envsubst-on-templates.sh | 12 ++++++-- .../debian-perl/30-tune-worker-processes.sh | 2 +- stable/debian-perl/docker-entrypoint.sh | 28 +++++++++---------- stable/debian/10-listen-on-ipv6-by-default.sh | 26 ++++++++++------- stable/debian/20-envsubst-on-templates.sh | 12 ++++++-- stable/debian/30-tune-worker-processes.sh | 2 +- stable/debian/docker-entrypoint.sh | 28 +++++++++---------- 40 files changed, 400 insertions(+), 280 deletions(-) diff --git a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh index 9585152b..b2655860 100755 --- a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/mainline/alpine-perl/20-envsubst-on-templates.sh b/mainline/alpine-perl/20-envsubst-on-templates.sh index 4f330295..8ca5b7e6 100755 --- a/mainline/alpine-perl/20-envsubst-on-templates.sh +++ b/mainline/alpine-perl/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/mainline/alpine-perl/30-tune-worker-processes.sh b/mainline/alpine-perl/30-tune-worker-processes.sh index 56505871..9aa42e98 100755 --- a/mainline/alpine-perl/30-tune-worker-processes.sh +++ b/mainline/alpine-perl/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/mainline/alpine-perl/docker-entrypoint.sh b/mainline/alpine-perl/docker-entrypoint.sh index b8b99e14..34fef79b 100755 --- a/mainline/alpine-perl/docker-entrypoint.sh +++ b/mainline/alpine-perl/docker-entrypoint.sh @@ -3,44 +3,44 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.envsh) if [ -x "$f" ]; then - echo >&3 "$0: Sourcing $f"; + entrypoint_log "$0: Sourcing $f"; source "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh b/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh index 9585152b..b2655860 100755 --- a/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/mainline/alpine-slim/20-envsubst-on-templates.sh b/mainline/alpine-slim/20-envsubst-on-templates.sh index 4f330295..8ca5b7e6 100755 --- a/mainline/alpine-slim/20-envsubst-on-templates.sh +++ b/mainline/alpine-slim/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/mainline/alpine-slim/30-tune-worker-processes.sh b/mainline/alpine-slim/30-tune-worker-processes.sh index 56505871..9aa42e98 100755 --- a/mainline/alpine-slim/30-tune-worker-processes.sh +++ b/mainline/alpine-slim/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/mainline/alpine-slim/docker-entrypoint.sh b/mainline/alpine-slim/docker-entrypoint.sh index b8b99e14..34fef79b 100755 --- a/mainline/alpine-slim/docker-entrypoint.sh +++ b/mainline/alpine-slim/docker-entrypoint.sh @@ -3,44 +3,44 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.envsh) if [ -x "$f" ]; then - echo >&3 "$0: Sourcing $f"; + entrypoint_log "$0: Sourcing $f"; source "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/mainline/alpine/10-listen-on-ipv6-by-default.sh b/mainline/alpine/10-listen-on-ipv6-by-default.sh index 9585152b..b2655860 100755 --- a/mainline/alpine/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/mainline/alpine/20-envsubst-on-templates.sh b/mainline/alpine/20-envsubst-on-templates.sh index 4f330295..8ca5b7e6 100755 --- a/mainline/alpine/20-envsubst-on-templates.sh +++ b/mainline/alpine/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/mainline/alpine/30-tune-worker-processes.sh b/mainline/alpine/30-tune-worker-processes.sh index 56505871..9aa42e98 100755 --- a/mainline/alpine/30-tune-worker-processes.sh +++ b/mainline/alpine/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/mainline/alpine/docker-entrypoint.sh b/mainline/alpine/docker-entrypoint.sh index b8b99e14..34fef79b 100755 --- a/mainline/alpine/docker-entrypoint.sh +++ b/mainline/alpine/docker-entrypoint.sh @@ -3,44 +3,44 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.envsh) if [ -x "$f" ]; then - echo >&3 "$0: Sourcing $f"; + entrypoint_log "$0: Sourcing $f"; source "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/mainline/debian-perl/10-listen-on-ipv6-by-default.sh b/mainline/debian-perl/10-listen-on-ipv6-by-default.sh index 9585152b..b2655860 100755 --- a/mainline/debian-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/debian-perl/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/mainline/debian-perl/20-envsubst-on-templates.sh b/mainline/debian-perl/20-envsubst-on-templates.sh index 4f330295..8ca5b7e6 100755 --- a/mainline/debian-perl/20-envsubst-on-templates.sh +++ b/mainline/debian-perl/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/mainline/debian-perl/30-tune-worker-processes.sh b/mainline/debian-perl/30-tune-worker-processes.sh index 56505871..9aa42e98 100755 --- a/mainline/debian-perl/30-tune-worker-processes.sh +++ b/mainline/debian-perl/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/mainline/debian-perl/docker-entrypoint.sh b/mainline/debian-perl/docker-entrypoint.sh index b8b99e14..34fef79b 100755 --- a/mainline/debian-perl/docker-entrypoint.sh +++ b/mainline/debian-perl/docker-entrypoint.sh @@ -3,44 +3,44 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.envsh) if [ -x "$f" ]; then - echo >&3 "$0: Sourcing $f"; + entrypoint_log "$0: Sourcing $f"; source "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/mainline/debian/10-listen-on-ipv6-by-default.sh b/mainline/debian/10-listen-on-ipv6-by-default.sh index 9585152b..b2655860 100755 --- a/mainline/debian/10-listen-on-ipv6-by-default.sh +++ b/mainline/debian/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/mainline/debian/20-envsubst-on-templates.sh b/mainline/debian/20-envsubst-on-templates.sh index 4f330295..8ca5b7e6 100755 --- a/mainline/debian/20-envsubst-on-templates.sh +++ b/mainline/debian/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/mainline/debian/30-tune-worker-processes.sh b/mainline/debian/30-tune-worker-processes.sh index 56505871..9aa42e98 100755 --- a/mainline/debian/30-tune-worker-processes.sh +++ b/mainline/debian/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/mainline/debian/docker-entrypoint.sh b/mainline/debian/docker-entrypoint.sh index b8b99e14..34fef79b 100755 --- a/mainline/debian/docker-entrypoint.sh +++ b/mainline/debian/docker-entrypoint.sh @@ -3,44 +3,44 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.envsh) if [ -x "$f" ]; then - echo >&3 "$0: Sourcing $f"; + entrypoint_log "$0: Sourcing $f"; source "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh index 9585152b..b2655860 100755 --- a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/stable/alpine-perl/20-envsubst-on-templates.sh b/stable/alpine-perl/20-envsubst-on-templates.sh index 4f330295..8ca5b7e6 100755 --- a/stable/alpine-perl/20-envsubst-on-templates.sh +++ b/stable/alpine-perl/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/stable/alpine-perl/30-tune-worker-processes.sh b/stable/alpine-perl/30-tune-worker-processes.sh index 56505871..9aa42e98 100755 --- a/stable/alpine-perl/30-tune-worker-processes.sh +++ b/stable/alpine-perl/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/stable/alpine-perl/docker-entrypoint.sh b/stable/alpine-perl/docker-entrypoint.sh index b8b99e14..34fef79b 100755 --- a/stable/alpine-perl/docker-entrypoint.sh +++ b/stable/alpine-perl/docker-entrypoint.sh @@ -3,44 +3,44 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.envsh) if [ -x "$f" ]; then - echo >&3 "$0: Sourcing $f"; + entrypoint_log "$0: Sourcing $f"; source "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/stable/alpine-slim/10-listen-on-ipv6-by-default.sh b/stable/alpine-slim/10-listen-on-ipv6-by-default.sh index 9585152b..b2655860 100755 --- a/stable/alpine-slim/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine-slim/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/stable/alpine-slim/20-envsubst-on-templates.sh b/stable/alpine-slim/20-envsubst-on-templates.sh index 4f330295..8ca5b7e6 100755 --- a/stable/alpine-slim/20-envsubst-on-templates.sh +++ b/stable/alpine-slim/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/stable/alpine-slim/30-tune-worker-processes.sh b/stable/alpine-slim/30-tune-worker-processes.sh index 56505871..9aa42e98 100755 --- a/stable/alpine-slim/30-tune-worker-processes.sh +++ b/stable/alpine-slim/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/stable/alpine-slim/docker-entrypoint.sh b/stable/alpine-slim/docker-entrypoint.sh index b8b99e14..34fef79b 100755 --- a/stable/alpine-slim/docker-entrypoint.sh +++ b/stable/alpine-slim/docker-entrypoint.sh @@ -3,44 +3,44 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.envsh) if [ -x "$f" ]; then - echo >&3 "$0: Sourcing $f"; + entrypoint_log "$0: Sourcing $f"; source "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/stable/alpine/10-listen-on-ipv6-by-default.sh b/stable/alpine/10-listen-on-ipv6-by-default.sh index 9585152b..b2655860 100755 --- a/stable/alpine/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/stable/alpine/20-envsubst-on-templates.sh b/stable/alpine/20-envsubst-on-templates.sh index 4f330295..8ca5b7e6 100755 --- a/stable/alpine/20-envsubst-on-templates.sh +++ b/stable/alpine/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/stable/alpine/30-tune-worker-processes.sh b/stable/alpine/30-tune-worker-processes.sh index 56505871..9aa42e98 100755 --- a/stable/alpine/30-tune-worker-processes.sh +++ b/stable/alpine/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/stable/alpine/docker-entrypoint.sh b/stable/alpine/docker-entrypoint.sh index b8b99e14..34fef79b 100755 --- a/stable/alpine/docker-entrypoint.sh +++ b/stable/alpine/docker-entrypoint.sh @@ -3,44 +3,44 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.envsh) if [ -x "$f" ]; then - echo >&3 "$0: Sourcing $f"; + entrypoint_log "$0: Sourcing $f"; source "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/stable/debian-perl/10-listen-on-ipv6-by-default.sh b/stable/debian-perl/10-listen-on-ipv6-by-default.sh index 9585152b..b2655860 100755 --- a/stable/debian-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/debian-perl/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/stable/debian-perl/20-envsubst-on-templates.sh b/stable/debian-perl/20-envsubst-on-templates.sh index 4f330295..8ca5b7e6 100755 --- a/stable/debian-perl/20-envsubst-on-templates.sh +++ b/stable/debian-perl/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/stable/debian-perl/30-tune-worker-processes.sh b/stable/debian-perl/30-tune-worker-processes.sh index 56505871..9aa42e98 100755 --- a/stable/debian-perl/30-tune-worker-processes.sh +++ b/stable/debian-perl/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/stable/debian-perl/docker-entrypoint.sh b/stable/debian-perl/docker-entrypoint.sh index b8b99e14..34fef79b 100755 --- a/stable/debian-perl/docker-entrypoint.sh +++ b/stable/debian-perl/docker-entrypoint.sh @@ -3,44 +3,44 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.envsh) if [ -x "$f" ]; then - echo >&3 "$0: Sourcing $f"; + entrypoint_log "$0: Sourcing $f"; source "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/stable/debian/10-listen-on-ipv6-by-default.sh b/stable/debian/10-listen-on-ipv6-by-default.sh index 9585152b..b2655860 100755 --- a/stable/debian/10-listen-on-ipv6-by-default.sh +++ b/stable/debian/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/stable/debian/20-envsubst-on-templates.sh b/stable/debian/20-envsubst-on-templates.sh index 4f330295..8ca5b7e6 100755 --- a/stable/debian/20-envsubst-on-templates.sh +++ b/stable/debian/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/stable/debian/30-tune-worker-processes.sh b/stable/debian/30-tune-worker-processes.sh index 56505871..9aa42e98 100755 --- a/stable/debian/30-tune-worker-processes.sh +++ b/stable/debian/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/stable/debian/docker-entrypoint.sh b/stable/debian/docker-entrypoint.sh index b8b99e14..34fef79b 100755 --- a/stable/debian/docker-entrypoint.sh +++ b/stable/debian/docker-entrypoint.sh @@ -3,44 +3,44 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.envsh) if [ -x "$f" ]; then - echo >&3 "$0: Sourcing $f"; + entrypoint_log "$0: Sourcing $f"; source "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi From 34f8babd45eba2b3c4b001b7aac41882aae3b17a Mon Sep 17 00:00:00 2001 From: karlderkaefer Date: Thu, 15 Sep 2022 13:46:21 +0200 Subject: [PATCH 019/160] feat: add optional filter for environment variables passed to envsubst MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit closes #705 Co-authored-by: Erik Sjölund --- entrypoint/20-envsubst-on-templates.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/entrypoint/20-envsubst-on-templates.sh b/entrypoint/20-envsubst-on-templates.sh index 8ca5b7e6..fc61cdeb 100755 --- a/entrypoint/20-envsubst-on-templates.sh +++ b/entrypoint/20-envsubst-on-templates.sh @@ -14,9 +14,10 @@ auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" From 98973693a89005722832e1a9e2467211c64139f1 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 27 Sep 2022 13:35:01 +0400 Subject: [PATCH 020/160] Updated entrypoints changed with the previous commit. --- mainline/alpine-perl/20-envsubst-on-templates.sh | 3 ++- mainline/alpine-slim/20-envsubst-on-templates.sh | 3 ++- mainline/alpine/20-envsubst-on-templates.sh | 3 ++- mainline/debian-perl/20-envsubst-on-templates.sh | 3 ++- mainline/debian/20-envsubst-on-templates.sh | 3 ++- stable/alpine-perl/20-envsubst-on-templates.sh | 3 ++- stable/alpine-slim/20-envsubst-on-templates.sh | 3 ++- stable/alpine/20-envsubst-on-templates.sh | 3 ++- stable/debian-perl/20-envsubst-on-templates.sh | 3 ++- stable/debian/20-envsubst-on-templates.sh | 3 ++- 10 files changed, 20 insertions(+), 10 deletions(-) diff --git a/mainline/alpine-perl/20-envsubst-on-templates.sh b/mainline/alpine-perl/20-envsubst-on-templates.sh index 8ca5b7e6..fc61cdeb 100755 --- a/mainline/alpine-perl/20-envsubst-on-templates.sh +++ b/mainline/alpine-perl/20-envsubst-on-templates.sh @@ -14,9 +14,10 @@ auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/mainline/alpine-slim/20-envsubst-on-templates.sh b/mainline/alpine-slim/20-envsubst-on-templates.sh index 8ca5b7e6..fc61cdeb 100755 --- a/mainline/alpine-slim/20-envsubst-on-templates.sh +++ b/mainline/alpine-slim/20-envsubst-on-templates.sh @@ -14,9 +14,10 @@ auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/mainline/alpine/20-envsubst-on-templates.sh b/mainline/alpine/20-envsubst-on-templates.sh index 8ca5b7e6..fc61cdeb 100755 --- a/mainline/alpine/20-envsubst-on-templates.sh +++ b/mainline/alpine/20-envsubst-on-templates.sh @@ -14,9 +14,10 @@ auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/mainline/debian-perl/20-envsubst-on-templates.sh b/mainline/debian-perl/20-envsubst-on-templates.sh index 8ca5b7e6..fc61cdeb 100755 --- a/mainline/debian-perl/20-envsubst-on-templates.sh +++ b/mainline/debian-perl/20-envsubst-on-templates.sh @@ -14,9 +14,10 @@ auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/mainline/debian/20-envsubst-on-templates.sh b/mainline/debian/20-envsubst-on-templates.sh index 8ca5b7e6..fc61cdeb 100755 --- a/mainline/debian/20-envsubst-on-templates.sh +++ b/mainline/debian/20-envsubst-on-templates.sh @@ -14,9 +14,10 @@ auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/stable/alpine-perl/20-envsubst-on-templates.sh b/stable/alpine-perl/20-envsubst-on-templates.sh index 8ca5b7e6..fc61cdeb 100755 --- a/stable/alpine-perl/20-envsubst-on-templates.sh +++ b/stable/alpine-perl/20-envsubst-on-templates.sh @@ -14,9 +14,10 @@ auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/stable/alpine-slim/20-envsubst-on-templates.sh b/stable/alpine-slim/20-envsubst-on-templates.sh index 8ca5b7e6..fc61cdeb 100755 --- a/stable/alpine-slim/20-envsubst-on-templates.sh +++ b/stable/alpine-slim/20-envsubst-on-templates.sh @@ -14,9 +14,10 @@ auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/stable/alpine/20-envsubst-on-templates.sh b/stable/alpine/20-envsubst-on-templates.sh index 8ca5b7e6..fc61cdeb 100755 --- a/stable/alpine/20-envsubst-on-templates.sh +++ b/stable/alpine/20-envsubst-on-templates.sh @@ -14,9 +14,10 @@ auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/stable/debian-perl/20-envsubst-on-templates.sh b/stable/debian-perl/20-envsubst-on-templates.sh index 8ca5b7e6..fc61cdeb 100755 --- a/stable/debian-perl/20-envsubst-on-templates.sh +++ b/stable/debian-perl/20-envsubst-on-templates.sh @@ -14,9 +14,10 @@ auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/stable/debian/20-envsubst-on-templates.sh b/stable/debian/20-envsubst-on-templates.sh index 8ca5b7e6..fc61cdeb 100755 --- a/stable/debian/20-envsubst-on-templates.sh +++ b/stable/debian/20-envsubst-on-templates.sh @@ -14,9 +14,10 @@ auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" From cc7ca22aee900542c05594d7a2b18623d84c7d12 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 27 Sep 2022 14:59:48 +0400 Subject: [PATCH 021/160] docker-entrypoint.sh: Use a portable source command. --- entrypoint/docker-entrypoint.sh | 2 +- mainline/alpine-perl/docker-entrypoint.sh | 2 +- mainline/alpine-slim/docker-entrypoint.sh | 2 +- mainline/alpine/docker-entrypoint.sh | 2 +- mainline/debian-perl/docker-entrypoint.sh | 2 +- mainline/debian/docker-entrypoint.sh | 2 +- stable/alpine-perl/docker-entrypoint.sh | 2 +- stable/alpine-slim/docker-entrypoint.sh | 2 +- stable/alpine/docker-entrypoint.sh | 2 +- stable/debian-perl/docker-entrypoint.sh | 2 +- stable/debian/docker-entrypoint.sh | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/entrypoint/docker-entrypoint.sh b/entrypoint/docker-entrypoint.sh index 34fef79b..e201fe60 100755 --- a/entrypoint/docker-entrypoint.sh +++ b/entrypoint/docker-entrypoint.sh @@ -19,7 +19,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then *.envsh) if [ -x "$f" ]; then entrypoint_log "$0: Sourcing $f"; - source "$f" + . "$f" else # warn on shell scripts without exec bit entrypoint_log "$0: Ignoring $f, not executable"; diff --git a/mainline/alpine-perl/docker-entrypoint.sh b/mainline/alpine-perl/docker-entrypoint.sh index 34fef79b..e201fe60 100755 --- a/mainline/alpine-perl/docker-entrypoint.sh +++ b/mainline/alpine-perl/docker-entrypoint.sh @@ -19,7 +19,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then *.envsh) if [ -x "$f" ]; then entrypoint_log "$0: Sourcing $f"; - source "$f" + . "$f" else # warn on shell scripts without exec bit entrypoint_log "$0: Ignoring $f, not executable"; diff --git a/mainline/alpine-slim/docker-entrypoint.sh b/mainline/alpine-slim/docker-entrypoint.sh index 34fef79b..e201fe60 100755 --- a/mainline/alpine-slim/docker-entrypoint.sh +++ b/mainline/alpine-slim/docker-entrypoint.sh @@ -19,7 +19,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then *.envsh) if [ -x "$f" ]; then entrypoint_log "$0: Sourcing $f"; - source "$f" + . "$f" else # warn on shell scripts without exec bit entrypoint_log "$0: Ignoring $f, not executable"; diff --git a/mainline/alpine/docker-entrypoint.sh b/mainline/alpine/docker-entrypoint.sh index 34fef79b..e201fe60 100755 --- a/mainline/alpine/docker-entrypoint.sh +++ b/mainline/alpine/docker-entrypoint.sh @@ -19,7 +19,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then *.envsh) if [ -x "$f" ]; then entrypoint_log "$0: Sourcing $f"; - source "$f" + . "$f" else # warn on shell scripts without exec bit entrypoint_log "$0: Ignoring $f, not executable"; diff --git a/mainline/debian-perl/docker-entrypoint.sh b/mainline/debian-perl/docker-entrypoint.sh index 34fef79b..e201fe60 100755 --- a/mainline/debian-perl/docker-entrypoint.sh +++ b/mainline/debian-perl/docker-entrypoint.sh @@ -19,7 +19,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then *.envsh) if [ -x "$f" ]; then entrypoint_log "$0: Sourcing $f"; - source "$f" + . "$f" else # warn on shell scripts without exec bit entrypoint_log "$0: Ignoring $f, not executable"; diff --git a/mainline/debian/docker-entrypoint.sh b/mainline/debian/docker-entrypoint.sh index 34fef79b..e201fe60 100755 --- a/mainline/debian/docker-entrypoint.sh +++ b/mainline/debian/docker-entrypoint.sh @@ -19,7 +19,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then *.envsh) if [ -x "$f" ]; then entrypoint_log "$0: Sourcing $f"; - source "$f" + . "$f" else # warn on shell scripts without exec bit entrypoint_log "$0: Ignoring $f, not executable"; diff --git a/stable/alpine-perl/docker-entrypoint.sh b/stable/alpine-perl/docker-entrypoint.sh index 34fef79b..e201fe60 100755 --- a/stable/alpine-perl/docker-entrypoint.sh +++ b/stable/alpine-perl/docker-entrypoint.sh @@ -19,7 +19,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then *.envsh) if [ -x "$f" ]; then entrypoint_log "$0: Sourcing $f"; - source "$f" + . "$f" else # warn on shell scripts without exec bit entrypoint_log "$0: Ignoring $f, not executable"; diff --git a/stable/alpine-slim/docker-entrypoint.sh b/stable/alpine-slim/docker-entrypoint.sh index 34fef79b..e201fe60 100755 --- a/stable/alpine-slim/docker-entrypoint.sh +++ b/stable/alpine-slim/docker-entrypoint.sh @@ -19,7 +19,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then *.envsh) if [ -x "$f" ]; then entrypoint_log "$0: Sourcing $f"; - source "$f" + . "$f" else # warn on shell scripts without exec bit entrypoint_log "$0: Ignoring $f, not executable"; diff --git a/stable/alpine/docker-entrypoint.sh b/stable/alpine/docker-entrypoint.sh index 34fef79b..e201fe60 100755 --- a/stable/alpine/docker-entrypoint.sh +++ b/stable/alpine/docker-entrypoint.sh @@ -19,7 +19,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then *.envsh) if [ -x "$f" ]; then entrypoint_log "$0: Sourcing $f"; - source "$f" + . "$f" else # warn on shell scripts without exec bit entrypoint_log "$0: Ignoring $f, not executable"; diff --git a/stable/debian-perl/docker-entrypoint.sh b/stable/debian-perl/docker-entrypoint.sh index 34fef79b..e201fe60 100755 --- a/stable/debian-perl/docker-entrypoint.sh +++ b/stable/debian-perl/docker-entrypoint.sh @@ -19,7 +19,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then *.envsh) if [ -x "$f" ]; then entrypoint_log "$0: Sourcing $f"; - source "$f" + . "$f" else # warn on shell scripts without exec bit entrypoint_log "$0: Ignoring $f, not executable"; diff --git a/stable/debian/docker-entrypoint.sh b/stable/debian/docker-entrypoint.sh index 34fef79b..e201fe60 100755 --- a/stable/debian/docker-entrypoint.sh +++ b/stable/debian/docker-entrypoint.sh @@ -19,7 +19,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then *.envsh) if [ -x "$f" ]; then entrypoint_log "$0: Sourcing $f"; - source "$f" + . "$f" else # warn on shell scripts without exec bit entrypoint_log "$0: Ignoring $f, not executable"; From 7e0541f37699661c286ba68a67a5cee4a0ea05a9 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 28 Sep 2022 12:01:33 +0400 Subject: [PATCH 022/160] 20-envsubst-on-templates.sh: use awk to get environment. The solution with xargs reading from /proc/self/environ is too expensive, especially when there is a lot of environment variables to be checked. See https://github.com/nginxinc/docker-nginx-unprivileged/issues/107 for more details. --- entrypoint/20-envsubst-on-templates.sh | 2 +- mainline/alpine-perl/20-envsubst-on-templates.sh | 2 +- mainline/alpine-slim/20-envsubst-on-templates.sh | 2 +- mainline/alpine/20-envsubst-on-templates.sh | 2 +- mainline/debian-perl/20-envsubst-on-templates.sh | 2 +- mainline/debian/20-envsubst-on-templates.sh | 2 +- stable/alpine-perl/20-envsubst-on-templates.sh | 2 +- stable/alpine-slim/20-envsubst-on-templates.sh | 2 +- stable/alpine/20-envsubst-on-templates.sh | 2 +- stable/debian-perl/20-envsubst-on-templates.sh | 2 +- stable/debian/20-envsubst-on-templates.sh | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/entrypoint/20-envsubst-on-templates.sh b/entrypoint/20-envsubst-on-templates.sh index fc61cdeb..d0398b1e 100755 --- a/entrypoint/20-envsubst-on-templates.sh +++ b/entrypoint/20-envsubst-on-templates.sh @@ -17,7 +17,7 @@ auto_envsubst() { local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); + defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/mainline/alpine-perl/20-envsubst-on-templates.sh b/mainline/alpine-perl/20-envsubst-on-templates.sh index fc61cdeb..d0398b1e 100755 --- a/mainline/alpine-perl/20-envsubst-on-templates.sh +++ b/mainline/alpine-perl/20-envsubst-on-templates.sh @@ -17,7 +17,7 @@ auto_envsubst() { local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); + defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/mainline/alpine-slim/20-envsubst-on-templates.sh b/mainline/alpine-slim/20-envsubst-on-templates.sh index fc61cdeb..d0398b1e 100755 --- a/mainline/alpine-slim/20-envsubst-on-templates.sh +++ b/mainline/alpine-slim/20-envsubst-on-templates.sh @@ -17,7 +17,7 @@ auto_envsubst() { local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); + defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/mainline/alpine/20-envsubst-on-templates.sh b/mainline/alpine/20-envsubst-on-templates.sh index fc61cdeb..d0398b1e 100755 --- a/mainline/alpine/20-envsubst-on-templates.sh +++ b/mainline/alpine/20-envsubst-on-templates.sh @@ -17,7 +17,7 @@ auto_envsubst() { local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); + defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/mainline/debian-perl/20-envsubst-on-templates.sh b/mainline/debian-perl/20-envsubst-on-templates.sh index fc61cdeb..d0398b1e 100755 --- a/mainline/debian-perl/20-envsubst-on-templates.sh +++ b/mainline/debian-perl/20-envsubst-on-templates.sh @@ -17,7 +17,7 @@ auto_envsubst() { local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); + defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/mainline/debian/20-envsubst-on-templates.sh b/mainline/debian/20-envsubst-on-templates.sh index fc61cdeb..d0398b1e 100755 --- a/mainline/debian/20-envsubst-on-templates.sh +++ b/mainline/debian/20-envsubst-on-templates.sh @@ -17,7 +17,7 @@ auto_envsubst() { local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); + defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/stable/alpine-perl/20-envsubst-on-templates.sh b/stable/alpine-perl/20-envsubst-on-templates.sh index fc61cdeb..d0398b1e 100755 --- a/stable/alpine-perl/20-envsubst-on-templates.sh +++ b/stable/alpine-perl/20-envsubst-on-templates.sh @@ -17,7 +17,7 @@ auto_envsubst() { local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); + defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/stable/alpine-slim/20-envsubst-on-templates.sh b/stable/alpine-slim/20-envsubst-on-templates.sh index fc61cdeb..d0398b1e 100755 --- a/stable/alpine-slim/20-envsubst-on-templates.sh +++ b/stable/alpine-slim/20-envsubst-on-templates.sh @@ -17,7 +17,7 @@ auto_envsubst() { local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); + defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/stable/alpine/20-envsubst-on-templates.sh b/stable/alpine/20-envsubst-on-templates.sh index fc61cdeb..d0398b1e 100755 --- a/stable/alpine/20-envsubst-on-templates.sh +++ b/stable/alpine/20-envsubst-on-templates.sh @@ -17,7 +17,7 @@ auto_envsubst() { local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); + defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/stable/debian-perl/20-envsubst-on-templates.sh b/stable/debian-perl/20-envsubst-on-templates.sh index fc61cdeb..d0398b1e 100755 --- a/stable/debian-perl/20-envsubst-on-templates.sh +++ b/stable/debian-perl/20-envsubst-on-templates.sh @@ -17,7 +17,7 @@ auto_envsubst() { local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); + defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/stable/debian/20-envsubst-on-templates.sh b/stable/debian/20-envsubst-on-templates.sh index fc61cdeb..d0398b1e 100755 --- a/stable/debian/20-envsubst-on-templates.sh +++ b/stable/debian/20-envsubst-on-templates.sh @@ -17,7 +17,7 @@ auto_envsubst() { local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); + defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" From fef51235521d1cdf8b05d8cb1378a526d2abf421 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 19 Oct 2022 16:27:43 +0400 Subject: [PATCH 023/160] Updated NGINX to 1.22.1, 1.23.2, NJS to 0.7.7. --- mainline/alpine-perl/Dockerfile | 6 +++--- mainline/alpine-slim/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 4 ++-- stable/alpine-perl/Dockerfile | 14 +++++++------- stable/alpine-slim/Dockerfile | 12 ++++++------ stable/alpine/Dockerfile | 14 +++++++------- stable/debian-perl/Dockerfile | 4 ++-- stable/debian/Dockerfile | 4 ++-- update.sh | 14 +++++++------- 11 files changed, 43 insertions(+), 43 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index a67df4f7..0308d51d 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.1 -ENV NJS_VERSION 0.7.6 +ENV NGINX_VERSION 1.23.2 +ENV NJS_VERSION 0.7.7 ENV PKG_RELEASE 1 RUN set -x \ @@ -68,7 +68,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"513952f1e0432e667a8e3afef791a2daa036911f35573c849712747f10418f3f5b8712faf75fcb87f91bfaf593622b1e1c4f38ad9fef830f4cae141357206ecd *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"98d244d5dea3f0c49692843b1857e21dc7353e749f9ff8a526036a3beeea299e156183b6a98070ffc68a23d191e1f24c577d7ea874f8cc27ce01f4dc832658b6 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index b5cfded6..737f738a 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.1 +ENV NGINX_VERSION 1.23.2 ENV PKG_RELEASE 1 RUN set -x \ @@ -57,7 +57,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"513952f1e0432e667a8e3afef791a2daa036911f35573c849712747f10418f3f5b8712faf75fcb87f91bfaf593622b1e1c4f38ad9fef830f4cae141357206ecd *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"98d244d5dea3f0c49692843b1857e21dc7353e749f9ff8a526036a3beeea299e156183b6a98070ffc68a23d191e1f24c577d7ea874f8cc27ce01f4dc832658b6 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index d8a995bd..7aebcf88 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.1 -ENV NJS_VERSION 0.7.6 +ENV NGINX_VERSION 1.23.2 +ENV NJS_VERSION 0.7.7 ENV PKG_RELEASE 1 RUN set -x \ @@ -67,7 +67,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"513952f1e0432e667a8e3afef791a2daa036911f35573c849712747f10418f3f5b8712faf75fcb87f91bfaf593622b1e1c4f38ad9fef830f4cae141357206ecd *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"98d244d5dea3f0c49692843b1857e21dc7353e749f9ff8a526036a3beeea299e156183b6a98070ffc68a23d191e1f24c577d7ea874f8cc27ce01f4dc832658b6 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index a0a4c590..913ee5fe 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.1 -ENV NJS_VERSION 0.7.6 +ENV NGINX_VERSION 1.23.2 +ENV NJS_VERSION 0.7.7 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index dd378e7e..cd819d0d 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.1 -ENV NJS_VERSION 0.7.6 +ENV NGINX_VERSION 1.23.2 +ENV NJS_VERSION 0.7.7 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 50cac385..52ac64c9 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.22.0 -ENV NJS_VERSION 0.7.6 +ENV NGINX_VERSION 1.22.1 +ENV NJS_VERSION 0.7.7 ENV PKG_RELEASE 1 RUN set -x \ @@ -67,16 +67,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/725.tar.gz \ - && PKGOSSCHECKSUM=\"a6c56bb7e98be77337affe349e1316a71ddad7a732dc3b34294a794b3e740d68385022f0de72d08c090156f194580a92dcb8b5e2aa1c9c29b5a8484a6431e9b3 *725.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 725.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"7266f418dcc9d89a2990f504d99ec58d10febbaf078c03630d42843955cee7e50b0f90fb317360384a32473839dc42d8b329b737015ec8dd0d028f90d4d5ed25 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 725.tar.gz \ - && cd pkg-oss-725 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 8f548539..3244126b 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.22.0 +ENV NGINX_VERSION 1.22.1 ENV PKG_RELEASE 1 RUN set -x \ @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/725.tar.gz \ - && PKGOSSCHECKSUM=\"a6c56bb7e98be77337affe349e1316a71ddad7a732dc3b34294a794b3e740d68385022f0de72d08c090156f194580a92dcb8b5e2aa1c9c29b5a8484a6431e9b3 *725.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 725.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"7266f418dcc9d89a2990f504d99ec58d10febbaf078c03630d42843955cee7e50b0f90fb317360384a32473839dc42d8b329b737015ec8dd0d028f90d4d5ed25 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 725.tar.gz \ - && cd pkg-oss-725 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 4bec54dc..2e27da18 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.22.0 -ENV NJS_VERSION 0.7.6 +ENV NGINX_VERSION 1.22.1 +ENV NJS_VERSION 0.7.7 ENV PKG_RELEASE 1 RUN set -x \ @@ -66,16 +66,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/725.tar.gz \ - && PKGOSSCHECKSUM=\"a6c56bb7e98be77337affe349e1316a71ddad7a732dc3b34294a794b3e740d68385022f0de72d08c090156f194580a92dcb8b5e2aa1c9c29b5a8484a6431e9b3 *725.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 725.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"7266f418dcc9d89a2990f504d99ec58d10febbaf078c03630d42843955cee7e50b0f90fb317360384a32473839dc42d8b329b737015ec8dd0d028f90d4d5ed25 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 725.tar.gz \ - && cd pkg-oss-725 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index fac18e55..c72c9283 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.22.0 -ENV NJS_VERSION 0.7.6 +ENV NGINX_VERSION 1.22.1 +ENV NJS_VERSION 0.7.7 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 48258bac..da4872d3 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.22.0 -ENV NJS_VERSION 0.7.6 +ENV NGINX_VERSION 1.22.1 +ENV NJS_VERSION 0.7.7 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/update.sh b/update.sh index ddb783eb..7cad3896 100755 --- a/update.sh +++ b/update.sh @@ -12,14 +12,14 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.23.1' - [stable]='1.22.0' + [mainline]='1.23.2' + [stable]='1.22.1' ) # Current njs versions declare -A njs=( - [mainline]='0.7.6' - [stable]='0.7.6' + [mainline]='0.7.7' + [stable]='0.7.7' ) # Current package patchlevel version @@ -45,15 +45,15 @@ declare -A alpine=( # Remember to update pkgosschecksum when changing this. declare -A rev=( [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' - [stable]='725' + [stable]='${NGINX_VERSION}-${PKG_RELEASE}' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='513952f1e0432e667a8e3afef791a2daa036911f35573c849712747f10418f3f5b8712faf75fcb87f91bfaf593622b1e1c4f38ad9fef830f4cae141357206ecd' - [stable]='a6c56bb7e98be77337affe349e1316a71ddad7a732dc3b34294a794b3e740d68385022f0de72d08c090156f194580a92dcb8b5e2aa1c9c29b5a8484a6431e9b3' + [mainline]='98d244d5dea3f0c49692843b1857e21dc7353e749f9ff8a526036a3beeea299e156183b6a98070ffc68a23d191e1f24c577d7ea874f8cc27ce01f4dc832658b6' + [stable]='7266f418dcc9d89a2990f504d99ec58d10febbaf078c03630d42843955cee7e50b0f90fb317360384a32473839dc42d8b329b737015ec8dd0d028f90d4d5ed25' ) get_packages() { From 2f944f859fd98b1f8ac3d7903beb93c60439ac42 Mon Sep 17 00:00:00 2001 From: Jesper Noordsij Date: Wed, 23 Nov 2022 11:42:51 +0100 Subject: [PATCH 024/160] Update mainline to Alpine 3.17 --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine-slim/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- update.sh | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 0308d51d..7564b462 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.16 +FROM alpine:3.17 LABEL maintainer="NGINX Docker Maintainers " diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 737f738a..315f55f3 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.16 +FROM alpine:3.17 LABEL maintainer="NGINX Docker Maintainers " diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 7aebcf88..b81c2e29 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.16 +FROM alpine:3.17 LABEL maintainer="NGINX Docker Maintainers " diff --git a/update.sh b/update.sh index 7cad3896..d76dc8c4 100755 --- a/update.sh +++ b/update.sh @@ -35,7 +35,7 @@ declare -A debian=( ) declare -A alpine=( - [mainline]='3.16' + [mainline]='3.17' [stable]='3.16' ) From 456bf337ceb922a207651aa7c6077a316c3e368c Mon Sep 17 00:00:00 2001 From: Jesper Noordsij Date: Wed, 23 Nov 2022 13:05:47 +0100 Subject: [PATCH 025/160] Update stable to Alpine 3.17 --- stable/alpine-perl/Dockerfile | 2 +- stable/alpine-slim/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- update.sh | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 52ac64c9..b7118ba7 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.16 +FROM alpine:3.17 LABEL maintainer="NGINX Docker Maintainers " diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 3244126b..e90b9598 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.16 +FROM alpine:3.17 LABEL maintainer="NGINX Docker Maintainers " diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 2e27da18..86520fef 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.16 +FROM alpine:3.17 LABEL maintainer="NGINX Docker Maintainers " diff --git a/update.sh b/update.sh index d76dc8c4..3d5dfbc1 100755 --- a/update.sh +++ b/update.sh @@ -36,7 +36,7 @@ declare -A debian=( declare -A alpine=( [mainline]='3.17' - [stable]='3.16' + [stable]='3.17' ) # When we bump njs version in a stable release we don't move the tag in the From b87bbb86650368c31152bec7cf5f0207d7f3ce9b Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 4 Nov 2022 18:01:28 +0400 Subject: [PATCH 026/160] Based alpine and alpine-perl variants off slim one. --- Dockerfile-alpine.template | 48 ++------------------------------------ update.sh | 10 ++++++-- 2 files changed, 10 insertions(+), 48 deletions(-) diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 909323d8..e81503d7 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -1,15 +1,8 @@ -FROM alpine:%%ALPINE_VERSION%% +FROM nginx:%%NGINX_VERSION%%-alpine-slim -LABEL maintainer="NGINX Docker Maintainers " - -ENV NGINX_VERSION %%NGINX_VERSION%% ENV NJS_VERSION %%NJS_VERSION%% -ENV PKG_RELEASE %%PKG_RELEASE%% RUN set -x \ -# create nginx user/group first, to be consistent throughout docker variants - && addgroup -g 101 -S nginx \ - && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages="%%PACKAGES%% " \ @@ -82,42 +75,5 @@ RUN set -x \ && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ -# Bring in gettext so we can get `envsubst`, then throw -# the rest away. To do this, we need to install `gettext` -# then move `envsubst` out of the way so `gettext` can -# be deleted completely, then move `envsubst` back. - && apk add --no-cache --virtual .gettext gettext \ - && mv /usr/bin/envsubst /tmp/ \ - \ - && runDeps="$( \ - scanelf --needed --nobanner /tmp/envsubst \ - | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ - | sort -u \ - | xargs -r apk info --installed \ - | sort -u \ - )" \ - && apk add --no-cache $runDeps \ - && apk del .gettext \ - && mv /tmp/envsubst /usr/local/bin/ \ -# Bring in tzdata so users could set the timezones through the environment -# variables - && apk add --no-cache tzdata \ # Bring in curl and ca-certificates to make registering on DNS SD easier - && apk add --no-cache curl ca-certificates \ -# forward request and error logs to docker log collector - && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log \ -# create a docker-entrypoint.d directory - && mkdir /docker-entrypoint.d - -COPY docker-entrypoint.sh / -COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d -COPY 20-envsubst-on-templates.sh /docker-entrypoint.d -COPY 30-tune-worker-processes.sh /docker-entrypoint.d -ENTRYPOINT ["/docker-entrypoint.sh"] - -EXPOSE 80 - -STOPSIGNAL SIGQUIT - -CMD ["nginx", "-g", "daemon off;"] + && apk add --no-cache curl ca-certificates diff --git a/update.sh b/update.sh index 3d5dfbc1..c25de8ac 100755 --- a/update.sh +++ b/update.sh @@ -137,7 +137,7 @@ for branch in "${branches[@]}"; do for variant in \ alpine{,-perl,-slim} \ debian{,-perl}; do - echo "$branch: $variant" + echo "$branch: $variant dockerfiles" dir="$branch/$variant" variant="$(basename "$variant")" @@ -172,7 +172,13 @@ for branch in "${branches[@]}"; do -e 's,%%PKGOSSCHECKSUM%%,'"$pkgosschecksumver"',' \ "$dir/Dockerfile" - cp -a entrypoint/*.sh "$dir/" + done + for variant in \ + alpine-slim \ + debian{,-perl}; do \ + echo "$branch: $variant entrypoint scripts" + dir="$branch/$variant" + cp -a entrypoint/*.sh "$dir/" done done From 436c6e35a71d108669a43f0d2ee43c409cb62cf8 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 4 Nov 2022 19:15:25 +0400 Subject: [PATCH 027/160] Based perl variants off default ones. --- Dockerfile-alpine-perl.template | 71 ++++++++++++++++++++++++++++++ Dockerfile-alpine-slim.template | 2 +- Dockerfile-alpine.template | 3 +- Dockerfile-debian-perl.template | 78 +++++++++++++++++++++++++++++++++ Dockerfile-debian.template | 4 +- update.sh | 27 +++++++++++- 6 files changed, 178 insertions(+), 7 deletions(-) create mode 100644 Dockerfile-alpine-perl.template create mode 100644 Dockerfile-debian-perl.template diff --git a/Dockerfile-alpine-perl.template b/Dockerfile-alpine-perl.template new file mode 100644 index 00000000..f3a3c85f --- /dev/null +++ b/Dockerfile-alpine-perl.template @@ -0,0 +1,71 @@ +FROM nginx:%%NGINX_VERSION%%-alpine + +RUN set -x \ + && apkArch="$(cat /etc/apk/arch)" \ + && nginxPackages="%%PACKAGES%% + " \ +# install prerequisites for public key and pkg-oss checks + && apk add --no-cache --virtual .checksum-deps \ + openssl \ + && case "$apkArch" in \ + x86_64|aarch64) \ +# arches officially built by upstream + set -x \ + && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ + && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + echo "key verification succeeded!"; \ + mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ + else \ + echo "key verification failed!"; \ + exit 1; \ + fi \ + && apk add -X "%%PACKAGEREPO%%v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published packaging sources + set -x \ + && tempDir="$(mktemp -d)" \ + && chown nobody:nobody $tempDir \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre2-dev \ + zlib-dev \ + linux-headers \ + perl-dev \ + bash \ + alpine-sdk \ + findutils \ + && su nobody -s /bin/sh -c " \ + export HOME=${tempDir} \ + && cd ${tempDir} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/%%REVISION%%.tar.gz \ + && PKGOSSCHECKSUM=\"%%PKGOSSCHECKSUM%% *%%REVISION%%.tar.gz\" \ + && if [ \"\$(openssl sha512 -r %%REVISION%%.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + echo \"pkg-oss tarball checksum verification succeeded!\"; \ + else \ + echo \"pkg-oss tarball checksum verification failed!\"; \ + exit 1; \ + fi \ + && tar xzvf %%REVISION%%.tar.gz \ + && cd pkg-oss-%%REVISION%% \ + && cd alpine \ + && make %%BUILDTARGET%% \ + && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ + " \ + && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ + && apk del .build-deps \ + && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ + ;; \ + esac \ +# remove checksum deps + && apk del .checksum-deps \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template index b394d05e..5a60ba84 100644 --- a/Dockerfile-alpine-slim.template +++ b/Dockerfile-alpine-slim.template @@ -61,7 +61,7 @@ RUN set -x \ && tar xzvf %%REVISION%%.tar.gz \ && cd pkg-oss-%%REVISION%% \ && cd alpine \ - && make base \ + && make %%BUILDTARGET%% \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index e81503d7..82f0f56c 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -41,7 +41,6 @@ RUN set -x \ libxslt-dev \ gd-dev \ geoip-dev \ - perl-dev \ libedit-dev \ bash \ alpine-sdk \ @@ -60,7 +59,7 @@ RUN set -x \ && tar xzvf %%REVISION%%.tar.gz \ && cd pkg-oss-%%REVISION%% \ && cd alpine \ - && make all \ + && make %%BUILDTARGET%% \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ diff --git a/Dockerfile-debian-perl.template b/Dockerfile-debian-perl.template new file mode 100644 index 00000000..39e3b989 --- /dev/null +++ b/Dockerfile-debian-perl.template @@ -0,0 +1,78 @@ +FROM nginx:%%NGINX_VERSION%% + +RUN set -x \ + && apt-get update \ + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ + && \ + NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + found=''; \ + for server in \ + hkp://keyserver.ubuntu.com:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ + apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ + && dpkgArch="$(dpkg --print-architecture)" \ + && nginxPackages="%%PACKAGES%% + " \ + && case "$dpkgArch" in \ + amd64|arm64) \ +# arches officialy built by upstream + echo "deb %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ + && apt-get update \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published source packages + echo "deb-src %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ + \ +# new directory for storing sources and .deb files + && tempDir="$(mktemp -d)" \ + && chmod 777 "$tempDir" \ +# (777 to ensure APT's "_apt" user can access it too) + \ +# save list of currently-installed packages so build dependencies can be cleanly removed later + && savedAptMark="$(apt-mark showmanual)" \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + && apt-get update \ + && apt-get build-dep -y %%BUILDTARGET%% \ + && ( \ + cd "$tempDir" \ + && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile %%BUILDTARGET%% \ + ) \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + && apt-mark showmanual | xargs apt-mark auto > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + && ls -lAFh "$tempDir" \ + && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ + && grep '^Package: ' "$tempDir/Packages" \ + && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + && apt-get -o Acquire::GzipIndexes=false update \ + ;; \ + esac \ + \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + $nginxPackages \ + gettext-base \ + curl \ + && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then \ + apt-get purge -y --auto-remove \ + && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 8c7bf16f..eaffeabe 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -48,11 +48,11 @@ RUN set -x \ \ # build .deb files from upstream's source packages (which are verified by apt-get) && apt-get update \ - && apt-get build-dep -y $nginxPackages \ + && apt-get build-dep -y %%BUILDTARGET%% \ && ( \ cd "$tempDir" \ && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile $nginxPackages \ + apt-get source --compile %%BUILDTARGET%% \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ diff --git a/update.sh b/update.sh index c25de8ac..5b245169 100755 --- a/update.sh +++ b/update.sh @@ -123,6 +123,27 @@ get_packagever() { echo ${pkg[$branch]}${suffix} } +get_buildtarget() { + local distro="$1" + case "$distro" in + alpine-slim) + echo base + ;; + alpine-perl) + echo module-perl + ;; + alpine) + echo module-geoip module-image-filter module-njs module-xslt + ;; + debian) + echo "\$nginxPackages" + ;; + debian-perl) + echo "nginx-module-perl=\${NGINX_VERSION}-\${PKG_RELEASE}" + ;; + esac +} + generated_warning() { cat <<__EOF__ # @@ -143,7 +164,7 @@ for branch in "${branches[@]}"; do [ -d "$dir" ] || continue - template="Dockerfile-${variant%-perl}.template" + template="Dockerfile-${variant}.template" { generated_warning cat "$template" @@ -159,6 +180,7 @@ for branch in "${branches[@]}"; do packagerepo=$(get_packagerepo "$variant" "$branch") packages=$(get_packages "$variant" "$branch") packagever=$(get_packagever "$variant" "$branch") + buildtarget=$(get_buildtarget "$variant") sed -i.bak \ -e 's,%%ALPINE_VERSION%%,'"$alpinever"',' \ @@ -170,13 +192,14 @@ for branch in "${branches[@]}"; do -e 's,%%PACKAGEREPO%%,'"$packagerepo"',' \ -e 's,%%REVISION%%,'"$revver"',' \ -e 's,%%PKGOSSCHECKSUM%%,'"$pkgosschecksumver"',' \ + -e 's,%%BUILDTARGET%%,'"$buildtarget"',' \ "$dir/Dockerfile" done for variant in \ alpine-slim \ - debian{,-perl}; do \ + debian; do \ echo "$branch: $variant entrypoint scripts" dir="$branch/$variant" cp -a entrypoint/*.sh "$dir/" From 914af51cd9d1bb37deb6e49ee5070280d9f3f103 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 4 Nov 2022 19:22:04 +0400 Subject: [PATCH 028/160] Regenerated after last commits. --- .../10-listen-on-ipv6-by-default.sh | 67 ------- .../alpine-perl/20-envsubst-on-templates.sh | 39 ---- .../alpine-perl/30-tune-worker-processes.sh | 188 ------------------ mainline/alpine-perl/Dockerfile | 58 +----- mainline/alpine-perl/docker-entrypoint.sh | 47 ----- .../alpine/10-listen-on-ipv6-by-default.sh | 67 ------- mainline/alpine/20-envsubst-on-templates.sh | 39 ---- mainline/alpine/30-tune-worker-processes.sh | 188 ------------------ mainline/alpine/Dockerfile | 51 +---- mainline/alpine/docker-entrypoint.sh | 47 ----- .../10-listen-on-ipv6-by-default.sh | 67 ------- .../debian-perl/20-envsubst-on-templates.sh | 39 ---- .../debian-perl/30-tune-worker-processes.sh | 188 ------------------ mainline/debian-perl/Dockerfile | 34 +--- mainline/debian-perl/docker-entrypoint.sh | 47 ----- .../10-listen-on-ipv6-by-default.sh | 67 ------- .../alpine-perl/20-envsubst-on-templates.sh | 39 ---- .../alpine-perl/30-tune-worker-processes.sh | 188 ------------------ stable/alpine-perl/Dockerfile | 58 +----- stable/alpine-perl/docker-entrypoint.sh | 47 ----- stable/alpine/10-listen-on-ipv6-by-default.sh | 67 ------- stable/alpine/20-envsubst-on-templates.sh | 39 ---- stable/alpine/30-tune-worker-processes.sh | 188 ------------------ stable/alpine/Dockerfile | 51 +---- stable/alpine/docker-entrypoint.sh | 47 ----- .../10-listen-on-ipv6-by-default.sh | 67 ------- .../debian-perl/20-envsubst-on-templates.sh | 39 ---- .../debian-perl/30-tune-worker-processes.sh | 188 ------------------ stable/debian-perl/Dockerfile | 34 +--- stable/debian-perl/docker-entrypoint.sh | 47 ----- 30 files changed, 20 insertions(+), 2312 deletions(-) delete mode 100755 mainline/alpine-perl/10-listen-on-ipv6-by-default.sh delete mode 100755 mainline/alpine-perl/20-envsubst-on-templates.sh delete mode 100755 mainline/alpine-perl/30-tune-worker-processes.sh delete mode 100755 mainline/alpine-perl/docker-entrypoint.sh delete mode 100755 mainline/alpine/10-listen-on-ipv6-by-default.sh delete mode 100755 mainline/alpine/20-envsubst-on-templates.sh delete mode 100755 mainline/alpine/30-tune-worker-processes.sh delete mode 100755 mainline/alpine/docker-entrypoint.sh delete mode 100755 mainline/debian-perl/10-listen-on-ipv6-by-default.sh delete mode 100755 mainline/debian-perl/20-envsubst-on-templates.sh delete mode 100755 mainline/debian-perl/30-tune-worker-processes.sh delete mode 100755 mainline/debian-perl/docker-entrypoint.sh delete mode 100755 stable/alpine-perl/10-listen-on-ipv6-by-default.sh delete mode 100755 stable/alpine-perl/20-envsubst-on-templates.sh delete mode 100755 stable/alpine-perl/30-tune-worker-processes.sh delete mode 100755 stable/alpine-perl/docker-entrypoint.sh delete mode 100755 stable/alpine/10-listen-on-ipv6-by-default.sh delete mode 100755 stable/alpine/20-envsubst-on-templates.sh delete mode 100755 stable/alpine/30-tune-worker-processes.sh delete mode 100755 stable/alpine/docker-entrypoint.sh delete mode 100755 stable/debian-perl/10-listen-on-ipv6-by-default.sh delete mode 100755 stable/debian-perl/20-envsubst-on-templates.sh delete mode 100755 stable/debian-perl/30-tune-worker-processes.sh delete mode 100755 stable/debian-perl/docker-entrypoint.sh diff --git a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh deleted file mode 100755 index b2655860..00000000 --- a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/sh -# vim:sw=4:ts=4:et - -set -e - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -ME=$(basename $0) -DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" - -# check if we have ipv6 available -if [ ! -f "/proc/net/if_inet6" ]; then - entrypoint_log "$ME: info: ipv6 not available" - exit 0 -fi - -if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" - exit 0 -fi - -# check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } - -# check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } - -if [ -f "/etc/os-release" ]; then - . /etc/os-release -else - entrypoint_log "$ME: info: can not guess the operating system" - exit 0 -fi - -entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" - -case "$ID" in - "debian") - CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - "alpine") - CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - *) - entrypoint_log "$ME: info: Unsupported distribution" - exit 0 - ;; -esac - -# enable ipv6 on default.conf listen sockets -sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE - -entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" - -exit 0 diff --git a/mainline/alpine-perl/20-envsubst-on-templates.sh b/mainline/alpine-perl/20-envsubst-on-templates.sh deleted file mode 100755 index d0398b1e..00000000 --- a/mainline/alpine-perl/20-envsubst-on-templates.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh - -set -e - -ME=$(basename $0) - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -auto_envsubst() { - local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" - local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" - local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" - local filter="${NGINX_ENVSUBST_FILTER:-}" - - local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) - [ -d "$template_dir" ] || return 0 - if [ ! -w "$output_dir" ]; then - entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" - return 0 - fi - find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$output_dir/${relative_path%$suffix}" - subdir=$(dirname "$relative_path") - # create a subdirectory where the template file exists - mkdir -p "$output_dir/$subdir" - entrypoint_log "$ME: Running envsubst on $template to $output_path" - envsubst "$defined_envs" < "$template" > "$output_path" - done -} - -auto_envsubst - -exit 0 diff --git a/mainline/alpine-perl/30-tune-worker-processes.sh b/mainline/alpine-perl/30-tune-worker-processes.sh deleted file mode 100755 index 9aa42e98..00000000 --- a/mainline/alpine-perl/30-tune-worker-processes.sh +++ /dev/null @@ -1,188 +0,0 @@ -#!/bin/sh -# vim:sw=2:ts=2:sts=2:et - -set -eu - -LC_ALL=C -ME=$( basename "$0" ) -PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - -[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 - -touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } - -ceildiv() { - num=$1 - div=$2 - echo $(( (num + div - 1) / div )) -} - -get_cpuset() { - cpusetroot=$1 - cpusetfile=$2 - ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return 1 - for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do - case "$token" in - *-*) - count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) - ncpu=$(( ncpu+count )) - ;; - *) - ncpu=$(( ncpu+1 )) - ;; - esac - done - echo "$ncpu" -} - -get_quota() { - cpuroot=$1 - ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 - [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 - cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) - cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" -} - -get_quota_v2() { - cpuroot=$1 - ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return 1 - cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) - cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" -} - -get_cgroup_v1_path() { - needle=$1 - found= - foundroot= - mountpoint= - - [ -r "/proc/self/mountinfo" ] || return 1 - [ -r "/proc/self/cgroup" ] || return 1 - - while IFS= read -r line; do - case "$needle" in - "cpuset") - case "$line" in - *cpuset*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac - ;; - "cpu") - case "$line" in - *cpuset*) - ;; - *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac - esac - done << __EOF__ -$( grep -F -- '- cgroup ' /proc/self/mountinfo ) -__EOF__ - - while IFS= read -r line; do - controller=$( echo "$line" | cut -d: -f 2 ) - case "$needle" in - "cpuset") - case "$controller" in - cpuset) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac - ;; - "cpu") - case "$controller" in - cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac - ;; - esac -done << __EOF__ -$( grep -F -- 'cpu' /proc/self/cgroup ) -__EOF__ - - case "${found%% *}" in - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint") - foundroot="${found##* }" - ;; - esac - echo "$foundroot" -} - -get_cgroup_v2_path() { - found= - foundroot= - mountpoint= - - [ -r "/proc/self/mountinfo" ] || return 1 - [ -r "/proc/self/cgroup" ] || return 1 - - while IFS= read -r line; do - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - done << __EOF__ -$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) -__EOF__ - - while IFS= read -r line; do - mountpoint=$( echo "$line" | cut -d: -f 3 ) -done << __EOF__ -$( grep -F -- '0::' /proc/self/cgroup ) -__EOF__ - - case "${found%% *}" in - "") - return 1 - ;; - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint" | /../*) - foundroot="${found##* }" - ;; - esac - echo "$foundroot" -} - -ncpu_online=$( getconf _NPROCESSORS_ONLN ) -ncpu_cpuset= -ncpu_quota= -ncpu_cpuset_v2= -ncpu_quota_v2= - -cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online -cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online - -ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ - "$ncpu_online" \ - "$ncpu_cpuset" \ - "$ncpu_quota" \ - "$ncpu_cpuset_v2" \ - "$ncpu_quota_v2" \ - | sort -n \ - | head -n 1 ) - -sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 7564b462..d0e13e4a 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,18 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.17 - -LABEL maintainer="NGINX Docker Maintainers " - -ENV NGINX_VERSION 1.23.2 -ENV NJS_VERSION 0.7.7 -ENV PKG_RELEASE 1 +FROM nginx:1.23.2-alpine RUN set -x \ -# create nginx user/group first, to be consistent throughout docker variants - && addgroup -g 101 -S nginx \ - && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ @@ -56,11 +47,7 @@ RUN set -x \ pcre2-dev \ zlib-dev \ linux-headers \ - libxslt-dev \ - gd-dev \ - geoip-dev \ perl-dev \ - libedit-dev \ bash \ alpine-sdk \ findutils \ @@ -78,7 +65,7 @@ RUN set -x \ && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ - && make all \ + && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ @@ -92,43 +79,4 @@ RUN set -x \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ -# Bring in gettext so we can get `envsubst`, then throw -# the rest away. To do this, we need to install `gettext` -# then move `envsubst` out of the way so `gettext` can -# be deleted completely, then move `envsubst` back. - && apk add --no-cache --virtual .gettext gettext \ - && mv /usr/bin/envsubst /tmp/ \ - \ - && runDeps="$( \ - scanelf --needed --nobanner /tmp/envsubst \ - | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ - | sort -u \ - | xargs -r apk info --installed \ - | sort -u \ - )" \ - && apk add --no-cache $runDeps \ - && apk del .gettext \ - && mv /tmp/envsubst /usr/local/bin/ \ -# Bring in tzdata so users could set the timezones through the environment -# variables - && apk add --no-cache tzdata \ -# Bring in curl and ca-certificates to make registering on DNS SD easier - && apk add --no-cache curl ca-certificates \ -# forward request and error logs to docker log collector - && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log \ -# create a docker-entrypoint.d directory - && mkdir /docker-entrypoint.d - -COPY docker-entrypoint.sh / -COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d -COPY 20-envsubst-on-templates.sh /docker-entrypoint.d -COPY 30-tune-worker-processes.sh /docker-entrypoint.d -ENTRYPOINT ["/docker-entrypoint.sh"] - -EXPOSE 80 - -STOPSIGNAL SIGQUIT - -CMD ["nginx", "-g", "daemon off;"] + && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi diff --git a/mainline/alpine-perl/docker-entrypoint.sh b/mainline/alpine-perl/docker-entrypoint.sh deleted file mode 100755 index e201fe60..00000000 --- a/mainline/alpine-perl/docker-entrypoint.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/sh -# vim:sw=4:ts=4:et - -set -e - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then - if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - - entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do - case "$f" in - *.envsh) - if [ -x "$f" ]; then - entrypoint_log "$0: Sourcing $f"; - . "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *.sh) - if [ -x "$f" ]; then - entrypoint_log "$0: Launching $f"; - "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *) entrypoint_log "$0: Ignoring $f";; - esac - done - - entrypoint_log "$0: Configuration complete; ready for start up" - else - entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" - fi -fi - -exec "$@" diff --git a/mainline/alpine/10-listen-on-ipv6-by-default.sh b/mainline/alpine/10-listen-on-ipv6-by-default.sh deleted file mode 100755 index b2655860..00000000 --- a/mainline/alpine/10-listen-on-ipv6-by-default.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/sh -# vim:sw=4:ts=4:et - -set -e - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -ME=$(basename $0) -DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" - -# check if we have ipv6 available -if [ ! -f "/proc/net/if_inet6" ]; then - entrypoint_log "$ME: info: ipv6 not available" - exit 0 -fi - -if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" - exit 0 -fi - -# check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } - -# check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } - -if [ -f "/etc/os-release" ]; then - . /etc/os-release -else - entrypoint_log "$ME: info: can not guess the operating system" - exit 0 -fi - -entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" - -case "$ID" in - "debian") - CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - "alpine") - CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - *) - entrypoint_log "$ME: info: Unsupported distribution" - exit 0 - ;; -esac - -# enable ipv6 on default.conf listen sockets -sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE - -entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" - -exit 0 diff --git a/mainline/alpine/20-envsubst-on-templates.sh b/mainline/alpine/20-envsubst-on-templates.sh deleted file mode 100755 index d0398b1e..00000000 --- a/mainline/alpine/20-envsubst-on-templates.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh - -set -e - -ME=$(basename $0) - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -auto_envsubst() { - local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" - local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" - local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" - local filter="${NGINX_ENVSUBST_FILTER:-}" - - local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) - [ -d "$template_dir" ] || return 0 - if [ ! -w "$output_dir" ]; then - entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" - return 0 - fi - find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$output_dir/${relative_path%$suffix}" - subdir=$(dirname "$relative_path") - # create a subdirectory where the template file exists - mkdir -p "$output_dir/$subdir" - entrypoint_log "$ME: Running envsubst on $template to $output_path" - envsubst "$defined_envs" < "$template" > "$output_path" - done -} - -auto_envsubst - -exit 0 diff --git a/mainline/alpine/30-tune-worker-processes.sh b/mainline/alpine/30-tune-worker-processes.sh deleted file mode 100755 index 9aa42e98..00000000 --- a/mainline/alpine/30-tune-worker-processes.sh +++ /dev/null @@ -1,188 +0,0 @@ -#!/bin/sh -# vim:sw=2:ts=2:sts=2:et - -set -eu - -LC_ALL=C -ME=$( basename "$0" ) -PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - -[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 - -touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } - -ceildiv() { - num=$1 - div=$2 - echo $(( (num + div - 1) / div )) -} - -get_cpuset() { - cpusetroot=$1 - cpusetfile=$2 - ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return 1 - for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do - case "$token" in - *-*) - count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) - ncpu=$(( ncpu+count )) - ;; - *) - ncpu=$(( ncpu+1 )) - ;; - esac - done - echo "$ncpu" -} - -get_quota() { - cpuroot=$1 - ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 - [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 - cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) - cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" -} - -get_quota_v2() { - cpuroot=$1 - ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return 1 - cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) - cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" -} - -get_cgroup_v1_path() { - needle=$1 - found= - foundroot= - mountpoint= - - [ -r "/proc/self/mountinfo" ] || return 1 - [ -r "/proc/self/cgroup" ] || return 1 - - while IFS= read -r line; do - case "$needle" in - "cpuset") - case "$line" in - *cpuset*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac - ;; - "cpu") - case "$line" in - *cpuset*) - ;; - *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac - esac - done << __EOF__ -$( grep -F -- '- cgroup ' /proc/self/mountinfo ) -__EOF__ - - while IFS= read -r line; do - controller=$( echo "$line" | cut -d: -f 2 ) - case "$needle" in - "cpuset") - case "$controller" in - cpuset) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac - ;; - "cpu") - case "$controller" in - cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac - ;; - esac -done << __EOF__ -$( grep -F -- 'cpu' /proc/self/cgroup ) -__EOF__ - - case "${found%% *}" in - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint") - foundroot="${found##* }" - ;; - esac - echo "$foundroot" -} - -get_cgroup_v2_path() { - found= - foundroot= - mountpoint= - - [ -r "/proc/self/mountinfo" ] || return 1 - [ -r "/proc/self/cgroup" ] || return 1 - - while IFS= read -r line; do - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - done << __EOF__ -$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) -__EOF__ - - while IFS= read -r line; do - mountpoint=$( echo "$line" | cut -d: -f 3 ) -done << __EOF__ -$( grep -F -- '0::' /proc/self/cgroup ) -__EOF__ - - case "${found%% *}" in - "") - return 1 - ;; - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint" | /../*) - foundroot="${found##* }" - ;; - esac - echo "$foundroot" -} - -ncpu_online=$( getconf _NPROCESSORS_ONLN ) -ncpu_cpuset= -ncpu_quota= -ncpu_cpuset_v2= -ncpu_quota_v2= - -cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online -cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online - -ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ - "$ncpu_online" \ - "$ncpu_cpuset" \ - "$ncpu_quota" \ - "$ncpu_cpuset_v2" \ - "$ncpu_quota_v2" \ - | sort -n \ - | head -n 1 ) - -sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index b81c2e29..c6550eb0 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,18 +3,11 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.17 +FROM nginx:1.23.2-alpine-slim -LABEL maintainer="NGINX Docker Maintainers " - -ENV NGINX_VERSION 1.23.2 ENV NJS_VERSION 0.7.7 -ENV PKG_RELEASE 1 RUN set -x \ -# create nginx user/group first, to be consistent throughout docker variants - && addgroup -g 101 -S nginx \ - && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ @@ -58,7 +51,6 @@ RUN set -x \ libxslt-dev \ gd-dev \ geoip-dev \ - perl-dev \ libedit-dev \ bash \ alpine-sdk \ @@ -77,7 +69,7 @@ RUN set -x \ && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ - && make all \ + && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ @@ -92,42 +84,5 @@ RUN set -x \ && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ -# Bring in gettext so we can get `envsubst`, then throw -# the rest away. To do this, we need to install `gettext` -# then move `envsubst` out of the way so `gettext` can -# be deleted completely, then move `envsubst` back. - && apk add --no-cache --virtual .gettext gettext \ - && mv /usr/bin/envsubst /tmp/ \ - \ - && runDeps="$( \ - scanelf --needed --nobanner /tmp/envsubst \ - | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ - | sort -u \ - | xargs -r apk info --installed \ - | sort -u \ - )" \ - && apk add --no-cache $runDeps \ - && apk del .gettext \ - && mv /tmp/envsubst /usr/local/bin/ \ -# Bring in tzdata so users could set the timezones through the environment -# variables - && apk add --no-cache tzdata \ # Bring in curl and ca-certificates to make registering on DNS SD easier - && apk add --no-cache curl ca-certificates \ -# forward request and error logs to docker log collector - && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log \ -# create a docker-entrypoint.d directory - && mkdir /docker-entrypoint.d - -COPY docker-entrypoint.sh / -COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d -COPY 20-envsubst-on-templates.sh /docker-entrypoint.d -COPY 30-tune-worker-processes.sh /docker-entrypoint.d -ENTRYPOINT ["/docker-entrypoint.sh"] - -EXPOSE 80 - -STOPSIGNAL SIGQUIT - -CMD ["nginx", "-g", "daemon off;"] + && apk add --no-cache curl ca-certificates diff --git a/mainline/alpine/docker-entrypoint.sh b/mainline/alpine/docker-entrypoint.sh deleted file mode 100755 index e201fe60..00000000 --- a/mainline/alpine/docker-entrypoint.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/sh -# vim:sw=4:ts=4:et - -set -e - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then - if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - - entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do - case "$f" in - *.envsh) - if [ -x "$f" ]; then - entrypoint_log "$0: Sourcing $f"; - . "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *.sh) - if [ -x "$f" ]; then - entrypoint_log "$0: Launching $f"; - "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *) entrypoint_log "$0: Ignoring $f";; - esac - done - - entrypoint_log "$0: Configuration complete; ready for start up" - else - entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" - fi -fi - -exec "$@" diff --git a/mainline/debian-perl/10-listen-on-ipv6-by-default.sh b/mainline/debian-perl/10-listen-on-ipv6-by-default.sh deleted file mode 100755 index b2655860..00000000 --- a/mainline/debian-perl/10-listen-on-ipv6-by-default.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/sh -# vim:sw=4:ts=4:et - -set -e - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -ME=$(basename $0) -DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" - -# check if we have ipv6 available -if [ ! -f "/proc/net/if_inet6" ]; then - entrypoint_log "$ME: info: ipv6 not available" - exit 0 -fi - -if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" - exit 0 -fi - -# check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } - -# check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } - -if [ -f "/etc/os-release" ]; then - . /etc/os-release -else - entrypoint_log "$ME: info: can not guess the operating system" - exit 0 -fi - -entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" - -case "$ID" in - "debian") - CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - "alpine") - CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - *) - entrypoint_log "$ME: info: Unsupported distribution" - exit 0 - ;; -esac - -# enable ipv6 on default.conf listen sockets -sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE - -entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" - -exit 0 diff --git a/mainline/debian-perl/20-envsubst-on-templates.sh b/mainline/debian-perl/20-envsubst-on-templates.sh deleted file mode 100755 index d0398b1e..00000000 --- a/mainline/debian-perl/20-envsubst-on-templates.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh - -set -e - -ME=$(basename $0) - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -auto_envsubst() { - local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" - local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" - local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" - local filter="${NGINX_ENVSUBST_FILTER:-}" - - local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) - [ -d "$template_dir" ] || return 0 - if [ ! -w "$output_dir" ]; then - entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" - return 0 - fi - find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$output_dir/${relative_path%$suffix}" - subdir=$(dirname "$relative_path") - # create a subdirectory where the template file exists - mkdir -p "$output_dir/$subdir" - entrypoint_log "$ME: Running envsubst on $template to $output_path" - envsubst "$defined_envs" < "$template" > "$output_path" - done -} - -auto_envsubst - -exit 0 diff --git a/mainline/debian-perl/30-tune-worker-processes.sh b/mainline/debian-perl/30-tune-worker-processes.sh deleted file mode 100755 index 9aa42e98..00000000 --- a/mainline/debian-perl/30-tune-worker-processes.sh +++ /dev/null @@ -1,188 +0,0 @@ -#!/bin/sh -# vim:sw=2:ts=2:sts=2:et - -set -eu - -LC_ALL=C -ME=$( basename "$0" ) -PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - -[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 - -touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } - -ceildiv() { - num=$1 - div=$2 - echo $(( (num + div - 1) / div )) -} - -get_cpuset() { - cpusetroot=$1 - cpusetfile=$2 - ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return 1 - for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do - case "$token" in - *-*) - count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) - ncpu=$(( ncpu+count )) - ;; - *) - ncpu=$(( ncpu+1 )) - ;; - esac - done - echo "$ncpu" -} - -get_quota() { - cpuroot=$1 - ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 - [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 - cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) - cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" -} - -get_quota_v2() { - cpuroot=$1 - ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return 1 - cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) - cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" -} - -get_cgroup_v1_path() { - needle=$1 - found= - foundroot= - mountpoint= - - [ -r "/proc/self/mountinfo" ] || return 1 - [ -r "/proc/self/cgroup" ] || return 1 - - while IFS= read -r line; do - case "$needle" in - "cpuset") - case "$line" in - *cpuset*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac - ;; - "cpu") - case "$line" in - *cpuset*) - ;; - *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac - esac - done << __EOF__ -$( grep -F -- '- cgroup ' /proc/self/mountinfo ) -__EOF__ - - while IFS= read -r line; do - controller=$( echo "$line" | cut -d: -f 2 ) - case "$needle" in - "cpuset") - case "$controller" in - cpuset) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac - ;; - "cpu") - case "$controller" in - cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac - ;; - esac -done << __EOF__ -$( grep -F -- 'cpu' /proc/self/cgroup ) -__EOF__ - - case "${found%% *}" in - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint") - foundroot="${found##* }" - ;; - esac - echo "$foundroot" -} - -get_cgroup_v2_path() { - found= - foundroot= - mountpoint= - - [ -r "/proc/self/mountinfo" ] || return 1 - [ -r "/proc/self/cgroup" ] || return 1 - - while IFS= read -r line; do - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - done << __EOF__ -$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) -__EOF__ - - while IFS= read -r line; do - mountpoint=$( echo "$line" | cut -d: -f 3 ) -done << __EOF__ -$( grep -F -- '0::' /proc/self/cgroup ) -__EOF__ - - case "${found%% *}" in - "") - return 1 - ;; - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint" | /../*) - foundroot="${found##* }" - ;; - esac - echo "$foundroot" -} - -ncpu_online=$( getconf _NPROCESSORS_ONLN ) -ncpu_cpuset= -ncpu_quota= -ncpu_cpuset_v2= -ncpu_quota_v2= - -cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online -cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online - -ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ - "$ncpu_online" \ - "$ncpu_cpuset" \ - "$ncpu_quota" \ - "$ncpu_cpuset_v2" \ - "$ncpu_quota_v2" \ - | sort -n \ - | head -n 1 ) - -sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 913ee5fe..92896b77 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,18 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM debian:bullseye-slim - -LABEL maintainer="NGINX Docker Maintainers " - -ENV NGINX_VERSION 1.23.2 -ENV NJS_VERSION 0.7.7 -ENV PKG_RELEASE 1~bullseye +FROM nginx:1.23.2 RUN set -x \ -# create nginx user/group first, to be consistent throughout docker variants - && addgroup --system --gid 101 nginx \ - && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ @@ -59,11 +50,11 @@ RUN set -x \ \ # build .deb files from upstream's source packages (which are verified by apt-get) && apt-get update \ - && apt-get build-dep -y $nginxPackages \ + && apt-get build-dep -y nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ && ( \ cd "$tempDir" \ && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile $nginxPackages \ + apt-get source --compile nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ @@ -95,21 +86,4 @@ RUN set -x \ && if [ -n "$tempDir" ]; then \ apt-get purge -y --auto-remove \ && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi \ -# forward request and error logs to docker log collector - && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log \ -# create a docker-entrypoint.d directory - && mkdir /docker-entrypoint.d - -COPY docker-entrypoint.sh / -COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d -COPY 20-envsubst-on-templates.sh /docker-entrypoint.d -COPY 30-tune-worker-processes.sh /docker-entrypoint.d -ENTRYPOINT ["/docker-entrypoint.sh"] - -EXPOSE 80 - -STOPSIGNAL SIGQUIT - -CMD ["nginx", "-g", "daemon off;"] + fi diff --git a/mainline/debian-perl/docker-entrypoint.sh b/mainline/debian-perl/docker-entrypoint.sh deleted file mode 100755 index e201fe60..00000000 --- a/mainline/debian-perl/docker-entrypoint.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/sh -# vim:sw=4:ts=4:et - -set -e - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then - if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - - entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do - case "$f" in - *.envsh) - if [ -x "$f" ]; then - entrypoint_log "$0: Sourcing $f"; - . "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *.sh) - if [ -x "$f" ]; then - entrypoint_log "$0: Launching $f"; - "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *) entrypoint_log "$0: Ignoring $f";; - esac - done - - entrypoint_log "$0: Configuration complete; ready for start up" - else - entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" - fi -fi - -exec "$@" diff --git a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh deleted file mode 100755 index b2655860..00000000 --- a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/sh -# vim:sw=4:ts=4:et - -set -e - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -ME=$(basename $0) -DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" - -# check if we have ipv6 available -if [ ! -f "/proc/net/if_inet6" ]; then - entrypoint_log "$ME: info: ipv6 not available" - exit 0 -fi - -if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" - exit 0 -fi - -# check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } - -# check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } - -if [ -f "/etc/os-release" ]; then - . /etc/os-release -else - entrypoint_log "$ME: info: can not guess the operating system" - exit 0 -fi - -entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" - -case "$ID" in - "debian") - CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - "alpine") - CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - *) - entrypoint_log "$ME: info: Unsupported distribution" - exit 0 - ;; -esac - -# enable ipv6 on default.conf listen sockets -sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE - -entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" - -exit 0 diff --git a/stable/alpine-perl/20-envsubst-on-templates.sh b/stable/alpine-perl/20-envsubst-on-templates.sh deleted file mode 100755 index d0398b1e..00000000 --- a/stable/alpine-perl/20-envsubst-on-templates.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh - -set -e - -ME=$(basename $0) - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -auto_envsubst() { - local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" - local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" - local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" - local filter="${NGINX_ENVSUBST_FILTER:-}" - - local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) - [ -d "$template_dir" ] || return 0 - if [ ! -w "$output_dir" ]; then - entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" - return 0 - fi - find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$output_dir/${relative_path%$suffix}" - subdir=$(dirname "$relative_path") - # create a subdirectory where the template file exists - mkdir -p "$output_dir/$subdir" - entrypoint_log "$ME: Running envsubst on $template to $output_path" - envsubst "$defined_envs" < "$template" > "$output_path" - done -} - -auto_envsubst - -exit 0 diff --git a/stable/alpine-perl/30-tune-worker-processes.sh b/stable/alpine-perl/30-tune-worker-processes.sh deleted file mode 100755 index 9aa42e98..00000000 --- a/stable/alpine-perl/30-tune-worker-processes.sh +++ /dev/null @@ -1,188 +0,0 @@ -#!/bin/sh -# vim:sw=2:ts=2:sts=2:et - -set -eu - -LC_ALL=C -ME=$( basename "$0" ) -PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - -[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 - -touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } - -ceildiv() { - num=$1 - div=$2 - echo $(( (num + div - 1) / div )) -} - -get_cpuset() { - cpusetroot=$1 - cpusetfile=$2 - ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return 1 - for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do - case "$token" in - *-*) - count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) - ncpu=$(( ncpu+count )) - ;; - *) - ncpu=$(( ncpu+1 )) - ;; - esac - done - echo "$ncpu" -} - -get_quota() { - cpuroot=$1 - ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 - [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 - cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) - cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" -} - -get_quota_v2() { - cpuroot=$1 - ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return 1 - cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) - cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" -} - -get_cgroup_v1_path() { - needle=$1 - found= - foundroot= - mountpoint= - - [ -r "/proc/self/mountinfo" ] || return 1 - [ -r "/proc/self/cgroup" ] || return 1 - - while IFS= read -r line; do - case "$needle" in - "cpuset") - case "$line" in - *cpuset*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac - ;; - "cpu") - case "$line" in - *cpuset*) - ;; - *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac - esac - done << __EOF__ -$( grep -F -- '- cgroup ' /proc/self/mountinfo ) -__EOF__ - - while IFS= read -r line; do - controller=$( echo "$line" | cut -d: -f 2 ) - case "$needle" in - "cpuset") - case "$controller" in - cpuset) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac - ;; - "cpu") - case "$controller" in - cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac - ;; - esac -done << __EOF__ -$( grep -F -- 'cpu' /proc/self/cgroup ) -__EOF__ - - case "${found%% *}" in - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint") - foundroot="${found##* }" - ;; - esac - echo "$foundroot" -} - -get_cgroup_v2_path() { - found= - foundroot= - mountpoint= - - [ -r "/proc/self/mountinfo" ] || return 1 - [ -r "/proc/self/cgroup" ] || return 1 - - while IFS= read -r line; do - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - done << __EOF__ -$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) -__EOF__ - - while IFS= read -r line; do - mountpoint=$( echo "$line" | cut -d: -f 3 ) -done << __EOF__ -$( grep -F -- '0::' /proc/self/cgroup ) -__EOF__ - - case "${found%% *}" in - "") - return 1 - ;; - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint" | /../*) - foundroot="${found##* }" - ;; - esac - echo "$foundroot" -} - -ncpu_online=$( getconf _NPROCESSORS_ONLN ) -ncpu_cpuset= -ncpu_quota= -ncpu_cpuset_v2= -ncpu_quota_v2= - -cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online -cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online - -ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ - "$ncpu_online" \ - "$ncpu_cpuset" \ - "$ncpu_quota" \ - "$ncpu_cpuset_v2" \ - "$ncpu_quota_v2" \ - | sort -n \ - | head -n 1 ) - -sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index b7118ba7..b1320e9e 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,18 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.17 - -LABEL maintainer="NGINX Docker Maintainers " - -ENV NGINX_VERSION 1.22.1 -ENV NJS_VERSION 0.7.7 -ENV PKG_RELEASE 1 +FROM nginx:1.22.1-alpine RUN set -x \ -# create nginx user/group first, to be consistent throughout docker variants - && addgroup -g 101 -S nginx \ - && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ @@ -56,11 +47,7 @@ RUN set -x \ pcre2-dev \ zlib-dev \ linux-headers \ - libxslt-dev \ - gd-dev \ - geoip-dev \ perl-dev \ - libedit-dev \ bash \ alpine-sdk \ findutils \ @@ -78,7 +65,7 @@ RUN set -x \ && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ - && make all \ + && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ @@ -92,43 +79,4 @@ RUN set -x \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ -# Bring in gettext so we can get `envsubst`, then throw -# the rest away. To do this, we need to install `gettext` -# then move `envsubst` out of the way so `gettext` can -# be deleted completely, then move `envsubst` back. - && apk add --no-cache --virtual .gettext gettext \ - && mv /usr/bin/envsubst /tmp/ \ - \ - && runDeps="$( \ - scanelf --needed --nobanner /tmp/envsubst \ - | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ - | sort -u \ - | xargs -r apk info --installed \ - | sort -u \ - )" \ - && apk add --no-cache $runDeps \ - && apk del .gettext \ - && mv /tmp/envsubst /usr/local/bin/ \ -# Bring in tzdata so users could set the timezones through the environment -# variables - && apk add --no-cache tzdata \ -# Bring in curl and ca-certificates to make registering on DNS SD easier - && apk add --no-cache curl ca-certificates \ -# forward request and error logs to docker log collector - && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log \ -# create a docker-entrypoint.d directory - && mkdir /docker-entrypoint.d - -COPY docker-entrypoint.sh / -COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d -COPY 20-envsubst-on-templates.sh /docker-entrypoint.d -COPY 30-tune-worker-processes.sh /docker-entrypoint.d -ENTRYPOINT ["/docker-entrypoint.sh"] - -EXPOSE 80 - -STOPSIGNAL SIGQUIT - -CMD ["nginx", "-g", "daemon off;"] + && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi diff --git a/stable/alpine-perl/docker-entrypoint.sh b/stable/alpine-perl/docker-entrypoint.sh deleted file mode 100755 index e201fe60..00000000 --- a/stable/alpine-perl/docker-entrypoint.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/sh -# vim:sw=4:ts=4:et - -set -e - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then - if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - - entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do - case "$f" in - *.envsh) - if [ -x "$f" ]; then - entrypoint_log "$0: Sourcing $f"; - . "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *.sh) - if [ -x "$f" ]; then - entrypoint_log "$0: Launching $f"; - "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *) entrypoint_log "$0: Ignoring $f";; - esac - done - - entrypoint_log "$0: Configuration complete; ready for start up" - else - entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" - fi -fi - -exec "$@" diff --git a/stable/alpine/10-listen-on-ipv6-by-default.sh b/stable/alpine/10-listen-on-ipv6-by-default.sh deleted file mode 100755 index b2655860..00000000 --- a/stable/alpine/10-listen-on-ipv6-by-default.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/sh -# vim:sw=4:ts=4:et - -set -e - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -ME=$(basename $0) -DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" - -# check if we have ipv6 available -if [ ! -f "/proc/net/if_inet6" ]; then - entrypoint_log "$ME: info: ipv6 not available" - exit 0 -fi - -if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" - exit 0 -fi - -# check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } - -# check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } - -if [ -f "/etc/os-release" ]; then - . /etc/os-release -else - entrypoint_log "$ME: info: can not guess the operating system" - exit 0 -fi - -entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" - -case "$ID" in - "debian") - CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - "alpine") - CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - *) - entrypoint_log "$ME: info: Unsupported distribution" - exit 0 - ;; -esac - -# enable ipv6 on default.conf listen sockets -sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE - -entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" - -exit 0 diff --git a/stable/alpine/20-envsubst-on-templates.sh b/stable/alpine/20-envsubst-on-templates.sh deleted file mode 100755 index d0398b1e..00000000 --- a/stable/alpine/20-envsubst-on-templates.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh - -set -e - -ME=$(basename $0) - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -auto_envsubst() { - local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" - local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" - local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" - local filter="${NGINX_ENVSUBST_FILTER:-}" - - local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) - [ -d "$template_dir" ] || return 0 - if [ ! -w "$output_dir" ]; then - entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" - return 0 - fi - find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$output_dir/${relative_path%$suffix}" - subdir=$(dirname "$relative_path") - # create a subdirectory where the template file exists - mkdir -p "$output_dir/$subdir" - entrypoint_log "$ME: Running envsubst on $template to $output_path" - envsubst "$defined_envs" < "$template" > "$output_path" - done -} - -auto_envsubst - -exit 0 diff --git a/stable/alpine/30-tune-worker-processes.sh b/stable/alpine/30-tune-worker-processes.sh deleted file mode 100755 index 9aa42e98..00000000 --- a/stable/alpine/30-tune-worker-processes.sh +++ /dev/null @@ -1,188 +0,0 @@ -#!/bin/sh -# vim:sw=2:ts=2:sts=2:et - -set -eu - -LC_ALL=C -ME=$( basename "$0" ) -PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - -[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 - -touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } - -ceildiv() { - num=$1 - div=$2 - echo $(( (num + div - 1) / div )) -} - -get_cpuset() { - cpusetroot=$1 - cpusetfile=$2 - ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return 1 - for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do - case "$token" in - *-*) - count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) - ncpu=$(( ncpu+count )) - ;; - *) - ncpu=$(( ncpu+1 )) - ;; - esac - done - echo "$ncpu" -} - -get_quota() { - cpuroot=$1 - ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 - [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 - cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) - cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" -} - -get_quota_v2() { - cpuroot=$1 - ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return 1 - cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) - cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" -} - -get_cgroup_v1_path() { - needle=$1 - found= - foundroot= - mountpoint= - - [ -r "/proc/self/mountinfo" ] || return 1 - [ -r "/proc/self/cgroup" ] || return 1 - - while IFS= read -r line; do - case "$needle" in - "cpuset") - case "$line" in - *cpuset*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac - ;; - "cpu") - case "$line" in - *cpuset*) - ;; - *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac - esac - done << __EOF__ -$( grep -F -- '- cgroup ' /proc/self/mountinfo ) -__EOF__ - - while IFS= read -r line; do - controller=$( echo "$line" | cut -d: -f 2 ) - case "$needle" in - "cpuset") - case "$controller" in - cpuset) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac - ;; - "cpu") - case "$controller" in - cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac - ;; - esac -done << __EOF__ -$( grep -F -- 'cpu' /proc/self/cgroup ) -__EOF__ - - case "${found%% *}" in - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint") - foundroot="${found##* }" - ;; - esac - echo "$foundroot" -} - -get_cgroup_v2_path() { - found= - foundroot= - mountpoint= - - [ -r "/proc/self/mountinfo" ] || return 1 - [ -r "/proc/self/cgroup" ] || return 1 - - while IFS= read -r line; do - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - done << __EOF__ -$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) -__EOF__ - - while IFS= read -r line; do - mountpoint=$( echo "$line" | cut -d: -f 3 ) -done << __EOF__ -$( grep -F -- '0::' /proc/self/cgroup ) -__EOF__ - - case "${found%% *}" in - "") - return 1 - ;; - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint" | /../*) - foundroot="${found##* }" - ;; - esac - echo "$foundroot" -} - -ncpu_online=$( getconf _NPROCESSORS_ONLN ) -ncpu_cpuset= -ncpu_quota= -ncpu_cpuset_v2= -ncpu_quota_v2= - -cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online -cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online - -ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ - "$ncpu_online" \ - "$ncpu_cpuset" \ - "$ncpu_quota" \ - "$ncpu_cpuset_v2" \ - "$ncpu_quota_v2" \ - | sort -n \ - | head -n 1 ) - -sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 86520fef..23d87fcb 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,18 +3,11 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.17 +FROM nginx:1.22.1-alpine-slim -LABEL maintainer="NGINX Docker Maintainers " - -ENV NGINX_VERSION 1.22.1 ENV NJS_VERSION 0.7.7 -ENV PKG_RELEASE 1 RUN set -x \ -# create nginx user/group first, to be consistent throughout docker variants - && addgroup -g 101 -S nginx \ - && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ @@ -58,7 +51,6 @@ RUN set -x \ libxslt-dev \ gd-dev \ geoip-dev \ - perl-dev \ libedit-dev \ bash \ alpine-sdk \ @@ -77,7 +69,7 @@ RUN set -x \ && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ - && make all \ + && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ @@ -92,42 +84,5 @@ RUN set -x \ && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ -# Bring in gettext so we can get `envsubst`, then throw -# the rest away. To do this, we need to install `gettext` -# then move `envsubst` out of the way so `gettext` can -# be deleted completely, then move `envsubst` back. - && apk add --no-cache --virtual .gettext gettext \ - && mv /usr/bin/envsubst /tmp/ \ - \ - && runDeps="$( \ - scanelf --needed --nobanner /tmp/envsubst \ - | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ - | sort -u \ - | xargs -r apk info --installed \ - | sort -u \ - )" \ - && apk add --no-cache $runDeps \ - && apk del .gettext \ - && mv /tmp/envsubst /usr/local/bin/ \ -# Bring in tzdata so users could set the timezones through the environment -# variables - && apk add --no-cache tzdata \ # Bring in curl and ca-certificates to make registering on DNS SD easier - && apk add --no-cache curl ca-certificates \ -# forward request and error logs to docker log collector - && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log \ -# create a docker-entrypoint.d directory - && mkdir /docker-entrypoint.d - -COPY docker-entrypoint.sh / -COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d -COPY 20-envsubst-on-templates.sh /docker-entrypoint.d -COPY 30-tune-worker-processes.sh /docker-entrypoint.d -ENTRYPOINT ["/docker-entrypoint.sh"] - -EXPOSE 80 - -STOPSIGNAL SIGQUIT - -CMD ["nginx", "-g", "daemon off;"] + && apk add --no-cache curl ca-certificates diff --git a/stable/alpine/docker-entrypoint.sh b/stable/alpine/docker-entrypoint.sh deleted file mode 100755 index e201fe60..00000000 --- a/stable/alpine/docker-entrypoint.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/sh -# vim:sw=4:ts=4:et - -set -e - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then - if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - - entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do - case "$f" in - *.envsh) - if [ -x "$f" ]; then - entrypoint_log "$0: Sourcing $f"; - . "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *.sh) - if [ -x "$f" ]; then - entrypoint_log "$0: Launching $f"; - "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *) entrypoint_log "$0: Ignoring $f";; - esac - done - - entrypoint_log "$0: Configuration complete; ready for start up" - else - entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" - fi -fi - -exec "$@" diff --git a/stable/debian-perl/10-listen-on-ipv6-by-default.sh b/stable/debian-perl/10-listen-on-ipv6-by-default.sh deleted file mode 100755 index b2655860..00000000 --- a/stable/debian-perl/10-listen-on-ipv6-by-default.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/sh -# vim:sw=4:ts=4:et - -set -e - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -ME=$(basename $0) -DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" - -# check if we have ipv6 available -if [ ! -f "/proc/net/if_inet6" ]; then - entrypoint_log "$ME: info: ipv6 not available" - exit 0 -fi - -if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" - exit 0 -fi - -# check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } - -# check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } - -if [ -f "/etc/os-release" ]; then - . /etc/os-release -else - entrypoint_log "$ME: info: can not guess the operating system" - exit 0 -fi - -entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" - -case "$ID" in - "debian") - CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - "alpine") - CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - *) - entrypoint_log "$ME: info: Unsupported distribution" - exit 0 - ;; -esac - -# enable ipv6 on default.conf listen sockets -sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE - -entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" - -exit 0 diff --git a/stable/debian-perl/20-envsubst-on-templates.sh b/stable/debian-perl/20-envsubst-on-templates.sh deleted file mode 100755 index d0398b1e..00000000 --- a/stable/debian-perl/20-envsubst-on-templates.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh - -set -e - -ME=$(basename $0) - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -auto_envsubst() { - local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" - local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" - local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" - local filter="${NGINX_ENVSUBST_FILTER:-}" - - local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) - [ -d "$template_dir" ] || return 0 - if [ ! -w "$output_dir" ]; then - entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" - return 0 - fi - find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$output_dir/${relative_path%$suffix}" - subdir=$(dirname "$relative_path") - # create a subdirectory where the template file exists - mkdir -p "$output_dir/$subdir" - entrypoint_log "$ME: Running envsubst on $template to $output_path" - envsubst "$defined_envs" < "$template" > "$output_path" - done -} - -auto_envsubst - -exit 0 diff --git a/stable/debian-perl/30-tune-worker-processes.sh b/stable/debian-perl/30-tune-worker-processes.sh deleted file mode 100755 index 9aa42e98..00000000 --- a/stable/debian-perl/30-tune-worker-processes.sh +++ /dev/null @@ -1,188 +0,0 @@ -#!/bin/sh -# vim:sw=2:ts=2:sts=2:et - -set -eu - -LC_ALL=C -ME=$( basename "$0" ) -PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - -[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 - -touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } - -ceildiv() { - num=$1 - div=$2 - echo $(( (num + div - 1) / div )) -} - -get_cpuset() { - cpusetroot=$1 - cpusetfile=$2 - ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return 1 - for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do - case "$token" in - *-*) - count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) - ncpu=$(( ncpu+count )) - ;; - *) - ncpu=$(( ncpu+1 )) - ;; - esac - done - echo "$ncpu" -} - -get_quota() { - cpuroot=$1 - ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 - [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 - cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) - cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" -} - -get_quota_v2() { - cpuroot=$1 - ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return 1 - cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) - cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" -} - -get_cgroup_v1_path() { - needle=$1 - found= - foundroot= - mountpoint= - - [ -r "/proc/self/mountinfo" ] || return 1 - [ -r "/proc/self/cgroup" ] || return 1 - - while IFS= read -r line; do - case "$needle" in - "cpuset") - case "$line" in - *cpuset*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac - ;; - "cpu") - case "$line" in - *cpuset*) - ;; - *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac - esac - done << __EOF__ -$( grep -F -- '- cgroup ' /proc/self/mountinfo ) -__EOF__ - - while IFS= read -r line; do - controller=$( echo "$line" | cut -d: -f 2 ) - case "$needle" in - "cpuset") - case "$controller" in - cpuset) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac - ;; - "cpu") - case "$controller" in - cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac - ;; - esac -done << __EOF__ -$( grep -F -- 'cpu' /proc/self/cgroup ) -__EOF__ - - case "${found%% *}" in - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint") - foundroot="${found##* }" - ;; - esac - echo "$foundroot" -} - -get_cgroup_v2_path() { - found= - foundroot= - mountpoint= - - [ -r "/proc/self/mountinfo" ] || return 1 - [ -r "/proc/self/cgroup" ] || return 1 - - while IFS= read -r line; do - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - done << __EOF__ -$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) -__EOF__ - - while IFS= read -r line; do - mountpoint=$( echo "$line" | cut -d: -f 3 ) -done << __EOF__ -$( grep -F -- '0::' /proc/self/cgroup ) -__EOF__ - - case "${found%% *}" in - "") - return 1 - ;; - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint" | /../*) - foundroot="${found##* }" - ;; - esac - echo "$foundroot" -} - -ncpu_online=$( getconf _NPROCESSORS_ONLN ) -ncpu_cpuset= -ncpu_quota= -ncpu_cpuset_v2= -ncpu_quota_v2= - -cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online -cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online - -ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ - "$ncpu_online" \ - "$ncpu_cpuset" \ - "$ncpu_quota" \ - "$ncpu_cpuset_v2" \ - "$ncpu_quota_v2" \ - | sort -n \ - | head -n 1 ) - -sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index c72c9283..2a72881a 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -3,18 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM debian:bullseye-slim - -LABEL maintainer="NGINX Docker Maintainers " - -ENV NGINX_VERSION 1.22.1 -ENV NJS_VERSION 0.7.7 -ENV PKG_RELEASE 1~bullseye +FROM nginx:1.22.1 RUN set -x \ -# create nginx user/group first, to be consistent throughout docker variants - && addgroup --system --gid 101 nginx \ - && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ @@ -59,11 +50,11 @@ RUN set -x \ \ # build .deb files from upstream's source packages (which are verified by apt-get) && apt-get update \ - && apt-get build-dep -y $nginxPackages \ + && apt-get build-dep -y nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ && ( \ cd "$tempDir" \ && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile $nginxPackages \ + apt-get source --compile nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ @@ -95,21 +86,4 @@ RUN set -x \ && if [ -n "$tempDir" ]; then \ apt-get purge -y --auto-remove \ && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi \ -# forward request and error logs to docker log collector - && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log \ -# create a docker-entrypoint.d directory - && mkdir /docker-entrypoint.d - -COPY docker-entrypoint.sh / -COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d -COPY 20-envsubst-on-templates.sh /docker-entrypoint.d -COPY 30-tune-worker-processes.sh /docker-entrypoint.d -ENTRYPOINT ["/docker-entrypoint.sh"] - -EXPOSE 80 - -STOPSIGNAL SIGQUIT - -CMD ["nginx", "-g", "daemon off;"] + fi diff --git a/stable/debian-perl/docker-entrypoint.sh b/stable/debian-perl/docker-entrypoint.sh deleted file mode 100755 index e201fe60..00000000 --- a/stable/debian-perl/docker-entrypoint.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/sh -# vim:sw=4:ts=4:et - -set -e - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then - if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - - entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do - case "$f" in - *.envsh) - if [ -x "$f" ]; then - entrypoint_log "$0: Sourcing $f"; - . "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *.sh) - if [ -x "$f" ]; then - entrypoint_log "$0: Launching $f"; - "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *) entrypoint_log "$0: Ignoring $f";; - esac - done - - entrypoint_log "$0: Configuration complete; ready for start up" - else - entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" - fi -fi - -exec "$@" From f27368329ff9f02b9973bc3a23d7a643e2485d7d Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 30 Nov 2022 13:59:54 +0400 Subject: [PATCH 029/160] Fixed Alpine signing key checksum check. On newer openssl (version 3), the output format for rsa command slightly changed, leading to a different checksum. The fix is to take a checksum for the whole file instead. Closes https://github.com/nginxinc/docker-nginx/issues/721 --- Dockerfile-alpine-perl.template | 4 ++-- Dockerfile-alpine-slim.template | 4 ++-- Dockerfile-alpine.template | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Dockerfile-alpine-perl.template b/Dockerfile-alpine-perl.template index f3a3c85f..a1aaac54 100644 --- a/Dockerfile-alpine-perl.template +++ b/Dockerfile-alpine-perl.template @@ -11,9 +11,9 @@ RUN set -x \ x86_64|aarch64) \ # arches officially built by upstream set -x \ - && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ echo "key verification succeeded!"; \ mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ else \ diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template index 5a60ba84..57b9be42 100644 --- a/Dockerfile-alpine-slim.template +++ b/Dockerfile-alpine-slim.template @@ -19,9 +19,9 @@ RUN set -x \ x86_64|aarch64) \ # arches officially built by upstream set -x \ - && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ echo "key verification succeeded!"; \ mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ else \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 82f0f56c..8c464dfd 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -13,9 +13,9 @@ RUN set -x \ x86_64|aarch64) \ # arches officially built by upstream set -x \ - && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ echo "key verification succeeded!"; \ mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ else \ From ce8322287b7def616fd077ea21c9c045c50ac461 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 30 Nov 2022 14:04:06 +0400 Subject: [PATCH 030/160] Updated njs to 0.7.9. --- update.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/update.sh b/update.sh index 5b245169..533c9683 100755 --- a/update.sh +++ b/update.sh @@ -18,8 +18,8 @@ declare -A nginx=( # Current njs versions declare -A njs=( - [mainline]='0.7.7' - [stable]='0.7.7' + [mainline]='0.7.9' + [stable]='0.7.9' ) # Current package patchlevel version @@ -44,16 +44,16 @@ declare -A alpine=( # when building alpine packages on architectures not supported by nginx.org # Remember to update pkgosschecksum when changing this. declare -A rev=( - [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' - [stable]='${NGINX_VERSION}-${PKG_RELEASE}' + [mainline]='756' + [stable]='757' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='98d244d5dea3f0c49692843b1857e21dc7353e749f9ff8a526036a3beeea299e156183b6a98070ffc68a23d191e1f24c577d7ea874f8cc27ce01f4dc832658b6' - [stable]='7266f418dcc9d89a2990f504d99ec58d10febbaf078c03630d42843955cee7e50b0f90fb317360384a32473839dc42d8b329b737015ec8dd0d028f90d4d5ed25' + [mainline]='5e79f9be4f8ba037fa8138fe50a8fc9e41a0192c1d8c9b2cc58b5c5f5eb3ac66b4807083d25ca21363f07075320a7566eb3e4d3317aa01d3b3e23b20943c411f' + [stable]='32a039e8d3cc54404a8ad4a31981e76a49632f1ebec2f45bb309689d6ba2f82e3e8aea8abf582b49931636ea53271b48a7e2f2ef8ebe35b167b3fe18b8b99852' ) get_packages() { From 4785a604aa40e0b0a69047a61e28781a2b0c2069 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 30 Nov 2022 14:05:04 +0400 Subject: [PATCH 031/160] Regenerated after last commits. --- mainline/alpine-perl/Dockerfile | 14 +++++++------- mainline/alpine-slim/Dockerfile | 14 +++++++------- mainline/alpine/Dockerfile | 16 ++++++++-------- mainline/debian/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 14 +++++++------- stable/alpine-slim/Dockerfile | 14 +++++++------- stable/alpine/Dockerfile | 16 ++++++++-------- stable/debian/Dockerfile | 2 +- 8 files changed, 46 insertions(+), 46 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index d0e13e4a..69b6dab8 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -22,9 +22,9 @@ RUN set -x \ x86_64|aarch64) \ # arches officially built by upstream set -x \ - && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ echo "key verification succeeded!"; \ mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ else \ @@ -54,16 +54,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"98d244d5dea3f0c49692843b1857e21dc7353e749f9ff8a526036a3beeea299e156183b6a98070ffc68a23d191e1f24c577d7ea874f8cc27ce01f4dc832658b6 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/756.tar.gz \ + && PKGOSSCHECKSUM=\"5e79f9be4f8ba037fa8138fe50a8fc9e41a0192c1d8c9b2cc58b5c5f5eb3ac66b4807083d25ca21363f07075320a7566eb3e4d3317aa01d3b3e23b20943c411f *756.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 756.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 756.tar.gz \ + && cd pkg-oss-756 \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 315f55f3..961af746 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -25,9 +25,9 @@ RUN set -x \ x86_64|aarch64) \ # arches officially built by upstream set -x \ - && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ echo "key verification succeeded!"; \ mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ else \ @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"98d244d5dea3f0c49692843b1857e21dc7353e749f9ff8a526036a3beeea299e156183b6a98070ffc68a23d191e1f24c577d7ea874f8cc27ce01f4dc832658b6 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/756.tar.gz \ + && PKGOSSCHECKSUM=\"5e79f9be4f8ba037fa8138fe50a8fc9e41a0192c1d8c9b2cc58b5c5f5eb3ac66b4807083d25ca21363f07075320a7566eb3e4d3317aa01d3b3e23b20943c411f *756.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 756.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 756.tar.gz \ + && cd pkg-oss-756 \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index c6550eb0..6749393b 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -5,7 +5,7 @@ # FROM nginx:1.23.2-alpine-slim -ENV NJS_VERSION 0.7.7 +ENV NJS_VERSION 0.7.9 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -23,9 +23,9 @@ RUN set -x \ x86_64|aarch64) \ # arches officially built by upstream set -x \ - && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ echo "key verification succeeded!"; \ mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ else \ @@ -58,16 +58,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"98d244d5dea3f0c49692843b1857e21dc7353e749f9ff8a526036a3beeea299e156183b6a98070ffc68a23d191e1f24c577d7ea874f8cc27ce01f4dc832658b6 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/756.tar.gz \ + && PKGOSSCHECKSUM=\"5e79f9be4f8ba037fa8138fe50a8fc9e41a0192c1d8c9b2cc58b5c5f5eb3ac66b4807083d25ca21363f07075320a7566eb3e4d3317aa01d3b3e23b20943c411f *756.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 756.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 756.tar.gz \ + && cd pkg-oss-756 \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index cd819d0d..22d4dc2c 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.23.2 -ENV NJS_VERSION 0.7.7 +ENV NJS_VERSION 0.7.9 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index b1320e9e..b681d57c 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -22,9 +22,9 @@ RUN set -x \ x86_64|aarch64) \ # arches officially built by upstream set -x \ - && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ echo "key verification succeeded!"; \ mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ else \ @@ -54,16 +54,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"7266f418dcc9d89a2990f504d99ec58d10febbaf078c03630d42843955cee7e50b0f90fb317360384a32473839dc42d8b329b737015ec8dd0d028f90d4d5ed25 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/757.tar.gz \ + && PKGOSSCHECKSUM=\"32a039e8d3cc54404a8ad4a31981e76a49632f1ebec2f45bb309689d6ba2f82e3e8aea8abf582b49931636ea53271b48a7e2f2ef8ebe35b167b3fe18b8b99852 *757.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 757.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 757.tar.gz \ + && cd pkg-oss-757 \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index e90b9598..ba490558 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -25,9 +25,9 @@ RUN set -x \ x86_64|aarch64) \ # arches officially built by upstream set -x \ - && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ echo "key verification succeeded!"; \ mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ else \ @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"7266f418dcc9d89a2990f504d99ec58d10febbaf078c03630d42843955cee7e50b0f90fb317360384a32473839dc42d8b329b737015ec8dd0d028f90d4d5ed25 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/757.tar.gz \ + && PKGOSSCHECKSUM=\"32a039e8d3cc54404a8ad4a31981e76a49632f1ebec2f45bb309689d6ba2f82e3e8aea8abf582b49931636ea53271b48a7e2f2ef8ebe35b167b3fe18b8b99852 *757.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 757.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 757.tar.gz \ + && cd pkg-oss-757 \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 23d87fcb..f7bf3881 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -5,7 +5,7 @@ # FROM nginx:1.22.1-alpine-slim -ENV NJS_VERSION 0.7.7 +ENV NJS_VERSION 0.7.9 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -23,9 +23,9 @@ RUN set -x \ x86_64|aarch64) \ # arches officially built by upstream set -x \ - && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ echo "key verification succeeded!"; \ mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ else \ @@ -58,16 +58,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"7266f418dcc9d89a2990f504d99ec58d10febbaf078c03630d42843955cee7e50b0f90fb317360384a32473839dc42d8b329b737015ec8dd0d028f90d4d5ed25 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/757.tar.gz \ + && PKGOSSCHECKSUM=\"32a039e8d3cc54404a8ad4a31981e76a49632f1ebec2f45bb309689d6ba2f82e3e8aea8abf582b49931636ea53271b48a7e2f2ef8ebe35b167b3fe18b8b99852 *757.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 757.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 757.tar.gz \ + && cd pkg-oss-757 \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index da4872d3..f40ef272 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.22.1 -ENV NJS_VERSION 0.7.7 +ENV NJS_VERSION 0.7.9 ENV PKG_RELEASE 1~bullseye RUN set -x \ From 564ae3cd9783719b91a210023f40e8a213766a3e Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 13 Dec 2022 11:55:37 -0800 Subject: [PATCH 032/160] generate-stackbrew-library.sh: build alpine-slim on all arches. --- generate-stackbrew-library.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 9bc067d2..e15b128e 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -107,7 +107,7 @@ for version in "${versions[@]}"; do echo cat <<-EOE Tags: $(join ', ' "${variantAliases[@]}") - Architectures: arm64v8, amd64 + Architectures: arm64v8, arm32v6, arm32v7, ppc64le, s390x, i386, amd64 GitCommit: $commit Directory: $version/$variant EOE From 5ce65c3efd395ee2d82d32670f233140e92dba99 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 13 Dec 2022 12:05:04 -0800 Subject: [PATCH 033/160] Updated mainline NGINX to 1.23.3. --- mainline/alpine-perl/Dockerfile | 12 ++++++------ mainline/alpine-slim/Dockerfile | 12 ++++++------ mainline/alpine/Dockerfile | 12 ++++++------ mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 2 +- update.sh | 6 +++--- 6 files changed, 23 insertions(+), 23 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 69b6dab8..4cc786d5 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.23.2-alpine +FROM nginx:1.23.3-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -54,16 +54,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/756.tar.gz \ - && PKGOSSCHECKSUM=\"5e79f9be4f8ba037fa8138fe50a8fc9e41a0192c1d8c9b2cc58b5c5f5eb3ac66b4807083d25ca21363f07075320a7566eb3e4d3317aa01d3b3e23b20943c411f *756.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 756.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"52a80f6c3b3914462f8a0b2fbadea950bcd79c1bd528386aff4c28d5a80c6920d783575a061a47b60fea800eef66bf5a0178a137ea51c37277fe9c2779715990 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 756.tar.gz \ - && cd pkg-oss-756 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 961af746..89ad6412 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.17 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.2 +ENV NGINX_VERSION 1.23.3 ENV PKG_RELEASE 1 RUN set -x \ @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/756.tar.gz \ - && PKGOSSCHECKSUM=\"5e79f9be4f8ba037fa8138fe50a8fc9e41a0192c1d8c9b2cc58b5c5f5eb3ac66b4807083d25ca21363f07075320a7566eb3e4d3317aa01d3b3e23b20943c411f *756.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 756.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"52a80f6c3b3914462f8a0b2fbadea950bcd79c1bd528386aff4c28d5a80c6920d783575a061a47b60fea800eef66bf5a0178a137ea51c37277fe9c2779715990 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 756.tar.gz \ - && cd pkg-oss-756 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 6749393b..68eacfd4 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.23.2-alpine-slim +FROM nginx:1.23.3-alpine-slim ENV NJS_VERSION 0.7.9 @@ -58,16 +58,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/756.tar.gz \ - && PKGOSSCHECKSUM=\"5e79f9be4f8ba037fa8138fe50a8fc9e41a0192c1d8c9b2cc58b5c5f5eb3ac66b4807083d25ca21363f07075320a7566eb3e4d3317aa01d3b3e23b20943c411f *756.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 756.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"52a80f6c3b3914462f8a0b2fbadea950bcd79c1bd528386aff4c28d5a80c6920d783575a061a47b60fea800eef66bf5a0178a137ea51c37277fe9c2779715990 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 756.tar.gz \ - && cd pkg-oss-756 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 92896b77..0f671d71 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.23.2 +FROM nginx:1.23.3 RUN set -x \ && apt-get update \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 22d4dc2c..01bcfd27 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,7 +7,7 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.2 +ENV NGINX_VERSION 1.23.3 ENV NJS_VERSION 0.7.9 ENV PKG_RELEASE 1~bullseye diff --git a/update.sh b/update.sh index 533c9683..662ff7f7 100755 --- a/update.sh +++ b/update.sh @@ -12,7 +12,7 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.23.2' + [mainline]='1.23.3' [stable]='1.22.1' ) @@ -44,7 +44,7 @@ declare -A alpine=( # when building alpine packages on architectures not supported by nginx.org # Remember to update pkgosschecksum when changing this. declare -A rev=( - [mainline]='756' + [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' [stable]='757' ) @@ -52,7 +52,7 @@ declare -A rev=( # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='5e79f9be4f8ba037fa8138fe50a8fc9e41a0192c1d8c9b2cc58b5c5f5eb3ac66b4807083d25ca21363f07075320a7566eb3e4d3317aa01d3b3e23b20943c411f' + [mainline]='52a80f6c3b3914462f8a0b2fbadea950bcd79c1bd528386aff4c28d5a80c6920d783575a061a47b60fea800eef66bf5a0178a137ea51c37277fe9c2779715990' [stable]='32a039e8d3cc54404a8ad4a31981e76a49632f1ebec2f45bb309689d6ba2f82e3e8aea8abf582b49931636ea53271b48a7e2f2ef8ebe35b167b3fe18b8b99852' ) From 38e2690b304b8dca4848f3e70a1fc95837f61510 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 9 Jan 2023 11:46:43 -0800 Subject: [PATCH 034/160] Debian-based dockerfiles: don't depend on deprecated apt-key. Fixes #739 --- Dockerfile-debian-perl.template | 10 +++++++--- Dockerfile-debian.template | 10 +++++++--- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/Dockerfile-debian-perl.template b/Dockerfile-debian-perl.template index 39e3b989..38b65598 100644 --- a/Dockerfile-debian-perl.template +++ b/Dockerfile-debian-perl.template @@ -5,15 +5,19 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + export GNUPGHOME="$(mktemp -d)"; \ found=''; \ for server in \ hkp://keyserver.ubuntu.com:80 \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ + rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages="%%PACKAGES%% @@ -21,13 +25,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index eaffeabe..b4f3bd94 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -14,15 +14,19 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + export GNUPGHOME="$(mktemp -d)"; \ found=''; \ for server in \ hkp://keyserver.ubuntu.com:80 \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ + rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages="%%PACKAGES%% @@ -30,13 +34,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ From 761fffeba0d867d6e80d38998073e0eaa456bb02 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 9 Jan 2023 11:55:09 -0800 Subject: [PATCH 035/160] Regenerated after last commit. --- mainline/debian-perl/Dockerfile | 10 +++++++--- mainline/debian/Dockerfile | 10 +++++++--- stable/debian-perl/Dockerfile | 10 +++++++--- stable/debian/Dockerfile | 10 +++++++--- 4 files changed, 28 insertions(+), 12 deletions(-) diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 0f671d71..fc304418 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -10,15 +10,19 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + export GNUPGHOME="$(mktemp -d)"; \ found=''; \ for server in \ hkp://keyserver.ubuntu.com:80 \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ + rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ @@ -32,13 +36,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 01bcfd27..e3e3f844 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -19,15 +19,19 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + export GNUPGHOME="$(mktemp -d)"; \ found=''; \ for server in \ hkp://keyserver.ubuntu.com:80 \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ + rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ @@ -40,13 +44,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 2a72881a..55d2b8ba 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -10,15 +10,19 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + export GNUPGHOME="$(mktemp -d)"; \ found=''; \ for server in \ hkp://keyserver.ubuntu.com:80 \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ + rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ @@ -32,13 +36,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index f40ef272..2bbeffd9 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -19,15 +19,19 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + export GNUPGHOME="$(mktemp -d)"; \ found=''; \ for server in \ hkp://keyserver.ubuntu.com:80 \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ + rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ @@ -40,13 +44,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ From 1bacdf4820c8b558e79b8cebb3e6f29c7fc77c17 Mon Sep 17 00:00:00 2001 From: Dave McAllister Date: Wed, 1 Mar 2023 11:43:31 -0800 Subject: [PATCH 036/160] adds the Code of Conduct file This adds the NGINX Code of Conduct file to the repo, as it is one of the recognized community guides by GitHub --- CODE_OF_CONDUCT.md | 74 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 CODE_OF_CONDUCT.md diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 00000000..aea287f6 --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,74 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as +contributors and maintainers pledge to making participation in our project and +our community a harassment-free experience for everyone, regardless of age, body +size, disability, ethnicity, sex characteristics, gender identity and expression, +level of experience, education, socio-economic status, nationality, personal +appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behavior that contributes to creating a positive environment +include: + +- Using welcoming and inclusive language +- Being respectful of differing viewpoints and experiences +- Gracefully accepting constructive criticism +- Focusing on what is best for the community +- Showing empathy towards other community members + +Examples of unacceptable behavior by participants include: + +- The use of sexualized language or imagery and unwelcome sexual attention or + advances +- Trolling, insulting/derogatory comments, and personal or political attacks +- Public or private harassment +- Publishing others' private information, such as a physical or electronic + address, without explicit permission +- Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable +behavior and are expected to take appropriate and fair corrective action in +response to any instances of unacceptable behavior. + +Project maintainers have the right and responsibility to remove, edit, or +reject comments, commits, code, wiki edits, issues, and other contributions +that are not aligned to this Code of Conduct, or to ban temporarily or +permanently any contributor for other behaviors that they deem inappropriate, +threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces +when an individual is representing the project or its community. Examples of +representing a project or community include using an official project e-mail +address, posting via an official social media account, or acting as an appointed +representative at an online or offline event. Representation of a project may be +further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported by contacting the moderation team at nginx-oss-community@f5.com. All +complaints will be reviewed and investigated and will result in a response that +is deemed necessary and appropriate to the circumstances. The project team is +obligated to maintain confidentiality with regard to the reporter of an incident. +Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good +faith may face temporary or permanent repercussions as determined by other +members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org), version 1.4, +available at + +For answers to common questions about this code of conduct, see + From beac75efbd331ef54c5409c410fbb4832ba09a3d Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 14 Feb 2023 17:55:40 -0800 Subject: [PATCH 037/160] Added distribution versions to generated tags. Refs https://github.com/nginxinc/docker-nginx/issues/649 --- generate-stackbrew-library.sh | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index e15b128e..d5b71cb2 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -60,9 +60,13 @@ for version in "${versions[@]}"; do fi versionAliases+=( ${aliases[$version]:-} ) + debianVersion="$(git show "$commit":"$version/$base/Dockerfile" | awk -F"[-:]" '$1 == "FROM debian" { print $2; exit }')" + debianAliases=( ${versionAliases[@]/%/-$debianVersion} ) + debianAliases=( "${debianAliases[@]//latest-/}" ) + echo cat <<-EOE - Tags: $(join ', ' "${versionAliases[@]}") + Tags: $(join ', ' "${versionAliases[@]}"), $(join ', ' "${debianAliases[@]}") Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x GitCommit: $commit Directory: $version/$base @@ -72,6 +76,7 @@ for version in "${versions[@]}"; do commit="$(dirCommit "$version/$variant")" variantAliases=( "${versionAliases[@]/%/-perl}" ) + variantAliases+=( "${versionAliases[@]/%/-${variant/debian/$debianVersion}}" ) variantAliases=( "${variantAliases[@]//latest-/}" ) echo @@ -83,10 +88,13 @@ for version in "${versions[@]}"; do EOE done + alpineVersion="$(git show "$commit":"$version/alpine-slim/Dockerfile" | awk -F: '$1 == "FROM alpine" { print $2; exit }')" + for variant in alpine alpine-perl; do commit="$(dirCommit "$version/$variant")" variantAliases=( "${versionAliases[@]/%/-$variant}" ) + variantAliases+=( "${versionAliases[@]/%/-${variant/alpine/alpine$alpineVersion}}" ) variantAliases=( "${variantAliases[@]//latest-/}" ) echo @@ -102,6 +110,7 @@ for version in "${versions[@]}"; do commit="$(dirCommit "$version/$variant")" variantAliases=( "${versionAliases[@]/%/-$variant}" ) + variantAliases+=( "${versionAliases[@]/%/-${variant/alpine/alpine$alpineVersion}}" ) variantAliases=( "${variantAliases[@]//latest-/}" ) echo From 73a5acae6945b75b433cafd0c9318e4378e72cbb Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 28 Mar 2023 12:14:25 -0700 Subject: [PATCH 038/160] Updated mainline nginx to 1.23.4. --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 4 ++-- update.sh | 6 +++--- 6 files changed, 13 insertions(+), 13 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 4cc786d5..134f4455 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.23.3-alpine +FROM nginx:1.23.4-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -55,7 +55,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"52a80f6c3b3914462f8a0b2fbadea950bcd79c1bd528386aff4c28d5a80c6920d783575a061a47b60fea800eef66bf5a0178a137ea51c37277fe9c2779715990 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"8f3f6c1ddd984c0c7320d3bea25eee42749db6d69c251223cf91d69b8d80b703ab39eb94fcf731399a7693ebd8dd37d1b3232ea1184ca98e5ca0ba6165e1a05c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 89ad6412..f35e861c 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.17 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.3 +ENV NGINX_VERSION 1.23.4 ENV PKG_RELEASE 1 RUN set -x \ @@ -57,7 +57,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"52a80f6c3b3914462f8a0b2fbadea950bcd79c1bd528386aff4c28d5a80c6920d783575a061a47b60fea800eef66bf5a0178a137ea51c37277fe9c2779715990 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"8f3f6c1ddd984c0c7320d3bea25eee42749db6d69c251223cf91d69b8d80b703ab39eb94fcf731399a7693ebd8dd37d1b3232ea1184ca98e5ca0ba6165e1a05c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 68eacfd4..bb064be5 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.23.3-alpine-slim +FROM nginx:1.23.4-alpine-slim -ENV NJS_VERSION 0.7.9 +ENV NJS_VERSION 0.7.11 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"52a80f6c3b3914462f8a0b2fbadea950bcd79c1bd528386aff4c28d5a80c6920d783575a061a47b60fea800eef66bf5a0178a137ea51c37277fe9c2779715990 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"8f3f6c1ddd984c0c7320d3bea25eee42749db6d69c251223cf91d69b8d80b703ab39eb94fcf731399a7693ebd8dd37d1b3232ea1184ca98e5ca0ba6165e1a05c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index fc304418..44ac453d 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.23.3 +FROM nginx:1.23.4 RUN set -x \ && apt-get update \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index e3e3f844..31b13877 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.3 -ENV NJS_VERSION 0.7.9 +ENV NGINX_VERSION 1.23.4 +ENV NJS_VERSION 0.7.11 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/update.sh b/update.sh index 662ff7f7..4c059b96 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.23.3' + [mainline]='1.23.4' [stable]='1.22.1' ) # Current njs versions declare -A njs=( - [mainline]='0.7.9' + [mainline]='0.7.11' [stable]='0.7.9' ) @@ -52,7 +52,7 @@ declare -A rev=( # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='52a80f6c3b3914462f8a0b2fbadea950bcd79c1bd528386aff4c28d5a80c6920d783575a061a47b60fea800eef66bf5a0178a137ea51c37277fe9c2779715990' + [mainline]='8f3f6c1ddd984c0c7320d3bea25eee42749db6d69c251223cf91d69b8d80b703ab39eb94fcf731399a7693ebd8dd37d1b3232ea1184ca98e5ca0ba6165e1a05c' [stable]='32a039e8d3cc54404a8ad4a31981e76a49632f1ebec2f45bb309689d6ba2f82e3e8aea8abf582b49931636ea53271b48a7e2f2ef8ebe35b167b3fe18b8b99852' ) From 7f1ef355dea083761951da16ab02ea2c37addbdd Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 28 Mar 2023 12:34:13 -0700 Subject: [PATCH 039/160] Updated njs for stable to 0.7.11. --- stable/alpine-perl/Dockerfile | 10 +++++----- stable/alpine-slim/Dockerfile | 10 +++++----- stable/alpine/Dockerfile | 12 ++++++------ stable/debian/Dockerfile | 2 +- update.sh | 6 +++--- 5 files changed, 20 insertions(+), 20 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index b681d57c..d929754c 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -54,16 +54,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/757.tar.gz \ - && PKGOSSCHECKSUM=\"32a039e8d3cc54404a8ad4a31981e76a49632f1ebec2f45bb309689d6ba2f82e3e8aea8abf582b49931636ea53271b48a7e2f2ef8ebe35b167b3fe18b8b99852 *757.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 757.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/811.tar.gz \ + && PKGOSSCHECKSUM=\"c979fbdcc429d146f7fce922b0cc3f47dfbfbec5685af82395c59e21216dce47ef13fc26d610f1faabc0cb3a4ee58b42000c511bf77277f0898f5de55c868dcc *811.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 811.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 757.tar.gz \ - && cd pkg-oss-757 \ + && tar xzvf 811.tar.gz \ + && cd pkg-oss-811 \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index ba490558..221f28b3 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/757.tar.gz \ - && PKGOSSCHECKSUM=\"32a039e8d3cc54404a8ad4a31981e76a49632f1ebec2f45bb309689d6ba2f82e3e8aea8abf582b49931636ea53271b48a7e2f2ef8ebe35b167b3fe18b8b99852 *757.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 757.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/811.tar.gz \ + && PKGOSSCHECKSUM=\"c979fbdcc429d146f7fce922b0cc3f47dfbfbec5685af82395c59e21216dce47ef13fc26d610f1faabc0cb3a4ee58b42000c511bf77277f0898f5de55c868dcc *811.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 811.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 757.tar.gz \ - && cd pkg-oss-757 \ + && tar xzvf 811.tar.gz \ + && cd pkg-oss-811 \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index f7bf3881..a5b7d644 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -5,7 +5,7 @@ # FROM nginx:1.22.1-alpine-slim -ENV NJS_VERSION 0.7.9 +ENV NJS_VERSION 0.7.11 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -58,16 +58,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/757.tar.gz \ - && PKGOSSCHECKSUM=\"32a039e8d3cc54404a8ad4a31981e76a49632f1ebec2f45bb309689d6ba2f82e3e8aea8abf582b49931636ea53271b48a7e2f2ef8ebe35b167b3fe18b8b99852 *757.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 757.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/811.tar.gz \ + && PKGOSSCHECKSUM=\"c979fbdcc429d146f7fce922b0cc3f47dfbfbec5685af82395c59e21216dce47ef13fc26d610f1faabc0cb3a4ee58b42000c511bf77277f0898f5de55c868dcc *811.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 811.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 757.tar.gz \ - && cd pkg-oss-757 \ + && tar xzvf 811.tar.gz \ + && cd pkg-oss-811 \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 2bbeffd9..db048dd6 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.22.1 -ENV NJS_VERSION 0.7.9 +ENV NJS_VERSION 0.7.11 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/update.sh b/update.sh index 4c059b96..42152377 100755 --- a/update.sh +++ b/update.sh @@ -19,7 +19,7 @@ declare -A nginx=( # Current njs versions declare -A njs=( [mainline]='0.7.11' - [stable]='0.7.9' + [stable]='0.7.11' ) # Current package patchlevel version @@ -45,7 +45,7 @@ declare -A alpine=( # Remember to update pkgosschecksum when changing this. declare -A rev=( [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' - [stable]='757' + [stable]='811' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code @@ -53,7 +53,7 @@ declare -A rev=( # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( [mainline]='8f3f6c1ddd984c0c7320d3bea25eee42749db6d69c251223cf91d69b8d80b703ab39eb94fcf731399a7693ebd8dd37d1b3232ea1184ca98e5ca0ba6165e1a05c' - [stable]='32a039e8d3cc54404a8ad4a31981e76a49632f1ebec2f45bb309689d6ba2f82e3e8aea8abf582b49931636ea53271b48a7e2f2ef8ebe35b167b3fe18b8b99852' + [stable]='c979fbdcc429d146f7fce922b0cc3f47dfbfbec5685af82395c59e21216dce47ef13fc26d610f1faabc0cb3a4ee58b42000c511bf77277f0898f5de55c868dcc' ) get_packages() { From 1a8d87b69760693a8e33cd8a9e0c2e5f0e8b0e3c Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 11 Apr 2023 12:57:07 -0700 Subject: [PATCH 040/160] Updated stable nginx to 1.24.0. --- generate-stackbrew-library.sh | 2 +- stable/alpine-perl/Dockerfile | 12 ++++++------ stable/alpine-slim/Dockerfile | 12 ++++++------ stable/alpine/Dockerfile | 14 +++++++------- stable/debian-perl/Dockerfile | 2 +- stable/debian/Dockerfile | 4 ++-- sync-awsecr.sh | 2 +- update.sh | 8 ++++---- 8 files changed, 28 insertions(+), 28 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index d5b71cb2..cb25d013 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -4,7 +4,7 @@ set -eu declare -A aliases aliases=( [mainline]='1 1.23 latest' - [stable]='1.22' + [stable]='1.24' ) self="$(basename "$BASH_SOURCE")" diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index d929754c..15cc834a 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.22.1-alpine +FROM nginx:1.24.0-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -54,16 +54,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/811.tar.gz \ - && PKGOSSCHECKSUM=\"c979fbdcc429d146f7fce922b0cc3f47dfbfbec5685af82395c59e21216dce47ef13fc26d610f1faabc0cb3a4ee58b42000c511bf77277f0898f5de55c868dcc *811.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 811.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"dc47dbaeb1c0874b264d34ddfec40e7d2b814e7db48d144e12d5991c743ef5fcf780ecbab72324e562dd84bb9c0e4dd71d14850b20ceaf470c46f8fe7510275b *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 811.tar.gz \ - && cd pkg-oss-811 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 221f28b3..0f8c0b29 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.17 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.22.1 +ENV NGINX_VERSION 1.24.0 ENV PKG_RELEASE 1 RUN set -x \ @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/811.tar.gz \ - && PKGOSSCHECKSUM=\"c979fbdcc429d146f7fce922b0cc3f47dfbfbec5685af82395c59e21216dce47ef13fc26d610f1faabc0cb3a4ee58b42000c511bf77277f0898f5de55c868dcc *811.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 811.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"dc47dbaeb1c0874b264d34ddfec40e7d2b814e7db48d144e12d5991c743ef5fcf780ecbab72324e562dd84bb9c0e4dd71d14850b20ceaf470c46f8fe7510275b *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 811.tar.gz \ - && cd pkg-oss-811 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index a5b7d644..a5842e10 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.22.1-alpine-slim +FROM nginx:1.24.0-alpine-slim -ENV NJS_VERSION 0.7.11 +ENV NJS_VERSION 0.7.12 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -58,16 +58,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/811.tar.gz \ - && PKGOSSCHECKSUM=\"c979fbdcc429d146f7fce922b0cc3f47dfbfbec5685af82395c59e21216dce47ef13fc26d610f1faabc0cb3a4ee58b42000c511bf77277f0898f5de55c868dcc *811.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 811.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"dc47dbaeb1c0874b264d34ddfec40e7d2b814e7db48d144e12d5991c743ef5fcf780ecbab72324e562dd84bb9c0e4dd71d14850b20ceaf470c46f8fe7510275b *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 811.tar.gz \ - && cd pkg-oss-811 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 55d2b8ba..e485478c 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.22.1 +FROM nginx:1.24.0 RUN set -x \ && apt-get update \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index db048dd6..be3ec607 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.22.1 -ENV NJS_VERSION 0.7.11 +ENV NGINX_VERSION 1.24.0 +ENV NJS_VERSION 0.7.12 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/sync-awsecr.sh b/sync-awsecr.sh index 3e10a9ba..015dd630 100755 --- a/sync-awsecr.sh +++ b/sync-awsecr.sh @@ -7,7 +7,7 @@ registry="public.ecr.aws/z9d2n7e1" declare -A aliases aliases=( [mainline]='1 1.23 latest' - [stable]='1.22' + [stable]='1.24' ) architectures=( amd64 arm64v8 ) diff --git a/update.sh b/update.sh index 42152377..e545c72b 100755 --- a/update.sh +++ b/update.sh @@ -13,13 +13,13 @@ declare branches=( # Remember to update pkgosschecksum when changing this. declare -A nginx=( [mainline]='1.23.4' - [stable]='1.22.1' + [stable]='1.24.0' ) # Current njs versions declare -A njs=( [mainline]='0.7.11' - [stable]='0.7.11' + [stable]='0.7.12' ) # Current package patchlevel version @@ -45,7 +45,7 @@ declare -A alpine=( # Remember to update pkgosschecksum when changing this. declare -A rev=( [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' - [stable]='811' + [stable]='${NGINX_VERSION}-${PKG_RELEASE}' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code @@ -53,7 +53,7 @@ declare -A rev=( # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( [mainline]='8f3f6c1ddd984c0c7320d3bea25eee42749db6d69c251223cf91d69b8d80b703ab39eb94fcf731399a7693ebd8dd37d1b3232ea1184ca98e5ca0ba6165e1a05c' - [stable]='c979fbdcc429d146f7fce922b0cc3f47dfbfbec5685af82395c59e21216dce47ef13fc26d610f1faabc0cb3a4ee58b42000c511bf77277f0898f5de55c868dcc' + [stable]='dc47dbaeb1c0874b264d34ddfec40e7d2b814e7db48d144e12d5991c743ef5fcf780ecbab72324e562dd84bb9c0e4dd71d14850b20ceaf470c46f8fe7510275b' ) get_packages() { From b053826f5ddc6cccd43ada260c8077744319363d Mon Sep 17 00:00:00 2001 From: Iain Henderson Date: Thu, 18 May 2023 07:08:35 -0400 Subject: [PATCH 041/160] 20-envsubst-on-templates.sh: added stream templating. Fixes: https://github.com/nginxinc/docker-nginx/pull/782 --- entrypoint/20-envsubst-on-templates.sh | 39 ++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/entrypoint/20-envsubst-on-templates.sh b/entrypoint/20-envsubst-on-templates.sh index d0398b1e..f3fb9fcb 100755 --- a/entrypoint/20-envsubst-on-templates.sh +++ b/entrypoint/20-envsubst-on-templates.sh @@ -10,10 +10,30 @@ entrypoint_log() { fi } +add_stream_block() { + local conffile="/etc/nginx/nginx.conf" + + if grep -q -E "\s*stream\s*\{" "$conffile"; then + entrypoint_log "$ME: $conffile contains a stream block; include $stream_output_dir/*.conf to enable stream templates" + else + # check if the file can be modified, e.g. not on a r/o filesystem + touch "$conffile" 2>/dev/null || { entrypoint_log "$ME: info: can not modify $conffile (read-only file system?)"; exit 0; } + entrypoint_log "$ME: Appending stream block to $conffile to include $stream_output_dir/*.conf" + cat << END >> "$conffile" +# added by "$ME" on "$(date)" +stream { + include $stream_output_dir/*.conf; +} +END + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local stream_suffix="${NGINX_ENVSUBST_STREAM_TEMPLATE_SUFFIX:-.stream-template}" + local stream_output_dir="${NGINX_ENVSUBST_STREAM_OUTPUT_DIR:-/etc/nginx/stream-conf.d}" local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir @@ -32,6 +52,25 @@ auto_envsubst() { entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done + + # Print the first file with the stream suffix, this will be false if there are none + if test -n "$(find "$template_dir" -name "*$stream_suffix" -print -quit)"; then + mkdir -p "$stream_output_dir" + if [ ! -w "$stream_output_dir" ]; then + entrypoint_log "$ME: ERROR: $template_dir exists, but $stream_output_dir is not writable" + return 0 + fi + add_stream_block + find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do + relative_path="${template#$template_dir/}" + output_path="$stream_output_dir/${relative_path%$stream_suffix}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$stream_output_dir/$subdir" + entrypoint_log "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done + fi } auto_envsubst From ee6b833b5d9d1966b85a5d318efc04cf8b1c1ba5 Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Tue, 23 May 2023 15:13:44 -0700 Subject: [PATCH 042/160] Bump NGINX mainline to 1.25.0, NJS to 0.7.12 --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine-slim/Dockerfile | 2 +- mainline/alpine/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 4 ++-- update.sh | 4 ++-- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 134f4455..9a97a76f 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.23.4-alpine +FROM nginx:1.25.0-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index f35e861c..cfac0da7 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.17 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.4 +ENV NGINX_VERSION 1.25.0 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index bb064be5..e02bf1e8 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.23.4-alpine-slim +FROM nginx:1.25.0-alpine-slim -ENV NJS_VERSION 0.7.11 +ENV NJS_VERSION 0.7.12 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 44ac453d..fe8ab0e5 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.23.4 +FROM nginx:1.25.0 RUN set -x \ && apt-get update \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 31b13877..c3ccd5d4 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.4 -ENV NJS_VERSION 0.7.11 +ENV NGINX_VERSION 1.25.0 +ENV NJS_VERSION 0.7.12 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/update.sh b/update.sh index e545c72b..36e7cc08 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.23.4' + [mainline]='1.25.0' [stable]='1.24.0' ) # Current njs versions declare -A njs=( - [mainline]='0.7.11' + [mainline]='0.7.12' [stable]='0.7.12' ) From 123ef33694fccfefcb7db63251b21c0496537c76 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 May 2023 17:25:42 -0700 Subject: [PATCH 043/160] Updated pkgosschecksum to fetch sources for 1.25.0 builds. --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine-slim/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- update.sh | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 9a97a76f..93576b1c 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -55,7 +55,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"8f3f6c1ddd984c0c7320d3bea25eee42749db6d69c251223cf91d69b8d80b703ab39eb94fcf731399a7693ebd8dd37d1b3232ea1184ca98e5ca0ba6165e1a05c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"18bee4bd498e0b8da765e8cd2d824e1027d40fd95d55fd59339cdb5d5e0e633795f4196c76045e86027cdfc6ab05a3cc0d39b25bd0a967f1edd47910d813262a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index cfac0da7..8edcb094 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -57,7 +57,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"8f3f6c1ddd984c0c7320d3bea25eee42749db6d69c251223cf91d69b8d80b703ab39eb94fcf731399a7693ebd8dd37d1b3232ea1184ca98e5ca0ba6165e1a05c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"18bee4bd498e0b8da765e8cd2d824e1027d40fd95d55fd59339cdb5d5e0e633795f4196c76045e86027cdfc6ab05a3cc0d39b25bd0a967f1edd47910d813262a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index e02bf1e8..901442b4 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"8f3f6c1ddd984c0c7320d3bea25eee42749db6d69c251223cf91d69b8d80b703ab39eb94fcf731399a7693ebd8dd37d1b3232ea1184ca98e5ca0ba6165e1a05c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"18bee4bd498e0b8da765e8cd2d824e1027d40fd95d55fd59339cdb5d5e0e633795f4196c76045e86027cdfc6ab05a3cc0d39b25bd0a967f1edd47910d813262a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/update.sh b/update.sh index 36e7cc08..c8363f98 100755 --- a/update.sh +++ b/update.sh @@ -52,7 +52,7 @@ declare -A rev=( # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='8f3f6c1ddd984c0c7320d3bea25eee42749db6d69c251223cf91d69b8d80b703ab39eb94fcf731399a7693ebd8dd37d1b3232ea1184ca98e5ca0ba6165e1a05c' + [mainline]='18bee4bd498e0b8da765e8cd2d824e1027d40fd95d55fd59339cdb5d5e0e633795f4196c76045e86027cdfc6ab05a3cc0d39b25bd0a967f1edd47910d813262a' [stable]='dc47dbaeb1c0874b264d34ddfec40e7d2b814e7db48d144e12d5991c743ef5fcf780ecbab72324e562dd84bb9c0e4dd71d14850b20ceaf470c46f8fe7510275b' ) From 3591b5e431af710432bd4852d9ee26eb19992776 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 May 2023 17:31:05 -0700 Subject: [PATCH 044/160] Updated mainline entrypoints after b053826f5ddc6cccd43ada260c8077744319363d. --- .../alpine-slim/20-envsubst-on-templates.sh | 39 +++++++++++++++++++ mainline/debian/20-envsubst-on-templates.sh | 39 +++++++++++++++++++ 2 files changed, 78 insertions(+) diff --git a/mainline/alpine-slim/20-envsubst-on-templates.sh b/mainline/alpine-slim/20-envsubst-on-templates.sh index d0398b1e..f3fb9fcb 100755 --- a/mainline/alpine-slim/20-envsubst-on-templates.sh +++ b/mainline/alpine-slim/20-envsubst-on-templates.sh @@ -10,10 +10,30 @@ entrypoint_log() { fi } +add_stream_block() { + local conffile="/etc/nginx/nginx.conf" + + if grep -q -E "\s*stream\s*\{" "$conffile"; then + entrypoint_log "$ME: $conffile contains a stream block; include $stream_output_dir/*.conf to enable stream templates" + else + # check if the file can be modified, e.g. not on a r/o filesystem + touch "$conffile" 2>/dev/null || { entrypoint_log "$ME: info: can not modify $conffile (read-only file system?)"; exit 0; } + entrypoint_log "$ME: Appending stream block to $conffile to include $stream_output_dir/*.conf" + cat << END >> "$conffile" +# added by "$ME" on "$(date)" +stream { + include $stream_output_dir/*.conf; +} +END + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local stream_suffix="${NGINX_ENVSUBST_STREAM_TEMPLATE_SUFFIX:-.stream-template}" + local stream_output_dir="${NGINX_ENVSUBST_STREAM_OUTPUT_DIR:-/etc/nginx/stream-conf.d}" local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir @@ -32,6 +52,25 @@ auto_envsubst() { entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done + + # Print the first file with the stream suffix, this will be false if there are none + if test -n "$(find "$template_dir" -name "*$stream_suffix" -print -quit)"; then + mkdir -p "$stream_output_dir" + if [ ! -w "$stream_output_dir" ]; then + entrypoint_log "$ME: ERROR: $template_dir exists, but $stream_output_dir is not writable" + return 0 + fi + add_stream_block + find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do + relative_path="${template#$template_dir/}" + output_path="$stream_output_dir/${relative_path%$stream_suffix}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$stream_output_dir/$subdir" + entrypoint_log "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done + fi } auto_envsubst diff --git a/mainline/debian/20-envsubst-on-templates.sh b/mainline/debian/20-envsubst-on-templates.sh index d0398b1e..f3fb9fcb 100755 --- a/mainline/debian/20-envsubst-on-templates.sh +++ b/mainline/debian/20-envsubst-on-templates.sh @@ -10,10 +10,30 @@ entrypoint_log() { fi } +add_stream_block() { + local conffile="/etc/nginx/nginx.conf" + + if grep -q -E "\s*stream\s*\{" "$conffile"; then + entrypoint_log "$ME: $conffile contains a stream block; include $stream_output_dir/*.conf to enable stream templates" + else + # check if the file can be modified, e.g. not on a r/o filesystem + touch "$conffile" 2>/dev/null || { entrypoint_log "$ME: info: can not modify $conffile (read-only file system?)"; exit 0; } + entrypoint_log "$ME: Appending stream block to $conffile to include $stream_output_dir/*.conf" + cat << END >> "$conffile" +# added by "$ME" on "$(date)" +stream { + include $stream_output_dir/*.conf; +} +END + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local stream_suffix="${NGINX_ENVSUBST_STREAM_TEMPLATE_SUFFIX:-.stream-template}" + local stream_output_dir="${NGINX_ENVSUBST_STREAM_OUTPUT_DIR:-/etc/nginx/stream-conf.d}" local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir @@ -32,6 +52,25 @@ auto_envsubst() { entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done + + # Print the first file with the stream suffix, this will be false if there are none + if test -n "$(find "$template_dir" -name "*$stream_suffix" -print -quit)"; then + mkdir -p "$stream_output_dir" + if [ ! -w "$stream_output_dir" ]; then + entrypoint_log "$ME: ERROR: $template_dir exists, but $stream_output_dir is not writable" + return 0 + fi + add_stream_block + find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do + relative_path="${template#$template_dir/}" + output_path="$stream_output_dir/${relative_path%$stream_suffix}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$stream_output_dir/$subdir" + entrypoint_log "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done + fi } auto_envsubst From 0cfc9381f01c6cd455e014ad738b5bcdffe8024c Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 24 May 2023 09:45:03 -0700 Subject: [PATCH 045/160] Bumped mainline version to 1.25 in auxiliary scripts. --- generate-stackbrew-library.sh | 2 +- sync-awsecr.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index cb25d013..eba3c321 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -3,7 +3,7 @@ set -eu declare -A aliases aliases=( - [mainline]='1 1.23 latest' + [mainline]='1 1.25 latest' [stable]='1.24' ) diff --git a/sync-awsecr.sh b/sync-awsecr.sh index 015dd630..8730f1b9 100755 --- a/sync-awsecr.sh +++ b/sync-awsecr.sh @@ -6,7 +6,7 @@ registry="public.ecr.aws/z9d2n7e1" declare -A aliases aliases=( - [mainline]='1 1.23 latest' + [mainline]='1 1.25 latest' [stable]='1.24' ) From 2b0c2850785c31550087ab9010c6b7cf0890f714 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 24 May 2023 18:51:40 -0700 Subject: [PATCH 046/160] Added a local resolver entrypoint script. If enabled via NGINX_ENTRYPOINT_LOCAL_RESOLVERS variable, this script will populate NGINX_LOCAL_RESOLVERS variable that can be used in the envsubst-base templating to populate the configuration files. Fixes https://github.com/nginxinc/docker-nginx/issues/673 --- Dockerfile-alpine-slim.template | 1 + Dockerfile-debian.template | 1 + entrypoint/15-local-resolvers.envsh | 11 +++++++++++ 3 files changed, 13 insertions(+) create mode 100755 entrypoint/15-local-resolvers.envsh diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template index 57b9be42..65be8916 100644 --- a/Dockerfile-alpine-slim.template +++ b/Dockerfile-alpine-slim.template @@ -104,6 +104,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 15-local-resolvers.envsh /docker-entrypoint.d COPY 20-envsubst-on-templates.sh /docker-entrypoint.d COPY 30-tune-worker-processes.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index b4f3bd94..404094f1 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -97,6 +97,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 15-local-resolvers.envsh /docker-entrypoint.d COPY 20-envsubst-on-templates.sh /docker-entrypoint.d COPY 30-tune-worker-processes.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] diff --git a/entrypoint/15-local-resolvers.envsh b/entrypoint/15-local-resolvers.envsh new file mode 100755 index 00000000..12d92849 --- /dev/null +++ b/entrypoint/15-local-resolvers.envsh @@ -0,0 +1,11 @@ +#!/bin/sh +# vim:sw=2:ts=2:sts=2:et + +set -eu + +LC_ALL=C +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +if [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS}" ]; then + export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +fi From 9f5b41a99cd6f6da6afa615849c41b1393483106 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 26 May 2023 16:41:07 -0700 Subject: [PATCH 047/160] Added alpine-slim to sync script. --- sync-awsecr.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sync-awsecr.sh b/sync-awsecr.sh index 8730f1b9..5065c3b5 100755 --- a/sync-awsecr.sh +++ b/sync-awsecr.sh @@ -55,7 +55,7 @@ for version in "${versions[@]}"; do commit="$(dirCommit "$version/$base")" fullVersion="$(git show "$commit":"$version/$base/Dockerfile" | awk '$1 == "ENV" && $2 == "NGINX_VERSION" { print $3; exit }')" pulllist+=( "$image:$fullVersion" ) - for variant in perl alpine alpine-perl; do + for variant in perl alpine alpine-perl alpine-slim; do pulllist+=( "$image:$fullVersion-$variant" ) done done @@ -86,7 +86,7 @@ for version in "${versions[@]}"; do done done - for variant in alpine alpine-perl; do + for variant in alpine alpine-perl alpine-slim; do commit="$(dirCommit "$version/$variant")" variantAliases=( "${versionAliases[@]/%/-$variant}" ) From 526d1db8dc40e3445a2cad48a2193db9e763f349 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 30 May 2023 11:52:56 -0700 Subject: [PATCH 048/160] update.sh: copy *.envsh to target directories. --- update.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/update.sh b/update.sh index c8363f98..2dcbb20d 100755 --- a/update.sh +++ b/update.sh @@ -203,5 +203,6 @@ for branch in "${branches[@]}"; do echo "$branch: $variant entrypoint scripts" dir="$branch/$variant" cp -a entrypoint/*.sh "$dir/" + cp -a entrypoint/*.envsh "$dir/" done done From 10fa7fccfbfcaf172e2da956ba21e053020029ac Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 30 May 2023 14:01:57 -0700 Subject: [PATCH 049/160] Updated entrypoints and dockerfiles after recent commits. --- mainline/alpine-slim/15-local-resolvers.envsh | 11 ++++++ mainline/alpine-slim/Dockerfile | 1 + mainline/debian/15-local-resolvers.envsh | 11 ++++++ mainline/debian/Dockerfile | 1 + stable/alpine-slim/15-local-resolvers.envsh | 11 ++++++ .../alpine-slim/20-envsubst-on-templates.sh | 39 +++++++++++++++++++ stable/alpine-slim/Dockerfile | 1 + stable/debian/15-local-resolvers.envsh | 11 ++++++ stable/debian/20-envsubst-on-templates.sh | 39 +++++++++++++++++++ stable/debian/Dockerfile | 1 + 10 files changed, 126 insertions(+) create mode 100755 mainline/alpine-slim/15-local-resolvers.envsh create mode 100755 mainline/debian/15-local-resolvers.envsh create mode 100755 stable/alpine-slim/15-local-resolvers.envsh create mode 100755 stable/debian/15-local-resolvers.envsh diff --git a/mainline/alpine-slim/15-local-resolvers.envsh b/mainline/alpine-slim/15-local-resolvers.envsh new file mode 100755 index 00000000..12d92849 --- /dev/null +++ b/mainline/alpine-slim/15-local-resolvers.envsh @@ -0,0 +1,11 @@ +#!/bin/sh +# vim:sw=2:ts=2:sts=2:et + +set -eu + +LC_ALL=C +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +if [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS}" ]; then + export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +fi diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 8edcb094..dbc44b3e 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -110,6 +110,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 15-local-resolvers.envsh /docker-entrypoint.d COPY 20-envsubst-on-templates.sh /docker-entrypoint.d COPY 30-tune-worker-processes.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] diff --git a/mainline/debian/15-local-resolvers.envsh b/mainline/debian/15-local-resolvers.envsh new file mode 100755 index 00000000..12d92849 --- /dev/null +++ b/mainline/debian/15-local-resolvers.envsh @@ -0,0 +1,11 @@ +#!/bin/sh +# vim:sw=2:ts=2:sts=2:et + +set -eu + +LC_ALL=C +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +if [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS}" ]; then + export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +fi diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index c3ccd5d4..a4ee7e6b 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -107,6 +107,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 15-local-resolvers.envsh /docker-entrypoint.d COPY 20-envsubst-on-templates.sh /docker-entrypoint.d COPY 30-tune-worker-processes.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] diff --git a/stable/alpine-slim/15-local-resolvers.envsh b/stable/alpine-slim/15-local-resolvers.envsh new file mode 100755 index 00000000..12d92849 --- /dev/null +++ b/stable/alpine-slim/15-local-resolvers.envsh @@ -0,0 +1,11 @@ +#!/bin/sh +# vim:sw=2:ts=2:sts=2:et + +set -eu + +LC_ALL=C +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +if [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS}" ]; then + export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +fi diff --git a/stable/alpine-slim/20-envsubst-on-templates.sh b/stable/alpine-slim/20-envsubst-on-templates.sh index d0398b1e..f3fb9fcb 100755 --- a/stable/alpine-slim/20-envsubst-on-templates.sh +++ b/stable/alpine-slim/20-envsubst-on-templates.sh @@ -10,10 +10,30 @@ entrypoint_log() { fi } +add_stream_block() { + local conffile="/etc/nginx/nginx.conf" + + if grep -q -E "\s*stream\s*\{" "$conffile"; then + entrypoint_log "$ME: $conffile contains a stream block; include $stream_output_dir/*.conf to enable stream templates" + else + # check if the file can be modified, e.g. not on a r/o filesystem + touch "$conffile" 2>/dev/null || { entrypoint_log "$ME: info: can not modify $conffile (read-only file system?)"; exit 0; } + entrypoint_log "$ME: Appending stream block to $conffile to include $stream_output_dir/*.conf" + cat << END >> "$conffile" +# added by "$ME" on "$(date)" +stream { + include $stream_output_dir/*.conf; +} +END + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local stream_suffix="${NGINX_ENVSUBST_STREAM_TEMPLATE_SUFFIX:-.stream-template}" + local stream_output_dir="${NGINX_ENVSUBST_STREAM_OUTPUT_DIR:-/etc/nginx/stream-conf.d}" local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir @@ -32,6 +52,25 @@ auto_envsubst() { entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done + + # Print the first file with the stream suffix, this will be false if there are none + if test -n "$(find "$template_dir" -name "*$stream_suffix" -print -quit)"; then + mkdir -p "$stream_output_dir" + if [ ! -w "$stream_output_dir" ]; then + entrypoint_log "$ME: ERROR: $template_dir exists, but $stream_output_dir is not writable" + return 0 + fi + add_stream_block + find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do + relative_path="${template#$template_dir/}" + output_path="$stream_output_dir/${relative_path%$stream_suffix}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$stream_output_dir/$subdir" + entrypoint_log "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done + fi } auto_envsubst diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 0f8c0b29..c650e81f 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -110,6 +110,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 15-local-resolvers.envsh /docker-entrypoint.d COPY 20-envsubst-on-templates.sh /docker-entrypoint.d COPY 30-tune-worker-processes.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] diff --git a/stable/debian/15-local-resolvers.envsh b/stable/debian/15-local-resolvers.envsh new file mode 100755 index 00000000..12d92849 --- /dev/null +++ b/stable/debian/15-local-resolvers.envsh @@ -0,0 +1,11 @@ +#!/bin/sh +# vim:sw=2:ts=2:sts=2:et + +set -eu + +LC_ALL=C +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +if [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS}" ]; then + export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +fi diff --git a/stable/debian/20-envsubst-on-templates.sh b/stable/debian/20-envsubst-on-templates.sh index d0398b1e..f3fb9fcb 100755 --- a/stable/debian/20-envsubst-on-templates.sh +++ b/stable/debian/20-envsubst-on-templates.sh @@ -10,10 +10,30 @@ entrypoint_log() { fi } +add_stream_block() { + local conffile="/etc/nginx/nginx.conf" + + if grep -q -E "\s*stream\s*\{" "$conffile"; then + entrypoint_log "$ME: $conffile contains a stream block; include $stream_output_dir/*.conf to enable stream templates" + else + # check if the file can be modified, e.g. not on a r/o filesystem + touch "$conffile" 2>/dev/null || { entrypoint_log "$ME: info: can not modify $conffile (read-only file system?)"; exit 0; } + entrypoint_log "$ME: Appending stream block to $conffile to include $stream_output_dir/*.conf" + cat << END >> "$conffile" +# added by "$ME" on "$(date)" +stream { + include $stream_output_dir/*.conf; +} +END + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local stream_suffix="${NGINX_ENVSUBST_STREAM_TEMPLATE_SUFFIX:-.stream-template}" + local stream_output_dir="${NGINX_ENVSUBST_STREAM_OUTPUT_DIR:-/etc/nginx/stream-conf.d}" local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir @@ -32,6 +52,25 @@ auto_envsubst() { entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done + + # Print the first file with the stream suffix, this will be false if there are none + if test -n "$(find "$template_dir" -name "*$stream_suffix" -print -quit)"; then + mkdir -p "$stream_output_dir" + if [ ! -w "$stream_output_dir" ]; then + entrypoint_log "$ME: ERROR: $template_dir exists, but $stream_output_dir is not writable" + return 0 + fi + add_stream_block + find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do + relative_path="${template#$template_dir/}" + output_path="$stream_output_dir/${relative_path%$stream_suffix}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$stream_output_dir/$subdir" + entrypoint_log "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done + fi } auto_envsubst diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index be3ec607..0b7ec02b 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -107,6 +107,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 15-local-resolvers.envsh /docker-entrypoint.d COPY 20-envsubst-on-templates.sh /docker-entrypoint.d COPY 30-tune-worker-processes.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] From b3fc0e631e0eabfd842c04b9fae5345a9264334e Mon Sep 17 00:00:00 2001 From: J0WI Date: Fri, 2 Jun 2023 14:24:50 +0200 Subject: [PATCH 050/160] Add no-network option --- Dockerfile-alpine-perl.template | 4 ++-- Dockerfile-alpine-slim.template | 6 +++--- Dockerfile-alpine.template | 4 ++-- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 6 +++--- mainline/alpine/Dockerfile | 4 ++-- stable/alpine-perl/Dockerfile | 4 ++-- stable/alpine-slim/Dockerfile | 6 +++--- stable/alpine/Dockerfile | 4 ++-- 9 files changed, 21 insertions(+), 21 deletions(-) diff --git a/Dockerfile-alpine-perl.template b/Dockerfile-alpine-perl.template index a1aaac54..c4e06400 100644 --- a/Dockerfile-alpine-perl.template +++ b/Dockerfile-alpine-perl.template @@ -59,12 +59,12 @@ RUN set -x \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ - && apk del .build-deps \ + && apk del --no-network .build-deps \ && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ # remove checksum deps - && apk del .checksum-deps \ + && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template index 65be8916..7c8347e9 100644 --- a/Dockerfile-alpine-slim.template +++ b/Dockerfile-alpine-slim.template @@ -66,12 +66,12 @@ RUN set -x \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ - && apk del .build-deps \ + && apk del --no-network .build-deps \ && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ # remove checksum deps - && apk del .checksum-deps \ + && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ @@ -91,7 +91,7 @@ RUN set -x \ | sort -u \ )" \ && apk add --no-cache $runDeps \ - && apk del .gettext \ + && apk del --no-network .gettext \ && mv /tmp/envsubst /usr/local/bin/ \ # Bring in tzdata so users could set the timezones through the environment # variables diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 8c464dfd..ba91fe6c 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -64,12 +64,12 @@ RUN set -x \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ - && apk del .build-deps \ + && apk del --no-network .build-deps \ && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ # remove checksum deps - && apk del .checksum-deps \ + && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 93576b1c..18d3aaea 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -70,12 +70,12 @@ RUN set -x \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ - && apk del .build-deps \ + && apk del --no-network .build-deps \ && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ # remove checksum deps - && apk del .checksum-deps \ + && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index dbc44b3e..6c56ba68 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -72,12 +72,12 @@ RUN set -x \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ - && apk del .build-deps \ + && apk del --no-network .build-deps \ && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ # remove checksum deps - && apk del .checksum-deps \ + && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ @@ -97,7 +97,7 @@ RUN set -x \ | sort -u \ )" \ && apk add --no-cache $runDeps \ - && apk del .gettext \ + && apk del --no-network .gettext \ && mv /tmp/envsubst /usr/local/bin/ \ # Bring in tzdata so users could set the timezones through the environment # variables diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 901442b4..1741b7bf 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -74,12 +74,12 @@ RUN set -x \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ - && apk del .build-deps \ + && apk del --no-network .build-deps \ && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ # remove checksum deps - && apk del .checksum-deps \ + && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 15cc834a..7d1c92c0 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -70,12 +70,12 @@ RUN set -x \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ - && apk del .build-deps \ + && apk del --no-network .build-deps \ && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ # remove checksum deps - && apk del .checksum-deps \ + && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index c650e81f..464de81f 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -72,12 +72,12 @@ RUN set -x \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ - && apk del .build-deps \ + && apk del --no-network .build-deps \ && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ # remove checksum deps - && apk del .checksum-deps \ + && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ @@ -97,7 +97,7 @@ RUN set -x \ | sort -u \ )" \ && apk add --no-cache $runDeps \ - && apk del .gettext \ + && apk del --no-network .gettext \ && mv /tmp/envsubst /usr/local/bin/ \ # Bring in tzdata so users could set the timezones through the environment # variables diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index a5842e10..0c8c6969 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -74,12 +74,12 @@ RUN set -x \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ - && apk del .build-deps \ + && apk del --no-network .build-deps \ && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ # remove checksum deps - && apk del .checksum-deps \ + && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ From 1d46d905b1e75b30ebce631fe8de8a7282e0f404 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 13 Jun 2023 11:47:50 -0700 Subject: [PATCH 051/160] Updated mainline nginx to 1.25.1. --- update.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/update.sh b/update.sh index 2dcbb20d..2b5797dc 100755 --- a/update.sh +++ b/update.sh @@ -12,7 +12,7 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.25.0' + [mainline]='1.25.1' [stable]='1.24.0' ) @@ -52,7 +52,7 @@ declare -A rev=( # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='18bee4bd498e0b8da765e8cd2d824e1027d40fd95d55fd59339cdb5d5e0e633795f4196c76045e86027cdfc6ab05a3cc0d39b25bd0a967f1edd47910d813262a' + [mainline]='dd08a5c2b441817d58ffc91ade0d927a21bc9854c768391e92a005997a2961bcda64ca6a5cfce98d5394ac2787c8f4839b150f206835a8a7db944625651f9fd8' [stable]='dc47dbaeb1c0874b264d34ddfec40e7d2b814e7db48d144e12d5991c743ef5fcf780ecbab72324e562dd84bb9c0e4dd71d14850b20ceaf470c46f8fe7510275b' ) From dc87ccb2f43156de35f682e7c85d3a848f0fcace Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 13 Jun 2023 11:48:15 -0700 Subject: [PATCH 052/160] Moved mainline nginx to Debian 12 "Bookworm". --- update.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/update.sh b/update.sh index 2b5797dc..3d4feb4b 100755 --- a/update.sh +++ b/update.sh @@ -30,7 +30,7 @@ declare -A pkg=( ) declare -A debian=( - [mainline]='bullseye' + [mainline]='bookworm' [stable]='bullseye' ) From 4ac589e5161def34bb9e02324fb52ed337611f48 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 13 Jun 2023 11:56:07 -0700 Subject: [PATCH 053/160] Debian: move to groupadd/useradd. --- Dockerfile-debian.template | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 404094f1..4615a39f 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -8,8 +8,8 @@ ENV PKG_RELEASE %%PKG_RELEASE%% RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants - && addgroup --system --gid 101 nginx \ - && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ + && groupadd --system --gid 101 nginx \ + && useradd --system --gid nginx --no-create-home --home /nonexistent --comment "nginx user" --shell /bin/false --uid 101 nginx \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ From 5673d69221fa0367040d60397cc0d39ee892f4d5 Mon Sep 17 00:00:00 2001 From: Eugene Venter Date: Wed, 7 Jun 2023 14:15:32 +1200 Subject: [PATCH 054/160] fix unbound variable issue in local resolver entrypoint script --- entrypoint/15-local-resolvers.envsh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/entrypoint/15-local-resolvers.envsh b/entrypoint/15-local-resolvers.envsh index 12d92849..93062159 100755 --- a/entrypoint/15-local-resolvers.envsh +++ b/entrypoint/15-local-resolvers.envsh @@ -6,6 +6,6 @@ set -eu LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin -if [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS}" ]; then - export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) -fi +[ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 + +export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) From 7870605f4b93d86e898af291086d77ab9e6b96e3 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 13 Jun 2023 14:29:53 -0700 Subject: [PATCH 055/160] Updated entrypoints and dockerfiles after recent commits. --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/15-local-resolvers.envsh | 6 +++--- mainline/alpine-slim/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 6 +++--- mainline/debian/15-local-resolvers.envsh | 6 +++--- mainline/debian/Dockerfile | 14 +++++++------- stable/alpine-slim/15-local-resolvers.envsh | 6 +++--- stable/debian/15-local-resolvers.envsh | 6 +++--- stable/debian/Dockerfile | 4 ++-- 10 files changed, 30 insertions(+), 30 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 18d3aaea..1de479d1 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.0-alpine +FROM nginx:1.25.1-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -55,7 +55,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"18bee4bd498e0b8da765e8cd2d824e1027d40fd95d55fd59339cdb5d5e0e633795f4196c76045e86027cdfc6ab05a3cc0d39b25bd0a967f1edd47910d813262a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"dd08a5c2b441817d58ffc91ade0d927a21bc9854c768391e92a005997a2961bcda64ca6a5cfce98d5394ac2787c8f4839b150f206835a8a7db944625651f9fd8 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/15-local-resolvers.envsh b/mainline/alpine-slim/15-local-resolvers.envsh index 12d92849..93062159 100755 --- a/mainline/alpine-slim/15-local-resolvers.envsh +++ b/mainline/alpine-slim/15-local-resolvers.envsh @@ -6,6 +6,6 @@ set -eu LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin -if [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS}" ]; then - export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) -fi +[ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 + +export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 6c56ba68..fc36884d 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.17 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.25.0 +ENV NGINX_VERSION 1.25.1 ENV PKG_RELEASE 1 RUN set -x \ @@ -57,7 +57,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"18bee4bd498e0b8da765e8cd2d824e1027d40fd95d55fd59339cdb5d5e0e633795f4196c76045e86027cdfc6ab05a3cc0d39b25bd0a967f1edd47910d813262a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"dd08a5c2b441817d58ffc91ade0d927a21bc9854c768391e92a005997a2961bcda64ca6a5cfce98d5394ac2787c8f4839b150f206835a8a7db944625651f9fd8 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 1741b7bf..6f8961d6 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.0-alpine-slim +FROM nginx:1.25.1-alpine-slim ENV NJS_VERSION 0.7.12 @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"18bee4bd498e0b8da765e8cd2d824e1027d40fd95d55fd59339cdb5d5e0e633795f4196c76045e86027cdfc6ab05a3cc0d39b25bd0a967f1edd47910d813262a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"dd08a5c2b441817d58ffc91ade0d927a21bc9854c768391e92a005997a2961bcda64ca6a5cfce98d5394ac2787c8f4839b150f206835a8a7db944625651f9fd8 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index fe8ab0e5..377cadb9 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.0 +FROM nginx:1.25.1 RUN set -x \ && apt-get update \ @@ -36,13 +36,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ diff --git a/mainline/debian/15-local-resolvers.envsh b/mainline/debian/15-local-resolvers.envsh index 12d92849..93062159 100755 --- a/mainline/debian/15-local-resolvers.envsh +++ b/mainline/debian/15-local-resolvers.envsh @@ -6,6 +6,6 @@ set -eu LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin -if [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS}" ]; then - export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) -fi +[ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 + +export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index a4ee7e6b..0a169d13 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -3,18 +3,18 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM debian:bullseye-slim +FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.25.0 +ENV NGINX_VERSION 1.25.1 ENV NJS_VERSION 0.7.12 -ENV PKG_RELEASE 1~bullseye +ENV PKG_RELEASE 1~bookworm RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants - && addgroup --system --gid 101 nginx \ - && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ + && groupadd --system --gid 101 nginx \ + && useradd --system --gid nginx --no-create-home --home /nonexistent --comment "nginx user" --shell /bin/false --uid 101 nginx \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ @@ -44,13 +44,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ diff --git a/stable/alpine-slim/15-local-resolvers.envsh b/stable/alpine-slim/15-local-resolvers.envsh index 12d92849..93062159 100755 --- a/stable/alpine-slim/15-local-resolvers.envsh +++ b/stable/alpine-slim/15-local-resolvers.envsh @@ -6,6 +6,6 @@ set -eu LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin -if [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS}" ]; then - export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) -fi +[ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 + +export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) diff --git a/stable/debian/15-local-resolvers.envsh b/stable/debian/15-local-resolvers.envsh index 12d92849..93062159 100755 --- a/stable/debian/15-local-resolvers.envsh +++ b/stable/debian/15-local-resolvers.envsh @@ -6,6 +6,6 @@ set -eu LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin -if [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS}" ]; then - export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) -fi +[ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 + +export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 0b7ec02b..e4b6286b 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -13,8 +13,8 @@ ENV PKG_RELEASE 1~bullseye RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants - && addgroup --system --gid 101 nginx \ - && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ + && groupadd --system --gid 101 nginx \ + && useradd --system --gid nginx --no-create-home --home /nonexistent --comment "nginx user" --shell /bin/false --uid 101 nginx \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ From 14607f5700c82b0383dbeb29a8313f19363a1ce9 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 13 Jun 2023 16:26:21 -0700 Subject: [PATCH 056/160] Added Github CI and functional tests. --- .github/workflows/ci.yml | 49 +++++++++++++++++ .test/config.sh | 9 +++ .test/tests/ipv6/expected-std-out.txt | 2 + .test/tests/ipv6/run.sh | 52 ++++++++++++++++++ .test/tests/static/run.sh | 46 ++++++++++++++++ .test/tests/templates-resolver/run.sh | 51 +++++++++++++++++ .../templates-resolver/server.conf.template | 9 +++ .test/tests/templates/run.sh | 51 +++++++++++++++++ .test/tests/templates/server.conf.template | 7 +++ .test/tests/workers/expected-std-out.txt | 2 + .test/tests/workers/run.sh | 55 +++++++++++++++++++ .test/tests/workers/server.conf.template | 7 +++ 12 files changed, 340 insertions(+) create mode 100644 .github/workflows/ci.yml create mode 100755 .test/config.sh create mode 100644 .test/tests/ipv6/expected-std-out.txt create mode 100755 .test/tests/ipv6/run.sh create mode 100755 .test/tests/static/run.sh create mode 100755 .test/tests/templates-resolver/run.sh create mode 100644 .test/tests/templates-resolver/server.conf.template create mode 100755 .test/tests/templates/run.sh create mode 100644 .test/tests/templates/server.conf.template create mode 100644 .test/tests/workers/expected-std-out.txt create mode 100755 .test/tests/workers/run.sh create mode 100644 .test/tests/workers/server.conf.template diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 00000000..30eccf55 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,49 @@ +name: GitHub CI + +on: + pull_request: + push: + schedule: + - cron: 0 10 * * Mon + +defaults: + run: + shell: 'bash -Eeuo pipefail -x {0}' + +jobs: + + generate-jobs: + name: Generate Jobs + runs-on: ubuntu-latest + outputs: + strategy: ${{ steps.generate-jobs.outputs.strategy }} + steps: + - uses: actions/checkout@v3 + - uses: docker-library/bashbrew@v0.1.8 + - id: generate-jobs + name: Generate Jobs + run: | + strategy="$(GITHUB_REPOSITORY=nginx "$BASHBREW_SCRIPTS/github-actions/generate.sh")" + strategy="$(GITHUB_REPOSITORY=nginx "$BASHBREW_SCRIPTS/github-actions/munge-i386.sh" -c <<<"$strategy")" + echo "strategy=$strategy" >> "$GITHUB_OUTPUT" + jq . <<<"$strategy" # sanity check / debugging aid + + test: + needs: generate-jobs + strategy: ${{ fromJson(needs.generate-jobs.outputs.strategy) }} + name: ${{ matrix.name }} + runs-on: ${{ matrix.os }} + steps: + - uses: actions/checkout@v3 + - name: Prepare Environment + run: ${{ matrix.runs.prepare }} + - name: Pull Dependencies + run: ${{ matrix.runs.pull }} + - name: Build ${{ matrix.name }} + run: ${{ matrix.runs.build }} + - name: History ${{ matrix.name }} + run: ${{ matrix.runs.history }} + - name: Test ${{ matrix.name }} + run: ${{ matrix.runs.test }} + - name: '"docker images"' + run: ${{ matrix.runs.images }} diff --git a/.test/config.sh b/.test/config.sh new file mode 100755 index 00000000..6d6b74ed --- /dev/null +++ b/.test/config.sh @@ -0,0 +1,9 @@ +imageTests+=( + [nginx]=' + ipv6 + static + templates + templates-resolver + workers + ' +) diff --git a/.test/tests/ipv6/expected-std-out.txt b/.test/tests/ipv6/expected-std-out.txt new file mode 100644 index 00000000..f16a0876 --- /dev/null +++ b/.test/tests/ipv6/expected-std-out.txt @@ -0,0 +1,2 @@ +

Welcome to nginx!

+10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf diff --git a/.test/tests/ipv6/run.sh b/.test/tests/ipv6/run.sh new file mode 100755 index 00000000..0235db6b --- /dev/null +++ b/.test/tests/ipv6/run.sh @@ -0,0 +1,52 @@ +#!/bin/bash + +[ "$DEBUG" ] && set -x + +set -eo pipefail + +# check if we have ipv6 available +if [ ! -f "/proc/net/if_inet6" ]; then + exit 0 +fi + +dir="$(dirname "$(readlink -f "$BASH_SOURCE")")" + +image="$1" + +clientImage='buildpack-deps:buster-curl' +# ensure the clientImage is ready and available +if ! docker image inspect "$clientImage" &> /dev/null; then + docker pull "$clientImage" > /dev/null +fi + +cid="$(docker run -d "$image")" +trap "docker rm -vf $cid > /dev/null" EXIT + +_request() { + local method="$1" + shift + + local proto="$1" + shift + + local url="${1#/}" + shift + + if [ "$(docker inspect -f '{{.State.Running}}' "$cid" 2>/dev/null)" != 'true' ]; then + echo >&2 "$image stopped unexpectedly!" + ( set -x && docker logs "$cid" ) >&2 || true + false + fi + + docker run --rm \ + --link "$cid":nginx \ + "$clientImage" \ + curl -fsSL -X"$method" --connect-to '::nginx:' "$@" "$proto://example.com/$url" +} + +. "$HOME/oi/test/retry.sh" '[ "$(_request GET / --output /dev/null || echo $?)" != 7 ]' + +# Check that we can request / +_request GET http '/index.html' | grep '

Welcome to nginx!

' + +docker logs $cid 2>&1 | grep "Enabled listen on IPv6" diff --git a/.test/tests/static/run.sh b/.test/tests/static/run.sh new file mode 100755 index 00000000..f026bedb --- /dev/null +++ b/.test/tests/static/run.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +[ "$DEBUG" ] && set -x + +set -eo pipefail + +dir="$(dirname "$(readlink -f "$BASH_SOURCE")")" + +image="$1" + +clientImage='buildpack-deps:buster-curl' +# ensure the clientImage is ready and available +if ! docker image inspect "$clientImage" &> /dev/null; then + docker pull "$clientImage" > /dev/null +fi + +# Create an instance of the container-under-test +cid="$(docker run -d "$image")" +trap "docker rm -vf $cid > /dev/null" EXIT + +_request() { + local method="$1" + shift + + local proto="$1" + shift + + local url="${1#/}" + shift + + if [ "$(docker inspect -f '{{.State.Running}}' "$cid" 2>/dev/null)" != 'true' ]; then + echo >&2 "$image stopped unexpectedly!" + ( set -x && docker logs "$cid" ) >&2 || true + false + fi + + docker run --rm \ + --link "$cid":nginx \ + "$clientImage" \ + curl -fsSL -X"$method" --connect-to '::nginx:' "$@" "$proto://example.com/$url" +} + +. "$HOME/oi/test/retry.sh" '[ "$(_request GET / --output /dev/null || echo $?)" != 7 ]' + +# Check that we can request / +_request GET http '/index.html' | grep '

Welcome to nginx!

' diff --git a/.test/tests/templates-resolver/run.sh b/.test/tests/templates-resolver/run.sh new file mode 100755 index 00000000..041f7abd --- /dev/null +++ b/.test/tests/templates-resolver/run.sh @@ -0,0 +1,51 @@ +#!/bin/bash + +[ "$DEBUG" ] && set -x + +set -eo pipefail + +dir="$(dirname "$(readlink -f "$BASH_SOURCE")")" + +image="$1" + +clientImage='buildpack-deps:buster-curl' +# ensure the clientImage is ready and available +if ! docker image inspect "$clientImage" &> /dev/null; then + docker pull "$clientImage" > /dev/null +fi + +# Create an instance of the container-under-test +serverImage="$("$HOME/oi/test/tests/image-name.sh" librarytest/nginx-template "$image")" +"$HOME/oi/test/tests/docker-build.sh" "$dir" "$serverImage" < /dev/null" EXIT + +_request() { + local method="$1" + shift + + local proto="$1" + shift + + local url="${1#/}" + shift + + if [ "$(docker inspect -f '{{.State.Running}}' "$cid" 2>/dev/null)" != 'true' ]; then + echo >&2 "$image stopped unexpectedly!" + ( set -x && docker logs "$cid" ) >&2 || true + false + fi + + docker run --rm \ + --link "$cid":nginx \ + "$clientImage" \ + curl -fsSL -X"$method" --connect-to '::nginx:' "$@" "$proto://example.com/$url" +} + +. "$HOME/oi/test/retry.sh" '[ "$(_request GET / --output /dev/null || echo $?)" != 7 ]' + +# Check that we can request / +_request GET http '/resolver-templates' | grep 'example.com - OK' diff --git a/.test/tests/templates-resolver/server.conf.template b/.test/tests/templates-resolver/server.conf.template new file mode 100644 index 00000000..04a0c085 --- /dev/null +++ b/.test/tests/templates-resolver/server.conf.template @@ -0,0 +1,9 @@ +resolver ${NGINX_LOCAL_RESOLVERS}; + +server { + listen 80; + server_name ${NGINX_MY_SERVER_NAME}; + default_type text/plain; + location = / { return 200 'OK\n'; } + location / { return 200 "${NGINX_MY_SERVER_NAME} - OK\n"; } +} diff --git a/.test/tests/templates/run.sh b/.test/tests/templates/run.sh new file mode 100755 index 00000000..c43aa1db --- /dev/null +++ b/.test/tests/templates/run.sh @@ -0,0 +1,51 @@ +#!/bin/bash + +[ "$DEBUG" ] && set -x + +set -eo pipefail + +dir="$(dirname "$(readlink -f "$BASH_SOURCE")")" + +image="$1" + +clientImage='buildpack-deps:buster-curl' +# ensure the clientImage is ready and available +if ! docker image inspect "$clientImage" &> /dev/null; then + docker pull "$clientImage" > /dev/null +fi + +# Create an instance of the container-under-test +serverImage="$("$HOME/oi/test/tests/image-name.sh" librarytest/nginx-template "$image")" +"$HOME/oi/test/tests/docker-build.sh" "$dir" "$serverImage" < /dev/null" EXIT + +_request() { + local method="$1" + shift + + local proto="$1" + shift + + local url="${1#/}" + shift + + if [ "$(docker inspect -f '{{.State.Running}}' "$cid" 2>/dev/null)" != 'true' ]; then + echo >&2 "$image stopped unexpectedly!" + ( set -x && docker logs "$cid" ) >&2 || true + false + fi + + docker run --rm \ + --link "$cid":nginx \ + "$clientImage" \ + curl -fsSL -X"$method" --connect-to '::nginx:' "$@" "$proto://example.com/$url" +} + +. "$HOME/oi/test/retry.sh" '[ "$(_request GET / --output /dev/null || echo $?)" != 7 ]' + +# Check that we can request / +_request GET http '/templates' | grep 'example.com - OK' diff --git a/.test/tests/templates/server.conf.template b/.test/tests/templates/server.conf.template new file mode 100644 index 00000000..6b00bed6 --- /dev/null +++ b/.test/tests/templates/server.conf.template @@ -0,0 +1,7 @@ +server { + listen 80; + server_name ${NGINX_MY_SERVER_NAME}; + default_type text/plain; + location = / { return 200 'OK\n'; } + location / { return 200 "${NGINX_MY_SERVER_NAME} - OK\n"; } +} diff --git a/.test/tests/workers/expected-std-out.txt b/.test/tests/workers/expected-std-out.txt new file mode 100644 index 00000000..9f1d3ac3 --- /dev/null +++ b/.test/tests/workers/expected-std-out.txt @@ -0,0 +1,2 @@ +example.com - OK +# Commented out by 30-tune-worker-processes.sh diff --git a/.test/tests/workers/run.sh b/.test/tests/workers/run.sh new file mode 100755 index 00000000..50def70c --- /dev/null +++ b/.test/tests/workers/run.sh @@ -0,0 +1,55 @@ +#!/bin/bash + +[ "$DEBUG" ] && set -x + +set -eo pipefail + +dir="$(dirname "$(readlink -f "$BASH_SOURCE")")" + +image="$1" + +clientImage='buildpack-deps:buster-curl' +# ensure the clientImage is ready and available +if ! docker image inspect "$clientImage" &> /dev/null; then + docker pull "$clientImage" > /dev/null +fi + +# Create an instance of the container-under-test +serverImage="$("$HOME/oi/test/tests/image-name.sh" librarytest/nginx-template "$image")" +"$HOME/oi/test/tests/docker-build.sh" "$dir" "$serverImage" < /dev/null" EXIT + +_request() { + local method="$1" + shift + + local proto="$1" + shift + + local url="${1#/}" + shift + + if [ "$(docker inspect -f '{{.State.Running}}' "$cid" 2>/dev/null)" != 'true' ]; then + echo >&2 "$image stopped unexpectedly!" + ( set -x && docker logs "$cid" ) >&2 || true + false + fi + + docker run --rm \ + --link "$cid":nginx \ + "$clientImage" \ + curl -fsSL -X"$method" --connect-to '::nginx:' "$@" "$proto://example.com/$url" +} + +. "$HOME/oi/test/retry.sh" '[ "$(_request GET / --output /dev/null || echo $?)" != 7 ]' + +# Check that we can request / +_request GET http '/worker-templates' | grep 'example.com - OK' + +result="$(docker exec $cid grep "Commented out by" /etc/nginx/nginx.conf)" + +echo "$result" | cut -d\ -f 1-5 diff --git a/.test/tests/workers/server.conf.template b/.test/tests/workers/server.conf.template new file mode 100644 index 00000000..6b00bed6 --- /dev/null +++ b/.test/tests/workers/server.conf.template @@ -0,0 +1,7 @@ +server { + listen 80; + server_name ${NGINX_MY_SERVER_NAME}; + default_type text/plain; + location = / { return 200 'OK\n'; } + location / { return 200 "${NGINX_MY_SERVER_NAME} - OK\n"; } +} From 5d6be2e7a58d6ce76c7784c75c750b48af6f1f5d Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 14 Jun 2023 15:35:54 -0700 Subject: [PATCH 057/160] Updated README.md --- README.md | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 5fa769cb..e852ff4b 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,25 @@ # About this Repo -This is the Git repo of the official Docker image for [nginx](https://registry.hub.docker.com/_/nginx/). See the -Hub page for the full readme on how to use the Docker image and for information -regarding contributing and issues. +## Maintained by: [the NGINX Docker Maintainers](https://github.com/nginxinc/docker-nginx) -The full readme is generated over in [docker-library/docs](https://github.com/docker-library/docs), -specifically in [docker-library/docs/nginx](https://github.com/docker-library/docs/tree/master/nginx). +This is the Git repo of the [Docker "Official Image"](https://github.com/docker-library/official-images#what-are-official-images) for [`nginx`](https://hub.docker.com/_/nginx/). See [the Docker Hub page](https://hub.docker.com/_/nginx/) for the full readme on how to use this Docker image and for information regarding contributing and issues. + +The [full image description on Docker Hub](https://hub.docker.com/_/nginx/) is generated/maintained over in [the docker-library/docs repository](https://github.com/docker-library/docs), specifically in [the `nginx` directory](https://github.com/docker-library/docs/tree/master/nginx). The changelog for NGINX releases is available at [nginx.org changes page](https://nginx.org/en/CHANGES). + +## See a change merged here that doesn't show up on Docker Hub yet? + +For more information about the full official images change lifecycle, see [the "An image's source changed in Git, now what?" FAQ entry](https://github.com/docker-library/faq#an-images-source-changed-in-git-now-what). + +For outstanding `nginx` image PRs, check [PRs with the "library/nginx" label on the official-images repository](https://github.com/docker-library/official-images/labels/library%2Fnginx). For the current "source of truth" for [`nginx`](https://hub.docker.com/_/nginx/), see [the `library/nginx` file in the official-images repository](https://github.com/docker-library/official-images/blob/master/library/nginx). + +--- + +- [![build status badge](https://img.shields.io/github/actions/workflow/status/nginxinc/docker-nginx/ci.yml?branch=master&label=GitHub%20CI)](https://github.com/nginxinc/docker-nginx/actions?query=workflow%3A%22GitHub+CI%22+branch%3Amaster) + +| Build | Status | Badges | (per-arch) | +|:-:|:-:|:-:|:-:| +| [![amd64 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/amd64/job/nginx.svg?label=amd64)](https://doi-janky.infosiftr.net/job/multiarch/job/amd64/job/nginx/) | [![arm32v5 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v5/job/nginx.svg?label=arm32v5)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v5/job/nginx/) | [![arm32v6 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v6/job/nginx.svg?label=arm32v6)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v6/job/nginx/) | [![arm32v7 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v7/job/nginx.svg?label=arm32v7)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v7/job/nginx/) | +| [![arm64v8 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm64v8/job/nginx.svg?label=arm64v8)](https://doi-janky.infosiftr.net/job/multiarch/job/arm64v8/job/nginx/) | [![i386 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/i386/job/nginx.svg?label=i386)](https://doi-janky.infosiftr.net/job/multiarch/job/i386/job/nginx/) | [![mips64le build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/mips64le/job/nginx.svg?label=mips64le)](https://doi-janky.infosiftr.net/job/multiarch/job/mips64le/job/nginx/) | [![ppc64le build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/ppc64le/job/nginx.svg?label=ppc64le)](https://doi-janky.infosiftr.net/job/multiarch/job/ppc64le/job/nginx/) | +| [![s390x build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/s390x/job/nginx.svg?label=s390x)](https://doi-janky.infosiftr.net/job/multiarch/job/s390x/job/nginx/) | [![put-shared build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/put-shared/job/light/job/nginx.svg?label=put-shared)](https://doi-janky.infosiftr.net/job/put-shared/job/light/job/nginx/) | From 7c10a4a1c2aa479070a07e7cad70ec95ea969e54 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 16 Jun 2023 19:17:43 -0700 Subject: [PATCH 058/160] Updated Alpine to 3.18 Fixes https://github.com/nginxinc/docker-nginx/issues/792 --- mainline/alpine-slim/Dockerfile | 2 +- stable/alpine-slim/Dockerfile | 2 +- update.sh | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index fc36884d..f46d0735 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.17 +FROM alpine:3.18 LABEL maintainer="NGINX Docker Maintainers " diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 464de81f..fe63fc1b 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.17 +FROM alpine:3.18 LABEL maintainer="NGINX Docker Maintainers " diff --git a/update.sh b/update.sh index 3d4feb4b..df2d8a28 100755 --- a/update.sh +++ b/update.sh @@ -35,8 +35,8 @@ declare -A debian=( ) declare -A alpine=( - [mainline]='3.17' - [stable]='3.17' + [mainline]='3.18' + [stable]='3.18' ) # When we bump njs version in a stable release we don't move the tag in the From 3e71631e0e757f13265e0bd1d1e30e937ad49347 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 11 Jul 2023 14:26:58 -0700 Subject: [PATCH 059/160] Updated njs to 0.8.0. Closes https://github.com/nginxinc/docker-nginx/issues/809 --- mainline/alpine-perl/Dockerfile | 10 +++++----- mainline/alpine-slim/Dockerfile | 10 +++++----- mainline/alpine/Dockerfile | 12 ++++++------ mainline/debian/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 10 +++++----- stable/alpine-slim/Dockerfile | 10 +++++----- stable/alpine/Dockerfile | 12 ++++++------ stable/debian/Dockerfile | 2 +- update.sh | 12 ++++++------ 9 files changed, 40 insertions(+), 40 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 1de479d1..e392c742 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -54,16 +54,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"dd08a5c2b441817d58ffc91ade0d927a21bc9854c768391e92a005997a2961bcda64ca6a5cfce98d5394ac2787c8f4839b150f206835a8a7db944625651f9fd8 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/e0da7da2b70a.tar.gz \ + && PKGOSSCHECKSUM=\"147d7cce3f47d4dbd7bbce8da3199943e15ba64d4be44f603bd90286f8d38320ad027bfa8506a00ca84964b763c19c4ab1d504f586cfc7798518df97700ab1a3 *e0da7da2b70a.tar.gz\" \ + && if [ \"\$(openssl sha512 -r e0da7da2b70a.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf e0da7da2b70a.tar.gz \ + && cd pkg-oss-e0da7da2b70a \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index f46d0735..b9133e06 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"dd08a5c2b441817d58ffc91ade0d927a21bc9854c768391e92a005997a2961bcda64ca6a5cfce98d5394ac2787c8f4839b150f206835a8a7db944625651f9fd8 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/e0da7da2b70a.tar.gz \ + && PKGOSSCHECKSUM=\"147d7cce3f47d4dbd7bbce8da3199943e15ba64d4be44f603bd90286f8d38320ad027bfa8506a00ca84964b763c19c4ab1d504f586cfc7798518df97700ab1a3 *e0da7da2b70a.tar.gz\" \ + && if [ \"\$(openssl sha512 -r e0da7da2b70a.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf e0da7da2b70a.tar.gz \ + && cd pkg-oss-e0da7da2b70a \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 6f8961d6..f2c5c88d 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -5,7 +5,7 @@ # FROM nginx:1.25.1-alpine-slim -ENV NJS_VERSION 0.7.12 +ENV NJS_VERSION 0.8.0 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -58,16 +58,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"dd08a5c2b441817d58ffc91ade0d927a21bc9854c768391e92a005997a2961bcda64ca6a5cfce98d5394ac2787c8f4839b150f206835a8a7db944625651f9fd8 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/e0da7da2b70a.tar.gz \ + && PKGOSSCHECKSUM=\"147d7cce3f47d4dbd7bbce8da3199943e15ba64d4be44f603bd90286f8d38320ad027bfa8506a00ca84964b763c19c4ab1d504f586cfc7798518df97700ab1a3 *e0da7da2b70a.tar.gz\" \ + && if [ \"\$(openssl sha512 -r e0da7da2b70a.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf e0da7da2b70a.tar.gz \ + && cd pkg-oss-e0da7da2b70a \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 0a169d13..bc7c1943 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.25.1 -ENV NJS_VERSION 0.7.12 +ENV NJS_VERSION 0.8.0 ENV PKG_RELEASE 1~bookworm RUN set -x \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 7d1c92c0..633809b8 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -54,16 +54,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"dc47dbaeb1c0874b264d34ddfec40e7d2b814e7db48d144e12d5991c743ef5fcf780ecbab72324e562dd84bb9c0e4dd71d14850b20ceaf470c46f8fe7510275b *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/e5d85b3424bb.tar.gz \ + && PKGOSSCHECKSUM=\"4f33347bf05e7d7dd42a52b6e7af7ec21e3ed71df05a8ec16dd1228425f04e4318d88b1340370ccb6ad02cde590fc102094ddffbb1fc86d2085295a43f02f67b *e5d85b3424bb.tar.gz\" \ + && if [ \"\$(openssl sha512 -r e5d85b3424bb.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf e5d85b3424bb.tar.gz \ + && cd pkg-oss-e5d85b3424bb \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index fe63fc1b..87587756 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"dc47dbaeb1c0874b264d34ddfec40e7d2b814e7db48d144e12d5991c743ef5fcf780ecbab72324e562dd84bb9c0e4dd71d14850b20ceaf470c46f8fe7510275b *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/e5d85b3424bb.tar.gz \ + && PKGOSSCHECKSUM=\"4f33347bf05e7d7dd42a52b6e7af7ec21e3ed71df05a8ec16dd1228425f04e4318d88b1340370ccb6ad02cde590fc102094ddffbb1fc86d2085295a43f02f67b *e5d85b3424bb.tar.gz\" \ + && if [ \"\$(openssl sha512 -r e5d85b3424bb.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf e5d85b3424bb.tar.gz \ + && cd pkg-oss-e5d85b3424bb \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 0c8c6969..b703af15 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -5,7 +5,7 @@ # FROM nginx:1.24.0-alpine-slim -ENV NJS_VERSION 0.7.12 +ENV NJS_VERSION 0.8.0 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -58,16 +58,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"dc47dbaeb1c0874b264d34ddfec40e7d2b814e7db48d144e12d5991c743ef5fcf780ecbab72324e562dd84bb9c0e4dd71d14850b20ceaf470c46f8fe7510275b *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/e5d85b3424bb.tar.gz \ + && PKGOSSCHECKSUM=\"4f33347bf05e7d7dd42a52b6e7af7ec21e3ed71df05a8ec16dd1228425f04e4318d88b1340370ccb6ad02cde590fc102094ddffbb1fc86d2085295a43f02f67b *e5d85b3424bb.tar.gz\" \ + && if [ \"\$(openssl sha512 -r e5d85b3424bb.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf e5d85b3424bb.tar.gz \ + && cd pkg-oss-e5d85b3424bb \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index e4b6286b..56ae3684 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.24.0 -ENV NJS_VERSION 0.7.12 +ENV NJS_VERSION 0.8.0 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/update.sh b/update.sh index df2d8a28..269b3536 100755 --- a/update.sh +++ b/update.sh @@ -18,8 +18,8 @@ declare -A nginx=( # Current njs versions declare -A njs=( - [mainline]='0.7.12' - [stable]='0.7.12' + [mainline]='0.8.0' + [stable]='0.8.0' ) # Current package patchlevel version @@ -44,16 +44,16 @@ declare -A alpine=( # when building alpine packages on architectures not supported by nginx.org # Remember to update pkgosschecksum when changing this. declare -A rev=( - [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' - [stable]='${NGINX_VERSION}-${PKG_RELEASE}' + [mainline]='e0da7da2b70a' + [stable]='e5d85b3424bb' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='dd08a5c2b441817d58ffc91ade0d927a21bc9854c768391e92a005997a2961bcda64ca6a5cfce98d5394ac2787c8f4839b150f206835a8a7db944625651f9fd8' - [stable]='dc47dbaeb1c0874b264d34ddfec40e7d2b814e7db48d144e12d5991c743ef5fcf780ecbab72324e562dd84bb9c0e4dd71d14850b20ceaf470c46f8fe7510275b' + [mainline]='147d7cce3f47d4dbd7bbce8da3199943e15ba64d4be44f603bd90286f8d38320ad027bfa8506a00ca84964b763c19c4ab1d504f586cfc7798518df97700ab1a3' + [stable]='4f33347bf05e7d7dd42a52b6e7af7ec21e3ed71df05a8ec16dd1228425f04e4318d88b1340370ccb6ad02cde590fc102094ddffbb1fc86d2085295a43f02f67b' ) get_packages() { From 4d700b97e48ccf981cdaf865b59bb3d7a827ff7c Mon Sep 17 00:00:00 2001 From: Mathieu Rampant Date: Mon, 10 Jul 2023 07:35:42 -0400 Subject: [PATCH 060/160] Update Dockerfile to work with other version of nginx --- modules/Dockerfile.alpine | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/Dockerfile.alpine b/modules/Dockerfile.alpine index d575d5d9..771f384c 100644 --- a/modules/Dockerfile.alpine +++ b/modules/Dockerfile.alpine @@ -1,4 +1,5 @@ -FROM nginx:mainline-alpine as builder +ARG NGINX_VERSION_FROM=mainline-alpine +FROM nginx:${NGINX_VERSION_FROM}-alpine as builder ARG ENABLED_MODULES @@ -60,7 +61,7 @@ RUN set -ex \ done \ && echo "BUILT_MODULES=\"$BUILT_MODULES\"" > /tmp/packages/modules.env -FROM nginx:mainline-alpine +FROM nginx:${NGINX_VERSION_FROM}-alpine COPY --from=builder /tmp/packages /tmp/packages RUN set -ex \ && . /tmp/packages/modules.env \ From 46a0d48398525c5478680583ec558d09e5b9d6ca Mon Sep 17 00:00:00 2001 From: Mathieu Rampant Date: Mon, 10 Jul 2023 07:33:41 -0400 Subject: [PATCH 061/160] Update Dockerfile to work with other version of nginx --- modules/Dockerfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/Dockerfile b/modules/Dockerfile index 1cce673d..44eae4c9 100644 --- a/modules/Dockerfile +++ b/modules/Dockerfile @@ -1,4 +1,5 @@ -FROM nginx:mainline as builder +ARG NGINX_VERSION_FROM=mainline +FROM nginx:${NGINX_VERSION_FROM} as builder ARG ENABLED_MODULES @@ -68,7 +69,7 @@ RUN set -ex \ done \ && echo "BUILT_MODULES=\"$BUILT_MODULES\"" > /tmp/packages/modules.env -FROM nginx:mainline +FROM nginx:${NGINX_VERSION_FROM} COPY --from=builder /tmp/packages /tmp/packages RUN set -ex \ && apt update \ From c300144f441708492e414d5ab91692ca13c9dde2 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 13 Jul 2023 16:46:47 -0700 Subject: [PATCH 062/160] modules: use NGINX_FROM_IMAGE to specify which image to start with. --- modules/Dockerfile | 6 +++--- modules/Dockerfile.alpine | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/Dockerfile b/modules/Dockerfile index 44eae4c9..79b58f4d 100644 --- a/modules/Dockerfile +++ b/modules/Dockerfile @@ -1,5 +1,5 @@ -ARG NGINX_VERSION_FROM=mainline -FROM nginx:${NGINX_VERSION_FROM} as builder +ARG NGINX_FROM_IMAGE=nginx:mainline +FROM ${NGINX_FROM_IMAGE} as builder ARG ENABLED_MODULES @@ -69,7 +69,7 @@ RUN set -ex \ done \ && echo "BUILT_MODULES=\"$BUILT_MODULES\"" > /tmp/packages/modules.env -FROM nginx:${NGINX_VERSION_FROM} +FROM ${NGINX_FROM_IMAGE} COPY --from=builder /tmp/packages /tmp/packages RUN set -ex \ && apt update \ diff --git a/modules/Dockerfile.alpine b/modules/Dockerfile.alpine index 771f384c..347c6a65 100644 --- a/modules/Dockerfile.alpine +++ b/modules/Dockerfile.alpine @@ -1,5 +1,5 @@ -ARG NGINX_VERSION_FROM=mainline-alpine -FROM nginx:${NGINX_VERSION_FROM}-alpine as builder +ARG NGINX_FROM_IMAGE=nginx:mainline-alpine +FROM ${NGINX_FROM_IMAGE} as builder ARG ENABLED_MODULES @@ -61,7 +61,7 @@ RUN set -ex \ done \ && echo "BUILT_MODULES=\"$BUILT_MODULES\"" > /tmp/packages/modules.env -FROM nginx:${NGINX_VERSION_FROM}-alpine +FROM ${NGINX_FROM_IMAGE} COPY --from=builder /tmp/packages /tmp/packages RUN set -ex \ && . /tmp/packages/modules.env \ From 00edc58f4843edd06680d9a9f7e258ca3dbe0366 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 13 Jul 2023 16:47:27 -0700 Subject: [PATCH 063/160] CI: Added a test for modules builds. --- .test/config.sh | 1 + .test/tests/modules/nginx.conf.sme | 34 ++++++++++++++ .test/tests/modules/run.sh | 71 ++++++++++++++++++++++++++++++ 3 files changed, 106 insertions(+) create mode 100644 .test/tests/modules/nginx.conf.sme create mode 100755 .test/tests/modules/run.sh diff --git a/.test/config.sh b/.test/config.sh index 6d6b74ed..87e466a6 100755 --- a/.test/config.sh +++ b/.test/config.sh @@ -5,5 +5,6 @@ imageTests+=( templates templates-resolver workers + modules ' ) diff --git a/.test/tests/modules/nginx.conf.sme b/.test/tests/modules/nginx.conf.sme new file mode 100644 index 00000000..dab10145 --- /dev/null +++ b/.test/tests/modules/nginx.conf.sme @@ -0,0 +1,34 @@ +user nginx; +worker_processes auto; + +load_module modules/ndk_http_module.so; +load_module modules/ngx_http_echo_module.so; +load_module modules/ngx_http_set_misc_module.so; + +error_log /var/log/nginx/error.log notice; +pid /var/run/nginx.pid; + +events { + worker_connections 1024; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + server { + listen 80 default_server; + location /hello { + set $raw "hello"; + set_sha1 $digest $raw; + + echo $digest; + } + } +} diff --git a/.test/tests/modules/run.sh b/.test/tests/modules/run.sh new file mode 100755 index 00000000..9dbe4c3d --- /dev/null +++ b/.test/tests/modules/run.sh @@ -0,0 +1,71 @@ +#!/bin/bash + +set -eo pipefail + +dir="$(dirname "$(readlink -f "$BASH_SOURCE")")" + +echo $dir + +image="$1" + +case "$image" in + *-perl) + ;; + *) + echo >&2 "skipping non-leaf image: $image" + exit + ;; +esac + +dockerfile="Dockerfile" +case "$image" in + *alpine*) + dockerfile="$dockerfile.alpine" + ;; +esac + +clientImage='buildpack-deps:buster-curl' +# ensure the clientImage is ready and available +if ! docker image inspect "$clientImage" &> /dev/null; then + docker pull "$clientImage" > /dev/null +fi + +# Create an instance of the container-under-test +modulesImage="$("$HOME/oi/test/tests/image-name.sh" librarytest/nginx-template "$image")" +DOCKER_BUILDKIT=0 docker build --build-arg NGINX_FROM_IMAGE="$image" --build-arg ENABLED_MODULES="ndk set-misc echo" -t "$modulesImage" -f "modules/$dockerfile" "$GITHUB_WORKSPACE/modules" + +serverImage="${modulesImage}-sme" +"$HOME/oi/test/tests/docker-build.sh" "$dir" "$serverImage" < /dev/null" EXIT + +_request() { + local method="$1" + shift + + local proto="$1" + shift + + local url="${1#/}" + shift + + if [ "$(docker inspect -f '{{.State.Running}}' "$cid" 2>/dev/null)" != 'true' ]; then + echo >&2 "$image stopped unexpectedly!" + ( set -x && docker logs "$cid" ) >&2 || true + false + fi + + docker run --rm \ + --link "$cid":nginx \ + "$clientImage" \ + curl -fsSL -X"$method" --connect-to '::nginx:' "$@" "$proto://example.com/$url" +} + +. "$HOME/oi/test/retry.sh" '[ "$(_request GET / --output /dev/null || echo $?)" != 7 ]' + +# Check that we can request / +_request GET http '/hello' | grep 'aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d' From 22e65b3df3acef8ba2bb517191f2e495782dbbeb Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 13 Jul 2023 16:31:12 -0700 Subject: [PATCH 064/160] Documented a way to redefined base modules image. --- modules/README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/README.md b/modules/README.md index d5091a0c..ccca21d8 100644 --- a/modules/README.md +++ b/modules/README.md @@ -13,7 +13,10 @@ $ docker build --build-arg ENABLED_MODULES="ndk lua" -t my-nginx-with-lua . This command will attempt to build an image called `my-nginx-with-lua` based on official nginx docker hub image with two modules: `ndk` and `lua`. By default, a Debian-based image will be used. If you wish to use Alpine -instead, add `-f Dockerfile.alpine` to the command line. +instead, add `-f Dockerfile.alpine` to the command line. By default, mainline +images are used as a base, but it's possible to specify a different image by +providing `NGINX_FROM_IMAGE` build argument, e.g. `--build-arg +NGINX_FROM_IMAGE=nginx:stable`. The build script will look for module build definition files on filesystem directory under the same name as the module (and resulting package) and if From a4d9a5c94867f845db761672b9c422f46e0090ef Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 13 Jul 2023 16:37:14 -0700 Subject: [PATCH 065/160] Updated the modules versions. --- modules/README.md | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/modules/README.md b/modules/README.md index ccca21d8..b2f3965d 100644 --- a/modules/README.md +++ b/modules/README.md @@ -33,25 +33,25 @@ are available from `pkg-oss` repository: ``` /pkg-oss $ LC_ALL=C make -C debian list-all-modules make: Entering directory '/pkg-oss/debian' -auth-spnego 1.1.0-1 -brotli 1.0.0-1 -encrypted-session 0.08-1 -fips-check 0.1-1 -geoip 1.21.0-1 -geoip2 3.3-1 -headers-more 0.33-1 -image-filter 1.21.0-1 -lua 0.10.19-1 -modsecurity 1.0.1-2 -ndk 0.3.1-1 -njs 0.5.3-1 -opentracing 0.14.0-1 -passenger 6.0.8-1 -perl 1.21.0-1 -rtmp 1.2.1-1 -set-misc 0.32-1 -subs-filter 0.6.4-1 -xslt 1.21.0-1 +auth-spnego 1.1.1-1 +brotli 1.0.0-1 +encrypted-session 0.09-1 +fips-check 0.1-1 +geoip 1.25.1-1 +geoip2 3.4-1 +headers-more 0.34-1 +image-filter 1.25.1-1 +lua 0.10.25-1 +modsecurity 1.0.3-3 +ndk 0.3.2-1 +njs 0.8.0-1 +opentracing 0.29.0-1 +passenger 6.0.18-1 +perl 1.25.1-1 +rtmp 1.2.2-1 +set-misc 0.33-1 +subs-filter 0.6.4-1 +xslt 1.25.1-1 make: Leaving directory '/pkg-oss/debian' ``` From 2879b26c7dedf1d958b1894a5c1b1dec3c026369 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Wed, 2 Aug 2023 23:20:17 +0200 Subject: [PATCH 066/160] fix: address Alpine bug and shell linter warnings * Replace `-n` with `-f` in Alpine Linux conditional check * Ensure shell variables are properly quoted * Set variable before exporting to ensure it properly fails (if it fails) * Replace obsolete `-o` conditional check with `||` --- Dockerfile-alpine-perl.template | 6 +++--- Dockerfile-alpine-slim.template | 6 +++--- Dockerfile-alpine.template | 6 +++--- entrypoint/10-listen-on-ipv6-by-default.sh | 2 +- entrypoint/15-local-resolvers.envsh | 3 ++- entrypoint/20-envsubst-on-templates.sh | 10 +++++----- entrypoint/30-tune-worker-processes.sh | 2 +- entrypoint/docker-entrypoint.sh | 2 +- mainline/alpine-perl/Dockerfile | 6 +++--- mainline/alpine-slim/10-listen-on-ipv6-by-default.sh | 2 +- mainline/alpine-slim/15-local-resolvers.envsh | 3 ++- mainline/alpine-slim/20-envsubst-on-templates.sh | 10 +++++----- mainline/alpine-slim/30-tune-worker-processes.sh | 2 +- mainline/alpine-slim/Dockerfile | 6 +++--- mainline/alpine-slim/docker-entrypoint.sh | 2 +- mainline/alpine/Dockerfile | 6 +++--- mainline/debian/10-listen-on-ipv6-by-default.sh | 2 +- mainline/debian/15-local-resolvers.envsh | 3 ++- mainline/debian/20-envsubst-on-templates.sh | 10 +++++----- mainline/debian/30-tune-worker-processes.sh | 2 +- mainline/debian/docker-entrypoint.sh | 2 +- stable/alpine-perl/Dockerfile | 6 +++--- stable/alpine-slim/10-listen-on-ipv6-by-default.sh | 2 +- stable/alpine-slim/15-local-resolvers.envsh | 3 ++- stable/alpine-slim/20-envsubst-on-templates.sh | 10 +++++----- stable/alpine-slim/30-tune-worker-processes.sh | 2 +- stable/alpine-slim/Dockerfile | 6 +++--- stable/alpine-slim/docker-entrypoint.sh | 2 +- stable/alpine/Dockerfile | 6 +++--- stable/debian/10-listen-on-ipv6-by-default.sh | 2 +- stable/debian/15-local-resolvers.envsh | 3 ++- stable/debian/20-envsubst-on-templates.sh | 10 +++++----- stable/debian/30-tune-worker-processes.sh | 2 +- stable/debian/docker-entrypoint.sh | 2 +- 34 files changed, 77 insertions(+), 72 deletions(-) diff --git a/Dockerfile-alpine-perl.template b/Dockerfile-alpine-perl.template index c4e06400..c8c56ae8 100644 --- a/Dockerfile-alpine-perl.template +++ b/Dockerfile-alpine-perl.template @@ -66,6 +66,6 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi + && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template index 7c8347e9..4a88c230 100644 --- a/Dockerfile-alpine-slim.template +++ b/Dockerfile-alpine-slim.template @@ -73,9 +73,9 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ + && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in gettext so we can get `envsubst`, then throw # the rest away. To do this, we need to install `gettext` # then move `envsubst` out of the way so `gettext` can diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index ba91fe6c..9bff5ab8 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -71,8 +71,8 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ + && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in curl and ca-certificates to make registering on DNS SD easier && apk add --no-cache curl ca-certificates diff --git a/entrypoint/10-listen-on-ipv6-by-default.sh b/entrypoint/10-listen-on-ipv6-by-default.sh index b2655860..b90bf0c9 100755 --- a/entrypoint/10-listen-on-ipv6-by-default.sh +++ b/entrypoint/10-listen-on-ipv6-by-default.sh @@ -9,7 +9,7 @@ entrypoint_log() { fi } -ME=$(basename $0) +ME=$(basename "$0") DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available diff --git a/entrypoint/15-local-resolvers.envsh b/entrypoint/15-local-resolvers.envsh index 93062159..da963525 100755 --- a/entrypoint/15-local-resolvers.envsh +++ b/entrypoint/15-local-resolvers.envsh @@ -8,4 +8,5 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 -export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +export NGINX_LOCAL_RESOLVERS diff --git a/entrypoint/20-envsubst-on-templates.sh b/entrypoint/20-envsubst-on-templates.sh index f3fb9fcb..3804165c 100755 --- a/entrypoint/20-envsubst-on-templates.sh +++ b/entrypoint/20-envsubst-on-templates.sh @@ -2,7 +2,7 @@ set -e -ME=$(basename $0) +ME=$(basename "$0") entrypoint_log() { if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then @@ -44,8 +44,8 @@ auto_envsubst() { return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$output_dir/${relative_path%$suffix}" + relative_path="${template#"$template_dir/"}" + output_path="$output_dir/${relative_path%"$suffix"}" subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" @@ -62,8 +62,8 @@ auto_envsubst() { fi add_stream_block find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$stream_output_dir/${relative_path%$stream_suffix}" + relative_path="${template#"$template_dir/"}" + output_path="$stream_output_dir/${relative_path%"$stream_suffix"}" subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$stream_output_dir/$subdir" diff --git a/entrypoint/30-tune-worker-processes.sh b/entrypoint/30-tune-worker-processes.sh index 9aa42e98..defb994f 100755 --- a/entrypoint/30-tune-worker-processes.sh +++ b/entrypoint/30-tune-worker-processes.sh @@ -4,7 +4,7 @@ set -eu LC_ALL=C -ME=$( basename "$0" ) +ME=$(basename "$0") PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 diff --git a/entrypoint/docker-entrypoint.sh b/entrypoint/docker-entrypoint.sh index e201fe60..8ea04f21 100755 --- a/entrypoint/docker-entrypoint.sh +++ b/entrypoint/docker-entrypoint.sh @@ -9,7 +9,7 @@ entrypoint_log() { fi } -if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then +if [ "$1" = "nginx" ] || [ "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index e392c742..6119fbd0 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -77,6 +77,6 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi + && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi diff --git a/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh b/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh index b2655860..b90bf0c9 100755 --- a/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh @@ -9,7 +9,7 @@ entrypoint_log() { fi } -ME=$(basename $0) +ME=$(basename "$0") DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available diff --git a/mainline/alpine-slim/15-local-resolvers.envsh b/mainline/alpine-slim/15-local-resolvers.envsh index 93062159..da963525 100755 --- a/mainline/alpine-slim/15-local-resolvers.envsh +++ b/mainline/alpine-slim/15-local-resolvers.envsh @@ -8,4 +8,5 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 -export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +export NGINX_LOCAL_RESOLVERS diff --git a/mainline/alpine-slim/20-envsubst-on-templates.sh b/mainline/alpine-slim/20-envsubst-on-templates.sh index f3fb9fcb..3804165c 100755 --- a/mainline/alpine-slim/20-envsubst-on-templates.sh +++ b/mainline/alpine-slim/20-envsubst-on-templates.sh @@ -2,7 +2,7 @@ set -e -ME=$(basename $0) +ME=$(basename "$0") entrypoint_log() { if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then @@ -44,8 +44,8 @@ auto_envsubst() { return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$output_dir/${relative_path%$suffix}" + relative_path="${template#"$template_dir/"}" + output_path="$output_dir/${relative_path%"$suffix"}" subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" @@ -62,8 +62,8 @@ auto_envsubst() { fi add_stream_block find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$stream_output_dir/${relative_path%$stream_suffix}" + relative_path="${template#"$template_dir/"}" + output_path="$stream_output_dir/${relative_path%"$stream_suffix"}" subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$stream_output_dir/$subdir" diff --git a/mainline/alpine-slim/30-tune-worker-processes.sh b/mainline/alpine-slim/30-tune-worker-processes.sh index 9aa42e98..defb994f 100755 --- a/mainline/alpine-slim/30-tune-worker-processes.sh +++ b/mainline/alpine-slim/30-tune-worker-processes.sh @@ -4,7 +4,7 @@ set -eu LC_ALL=C -ME=$( basename "$0" ) +ME=$(basename "$0") PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index b9133e06..9de2c8c7 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -79,9 +79,9 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ + && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in gettext so we can get `envsubst`, then throw # the rest away. To do this, we need to install `gettext` # then move `envsubst` out of the way so `gettext` can diff --git a/mainline/alpine-slim/docker-entrypoint.sh b/mainline/alpine-slim/docker-entrypoint.sh index e201fe60..8ea04f21 100755 --- a/mainline/alpine-slim/docker-entrypoint.sh +++ b/mainline/alpine-slim/docker-entrypoint.sh @@ -9,7 +9,7 @@ entrypoint_log() { fi } -if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then +if [ "$1" = "nginx" ] || [ "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index f2c5c88d..58282e3e 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -81,8 +81,8 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ + && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in curl and ca-certificates to make registering on DNS SD easier && apk add --no-cache curl ca-certificates diff --git a/mainline/debian/10-listen-on-ipv6-by-default.sh b/mainline/debian/10-listen-on-ipv6-by-default.sh index b2655860..b90bf0c9 100755 --- a/mainline/debian/10-listen-on-ipv6-by-default.sh +++ b/mainline/debian/10-listen-on-ipv6-by-default.sh @@ -9,7 +9,7 @@ entrypoint_log() { fi } -ME=$(basename $0) +ME=$(basename "$0") DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available diff --git a/mainline/debian/15-local-resolvers.envsh b/mainline/debian/15-local-resolvers.envsh index 93062159..da963525 100755 --- a/mainline/debian/15-local-resolvers.envsh +++ b/mainline/debian/15-local-resolvers.envsh @@ -8,4 +8,5 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 -export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +export NGINX_LOCAL_RESOLVERS diff --git a/mainline/debian/20-envsubst-on-templates.sh b/mainline/debian/20-envsubst-on-templates.sh index f3fb9fcb..3804165c 100755 --- a/mainline/debian/20-envsubst-on-templates.sh +++ b/mainline/debian/20-envsubst-on-templates.sh @@ -2,7 +2,7 @@ set -e -ME=$(basename $0) +ME=$(basename "$0") entrypoint_log() { if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then @@ -44,8 +44,8 @@ auto_envsubst() { return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$output_dir/${relative_path%$suffix}" + relative_path="${template#"$template_dir/"}" + output_path="$output_dir/${relative_path%"$suffix"}" subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" @@ -62,8 +62,8 @@ auto_envsubst() { fi add_stream_block find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$stream_output_dir/${relative_path%$stream_suffix}" + relative_path="${template#"$template_dir/"}" + output_path="$stream_output_dir/${relative_path%"$stream_suffix"}" subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$stream_output_dir/$subdir" diff --git a/mainline/debian/30-tune-worker-processes.sh b/mainline/debian/30-tune-worker-processes.sh index 9aa42e98..defb994f 100755 --- a/mainline/debian/30-tune-worker-processes.sh +++ b/mainline/debian/30-tune-worker-processes.sh @@ -4,7 +4,7 @@ set -eu LC_ALL=C -ME=$( basename "$0" ) +ME=$(basename "$0") PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 diff --git a/mainline/debian/docker-entrypoint.sh b/mainline/debian/docker-entrypoint.sh index e201fe60..8ea04f21 100755 --- a/mainline/debian/docker-entrypoint.sh +++ b/mainline/debian/docker-entrypoint.sh @@ -9,7 +9,7 @@ entrypoint_log() { fi } -if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then +if [ "$1" = "nginx" ] || [ "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 633809b8..5e5b3af1 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -77,6 +77,6 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi + && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi diff --git a/stable/alpine-slim/10-listen-on-ipv6-by-default.sh b/stable/alpine-slim/10-listen-on-ipv6-by-default.sh index b2655860..b90bf0c9 100755 --- a/stable/alpine-slim/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine-slim/10-listen-on-ipv6-by-default.sh @@ -9,7 +9,7 @@ entrypoint_log() { fi } -ME=$(basename $0) +ME=$(basename "$0") DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available diff --git a/stable/alpine-slim/15-local-resolvers.envsh b/stable/alpine-slim/15-local-resolvers.envsh index 93062159..da963525 100755 --- a/stable/alpine-slim/15-local-resolvers.envsh +++ b/stable/alpine-slim/15-local-resolvers.envsh @@ -8,4 +8,5 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 -export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +export NGINX_LOCAL_RESOLVERS diff --git a/stable/alpine-slim/20-envsubst-on-templates.sh b/stable/alpine-slim/20-envsubst-on-templates.sh index f3fb9fcb..3804165c 100755 --- a/stable/alpine-slim/20-envsubst-on-templates.sh +++ b/stable/alpine-slim/20-envsubst-on-templates.sh @@ -2,7 +2,7 @@ set -e -ME=$(basename $0) +ME=$(basename "$0") entrypoint_log() { if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then @@ -44,8 +44,8 @@ auto_envsubst() { return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$output_dir/${relative_path%$suffix}" + relative_path="${template#"$template_dir/"}" + output_path="$output_dir/${relative_path%"$suffix"}" subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" @@ -62,8 +62,8 @@ auto_envsubst() { fi add_stream_block find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$stream_output_dir/${relative_path%$stream_suffix}" + relative_path="${template#"$template_dir/"}" + output_path="$stream_output_dir/${relative_path%"$stream_suffix"}" subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$stream_output_dir/$subdir" diff --git a/stable/alpine-slim/30-tune-worker-processes.sh b/stable/alpine-slim/30-tune-worker-processes.sh index 9aa42e98..defb994f 100755 --- a/stable/alpine-slim/30-tune-worker-processes.sh +++ b/stable/alpine-slim/30-tune-worker-processes.sh @@ -4,7 +4,7 @@ set -eu LC_ALL=C -ME=$( basename "$0" ) +ME=$(basename "$0") PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 87587756..1826029e 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -79,9 +79,9 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ + && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in gettext so we can get `envsubst`, then throw # the rest away. To do this, we need to install `gettext` # then move `envsubst` out of the way so `gettext` can diff --git a/stable/alpine-slim/docker-entrypoint.sh b/stable/alpine-slim/docker-entrypoint.sh index e201fe60..8ea04f21 100755 --- a/stable/alpine-slim/docker-entrypoint.sh +++ b/stable/alpine-slim/docker-entrypoint.sh @@ -9,7 +9,7 @@ entrypoint_log() { fi } -if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then +if [ "$1" = "nginx" ] || [ "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index b703af15..629e1755 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -81,8 +81,8 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ + && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in curl and ca-certificates to make registering on DNS SD easier && apk add --no-cache curl ca-certificates diff --git a/stable/debian/10-listen-on-ipv6-by-default.sh b/stable/debian/10-listen-on-ipv6-by-default.sh index b2655860..b90bf0c9 100755 --- a/stable/debian/10-listen-on-ipv6-by-default.sh +++ b/stable/debian/10-listen-on-ipv6-by-default.sh @@ -9,7 +9,7 @@ entrypoint_log() { fi } -ME=$(basename $0) +ME=$(basename "$0") DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available diff --git a/stable/debian/15-local-resolvers.envsh b/stable/debian/15-local-resolvers.envsh index 93062159..da963525 100755 --- a/stable/debian/15-local-resolvers.envsh +++ b/stable/debian/15-local-resolvers.envsh @@ -8,4 +8,5 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 -export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +export NGINX_LOCAL_RESOLVERS diff --git a/stable/debian/20-envsubst-on-templates.sh b/stable/debian/20-envsubst-on-templates.sh index f3fb9fcb..3804165c 100755 --- a/stable/debian/20-envsubst-on-templates.sh +++ b/stable/debian/20-envsubst-on-templates.sh @@ -2,7 +2,7 @@ set -e -ME=$(basename $0) +ME=$(basename "$0") entrypoint_log() { if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then @@ -44,8 +44,8 @@ auto_envsubst() { return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$output_dir/${relative_path%$suffix}" + relative_path="${template#"$template_dir/"}" + output_path="$output_dir/${relative_path%"$suffix"}" subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" @@ -62,8 +62,8 @@ auto_envsubst() { fi add_stream_block find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$stream_output_dir/${relative_path%$stream_suffix}" + relative_path="${template#"$template_dir/"}" + output_path="$stream_output_dir/${relative_path%"$stream_suffix"}" subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$stream_output_dir/$subdir" diff --git a/stable/debian/30-tune-worker-processes.sh b/stable/debian/30-tune-worker-processes.sh index 9aa42e98..defb994f 100755 --- a/stable/debian/30-tune-worker-processes.sh +++ b/stable/debian/30-tune-worker-processes.sh @@ -4,7 +4,7 @@ set -eu LC_ALL=C -ME=$( basename "$0" ) +ME=$(basename "$0") PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 diff --git a/stable/debian/docker-entrypoint.sh b/stable/debian/docker-entrypoint.sh index e201fe60..8ea04f21 100755 --- a/stable/debian/docker-entrypoint.sh +++ b/stable/debian/docker-entrypoint.sh @@ -9,7 +9,7 @@ entrypoint_log() { fi } -if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then +if [ "$1" = "nginx" ] || [ "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" From 3aac9b12463cf031037f7e21b3857f9a4bec3f28 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Mon, 24 Jul 2023 23:11:17 +0200 Subject: [PATCH 067/160] docs: Add community related docs docs: address PR feedback Move README section uptop Replace project with repo name where appropriate --- .github/ISSUE_TEMPLATE/bug_report.md | 33 ++++++++++++++ .github/ISSUE_TEMPLATE/feature_request.md | 23 ++++++++++ .github/pull_request_template.md | 12 +++++ CODE_OF_CONDUCT.md | 2 +- CONTRIBUTING.md | 53 +++++++++++++++++++++++ LICENSE | 2 +- README.md | 15 ++++++- SECURITY.md | 14 ++++++ SUPPORT.md | 37 ++++++++++++++++ 9 files changed, 188 insertions(+), 3 deletions(-) create mode 100644 .github/ISSUE_TEMPLATE/bug_report.md create mode 100644 .github/ISSUE_TEMPLATE/feature_request.md create mode 100644 .github/pull_request_template.md create mode 100644 CONTRIBUTING.md create mode 100644 SECURITY.md create mode 100644 SUPPORT.md diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 00000000..6c7471a3 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,33 @@ +--- +name: Bug report +about: Create a report to help us improve +title: "" +labels: "" +assignees: "" +--- + +### Describe the bug + +A clear and concise description of what the bug is. + +### To reproduce + +Steps to reproduce the behavior: + +1. Deploy the NGINX Docker image using ... +2. View output/logs/configuration on ... +3. See error + +### Expected behavior + +A clear and concise description of what you expected to happen. + +### Your environment + +- Version/release of Docker and method of installation (e.g. Docker Desktop / Docker Server) +- Version/tag of the NGINX Docker image (e.g. `nginx:alpine`) +- Target deployment platform (e.g. OpenShift / Kubernetes / Docker Compose / etc...) + +### Additional context + +Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 00000000..e2242abb --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,23 @@ +--- +name: Feature request +about: Suggest an idea for this project +title: "" +labels: "" +assignees: "" +--- + +### Is your feature request related to a problem? Please describe + +A clear and concise description of what the problem is. Ex. I'm always frustrated when ... + +### Describe the solution you'd like + +A clear and concise description of what you want to happen. + +### Describe alternatives you've considered + +A clear and concise description of any alternative solutions or features you've considered. + +### Additional context + +Add any other context or screenshots about the feature request here. diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 00000000..e869fe51 --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,12 @@ +### Proposed changes + +Describe the use case and detail of the change. If this PR addresses an issue on GitHub, make sure to include a link to that issue using one of the [supported keywords](https://docs.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue) here in this description (not in the title of the PR). + +### Checklist + +Before creating a PR, run through this checklist and mark each as complete: +- [ ] I have read the [`CONTRIBUTING`](https://github.com/nginxinc/docker-nginx/blob/master/CONTRIBUTING.md) document +- [ ] I have run `./update.sh` and ensured all entrypoint/Dockerfile template changes have been applied to the relevant image entrypoint scripts & Dockerfiles +- [ ] If applicable, I have added tests that prove my fix is effective or that my feature works +- [ ] If applicable, I have checked that any relevant tests pass after adding my changes +- [ ] I have updated any relevant documentation diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index aea287f6..78354a27 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -55,7 +55,7 @@ further defined and clarified by project maintainers. ## Enforcement Instances of abusive, harassing, or otherwise unacceptable behavior may be -reported by contacting the moderation team at nginx-oss-community@f5.com. All +reported by contacting the moderation team at . All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 00000000..b4b86358 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,53 @@ +# Contributing Guidelines + +The following is a set of guidelines for contributing to the Docker NGINX image. We really appreciate that you are considering contributing! + +#### Table Of Contents + +[Getting Started](#getting-started) + +[Contributing](#contributing) + +[Code Guidelines](#code-guidelines) + +[Code of Conduct](https://github.com/nginxinc/docker-nginx/blob/master/CODE_OF_CONDUCT.md) + +## Getting Started + +Follow our [how to use this image guide](https://hub.docker.com/_/nginx/) to get the Docker NGINX image up and running. + +## Contributing + +### Report a Bug + +To report a bug, open an issue on GitHub with the label `bug` using the available bug report issue template. Please ensure the bug has not already been reported. **If the bug is a potential security vulnerability, please report it using our [security policy](https://github.com/nginxinc/docker-nginx/blob/master/SECURITY.md).** + +### Suggest a Feature or Enhancement + +To suggest a feature or enhancement, please create an issue on GitHub with the label `enhancement` using the available [feature request template](https://github.com/nginxinc/docker-nginx/blob/master/.github/feature_request_template.md). Please ensure the feature or enhancement has not already been suggested. + +### Open a Pull Request + +- Fork the repo, create a branch, implement your changes, add any relevant tests, submit a PR when your changes are **tested** and ready for review. +- Fill in [our pull request template](https://github.com/nginxinc/docker-nginx/blob/master/.github/pull_request_template.md). + +Note: if you'd like to implement a new feature, please consider creating a [feature request issue](https://github.com/nginxinc/docker-nginx/blob/master/.github/feature_request_template.md) first to start a discussion about the feature. + +## Code Guidelines + +### Git Guidelines + +- Keep a clean, concise and meaningful git commit history on your branch (within reason), rebasing locally and squashing before submitting a PR. +- If possible and/or relevant, use the [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) format when writing a commit message, so that changelogs can be automatically generated +- Follow the guidelines of writing a good commit message as described here and summarised in the next few points: + - In the subject line, use the present tense ("Add feature" not "Added feature"). + - In the subject line, use the imperative mood ("Move cursor to..." not "Moves cursor to..."). + - Limit the subject line to 72 characters or less. + - Reference issues and pull requests liberally after the subject line. + - Add more detailed description in the body of the git message (`git commit -a` to give you more space and time in your text editor to write a good message instead of `git commit -am`). + +### Docker Guidelines + +- Update any entrypoint scripts via the the scripts contained in the `/entrypoint` directory. +- Update any Dockerfiles via the Dockerfile templates in the root directory (e.g. `Dockerfile-alpine.template`). +- Run the `./update.sh` script to apply all entrypoint/Dockerfile template changes to the relevant image entrypoints & Dockerfiles. diff --git a/LICENSE b/LICENSE index bc1d673f..f5af4aac 100644 --- a/LICENSE +++ b/LICENSE @@ -1,4 +1,4 @@ -Copyright (C) 2011-2016 Nginx, Inc. +Copyright (C) 2011-2023 F5, Inc. All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/README.md b/README.md index e852ff4b..24d8e79c 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,6 @@ +[![Project Status: Active – The project has reached a stable, usable state and is being actively developed.](https://www.repostatus.org/badges/latest/active.svg)](https://www.repostatus.org/#active) +[![Community Support](https://badgen.net/badge/support/community/cyan?icon=awesome)](https://github.com/nginxinc/docker-nginx/blob/master/SUPPORT.md) + # About this Repo ## Maintained by: [the NGINX Docker Maintainers](https://github.com/nginxinc/docker-nginx) @@ -14,9 +17,19 @@ For more information about the full official images change lifecycle, see [the " For outstanding `nginx` image PRs, check [PRs with the "library/nginx" label on the official-images repository](https://github.com/docker-library/official-images/labels/library%2Fnginx). For the current "source of truth" for [`nginx`](https://hub.docker.com/_/nginx/), see [the `library/nginx` file in the official-images repository](https://github.com/docker-library/official-images/blob/master/library/nginx). +## Contributing + +Please see the [contributing guide](https://github.com/nginxinc/docker-nginx/blob/master/CONTRIBUTING.md) for guidelines on how to best contribute to this project. + +## License + +[BSD 2-Clause](https://github.com/nginxinc/docker-nginx/blob/master/LICENSE) + +© [F5, Inc.](https://www.f5.com/) 2023 + --- -- [![build status badge](https://img.shields.io/github/actions/workflow/status/nginxinc/docker-nginx/ci.yml?branch=master&label=GitHub%20CI)](https://github.com/nginxinc/docker-nginx/actions?query=workflow%3A%22GitHub+CI%22+branch%3Amaster) +- [![build status badge](https://img.shields.io/github/actions/workflow/status/nginxinc/docker-nginx/ci.yml?branch=master&label=GitHub%20CI)](https://github.com/nginxinc/docker-nginx/actions?query=workflow%3A%22GitHub+CI%22+branch%3Amaster) | Build | Status | Badges | (per-arch) | |:-:|:-:|:-:|:-:| diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..47a42e26 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,14 @@ +# Security Policy + +## Latest Versions + +We advise users to run or update to the most recent release of the NGINX Docker image. Older versions of the NGINX Docker image may not have all enhancements and/or bug fixes applied to them. + +## Reporting a Vulnerability + +The F5 Security Incident Response Team (F5 SIRT) has an email alias that makes it easy to report potential security vulnerabilities. + +- If you’re an F5 customer with an active support contract, please contact [F5 Technical Support](https://www.f5.com/services/support). +- If you aren’t an F5 customer, please report any potential or current instances of security vulnerabilities with any F5 product to the F5 Security Incident Response Team at . + +For more information visit [https://www.f5.com/services/support/report-a-vulnerability](https://www.f5.com/services/support/report-a-vulnerability) diff --git a/SUPPORT.md b/SUPPORT.md new file mode 100644 index 00000000..2a6b505d --- /dev/null +++ b/SUPPORT.md @@ -0,0 +1,37 @@ +# Support + +## Ask a Question + +We use GitHub for tracking bugs and feature requests related to all the Docker NGINX images (including all variants and container registries). + +Don't know how something in this project works? Curious if this project can achieve your desired functionality? Please open an issue on GitHub with the label `question`. + +## NGINX Specific Questions and/or Issues + +This isn't the right place to get support for NGINX specific questions, but the following resources are available below. Thanks for your understanding! + +### Community Slack + +We have a community [Slack](https://nginxcommunity.slack.com/)! + +If you are not a member, click [here](https://community.nginx.org/joinslack) to sign up (and let us know if the link does not seem to be working!) + +Once you join, check out the `#beginner-questions` and `nginx-users` channels :) + +### Documentation + +For a comprehensive list of all NGINX directives, check out . + +For a comprehensive list of admin and deployment guides for all NGINX products, check out . + +### Mailing List + +Want to get in touch with the NGINX development team directly? Try using the relevant mailing list found at ! + +## Contributing + +Please see the [contributing guide](https://github.com/nginxinc/docker-nginx/blob/master/CONTRIBUTING.md) for guidelines on how to best contribute to this project. + +## Commercial Support + +Commercial support for this project may be available. Please get in touch with [NGINX sales](https://www.nginx.com/contact-sales/) or check your contract details for more info! From 321a13a966eeff945196ddd31a629dad2aa85eda Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 15 Aug 2023 13:21:12 -0700 Subject: [PATCH 068/160] Updated mainline nginx to 1.25.2. --- mainline/alpine-perl/Dockerfile | 12 ++++++------ mainline/alpine-slim/Dockerfile | 12 ++++++------ mainline/alpine/Dockerfile | 12 ++++++------ mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 2 +- update.sh | 6 +++--- 6 files changed, 23 insertions(+), 23 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 6119fbd0..ee22c72f 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.1-alpine +FROM nginx:1.25.2-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -54,16 +54,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/e0da7da2b70a.tar.gz \ - && PKGOSSCHECKSUM=\"147d7cce3f47d4dbd7bbce8da3199943e15ba64d4be44f603bd90286f8d38320ad027bfa8506a00ca84964b763c19c4ab1d504f586cfc7798518df97700ab1a3 *e0da7da2b70a.tar.gz\" \ - && if [ \"\$(openssl sha512 -r e0da7da2b70a.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"64d3f504b246df1997d8442b12303944d2f51e09b35443b23da479af7790b9f84cf2ddf8ba108bdd712f92466f9a8e107b865a488f0898b87d39059f9f7ff56c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf e0da7da2b70a.tar.gz \ - && cd pkg-oss-e0da7da2b70a \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 9de2c8c7..d1ff2e01 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.18 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.25.1 +ENV NGINX_VERSION 1.25.2 ENV PKG_RELEASE 1 RUN set -x \ @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/e0da7da2b70a.tar.gz \ - && PKGOSSCHECKSUM=\"147d7cce3f47d4dbd7bbce8da3199943e15ba64d4be44f603bd90286f8d38320ad027bfa8506a00ca84964b763c19c4ab1d504f586cfc7798518df97700ab1a3 *e0da7da2b70a.tar.gz\" \ - && if [ \"\$(openssl sha512 -r e0da7da2b70a.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"64d3f504b246df1997d8442b12303944d2f51e09b35443b23da479af7790b9f84cf2ddf8ba108bdd712f92466f9a8e107b865a488f0898b87d39059f9f7ff56c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf e0da7da2b70a.tar.gz \ - && cd pkg-oss-e0da7da2b70a \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 58282e3e..834bd72e 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.1-alpine-slim +FROM nginx:1.25.2-alpine-slim ENV NJS_VERSION 0.8.0 @@ -58,16 +58,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/e0da7da2b70a.tar.gz \ - && PKGOSSCHECKSUM=\"147d7cce3f47d4dbd7bbce8da3199943e15ba64d4be44f603bd90286f8d38320ad027bfa8506a00ca84964b763c19c4ab1d504f586cfc7798518df97700ab1a3 *e0da7da2b70a.tar.gz\" \ - && if [ \"\$(openssl sha512 -r e0da7da2b70a.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"64d3f504b246df1997d8442b12303944d2f51e09b35443b23da479af7790b9f84cf2ddf8ba108bdd712f92466f9a8e107b865a488f0898b87d39059f9f7ff56c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf e0da7da2b70a.tar.gz \ - && cd pkg-oss-e0da7da2b70a \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 377cadb9..c557638f 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.1 +FROM nginx:1.25.2 RUN set -x \ && apt-get update \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index bc7c1943..bc172dec 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,7 +7,7 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.25.1 +ENV NGINX_VERSION 1.25.2 ENV NJS_VERSION 0.8.0 ENV PKG_RELEASE 1~bookworm diff --git a/update.sh b/update.sh index 269b3536..31d9a37c 100755 --- a/update.sh +++ b/update.sh @@ -12,7 +12,7 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.25.1' + [mainline]='1.25.2' [stable]='1.24.0' ) @@ -44,7 +44,7 @@ declare -A alpine=( # when building alpine packages on architectures not supported by nginx.org # Remember to update pkgosschecksum when changing this. declare -A rev=( - [mainline]='e0da7da2b70a' + [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' [stable]='e5d85b3424bb' ) @@ -52,7 +52,7 @@ declare -A rev=( # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='147d7cce3f47d4dbd7bbce8da3199943e15ba64d4be44f603bd90286f8d38320ad027bfa8506a00ca84964b763c19c4ab1d504f586cfc7798518df97700ab1a3' + [mainline]='64d3f504b246df1997d8442b12303944d2f51e09b35443b23da479af7790b9f84cf2ddf8ba108bdd712f92466f9a8e107b865a488f0898b87d39059f9f7ff56c' [stable]='4f33347bf05e7d7dd42a52b6e7af7ec21e3ed71df05a8ec16dd1228425f04e4318d88b1340370ccb6ad02cde590fc102094ddffbb1fc86d2085295a43f02f67b' ) From 4b0d808b8f320df132c154a974ebe46e9e5f5ffe Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 28 Aug 2023 12:56:43 -0700 Subject: [PATCH 069/160] Alpine: check if length of $tempDir is non-zero. Fixes #835. --- Dockerfile-alpine-perl.template | 2 +- Dockerfile-alpine-slim.template | 2 +- Dockerfile-alpine.template | 2 +- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine-slim/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 2 +- stable/alpine-slim/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/Dockerfile-alpine-perl.template b/Dockerfile-alpine-perl.template index c8c56ae8..d892f81b 100644 --- a/Dockerfile-alpine-perl.template +++ b/Dockerfile-alpine-perl.template @@ -66,6 +66,6 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template index 4a88c230..a5078971 100644 --- a/Dockerfile-alpine-slim.template +++ b/Dockerfile-alpine-slim.template @@ -73,7 +73,7 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in gettext so we can get `envsubst`, then throw diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 9bff5ab8..148d4ff2 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -71,7 +71,7 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in curl and ca-certificates to make registering on DNS SD easier diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index ee22c72f..a69383c3 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -77,6 +77,6 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index d1ff2e01..f1615308 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -79,7 +79,7 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in gettext so we can get `envsubst`, then throw diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 834bd72e..fc821534 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -81,7 +81,7 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in curl and ca-certificates to make registering on DNS SD easier diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 5e5b3af1..a70cca17 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -77,6 +77,6 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 1826029e..8d59f1bb 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -79,7 +79,7 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in gettext so we can get `envsubst`, then throw diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 629e1755..fbe85c5c 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -81,7 +81,7 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in curl and ca-certificates to make registering on DNS SD easier From 4bf0763f4977fff7e9648add59e0540088f3ca9f Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 24 Oct 2023 15:20:22 -0700 Subject: [PATCH 070/160] Updated mainline nginx to 1.25.3 and njs to 0.8.2. --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 4 ++-- update.sh | 6 +++--- 6 files changed, 13 insertions(+), 13 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index a69383c3..f2ecca4a 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.2-alpine +FROM nginx:1.25.3-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -55,7 +55,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"64d3f504b246df1997d8442b12303944d2f51e09b35443b23da479af7790b9f84cf2ddf8ba108bdd712f92466f9a8e107b865a488f0898b87d39059f9f7ff56c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"00b217979265cc9d66c991c9c89427558936dbaa568d175ca45780589171d94f1866217be09a83438d95494cf38baaa6788320f6d8d23f2fb29c03117391ff88 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index f1615308..d36ab160 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.18 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.25.2 +ENV NGINX_VERSION 1.25.3 ENV PKG_RELEASE 1 RUN set -x \ @@ -57,7 +57,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"64d3f504b246df1997d8442b12303944d2f51e09b35443b23da479af7790b9f84cf2ddf8ba108bdd712f92466f9a8e107b865a488f0898b87d39059f9f7ff56c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"00b217979265cc9d66c991c9c89427558936dbaa568d175ca45780589171d94f1866217be09a83438d95494cf38baaa6788320f6d8d23f2fb29c03117391ff88 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index fc821534..5dd4739d 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.2-alpine-slim +FROM nginx:1.25.3-alpine-slim -ENV NJS_VERSION 0.8.0 +ENV NJS_VERSION 0.8.2 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"64d3f504b246df1997d8442b12303944d2f51e09b35443b23da479af7790b9f84cf2ddf8ba108bdd712f92466f9a8e107b865a488f0898b87d39059f9f7ff56c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"00b217979265cc9d66c991c9c89427558936dbaa568d175ca45780589171d94f1866217be09a83438d95494cf38baaa6788320f6d8d23f2fb29c03117391ff88 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index c557638f..bbf88b06 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.2 +FROM nginx:1.25.3 RUN set -x \ && apt-get update \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index bc172dec..6bf4fdfc 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.25.2 -ENV NJS_VERSION 0.8.0 +ENV NGINX_VERSION 1.25.3 +ENV NJS_VERSION 0.8.2 ENV PKG_RELEASE 1~bookworm RUN set -x \ diff --git a/update.sh b/update.sh index 31d9a37c..9f9d0d13 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.25.2' + [mainline]='1.25.3' [stable]='1.24.0' ) # Current njs versions declare -A njs=( - [mainline]='0.8.0' + [mainline]='0.8.2' [stable]='0.8.0' ) @@ -52,7 +52,7 @@ declare -A rev=( # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='64d3f504b246df1997d8442b12303944d2f51e09b35443b23da479af7790b9f84cf2ddf8ba108bdd712f92466f9a8e107b865a488f0898b87d39059f9f7ff56c' + [mainline]='00b217979265cc9d66c991c9c89427558936dbaa568d175ca45780589171d94f1866217be09a83438d95494cf38baaa6788320f6d8d23f2fb29c03117391ff88' [stable]='4f33347bf05e7d7dd42a52b6e7af7ec21e3ed71df05a8ec16dd1228425f04e4318d88b1340370ccb6ad02cde590fc102094ddffbb1fc86d2085295a43f02f67b' ) From 6cb33076be05c335be33b1d52cfb677533a303f1 Mon Sep 17 00:00:00 2001 From: Jesper Noordsij <45041769+jnoordsij@users.noreply.github.com> Date: Mon, 8 Jan 2024 19:00:18 +0100 Subject: [PATCH 071/160] Replace COPY with bind mount in Alpine modules example --- modules/Dockerfile.alpine | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/modules/Dockerfile.alpine b/modules/Dockerfile.alpine index 347c6a65..230eb462 100644 --- a/modules/Dockerfile.alpine +++ b/modules/Dockerfile.alpine @@ -62,10 +62,9 @@ RUN set -ex \ && echo "BUILT_MODULES=\"$BUILT_MODULES\"" > /tmp/packages/modules.env FROM ${NGINX_FROM_IMAGE} -COPY --from=builder /tmp/packages /tmp/packages -RUN set -ex \ +RUN --mount=type=bind,target=/tmp/packages/,source=/tmp/packages/,from=builder \ + set -ex \ && . /tmp/packages/modules.env \ && for module in $BUILT_MODULES; do \ apk add --no-cache --allow-untrusted /tmp/packages/nginx-module-${module}-${NGINX_VERSION}*.apk; \ - done \ - && rm -rf /tmp/packages + done From 7399d225a285628b679e40f4c2bd9efee76a2359 Mon Sep 17 00:00:00 2001 From: Jesper Noordsij <45041769+jnoordsij@users.noreply.github.com> Date: Mon, 8 Jan 2024 19:03:36 +0100 Subject: [PATCH 072/160] Replace COPY with bind mount in default modules example --- modules/Dockerfile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/modules/Dockerfile b/modules/Dockerfile index 79b58f4d..8a261abf 100644 --- a/modules/Dockerfile +++ b/modules/Dockerfile @@ -70,12 +70,11 @@ RUN set -ex \ && echo "BUILT_MODULES=\"$BUILT_MODULES\"" > /tmp/packages/modules.env FROM ${NGINX_FROM_IMAGE} -COPY --from=builder /tmp/packages /tmp/packages -RUN set -ex \ +RUN --mount=type=bind,target=/tmp/packages/,source=/tmp/packages/,from=builder \ + set -ex \ && apt update \ && . /tmp/packages/modules.env \ && for module in $BUILT_MODULES; do \ apt install --no-install-suggests --no-install-recommends -y /tmp/packages/nginx-module-${module}_${NGINX_VERSION}*.deb; \ done \ - && rm -rf /tmp/packages \ && rm -rf /var/lib/apt/lists/ From 5b37ab090f1c8269d252dfb479865955cbe50bce Mon Sep 17 00:00:00 2001 From: Jesper Noordsij Date: Tue, 9 Jan 2024 09:48:27 +0100 Subject: [PATCH 073/160] Use Docker BuildKit for modules test buils --- .test/tests/modules/run.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.test/tests/modules/run.sh b/.test/tests/modules/run.sh index 9dbe4c3d..257cdd55 100755 --- a/.test/tests/modules/run.sh +++ b/.test/tests/modules/run.sh @@ -32,7 +32,7 @@ fi # Create an instance of the container-under-test modulesImage="$("$HOME/oi/test/tests/image-name.sh" librarytest/nginx-template "$image")" -DOCKER_BUILDKIT=0 docker build --build-arg NGINX_FROM_IMAGE="$image" --build-arg ENABLED_MODULES="ndk set-misc echo" -t "$modulesImage" -f "modules/$dockerfile" "$GITHUB_WORKSPACE/modules" +docker build --build-arg NGINX_FROM_IMAGE="$image" --build-arg ENABLED_MODULES="ndk set-misc echo" -t "$modulesImage" -f "modules/$dockerfile" "$GITHUB_WORKSPACE/modules" serverImage="${modulesImage}-sme" "$HOME/oi/test/tests/docker-build.sh" "$dir" "$serverImage" < Date: Tue, 9 Jan 2024 09:48:43 +0100 Subject: [PATCH 074/160] Add requirement of BuildKit to modules README --- modules/README.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/modules/README.md b/modules/README.md index b2f3965d..887eaa58 100644 --- a/modules/README.md +++ b/modules/README.md @@ -5,6 +5,17 @@ your own instuctions following a simple filesystem layout/syntax using `build_module.sh` helper script, or falling back to package sources from [pkg-oss](https://hg.nginx.org/pkg-oss). +## Requirements + +To use the Dockerfiles provided here, +[Docker BuildKit](https://docs.docker.com/build/buildkit/) is required. +This is enabled by default as of version 23.0; for earlier versions this can be +enabled by setting the environment variable `DOCKER_BUILDKIT` to `1`. + +If you can not or do not want to use BuildKit, you can use a previous version +of these files, see for example +https://github.com/nginxinc/docker-nginx/tree/4bf0763f4977fff7e9648add59e0540088f3ca9f/modules. + ## Usage ``` From 77dafa64e30a024c7bae7a37bb0741fefc0762cf Mon Sep 17 00:00:00 2001 From: Christian Loos Date: Fri, 13 Jan 2023 17:17:57 +0100 Subject: [PATCH 075/160] use apt-get instead of apt in modules/Dockerfile Do not use apt as it is meant to be an end-user tool. --- modules/Dockerfile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/Dockerfile b/modules/Dockerfile index 8a261abf..f9aba1da 100644 --- a/modules/Dockerfile +++ b/modules/Dockerfile @@ -12,8 +12,8 @@ RUN set -ex \ COPY ./ /modules/ RUN set -ex \ - && apt update \ - && apt install -y --no-install-suggests --no-install-recommends \ + && apt-get update \ + && apt-get install -y --no-install-suggests --no-install-recommends \ patch make wget mercurial devscripts debhelper dpkg-dev \ quilt lsb-release build-essential libxml2-utils xsltproc \ equivs git g++ libparse-recdescent-perl \ @@ -42,7 +42,7 @@ RUN set -ex \ # some modules require build dependencies if [ -f /modules/$module/build-deps ]; then \ echo "Installing $module build dependencies"; \ - apt update && apt install -y --no-install-suggests --no-install-recommends $(cat /modules/$module/build-deps | xargs); \ + apt-get update && apt-get install -y --no-install-suggests --no-install-recommends $(cat /modules/$module/build-deps | xargs); \ fi; \ # if a module has a build dependency that is not in a distro, provide a # shell script to fetch/build/install those @@ -72,9 +72,9 @@ RUN set -ex \ FROM ${NGINX_FROM_IMAGE} RUN --mount=type=bind,target=/tmp/packages/,source=/tmp/packages/,from=builder \ set -ex \ - && apt update \ + && apt-get update \ && . /tmp/packages/modules.env \ && for module in $BUILT_MODULES; do \ - apt install --no-install-suggests --no-install-recommends -y /tmp/packages/nginx-module-${module}_${NGINX_VERSION}*.deb; \ + apt-get install --no-install-suggests --no-install-recommends -y /tmp/packages/nginx-module-${module}_${NGINX_VERSION}*.deb; \ done \ && rm -rf /var/lib/apt/lists/ From 5b7624a8f98af507d6d1da2ad7b01806305524ae Mon Sep 17 00:00:00 2001 From: Christian Loos Date: Fri, 13 Jan 2023 17:27:21 +0100 Subject: [PATCH 076/160] use "-o pipefail" for RUN commands in modules Dockerfiles see: https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#using-pipes https://github.com/hadolint/hadolint/wiki/DL4006 --- modules/Dockerfile | 11 +++++------ modules/Dockerfile.alpine | 11 +++++------ 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/modules/Dockerfile b/modules/Dockerfile index f9aba1da..e9dea75b 100644 --- a/modules/Dockerfile +++ b/modules/Dockerfile @@ -3,16 +3,16 @@ FROM ${NGINX_FROM_IMAGE} as builder ARG ENABLED_MODULES -RUN set -ex \ - && if [ "$ENABLED_MODULES" = "" ]; then \ +SHELL ["/bin/bash", "-exo", "pipefail", "-c"] + +RUN if [ "$ENABLED_MODULES" = "" ]; then \ echo "No additional modules enabled, exiting"; \ exit 1; \ fi COPY ./ /modules/ -RUN set -ex \ - && apt-get update \ +RUN apt-get update \ && apt-get install -y --no-install-suggests --no-install-recommends \ patch make wget mercurial devscripts debhelper dpkg-dev \ quilt lsb-release build-essential libxml2-utils xsltproc \ @@ -71,8 +71,7 @@ RUN set -ex \ FROM ${NGINX_FROM_IMAGE} RUN --mount=type=bind,target=/tmp/packages/,source=/tmp/packages/,from=builder \ - set -ex \ - && apt-get update \ + apt-get update \ && . /tmp/packages/modules.env \ && for module in $BUILT_MODULES; do \ apt-get install --no-install-suggests --no-install-recommends -y /tmp/packages/nginx-module-${module}_${NGINX_VERSION}*.deb; \ diff --git a/modules/Dockerfile.alpine b/modules/Dockerfile.alpine index 230eb462..4b6b0910 100644 --- a/modules/Dockerfile.alpine +++ b/modules/Dockerfile.alpine @@ -3,16 +3,16 @@ FROM ${NGINX_FROM_IMAGE} as builder ARG ENABLED_MODULES -RUN set -ex \ - && if [ "$ENABLED_MODULES" = "" ]; then \ +SHELL ["/bin/ash", "-exo", "pipefail", "-c"] + +RUN if [ "$ENABLED_MODULES" = "" ]; then \ echo "No additional modules enabled, exiting"; \ exit 1; \ fi COPY ./ /modules/ -RUN set -ex \ - && apk update \ +RUN apk update \ && apk add linux-headers openssl-dev pcre2-dev zlib-dev openssl abuild \ musl-dev libxslt libxml2-utils make mercurial gcc unzip git \ xz g++ coreutils \ @@ -63,8 +63,7 @@ RUN set -ex \ FROM ${NGINX_FROM_IMAGE} RUN --mount=type=bind,target=/tmp/packages/,source=/tmp/packages/,from=builder \ - set -ex \ - && . /tmp/packages/modules.env \ + . /tmp/packages/modules.env \ && for module in $BUILT_MODULES; do \ apk add --no-cache --allow-untrusted /tmp/packages/nginx-module-${module}-${NGINX_VERSION}*.apk; \ done From 75d5e98b637f193781676bf5ea7c7704273b4355 Mon Sep 17 00:00:00 2001 From: Ambrose Chua Date: Thu, 4 Jan 2024 11:29:55 +0800 Subject: [PATCH 077/160] Add IPv6 support for local-resolvers substitution script --- entrypoint/15-local-resolvers.envsh | 2 +- mainline/alpine-slim/15-local-resolvers.envsh | 2 +- mainline/debian/15-local-resolvers.envsh | 2 +- stable/alpine-slim/15-local-resolvers.envsh | 2 +- stable/debian/15-local-resolvers.envsh | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/entrypoint/15-local-resolvers.envsh b/entrypoint/15-local-resolvers.envsh index da963525..450a999f 100755 --- a/entrypoint/15-local-resolvers.envsh +++ b/entrypoint/15-local-resolvers.envsh @@ -8,5 +8,5 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 -NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {if ($2 ~ ":") {print "["$2"]"} else {print $2}}' /etc/resolv.conf) export NGINX_LOCAL_RESOLVERS diff --git a/mainline/alpine-slim/15-local-resolvers.envsh b/mainline/alpine-slim/15-local-resolvers.envsh index da963525..450a999f 100755 --- a/mainline/alpine-slim/15-local-resolvers.envsh +++ b/mainline/alpine-slim/15-local-resolvers.envsh @@ -8,5 +8,5 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 -NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {if ($2 ~ ":") {print "["$2"]"} else {print $2}}' /etc/resolv.conf) export NGINX_LOCAL_RESOLVERS diff --git a/mainline/debian/15-local-resolvers.envsh b/mainline/debian/15-local-resolvers.envsh index da963525..450a999f 100755 --- a/mainline/debian/15-local-resolvers.envsh +++ b/mainline/debian/15-local-resolvers.envsh @@ -8,5 +8,5 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 -NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {if ($2 ~ ":") {print "["$2"]"} else {print $2}}' /etc/resolv.conf) export NGINX_LOCAL_RESOLVERS diff --git a/stable/alpine-slim/15-local-resolvers.envsh b/stable/alpine-slim/15-local-resolvers.envsh index da963525..450a999f 100755 --- a/stable/alpine-slim/15-local-resolvers.envsh +++ b/stable/alpine-slim/15-local-resolvers.envsh @@ -8,5 +8,5 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 -NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {if ($2 ~ ":") {print "["$2"]"} else {print $2}}' /etc/resolv.conf) export NGINX_LOCAL_RESOLVERS diff --git a/stable/debian/15-local-resolvers.envsh b/stable/debian/15-local-resolvers.envsh index da963525..450a999f 100755 --- a/stable/debian/15-local-resolvers.envsh +++ b/stable/debian/15-local-resolvers.envsh @@ -8,5 +8,5 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 -NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {if ($2 ~ ":") {print "["$2"]"} else {print $2}}' /etc/resolv.conf) export NGINX_LOCAL_RESOLVERS From 418a6ea01041c873c01c1c43ce34663866251e1d Mon Sep 17 00:00:00 2001 From: Ambrose Chua Date: Thu, 4 Jan 2024 11:56:19 +0800 Subject: [PATCH 078/160] Add tests --- .test/tests/templates-resolver-ipv6/run.sh | 60 +++++++++++++++++++ .../server.conf.template | 9 +++ 2 files changed, 69 insertions(+) create mode 100755 .test/tests/templates-resolver-ipv6/run.sh create mode 100644 .test/tests/templates-resolver-ipv6/server.conf.template diff --git a/.test/tests/templates-resolver-ipv6/run.sh b/.test/tests/templates-resolver-ipv6/run.sh new file mode 100755 index 00000000..8ebbabf9 --- /dev/null +++ b/.test/tests/templates-resolver-ipv6/run.sh @@ -0,0 +1,60 @@ +#!/bin/bash + +[ "$DEBUG" ] && set -x + +set -eo pipefail + +# check if we have ipv6 available +if [ ! -f "/proc/net/if_inet6" ]; then + exit 0 +fi + +dir="$(dirname "$(readlink -f "$BASH_SOURCE")")" + +image="$1" + +clientImage='buildpack-deps:buster-curl' +# ensure the clientImage is ready and available +if ! docker image inspect "$clientImage" &> /dev/null; then + docker pull "$clientImage" > /dev/null +fi + +# Create a new Docker network +nid="$(docker network create --ipv6 --subnet fd0c:7e57::/64 nginx-test-ipv6-network)" +trap "docker network rm -f $nid > /dev/null" EXIT + +# Create an instance of the container-under-test +serverImage="$("$HOME/oi/test/tests/image-name.sh" librarytest/nginx-template "$image")" +"$HOME/oi/test/tests/docker-build.sh" "$dir" "$serverImage" < /dev/null" EXIT + +_request() { + local method="$1" + shift + + local proto="$1" + shift + + local url="${1#/}" + shift + + if [ "$(docker inspect -f '{{.State.Running}}' "$cid" 2>/dev/null)" != 'true' ]; then + echo >&2 "$image stopped unexpectedly!" + ( set -x && docker logs "$cid" ) >&2 || true + false + fi + + docker run --rm \ + --link "$cid":nginx \ + "$clientImage" \ + curl -fsSL -X"$method" --connect-to '::nginx:' "$@" "$proto://example.com/$url" +} + +. "$HOME/oi/test/retry.sh" '[ "$(_request GET / --output /dev/null || echo $?)" != 7 ]' + +# Check that we can request / +_request GET http '/resolver-templates' | grep 'example.com - OK' diff --git a/.test/tests/templates-resolver-ipv6/server.conf.template b/.test/tests/templates-resolver-ipv6/server.conf.template new file mode 100644 index 00000000..04a0c085 --- /dev/null +++ b/.test/tests/templates-resolver-ipv6/server.conf.template @@ -0,0 +1,9 @@ +resolver ${NGINX_LOCAL_RESOLVERS}; + +server { + listen 80; + server_name ${NGINX_MY_SERVER_NAME}; + default_type text/plain; + location = / { return 200 'OK\n'; } + location / { return 200 "${NGINX_MY_SERVER_NAME} - OK\n"; } +} From a06a1689fcb98f8d84979e4fc41dfce298206b73 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 6 Feb 2024 13:51:00 -0800 Subject: [PATCH 079/160] CI: added templates-resolver-ipv6 to the test runs. --- .test/config.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/.test/config.sh b/.test/config.sh index 87e466a6..e371f404 100755 --- a/.test/config.sh +++ b/.test/config.sh @@ -4,6 +4,7 @@ imageTests+=( static templates templates-resolver + templates-resolver-ipv6 workers modules ' From e230e12e34036a35af1393060be1f03159be76d5 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 6 Feb 2024 14:00:30 -0800 Subject: [PATCH 080/160] CI: fixed templates-resolver-ipv6 tests. --- .../expected-std-out.txt | 2 ++ .test/tests/templates-resolver-ipv6/run.sh | 29 ++++++++++++++++--- .../server.conf.template | 1 + 3 files changed, 28 insertions(+), 4 deletions(-) create mode 100644 .test/tests/templates-resolver-ipv6/expected-std-out.txt diff --git a/.test/tests/templates-resolver-ipv6/expected-std-out.txt b/.test/tests/templates-resolver-ipv6/expected-std-out.txt new file mode 100644 index 00000000..5309ac82 --- /dev/null +++ b/.test/tests/templates-resolver-ipv6/expected-std-out.txt @@ -0,0 +1,2 @@ +example.com - OK +ipv6 nameserver(s) present diff --git a/.test/tests/templates-resolver-ipv6/run.sh b/.test/tests/templates-resolver-ipv6/run.sh index 8ebbabf9..a7bc3332 100755 --- a/.test/tests/templates-resolver-ipv6/run.sh +++ b/.test/tests/templates-resolver-ipv6/run.sh @@ -21,7 +21,10 @@ fi # Create a new Docker network nid="$(docker network create --ipv6 --subnet fd0c:7e57::/64 nginx-test-ipv6-network)" -trap "docker network rm -f $nid > /dev/null" EXIT + +_network_exit_handler() { + docker network rm -f $nid > /dev/null +} # Create an instance of the container-under-test serverImage="$("$HOME/oi/test/tests/image-name.sh" librarytest/nginx-template "$image")" @@ -30,7 +33,14 @@ FROM $image COPY dir/server.conf.template /etc/nginx/templates/server.conf.template EOD cid="$(docker run -d --network $nid -e NGINX_ENTRYPOINT_LOCAL_RESOLVERS=true -e NGINX_MY_SERVER_NAME=example.com "$serverImage")" -trap "docker rm -vf $cid > /dev/null" EXIT + +_container_exit_handler() { + docker rm -vf $cid > /dev/null +} +_exit_handler() { _container_exit_handler; _network_exit_handler; } +trap "_exit_handler" EXIT + +ipv6cid="$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.GlobalIPv6Address}}{{end}}' $cid)" _request() { local method="$1" @@ -49,12 +59,23 @@ _request() { fi docker run --rm \ - --link "$cid":nginx \ + --network "$nid" \ "$clientImage" \ - curl -fsSL -X"$method" --connect-to '::nginx:' "$@" "$proto://example.com/$url" + curl -fsSL -X"$method" --connect-to "::[$ipv6cid]:" "$@" "$proto://example.com/$url" } . "$HOME/oi/test/retry.sh" '[ "$(_request GET / --output /dev/null || echo $?)" != 7 ]' # Check that we can request / _request GET http '/resolver-templates' | grep 'example.com - OK' + +result="$(docker exec $cid grep resolver /etc/nginx/conf.d/server.conf)" + +case "$result" in + resolver*\[*\]*) + echo "ipv6 nameserver(s) present" + ;; + *) + echo "no ipv6 nameserver(s) present" + ;; +esac diff --git a/.test/tests/templates-resolver-ipv6/server.conf.template b/.test/tests/templates-resolver-ipv6/server.conf.template index 04a0c085..70835560 100644 --- a/.test/tests/templates-resolver-ipv6/server.conf.template +++ b/.test/tests/templates-resolver-ipv6/server.conf.template @@ -2,6 +2,7 @@ resolver ${NGINX_LOCAL_RESOLVERS}; server { listen 80; + listen [::]:80; server_name ${NGINX_MY_SERVER_NAME}; default_type text/plain; location = / { return 200 'OK\n'; } From 1f227619c1f1baa0bed8bed844ea614437ff14fb Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 14 Feb 2024 10:12:27 -0800 Subject: [PATCH 081/160] Updated mainline nginx to 1.25.4 and njs to 0.8.3. --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 4 ++-- update.sh | 6 +++--- 6 files changed, 13 insertions(+), 13 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index f2ecca4a..b500d17f 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.3-alpine +FROM nginx:1.25.4-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -55,7 +55,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"00b217979265cc9d66c991c9c89427558936dbaa568d175ca45780589171d94f1866217be09a83438d95494cf38baaa6788320f6d8d23f2fb29c03117391ff88 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"79bf214256bf55700c776a87abfc3cf542323a267d879e89110aa44b551d12f6df7d56676a68f255ebbb54275185980d1fa37075f000d98e0ecac28db9e89fe3 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index d36ab160..2cdb70e1 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.18 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.25.3 +ENV NGINX_VERSION 1.25.4 ENV PKG_RELEASE 1 RUN set -x \ @@ -57,7 +57,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"00b217979265cc9d66c991c9c89427558936dbaa568d175ca45780589171d94f1866217be09a83438d95494cf38baaa6788320f6d8d23f2fb29c03117391ff88 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"79bf214256bf55700c776a87abfc3cf542323a267d879e89110aa44b551d12f6df7d56676a68f255ebbb54275185980d1fa37075f000d98e0ecac28db9e89fe3 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 5dd4739d..b3ee8c0a 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.3-alpine-slim +FROM nginx:1.25.4-alpine-slim -ENV NJS_VERSION 0.8.2 +ENV NJS_VERSION 0.8.3 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"00b217979265cc9d66c991c9c89427558936dbaa568d175ca45780589171d94f1866217be09a83438d95494cf38baaa6788320f6d8d23f2fb29c03117391ff88 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"79bf214256bf55700c776a87abfc3cf542323a267d879e89110aa44b551d12f6df7d56676a68f255ebbb54275185980d1fa37075f000d98e0ecac28db9e89fe3 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index bbf88b06..28d8d826 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.3 +FROM nginx:1.25.4 RUN set -x \ && apt-get update \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 6bf4fdfc..48b78ba4 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.25.3 -ENV NJS_VERSION 0.8.2 +ENV NGINX_VERSION 1.25.4 +ENV NJS_VERSION 0.8.3 ENV PKG_RELEASE 1~bookworm RUN set -x \ diff --git a/update.sh b/update.sh index 9f9d0d13..cb562666 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.25.3' + [mainline]='1.25.4' [stable]='1.24.0' ) # Current njs versions declare -A njs=( - [mainline]='0.8.2' + [mainline]='0.8.3' [stable]='0.8.0' ) @@ -52,7 +52,7 @@ declare -A rev=( # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='00b217979265cc9d66c991c9c89427558936dbaa568d175ca45780589171d94f1866217be09a83438d95494cf38baaa6788320f6d8d23f2fb29c03117391ff88' + [mainline]='79bf214256bf55700c776a87abfc3cf542323a267d879e89110aa44b551d12f6df7d56676a68f255ebbb54275185980d1fa37075f000d98e0ecac28db9e89fe3' [stable]='4f33347bf05e7d7dd42a52b6e7af7ec21e3ed71df05a8ec16dd1228425f04e4318d88b1340370ccb6ad02cde590fc102094ddffbb1fc86d2085295a43f02f67b' ) From e16114680b7ba115ffe4fe44be0b5b0bb14fba93 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 7 Mar 2024 20:51:38 -0800 Subject: [PATCH 082/160] Specify architecture to pull in the sync script. --- sync-awsecr.sh | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/sync-awsecr.sh b/sync-awsecr.sh index 5065c3b5..31705448 100755 --- a/sync-awsecr.sh +++ b/sync-awsecr.sh @@ -108,8 +108,16 @@ echo "export DOCKER_CLI_EXPERIMENTAL=enabled" echo echo "# pulling stuff" for arch in ${architectures[@]}; do + case $arch in + arm64v8) + parch="aarch64" + ;; + *) + parch=$arch + ;; + esac for tag in ${pulllist[@]}; do - echo "docker pull $arch/$tag"; + echo "docker pull --platform linux/$parch $arch/$tag"; done done From 67270a20ffca47f954593b540136974bc831a61c Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 7 Mar 2024 21:12:16 -0800 Subject: [PATCH 083/160] Specify distribution versions tags in sync script. This mostly synchronises it with generate-stackbrew-library.sh script. --- sync-awsecr.sh | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/sync-awsecr.sh b/sync-awsecr.sh index 31705448..e35d1807 100755 --- a/sync-awsecr.sh +++ b/sync-awsecr.sh @@ -71,12 +71,17 @@ for version in "${versions[@]}"; do fi versionAliases+=( ${aliases[$version]:-} ) - for tag in ${versionAliases[@]:1}; do + debianVersion="$(git show "$commit":"$version/$base/Dockerfile" | awk -F"[-:]" '$1 == "FROM debian" { print $2; exit }')" + debianAliases=( ${versionAliases[@]/%/-$debianVersion} ) + debianAliases=( "${debianAliases[@]//latest-/}" ) + + for tag in ${versionAliases[@]:1} ${debianAliases[@]:1}; do taglist["$image:$tag"]="$image:$fullVersion" done for variant in debian-perl; do variantAliases=( "${versionAliases[@]/%/-perl}" ) + variantAliases+=( "${versionAliases[@]/%/-${variant/debian/$debianVersion}}" ) variantAliases=( "${variantAliases[@]//latest-/}" ) for tag in ${variantAliases[@]}; do @@ -86,10 +91,13 @@ for version in "${versions[@]}"; do done done + alpineVersion="$(git show "$commit":"$version/alpine-slim/Dockerfile" | awk -F: '$1 == "FROM alpine" { print $2; exit }')" + for variant in alpine alpine-perl alpine-slim; do commit="$(dirCommit "$version/$variant")" variantAliases=( "${versionAliases[@]/%/-$variant}" ) + variantAliases+=( "${versionAliases[@]/%/-${variant/alpine/alpine$alpineVersion}}" ) variantAliases=( "${variantAliases[@]//latest-/}" ) for tag in ${variantAliases[@]}; do From 6f3d62b782254d12694260d1d92162111c73af6d Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 7 Mar 2024 21:13:03 -0800 Subject: [PATCH 084/160] generate-stackbrew-library.sh: simplify. alpine-slim is built on all architectures and is not different to other alpine versions, so no reason to have a separate section for it anymore. --- generate-stackbrew-library.sh | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index eba3c321..a7709d58 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -90,23 +90,7 @@ for version in "${versions[@]}"; do alpineVersion="$(git show "$commit":"$version/alpine-slim/Dockerfile" | awk -F: '$1 == "FROM alpine" { print $2; exit }')" - for variant in alpine alpine-perl; do - commit="$(dirCommit "$version/$variant")" - - variantAliases=( "${versionAliases[@]/%/-$variant}" ) - variantAliases+=( "${versionAliases[@]/%/-${variant/alpine/alpine$alpineVersion}}" ) - variantAliases=( "${variantAliases[@]//latest-/}" ) - - echo - cat <<-EOE - Tags: $(join ', ' "${variantAliases[@]}") - Architectures: arm64v8, arm32v6, arm32v7, ppc64le, s390x, i386, amd64 - GitCommit: $commit - Directory: $version/$variant - EOE - done - - for variant in alpine-slim; do + for variant in alpine alpine-perl alpine-slim; do commit="$(dirCommit "$version/$variant")" variantAliases=( "${versionAliases[@]/%/-$variant}" ) From 9cb278860bdcea48abc0bc770a29ead3fc9a1fe6 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 12 Dec 2023 14:03:09 -0800 Subject: [PATCH 085/160] Added an otel module image variant. The variant provides an image built with a recently opensourced opentelemetry module developed by F5/NGINX [1]. I've decided to make a separate variant based on the main image instead of extending it because the module build-depends on a fairly large chunk of C++ code from multiple projects, which takes around 10 minutes to compile and link on an 8-core amd64 machine. This is why it's currently limited to amd64 and arm64v8, which nginx.org provides builds for. Users can build them on less popular architectures as the instructions are still provided in the dockerfiles. Also, it's currently only available for the "mainline" branch, with "stable" to follow in the future. [1] https://nginx.org/en/docs/ngx_otel_module.html [2] https://nginx.org/en/linux_packages.html#dynmodules --- Dockerfile-alpine-otel.template | 76 ++++++++++++++++++++++++++ Dockerfile-debian-otel.template | 84 +++++++++++++++++++++++++++++ generate-stackbrew-library.sh | 39 ++++++++++++++ mainline/alpine-otel/Dockerfile | 87 ++++++++++++++++++++++++++++++ mainline/debian-otel/Dockerfile | 95 +++++++++++++++++++++++++++++++++ update.sh | 44 ++++++++++++--- 6 files changed, 419 insertions(+), 6 deletions(-) create mode 100644 Dockerfile-alpine-otel.template create mode 100644 Dockerfile-debian-otel.template create mode 100644 mainline/alpine-otel/Dockerfile create mode 100644 mainline/debian-otel/Dockerfile diff --git a/Dockerfile-alpine-otel.template b/Dockerfile-alpine-otel.template new file mode 100644 index 00000000..743c532c --- /dev/null +++ b/Dockerfile-alpine-otel.template @@ -0,0 +1,76 @@ +FROM nginx:%%NGINX_VERSION%%-alpine + +ENV OTEL_VERSION %%OTEL_VERSION%% + +RUN set -x \ + && apkArch="$(cat /etc/apk/arch)" \ + && nginxPackages="%%PACKAGES%% + " \ +# install prerequisites for public key and pkg-oss checks + && apk add --no-cache --virtual .checksum-deps \ + openssl \ + && case "$apkArch" in \ + x86_64|aarch64) \ +# arches officially built by upstream + set -x \ + && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ + && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ + && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ + echo "key verification succeeded!"; \ + mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ + else \ + echo "key verification failed!"; \ + exit 1; \ + fi \ + && apk add -X "%%PACKAGEREPO%%v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published packaging sources + set -x \ + && tempDir="$(mktemp -d)" \ + && chown nobody:nobody $tempDir \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre2-dev \ + zlib-dev \ + linux-headers \ + cmake \ + bash \ + alpine-sdk \ + findutils \ + xz \ + re2-dev \ + c-ares-dev \ + && su nobody -s /bin/sh -c " \ + export HOME=${tempDir} \ + && cd ${tempDir} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/%%REVISION%%.tar.gz \ + && PKGOSSCHECKSUM=\"%%PKGOSSCHECKSUM%% *%%REVISION%%.tar.gz\" \ + && if [ \"\$(openssl sha512 -r %%REVISION%%.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + echo \"pkg-oss tarball checksum verification succeeded!\"; \ + else \ + echo \"pkg-oss tarball checksum verification failed!\"; \ + exit 1; \ + fi \ + && tar xzvf %%REVISION%%.tar.gz \ + && cd pkg-oss-%%REVISION%% \ + && cd alpine \ + && make %%BUILDTARGET%% \ + && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ + " \ + && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ + && apk del --no-network .build-deps \ + && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ + ;; \ + esac \ +# remove checksum deps + && apk del --no-network .checksum-deps \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi diff --git a/Dockerfile-debian-otel.template b/Dockerfile-debian-otel.template new file mode 100644 index 00000000..2cc519b7 --- /dev/null +++ b/Dockerfile-debian-otel.template @@ -0,0 +1,84 @@ +FROM nginx:%%NGINX_VERSION%% + +ENV OTEL_VERSION %%OTEL_VERSION%% + +RUN set -x \ + && apt-get update \ + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ + && \ + NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + export GNUPGHOME="$(mktemp -d)"; \ + found=''; \ + for server in \ + hkp://keyserver.ubuntu.com:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ + gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ + rm -rf "$GNUPGHOME"; \ + apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ + && dpkgArch="$(dpkg --print-architecture)" \ + && nginxPackages="%%PACKAGES%% + " \ + && case "$dpkgArch" in \ + amd64|arm64) \ +# arches officialy built by upstream + echo "deb [signed-by=$NGINX_GPGKEY_PATH] %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ + && apt-get update \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published source packages + echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ + \ +# new directory for storing sources and .deb files + && tempDir="$(mktemp -d)" \ + && chmod 777 "$tempDir" \ +# (777 to ensure APT's "_apt" user can access it too) + \ +# save list of currently-installed packages so build dependencies can be cleanly removed later + && savedAptMark="$(apt-mark showmanual)" \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + && apt-get update \ + && apt-get build-dep -y %%BUILDTARGET%% \ + && ( \ + cd "$tempDir" \ + && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile %%BUILDTARGET%% \ + ) \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + && apt-mark showmanual | xargs apt-mark auto > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + && ls -lAFh "$tempDir" \ + && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ + && grep '^Package: ' "$tempDir/Packages" \ + && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + && apt-get -o Acquire::GzipIndexes=false update \ + ;; \ + esac \ + \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + $nginxPackages \ + gettext-base \ + curl \ + && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then \ + apt-get purge -y --auto-remove \ + && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index a7709d58..0990cc61 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -50,6 +50,12 @@ join() { } for version in "${versions[@]}"; do + debian_otel= + alpine_otel= + if [ "$version" = "mainline" ]; then + debian_otel="debian-otel" + alpine_otel="alpine-otel" + fi commit="$(dirCommit "$version/$base")" fullVersion="$(git show "$commit":"$version/$base/Dockerfile" | awk '$1 == "ENV" && $2 == "NGINX_VERSION" { print $3; exit }')" @@ -88,6 +94,23 @@ for version in "${versions[@]}"; do EOE done + for variant in $debian_otel; do + commit="$(dirCommit "$version/$variant")" + + variantAliases=( "${versionAliases[@]/%/-otel}" ) + variantAliases+=( "${versionAliases[@]/%/-${variant/debian/$debianVersion}}" ) + variantAliases=( "${variantAliases[@]//latest-/}" ) + + echo + cat <<-EOE + Tags: $(join ', ' "${variantAliases[@]}") + Architectures: amd64, arm64v8 + GitCommit: $commit + Directory: $version/$variant + EOE + done + + alpineVersion="$(git show "$commit":"$version/alpine-slim/Dockerfile" | awk -F: '$1 == "FROM alpine" { print $2; exit }')" for variant in alpine alpine-perl alpine-slim; do @@ -106,4 +129,20 @@ for version in "${versions[@]}"; do EOE done + for variant in $alpine_otel; do + commit="$(dirCommit "$version/$variant")" + + variantAliases=( "${versionAliases[@]/%/-$variant}" ) + variantAliases+=( "${versionAliases[@]/%/-${variant/alpine/alpine$alpineVersion}}" ) + variantAliases=( "${variantAliases[@]//latest-/}" ) + + echo + cat <<-EOE + Tags: $(join ', ' "${variantAliases[@]}") + Architectures: amd64, arm64v8 + GitCommit: $commit + Directory: $version/$variant + EOE + done + done diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile new file mode 100644 index 00000000..714113c9 --- /dev/null +++ b/mainline/alpine-otel/Dockerfile @@ -0,0 +1,87 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# +FROM nginx:1.25.4-alpine + +ENV OTEL_VERSION 0.1.0 + +RUN set -x \ + && apkArch="$(cat /etc/apk/arch)" \ + && nginxPackages=" \ + nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ + nginx-module-otel=${NGINX_VERSION}.${OTEL_VERSION}-r${PKG_RELEASE} \ + " \ +# install prerequisites for public key and pkg-oss checks + && apk add --no-cache --virtual .checksum-deps \ + openssl \ + && case "$apkArch" in \ + x86_64|aarch64) \ +# arches officially built by upstream + set -x \ + && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ + && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ + && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ + echo "key verification succeeded!"; \ + mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ + else \ + echo "key verification failed!"; \ + exit 1; \ + fi \ + && apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published packaging sources + set -x \ + && tempDir="$(mktemp -d)" \ + && chown nobody:nobody $tempDir \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre2-dev \ + zlib-dev \ + linux-headers \ + cmake \ + bash \ + alpine-sdk \ + findutils \ + xz \ + re2-dev \ + c-ares-dev \ + && su nobody -s /bin/sh -c " \ + export HOME=${tempDir} \ + && cd ${tempDir} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"79bf214256bf55700c776a87abfc3cf542323a267d879e89110aa44b551d12f6df7d56676a68f255ebbb54275185980d1fa37075f000d98e0ecac28db9e89fe3 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + echo \"pkg-oss tarball checksum verification succeeded!\"; \ + else \ + echo \"pkg-oss tarball checksum verification failed!\"; \ + exit 1; \ + fi \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && cd alpine \ + && make module-otel \ + && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ + " \ + && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ + && apk del --no-network .build-deps \ + && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ + ;; \ + esac \ +# remove checksum deps + && apk del --no-network .checksum-deps \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile new file mode 100644 index 00000000..8fbf2a30 --- /dev/null +++ b/mainline/debian-otel/Dockerfile @@ -0,0 +1,95 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# +FROM nginx:1.25.4 + +ENV OTEL_VERSION 0.1.0 + +RUN set -x \ + && apt-get update \ + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ + && \ + NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + export GNUPGHOME="$(mktemp -d)"; \ + found=''; \ + for server in \ + hkp://keyserver.ubuntu.com:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ + gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ + rm -rf "$GNUPGHOME"; \ + apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ + && dpkgArch="$(dpkg --print-architecture)" \ + && nginxPackages=" \ + nginx=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ + nginx-module-otel=${NGINX_VERSION}+${OTEL_VERSION}-${PKG_RELEASE} \ + " \ + && case "$dpkgArch" in \ + amd64|arm64) \ +# arches officialy built by upstream + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ + && apt-get update \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published source packages + echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ + \ +# new directory for storing sources and .deb files + && tempDir="$(mktemp -d)" \ + && chmod 777 "$tempDir" \ +# (777 to ensure APT's "_apt" user can access it too) + \ +# save list of currently-installed packages so build dependencies can be cleanly removed later + && savedAptMark="$(apt-mark showmanual)" \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + && apt-get update \ + && apt-get build-dep -y nginx-module-otel \ + && ( \ + cd "$tempDir" \ + && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile nginx-module-otel \ + ) \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + && apt-mark showmanual | xargs apt-mark auto > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + && ls -lAFh "$tempDir" \ + && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ + && grep '^Package: ' "$tempDir/Packages" \ + && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + && apt-get -o Acquire::GzipIndexes=false update \ + ;; \ + esac \ + \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + $nginxPackages \ + gettext-base \ + curl \ + && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then \ + apt-get purge -y --auto-remove \ + && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi diff --git a/update.sh b/update.sh index cb562666..40449e1e 100755 --- a/update.sh +++ b/update.sh @@ -22,6 +22,12 @@ declare -A njs=( [stable]='0.8.0' ) +# Current otel versions +declare -A otel=( + [mainline]='0.1.0' + [stable]='0.1.0' +) + # Current package patchlevel version # Remember to update pkgosschecksum when changing this. declare -A pkg=( @@ -61,6 +67,8 @@ get_packages() { shift local branch="$1" shift + local bn="" + local otel= local perl= local r= local sep= @@ -81,6 +89,13 @@ get_packages() { ;; esac + case "$distro:$branch" in + *-otel:mainline) + otel="nginx-module-otel" + bn="\n" + ;; + esac + echo -n ' \\\n' case "$distro" in *-slim) @@ -93,16 +108,21 @@ get_packages() { echo -n ' '"$p"'=${NGINX_VERSION}-'"$r"'${PKG_RELEASE} \\\n' done for p in nginx-module-njs; do - echo -n ' '"$p"'=${NGINX_VERSION}'"$sep"'${NJS_VERSION}-'"$r"'${PKG_RELEASE} \\' + echo -n ' '"$p"'=${NGINX_VERSION}'"$sep"'${NJS_VERSION}-'"$r"'${PKG_RELEASE} \\'"$bn" + done + for p in $otel; do + echo -n ' '"$p"'=${NGINX_VERSION}'"$sep"'${OTEL_VERSION}-'"$r"'${PKG_RELEASE} \\' done ;; esac } get_packagerepo() { - local distro="${1%-perl}" - distro="${distro%-slim}" + local distro="$1" shift + distro="${distro%-perl}" + distro="${distro%-otel}" + distro="${distro%-slim}" local branch="$1" shift @@ -112,8 +132,11 @@ get_packagerepo() { } get_packagever() { - local distro="${1%-perl}" + local distro="$1" shift + distro="${distro%-perl}" + distro="${distro%-otel}" + distro="${distro%-slim}" local branch="$1" shift local suffix= @@ -125,6 +148,7 @@ get_packagever() { get_buildtarget() { local distro="$1" + shift case "$distro" in alpine-slim) echo base @@ -132,6 +156,9 @@ get_buildtarget() { alpine-perl) echo module-perl ;; + alpine-otel) + echo module-otel + ;; alpine) echo module-geoip module-image-filter module-njs module-xslt ;; @@ -141,6 +168,9 @@ get_buildtarget() { debian-perl) echo "nginx-module-perl=\${NGINX_VERSION}-\${PKG_RELEASE}" ;; + debian-otel) + echo "nginx-module-otel" + ;; esac } @@ -156,8 +186,8 @@ __EOF__ for branch in "${branches[@]}"; do for variant in \ - alpine{,-perl,-slim} \ - debian{,-perl}; do + alpine{,-perl,-otel,-slim} \ + debian{,-perl,-otel}; do echo "$branch: $variant dockerfiles" dir="$branch/$variant" variant="$(basename "$variant")" @@ -174,6 +204,7 @@ for branch in "${branches[@]}"; do alpinever="${alpine[$branch]}" nginxver="${nginx[$branch]}" njsver="${njs[${branch}]}" + otelver="${otel[${branch}]}" revver="${rev[${branch}]}" pkgosschecksumver="${pkgosschecksum[${branch}]}" @@ -187,6 +218,7 @@ for branch in "${branches[@]}"; do -e 's,%%DEBIAN_VERSION%%,'"$debianver"',' \ -e 's,%%NGINX_VERSION%%,'"$nginxver"',' \ -e 's,%%NJS_VERSION%%,'"$njsver"',' \ + -e 's,%%OTEL_VERSION%%,'"$otelver"',' \ -e 's,%%PKG_RELEASE%%,'"$packagever"',' \ -e 's,%%PACKAGES%%,'"$packages"',' \ -e 's,%%PACKAGEREPO%%,'"$packagerepo"',' \ From 29d5001c15e7a2c7b34402c35254cc55199f8cc8 Mon Sep 17 00:00:00 2001 From: oxpa Date: Tue, 16 Apr 2024 18:12:08 +0100 Subject: [PATCH 086/160] Updated mainline to 1.25.5. --- mainline/alpine-otel/Dockerfile | 4 ++-- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 6 +++--- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-otel/Dockerfile | 2 +- mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 4 ++-- update.sh | 8 ++++---- 8 files changed, 18 insertions(+), 18 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index 714113c9..f7460dcb 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.4-alpine +FROM nginx:1.25.5-alpine ENV OTEL_VERSION 0.1.0 @@ -60,7 +60,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"79bf214256bf55700c776a87abfc3cf542323a267d879e89110aa44b551d12f6df7d56676a68f255ebbb54275185980d1fa37075f000d98e0ecac28db9e89fe3 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"74000f32ab250be492a8ae4d408cd63a4c422f4f0af84689973a2844fceeb8a3e7e12b04d7c6dac0f993d7102d920a5f60e6f49be23ce4093f48a8eb1ae36ce5 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index b500d17f..5ded6192 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.4-alpine +FROM nginx:1.25.5-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -55,7 +55,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"79bf214256bf55700c776a87abfc3cf542323a267d879e89110aa44b551d12f6df7d56676a68f255ebbb54275185980d1fa37075f000d98e0ecac28db9e89fe3 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"74000f32ab250be492a8ae4d408cd63a4c422f4f0af84689973a2844fceeb8a3e7e12b04d7c6dac0f993d7102d920a5f60e6f49be23ce4093f48a8eb1ae36ce5 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 2cdb70e1..d867eb42 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -3,11 +3,11 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.18 +FROM alpine:3.19 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.25.4 +ENV NGINX_VERSION 1.25.5 ENV PKG_RELEASE 1 RUN set -x \ @@ -57,7 +57,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"79bf214256bf55700c776a87abfc3cf542323a267d879e89110aa44b551d12f6df7d56676a68f255ebbb54275185980d1fa37075f000d98e0ecac28db9e89fe3 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"74000f32ab250be492a8ae4d408cd63a4c422f4f0af84689973a2844fceeb8a3e7e12b04d7c6dac0f993d7102d920a5f60e6f49be23ce4093f48a8eb1ae36ce5 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index b3ee8c0a..fba7100e 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.4-alpine-slim +FROM nginx:1.25.5-alpine-slim -ENV NJS_VERSION 0.8.3 +ENV NJS_VERSION 0.8.4 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"79bf214256bf55700c776a87abfc3cf542323a267d879e89110aa44b551d12f6df7d56676a68f255ebbb54275185980d1fa37075f000d98e0ecac28db9e89fe3 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"74000f32ab250be492a8ae4d408cd63a4c422f4f0af84689973a2844fceeb8a3e7e12b04d7c6dac0f993d7102d920a5f60e6f49be23ce4093f48a8eb1ae36ce5 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 8fbf2a30..d093409e 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.4 +FROM nginx:1.25.5 ENV OTEL_VERSION 0.1.0 diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 28d8d826..23726678 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.4 +FROM nginx:1.25.5 RUN set -x \ && apt-get update \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 48b78ba4..22ad7980 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.25.4 -ENV NJS_VERSION 0.8.3 +ENV NGINX_VERSION 1.25.5 +ENV NJS_VERSION 0.8.4 ENV PKG_RELEASE 1~bookworm RUN set -x \ diff --git a/update.sh b/update.sh index 40449e1e..cc712379 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.25.4' + [mainline]='1.25.5' [stable]='1.24.0' ) # Current njs versions declare -A njs=( - [mainline]='0.8.3' + [mainline]='0.8.4' [stable]='0.8.0' ) @@ -41,7 +41,7 @@ declare -A debian=( ) declare -A alpine=( - [mainline]='3.18' + [mainline]='3.19' [stable]='3.18' ) @@ -58,7 +58,7 @@ declare -A rev=( # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='79bf214256bf55700c776a87abfc3cf542323a267d879e89110aa44b551d12f6df7d56676a68f255ebbb54275185980d1fa37075f000d98e0ecac28db9e89fe3' + [mainline]='74000f32ab250be492a8ae4d408cd63a4c422f4f0af84689973a2844fceeb8a3e7e12b04d7c6dac0f993d7102d920a5f60e6f49be23ce4093f48a8eb1ae36ce5' [stable]='4f33347bf05e7d7dd42a52b6e7af7ec21e3ed71df05a8ec16dd1228425f04e4318d88b1340370ccb6ad02cde590fc102094ddffbb1fc86d2085295a43f02f67b' ) From 308c492bfaec8ffb73eb7508395165b92113fe47 Mon Sep 17 00:00:00 2001 From: Jesper Noordsij Date: Thu, 7 Dec 2023 11:18:15 +0100 Subject: [PATCH 087/160] Update mainline to Alpine 3.19 --- stable/alpine-slim/Dockerfile | 2 +- update.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 8d59f1bb..90d0cf28 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.18 +FROM alpine:3.19 LABEL maintainer="NGINX Docker Maintainers " diff --git a/update.sh b/update.sh index cc712379..cd9ade25 100755 --- a/update.sh +++ b/update.sh @@ -42,7 +42,7 @@ declare -A debian=( declare -A alpine=( [mainline]='3.19' - [stable]='3.18' + [stable]='3.19' ) # When we bump njs version in a stable release we don't move the tag in the From b7a32965681b02a7d0e18425333328df4cd48652 Mon Sep 17 00:00:00 2001 From: Orgad Shaneh Date: Thu, 21 Mar 2024 12:33:30 +0200 Subject: [PATCH 088/160] Keep repo key registered in alpine, and simplify Dockerfiles In debian image, the key is not deleted. This can also be used in user images to install packages directly. --- Dockerfile-alpine-otel.template | 15 ++------------- Dockerfile-alpine-perl.template | 15 ++------------- Dockerfile-alpine-slim.template | 1 - Dockerfile-alpine.template | 13 +------------ Dockerfile-debian-otel.template | 21 ++------------------- Dockerfile-debian-perl.template | 21 ++------------------- mainline/alpine-otel/Dockerfile | 15 ++------------- mainline/alpine-perl/Dockerfile | 15 ++------------- mainline/alpine-slim/Dockerfile | 1 - mainline/alpine/Dockerfile | 13 +------------ mainline/debian-otel/Dockerfile | 21 ++------------------- mainline/debian-perl/Dockerfile | 21 ++------------------- stable/alpine-perl/Dockerfile | 15 ++------------- stable/alpine-slim/Dockerfile | 1 - stable/alpine/Dockerfile | 13 +------------ stable/debian-perl/Dockerfile | 21 ++------------------- 16 files changed, 23 insertions(+), 199 deletions(-) diff --git a/Dockerfile-alpine-otel.template b/Dockerfile-alpine-otel.template index 743c532c..7090e4fd 100644 --- a/Dockerfile-alpine-otel.template +++ b/Dockerfile-alpine-otel.template @@ -12,17 +12,7 @@ RUN set -x \ && case "$apkArch" in \ x86_64|aarch64) \ # arches officially built by upstream - set -x \ - && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ - && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ - echo "key verification succeeded!"; \ - mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ - else \ - echo "key verification failed!"; \ - exit 1; \ - fi \ - && apk add -X "%%PACKAGEREPO%%v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + apk add -X "%%PACKAGEREPO%%v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for @@ -72,5 +62,4 @@ RUN set -x \ && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi diff --git a/Dockerfile-alpine-perl.template b/Dockerfile-alpine-perl.template index d892f81b..9c87b72c 100644 --- a/Dockerfile-alpine-perl.template +++ b/Dockerfile-alpine-perl.template @@ -10,17 +10,7 @@ RUN set -x \ && case "$apkArch" in \ x86_64|aarch64) \ # arches officially built by upstream - set -x \ - && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ - && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ - echo "key verification succeeded!"; \ - mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ - else \ - echo "key verification failed!"; \ - exit 1; \ - fi \ - && apk add -X "%%PACKAGEREPO%%v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + apk add -X "%%PACKAGEREPO%%v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for @@ -67,5 +57,4 @@ RUN set -x \ && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template index a5078971..e6809e87 100644 --- a/Dockerfile-alpine-slim.template +++ b/Dockerfile-alpine-slim.template @@ -75,7 +75,6 @@ RUN set -x \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in gettext so we can get `envsubst`, then throw # the rest away. To do this, we need to install `gettext` # then move `envsubst` out of the way so `gettext` can diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 148d4ff2..f64222bb 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -12,17 +12,7 @@ RUN set -x \ && case "$apkArch" in \ x86_64|aarch64) \ # arches officially built by upstream - set -x \ - && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ - && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ - echo "key verification succeeded!"; \ - mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ - else \ - echo "key verification failed!"; \ - exit 1; \ - fi \ - && apk add -X "%%PACKAGEREPO%%v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + apk add -X "%%PACKAGEREPO%%v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for @@ -73,6 +63,5 @@ RUN set -x \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in curl and ca-certificates to make registering on DNS SD easier && apk add --no-cache curl ca-certificates diff --git a/Dockerfile-debian-otel.template b/Dockerfile-debian-otel.template index 2cc519b7..dff7acc0 100644 --- a/Dockerfile-debian-otel.template +++ b/Dockerfile-debian-otel.template @@ -2,26 +2,9 @@ FROM nginx:%%NGINX_VERSION%% ENV OTEL_VERSION %%OTEL_VERSION%% -RUN set -x \ - && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ - && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ +RUN set -x; \ NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ - export GNUPGHOME="$(mktemp -d)"; \ - found=''; \ - for server in \ - hkp://keyserver.ubuntu.com:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ - rm -rf "$GNUPGHOME"; \ - apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ - && dpkgArch="$(dpkg --print-architecture)" \ + dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages="%%PACKAGES%% " \ && case "$dpkgArch" in \ diff --git a/Dockerfile-debian-perl.template b/Dockerfile-debian-perl.template index 38b65598..43099656 100644 --- a/Dockerfile-debian-perl.template +++ b/Dockerfile-debian-perl.template @@ -1,25 +1,8 @@ FROM nginx:%%NGINX_VERSION%% -RUN set -x \ - && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ - && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ +RUN set -x; \ NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ - export GNUPGHOME="$(mktemp -d)"; \ - found=''; \ - for server in \ - hkp://keyserver.ubuntu.com:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ - rm -rf "$GNUPGHOME"; \ - apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ - && dpkgArch="$(dpkg --print-architecture)" \ + dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages="%%PACKAGES%% " \ && case "$dpkgArch" in \ diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index f7460dcb..b42f7959 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -23,17 +23,7 @@ RUN set -x \ && case "$apkArch" in \ x86_64|aarch64) \ # arches officially built by upstream - set -x \ - && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ - && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ - echo "key verification succeeded!"; \ - mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ - else \ - echo "key verification failed!"; \ - exit 1; \ - fi \ - && apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for @@ -83,5 +73,4 @@ RUN set -x \ && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 5ded6192..d108211a 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -21,17 +21,7 @@ RUN set -x \ && case "$apkArch" in \ x86_64|aarch64) \ # arches officially built by upstream - set -x \ - && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ - && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ - echo "key verification succeeded!"; \ - mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ - else \ - echo "key verification failed!"; \ - exit 1; \ - fi \ - && apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for @@ -78,5 +68,4 @@ RUN set -x \ && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index d867eb42..8c2a221d 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -81,7 +81,6 @@ RUN set -x \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in gettext so we can get `envsubst`, then throw # the rest away. To do this, we need to install `gettext` # then move `envsubst` out of the way so `gettext` can diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index fba7100e..a90a2c52 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -22,17 +22,7 @@ RUN set -x \ && case "$apkArch" in \ x86_64|aarch64) \ # arches officially built by upstream - set -x \ - && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ - && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ - echo "key verification succeeded!"; \ - mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ - else \ - echo "key verification failed!"; \ - exit 1; \ - fi \ - && apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for @@ -83,6 +73,5 @@ RUN set -x \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in curl and ca-certificates to make registering on DNS SD easier && apk add --no-cache curl ca-certificates diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index d093409e..a9f21192 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -7,26 +7,9 @@ FROM nginx:1.25.5 ENV OTEL_VERSION 0.1.0 -RUN set -x \ - && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ - && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ +RUN set -x; \ NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ - export GNUPGHOME="$(mktemp -d)"; \ - found=''; \ - for server in \ - hkp://keyserver.ubuntu.com:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ - rm -rf "$GNUPGHOME"; \ - apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ - && dpkgArch="$(dpkg --print-architecture)" \ + dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 23726678..8e3c9959 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -5,26 +5,9 @@ # FROM nginx:1.25.5 -RUN set -x \ - && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ - && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ +RUN set -x; \ NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ - export GNUPGHOME="$(mktemp -d)"; \ - found=''; \ - for server in \ - hkp://keyserver.ubuntu.com:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ - rm -rf "$GNUPGHOME"; \ - apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ - && dpkgArch="$(dpkg --print-architecture)" \ + dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index a70cca17..3515f3a9 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -21,17 +21,7 @@ RUN set -x \ && case "$apkArch" in \ x86_64|aarch64) \ # arches officially built by upstream - set -x \ - && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ - && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ - echo "key verification succeeded!"; \ - mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ - else \ - echo "key verification failed!"; \ - exit 1; \ - fi \ - && apk add -X "https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + apk add -X "https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for @@ -78,5 +68,4 @@ RUN set -x \ && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 90d0cf28..6bdfc433 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -81,7 +81,6 @@ RUN set -x \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in gettext so we can get `envsubst`, then throw # the rest away. To do this, we need to install `gettext` # then move `envsubst` out of the way so `gettext` can diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index fbe85c5c..2025ea0e 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -22,17 +22,7 @@ RUN set -x \ && case "$apkArch" in \ x86_64|aarch64) \ # arches officially built by upstream - set -x \ - && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ - && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ - echo "key verification succeeded!"; \ - mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ - else \ - echo "key verification failed!"; \ - exit 1; \ - fi \ - && apk add -X "https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + apk add -X "https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for @@ -83,6 +73,5 @@ RUN set -x \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in curl and ca-certificates to make registering on DNS SD easier && apk add --no-cache curl ca-certificates diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index e485478c..0e35589b 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -5,26 +5,9 @@ # FROM nginx:1.24.0 -RUN set -x \ - && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ - && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ +RUN set -x; \ NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ - export GNUPGHOME="$(mktemp -d)"; \ - found=''; \ - for server in \ - hkp://keyserver.ubuntu.com:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ - rm -rf "$GNUPGHOME"; \ - apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ - && dpkgArch="$(dpkg --print-architecture)" \ + dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ From ed439d2266cee6304339d50c5fe33d8f87f6eb37 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Apr 2024 12:59:29 -0700 Subject: [PATCH 089/160] Updated stable nginx to 1.26.0 and moved to bookworm. This also adds otel module to stable images. --- stable/alpine-otel/Dockerfile | 87 ++++++++++++++++++++++++++++++++ stable/alpine-perl/Dockerfile | 12 ++--- stable/alpine-slim/Dockerfile | 12 ++--- stable/alpine/Dockerfile | 14 +++--- stable/debian-otel/Dockerfile | 95 +++++++++++++++++++++++++++++++++++ stable/debian-perl/Dockerfile | 6 +-- stable/debian/Dockerfile | 12 ++--- update.sh | 15 +++--- 8 files changed, 216 insertions(+), 37 deletions(-) create mode 100644 stable/alpine-otel/Dockerfile create mode 100644 stable/debian-otel/Dockerfile diff --git a/stable/alpine-otel/Dockerfile b/stable/alpine-otel/Dockerfile new file mode 100644 index 00000000..af9951c1 --- /dev/null +++ b/stable/alpine-otel/Dockerfile @@ -0,0 +1,87 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# +FROM nginx:1.26.0-alpine + +ENV OTEL_VERSION 0.1.0 + +RUN set -x \ + && apkArch="$(cat /etc/apk/arch)" \ + && nginxPackages=" \ + nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ + nginx-module-otel=${NGINX_VERSION}.${OTEL_VERSION}-r${PKG_RELEASE} \ + " \ +# install prerequisites for public key and pkg-oss checks + && apk add --no-cache --virtual .checksum-deps \ + openssl \ + && case "$apkArch" in \ + x86_64|aarch64) \ +# arches officially built by upstream + set -x \ + && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ + && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ + && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ + echo "key verification succeeded!"; \ + mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ + else \ + echo "key verification failed!"; \ + exit 1; \ + fi \ + && apk add -X "https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published packaging sources + set -x \ + && tempDir="$(mktemp -d)" \ + && chown nobody:nobody $tempDir \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre2-dev \ + zlib-dev \ + linux-headers \ + cmake \ + bash \ + alpine-sdk \ + findutils \ + xz \ + re2-dev \ + c-ares-dev \ + && su nobody -s /bin/sh -c " \ + export HOME=${tempDir} \ + && cd ${tempDir} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"f0ee7cef9a6e4aa1923177eb2782577ce61837c22c59bd0c3bd027a0a4dc3a3cdc4a16e95480a075bdee32ae59c0c6385dfadb971f93931fea84976c4a21fceb *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + echo \"pkg-oss tarball checksum verification succeeded!\"; \ + else \ + echo \"pkg-oss tarball checksum verification failed!\"; \ + exit 1; \ + fi \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && cd alpine \ + && make module-otel \ + && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ + " \ + && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ + && apk del --no-network .build-deps \ + && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ + ;; \ + esac \ +# remove checksum deps + && apk del --no-network .checksum-deps \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 3515f3a9..4c4989c2 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.24.0-alpine +FROM nginx:1.26.0-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -44,16 +44,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/e5d85b3424bb.tar.gz \ - && PKGOSSCHECKSUM=\"4f33347bf05e7d7dd42a52b6e7af7ec21e3ed71df05a8ec16dd1228425f04e4318d88b1340370ccb6ad02cde590fc102094ddffbb1fc86d2085295a43f02f67b *e5d85b3424bb.tar.gz\" \ - && if [ \"\$(openssl sha512 -r e5d85b3424bb.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"f0ee7cef9a6e4aa1923177eb2782577ce61837c22c59bd0c3bd027a0a4dc3a3cdc4a16e95480a075bdee32ae59c0c6385dfadb971f93931fea84976c4a21fceb *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf e5d85b3424bb.tar.gz \ - && cd pkg-oss-e5d85b3424bb \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 6bdfc433..de34e10a 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.19 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.24.0 +ENV NGINX_VERSION 1.26.0 ENV PKG_RELEASE 1 RUN set -x \ @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/e5d85b3424bb.tar.gz \ - && PKGOSSCHECKSUM=\"4f33347bf05e7d7dd42a52b6e7af7ec21e3ed71df05a8ec16dd1228425f04e4318d88b1340370ccb6ad02cde590fc102094ddffbb1fc86d2085295a43f02f67b *e5d85b3424bb.tar.gz\" \ - && if [ \"\$(openssl sha512 -r e5d85b3424bb.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"f0ee7cef9a6e4aa1923177eb2782577ce61837c22c59bd0c3bd027a0a4dc3a3cdc4a16e95480a075bdee32ae59c0c6385dfadb971f93931fea84976c4a21fceb *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf e5d85b3424bb.tar.gz \ - && cd pkg-oss-e5d85b3424bb \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 2025ea0e..1a664de8 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.24.0-alpine-slim +FROM nginx:1.26.0-alpine-slim -ENV NJS_VERSION 0.8.0 +ENV NJS_VERSION 0.8.4 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -48,16 +48,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/e5d85b3424bb.tar.gz \ - && PKGOSSCHECKSUM=\"4f33347bf05e7d7dd42a52b6e7af7ec21e3ed71df05a8ec16dd1228425f04e4318d88b1340370ccb6ad02cde590fc102094ddffbb1fc86d2085295a43f02f67b *e5d85b3424bb.tar.gz\" \ - && if [ \"\$(openssl sha512 -r e5d85b3424bb.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"f0ee7cef9a6e4aa1923177eb2782577ce61837c22c59bd0c3bd027a0a4dc3a3cdc4a16e95480a075bdee32ae59c0c6385dfadb971f93931fea84976c4a21fceb *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf e5d85b3424bb.tar.gz \ - && cd pkg-oss-e5d85b3424bb \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian-otel/Dockerfile b/stable/debian-otel/Dockerfile new file mode 100644 index 00000000..62a7f273 --- /dev/null +++ b/stable/debian-otel/Dockerfile @@ -0,0 +1,95 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# +FROM nginx:1.26.0 + +ENV OTEL_VERSION 0.1.0 + +RUN set -x \ + && apt-get update \ + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ + && \ + NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + export GNUPGHOME="$(mktemp -d)"; \ + found=''; \ + for server in \ + hkp://keyserver.ubuntu.com:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ + gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ + rm -rf "$GNUPGHOME"; \ + apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ + && dpkgArch="$(dpkg --print-architecture)" \ + && nginxPackages=" \ + nginx=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ + nginx-module-otel=${NGINX_VERSION}+${OTEL_VERSION}-${PKG_RELEASE} \ + " \ + && case "$dpkgArch" in \ + amd64|arm64) \ +# arches officialy built by upstream + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ + && apt-get update \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published source packages + echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ + \ +# new directory for storing sources and .deb files + && tempDir="$(mktemp -d)" \ + && chmod 777 "$tempDir" \ +# (777 to ensure APT's "_apt" user can access it too) + \ +# save list of currently-installed packages so build dependencies can be cleanly removed later + && savedAptMark="$(apt-mark showmanual)" \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + && apt-get update \ + && apt-get build-dep -y nginx-module-otel \ + && ( \ + cd "$tempDir" \ + && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile nginx-module-otel \ + ) \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + && apt-mark showmanual | xargs apt-mark auto > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + && ls -lAFh "$tempDir" \ + && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ + && grep '^Package: ' "$tempDir/Packages" \ + && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + && apt-get -o Acquire::GzipIndexes=false update \ + ;; \ + esac \ + \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + $nginxPackages \ + gettext-base \ + curl \ + && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then \ + apt-get purge -y --auto-remove \ + && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 0e35589b..c7e0fdd6 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.24.0 +FROM nginx:1.26.0 RUN set -x; \ NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ @@ -19,13 +19,13 @@ RUN set -x; \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 56ae3684..b19556df 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -3,13 +3,13 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM debian:bullseye-slim +FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.24.0 -ENV NJS_VERSION 0.8.0 -ENV PKG_RELEASE 1~bullseye +ENV NGINX_VERSION 1.26.0 +ENV NJS_VERSION 0.8.4 +ENV PKG_RELEASE 1~bookworm RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -44,13 +44,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ diff --git a/update.sh b/update.sh index cd9ade25..70dd71f4 100755 --- a/update.sh +++ b/update.sh @@ -13,13 +13,13 @@ declare branches=( # Remember to update pkgosschecksum when changing this. declare -A nginx=( [mainline]='1.25.5' - [stable]='1.24.0' + [stable]='1.26.0' ) # Current njs versions declare -A njs=( [mainline]='0.8.4' - [stable]='0.8.0' + [stable]='0.8.4' ) # Current otel versions @@ -37,7 +37,7 @@ declare -A pkg=( declare -A debian=( [mainline]='bookworm' - [stable]='bullseye' + [stable]='bookworm' ) declare -A alpine=( @@ -51,7 +51,7 @@ declare -A alpine=( # Remember to update pkgosschecksum when changing this. declare -A rev=( [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' - [stable]='e5d85b3424bb' + [stable]='${NGINX_VERSION}-${PKG_RELEASE}' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code @@ -59,7 +59,7 @@ declare -A rev=( # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( [mainline]='74000f32ab250be492a8ae4d408cd63a4c422f4f0af84689973a2844fceeb8a3e7e12b04d7c6dac0f993d7102d920a5f60e6f49be23ce4093f48a8eb1ae36ce5' - [stable]='4f33347bf05e7d7dd42a52b6e7af7ec21e3ed71df05a8ec16dd1228425f04e4318d88b1340370ccb6ad02cde590fc102094ddffbb1fc86d2085295a43f02f67b' + [stable]='f0ee7cef9a6e4aa1923177eb2782577ce61837c22c59bd0c3bd027a0a4dc3a3cdc4a16e95480a075bdee32ae59c0c6385dfadb971f93931fea84976c4a21fceb' ) get_packages() { @@ -87,10 +87,7 @@ get_packages() { *-perl) perl="nginx-module-perl" ;; - esac - - case "$distro:$branch" in - *-otel:mainline) + *-otel) otel="nginx-module-otel" bn="\n" ;; From 435f9c2a06cf2d5fd65767d2f0696b9c988b814b Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Apr 2024 13:04:31 -0700 Subject: [PATCH 090/160] generate-stackbrew-library: moved stable to 1.26 With that, added otel tags for stable, too. --- generate-stackbrew-library.sh | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 0990cc61..aadcf07e 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -4,7 +4,7 @@ set -eu declare -A aliases aliases=( [mainline]='1 1.25 latest' - [stable]='1.24' + [stable]='1.26' ) self="$(basename "$BASH_SOURCE")" @@ -50,12 +50,8 @@ join() { } for version in "${versions[@]}"; do - debian_otel= - alpine_otel= - if [ "$version" = "mainline" ]; then - debian_otel="debian-otel" - alpine_otel="alpine-otel" - fi + debian_otel="debian-otel" + alpine_otel="alpine-otel" commit="$(dirCommit "$version/$base")" fullVersion="$(git show "$commit":"$version/$base/Dockerfile" | awk '$1 == "ENV" && $2 == "NGINX_VERSION" { print $3; exit }')" From 56cb1dd64cb83e8f54f4c95a526e526f65703ce9 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Apr 2024 13:05:23 -0700 Subject: [PATCH 091/160] sync-awsecr: moved stable to 1.26. --- sync-awsecr.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sync-awsecr.sh b/sync-awsecr.sh index e35d1807..c9ea9634 100755 --- a/sync-awsecr.sh +++ b/sync-awsecr.sh @@ -7,7 +7,7 @@ registry="public.ecr.aws/z9d2n7e1" declare -A aliases aliases=( [mainline]='1 1.25 latest' - [stable]='1.24' + [stable]='1.26' ) architectures=( amd64 arm64v8 ) From 3fb7e2e6266d5652dabe275dbfd50bdb3418361e Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Apr 2024 13:12:40 -0700 Subject: [PATCH 092/160] Introduce NJS_RELEASE to hold the version for njs package release. This is currently needed for mainline versions to pick up an update njs release (0.8.4-2). --- Dockerfile-alpine.template | 1 + Dockerfile-debian.template | 1 + mainline/alpine-otel/Dockerfile | 12 ++++++------ mainline/alpine-perl/Dockerfile | 12 ++++++------ mainline/alpine-slim/Dockerfile | 10 +++++----- mainline/alpine/Dockerfile | 13 +++++++------ mainline/debian-otel/Dockerfile | 2 +- mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 3 ++- stable/alpine-otel/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 3 ++- stable/debian-otel/Dockerfile | 2 +- stable/debian-perl/Dockerfile | 2 +- stable/debian/Dockerfile | 3 ++- update.sh | 21 ++++++++++++++++----- 16 files changed, 54 insertions(+), 37 deletions(-) diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index f64222bb..8c9d490d 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -1,6 +1,7 @@ FROM nginx:%%NGINX_VERSION%%-alpine-slim ENV NJS_VERSION %%NJS_VERSION%% +ENV NJS_RELEASE %%NJS_RELEASE%% RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 4615a39f..49b298c2 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -4,6 +4,7 @@ LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION %%NGINX_VERSION%% ENV NJS_VERSION %%NJS_VERSION%% +ENV NJS_RELEASE %%NJS_RELEASE%% ENV PKG_RELEASE %%PKG_RELEASE%% RUN set -x \ diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index b42f7959..25b3b95b 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -14,7 +14,7 @@ RUN set -x \ nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ nginx-module-otel=${NGINX_VERSION}.${OTEL_VERSION}-r${PKG_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks @@ -49,16 +49,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"74000f32ab250be492a8ae4d408cd63a4c422f4f0af84689973a2844fceeb8a3e7e12b04d7c6dac0f993d7102d920a5f60e6f49be23ce4093f48a8eb1ae36ce5 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/93ac6e194ad0.tar.gz \ + && PKGOSSCHECKSUM=\"d56d10fbc6a1774e0a000b4322c5f847f8dfdcc3035b21cfd2a4a417ecce46939f39ff39ab865689b60cf6486c3da132aa5a88fa56edaad13d90715affe2daf0 *93ac6e194ad0.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 93ac6e194ad0.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 93ac6e194ad0.tar.gz \ + && cd pkg-oss-93ac6e194ad0 \ && cd alpine \ && make module-otel \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index d108211a..bf4296b1 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -13,7 +13,7 @@ RUN set -x \ nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-perl=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks && apk add --no-cache --virtual .checksum-deps \ @@ -44,16 +44,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"74000f32ab250be492a8ae4d408cd63a4c422f4f0af84689973a2844fceeb8a3e7e12b04d7c6dac0f993d7102d920a5f60e6f49be23ce4093f48a8eb1ae36ce5 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/93ac6e194ad0.tar.gz \ + && PKGOSSCHECKSUM=\"d56d10fbc6a1774e0a000b4322c5f847f8dfdcc3035b21cfd2a4a417ecce46939f39ff39ab865689b60cf6486c3da132aa5a88fa56edaad13d90715affe2daf0 *93ac6e194ad0.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 93ac6e194ad0.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 93ac6e194ad0.tar.gz \ + && cd pkg-oss-93ac6e194ad0 \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 8c2a221d..e164320f 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"74000f32ab250be492a8ae4d408cd63a4c422f4f0af84689973a2844fceeb8a3e7e12b04d7c6dac0f993d7102d920a5f60e6f49be23ce4093f48a8eb1ae36ce5 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/93ac6e194ad0.tar.gz \ + && PKGOSSCHECKSUM=\"d56d10fbc6a1774e0a000b4322c5f847f8dfdcc3035b21cfd2a4a417ecce46939f39ff39ab865689b60cf6486c3da132aa5a88fa56edaad13d90715affe2daf0 *93ac6e194ad0.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 93ac6e194ad0.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 93ac6e194ad0.tar.gz \ + && cd pkg-oss-93ac6e194ad0 \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index a90a2c52..3f3f6cd1 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -6,6 +6,7 @@ FROM nginx:1.25.5-alpine-slim ENV NJS_VERSION 0.8.4 +ENV NJS_RELEASE 2 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -14,7 +15,7 @@ RUN set -x \ nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks && apk add --no-cache --virtual .checksum-deps \ @@ -48,16 +49,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"74000f32ab250be492a8ae4d408cd63a4c422f4f0af84689973a2844fceeb8a3e7e12b04d7c6dac0f993d7102d920a5f60e6f49be23ce4093f48a8eb1ae36ce5 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/93ac6e194ad0.tar.gz \ + && PKGOSSCHECKSUM=\"d56d10fbc6a1774e0a000b4322c5f847f8dfdcc3035b21cfd2a4a417ecce46939f39ff39ab865689b60cf6486c3da132aa5a88fa56edaad13d90715affe2daf0 *93ac6e194ad0.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 93ac6e194ad0.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 93ac6e194ad0.tar.gz \ + && cd pkg-oss-93ac6e194ad0 \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index a9f21192..96f3a702 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -15,7 +15,7 @@ RUN set -x; \ nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ nginx-module-otel=${NGINX_VERSION}+${OTEL_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 8e3c9959..cc01d476 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -14,7 +14,7 @@ RUN set -x; \ nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ " \ && case "$dpkgArch" in \ amd64|arm64) \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 22ad7980..76bce0bc 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -9,6 +9,7 @@ LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.25.5 ENV NJS_VERSION 0.8.4 +ENV NJS_RELEASE 2~bookworm ENV PKG_RELEASE 1~bookworm RUN set -x \ @@ -39,7 +40,7 @@ RUN set -x \ nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ " \ && case "$dpkgArch" in \ amd64|arm64) \ diff --git a/stable/alpine-otel/Dockerfile b/stable/alpine-otel/Dockerfile index af9951c1..a1ead88a 100644 --- a/stable/alpine-otel/Dockerfile +++ b/stable/alpine-otel/Dockerfile @@ -14,7 +14,7 @@ RUN set -x \ nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ nginx-module-otel=${NGINX_VERSION}.${OTEL_VERSION}-r${PKG_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 4c4989c2..9a941e0a 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -13,7 +13,7 @@ RUN set -x \ nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-perl=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks && apk add --no-cache --virtual .checksum-deps \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 1a664de8..132b71d6 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -6,6 +6,7 @@ FROM nginx:1.26.0-alpine-slim ENV NJS_VERSION 0.8.4 +ENV NJS_RELEASE 1 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -14,7 +15,7 @@ RUN set -x \ nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks && apk add --no-cache --virtual .checksum-deps \ diff --git a/stable/debian-otel/Dockerfile b/stable/debian-otel/Dockerfile index 62a7f273..d9697693 100644 --- a/stable/debian-otel/Dockerfile +++ b/stable/debian-otel/Dockerfile @@ -32,7 +32,7 @@ RUN set -x \ nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ nginx-module-otel=${NGINX_VERSION}+${OTEL_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index c7e0fdd6..0c8edc13 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -14,7 +14,7 @@ RUN set -x; \ nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ " \ && case "$dpkgArch" in \ amd64|arm64) \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index b19556df..3b1c1438 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -9,6 +9,7 @@ LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.26.0 ENV NJS_VERSION 0.8.4 +ENV NJS_RELEASE 1~bookworm ENV PKG_RELEASE 1~bookworm RUN set -x \ @@ -39,7 +40,7 @@ RUN set -x \ nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ " \ && case "$dpkgArch" in \ amd64|arm64) \ diff --git a/update.sh b/update.sh index 70dd71f4..1249f91a 100755 --- a/update.sh +++ b/update.sh @@ -22,6 +22,13 @@ declare -A njs=( [stable]='0.8.4' ) +# Current njs patchlevel version +# Remember to update pkgosschecksum when changing this. +declare -A njspkg=( + [mainline]='2' + [stable]='1' +) + # Current otel versions declare -A otel=( [mainline]='0.1.0' @@ -50,7 +57,7 @@ declare -A alpine=( # when building alpine packages on architectures not supported by nginx.org # Remember to update pkgosschecksum when changing this. declare -A rev=( - [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' + [mainline]='93ac6e194ad0' [stable]='${NGINX_VERSION}-${PKG_RELEASE}' ) @@ -58,7 +65,7 @@ declare -A rev=( # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='74000f32ab250be492a8ae4d408cd63a4c422f4f0af84689973a2844fceeb8a3e7e12b04d7c6dac0f993d7102d920a5f60e6f49be23ce4093f48a8eb1ae36ce5' + [mainline]='d56d10fbc6a1774e0a000b4322c5f847f8dfdcc3035b21cfd2a4a417ecce46939f39ff39ab865689b60cf6486c3da132aa5a88fa56edaad13d90715affe2daf0' [stable]='f0ee7cef9a6e4aa1923177eb2782577ce61837c22c59bd0c3bd027a0a4dc3a3cdc4a16e95480a075bdee32ae59c0c6385dfadb971f93931fea84976c4a21fceb' ) @@ -105,7 +112,7 @@ get_packages() { echo -n ' '"$p"'=${NGINX_VERSION}-'"$r"'${PKG_RELEASE} \\\n' done for p in nginx-module-njs; do - echo -n ' '"$p"'=${NGINX_VERSION}'"$sep"'${NJS_VERSION}-'"$r"'${PKG_RELEASE} \\'"$bn" + echo -n ' '"$p"'=${NGINX_VERSION}'"$sep"'${NJS_VERSION}-'"$r"'${NJS_RELEASE} \\'"$bn" done for p in $otel; do echo -n ' '"$p"'=${NGINX_VERSION}'"$sep"'${OTEL_VERSION}-'"$r"'${PKG_RELEASE} \\' @@ -136,11 +143,13 @@ get_packagever() { distro="${distro%-slim}" local branch="$1" shift + local package="$1" + shift local suffix= [ "${distro}" = "debian" ] && suffix="~${debianver}" - echo ${pkg[$branch]}${suffix} + [ "${package}" = "njs" ] && echo ${njspkg[$branch]}${suffix} || echo ${pkg[$branch]}${suffix} } get_buildtarget() { @@ -207,7 +216,8 @@ for branch in "${branches[@]}"; do packagerepo=$(get_packagerepo "$variant" "$branch") packages=$(get_packages "$variant" "$branch") - packagever=$(get_packagever "$variant" "$branch") + packagever=$(get_packagever "$variant" "$branch" "any") + njspkgver=$(get_packagever "$variant" "$branch" "njs") buildtarget=$(get_buildtarget "$variant") sed -i.bak \ @@ -215,6 +225,7 @@ for branch in "${branches[@]}"; do -e 's,%%DEBIAN_VERSION%%,'"$debianver"',' \ -e 's,%%NGINX_VERSION%%,'"$nginxver"',' \ -e 's,%%NJS_VERSION%%,'"$njsver"',' \ + -e 's,%%NJS_RELEASE%%,'"$njspkgver"',' \ -e 's,%%OTEL_VERSION%%,'"$otelver"',' \ -e 's,%%PKG_RELEASE%%,'"$packagever"',' \ -e 's,%%PACKAGES%%,'"$packages"',' \ From 33588b16913fe91d3a201043b73f3366d15fcce1 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Apr 2024 13:34:32 -0700 Subject: [PATCH 093/160] Updated remaining Dockerfiles after b7a32965681. --- stable/alpine-otel/Dockerfile | 15 ++------------- stable/debian-otel/Dockerfile | 21 ++------------------- 2 files changed, 4 insertions(+), 32 deletions(-) diff --git a/stable/alpine-otel/Dockerfile b/stable/alpine-otel/Dockerfile index a1ead88a..060bd73c 100644 --- a/stable/alpine-otel/Dockerfile +++ b/stable/alpine-otel/Dockerfile @@ -23,17 +23,7 @@ RUN set -x \ && case "$apkArch" in \ x86_64|aarch64) \ # arches officially built by upstream - set -x \ - && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ - && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ - echo "key verification succeeded!"; \ - mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ - else \ - echo "key verification failed!"; \ - exit 1; \ - fi \ - && apk add -X "https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + apk add -X "https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for @@ -83,5 +73,4 @@ RUN set -x \ && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi diff --git a/stable/debian-otel/Dockerfile b/stable/debian-otel/Dockerfile index d9697693..dbe9f4bb 100644 --- a/stable/debian-otel/Dockerfile +++ b/stable/debian-otel/Dockerfile @@ -7,26 +7,9 @@ FROM nginx:1.26.0 ENV OTEL_VERSION 0.1.0 -RUN set -x \ - && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ - && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ +RUN set -x; \ NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ - export GNUPGHOME="$(mktemp -d)"; \ - found=''; \ - for server in \ - hkp://keyserver.ubuntu.com:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ - rm -rf "$GNUPGHOME"; \ - apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ - && dpkgArch="$(dpkg --print-architecture)" \ + dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ From 23bcf128302c8731b1d50e03da63cda31d69ba5f Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Apr 2024 13:36:59 -0700 Subject: [PATCH 094/160] Debian: updated GPG keys dir. Closes: https://github.com/nginxinc/docker-nginx/pull/821 --- Dockerfile-debian.template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 49b298c2..4fe841a6 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -15,7 +15,7 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ - NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ export GNUPGHOME="$(mktemp -d)"; \ found=''; \ for server in \ From 66c0f94b4c764b1a531528e8c242ad94497011f6 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Apr 2024 14:37:04 -0700 Subject: [PATCH 095/160] Updated dockerfiles after 23bcf128302 --- mainline/debian/Dockerfile | 2 +- stable/debian/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 76bce0bc..f0bec38f 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -20,7 +20,7 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ - NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ export GNUPGHOME="$(mktemp -d)"; \ found=''; \ for server in \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 3b1c1438..4a06824e 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -20,7 +20,7 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ - NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ export GNUPGHOME="$(mktemp -d)"; \ found=''; \ for server in \ From 5bf2e65ab9eaa029613e18fc5dfab04693511ed6 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Apr 2024 14:44:57 -0700 Subject: [PATCH 096/160] Updated GPG key dirs in templates missed in 23bcf128302 --- Dockerfile-debian-otel.template | 2 +- Dockerfile-debian-perl.template | 2 +- mainline/debian-otel/Dockerfile | 2 +- mainline/debian-perl/Dockerfile | 2 +- stable/debian-otel/Dockerfile | 2 +- stable/debian-perl/Dockerfile | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Dockerfile-debian-otel.template b/Dockerfile-debian-otel.template index dff7acc0..b1a8a8e2 100644 --- a/Dockerfile-debian-otel.template +++ b/Dockerfile-debian-otel.template @@ -3,7 +3,7 @@ FROM nginx:%%NGINX_VERSION%% ENV OTEL_VERSION %%OTEL_VERSION%% RUN set -x; \ - NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages="%%PACKAGES%% " \ diff --git a/Dockerfile-debian-perl.template b/Dockerfile-debian-perl.template index 43099656..03e801f5 100644 --- a/Dockerfile-debian-perl.template +++ b/Dockerfile-debian-perl.template @@ -1,7 +1,7 @@ FROM nginx:%%NGINX_VERSION%% RUN set -x; \ - NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages="%%PACKAGES%% " \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 96f3a702..51f8c54e 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -8,7 +8,7 @@ FROM nginx:1.25.5 ENV OTEL_VERSION 0.1.0 RUN set -x; \ - NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index cc01d476..4bdba1e6 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -6,7 +6,7 @@ FROM nginx:1.25.5 RUN set -x; \ - NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ diff --git a/stable/debian-otel/Dockerfile b/stable/debian-otel/Dockerfile index dbe9f4bb..2a2ca729 100644 --- a/stable/debian-otel/Dockerfile +++ b/stable/debian-otel/Dockerfile @@ -8,7 +8,7 @@ FROM nginx:1.26.0 ENV OTEL_VERSION 0.1.0 RUN set -x; \ - NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 0c8edc13..ee08af92 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -6,7 +6,7 @@ FROM nginx:1.26.0 RUN set -x; \ - NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ From 3142ac341053ce45b6c5065734084e7e0154a1f2 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 30 Apr 2024 16:26:48 -0700 Subject: [PATCH 097/160] Updated the modules list and versions. (Modsecurity is no longer built & shipped in pkg-oss). --- modules/README.md | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/modules/README.md b/modules/README.md index 887eaa58..e1ff4ba7 100644 --- a/modules/README.md +++ b/modules/README.md @@ -43,27 +43,25 @@ are available from `pkg-oss` repository: ``` /pkg-oss $ LC_ALL=C make -C debian list-all-modules -make: Entering directory '/pkg-oss/debian' auth-spnego 1.1.1-1 brotli 1.0.0-1 encrypted-session 0.09-1 fips-check 0.1-1 -geoip 1.25.1-1 +geoip 1.25.5-1 geoip2 3.4-1 -headers-more 0.34-1 -image-filter 1.25.1-1 -lua 0.10.25-1 -modsecurity 1.0.3-3 -ndk 0.3.2-1 -njs 0.8.0-1 -opentracing 0.29.0-1 -passenger 6.0.18-1 -perl 1.25.1-1 +headers-more 0.35-1 +image-filter 1.25.5-1 +lua 0.10.26-1 +ndk 0.3.3-1 +njs 0.8.4-2 +opentracing 0.33.0-1 +otel 0.1.0-1 +passenger 6.0.19-1 +perl 1.25.5-1 rtmp 1.2.2-1 set-misc 0.33-1 subs-filter 0.6.4-1 -xslt 1.25.1-1 -make: Leaving directory '/pkg-oss/debian' +xslt 1.25.5-1 ``` If you still want to provide your own instructions for a specific module, From 9abe4ae472b3332665fad9b12ee146dc242e775c Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 3 May 2024 12:48:45 -0700 Subject: [PATCH 098/160] Bump njs releases to hopefully fix builds on arm32v5 --- mainline/alpine-otel/Dockerfile | 10 +++++----- mainline/alpine-perl/Dockerfile | 10 +++++----- mainline/alpine-slim/Dockerfile | 10 +++++----- mainline/alpine/Dockerfile | 12 ++++++------ mainline/debian/Dockerfile | 2 +- stable/alpine-otel/Dockerfile | 10 +++++----- stable/alpine-perl/Dockerfile | 10 +++++----- stable/alpine-slim/Dockerfile | 10 +++++----- stable/alpine/Dockerfile | 12 ++++++------ stable/debian/Dockerfile | 2 +- update.sh | 12 ++++++------ 11 files changed, 50 insertions(+), 50 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index 25b3b95b..7e08f87a 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -49,16 +49,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/93ac6e194ad0.tar.gz \ - && PKGOSSCHECKSUM=\"d56d10fbc6a1774e0a000b4322c5f847f8dfdcc3035b21cfd2a4a417ecce46939f39ff39ab865689b60cf6486c3da132aa5a88fa56edaad13d90715affe2daf0 *93ac6e194ad0.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 93ac6e194ad0.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/27357d6c5453.tar.gz \ + && PKGOSSCHECKSUM=\"a80fc5706ad8e98597478b9e041f658375d53d22f7c8004dd16354067a3d48eb4ef234830b697ddf5c45ec57b837237cc11317bcaaa5133ccbe71bce15d969b0 *27357d6c5453.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 27357d6c5453.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 93ac6e194ad0.tar.gz \ - && cd pkg-oss-93ac6e194ad0 \ + && tar xzvf 27357d6c5453.tar.gz \ + && cd pkg-oss-27357d6c5453 \ && cd alpine \ && make module-otel \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index bf4296b1..2c583aad 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -44,16 +44,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/93ac6e194ad0.tar.gz \ - && PKGOSSCHECKSUM=\"d56d10fbc6a1774e0a000b4322c5f847f8dfdcc3035b21cfd2a4a417ecce46939f39ff39ab865689b60cf6486c3da132aa5a88fa56edaad13d90715affe2daf0 *93ac6e194ad0.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 93ac6e194ad0.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/27357d6c5453.tar.gz \ + && PKGOSSCHECKSUM=\"a80fc5706ad8e98597478b9e041f658375d53d22f7c8004dd16354067a3d48eb4ef234830b697ddf5c45ec57b837237cc11317bcaaa5133ccbe71bce15d969b0 *27357d6c5453.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 27357d6c5453.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 93ac6e194ad0.tar.gz \ - && cd pkg-oss-93ac6e194ad0 \ + && tar xzvf 27357d6c5453.tar.gz \ + && cd pkg-oss-27357d6c5453 \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index e164320f..c1bde59c 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/93ac6e194ad0.tar.gz \ - && PKGOSSCHECKSUM=\"d56d10fbc6a1774e0a000b4322c5f847f8dfdcc3035b21cfd2a4a417ecce46939f39ff39ab865689b60cf6486c3da132aa5a88fa56edaad13d90715affe2daf0 *93ac6e194ad0.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 93ac6e194ad0.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/27357d6c5453.tar.gz \ + && PKGOSSCHECKSUM=\"a80fc5706ad8e98597478b9e041f658375d53d22f7c8004dd16354067a3d48eb4ef234830b697ddf5c45ec57b837237cc11317bcaaa5133ccbe71bce15d969b0 *27357d6c5453.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 27357d6c5453.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 93ac6e194ad0.tar.gz \ - && cd pkg-oss-93ac6e194ad0 \ + && tar xzvf 27357d6c5453.tar.gz \ + && cd pkg-oss-27357d6c5453 \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 3f3f6cd1..a1a04700 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -6,7 +6,7 @@ FROM nginx:1.25.5-alpine-slim ENV NJS_VERSION 0.8.4 -ENV NJS_RELEASE 2 +ENV NJS_RELEASE 3 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -49,16 +49,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/93ac6e194ad0.tar.gz \ - && PKGOSSCHECKSUM=\"d56d10fbc6a1774e0a000b4322c5f847f8dfdcc3035b21cfd2a4a417ecce46939f39ff39ab865689b60cf6486c3da132aa5a88fa56edaad13d90715affe2daf0 *93ac6e194ad0.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 93ac6e194ad0.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/27357d6c5453.tar.gz \ + && PKGOSSCHECKSUM=\"a80fc5706ad8e98597478b9e041f658375d53d22f7c8004dd16354067a3d48eb4ef234830b697ddf5c45ec57b837237cc11317bcaaa5133ccbe71bce15d969b0 *27357d6c5453.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 27357d6c5453.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 93ac6e194ad0.tar.gz \ - && cd pkg-oss-93ac6e194ad0 \ + && tar xzvf 27357d6c5453.tar.gz \ + && cd pkg-oss-27357d6c5453 \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index f0bec38f..c2048199 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -9,7 +9,7 @@ LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.25.5 ENV NJS_VERSION 0.8.4 -ENV NJS_RELEASE 2~bookworm +ENV NJS_RELEASE 3~bookworm ENV PKG_RELEASE 1~bookworm RUN set -x \ diff --git a/stable/alpine-otel/Dockerfile b/stable/alpine-otel/Dockerfile index 060bd73c..66923ea1 100644 --- a/stable/alpine-otel/Dockerfile +++ b/stable/alpine-otel/Dockerfile @@ -49,16 +49,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"f0ee7cef9a6e4aa1923177eb2782577ce61837c22c59bd0c3bd027a0a4dc3a3cdc4a16e95480a075bdee32ae59c0c6385dfadb971f93931fea84976c4a21fceb *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/73d6839714a2.tar.gz \ + && PKGOSSCHECKSUM=\"95d513d058493d60cba5a6bb328dc3c3e75ea115cf248a64bd921159e11c6fc87d33c7f058562c584fe440a219b931d53fd66bd4c596244b54287b62979834db *73d6839714a2.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 73d6839714a2.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 73d6839714a2.tar.gz \ + && cd pkg-oss-73d6839714a2 \ && cd alpine \ && make module-otel \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 9a941e0a..9cdf5d0f 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -44,16 +44,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"f0ee7cef9a6e4aa1923177eb2782577ce61837c22c59bd0c3bd027a0a4dc3a3cdc4a16e95480a075bdee32ae59c0c6385dfadb971f93931fea84976c4a21fceb *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/73d6839714a2.tar.gz \ + && PKGOSSCHECKSUM=\"95d513d058493d60cba5a6bb328dc3c3e75ea115cf248a64bd921159e11c6fc87d33c7f058562c584fe440a219b931d53fd66bd4c596244b54287b62979834db *73d6839714a2.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 73d6839714a2.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 73d6839714a2.tar.gz \ + && cd pkg-oss-73d6839714a2 \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index de34e10a..59e0e309 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"f0ee7cef9a6e4aa1923177eb2782577ce61837c22c59bd0c3bd027a0a4dc3a3cdc4a16e95480a075bdee32ae59c0c6385dfadb971f93931fea84976c4a21fceb *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/73d6839714a2.tar.gz \ + && PKGOSSCHECKSUM=\"95d513d058493d60cba5a6bb328dc3c3e75ea115cf248a64bd921159e11c6fc87d33c7f058562c584fe440a219b931d53fd66bd4c596244b54287b62979834db *73d6839714a2.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 73d6839714a2.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 73d6839714a2.tar.gz \ + && cd pkg-oss-73d6839714a2 \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 132b71d6..d7f1f0c5 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -6,7 +6,7 @@ FROM nginx:1.26.0-alpine-slim ENV NJS_VERSION 0.8.4 -ENV NJS_RELEASE 1 +ENV NJS_RELEASE 2 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -49,16 +49,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"f0ee7cef9a6e4aa1923177eb2782577ce61837c22c59bd0c3bd027a0a4dc3a3cdc4a16e95480a075bdee32ae59c0c6385dfadb971f93931fea84976c4a21fceb *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/73d6839714a2.tar.gz \ + && PKGOSSCHECKSUM=\"95d513d058493d60cba5a6bb328dc3c3e75ea115cf248a64bd921159e11c6fc87d33c7f058562c584fe440a219b931d53fd66bd4c596244b54287b62979834db *73d6839714a2.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 73d6839714a2.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 73d6839714a2.tar.gz \ + && cd pkg-oss-73d6839714a2 \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 4a06824e..853e3e60 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -9,7 +9,7 @@ LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.26.0 ENV NJS_VERSION 0.8.4 -ENV NJS_RELEASE 1~bookworm +ENV NJS_RELEASE 2~bookworm ENV PKG_RELEASE 1~bookworm RUN set -x \ diff --git a/update.sh b/update.sh index 1249f91a..1327b708 100755 --- a/update.sh +++ b/update.sh @@ -25,8 +25,8 @@ declare -A njs=( # Current njs patchlevel version # Remember to update pkgosschecksum when changing this. declare -A njspkg=( - [mainline]='2' - [stable]='1' + [mainline]='3' + [stable]='2' ) # Current otel versions @@ -57,16 +57,16 @@ declare -A alpine=( # when building alpine packages on architectures not supported by nginx.org # Remember to update pkgosschecksum when changing this. declare -A rev=( - [mainline]='93ac6e194ad0' - [stable]='${NGINX_VERSION}-${PKG_RELEASE}' + [mainline]='27357d6c5453' + [stable]='73d6839714a2' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='d56d10fbc6a1774e0a000b4322c5f847f8dfdcc3035b21cfd2a4a417ecce46939f39ff39ab865689b60cf6486c3da132aa5a88fa56edaad13d90715affe2daf0' - [stable]='f0ee7cef9a6e4aa1923177eb2782577ce61837c22c59bd0c3bd027a0a4dc3a3cdc4a16e95480a075bdee32ae59c0c6385dfadb971f93931fea84976c4a21fceb' + [mainline]='a80fc5706ad8e98597478b9e041f658375d53d22f7c8004dd16354067a3d48eb4ef234830b697ddf5c45ec57b837237cc11317bcaaa5133ccbe71bce15d969b0' + [stable]='95d513d058493d60cba5a6bb328dc3c3e75ea115cf248a64bd921159e11c6fc87d33c7f058562c584fe440a219b931d53fd66bd4c596244b54287b62979834db' ) get_packages() { From b5e83108e52bfb4aeea4cb533285e58792a2bd40 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 29 May 2024 15:12:21 -0700 Subject: [PATCH 099/160] Updated nginx versions to 1.26.1 and 1.27.0 --- generate-stackbrew-library.sh | 2 +- sync-awsecr.sh | 2 +- update.sh | 18 +++++++++--------- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index aadcf07e..fc42760c 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -3,7 +3,7 @@ set -eu declare -A aliases aliases=( - [mainline]='1 1.25 latest' + [mainline]='1 1.27 latest' [stable]='1.26' ) diff --git a/sync-awsecr.sh b/sync-awsecr.sh index c9ea9634..0e7cfffa 100755 --- a/sync-awsecr.sh +++ b/sync-awsecr.sh @@ -6,7 +6,7 @@ registry="public.ecr.aws/z9d2n7e1" declare -A aliases aliases=( - [mainline]='1 1.25 latest' + [mainline]='1 1.27 latest' [stable]='1.26' ) diff --git a/update.sh b/update.sh index 1327b708..bbd5ebea 100755 --- a/update.sh +++ b/update.sh @@ -12,8 +12,8 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.25.5' - [stable]='1.26.0' + [mainline]='1.27.0' + [stable]='1.26.1' ) # Current njs versions @@ -25,7 +25,7 @@ declare -A njs=( # Current njs patchlevel version # Remember to update pkgosschecksum when changing this. declare -A njspkg=( - [mainline]='3' + [mainline]='2' [stable]='2' ) @@ -38,8 +38,8 @@ declare -A otel=( # Current package patchlevel version # Remember to update pkgosschecksum when changing this. declare -A pkg=( - [mainline]=1 - [stable]=1 + [mainline]=2 + [stable]=2 ) declare -A debian=( @@ -57,16 +57,16 @@ declare -A alpine=( # when building alpine packages on architectures not supported by nginx.org # Remember to update pkgosschecksum when changing this. declare -A rev=( - [mainline]='27357d6c5453' - [stable]='73d6839714a2' + [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' + [stable]='${NGINX_VERSION}-${PKG_RELEASE}' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='a80fc5706ad8e98597478b9e041f658375d53d22f7c8004dd16354067a3d48eb4ef234830b697ddf5c45ec57b837237cc11317bcaaa5133ccbe71bce15d969b0' - [stable]='95d513d058493d60cba5a6bb328dc3c3e75ea115cf248a64bd921159e11c6fc87d33c7f058562c584fe440a219b931d53fd66bd4c596244b54287b62979834db' + [mainline]='cd3333f4dfa4a873f6df73dfe24e047adc092d779aefb46577b6307ff0d0125543508694a80158b2bfc891167ad763b0d08287829df9924d4c22f50d063e76c0' + [stable]='0db2bf5f86e7c31f23d0e3e7699a5d8a4d9d9b0dc2f98d3e3a31e004df20206270debf6502e4481892e8b64d55fba73fcc8d74c3e0ddfcd2d3f85a17fa02a25e' ) get_packages() { From 3180cdbec313dc4a9f6dd1109ae66adaf98f11fb Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 29 May 2024 15:13:35 -0700 Subject: [PATCH 100/160] Regenerated after last commits --- mainline/alpine-otel/Dockerfile | 12 ++++++------ mainline/alpine-perl/Dockerfile | 12 ++++++------ mainline/alpine-slim/Dockerfile | 14 +++++++------- mainline/alpine/Dockerfile | 14 +++++++------- mainline/debian-otel/Dockerfile | 2 +- mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 6 +++--- stable/alpine-otel/Dockerfile | 12 ++++++------ stable/alpine-perl/Dockerfile | 12 ++++++------ stable/alpine-slim/Dockerfile | 14 +++++++------- stable/alpine/Dockerfile | 12 ++++++------ stable/debian-otel/Dockerfile | 2 +- stable/debian-perl/Dockerfile | 2 +- stable/debian/Dockerfile | 4 ++-- 14 files changed, 60 insertions(+), 60 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index 7e08f87a..f5dcf080 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.5-alpine +FROM nginx:1.27.0-alpine ENV OTEL_VERSION 0.1.0 @@ -49,16 +49,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/27357d6c5453.tar.gz \ - && PKGOSSCHECKSUM=\"a80fc5706ad8e98597478b9e041f658375d53d22f7c8004dd16354067a3d48eb4ef234830b697ddf5c45ec57b837237cc11317bcaaa5133ccbe71bce15d969b0 *27357d6c5453.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 27357d6c5453.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"cd3333f4dfa4a873f6df73dfe24e047adc092d779aefb46577b6307ff0d0125543508694a80158b2bfc891167ad763b0d08287829df9924d4c22f50d063e76c0 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 27357d6c5453.tar.gz \ - && cd pkg-oss-27357d6c5453 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-otel \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 2c583aad..7c509215 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.5-alpine +FROM nginx:1.27.0-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -44,16 +44,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/27357d6c5453.tar.gz \ - && PKGOSSCHECKSUM=\"a80fc5706ad8e98597478b9e041f658375d53d22f7c8004dd16354067a3d48eb4ef234830b697ddf5c45ec57b837237cc11317bcaaa5133ccbe71bce15d969b0 *27357d6c5453.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 27357d6c5453.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"cd3333f4dfa4a873f6df73dfe24e047adc092d779aefb46577b6307ff0d0125543508694a80158b2bfc891167ad763b0d08287829df9924d4c22f50d063e76c0 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 27357d6c5453.tar.gz \ - && cd pkg-oss-27357d6c5453 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index c1bde59c..370879bb 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.19 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.25.5 -ENV PKG_RELEASE 1 +ENV NGINX_VERSION 1.27.0 +ENV PKG_RELEASE 2 RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/27357d6c5453.tar.gz \ - && PKGOSSCHECKSUM=\"a80fc5706ad8e98597478b9e041f658375d53d22f7c8004dd16354067a3d48eb4ef234830b697ddf5c45ec57b837237cc11317bcaaa5133ccbe71bce15d969b0 *27357d6c5453.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 27357d6c5453.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"cd3333f4dfa4a873f6df73dfe24e047adc092d779aefb46577b6307ff0d0125543508694a80158b2bfc891167ad763b0d08287829df9924d4c22f50d063e76c0 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 27357d6c5453.tar.gz \ - && cd pkg-oss-27357d6c5453 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index a1a04700..6437da3e 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,10 +3,10 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.5-alpine-slim +FROM nginx:1.27.0-alpine-slim ENV NJS_VERSION 0.8.4 -ENV NJS_RELEASE 3 +ENV NJS_RELEASE 2 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -49,16 +49,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/27357d6c5453.tar.gz \ - && PKGOSSCHECKSUM=\"a80fc5706ad8e98597478b9e041f658375d53d22f7c8004dd16354067a3d48eb4ef234830b697ddf5c45ec57b837237cc11317bcaaa5133ccbe71bce15d969b0 *27357d6c5453.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 27357d6c5453.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"cd3333f4dfa4a873f6df73dfe24e047adc092d779aefb46577b6307ff0d0125543508694a80158b2bfc891167ad763b0d08287829df9924d4c22f50d063e76c0 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 27357d6c5453.tar.gz \ - && cd pkg-oss-27357d6c5453 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 51f8c54e..9fe3620a 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.5 +FROM nginx:1.27.0 ENV OTEL_VERSION 0.1.0 diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 4bdba1e6..b2fcb2e5 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.5 +FROM nginx:1.27.0 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index c2048199..0087d457 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,10 +7,10 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.25.5 +ENV NGINX_VERSION 1.27.0 ENV NJS_VERSION 0.8.4 -ENV NJS_RELEASE 3~bookworm -ENV PKG_RELEASE 1~bookworm +ENV NJS_RELEASE 2~bookworm +ENV PKG_RELEASE 2~bookworm RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants diff --git a/stable/alpine-otel/Dockerfile b/stable/alpine-otel/Dockerfile index 66923ea1..b60ade03 100644 --- a/stable/alpine-otel/Dockerfile +++ b/stable/alpine-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.0-alpine +FROM nginx:1.26.1-alpine ENV OTEL_VERSION 0.1.0 @@ -49,16 +49,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/73d6839714a2.tar.gz \ - && PKGOSSCHECKSUM=\"95d513d058493d60cba5a6bb328dc3c3e75ea115cf248a64bd921159e11c6fc87d33c7f058562c584fe440a219b931d53fd66bd4c596244b54287b62979834db *73d6839714a2.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 73d6839714a2.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"0db2bf5f86e7c31f23d0e3e7699a5d8a4d9d9b0dc2f98d3e3a31e004df20206270debf6502e4481892e8b64d55fba73fcc8d74c3e0ddfcd2d3f85a17fa02a25e *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 73d6839714a2.tar.gz \ - && cd pkg-oss-73d6839714a2 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-otel \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 9cdf5d0f..355d191a 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.0-alpine +FROM nginx:1.26.1-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -44,16 +44,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/73d6839714a2.tar.gz \ - && PKGOSSCHECKSUM=\"95d513d058493d60cba5a6bb328dc3c3e75ea115cf248a64bd921159e11c6fc87d33c7f058562c584fe440a219b931d53fd66bd4c596244b54287b62979834db *73d6839714a2.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 73d6839714a2.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"0db2bf5f86e7c31f23d0e3e7699a5d8a4d9d9b0dc2f98d3e3a31e004df20206270debf6502e4481892e8b64d55fba73fcc8d74c3e0ddfcd2d3f85a17fa02a25e *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 73d6839714a2.tar.gz \ - && cd pkg-oss-73d6839714a2 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 59e0e309..452317de 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.19 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.26.0 -ENV PKG_RELEASE 1 +ENV NGINX_VERSION 1.26.1 +ENV PKG_RELEASE 2 RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/73d6839714a2.tar.gz \ - && PKGOSSCHECKSUM=\"95d513d058493d60cba5a6bb328dc3c3e75ea115cf248a64bd921159e11c6fc87d33c7f058562c584fe440a219b931d53fd66bd4c596244b54287b62979834db *73d6839714a2.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 73d6839714a2.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"0db2bf5f86e7c31f23d0e3e7699a5d8a4d9d9b0dc2f98d3e3a31e004df20206270debf6502e4481892e8b64d55fba73fcc8d74c3e0ddfcd2d3f85a17fa02a25e *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 73d6839714a2.tar.gz \ - && cd pkg-oss-73d6839714a2 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index d7f1f0c5..2fffeaba 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.0-alpine-slim +FROM nginx:1.26.1-alpine-slim ENV NJS_VERSION 0.8.4 ENV NJS_RELEASE 2 @@ -49,16 +49,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/73d6839714a2.tar.gz \ - && PKGOSSCHECKSUM=\"95d513d058493d60cba5a6bb328dc3c3e75ea115cf248a64bd921159e11c6fc87d33c7f058562c584fe440a219b931d53fd66bd4c596244b54287b62979834db *73d6839714a2.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 73d6839714a2.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"0db2bf5f86e7c31f23d0e3e7699a5d8a4d9d9b0dc2f98d3e3a31e004df20206270debf6502e4481892e8b64d55fba73fcc8d74c3e0ddfcd2d3f85a17fa02a25e *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 73d6839714a2.tar.gz \ - && cd pkg-oss-73d6839714a2 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian-otel/Dockerfile b/stable/debian-otel/Dockerfile index 2a2ca729..764b994a 100644 --- a/stable/debian-otel/Dockerfile +++ b/stable/debian-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.0 +FROM nginx:1.26.1 ENV OTEL_VERSION 0.1.0 diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index ee08af92..adfd57f8 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.0 +FROM nginx:1.26.1 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 853e3e60..9c782b27 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -7,10 +7,10 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.26.0 +ENV NGINX_VERSION 1.26.1 ENV NJS_VERSION 0.8.4 ENV NJS_RELEASE 2~bookworm -ENV PKG_RELEASE 1~bookworm +ENV PKG_RELEASE 2~bookworm RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants From 94a27ac42d45670d941a55334d89e80760f7cc8e Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 20 Jun 2024 15:57:12 -0700 Subject: [PATCH 101/160] Fixed failure to build packages from source on recent Alpine versions apk index no longer accepts untrusted keys since 2.14.2 --- Dockerfile-alpine-otel.template | 2 +- Dockerfile-alpine-perl.template | 2 +- Dockerfile-alpine-slim.template | 2 +- Dockerfile-alpine.template | 2 +- mainline/alpine-otel/Dockerfile | 2 +- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine-slim/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- stable/alpine-otel/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 2 +- stable/alpine-slim/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- 12 files changed, 12 insertions(+), 12 deletions(-) diff --git a/Dockerfile-alpine-otel.template b/Dockerfile-alpine-otel.template index 7090e4fd..027e99ae 100644 --- a/Dockerfile-alpine-otel.template +++ b/Dockerfile-alpine-otel.template @@ -50,7 +50,7 @@ RUN set -x \ && cd pkg-oss-%%REVISION%% \ && cd alpine \ && make %%BUILDTARGET%% \ - && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ diff --git a/Dockerfile-alpine-perl.template b/Dockerfile-alpine-perl.template index 9c87b72c..660e4b7b 100644 --- a/Dockerfile-alpine-perl.template +++ b/Dockerfile-alpine-perl.template @@ -45,7 +45,7 @@ RUN set -x \ && cd pkg-oss-%%REVISION%% \ && cd alpine \ && make %%BUILDTARGET%% \ - && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template index e6809e87..128cc0e1 100644 --- a/Dockerfile-alpine-slim.template +++ b/Dockerfile-alpine-slim.template @@ -62,7 +62,7 @@ RUN set -x \ && cd pkg-oss-%%REVISION%% \ && cd alpine \ && make %%BUILDTARGET%% \ - && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 8c9d490d..cce7c7b8 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -51,7 +51,7 @@ RUN set -x \ && cd pkg-oss-%%REVISION%% \ && cd alpine \ && make %%BUILDTARGET%% \ - && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index f5dcf080..784dd98b 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -61,7 +61,7 @@ RUN set -x \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-otel \ - && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 7c509215..55e9c5fb 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -56,7 +56,7 @@ RUN set -x \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-perl \ - && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 370879bb..202eed78 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -68,7 +68,7 @@ RUN set -x \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make base \ - && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 6437da3e..d1c39656 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -61,7 +61,7 @@ RUN set -x \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ - && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ diff --git a/stable/alpine-otel/Dockerfile b/stable/alpine-otel/Dockerfile index b60ade03..6fd59d88 100644 --- a/stable/alpine-otel/Dockerfile +++ b/stable/alpine-otel/Dockerfile @@ -61,7 +61,7 @@ RUN set -x \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-otel \ - && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 355d191a..f017a96e 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -56,7 +56,7 @@ RUN set -x \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-perl \ - && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 452317de..458724c7 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -68,7 +68,7 @@ RUN set -x \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make base \ - && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 2fffeaba..317e11c1 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -61,7 +61,7 @@ RUN set -x \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ - && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ From 1717492fe0135a8f4c2b88b9db2128724412869a Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 20 Jun 2024 16:54:59 -0700 Subject: [PATCH 102/160] Tests: temporarily remove ipv6 check It seems github actions runners are having issues with ipv6 since lateset updates to Docker 26. Let them sort the issues out first, and then we can revert this change. --- .../templates-resolver-ipv6/expected-std-out.txt | 1 - .test/tests/templates-resolver-ipv6/run.sh | 11 ----------- 2 files changed, 12 deletions(-) diff --git a/.test/tests/templates-resolver-ipv6/expected-std-out.txt b/.test/tests/templates-resolver-ipv6/expected-std-out.txt index 5309ac82..38bfee85 100644 --- a/.test/tests/templates-resolver-ipv6/expected-std-out.txt +++ b/.test/tests/templates-resolver-ipv6/expected-std-out.txt @@ -1,2 +1 @@ example.com - OK -ipv6 nameserver(s) present diff --git a/.test/tests/templates-resolver-ipv6/run.sh b/.test/tests/templates-resolver-ipv6/run.sh index a7bc3332..88476d65 100755 --- a/.test/tests/templates-resolver-ipv6/run.sh +++ b/.test/tests/templates-resolver-ipv6/run.sh @@ -68,14 +68,3 @@ _request() { # Check that we can request / _request GET http '/resolver-templates' | grep 'example.com - OK' - -result="$(docker exec $cid grep resolver /etc/nginx/conf.d/server.conf)" - -case "$result" in - resolver*\[*\]*) - echo "ipv6 nameserver(s) present" - ;; - *) - echo "no ipv6 nameserver(s) present" - ;; -esac From a6f7d140744f8b15ff4314b8718b3f022efc7f43 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 20 Jun 2024 17:49:20 -0700 Subject: [PATCH 103/160] Updated GPG keys used to sign packages Prebuilt binaries from nginx.org are to be signed with different keys moving forward. This change introduces two new 4096-bit RSA keys (aptly named "signing key 2" and "signing key 3") that will be used for that process. The keys can be fetched from nginx.org, too: $ curl -s https://nginx.org/keys/nginx_signing.key | gpg --show-keys - pub rsa4096 2024-05-29 [SC] 8540A6F18833A80E9C1653A42FD21310B49F6B46 uid nginx signing key pub rsa2048 2011-08-19 [SC] [expires: 2027-05-24] 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 uid nginx signing key pub rsa4096 2024-05-29 [SC] 9E9BE90EACBCDE69FE9B204CBCDCD8A38D88A2B3 uid nginx signing key As a nice side-effect, this allows us to re-fetch the older 2048-bit RSA key. It expired on Jun 14 2024, but was extended to be valid for another three years) still used to sign current packages. Unfortunately the key with the extended validity period was uploaded to the keyservers a bit too late to be picked up by current image builds, resulting in somewhat unexpected breakages for downstream images. --- Dockerfile-debian.template | 6 ++++-- mainline/debian/Dockerfile | 6 ++++-- stable/debian/Dockerfile | 6 ++++-- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 4fe841a6..cccf6ea7 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -14,10 +14,11 @@ RUN set -x \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + NGINX_GPGKEYS="573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 8540A6F18833A80E9C1653A42FD21310B49F6B46 9E9BE90EACBCDE69FE9B204CBCDCD8A38D88A2B3"; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ export GNUPGHOME="$(mktemp -d)"; \ found=''; \ + for NGINX_GPGKEY in $NGINX_GPGKEYS; do \ for server in \ hkp://keyserver.ubuntu.com:80 \ pgp.mit.edu \ @@ -26,7 +27,8 @@ RUN set -x \ gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ + done; \ + gpg1 --export "$NGINX_GPGKEYS" > "$NGINX_GPGKEY_PATH" ; \ rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 0087d457..1795d6b0 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -19,10 +19,11 @@ RUN set -x \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + NGINX_GPGKEYS="573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 8540A6F18833A80E9C1653A42FD21310B49F6B46 9E9BE90EACBCDE69FE9B204CBCDCD8A38D88A2B3"; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ export GNUPGHOME="$(mktemp -d)"; \ found=''; \ + for NGINX_GPGKEY in $NGINX_GPGKEYS; do \ for server in \ hkp://keyserver.ubuntu.com:80 \ pgp.mit.edu \ @@ -31,7 +32,8 @@ RUN set -x \ gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ + done; \ + gpg1 --export "$NGINX_GPGKEYS" > "$NGINX_GPGKEY_PATH" ; \ rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 9c782b27..dfdc5428 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -19,10 +19,11 @@ RUN set -x \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + NGINX_GPGKEYS="573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 8540A6F18833A80E9C1653A42FD21310B49F6B46 9E9BE90EACBCDE69FE9B204CBCDCD8A38D88A2B3"; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ export GNUPGHOME="$(mktemp -d)"; \ found=''; \ + for NGINX_GPGKEY in $NGINX_GPGKEYS; do \ for server in \ hkp://keyserver.ubuntu.com:80 \ pgp.mit.edu \ @@ -31,7 +32,8 @@ RUN set -x \ gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ + done; \ + gpg1 --export "$NGINX_GPGKEYS" > "$NGINX_GPGKEY_PATH" ; \ rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ From 0eef6515e5b1da1e1f06cb71edbaa73769054cec Mon Sep 17 00:00:00 2001 From: Your Name Date: Wed, 14 Aug 2024 20:35:37 +0000 Subject: [PATCH 104/160] Updated nginx versions to current While at it, introduced specific env variables for built-in dynamic modules versions, as they can differ from the main nginx binary packages. --- Dockerfile-alpine-slim.template | 5 ++-- Dockerfile-debian.template | 1 + update.sh | 46 ++++++++++++++++++++++++--------- 3 files changed, 38 insertions(+), 14 deletions(-) diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template index 128cc0e1..6c6f92f2 100644 --- a/Dockerfile-alpine-slim.template +++ b/Dockerfile-alpine-slim.template @@ -2,8 +2,9 @@ FROM alpine:%%ALPINE_VERSION%% LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION %%NGINX_VERSION%% -ENV PKG_RELEASE %%PKG_RELEASE%% +ENV NGINX_VERSION %%NGINX_VERSION%% +ENV PKG_RELEASE %%PKG_RELEASE%% +ENV DYNPKG_RELEASE %%DYNPKG_RELEASE%% RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index cccf6ea7..efef6e54 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -6,6 +6,7 @@ ENV NGINX_VERSION %%NGINX_VERSION%% ENV NJS_VERSION %%NJS_VERSION%% ENV NJS_RELEASE %%NJS_RELEASE%% ENV PKG_RELEASE %%PKG_RELEASE%% +ENV DYNPKG_RELEASE %%DYNPKG_RELEASE%% RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants diff --git a/update.sh b/update.sh index bbd5ebea..a075b075 100755 --- a/update.sh +++ b/update.sh @@ -12,21 +12,21 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.27.0' - [stable]='1.26.1' + [mainline]='1.27.1' + [stable]='1.26.2' ) # Current njs versions declare -A njs=( - [mainline]='0.8.4' - [stable]='0.8.4' + [mainline]='0.8.5' + [stable]='0.8.5' ) # Current njs patchlevel version # Remember to update pkgosschecksum when changing this. declare -A njspkg=( - [mainline]='2' - [stable]='2' + [mainline]='1' + [stable]='1' ) # Current otel versions @@ -35,9 +35,16 @@ declare -A otel=( [stable]='0.1.0' ) -# Current package patchlevel version +# Current nginx package patchlevel version # Remember to update pkgosschecksum when changing this. declare -A pkg=( + [mainline]=1 + [stable]=1 +) + +# Current built-in dynamic modules package patchlevel version +# Remember to update pkgosschecksum when changing this +declare -A dynpkg=( [mainline]=2 [stable]=2 ) @@ -65,8 +72,8 @@ declare -A rev=( # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='cd3333f4dfa4a873f6df73dfe24e047adc092d779aefb46577b6307ff0d0125543508694a80158b2bfc891167ad763b0d08287829df9924d4c22f50d063e76c0' - [stable]='0db2bf5f86e7c31f23d0e3e7699a5d8a4d9d9b0dc2f98d3e3a31e004df20206270debf6502e4481892e8b64d55fba73fcc8d74c3e0ddfcd2d3f85a17fa02a25e' + [mainline]='b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907' + [stable]='825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a' ) get_packages() { @@ -108,9 +115,12 @@ get_packages() { done ;; *) - for p in nginx nginx-module-xslt nginx-module-geoip nginx-module-image-filter $perl; do + for p in nginx; do echo -n ' '"$p"'=${NGINX_VERSION}-'"$r"'${PKG_RELEASE} \\\n' done + for p in nginx-module-xslt nginx-module-geoip nginx-module-image-filter $perl; do + echo -n ' '"$p"'=${NGINX_VERSION}-'"$r"'${DYNPKG_RELEASE} \\\n' + done for p in nginx-module-njs; do echo -n ' '"$p"'=${NGINX_VERSION}'"$sep"'${NJS_VERSION}-'"$r"'${NJS_RELEASE} \\'"$bn" done @@ -149,7 +159,17 @@ get_packagever() { [ "${distro}" = "debian" ] && suffix="~${debianver}" - [ "${package}" = "njs" ] && echo ${njspkg[$branch]}${suffix} || echo ${pkg[$branch]}${suffix} + case "${package}" in + "njs") + echo ${njspkg[$branch]}${suffix} + ;; + "dyn") + echo ${dynpkg[$branch]}${suffix} + ;; + *) + echo ${pkg[$branch]}${suffix} + ;; + esac } get_buildtarget() { @@ -172,7 +192,7 @@ get_buildtarget() { echo "\$nginxPackages" ;; debian-perl) - echo "nginx-module-perl=\${NGINX_VERSION}-\${PKG_RELEASE}" + echo "nginx-module-perl=\${NGINX_VERSION}-\${DYNPKG_RELEASE}" ;; debian-otel) echo "nginx-module-otel" @@ -218,11 +238,13 @@ for branch in "${branches[@]}"; do packages=$(get_packages "$variant" "$branch") packagever=$(get_packagever "$variant" "$branch" "any") njspkgver=$(get_packagever "$variant" "$branch" "njs") + dynpkgver=$(get_packagever "$variant" "$branch" "dyn") buildtarget=$(get_buildtarget "$variant") sed -i.bak \ -e 's,%%ALPINE_VERSION%%,'"$alpinever"',' \ -e 's,%%DEBIAN_VERSION%%,'"$debianver"',' \ + -e 's,%%DYNPKG_RELEASE%%,'"$dynpkgver"',' \ -e 's,%%NGINX_VERSION%%,'"$nginxver"',' \ -e 's,%%NJS_VERSION%%,'"$njsver"',' \ -e 's,%%NJS_RELEASE%%,'"$njspkgver"',' \ From e78cf70ce7b73a0c9ea734c9cf8aaaa283c1cc5a Mon Sep 17 00:00:00 2001 From: Your Name Date: Wed, 14 Aug 2024 20:36:50 +0000 Subject: [PATCH 105/160] Run update.sh to pick up changes after previous commit. --- mainline/alpine-otel/Dockerfile | 10 +++++----- mainline/alpine-perl/Dockerfile | 12 ++++++------ mainline/alpine-slim/Dockerfile | 7 ++++--- mainline/alpine/Dockerfile | 14 +++++++------- mainline/debian-otel/Dockerfile | 8 ++++---- mainline/debian-perl/Dockerfile | 14 +++++++------- mainline/debian/Dockerfile | 15 ++++++++------- stable/alpine-otel/Dockerfile | 10 +++++----- stable/alpine-perl/Dockerfile | 12 ++++++------ stable/alpine-slim/Dockerfile | 7 ++++--- stable/alpine/Dockerfile | 14 +++++++------- stable/debian-otel/Dockerfile | 8 ++++---- stable/debian-perl/Dockerfile | 14 +++++++------- stable/debian/Dockerfile | 15 ++++++++------- 14 files changed, 82 insertions(+), 78 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index 784dd98b..a3e926b0 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.0-alpine +FROM nginx:1.27.1-alpine ENV OTEL_VERSION 0.1.0 @@ -11,9 +11,9 @@ RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ nginx-module-otel=${NGINX_VERSION}.${OTEL_VERSION}-r${PKG_RELEASE} \ " \ @@ -50,7 +50,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"cd3333f4dfa4a873f6df73dfe24e047adc092d779aefb46577b6307ff0d0125543508694a80158b2bfc891167ad763b0d08287829df9924d4c22f50d063e76c0 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 55e9c5fb..e5162beb 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,16 +3,16 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.0-alpine +FROM nginx:1.27.1-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-perl=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-perl=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks @@ -45,7 +45,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"cd3333f4dfa4a873f6df73dfe24e047adc092d779aefb46577b6307ff0d0125543508694a80158b2bfc891167ad763b0d08287829df9924d4c22f50d063e76c0 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 202eed78..9d1c1709 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,8 +7,9 @@ FROM alpine:3.19 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.27.0 -ENV PKG_RELEASE 2 +ENV NGINX_VERSION 1.27.1 +ENV PKG_RELEASE 1 +ENV DYNPKG_RELEASE 2 RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -57,7 +58,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"cd3333f4dfa4a873f6df73dfe24e047adc092d779aefb46577b6307ff0d0125543508694a80158b2bfc891167ad763b0d08287829df9924d4c22f50d063e76c0 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index d1c39656..b6b9120a 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,18 +3,18 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.0-alpine-slim +FROM nginx:1.27.1-alpine-slim -ENV NJS_VERSION 0.8.4 -ENV NJS_RELEASE 2 +ENV NJS_VERSION 0.8.5 +ENV NJS_RELEASE 1 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks @@ -50,7 +50,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"cd3333f4dfa4a873f6df73dfe24e047adc092d779aefb46577b6307ff0d0125543508694a80158b2bfc891167ad763b0d08287829df9924d4c22f50d063e76c0 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 9fe3620a..58a5cd99 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.0 +FROM nginx:1.27.1 ENV OTEL_VERSION 0.1.0 @@ -12,9 +12,9 @@ RUN set -x; \ dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ nginx-module-otel=${NGINX_VERSION}+${OTEL_VERSION}-${PKG_RELEASE} \ " \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index b2fcb2e5..e3a51fb7 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,17 +3,17 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.0 +FROM nginx:1.27.1 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ " \ && case "$dpkgArch" in \ @@ -37,11 +37,11 @@ RUN set -x; \ \ # build .deb files from upstream's source packages (which are verified by apt-get) && apt-get update \ - && apt-get build-dep -y nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ + && apt-get build-dep -y nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \ && ( \ cd "$tempDir" \ && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ + apt-get source --compile nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 1795d6b0..40a9838d 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,10 +7,11 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.27.0 -ENV NJS_VERSION 0.8.4 -ENV NJS_RELEASE 2~bookworm -ENV PKG_RELEASE 2~bookworm +ENV NGINX_VERSION 1.27.1 +ENV NJS_VERSION 0.8.5 +ENV NJS_RELEASE 1~bookworm +ENV PKG_RELEASE 1~bookworm +ENV DYNPKG_RELEASE 2~bookworm RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -39,9 +40,9 @@ RUN set -x \ && dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ " \ && case "$dpkgArch" in \ diff --git a/stable/alpine-otel/Dockerfile b/stable/alpine-otel/Dockerfile index 6fd59d88..29ec4cd7 100644 --- a/stable/alpine-otel/Dockerfile +++ b/stable/alpine-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.1-alpine +FROM nginx:1.26.2-alpine ENV OTEL_VERSION 0.1.0 @@ -11,9 +11,9 @@ RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ nginx-module-otel=${NGINX_VERSION}.${OTEL_VERSION}-r${PKG_RELEASE} \ " \ @@ -50,7 +50,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"0db2bf5f86e7c31f23d0e3e7699a5d8a4d9d9b0dc2f98d3e3a31e004df20206270debf6502e4481892e8b64d55fba73fcc8d74c3e0ddfcd2d3f85a17fa02a25e *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index f017a96e..099d1c14 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,16 +3,16 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.1-alpine +FROM nginx:1.26.2-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-perl=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-perl=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks @@ -45,7 +45,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"0db2bf5f86e7c31f23d0e3e7699a5d8a4d9d9b0dc2f98d3e3a31e004df20206270debf6502e4481892e8b64d55fba73fcc8d74c3e0ddfcd2d3f85a17fa02a25e *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 458724c7..c26a8a06 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -7,8 +7,9 @@ FROM alpine:3.19 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.26.1 -ENV PKG_RELEASE 2 +ENV NGINX_VERSION 1.26.2 +ENV PKG_RELEASE 1 +ENV DYNPKG_RELEASE 2 RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -57,7 +58,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"0db2bf5f86e7c31f23d0e3e7699a5d8a4d9d9b0dc2f98d3e3a31e004df20206270debf6502e4481892e8b64d55fba73fcc8d74c3e0ddfcd2d3f85a17fa02a25e *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 317e11c1..adbef674 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,18 +3,18 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.1-alpine-slim +FROM nginx:1.26.2-alpine-slim -ENV NJS_VERSION 0.8.4 -ENV NJS_RELEASE 2 +ENV NJS_VERSION 0.8.5 +ENV NJS_RELEASE 1 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks @@ -50,7 +50,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"0db2bf5f86e7c31f23d0e3e7699a5d8a4d9d9b0dc2f98d3e3a31e004df20206270debf6502e4481892e8b64d55fba73fcc8d74c3e0ddfcd2d3f85a17fa02a25e *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/debian-otel/Dockerfile b/stable/debian-otel/Dockerfile index 764b994a..1bc68961 100644 --- a/stable/debian-otel/Dockerfile +++ b/stable/debian-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.1 +FROM nginx:1.26.2 ENV OTEL_VERSION 0.1.0 @@ -12,9 +12,9 @@ RUN set -x; \ dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ nginx-module-otel=${NGINX_VERSION}+${OTEL_VERSION}-${PKG_RELEASE} \ " \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index adfd57f8..17b0f103 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -3,17 +3,17 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.1 +FROM nginx:1.26.2 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ " \ && case "$dpkgArch" in \ @@ -37,11 +37,11 @@ RUN set -x; \ \ # build .deb files from upstream's source packages (which are verified by apt-get) && apt-get update \ - && apt-get build-dep -y nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ + && apt-get build-dep -y nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \ && ( \ cd "$tempDir" \ && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ + apt-get source --compile nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index dfdc5428..e623e414 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -7,10 +7,11 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.26.1 -ENV NJS_VERSION 0.8.4 -ENV NJS_RELEASE 2~bookworm -ENV PKG_RELEASE 2~bookworm +ENV NGINX_VERSION 1.26.2 +ENV NJS_VERSION 0.8.5 +ENV NJS_RELEASE 1~bookworm +ENV PKG_RELEASE 1~bookworm +ENV DYNPKG_RELEASE 2~bookworm RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -39,9 +40,9 @@ RUN set -x \ && dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ " \ && case "$dpkgArch" in \ From ab376cce6d325132adb02b6d2a248b9ad1cd9fe1 Mon Sep 17 00:00:00 2001 From: Jesper Noordsij Date: Wed, 22 May 2024 14:49:13 +0200 Subject: [PATCH 106/160] Update mainline to Alpine 3.20 --- mainline/alpine-slim/Dockerfile | 2 +- update.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 9d1c1709..44fb1f35 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.19 +FROM alpine:3.20 LABEL maintainer="NGINX Docker Maintainers " diff --git a/update.sh b/update.sh index a075b075..d5ebc2ce 100755 --- a/update.sh +++ b/update.sh @@ -55,7 +55,7 @@ declare -A debian=( ) declare -A alpine=( - [mainline]='3.19' + [mainline]='3.20' [stable]='3.19' ) From 239684923b2c652b0767540d180de7f7e84bd9fa Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 14 Aug 2024 14:47:12 -0700 Subject: [PATCH 107/160] Alpine: install curl on architectures we build from source. --- Dockerfile-alpine-otel.template | 1 + Dockerfile-alpine-perl.template | 1 + Dockerfile-alpine-slim.template | 1 + Dockerfile-alpine.template | 1 + mainline/alpine-otel/Dockerfile | 1 + mainline/alpine-perl/Dockerfile | 1 + mainline/alpine-slim/Dockerfile | 1 + mainline/alpine/Dockerfile | 1 + stable/alpine-otel/Dockerfile | 1 + stable/alpine-perl/Dockerfile | 1 + stable/alpine-slim/Dockerfile | 1 + stable/alpine/Dockerfile | 1 + 12 files changed, 12 insertions(+) diff --git a/Dockerfile-alpine-otel.template b/Dockerfile-alpine-otel.template index 027e99ae..f122273e 100644 --- a/Dockerfile-alpine-otel.template +++ b/Dockerfile-alpine-otel.template @@ -32,6 +32,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ + curl \ xz \ re2-dev \ c-ares-dev \ diff --git a/Dockerfile-alpine-perl.template b/Dockerfile-alpine-perl.template index 660e4b7b..2726d46e 100644 --- a/Dockerfile-alpine-perl.template +++ b/Dockerfile-alpine-perl.template @@ -30,6 +30,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ + curl \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template index 6c6f92f2..b60e641e 100644 --- a/Dockerfile-alpine-slim.template +++ b/Dockerfile-alpine-slim.template @@ -48,6 +48,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ + curl \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index cce7c7b8..437eb7e0 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -36,6 +36,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ + curl \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index a3e926b0..320fb074 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -43,6 +43,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ + curl \ xz \ re2-dev \ c-ares-dev \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index e5162beb..dc7219fd 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -41,6 +41,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ + curl \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 44fb1f35..a9318094 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -54,6 +54,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ + curl \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index b6b9120a..1bb5b530 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -46,6 +46,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ + curl \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ diff --git a/stable/alpine-otel/Dockerfile b/stable/alpine-otel/Dockerfile index 29ec4cd7..dbb4501e 100644 --- a/stable/alpine-otel/Dockerfile +++ b/stable/alpine-otel/Dockerfile @@ -43,6 +43,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ + curl \ xz \ re2-dev \ c-ares-dev \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 099d1c14..077ff3e9 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -41,6 +41,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ + curl \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index c26a8a06..0350ad86 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -54,6 +54,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ + curl \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index adbef674..603b7548 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -46,6 +46,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ + curl \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ From 1c99bf1406f95d5fbddb4c9f246e67ad07f79642 Mon Sep 17 00:00:00 2001 From: Jesper Noordsij Date: Wed, 29 May 2024 17:09:10 +0200 Subject: [PATCH 108/160] Update stable to Alpine 3.20 --- stable/alpine-slim/Dockerfile | 2 +- update.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 0350ad86..d1d3d8a6 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.19 +FROM alpine:3.20 LABEL maintainer="NGINX Docker Maintainers " diff --git a/update.sh b/update.sh index d5ebc2ce..9a7d6b9b 100755 --- a/update.sh +++ b/update.sh @@ -56,7 +56,7 @@ declare -A debian=( declare -A alpine=( [mainline]='3.20' - [stable]='3.19' + [stable]='3.20' ) # When we bump njs version in a stable release we don't move the tag in the From 8f11e7e2ce61b3bb1283432d03883497a0cab554 Mon Sep 17 00:00:00 2001 From: Jesper Noordsij Date: Thu, 15 Aug 2024 08:47:32 +0200 Subject: [PATCH 109/160] Use Alpine-related commit for detecting version in generate-stackbrew-library.sh --- generate-stackbrew-library.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index fc42760c..3a21d641 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -107,6 +107,7 @@ for version in "${versions[@]}"; do done + commit="$(dirCommit "$version/alpine-slim")" alpineVersion="$(git show "$commit":"$version/alpine-slim/Dockerfile" | awk -F: '$1 == "FROM alpine" { print $2; exit }')" for variant in alpine alpine-perl alpine-slim; do From d92a4f0d19747b43fd4dfe598c0bb9c854033c5e Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 15 Aug 2024 15:29:01 -0700 Subject: [PATCH 110/160] Use Alpine-related commit for detecting version in sync-awsecr.sh --- sync-awsecr.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/sync-awsecr.sh b/sync-awsecr.sh index 0e7cfffa..547c83ff 100755 --- a/sync-awsecr.sh +++ b/sync-awsecr.sh @@ -91,6 +91,7 @@ for version in "${versions[@]}"; do done done + commit="$(dirCommit "$version/alpine-slim")" alpineVersion="$(git show "$commit":"$version/alpine-slim/Dockerfile" | awk -F: '$1 == "FROM alpine" { print $2; exit }')" for variant in alpine alpine-perl alpine-slim; do From 8b08a26142fc4539ca8eaa6bdff8c463294eed88 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 16 Aug 2024 12:47:47 -0700 Subject: [PATCH 111/160] 15-local-resolvers: strip trailing whitespace Trailing whitespaces break configs that use quotation marks around vars. See https://github.com/nginxinc/docker-nginx-unprivileged/issues/234 --- entrypoint/15-local-resolvers.envsh | 3 +++ mainline/alpine-slim/15-local-resolvers.envsh | 3 +++ mainline/debian/15-local-resolvers.envsh | 3 +++ stable/alpine-slim/15-local-resolvers.envsh | 3 +++ stable/debian/15-local-resolvers.envsh | 3 +++ 5 files changed, 15 insertions(+) diff --git a/entrypoint/15-local-resolvers.envsh b/entrypoint/15-local-resolvers.envsh index 450a999f..e830ddac 100755 --- a/entrypoint/15-local-resolvers.envsh +++ b/entrypoint/15-local-resolvers.envsh @@ -9,4 +9,7 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {if ($2 ~ ":") {print "["$2"]"} else {print $2}}' /etc/resolv.conf) + +NGINX_LOCAL_RESOLVERS="${NGINX_LOCAL_RESOLVERS% }" + export NGINX_LOCAL_RESOLVERS diff --git a/mainline/alpine-slim/15-local-resolvers.envsh b/mainline/alpine-slim/15-local-resolvers.envsh index 450a999f..e830ddac 100755 --- a/mainline/alpine-slim/15-local-resolvers.envsh +++ b/mainline/alpine-slim/15-local-resolvers.envsh @@ -9,4 +9,7 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {if ($2 ~ ":") {print "["$2"]"} else {print $2}}' /etc/resolv.conf) + +NGINX_LOCAL_RESOLVERS="${NGINX_LOCAL_RESOLVERS% }" + export NGINX_LOCAL_RESOLVERS diff --git a/mainline/debian/15-local-resolvers.envsh b/mainline/debian/15-local-resolvers.envsh index 450a999f..e830ddac 100755 --- a/mainline/debian/15-local-resolvers.envsh +++ b/mainline/debian/15-local-resolvers.envsh @@ -9,4 +9,7 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {if ($2 ~ ":") {print "["$2"]"} else {print $2}}' /etc/resolv.conf) + +NGINX_LOCAL_RESOLVERS="${NGINX_LOCAL_RESOLVERS% }" + export NGINX_LOCAL_RESOLVERS diff --git a/stable/alpine-slim/15-local-resolvers.envsh b/stable/alpine-slim/15-local-resolvers.envsh index 450a999f..e830ddac 100755 --- a/stable/alpine-slim/15-local-resolvers.envsh +++ b/stable/alpine-slim/15-local-resolvers.envsh @@ -9,4 +9,7 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {if ($2 ~ ":") {print "["$2"]"} else {print $2}}' /etc/resolv.conf) + +NGINX_LOCAL_RESOLVERS="${NGINX_LOCAL_RESOLVERS% }" + export NGINX_LOCAL_RESOLVERS diff --git a/stable/debian/15-local-resolvers.envsh b/stable/debian/15-local-resolvers.envsh index 450a999f..e830ddac 100755 --- a/stable/debian/15-local-resolvers.envsh +++ b/stable/debian/15-local-resolvers.envsh @@ -9,4 +9,7 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {if ($2 ~ ":") {print "["$2"]"} else {print $2}}' /etc/resolv.conf) + +NGINX_LOCAL_RESOLVERS="${NGINX_LOCAL_RESOLVERS% }" + export NGINX_LOCAL_RESOLVERS From 479f90adc64a726d76890b0604b5116b8d7fe7f5 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 16 Aug 2024 17:46:09 -0700 Subject: [PATCH 112/160] modules/Dockerfile.alpine: install curl Not all alpine-based images have curl that's needed to fetch the sources of modules built. --- modules/Dockerfile.alpine | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Dockerfile.alpine b/modules/Dockerfile.alpine index 4b6b0910..f6d39c0d 100644 --- a/modules/Dockerfile.alpine +++ b/modules/Dockerfile.alpine @@ -15,7 +15,7 @@ COPY ./ /modules/ RUN apk update \ && apk add linux-headers openssl-dev pcre2-dev zlib-dev openssl abuild \ musl-dev libxslt libxml2-utils make mercurial gcc unzip git \ - xz g++ coreutils \ + xz g++ coreutils curl \ # allow abuild as a root user \ && printf "#!/bin/sh\\nSETFATTR=true /usr/bin/abuild -F \"\$@\"\\n" > /usr/local/bin/abuild \ && chmod +x /usr/local/bin/abuild \ From f0fc31f0f73d59cc46e16fae973065a6aea63c15 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 16 Aug 2024 23:15:16 +0000 Subject: [PATCH 113/160] Use packaging sources to build packages on non-mainstream architectures. --- Dockerfile-debian-otel.template | 38 ++++++++++++++++++++++++++------- Dockerfile-debian-perl.template | 38 ++++++++++++++++++++++++++------- Dockerfile-debian.template | 38 ++++++++++++++++++++++++++------- mainline/debian-otel/Dockerfile | 38 ++++++++++++++++++++++++++------- mainline/debian-perl/Dockerfile | 38 ++++++++++++++++++++++++++------- mainline/debian/Dockerfile | 38 ++++++++++++++++++++++++++------- stable/debian-otel/Dockerfile | 38 ++++++++++++++++++++++++++------- stable/debian-perl/Dockerfile | 38 ++++++++++++++++++++++++++------- stable/debian/Dockerfile | 38 ++++++++++++++++++++++++++------- update.sh | 16 +++++--------- 10 files changed, 275 insertions(+), 83 deletions(-) diff --git a/Dockerfile-debian-otel.template b/Dockerfile-debian-otel.template index b1a8a8e2..50f09032 100644 --- a/Dockerfile-debian-otel.template +++ b/Dockerfile-debian-otel.template @@ -15,24 +15,46 @@ RUN set -x; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for -# let's build binaries from the published source packages - echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ - \ +# let's build binaries from the published packaging sources # new directory for storing sources and .deb files - && tempDir="$(mktemp -d)" \ + tempDir="$(mktemp -d)" \ && chmod 777 "$tempDir" \ # (777 to ensure APT's "_apt" user can access it too) \ # save list of currently-installed packages so build dependencies can be cleanly removed later && savedAptMark="$(apt-mark showmanual)" \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# build .deb files from upstream's packaging sources && apt-get update \ - && apt-get build-dep -y %%BUILDTARGET%% \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + curl \ + devscripts \ + equivs \ + git \ + libxml2-utils \ + lsb-release \ + xsltproc \ && ( \ cd "$tempDir" \ - && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile %%BUILDTARGET%% \ + && REVISION="%%REVISION%%" \ + && REVISION=${REVISION%~*} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="%%PKGOSSCHECKSUM%% *${REVISION}.tar.gz" \ + && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ + echo "pkg-oss tarball checksum verification succeeded!"; \ + else \ + echo "pkg-oss tarball checksum verification failed!"; \ + exit 1; \ + fi \ + && tar xzvf ${REVISION}.tar.gz \ + && cd pkg-oss-${REVISION} \ + && cd debian \ + && for target in %%BUILDTARGET%%; do \ + make rules-$target; \ + mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \ + debuild-$target/nginx-$NGINX_VERSION/debian/control; \ + done \ + && make %%BUILDTARGET%% \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ diff --git a/Dockerfile-debian-perl.template b/Dockerfile-debian-perl.template index 03e801f5..d26452c3 100644 --- a/Dockerfile-debian-perl.template +++ b/Dockerfile-debian-perl.template @@ -13,24 +13,46 @@ RUN set -x; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for -# let's build binaries from the published source packages - echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ - \ +# let's build binaries from the published packaging sources # new directory for storing sources and .deb files - && tempDir="$(mktemp -d)" \ + tempDir="$(mktemp -d)" \ && chmod 777 "$tempDir" \ # (777 to ensure APT's "_apt" user can access it too) \ # save list of currently-installed packages so build dependencies can be cleanly removed later && savedAptMark="$(apt-mark showmanual)" \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# build .deb files from upstream's packaging sources && apt-get update \ - && apt-get build-dep -y %%BUILDTARGET%% \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + curl \ + devscripts \ + equivs \ + git \ + libxml2-utils \ + lsb-release \ + xsltproc \ && ( \ cd "$tempDir" \ - && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile %%BUILDTARGET%% \ + && REVISION="%%REVISION%%" \ + && REVISION=${REVISION%~*} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="%%PKGOSSCHECKSUM%% *${REVISION}.tar.gz" \ + && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ + echo "pkg-oss tarball checksum verification succeeded!"; \ + else \ + echo "pkg-oss tarball checksum verification failed!"; \ + exit 1; \ + fi \ + && tar xzvf ${REVISION}.tar.gz \ + && cd pkg-oss-${REVISION} \ + && cd debian \ + && for target in %%BUILDTARGET%%; do \ + make rules-$target; \ + mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \ + debuild-$target/nginx-$NGINX_VERSION/debian/control; \ + done \ + && make %%BUILDTARGET%% \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index efef6e54..9dabd67c 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -43,24 +43,46 @@ RUN set -x \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for -# let's build binaries from the published source packages - echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ - \ +# let's build binaries from the published packaging sources # new directory for storing sources and .deb files - && tempDir="$(mktemp -d)" \ + tempDir="$(mktemp -d)" \ && chmod 777 "$tempDir" \ # (777 to ensure APT's "_apt" user can access it too) \ # save list of currently-installed packages so build dependencies can be cleanly removed later && savedAptMark="$(apt-mark showmanual)" \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# build .deb files from upstream's packaging sources && apt-get update \ - && apt-get build-dep -y %%BUILDTARGET%% \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + curl \ + devscripts \ + equivs \ + git \ + libxml2-utils \ + lsb-release \ + xsltproc \ && ( \ cd "$tempDir" \ - && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile %%BUILDTARGET%% \ + && REVISION="%%REVISION%%" \ + && REVISION=${REVISION%~*} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="%%PKGOSSCHECKSUM%% *${REVISION}.tar.gz" \ + && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ + echo "pkg-oss tarball checksum verification succeeded!"; \ + else \ + echo "pkg-oss tarball checksum verification failed!"; \ + exit 1; \ + fi \ + && tar xzvf ${REVISION}.tar.gz \ + && cd pkg-oss-${REVISION} \ + && cd debian \ + && for target in %%BUILDTARGET%%; do \ + make rules-$target; \ + mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \ + debuild-$target/nginx-$NGINX_VERSION/debian/control; \ + done \ + && make %%BUILDTARGET%% \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 58a5cd99..1bb07c13 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -26,24 +26,46 @@ RUN set -x; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for -# let's build binaries from the published source packages - echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ - \ +# let's build binaries from the published packaging sources # new directory for storing sources and .deb files - && tempDir="$(mktemp -d)" \ + tempDir="$(mktemp -d)" \ && chmod 777 "$tempDir" \ # (777 to ensure APT's "_apt" user can access it too) \ # save list of currently-installed packages so build dependencies can be cleanly removed later && savedAptMark="$(apt-mark showmanual)" \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# build .deb files from upstream's packaging sources && apt-get update \ - && apt-get build-dep -y nginx-module-otel \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + curl \ + devscripts \ + equivs \ + git \ + libxml2-utils \ + lsb-release \ + xsltproc \ && ( \ cd "$tempDir" \ - && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile nginx-module-otel \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION=${REVISION%~*} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${REVISION}.tar.gz" \ + && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ + echo "pkg-oss tarball checksum verification succeeded!"; \ + else \ + echo "pkg-oss tarball checksum verification failed!"; \ + exit 1; \ + fi \ + && tar xzvf ${REVISION}.tar.gz \ + && cd pkg-oss-${REVISION} \ + && cd debian \ + && for target in module-otel; do \ + make rules-$target; \ + mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \ + debuild-$target/nginx-$NGINX_VERSION/debian/control; \ + done \ + && make module-otel \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index e3a51fb7..3c6682a8 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -24,24 +24,46 @@ RUN set -x; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for -# let's build binaries from the published source packages - echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ - \ +# let's build binaries from the published packaging sources # new directory for storing sources and .deb files - && tempDir="$(mktemp -d)" \ + tempDir="$(mktemp -d)" \ && chmod 777 "$tempDir" \ # (777 to ensure APT's "_apt" user can access it too) \ # save list of currently-installed packages so build dependencies can be cleanly removed later && savedAptMark="$(apt-mark showmanual)" \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# build .deb files from upstream's packaging sources && apt-get update \ - && apt-get build-dep -y nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + curl \ + devscripts \ + equivs \ + git \ + libxml2-utils \ + lsb-release \ + xsltproc \ && ( \ cd "$tempDir" \ - && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION=${REVISION%~*} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${REVISION}.tar.gz" \ + && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ + echo "pkg-oss tarball checksum verification succeeded!"; \ + else \ + echo "pkg-oss tarball checksum verification failed!"; \ + exit 1; \ + fi \ + && tar xzvf ${REVISION}.tar.gz \ + && cd pkg-oss-${REVISION} \ + && cd debian \ + && for target in module-perl; do \ + make rules-$target; \ + mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \ + debuild-$target/nginx-$NGINX_VERSION/debian/control; \ + done \ + && make module-perl \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 40a9838d..5cbec01a 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -53,24 +53,46 @@ RUN set -x \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for -# let's build binaries from the published source packages - echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ - \ +# let's build binaries from the published packaging sources # new directory for storing sources and .deb files - && tempDir="$(mktemp -d)" \ + tempDir="$(mktemp -d)" \ && chmod 777 "$tempDir" \ # (777 to ensure APT's "_apt" user can access it too) \ # save list of currently-installed packages so build dependencies can be cleanly removed later && savedAptMark="$(apt-mark showmanual)" \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# build .deb files from upstream's packaging sources && apt-get update \ - && apt-get build-dep -y $nginxPackages \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + curl \ + devscripts \ + equivs \ + git \ + libxml2-utils \ + lsb-release \ + xsltproc \ && ( \ cd "$tempDir" \ - && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile $nginxPackages \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION=${REVISION%~*} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${REVISION}.tar.gz" \ + && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ + echo "pkg-oss tarball checksum verification succeeded!"; \ + else \ + echo "pkg-oss tarball checksum verification failed!"; \ + exit 1; \ + fi \ + && tar xzvf ${REVISION}.tar.gz \ + && cd pkg-oss-${REVISION} \ + && cd debian \ + && for target in base module-geoip module-image-filter module-njs module-xslt; do \ + make rules-$target; \ + mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \ + debuild-$target/nginx-$NGINX_VERSION/debian/control; \ + done \ + && make base module-geoip module-image-filter module-njs module-xslt \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ diff --git a/stable/debian-otel/Dockerfile b/stable/debian-otel/Dockerfile index 1bc68961..f0c48907 100644 --- a/stable/debian-otel/Dockerfile +++ b/stable/debian-otel/Dockerfile @@ -26,24 +26,46 @@ RUN set -x; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for -# let's build binaries from the published source packages - echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ - \ +# let's build binaries from the published packaging sources # new directory for storing sources and .deb files - && tempDir="$(mktemp -d)" \ + tempDir="$(mktemp -d)" \ && chmod 777 "$tempDir" \ # (777 to ensure APT's "_apt" user can access it too) \ # save list of currently-installed packages so build dependencies can be cleanly removed later && savedAptMark="$(apt-mark showmanual)" \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# build .deb files from upstream's packaging sources && apt-get update \ - && apt-get build-dep -y nginx-module-otel \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + curl \ + devscripts \ + equivs \ + git \ + libxml2-utils \ + lsb-release \ + xsltproc \ && ( \ cd "$tempDir" \ - && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile nginx-module-otel \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION=${REVISION%~*} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${REVISION}.tar.gz" \ + && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ + echo "pkg-oss tarball checksum verification succeeded!"; \ + else \ + echo "pkg-oss tarball checksum verification failed!"; \ + exit 1; \ + fi \ + && tar xzvf ${REVISION}.tar.gz \ + && cd pkg-oss-${REVISION} \ + && cd debian \ + && for target in module-otel; do \ + make rules-$target; \ + mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \ + debuild-$target/nginx-$NGINX_VERSION/debian/control; \ + done \ + && make module-otel \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 17b0f103..394c9822 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -24,24 +24,46 @@ RUN set -x; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for -# let's build binaries from the published source packages - echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ - \ +# let's build binaries from the published packaging sources # new directory for storing sources and .deb files - && tempDir="$(mktemp -d)" \ + tempDir="$(mktemp -d)" \ && chmod 777 "$tempDir" \ # (777 to ensure APT's "_apt" user can access it too) \ # save list of currently-installed packages so build dependencies can be cleanly removed later && savedAptMark="$(apt-mark showmanual)" \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# build .deb files from upstream's packaging sources && apt-get update \ - && apt-get build-dep -y nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + curl \ + devscripts \ + equivs \ + git \ + libxml2-utils \ + lsb-release \ + xsltproc \ && ( \ cd "$tempDir" \ - && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION=${REVISION%~*} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${REVISION}.tar.gz" \ + && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ + echo "pkg-oss tarball checksum verification succeeded!"; \ + else \ + echo "pkg-oss tarball checksum verification failed!"; \ + exit 1; \ + fi \ + && tar xzvf ${REVISION}.tar.gz \ + && cd pkg-oss-${REVISION} \ + && cd debian \ + && for target in module-perl; do \ + make rules-$target; \ + mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \ + debuild-$target/nginx-$NGINX_VERSION/debian/control; \ + done \ + && make module-perl \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index e623e414..c5a23953 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -53,24 +53,46 @@ RUN set -x \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for -# let's build binaries from the published source packages - echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ - \ +# let's build binaries from the published packaging sources # new directory for storing sources and .deb files - && tempDir="$(mktemp -d)" \ + tempDir="$(mktemp -d)" \ && chmod 777 "$tempDir" \ # (777 to ensure APT's "_apt" user can access it too) \ # save list of currently-installed packages so build dependencies can be cleanly removed later && savedAptMark="$(apt-mark showmanual)" \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# build .deb files from upstream's packaging sources && apt-get update \ - && apt-get build-dep -y $nginxPackages \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + curl \ + devscripts \ + equivs \ + git \ + libxml2-utils \ + lsb-release \ + xsltproc \ && ( \ cd "$tempDir" \ - && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile $nginxPackages \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION=${REVISION%~*} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${REVISION}.tar.gz" \ + && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ + echo "pkg-oss tarball checksum verification succeeded!"; \ + else \ + echo "pkg-oss tarball checksum verification failed!"; \ + exit 1; \ + fi \ + && tar xzvf ${REVISION}.tar.gz \ + && cd pkg-oss-${REVISION} \ + && cd debian \ + && for target in base module-geoip module-image-filter module-njs module-xslt; do \ + make rules-$target; \ + mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \ + debuild-$target/nginx-$NGINX_VERSION/debian/control; \ + done \ + && make base module-geoip module-image-filter module-njs module-xslt \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ diff --git a/update.sh b/update.sh index 9a7d6b9b..84218c2d 100755 --- a/update.sh +++ b/update.sh @@ -179,23 +179,17 @@ get_buildtarget() { alpine-slim) echo base ;; - alpine-perl) - echo module-perl - ;; - alpine-otel) - echo module-otel - ;; alpine) echo module-geoip module-image-filter module-njs module-xslt ;; debian) - echo "\$nginxPackages" + echo base module-geoip module-image-filter module-njs module-xslt ;; - debian-perl) - echo "nginx-module-perl=\${NGINX_VERSION}-\${DYNPKG_RELEASE}" + *-perl) + echo module-perl ;; - debian-otel) - echo "nginx-module-otel" + *-otel) + echo module-otel ;; esac } From 829c3fbedaad7d3d64b0b56a6c3948ac10e81bb3 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 4 Sep 2024 01:22:39 +0000 Subject: [PATCH 114/160] modules: pkg-oss moved to GitHub. --- modules/Dockerfile | 6 +++--- modules/Dockerfile.alpine | 2 +- modules/README.md | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/Dockerfile b/modules/Dockerfile index e9dea75b..61573c17 100644 --- a/modules/Dockerfile +++ b/modules/Dockerfile @@ -14,11 +14,11 @@ COPY ./ /modules/ RUN apt-get update \ && apt-get install -y --no-install-suggests --no-install-recommends \ - patch make wget mercurial devscripts debhelper dpkg-dev \ + patch make wget git devscripts debhelper dpkg-dev \ quilt lsb-release build-essential libxml2-utils xsltproc \ equivs git g++ libparse-recdescent-perl \ && XSLSCRIPT_SHA512="f7194c5198daeab9b3b0c3aebf006922c7df1d345d454bd8474489ff2eb6b4bf8e2ffe442489a45d1aab80da6ecebe0097759a1e12cc26b5f0613d05b7c09ffa *stdin" \ - && wget -O /tmp/xslscript.pl https://hg.nginx.org/xslscript/raw-file/01dc9ba12e1b/xslscript.pl \ + && wget -O /tmp/xslscript.pl https://raw.githubusercontent.com/nginx/xslscript/9204424259c343ca08a18a78915f40f28025e093/xslscript.pl \ && if [ "$(cat /tmp/xslscript.pl | openssl sha512 -r)" = "$XSLSCRIPT_SHA512" ]; then \ echo "XSLScript checksum verification succeeded!"; \ chmod +x /tmp/xslscript.pl; \ @@ -27,7 +27,7 @@ RUN apt-get update \ echo "XSLScript checksum verification failed!"; \ exit 1; \ fi \ - && hg clone -r ${NGINX_VERSION}-${PKG_RELEASE%%~*} https://hg.nginx.org/pkg-oss/ \ + && git clone -b ${NGINX_VERSION}-${PKG_RELEASE%%~*} https://github.com/nginx/pkg-oss/ \ && cd pkg-oss \ && mkdir /tmp/packages \ && for module in $ENABLED_MODULES; do \ diff --git a/modules/Dockerfile.alpine b/modules/Dockerfile.alpine index f6d39c0d..9b305fff 100644 --- a/modules/Dockerfile.alpine +++ b/modules/Dockerfile.alpine @@ -19,7 +19,7 @@ RUN apk update \ # allow abuild as a root user \ && printf "#!/bin/sh\\nSETFATTR=true /usr/bin/abuild -F \"\$@\"\\n" > /usr/local/bin/abuild \ && chmod +x /usr/local/bin/abuild \ - && hg clone -r ${NGINX_VERSION}-${PKG_RELEASE} https://hg.nginx.org/pkg-oss/ \ + && git clone -b ${NGINX_VERSION}-${PKG_RELEASE} https://github.com/nginx/pkg-oss/ \ && cd pkg-oss \ && mkdir /tmp/packages \ && for module in $ENABLED_MODULES; do \ diff --git a/modules/README.md b/modules/README.md index e1ff4ba7..624b97cc 100644 --- a/modules/README.md +++ b/modules/README.md @@ -3,7 +3,7 @@ It's possible to extend a mainline image with third-party modules either from your own instuctions following a simple filesystem layout/syntax using `build_module.sh` helper script, or falling back to package sources from -[pkg-oss](https://hg.nginx.org/pkg-oss). +[pkg-oss](https://github.com/nginx/pkg-oss). ## Requirements @@ -101,7 +101,7 @@ reproduce with a vanilla image first. ### docker-compose with pre-packaged modules If desired modules are already packaged in -[pkg-oss](https://hg.nginx.org/pkg-oss/) - e.g. `debian/Makefile.module-*` +[pkg-oss](https://github.com/nginx/pkg-oss/) - e.g. `debian/Makefile.module-*` exists for a given module, you can use this example. 1. Create a directory for your project: From d8e917637c776fef865b0740a752980f26162877 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 4 Sep 2024 01:33:55 +0000 Subject: [PATCH 115/160] pkg-oss moved to GitHub. --- Dockerfile-alpine-otel.template | 2 +- Dockerfile-alpine-perl.template | 2 +- Dockerfile-alpine-slim.template | 2 +- Dockerfile-alpine.template | 2 +- Dockerfile-debian-otel.template | 2 +- Dockerfile-debian-perl.template | 2 +- Dockerfile-debian.template | 2 +- mainline/alpine-otel/Dockerfile | 4 ++-- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/debian-otel/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 4 ++-- stable/alpine-otel/Dockerfile | 4 ++-- stable/alpine-perl/Dockerfile | 4 ++-- stable/alpine-slim/Dockerfile | 4 ++-- stable/alpine/Dockerfile | 4 ++-- stable/debian-otel/Dockerfile | 4 ++-- stable/debian-perl/Dockerfile | 4 ++-- stable/debian/Dockerfile | 4 ++-- update.sh | 4 ++-- 22 files changed, 37 insertions(+), 37 deletions(-) diff --git a/Dockerfile-alpine-otel.template b/Dockerfile-alpine-otel.template index f122273e..7b4bc8f6 100644 --- a/Dockerfile-alpine-otel.template +++ b/Dockerfile-alpine-otel.template @@ -39,7 +39,7 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/%%REVISION%%.tar.gz \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/%%REVISION%%.tar.gz \ && PKGOSSCHECKSUM=\"%%PKGOSSCHECKSUM%% *%%REVISION%%.tar.gz\" \ && if [ \"\$(openssl sha512 -r %%REVISION%%.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ diff --git a/Dockerfile-alpine-perl.template b/Dockerfile-alpine-perl.template index 2726d46e..6fc37dea 100644 --- a/Dockerfile-alpine-perl.template +++ b/Dockerfile-alpine-perl.template @@ -34,7 +34,7 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/%%REVISION%%.tar.gz \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/%%REVISION%%.tar.gz \ && PKGOSSCHECKSUM=\"%%PKGOSSCHECKSUM%% *%%REVISION%%.tar.gz\" \ && if [ \"\$(openssl sha512 -r %%REVISION%%.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template index b60e641e..896b9a5c 100644 --- a/Dockerfile-alpine-slim.template +++ b/Dockerfile-alpine-slim.template @@ -52,7 +52,7 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/%%REVISION%%.tar.gz \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/%%REVISION%%.tar.gz \ && PKGOSSCHECKSUM=\"%%PKGOSSCHECKSUM%% *%%REVISION%%.tar.gz\" \ && if [ \"\$(openssl sha512 -r %%REVISION%%.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 437eb7e0..bc77dfd6 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -40,7 +40,7 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/%%REVISION%%.tar.gz \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/%%REVISION%%.tar.gz \ && PKGOSSCHECKSUM=\"%%PKGOSSCHECKSUM%% *%%REVISION%%.tar.gz\" \ && if [ \"\$(openssl sha512 -r %%REVISION%%.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ diff --git a/Dockerfile-debian-otel.template b/Dockerfile-debian-otel.template index 50f09032..709836c1 100644 --- a/Dockerfile-debian-otel.template +++ b/Dockerfile-debian-otel.template @@ -38,7 +38,7 @@ RUN set -x; \ cd "$tempDir" \ && REVISION="%%REVISION%%" \ && REVISION=${REVISION%~*} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ && PKGOSSCHECKSUM="%%PKGOSSCHECKSUM%% *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ diff --git a/Dockerfile-debian-perl.template b/Dockerfile-debian-perl.template index d26452c3..84cf99f6 100644 --- a/Dockerfile-debian-perl.template +++ b/Dockerfile-debian-perl.template @@ -36,7 +36,7 @@ RUN set -x; \ cd "$tempDir" \ && REVISION="%%REVISION%%" \ && REVISION=${REVISION%~*} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ && PKGOSSCHECKSUM="%%PKGOSSCHECKSUM%% *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 9dabd67c..9138f4c9 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -66,7 +66,7 @@ RUN set -x \ cd "$tempDir" \ && REVISION="%%REVISION%%" \ && REVISION=${REVISION%~*} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ && PKGOSSCHECKSUM="%%PKGOSSCHECKSUM%% *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index 320fb074..16113601 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -50,8 +50,8 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index dc7219fd..7c798b88 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -45,8 +45,8 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index a9318094..67b58c11 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -58,8 +58,8 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 1bb5b530..a30b5b38 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -50,8 +50,8 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 1bb07c13..076c4679 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -49,8 +49,8 @@ RUN set -x; \ cd "$tempDir" \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${REVISION}.tar.gz" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 3c6682a8..c1cc3a37 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -47,8 +47,8 @@ RUN set -x; \ cd "$tempDir" \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${REVISION}.tar.gz" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 5cbec01a..e39e378d 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -76,8 +76,8 @@ RUN set -x \ cd "$tempDir" \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${REVISION}.tar.gz" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/alpine-otel/Dockerfile b/stable/alpine-otel/Dockerfile index dbb4501e..c8928e3c 100644 --- a/stable/alpine-otel/Dockerfile +++ b/stable/alpine-otel/Dockerfile @@ -50,8 +50,8 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 077ff3e9..8c4068fe 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -45,8 +45,8 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index d1d3d8a6..ce62fc81 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -58,8 +58,8 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 603b7548..ed53f9a8 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -50,8 +50,8 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/debian-otel/Dockerfile b/stable/debian-otel/Dockerfile index f0c48907..c2ae60e9 100644 --- a/stable/debian-otel/Dockerfile +++ b/stable/debian-otel/Dockerfile @@ -49,8 +49,8 @@ RUN set -x; \ cd "$tempDir" \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${REVISION}.tar.gz" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 394c9822..c14fdd50 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -47,8 +47,8 @@ RUN set -x; \ cd "$tempDir" \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${REVISION}.tar.gz" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index c5a23953..593ca813 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -76,8 +76,8 @@ RUN set -x \ cd "$tempDir" \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${REVISION}.tar.gz" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/update.sh b/update.sh index 84218c2d..ce510b4b 100755 --- a/update.sh +++ b/update.sh @@ -72,8 +72,8 @@ declare -A rev=( # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907' - [stable]='825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a' + [mainline]='e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443' + [stable]='b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764' ) get_packages() { From d3ac5b0b9dd316db5797e13789b5b8c3e8fa9ff6 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 4 Sep 2024 01:35:10 +0000 Subject: [PATCH 116/160] update.sh: minor wording changes to accomodate for latest changes. --- update.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/update.sh b/update.sh index ce510b4b..0773e470 100755 --- a/update.sh +++ b/update.sh @@ -60,8 +60,8 @@ declare -A alpine=( ) # When we bump njs version in a stable release we don't move the tag in the -# mercurial repo. This setting allows us to specify a revision to check out -# when building alpine packages on architectures not supported by nginx.org +# pkg-oss repo. This setting allows us to specify a revision to check out +# when building packages on architectures not supported by nginx.org # Remember to update pkgosschecksum when changing this. declare -A rev=( [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' @@ -70,7 +70,7 @@ declare -A rev=( # Holds SHA512 checksum for the pkg-oss tarball produced by source code # revision/tag in the previous block -# Used in alpine builds for architectures not packaged by nginx.org +# Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( [mainline]='e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443' [stable]='b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764' From 6a4c0cb4ac7e53bbbe473df71b61a5bf9f95252f Mon Sep 17 00:00:00 2001 From: oxpa Date: Wed, 2 Oct 2024 18:47:05 +0100 Subject: [PATCH 117/160] Updated mainline to 1.27.2. --- mainline/alpine-otel/Dockerfile | 4 ++-- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 6 +++--- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-otel/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 8 ++++---- update.sh | 8 ++++---- 8 files changed, 22 insertions(+), 22 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index 16113601..d396fa25 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.1-alpine +FROM nginx:1.27.2-alpine ENV OTEL_VERSION 0.1.0 @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 7c798b88..db4489c7 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.1-alpine +FROM nginx:1.27.2-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -46,7 +46,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 67b58c11..1491b23b 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,9 +7,9 @@ FROM alpine:3.20 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.27.1 +ENV NGINX_VERSION 1.27.2 ENV PKG_RELEASE 1 -ENV DYNPKG_RELEASE 2 +ENV DYNPKG_RELEASE 1 RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index a30b5b38..246edd81 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.1-alpine-slim +FROM nginx:1.27.2-alpine-slim -ENV NJS_VERSION 0.8.5 +ENV NJS_VERSION 0.8.6 ENV NJS_RELEASE 1 RUN set -x \ @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 076c4679..9cc28f63 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.1 +FROM nginx:1.27.2 ENV OTEL_VERSION 0.1.0 @@ -50,7 +50,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index c1cc3a37..ef4bcf3d 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.1 +FROM nginx:1.27.2 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -48,7 +48,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index e39e378d..2e9d964b 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,11 +7,11 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.27.1 -ENV NJS_VERSION 0.8.5 +ENV NGINX_VERSION 1.27.2 +ENV NJS_VERSION 0.8.6 ENV NJS_RELEASE 1~bookworm ENV PKG_RELEASE 1~bookworm -ENV DYNPKG_RELEASE 2~bookworm +ENV DYNPKG_RELEASE 1~bookworm RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -77,7 +77,7 @@ RUN set -x \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/update.sh b/update.sh index 0773e470..02cc9c6d 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.27.1' + [mainline]='1.27.2' [stable]='1.26.2' ) # Current njs versions declare -A njs=( - [mainline]='0.8.5' + [mainline]='0.8.6' [stable]='0.8.5' ) @@ -45,7 +45,7 @@ declare -A pkg=( # Current built-in dynamic modules package patchlevel version # Remember to update pkgosschecksum when changing this declare -A dynpkg=( - [mainline]=2 + [mainline]=1 [stable]=2 ) @@ -72,7 +72,7 @@ declare -A rev=( # revision/tag in the previous block # Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443' + [mainline]='6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c' [stable]='b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764' ) From d21b4f2d90a1abb712a610678872e804267f4815 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 26 Nov 2024 10:14:45 -0800 Subject: [PATCH 118/160] Updated mainline nginx to 1.27.3. While at it, bump njs to 0.8.7. --- mainline/alpine-otel/Dockerfile | 4 ++-- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-otel/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 6 +++--- update.sh | 6 +++--- 8 files changed, 19 insertions(+), 19 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index d396fa25..cace990c 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.2-alpine +FROM nginx:1.27.3-alpine ENV OTEL_VERSION 0.1.0 @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index db4489c7..8526345d 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.2-alpine +FROM nginx:1.27.3-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -46,7 +46,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 1491b23b..11a27aa3 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.20 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.27.2 +ENV NGINX_VERSION 1.27.3 ENV PKG_RELEASE 1 ENV DYNPKG_RELEASE 1 @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 246edd81..f9640564 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.2-alpine-slim +FROM nginx:1.27.3-alpine-slim -ENV NJS_VERSION 0.8.6 +ENV NJS_VERSION 0.8.7 ENV NJS_RELEASE 1 RUN set -x \ @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 9cc28f63..f10a0026 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.2 +FROM nginx:1.27.3 ENV OTEL_VERSION 0.1.0 @@ -50,7 +50,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index ef4bcf3d..25d52460 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.2 +FROM nginx:1.27.3 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -48,7 +48,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 2e9d964b..70155d49 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.27.2 -ENV NJS_VERSION 0.8.6 +ENV NGINX_VERSION 1.27.3 +ENV NJS_VERSION 0.8.7 ENV NJS_RELEASE 1~bookworm ENV PKG_RELEASE 1~bookworm ENV DYNPKG_RELEASE 1~bookworm @@ -77,7 +77,7 @@ RUN set -x \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/update.sh b/update.sh index 02cc9c6d..8eebd74e 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.27.2' + [mainline]='1.27.3' [stable]='1.26.2' ) # Current njs versions declare -A njs=( - [mainline]='0.8.6' + [mainline]='0.8.7' [stable]='0.8.5' ) @@ -72,7 +72,7 @@ declare -A rev=( # revision/tag in the previous block # Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c' + [mainline]='5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960' [stable]='b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764' ) From 9bef259b010ed747bc3352dd2aaad8cdf66d4444 Mon Sep 17 00:00:00 2001 From: Meng Zhuo Date: Thu, 15 Aug 2024 09:51:22 +0800 Subject: [PATCH 119/160] Add riscv64 support --- generate-stackbrew-library.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 3a21d641..bfb45a8a 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -120,7 +120,7 @@ for version in "${versions[@]}"; do echo cat <<-EOE Tags: $(join ', ' "${variantAliases[@]}") - Architectures: arm64v8, arm32v6, arm32v7, ppc64le, s390x, i386, amd64 + Architectures: arm64v8, arm32v6, arm32v7, ppc64le, s390x, i386, amd64, riscv64 GitCommit: $commit Directory: $version/$variant EOE From da92b328a0eef8258ed02bb23689f9bf8409ceca Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 10 Dec 2024 17:58:52 -0800 Subject: [PATCH 120/160] Added a CI job to sync images to AWS ECR Public. --- .github/workflows/sync.yml | 44 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 .github/workflows/sync.yml diff --git a/.github/workflows/sync.yml b/.github/workflows/sync.yml new file mode 100644 index 00000000..99dc9860 --- /dev/null +++ b/.github/workflows/sync.yml @@ -0,0 +1,44 @@ +name: Sync DockerHub with AWS ECR + +on: + workflow_dispatch: + schedule: + - cron: 23 20 * * * + +defaults: + run: + shell: 'bash -Eeuo pipefail -x {0}' + +jobs: + sync-awsecr: + name: Sync Docker Hub to AWS ECR Public + runs-on: ubuntu-24.04 + permissions: + id-token: write + contents: read + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + with: + role-to-assume: ${{ secrets.AWS_ROLE_PUBLIC_ECR }} + aws-region: us-east-1 + + - name: Login to Amazon ECR Public + id: login-ecr-public + uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1 + with: + registry-type: public + + - name: Login to Docker Hub + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Build, tag, and push docker image to Amazon ECR Public + run: | + ./sync-awsecr.sh > sync-real.sh + chmod +x sync-real.sh + ./sync-real.sh From 767c5b46e0e6e27f3af88da2b5d31c84c17dee59 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 16 Dec 2024 13:39:06 -0800 Subject: [PATCH 121/160] CI: bump docker-library/bashbrew to contemporary version --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 30eccf55..37d7a621 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,7 +19,7 @@ jobs: strategy: ${{ steps.generate-jobs.outputs.strategy }} steps: - uses: actions/checkout@v3 - - uses: docker-library/bashbrew@v0.1.8 + - uses: docker-library/bashbrew@v0.1.12 - id: generate-jobs name: Generate Jobs run: | From 135307daa356d74185053a2d9d99c85854d84f34 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 27 Dec 2024 09:25:21 -0800 Subject: [PATCH 122/160] Updated njs to 0.8.8 --- update.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/update.sh b/update.sh index 8eebd74e..bf01741f 100755 --- a/update.sh +++ b/update.sh @@ -18,8 +18,8 @@ declare -A nginx=( # Current njs versions declare -A njs=( - [mainline]='0.8.7' - [stable]='0.8.5' + [mainline]='0.8.8' + [stable]='0.8.8' ) # Current njs patchlevel version @@ -64,16 +64,16 @@ declare -A alpine=( # when building packages on architectures not supported by nginx.org # Remember to update pkgosschecksum when changing this. declare -A rev=( - [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' - [stable]='${NGINX_VERSION}-${PKG_RELEASE}' + [mainline]='0286c5190d972a49bffc9bf247885dd510ce8181' + [stable]='f43e929dc7a6111ef5d9ecb281a75749f7934261' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code # revision/tag in the previous block # Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960' - [stable]='b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764' + [mainline]='1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535' + [stable]='315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6' ) get_packages() { From f227279d7b5c8ae8f99d29ed61f0da4c9ac0a404 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 27 Dec 2024 09:26:59 -0800 Subject: [PATCH 123/160] Updated dockerfiles after the last commit --- mainline/alpine-otel/Dockerfile | 10 +++++----- mainline/alpine-perl/Dockerfile | 10 +++++----- mainline/alpine-slim/Dockerfile | 10 +++++----- mainline/alpine/Dockerfile | 12 ++++++------ mainline/debian-otel/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 6 +++--- stable/alpine-otel/Dockerfile | 10 +++++----- stable/alpine-perl/Dockerfile | 10 +++++----- stable/alpine-slim/Dockerfile | 10 +++++----- stable/alpine/Dockerfile | 12 ++++++------ stable/debian-otel/Dockerfile | 4 ++-- stable/debian-perl/Dockerfile | 4 ++-- stable/debian/Dockerfile | 6 +++--- 14 files changed, 56 insertions(+), 56 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index cace990c..27238791 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -50,16 +50,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ + && PKGOSSCHECKSUM=\"1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ + && cd pkg-oss-0286c5190d972a49bffc9bf247885dd510ce8181 \ && cd alpine \ && make module-otel \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 8526345d..6f02b3cc 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -45,16 +45,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ + && PKGOSSCHECKSUM=\"1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ + && cd pkg-oss-0286c5190d972a49bffc9bf247885dd510ce8181 \ && cd alpine \ && make module-perl \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 11a27aa3..58e01411 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -58,16 +58,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ + && PKGOSSCHECKSUM=\"1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ + && cd pkg-oss-0286c5190d972a49bffc9bf247885dd510ce8181 \ && cd alpine \ && make base \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index f9640564..6c82f99a 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -5,7 +5,7 @@ # FROM nginx:1.27.3-alpine-slim -ENV NJS_VERSION 0.8.7 +ENV NJS_VERSION 0.8.8 ENV NJS_RELEASE 1 RUN set -x \ @@ -50,16 +50,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ + && PKGOSSCHECKSUM=\"1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ + && cd pkg-oss-0286c5190d972a49bffc9bf247885dd510ce8181 \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index f10a0026..30b6c041 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -47,10 +47,10 @@ RUN set -x; \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION="0286c5190d972a49bffc9bf247885dd510ce8181" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 25d52460..d11af157 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -45,10 +45,10 @@ RUN set -x; \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION="0286c5190d972a49bffc9bf247885dd510ce8181" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 70155d49..c25a780d 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.27.3 -ENV NJS_VERSION 0.8.7 +ENV NJS_VERSION 0.8.8 ENV NJS_RELEASE 1~bookworm ENV PKG_RELEASE 1~bookworm ENV DYNPKG_RELEASE 1~bookworm @@ -74,10 +74,10 @@ RUN set -x \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION="0286c5190d972a49bffc9bf247885dd510ce8181" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/alpine-otel/Dockerfile b/stable/alpine-otel/Dockerfile index c8928e3c..ccfa9139 100644 --- a/stable/alpine-otel/Dockerfile +++ b/stable/alpine-otel/Dockerfile @@ -50,16 +50,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ + && PKGOSSCHECKSUM=\"315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz\" \ + && if [ \"\$(openssl sha512 -r f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ + && cd pkg-oss-f43e929dc7a6111ef5d9ecb281a75749f7934261 \ && cd alpine \ && make module-otel \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 8c4068fe..f64de368 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -45,16 +45,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ + && PKGOSSCHECKSUM=\"315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz\" \ + && if [ \"\$(openssl sha512 -r f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ + && cd pkg-oss-f43e929dc7a6111ef5d9ecb281a75749f7934261 \ && cd alpine \ && make module-perl \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index ce62fc81..949cd4c1 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -58,16 +58,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ + && PKGOSSCHECKSUM=\"315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz\" \ + && if [ \"\$(openssl sha512 -r f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ + && cd pkg-oss-f43e929dc7a6111ef5d9ecb281a75749f7934261 \ && cd alpine \ && make base \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index ed53f9a8..9a638a5d 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -5,7 +5,7 @@ # FROM nginx:1.26.2-alpine-slim -ENV NJS_VERSION 0.8.5 +ENV NJS_VERSION 0.8.8 ENV NJS_RELEASE 1 RUN set -x \ @@ -50,16 +50,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ + && PKGOSSCHECKSUM=\"315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz\" \ + && if [ \"\$(openssl sha512 -r f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ + && cd pkg-oss-f43e929dc7a6111ef5d9ecb281a75749f7934261 \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian-otel/Dockerfile b/stable/debian-otel/Dockerfile index c2ae60e9..22565126 100644 --- a/stable/debian-otel/Dockerfile +++ b/stable/debian-otel/Dockerfile @@ -47,10 +47,10 @@ RUN set -x; \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION="f43e929dc7a6111ef5d9ecb281a75749f7934261" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index c14fdd50..a8d61162 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -45,10 +45,10 @@ RUN set -x; \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION="f43e929dc7a6111ef5d9ecb281a75749f7934261" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 593ca813..416d8338 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.26.2 -ENV NJS_VERSION 0.8.5 +ENV NJS_VERSION 0.8.8 ENV NJS_RELEASE 1~bookworm ENV PKG_RELEASE 1~bookworm ENV DYNPKG_RELEASE 2~bookworm @@ -74,10 +74,10 @@ RUN set -x \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION="f43e929dc7a6111ef5d9ecb281a75749f7934261" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ From 150370563fcce53e834194ce154f4035ee52d7bf Mon Sep 17 00:00:00 2001 From: Jesper Noordsij Date: Thu, 5 Dec 2024 14:21:48 +0100 Subject: [PATCH 124/160] Update mainline to Alpine 3.21 --- mainline/alpine-slim/Dockerfile | 2 +- update.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 58e01411..c9a2e62e 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.20 +FROM alpine:3.21 LABEL maintainer="NGINX Docker Maintainers " diff --git a/update.sh b/update.sh index bf01741f..e2563dbf 100755 --- a/update.sh +++ b/update.sh @@ -55,7 +55,7 @@ declare -A debian=( ) declare -A alpine=( - [mainline]='3.20' + [mainline]='3.21' [stable]='3.20' ) From 6b055c471a6619d4c81671e682a6d6affe0cf9c0 Mon Sep 17 00:00:00 2001 From: Wesley Pyburn <10319195+TCNOco@users.noreply.github.com> Date: Sun, 22 Dec 2024 02:01:03 +0200 Subject: [PATCH 125/160] Fix FromAsCasing Docker complains about FROM ${NGINX_FROM_IMAGE} as builder because `'as' and 'FROM' keywords' casing do not match` [info](https://docs.docker.com/reference/build-checks/from-as-casing/). Super simple fix. Absolutely a minor fix, but it's one less warning. --- modules/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Dockerfile b/modules/Dockerfile index 61573c17..2e77a040 100644 --- a/modules/Dockerfile +++ b/modules/Dockerfile @@ -1,5 +1,5 @@ ARG NGINX_FROM_IMAGE=nginx:mainline -FROM ${NGINX_FROM_IMAGE} as builder +FROM ${NGINX_FROM_IMAGE} AS builder ARG ENABLED_MODULES From 36e3b8eb3ae82085348d36857c7086ec0954b68a Mon Sep 17 00:00:00 2001 From: Wesley Pyburn <10319195+TCNOco@users.noreply.github.com> Date: Sun, 22 Dec 2024 02:04:39 +0200 Subject: [PATCH 126/160] Another FromAsCasing fix --- modules/Dockerfile.alpine | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Dockerfile.alpine b/modules/Dockerfile.alpine index 9b305fff..0ea49f5c 100644 --- a/modules/Dockerfile.alpine +++ b/modules/Dockerfile.alpine @@ -1,5 +1,5 @@ ARG NGINX_FROM_IMAGE=nginx:mainline-alpine -FROM ${NGINX_FROM_IMAGE} as builder +FROM ${NGINX_FROM_IMAGE} AS builder ARG ENABLED_MODULES From 86a61eb483d3c7288562d21933db6ad8e0748d17 Mon Sep 17 00:00:00 2001 From: pengcheng Date: Tue, 7 Jan 2025 16:29:41 +0800 Subject: [PATCH 127/160] rm mercurial cause it's replaced by git --- modules/Dockerfile.alpine | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Dockerfile.alpine b/modules/Dockerfile.alpine index 0ea49f5c..2cdb2936 100644 --- a/modules/Dockerfile.alpine +++ b/modules/Dockerfile.alpine @@ -14,7 +14,7 @@ COPY ./ /modules/ RUN apk update \ && apk add linux-headers openssl-dev pcre2-dev zlib-dev openssl abuild \ - musl-dev libxslt libxml2-utils make mercurial gcc unzip git \ + musl-dev libxslt libxml2-utils make gcc unzip git \ xz g++ coreutils curl \ # allow abuild as a root user \ && printf "#!/bin/sh\\nSETFATTR=true /usr/bin/abuild -F \"\$@\"\\n" > /usr/local/bin/abuild \ From a91845d5b0a05066001354a442974530e23a7ef1 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 5 Feb 2025 11:02:08 -0800 Subject: [PATCH 128/160] Updated NGINX to 1.26.3 and 1.27.4. While at it, bump njs and otel that are now shipped with those releases. --- Dockerfile-alpine-otel.template | 4 ++-- update.sh | 20 ++++++++++---------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/Dockerfile-alpine-otel.template b/Dockerfile-alpine-otel.template index 7b4bc8f6..b870b954 100644 --- a/Dockerfile-alpine-otel.template +++ b/Dockerfile-alpine-otel.template @@ -34,8 +34,8 @@ RUN set -x \ findutils \ curl \ xz \ - re2-dev \ - c-ares-dev \ + protobuf-dev \ + grpc-dev \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ diff --git a/update.sh b/update.sh index e2563dbf..8f79de6a 100755 --- a/update.sh +++ b/update.sh @@ -12,14 +12,14 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.27.3' - [stable]='1.26.2' + [mainline]='1.27.4' + [stable]='1.26.3' ) # Current njs versions declare -A njs=( - [mainline]='0.8.8' - [stable]='0.8.8' + [mainline]='0.8.9' + [stable]='0.8.9' ) # Current njs patchlevel version @@ -31,8 +31,8 @@ declare -A njspkg=( # Current otel versions declare -A otel=( - [mainline]='0.1.0' - [stable]='0.1.0' + [mainline]='0.1.1' + [stable]='0.1.1' ) # Current nginx package patchlevel version @@ -64,16 +64,16 @@ declare -A alpine=( # when building packages on architectures not supported by nginx.org # Remember to update pkgosschecksum when changing this. declare -A rev=( - [mainline]='0286c5190d972a49bffc9bf247885dd510ce8181' - [stable]='f43e929dc7a6111ef5d9ecb281a75749f7934261' + [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' + [stable]='${NGINX_VERSION}-${PKG_RELEASE}' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code # revision/tag in the previous block # Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535' - [stable]='315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6' + [mainline]='973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845' + [stable]='3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea' ) get_packages() { From cffeb933620093bc0c08c0b28c3d5cbaec79d729 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 5 Feb 2025 11:02:54 -0800 Subject: [PATCH 129/160] Updated dockerfiles after the last commits. --- mainline/alpine-otel/Dockerfile | 18 +++++++++--------- mainline/alpine-perl/Dockerfile | 12 ++++++------ mainline/alpine-slim/Dockerfile | 12 ++++++------ mainline/alpine/Dockerfile | 14 +++++++------- mainline/debian-otel/Dockerfile | 8 ++++---- mainline/debian-perl/Dockerfile | 6 +++--- mainline/debian/Dockerfile | 8 ++++---- stable/alpine-otel/Dockerfile | 18 +++++++++--------- stable/alpine-perl/Dockerfile | 12 ++++++------ stable/alpine-slim/Dockerfile | 12 ++++++------ stable/alpine/Dockerfile | 14 +++++++------- stable/debian-otel/Dockerfile | 8 ++++---- stable/debian-perl/Dockerfile | 6 +++--- stable/debian/Dockerfile | 8 ++++---- 14 files changed, 78 insertions(+), 78 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index 27238791..b7e897a8 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.3-alpine +FROM nginx:1.27.4-alpine -ENV OTEL_VERSION 0.1.0 +ENV OTEL_VERSION 0.1.1 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -45,21 +45,21 @@ RUN set -x \ findutils \ curl \ xz \ - re2-dev \ - c-ares-dev \ + protobuf-dev \ + grpc-dev \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ - && PKGOSSCHECKSUM=\"1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ - && cd pkg-oss-0286c5190d972a49bffc9bf247885dd510ce8181 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-otel \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 6f02b3cc..16bc601f 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.3-alpine +FROM nginx:1.27.4-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -45,16 +45,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ - && PKGOSSCHECKSUM=\"1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ - && cd pkg-oss-0286c5190d972a49bffc9bf247885dd510ce8181 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-perl \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index c9a2e62e..caab8e19 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.21 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.27.3 +ENV NGINX_VERSION 1.27.4 ENV PKG_RELEASE 1 ENV DYNPKG_RELEASE 1 @@ -58,16 +58,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ - && PKGOSSCHECKSUM=\"1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ - && cd pkg-oss-0286c5190d972a49bffc9bf247885dd510ce8181 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make base \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 6c82f99a..03a8fd94 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.3-alpine-slim +FROM nginx:1.27.4-alpine-slim -ENV NJS_VERSION 0.8.8 +ENV NJS_VERSION 0.8.9 ENV NJS_RELEASE 1 RUN set -x \ @@ -50,16 +50,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ - && PKGOSSCHECKSUM=\"1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ - && cd pkg-oss-0286c5190d972a49bffc9bf247885dd510ce8181 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 30b6c041..7119d905 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.3 +FROM nginx:1.27.4 -ENV OTEL_VERSION 0.1.0 +ENV OTEL_VERSION 0.1.1 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -47,10 +47,10 @@ RUN set -x; \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="0286c5190d972a49bffc9bf247885dd510ce8181" \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index d11af157..662381c6 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.3 +FROM nginx:1.27.4 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -45,10 +45,10 @@ RUN set -x; \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="0286c5190d972a49bffc9bf247885dd510ce8181" \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index c25a780d..d71d7192 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.27.3 -ENV NJS_VERSION 0.8.8 +ENV NGINX_VERSION 1.27.4 +ENV NJS_VERSION 0.8.9 ENV NJS_RELEASE 1~bookworm ENV PKG_RELEASE 1~bookworm ENV DYNPKG_RELEASE 1~bookworm @@ -74,10 +74,10 @@ RUN set -x \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="0286c5190d972a49bffc9bf247885dd510ce8181" \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/alpine-otel/Dockerfile b/stable/alpine-otel/Dockerfile index ccfa9139..cb6cd3bd 100644 --- a/stable/alpine-otel/Dockerfile +++ b/stable/alpine-otel/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.2-alpine +FROM nginx:1.26.3-alpine -ENV OTEL_VERSION 0.1.0 +ENV OTEL_VERSION 0.1.1 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -45,21 +45,21 @@ RUN set -x \ findutils \ curl \ xz \ - re2-dev \ - c-ares-dev \ + protobuf-dev \ + grpc-dev \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ - && PKGOSSCHECKSUM=\"315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz\" \ - && if [ \"\$(openssl sha512 -r f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ - && cd pkg-oss-f43e929dc7a6111ef5d9ecb281a75749f7934261 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-otel \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index f64de368..133c8a6e 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.2-alpine +FROM nginx:1.26.3-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -45,16 +45,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ - && PKGOSSCHECKSUM=\"315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz\" \ - && if [ \"\$(openssl sha512 -r f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ - && cd pkg-oss-f43e929dc7a6111ef5d9ecb281a75749f7934261 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-perl \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 949cd4c1..d125af5f 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.20 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.26.2 +ENV NGINX_VERSION 1.26.3 ENV PKG_RELEASE 1 ENV DYNPKG_RELEASE 2 @@ -58,16 +58,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ - && PKGOSSCHECKSUM=\"315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz\" \ - && if [ \"\$(openssl sha512 -r f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ - && cd pkg-oss-f43e929dc7a6111ef5d9ecb281a75749f7934261 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make base \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 9a638a5d..ec1007e4 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.2-alpine-slim +FROM nginx:1.26.3-alpine-slim -ENV NJS_VERSION 0.8.8 +ENV NJS_VERSION 0.8.9 ENV NJS_RELEASE 1 RUN set -x \ @@ -50,16 +50,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ - && PKGOSSCHECKSUM=\"315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz\" \ - && if [ \"\$(openssl sha512 -r f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ - && cd pkg-oss-f43e929dc7a6111ef5d9ecb281a75749f7934261 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian-otel/Dockerfile b/stable/debian-otel/Dockerfile index 22565126..c39b0ee7 100644 --- a/stable/debian-otel/Dockerfile +++ b/stable/debian-otel/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.2 +FROM nginx:1.26.3 -ENV OTEL_VERSION 0.1.0 +ENV OTEL_VERSION 0.1.1 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -47,10 +47,10 @@ RUN set -x; \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="f43e929dc7a6111ef5d9ecb281a75749f7934261" \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index a8d61162..18ca094e 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.2 +FROM nginx:1.26.3 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -45,10 +45,10 @@ RUN set -x; \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="f43e929dc7a6111ef5d9ecb281a75749f7934261" \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 416d8338..509a1f76 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.26.2 -ENV NJS_VERSION 0.8.8 +ENV NGINX_VERSION 1.26.3 +ENV NJS_VERSION 0.8.9 ENV NJS_RELEASE 1~bookworm ENV PKG_RELEASE 1~bookworm ENV DYNPKG_RELEASE 2~bookworm @@ -74,10 +74,10 @@ RUN set -x \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="f43e929dc7a6111ef5d9ecb281a75749f7934261" \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ From b430becb8f0f6b8d69e68cc73a82ea2873c38639 Mon Sep 17 00:00:00 2001 From: Daniel Edgar Date: Fri, 14 Feb 2025 07:19:46 -0500 Subject: [PATCH 130/160] fix: typo --- modules/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/README.md b/modules/README.md index 624b97cc..cde57ecc 100644 --- a/modules/README.md +++ b/modules/README.md @@ -1,7 +1,7 @@ # Adding third-party modules to nginx official image It's possible to extend a mainline image with third-party modules either from -your own instuctions following a simple filesystem layout/syntax using +your own instructions following a simple filesystem layout/syntax using `build_module.sh` helper script, or falling back to package sources from [pkg-oss](https://github.com/nginx/pkg-oss). From 66df4d84e7217fcb23a28f66598af31d849c04ab Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 18 Mar 2025 10:49:15 -0700 Subject: [PATCH 131/160] Change the org following the repo transfer to nginx namespace. --- .github/pull_request_template.md | 2 +- CONTRIBUTING.md | 10 +++++----- README.md | 10 +++++----- SUPPORT.md | 2 +- generate-stackbrew-library.sh | 6 +++--- modules/README.md | 6 +++--- 6 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index e869fe51..a0811a77 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -5,7 +5,7 @@ Describe the use case and detail of the change. If this PR addresses an issue on ### Checklist Before creating a PR, run through this checklist and mark each as complete: -- [ ] I have read the [`CONTRIBUTING`](https://github.com/nginxinc/docker-nginx/blob/master/CONTRIBUTING.md) document +- [ ] I have read the [`CONTRIBUTING`](https://github.com/nginx/docker-nginx/blob/master/CONTRIBUTING.md) document - [ ] I have run `./update.sh` and ensured all entrypoint/Dockerfile template changes have been applied to the relevant image entrypoint scripts & Dockerfiles - [ ] If applicable, I have added tests that prove my fix is effective or that my feature works - [ ] If applicable, I have checked that any relevant tests pass after adding my changes diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index b4b86358..7d157147 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -10,7 +10,7 @@ The following is a set of guidelines for contributing to the Docker NGINX image. [Code Guidelines](#code-guidelines) -[Code of Conduct](https://github.com/nginxinc/docker-nginx/blob/master/CODE_OF_CONDUCT.md) +[Code of Conduct](https://github.com/nginx/docker-nginx/blob/master/CODE_OF_CONDUCT.md) ## Getting Started @@ -20,18 +20,18 @@ Follow our [how to use this image guide](https://hub.docker.com/_/nginx/) to get ### Report a Bug -To report a bug, open an issue on GitHub with the label `bug` using the available bug report issue template. Please ensure the bug has not already been reported. **If the bug is a potential security vulnerability, please report it using our [security policy](https://github.com/nginxinc/docker-nginx/blob/master/SECURITY.md).** +To report a bug, open an issue on GitHub with the label `bug` using the available bug report issue template. Please ensure the bug has not already been reported. **If the bug is a potential security vulnerability, please report it using our [security policy](https://github.com/nginx/docker-nginx/blob/master/SECURITY.md).** ### Suggest a Feature or Enhancement -To suggest a feature or enhancement, please create an issue on GitHub with the label `enhancement` using the available [feature request template](https://github.com/nginxinc/docker-nginx/blob/master/.github/feature_request_template.md). Please ensure the feature or enhancement has not already been suggested. +To suggest a feature or enhancement, please create an issue on GitHub with the label `enhancement` using the available [feature request template](https://github.com/nginx/docker-nginx/blob/master/.github/feature_request_template.md). Please ensure the feature or enhancement has not already been suggested. ### Open a Pull Request - Fork the repo, create a branch, implement your changes, add any relevant tests, submit a PR when your changes are **tested** and ready for review. -- Fill in [our pull request template](https://github.com/nginxinc/docker-nginx/blob/master/.github/pull_request_template.md). +- Fill in [our pull request template](https://github.com/nginx/docker-nginx/blob/master/.github/pull_request_template.md). -Note: if you'd like to implement a new feature, please consider creating a [feature request issue](https://github.com/nginxinc/docker-nginx/blob/master/.github/feature_request_template.md) first to start a discussion about the feature. +Note: if you'd like to implement a new feature, please consider creating a [feature request issue](https://github.com/nginx/docker-nginx/blob/master/.github/feature_request_template.md) first to start a discussion about the feature. ## Code Guidelines diff --git a/README.md b/README.md index 24d8e79c..ec659fa0 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,9 @@ [![Project Status: Active – The project has reached a stable, usable state and is being actively developed.](https://www.repostatus.org/badges/latest/active.svg)](https://www.repostatus.org/#active) -[![Community Support](https://badgen.net/badge/support/community/cyan?icon=awesome)](https://github.com/nginxinc/docker-nginx/blob/master/SUPPORT.md) +[![Community Support](https://badgen.net/badge/support/community/cyan?icon=awesome)](https://github.com/nginx/docker-nginx/blob/master/SUPPORT.md) # About this Repo -## Maintained by: [the NGINX Docker Maintainers](https://github.com/nginxinc/docker-nginx) +## Maintained by: [the NGINX Docker Maintainers](https://github.com/nginx/docker-nginx) This is the Git repo of the [Docker "Official Image"](https://github.com/docker-library/official-images#what-are-official-images) for [`nginx`](https://hub.docker.com/_/nginx/). See [the Docker Hub page](https://hub.docker.com/_/nginx/) for the full readme on how to use this Docker image and for information regarding contributing and issues. @@ -19,17 +19,17 @@ For outstanding `nginx` image PRs, check [PRs with the "library/nginx" label on ## Contributing -Please see the [contributing guide](https://github.com/nginxinc/docker-nginx/blob/master/CONTRIBUTING.md) for guidelines on how to best contribute to this project. +Please see the [contributing guide](https://github.com/nginx/docker-nginx/blob/master/CONTRIBUTING.md) for guidelines on how to best contribute to this project. ## License -[BSD 2-Clause](https://github.com/nginxinc/docker-nginx/blob/master/LICENSE) +[BSD 2-Clause](https://github.com/nginx/docker-nginx/blob/master/LICENSE) © [F5, Inc.](https://www.f5.com/) 2023 --- -- [![build status badge](https://img.shields.io/github/actions/workflow/status/nginxinc/docker-nginx/ci.yml?branch=master&label=GitHub%20CI)](https://github.com/nginxinc/docker-nginx/actions?query=workflow%3A%22GitHub+CI%22+branch%3Amaster) +- [![build status badge](https://img.shields.io/github/actions/workflow/status/nginx/docker-nginx/ci.yml?branch=master&label=GitHub%20CI)](https://github.com/nginx/docker-nginx/actions?query=workflow%3A%22GitHub+CI%22+branch%3Amaster) | Build | Status | Badges | (per-arch) | |:-:|:-:|:-:|:-:| diff --git a/SUPPORT.md b/SUPPORT.md index 2a6b505d..7813793d 100644 --- a/SUPPORT.md +++ b/SUPPORT.md @@ -30,7 +30,7 @@ Want to get in touch with the NGINX development team directly? Try using the rel ## Contributing -Please see the [contributing guide](https://github.com/nginxinc/docker-nginx/blob/master/CONTRIBUTING.md) for guidelines on how to best contribute to this project. +Please see the [contributing guide](https://github.com/nginx/docker-nginx/blob/master/CONTRIBUTING.md) for guidelines on how to best contribute to this project. ## Commercial Support diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index bfb45a8a..5f1025dd 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -36,10 +36,10 @@ dirCommit() { } cat <<-EOH -# this file is generated via https://github.com/nginxinc/docker-nginx/blob/$(fileCommit "$self")/$self +# this file is generated via https://github.com/nginx/docker-nginx/blob/$(fileCommit "$self")/$self -Maintainers: NGINX Docker Maintainers (@nginxinc) -GitRepo: https://github.com/nginxinc/docker-nginx.git +Maintainers: NGINX Docker Maintainers (@nginx) +GitRepo: https://github.com/nginx/docker-nginx.git EOH # prints "$2$1$3$1...$N" diff --git a/modules/README.md b/modules/README.md index cde57ecc..0704a05b 100644 --- a/modules/README.md +++ b/modules/README.md @@ -14,7 +14,7 @@ enabled by setting the environment variable `DOCKER_BUILDKIT` to `1`. If you can not or do not want to use BuildKit, you can use a previous version of these files, see for example -https://github.com/nginxinc/docker-nginx/tree/4bf0763f4977fff7e9648add59e0540088f3ca9f/modules. +https://github.com/nginx/docker-nginx/tree/4bf0763f4977fff7e9648add59e0540088f3ca9f/modules. ## Usage @@ -115,7 +115,7 @@ cd myapp ``` mkdir my-nginx -curl -o my-nginx/Dockerfile https://raw.githubusercontent.com/nginxinc/docker-nginx/master/modules/Dockerfile +curl -o my-nginx/Dockerfile https://raw.githubusercontent.com/nginx/docker-nginx/master/modules/Dockerfile ``` 3. Create a `docker-compose.yml` file: @@ -157,7 +157,7 @@ cd myapp-cache ``` mkdir my-nginx -curl -o my-nginx/Dockerfile https://raw.githubusercontent.com/nginxinc/docker-nginx/master/modules/Dockerfile +curl -o my-nginx/Dockerfile https://raw.githubusercontent.com/nginx/docker-nginx/master/modules/Dockerfile mkdir my-nginx/cachepurge echo "https://github.com/FRiCKLE/ngx_cache_purge/archive/2.3.tar.gz" > my-nginx/cachepurge/source ``` From b2ba208bfb9f4c1e4ac1612c00eb71bc0e489fc4 Mon Sep 17 00:00:00 2001 From: Gnought <1684105+gnought@users.noreply.github.com> Date: Thu, 20 Mar 2025 02:10:30 +0800 Subject: [PATCH 132/160] chore: bump echo-nginx-module from 0.62 to 0.63 --- modules/echo/source | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/echo/source b/modules/echo/source index 3a6ad274..78cb376e 100644 --- a/modules/echo/source +++ b/modules/echo/source @@ -1 +1 @@ -https://github.com/openresty/echo-nginx-module/archive/v0.62.tar.gz +https://github.com/openresty/echo-nginx-module/archive/v0.63.tar.gz From ddfb6ba94c63bd68767c1c8c03829a8776e30559 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Tue, 18 Mar 2025 22:45:02 +0100 Subject: [PATCH 133/160] feat: Add F5 CLA workflow --- .github/workflows/f5_cla.yml | 42 ++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 .github/workflows/f5_cla.yml diff --git a/.github/workflows/f5_cla.yml b/.github/workflows/f5_cla.yml new file mode 100644 index 00000000..58e81171 --- /dev/null +++ b/.github/workflows/f5_cla.yml @@ -0,0 +1,42 @@ +--- +name: F5 CLA +on: + issue_comment: + types: [created] + pull_request_target: + types: [opened, closed, synchronize] +permissions: read-all +jobs: + f5-cla: + name: F5 CLA + runs-on: ubuntu-24.04 + permissions: + actions: write + pull-requests: write + statuses: write + steps: + - name: Run F5 Contributor License Agreement (CLA) assistant + if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have hereby read the F5 CLA and agree to its terms') || github.event_name == 'pull_request_target' + uses: contributor-assistant/github-action@ca4a40a7d1004f18d9960b404b97e5f30a505a08 # v2.6.1 + with: + # Any pull request targeting the following branch will trigger a CLA check. + # NOTE: You might need to edit this value to 'main'. + branch: master + # Path to the CLA document. + path-to-document: https://github.com/f5/f5-cla/blob/main/docs/f5_cla.md + # Custom CLA messages. + custom-notsigned-prcomment: '🎉 Thank you for your contribution! It appears you have not yet signed the [F5 Contributor License Agreement (CLA)](https://github.com/f5/f5-cla/blob/main/docs/f5_cla.md), which is required for your changes to be incorporated into an F5 Open Source Software (OSS) project. Please kindly read the [F5 CLA](https://github.com/f5/f5-cla/blob/main/docs/f5_cla.md) and reply on a new comment with the following text to agree:' + custom-pr-sign-comment: 'I have hereby read the F5 CLA and agree to its terms' + custom-allsigned-prcomment: '✅ All required contributors have signed the F5 CLA for this PR. Thank you!' + # Remote repository storing CLA signatures. + remote-organization-name: f5 + remote-repository-name: f5-cla-data + path-to-signatures: signatures/signatures.json + # Comma separated list of usernames for maintainers or any other individuals who should not be prompted for a CLA. + # NOTE: You will want to edit the usernames to suit your project needs. + allowlist: bot* + # Do not lock PRs after a merge. + lock-pullrequest-aftermerge: false + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + PERSONAL_ACCESS_TOKEN: ${{ secrets.F5_CLA_TOKEN }} From 4527783ec600ac482bc0b9a5ce29ec5c63c3e0a2 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Tue, 18 Mar 2025 22:44:30 +0100 Subject: [PATCH 134/160] docs: Update community files --- .github/CODEOWNERS | 6 ++ .github/ISSUE_TEMPLATE/bug_report.md | 33 ------- .github/ISSUE_TEMPLATE/bug_report.yml | 62 ++++++++++++ .github/ISSUE_TEMPLATE/config.yml | 12 +++ .github/ISSUE_TEMPLATE/feature_request.md | 23 ----- .github/ISSUE_TEMPLATE/feature_request.yml | 41 ++++++++ .github/pull_request_template.md | 8 +- CODE_OF_CONDUCT.md | 104 +++++++++++---------- CONTRIBUTING.md | 29 +++--- README.md | 9 +- SECURITY.md | 8 +- SUPPORT.md | 22 ++--- 12 files changed, 217 insertions(+), 140 deletions(-) create mode 100644 .github/CODEOWNERS delete mode 100644 .github/ISSUE_TEMPLATE/bug_report.md create mode 100644 .github/ISSUE_TEMPLATE/bug_report.yml create mode 100644 .github/ISSUE_TEMPLATE/config.yml delete mode 100644 .github/ISSUE_TEMPLATE/feature_request.md create mode 100644 .github/ISSUE_TEMPLATE/feature_request.yml diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 00000000..26eed7d8 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,6 @@ +##################### +# Main global owner # +##################### + +* @thresheek + diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md deleted file mode 100644 index 6c7471a3..00000000 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ /dev/null @@ -1,33 +0,0 @@ ---- -name: Bug report -about: Create a report to help us improve -title: "" -labels: "" -assignees: "" ---- - -### Describe the bug - -A clear and concise description of what the bug is. - -### To reproduce - -Steps to reproduce the behavior: - -1. Deploy the NGINX Docker image using ... -2. View output/logs/configuration on ... -3. See error - -### Expected behavior - -A clear and concise description of what you expected to happen. - -### Your environment - -- Version/release of Docker and method of installation (e.g. Docker Desktop / Docker Server) -- Version/tag of the NGINX Docker image (e.g. `nginx:alpine`) -- Target deployment platform (e.g. OpenShift / Kubernetes / Docker Compose / etc...) - -### Additional context - -Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml new file mode 100644 index 00000000..aa0fb9e1 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -0,0 +1,62 @@ +--- +name: 🐛 Bug report +description: Create a report to help us improve +labels: bug +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to fill out this bug report! + + Before you continue filling out this report, please take a moment to check that your bug has not been [already reported on GitHub][issue search] 🙌 + + Remember to redact any sensitive information such as authentication credentials and/or license keys! + + [issue search]: ../search?q=is%3Aissue&type=issues + + - type: textarea + id: overview + attributes: + label: Bug Overview + description: A clear and concise overview of the bug. + placeholder: When I do "X" with the NGINX Docker image, "Y" happens instead of "Z". + validations: + required: true + + - type: textarea + id: behavior + attributes: + label: Expected Behavior + description: A clear and concise description of what you expected to happen. + placeholder: When I do "X" with the NGINX Docker image, I expect "Z" to happen. + validations: + required: true + + - type: textarea + id: steps + attributes: + label: Steps to Reproduce the Bug + description: Detail the series of steps required to reproduce the bug. + placeholder: When I run the Docker NGINX image using [...], the image fails with an error message. If I check the terminal outputs and/or logs, I see the following error info. + validations: + required: true + + - type: textarea + id: environment + attributes: + label: Environment Details + description: Please provide details about your environment. + value: | + - Version/release of Docker and method of installation (e.g. Docker Desktop / Docker Server) + - Version of the Docker NGINX image or specific commit: [e.g. 1.4.3/commit hash] + - Target deployment platform: [e.g. OpenShift/Kubernetes/Docker Compose/local cluster/etc...] + - Target OS: [e.g. RHEL 9/Ubuntu 24.04/etc...] + validations: + required: true + + - type: textarea + id: context + attributes: + label: Additional Context + description: Add any other context about the problem here. + placeholder: Feel free to add any other context/information/screenshots/etc... that you think might be relevant to this issue in here. diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 00000000..3f7850f7 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,12 @@ +--- +blank_issues_enabled: false +contact_links: + - name: 💬 Talk to the NGINX community! + url: https://community.nginx.org + about: A community forum for NGINX users, developers, and contributors + - name: 📝 Code of Conduct + url: https://www.contributor-covenant.org/version/2/1/code_of_conduct + about: NGINX follows the Contributor Covenant Code of Conduct to ensure a safe and inclusive community + - name: 💼 For commercial & enterprise users + url: https://www.f5.com/products/nginx + about: F5 offers a wide range of NGINX products for commercial & enterprise users diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md deleted file mode 100644 index e2242abb..00000000 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ /dev/null @@ -1,23 +0,0 @@ ---- -name: Feature request -about: Suggest an idea for this project -title: "" -labels: "" -assignees: "" ---- - -### Is your feature request related to a problem? Please describe - -A clear and concise description of what the problem is. Ex. I'm always frustrated when ... - -### Describe the solution you'd like - -A clear and concise description of what you want to happen. - -### Describe alternatives you've considered - -A clear and concise description of any alternative solutions or features you've considered. - -### Additional context - -Add any other context or screenshots about the feature request here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml new file mode 100644 index 00000000..ee20eec9 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.yml @@ -0,0 +1,41 @@ +--- +name: ✨ Feature request +description: Suggest an idea for this project +labels: enhancement +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to fill out this feature request! + + Before you continue filling out this request, please take a moment to check that your feature has not been [already requested on GitHub][issue search] 🙌 + + **Note:** If you are seeking community support or have a question, please consider starting a new thread via [GitHub discussions][discussions] or the [NGINX Community forum][forum]. + + [issue search]: ../search?q=is%3Aissue&type=issues + + [discussions]: ../discussions + [forum]: https://community.nginx.org + + - type: textarea + id: overview + attributes: + label: Feature Overview + description: A clear and concise description of what the feature request is. + placeholder: I would like the Docker NGINX image to be able to do "X". + validations: + required: true + + - type: textarea + id: alternatives + attributes: + label: Alternatives Considered + description: Detail any potential alternative solutions/workarounds you've used or considered. + placeholder: I have done/might be able to do "X" in the Docker NGINX image by doing "Y". + + - type: textarea + id: context + attributes: + label: Additional Context + description: Add any other context about the problem here. + placeholder: Feel free to add any other context/information/screenshots/etc... that you think might be relevant to this feature request here. diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index a0811a77..0dc5899c 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,12 +1,14 @@ ### Proposed changes -Describe the use case and detail of the change. If this PR addresses an issue on GitHub, make sure to include a link to that issue using one of the [supported keywords](https://docs.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue) here in this description (not in the title of the PR). +Describe the use case and detail of the change. If this PR addresses an issue on GitHub, make sure to include a link to that issue using one of the [supported keywords](https://docs.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue) in this PR's description or commit message. ### Checklist Before creating a PR, run through this checklist and mark each as complete: -- [ ] I have read the [`CONTRIBUTING`](https://github.com/nginx/docker-nginx/blob/master/CONTRIBUTING.md) document + +- [ ] I have read the [contributing guidelines](/CONTRIBUTING.md) +- [ ] I have signed the [F5 Contributor License Agreement (CLA)](https://github.com/f5/f5-cla/blob/main/docs/f5_cla.md) - [ ] I have run `./update.sh` and ensured all entrypoint/Dockerfile template changes have been applied to the relevant image entrypoint scripts & Dockerfiles - [ ] If applicable, I have added tests that prove my fix is effective or that my feature works - [ ] If applicable, I have checked that any relevant tests pass after adding my changes -- [ ] I have updated any relevant documentation +- [ ] I have updated any relevant documentation ([`README.md`](/README.md) and/or [`modules/README.md`](/modules/README.md)) diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index 78354a27..e18d3706 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -2,73 +2,77 @@ ## Our Pledge -In the interest of fostering an open and welcoming environment, we as -contributors and maintainers pledge to making participation in our project and -our community a harassment-free experience for everyone, regardless of age, body -size, disability, ethnicity, sex characteristics, gender identity and expression, -level of experience, education, socio-economic status, nationality, personal -appearance, race, religion, or sexual identity and orientation. +We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community. ## Our Standards -Examples of behavior that contributes to creating a positive environment -include: +Examples of behavior that contributes to a positive environment for our community include: -- Using welcoming and inclusive language -- Being respectful of differing viewpoints and experiences -- Gracefully accepting constructive criticism -- Focusing on what is best for the community -- Showing empathy towards other community members +- Demonstrating empathy and kindness toward other people. +- Being respectful of differing opinions, viewpoints, and experiences. +- Giving and gracefully accepting constructive feedback. +- Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience. +- Focusing on what is best not just for us as individuals, but for the overall community. -Examples of unacceptable behavior by participants include: +Examples of unacceptable behavior include: -- The use of sexualized language or imagery and unwelcome sexual attention or - advances -- Trolling, insulting/derogatory comments, and personal or political attacks -- Public or private harassment -- Publishing others' private information, such as a physical or electronic - address, without explicit permission -- Other conduct which could reasonably be considered inappropriate in a - professional setting +- The use of sexualized language or imagery, and sexual attention or advances of any kind. +- Trolling, insulting or derogatory comments, and personal or political attacks. +- Public or private harassment. +- Publishing others' private information, such as a physical or email address, without their explicit permission. +- Other conduct which could reasonably be considered inappropriate in a professional setting. -## Our Responsibilities +## Enforcement Responsibilities -Project maintainers are responsible for clarifying the standards of acceptable -behavior and are expected to take appropriate and fair corrective action in -response to any instances of unacceptable behavior. +Community leaders are responsible for clarifying and enforcing our standards of acceptable behavior and will take appropriate and fair corrective action in response to any behavior that they deem inappropriate, threatening, offensive, or harmful. -Project maintainers have the right and responsibility to remove, edit, or -reject comments, commits, code, wiki edits, issues, and other contributions -that are not aligned to this Code of Conduct, or to ban temporarily or -permanently any contributor for other behaviors that they deem inappropriate, -threatening, offensive, or harmful. +Community leaders have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, and will communicate reasons for moderation decisions when appropriate. ## Scope -This Code of Conduct applies both within project spaces and in public spaces -when an individual is representing the project or its community. Examples of -representing a project or community include using an official project e-mail -address, posting via an official social media account, or acting as an appointed -representative at an online or offline event. Representation of a project may be -further defined and clarified by project maintainers. +This Code of Conduct applies within all community spaces, and also applies when an individual is officially representing the community in public spaces. Examples of representing our community include using an official email address, posting via an official social media account, or acting as an appointed representative at an online or offline event. ## Enforcement -Instances of abusive, harassing, or otherwise unacceptable behavior may be -reported by contacting the moderation team at . All -complaints will be reviewed and investigated and will result in a response that -is deemed necessary and appropriate to the circumstances. The project team is -obligated to maintain confidentiality with regard to the reporter of an incident. -Further details of specific enforcement policies may be posted separately. +Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the community leaders responsible for enforcement at . All complaints will be reviewed and investigated promptly and fairly. + +All community leaders are obligated to respect the privacy and security of the reporter of any incident. + +## Enforcement Guidelines + +Community leaders will follow these Community Impact Guidelines in determining the consequences for any action they deem in violation of this Code of Conduct: + +### 1. Correction + +**Community Impact**: Use of inappropriate language or other behavior deemed unprofessional or unwelcome in the community. + +**Consequence**: A private, written warning from community leaders, providing clarity around the nature of the violation and an explanation of why the behavior was inappropriate. A public apology may be requested. + +### 2. Warning -Project maintainers who do not follow or enforce the Code of Conduct in good -faith may face temporary or permanent repercussions as determined by other -members of the project's leadership. +**Community Impact**: A violation through a single incident or series of actions. + +**Consequence**: A warning with consequences for continued behavior. No interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, for a specified period of time. This includes avoiding interactions in community spaces as well as external channels like social media. Violating these terms may lead to a temporary or permanent ban. + +### 3. Temporary Ban + +**Community Impact**: A serious violation of community standards, including sustained inappropriate behavior. + +**Consequence**: A temporary ban from any sort of interaction or public communication with the community for a specified period of time. No public or private interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, is allowed during this period. Violating these terms may lead to a permanent ban. + +### 4. Permanent Ban + +**Community Impact**: Demonstrating a pattern of violation of community standards, including sustained inappropriate behavior, harassment of an individual, or aggression toward or disparagement of classes of individuals. + +**Consequence**: A permanent ban from any sort of public interaction within the community. ## Attribution -This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org), version 1.4, -available at +This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org), version 2.1, available at . + +Community Impact Guidelines were inspired by +[Mozilla's code of conduct enforcement ladder](https://github.com/mozilla/inclusion). -For answers to common questions about this code of conduct, see - +For answers to common questions about this code of conduct, see the FAQ at . Translations are available at . diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 7d157147..ebdcace7 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -4,13 +4,10 @@ The following is a set of guidelines for contributing to the Docker NGINX image. #### Table Of Contents -[Getting Started](#getting-started) - -[Contributing](#contributing) - -[Code Guidelines](#code-guidelines) - -[Code of Conduct](https://github.com/nginx/docker-nginx/blob/master/CODE_OF_CONDUCT.md) +- [Getting Started](#getting-started) +- [Contributing](#contributing) +- [Code Guidelines](#code-guidelines) +- [Code of Conduct](/CODE_OF_CONDUCT.md) ## Getting Started @@ -20,18 +17,24 @@ Follow our [how to use this image guide](https://hub.docker.com/_/nginx/) to get ### Report a Bug -To report a bug, open an issue on GitHub with the label `bug` using the available bug report issue template. Please ensure the bug has not already been reported. **If the bug is a potential security vulnerability, please report it using our [security policy](https://github.com/nginx/docker-nginx/blob/master/SECURITY.md).** +To report a bug, open an issue on GitHub with the label `bug` using the available [bug report issue form](/.github/ISSUE_TEMPLATE/bug_report.yml). Please ensure the bug has not already been reported. **If the bug is a potential security vulnerability, please report it using our [security policy](/SECURITY.md).** ### Suggest a Feature or Enhancement -To suggest a feature or enhancement, please create an issue on GitHub with the label `enhancement` using the available [feature request template](https://github.com/nginx/docker-nginx/blob/master/.github/feature_request_template.md). Please ensure the feature or enhancement has not already been suggested. +To suggest a feature or enhancement, please create an issue on GitHub with the label `enhancement` using the available [feature request issue form](/.github/ISSUE_TEMPLATE/feature_request.yml). Please ensure the feature or enhancement has not already been suggested. + +### Open a Pull Request (PR) + +- Fork the repo, create a branch, implement your changes, add any relevant tests, and submit a PR when your changes are **tested** and ready for review. +- Fill in the [PR template](/.github/pull_request_template.md). + +**Note:** If you'd like to implement a new feature, please consider creating a [feature request issue](/.github/ISSUE_TEMPLATE/feature_request.yml) first to start a discussion about the feature. -### Open a Pull Request +#### F5 Contributor License Agreement (CLA) -- Fork the repo, create a branch, implement your changes, add any relevant tests, submit a PR when your changes are **tested** and ready for review. -- Fill in [our pull request template](https://github.com/nginx/docker-nginx/blob/master/.github/pull_request_template.md). +F5 requires all contributors to agree to the terms of the F5 CLA (available [here](https://github.com/f5/f5-cla/.github/blob/main/docs/f5_cla.md)) before any of their changes can be incorporated into an F5 Open Source repository (even contributions to the F5 CLA itself!). -Note: if you'd like to implement a new feature, please consider creating a [feature request issue](https://github.com/nginx/docker-nginx/blob/master/.github/feature_request_template.md) first to start a discussion about the feature. +If you have not yet agreed to the F5 CLA terms and submit a PR to this repository, a bot will prompt you to view and agree to the F5 CLA. You will have to agree to the F5 CLA terms through a comment in the PR before any of your changes can be merged. Your agreement signature will be safely stored by F5 and no longer be required in future PRs. ## Code Guidelines diff --git a/README.md b/README.md index ec659fa0..d23812ad 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,8 @@ [![Project Status: Active – The project has reached a stable, usable state and is being actively developed.](https://www.repostatus.org/badges/latest/active.svg)](https://www.repostatus.org/#active) [![Community Support](https://badgen.net/badge/support/community/cyan?icon=awesome)](https://github.com/nginx/docker-nginx/blob/master/SUPPORT.md) +[![Community Forum](https://img.shields.io/badge/community-forum-009639?logo=discourse&link=https%3A%2F%2Fcommunity.nginx.org)](https://community.nginx.org) +[![License](https://img.shields.io/badge/License-BSD_2--Clause-blue.svg)](https://opensource.org/license/bsd-2-clause) +[![Contributor Covenant](https://img.shields.io/badge/Contributor%20Covenant-2.1-4baaaa.svg)](/CODE_OF_CONDUCT.md) # About this Repo @@ -19,13 +22,13 @@ For outstanding `nginx` image PRs, check [PRs with the "library/nginx" label on ## Contributing -Please see the [contributing guide](https://github.com/nginx/docker-nginx/blob/master/CONTRIBUTING.md) for guidelines on how to best contribute to this project. +Please see the [contributing guide](/CONTRIBUTING.md) for guidelines on how to best contribute to this project. ## License -[BSD 2-Clause](https://github.com/nginx/docker-nginx/blob/master/LICENSE) +[BSD 2-Clause](/LICENSE) -© [F5, Inc.](https://www.f5.com/) 2023 +© [F5, Inc.](https://www.f5.com/) 2014-2025 --- diff --git a/SECURITY.md b/SECURITY.md index 47a42e26..bf09fe02 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -6,9 +6,9 @@ We advise users to run or update to the most recent release of the NGINX Docker ## Reporting a Vulnerability -The F5 Security Incident Response Team (F5 SIRT) has an email alias that makes it easy to report potential security vulnerabilities. +The F5 Security Incident Response Team (F5 SIRT) offers two methods to easily report potential security vulnerabilities: -- If you’re an F5 customer with an active support contract, please contact [F5 Technical Support](https://www.f5.com/services/support). -- If you aren’t an F5 customer, please report any potential or current instances of security vulnerabilities with any F5 product to the F5 Security Incident Response Team at . +- If you’re an F5 customer with an active support contract, please contact [F5 Technical Support](https://www.f5.com/support). +- If you aren’t an F5 customer, please report any potential or current instances of security vulnerabilities in any F5 product to the F5 Security Incident Response Team at . -For more information visit [https://www.f5.com/services/support/report-a-vulnerability](https://www.f5.com/services/support/report-a-vulnerability) +For more information, please read the F5 SIRT vulnerability reporting guidelines available at [https://www.f5.com/support/report-a-vulnerability](https://www.f5.com/support/report-a-vulnerability). diff --git a/SUPPORT.md b/SUPPORT.md index 7813793d..5e943408 100644 --- a/SUPPORT.md +++ b/SUPPORT.md @@ -2,27 +2,23 @@ ## Ask a Question -We use GitHub for tracking bugs and feature requests related to all the Docker NGINX images (including all variants and container registries). +We use GitHub for tracking bugs and feature requests related to this project. -Don't know how something in this project works? Curious if this project can achieve your desired functionality? Please open an issue on GitHub with the label `question`. +Don't know how something in this project works? Curious if this project can achieve your desired functionality? Please open an issue on GitHub with the label `question`. Alternatively, start a GitHub discussion! ## NGINX Specific Questions and/or Issues This isn't the right place to get support for NGINX specific questions, but the following resources are available below. Thanks for your understanding! -### Community Slack +### Community Forum -We have a community [Slack](https://nginxcommunity.slack.com/)! - -If you are not a member, click [here](https://community.nginx.org/joinslack) to sign up (and let us know if the link does not seem to be working!) - -Once you join, check out the `#beginner-questions` and `nginx-users` channels :) +We have a community [forum](https://community.nginx.org/)! If you have any questions and/or issues, try checking out the [`Troubleshooting`](https://community.nginx.org/c/troubleshooting/8) and [`How do I...?`](https://community.nginx.org/c/how-do-i/9) categories. Both fellow community members and NGINXers might be able to help you! :) ### Documentation For a comprehensive list of all NGINX directives, check out . -For a comprehensive list of admin and deployment guides for all NGINX products, check out . +For a comprehensive list of administration and deployment guides for all NGINX products, check out . ### Mailing List @@ -30,8 +26,12 @@ Want to get in touch with the NGINX development team directly? Try using the rel ## Contributing -Please see the [contributing guide](https://github.com/nginx/docker-nginx/blob/master/CONTRIBUTING.md) for guidelines on how to best contribute to this project. +Please see the [contributing guide](/CONTRIBUTING.md) for guidelines on how to best contribute to this project. ## Commercial Support -Commercial support for this project may be available. Please get in touch with [NGINX sales](https://www.nginx.com/contact-sales/) or check your contract details for more info! +Commercial support for this project may be available. Please get in touch with [NGINX sales](https://www.f5.com/products/get-f5/) or check your contract details for more information! + +## Community Support + +Community support is offered on a best effort basis through either GitHub issues/PRs/discussions or through any of our active communities. From efbe7fee6fb30be225e7ff7bc531740d08a36e3e Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Thu, 20 Mar 2025 22:59:03 +0100 Subject: [PATCH 135/160] docs: Use syseng team for codeowners --- .github/CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 26eed7d8..d8b19f81 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -2,5 +2,5 @@ # Main global owner # ##################### -* @thresheek +* @nginx/syseng From d797950017665ebf75d77ace030deb2a021702d8 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Mon, 24 Mar 2025 20:36:14 +0100 Subject: [PATCH 136/160] fix: Target correct branch within CLA workflow --- .github/workflows/f5_cla.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/f5_cla.yml b/.github/workflows/f5_cla.yml index 58e81171..43e473ea 100644 --- a/.github/workflows/f5_cla.yml +++ b/.github/workflows/f5_cla.yml @@ -19,9 +19,6 @@ jobs: if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have hereby read the F5 CLA and agree to its terms') || github.event_name == 'pull_request_target' uses: contributor-assistant/github-action@ca4a40a7d1004f18d9960b404b97e5f30a505a08 # v2.6.1 with: - # Any pull request targeting the following branch will trigger a CLA check. - # NOTE: You might need to edit this value to 'main'. - branch: master # Path to the CLA document. path-to-document: https://github.com/f5/f5-cla/blob/main/docs/f5_cla.md # Custom CLA messages. @@ -31,6 +28,8 @@ jobs: # Remote repository storing CLA signatures. remote-organization-name: f5 remote-repository-name: f5-cla-data + # Branch where CLA signatures are stored. + branch: main path-to-signatures: signatures/signatures.json # Comma separated list of usernames for maintainers or any other individuals who should not be prompted for a CLA. # NOTE: You will want to edit the usernames to suit your project needs. From 0aa20e60342a306bf1eb1449a1ae247a0cdfa91a Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 21 Mar 2025 15:12:19 -0700 Subject: [PATCH 137/160] modules/README.md: updated the current list of modules. --- modules/README.md | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/modules/README.md b/modules/README.md index 0704a05b..93620e45 100644 --- a/modules/README.md +++ b/modules/README.md @@ -43,25 +43,24 @@ are available from `pkg-oss` repository: ``` /pkg-oss $ LC_ALL=C make -C debian list-all-modules -auth-spnego 1.1.1-1 +auth-spnego 1.1.2-1 brotli 1.0.0-1 encrypted-session 0.09-1 fips-check 0.1-1 -geoip 1.25.5-1 +geoip 1.27.4-1 geoip2 3.4-1 -headers-more 0.35-1 -image-filter 1.25.5-1 -lua 0.10.26-1 +headers-more 0.37-1 +image-filter 1.27.4-1 +lua 0.10.28-1 ndk 0.3.3-1 -njs 0.8.4-2 -opentracing 0.33.0-1 -otel 0.1.0-1 -passenger 6.0.19-1 -perl 1.25.5-1 +njs 0.8.9-1 +otel 0.1.1-1 +passenger 6.0.26-1 +perl 1.27.4-1 rtmp 1.2.2-1 set-misc 0.33-1 subs-filter 0.6.4-1 -xslt 1.25.5-1 +xslt 1.27.4-1 ``` If you still want to provide your own instructions for a specific module, From 483f2828f37a017bb02684d7e3d0a64a8212640e Mon Sep 17 00:00:00 2001 From: Reuben Lifshay Date: Sat, 5 Apr 2025 20:27:32 -0700 Subject: [PATCH 138/160] chore: use gettext-envsubst alpine package instead of workaround --- Dockerfile-alpine-slim.template | 19 ++----------------- 1 file changed, 2 insertions(+), 17 deletions(-) diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template index 896b9a5c..ff076f09 100644 --- a/Dockerfile-alpine-slim.template +++ b/Dockerfile-alpine-slim.template @@ -77,23 +77,8 @@ RUN set -x \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ -# Bring in gettext so we can get `envsubst`, then throw -# the rest away. To do this, we need to install `gettext` -# then move `envsubst` out of the way so `gettext` can -# be deleted completely, then move `envsubst` back. - && apk add --no-cache --virtual .gettext gettext \ - && mv /usr/bin/envsubst /tmp/ \ - \ - && runDeps="$( \ - scanelf --needed --nobanner /tmp/envsubst \ - | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ - | sort -u \ - | xargs -r apk info --installed \ - | sort -u \ - )" \ - && apk add --no-cache $runDeps \ - && apk del --no-network .gettext \ - && mv /tmp/envsubst /usr/local/bin/ \ +# Add `envsubst` for templating environment variables + && apk add --no-cache gettext-envsubst \ # Bring in tzdata so users could set the timezones through the environment # variables && apk add --no-cache tzdata \ From bd3e501c6d800f0a541fe7c965ef905f470cd75f Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 8 Apr 2025 14:52:20 -0700 Subject: [PATCH 139/160] Updated dockerfiles after the last commit --- mainline/alpine-slim/Dockerfile | 19 ++----------------- stable/alpine-slim/Dockerfile | 19 ++----------------- 2 files changed, 4 insertions(+), 34 deletions(-) diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index caab8e19..7f4b9fa2 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -83,23 +83,8 @@ RUN set -x \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ -# Bring in gettext so we can get `envsubst`, then throw -# the rest away. To do this, we need to install `gettext` -# then move `envsubst` out of the way so `gettext` can -# be deleted completely, then move `envsubst` back. - && apk add --no-cache --virtual .gettext gettext \ - && mv /usr/bin/envsubst /tmp/ \ - \ - && runDeps="$( \ - scanelf --needed --nobanner /tmp/envsubst \ - | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ - | sort -u \ - | xargs -r apk info --installed \ - | sort -u \ - )" \ - && apk add --no-cache $runDeps \ - && apk del --no-network .gettext \ - && mv /tmp/envsubst /usr/local/bin/ \ +# Add `envsubst` for templating environment variables + && apk add --no-cache gettext-envsubst \ # Bring in tzdata so users could set the timezones through the environment # variables && apk add --no-cache tzdata \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index d125af5f..65bd5449 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -83,23 +83,8 @@ RUN set -x \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ -# Bring in gettext so we can get `envsubst`, then throw -# the rest away. To do this, we need to install `gettext` -# then move `envsubst` out of the way so `gettext` can -# be deleted completely, then move `envsubst` back. - && apk add --no-cache --virtual .gettext gettext \ - && mv /usr/bin/envsubst /tmp/ \ - \ - && runDeps="$( \ - scanelf --needed --nobanner /tmp/envsubst \ - | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ - | sort -u \ - | xargs -r apk info --installed \ - | sort -u \ - )" \ - && apk add --no-cache $runDeps \ - && apk del --no-network .gettext \ - && mv /tmp/envsubst /usr/local/bin/ \ +# Add `envsubst` for templating environment variables + && apk add --no-cache gettext-envsubst \ # Bring in tzdata so users could set the timezones through the environment # variables && apk add --no-cache tzdata \ From eaf8875a1967d24cea6ed8b37109075e39ed9e43 Mon Sep 17 00:00:00 2001 From: oxpa Date: Wed, 16 Apr 2025 15:35:16 +0100 Subject: [PATCH 140/160] Updated mainline to 1.27.5. While at it, updated njs to 0.8.10 for mainline. --- mainline/alpine-otel/Dockerfile | 4 ++-- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-otel/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 6 +++--- update.sh | 6 +++--- 8 files changed, 19 insertions(+), 19 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index b7e897a8..c0013029 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.4-alpine +FROM nginx:1.27.5-alpine ENV OTEL_VERSION 0.1.1 @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 16bc601f..43a9b54e 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.4-alpine +FROM nginx:1.27.5-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -46,7 +46,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 7f4b9fa2..bcf90752 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.21 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.27.4 +ENV NGINX_VERSION 1.27.5 ENV PKG_RELEASE 1 ENV DYNPKG_RELEASE 1 @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 03a8fd94..aafff741 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.4-alpine-slim +FROM nginx:1.27.5-alpine-slim -ENV NJS_VERSION 0.8.9 +ENV NJS_VERSION 0.8.10 ENV NJS_RELEASE 1 RUN set -x \ @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 7119d905..70151a28 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.4 +FROM nginx:1.27.5 ENV OTEL_VERSION 0.1.1 @@ -50,7 +50,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 662381c6..940ef74d 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.4 +FROM nginx:1.27.5 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -48,7 +48,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index d71d7192..f034b778 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.27.4 -ENV NJS_VERSION 0.8.9 +ENV NGINX_VERSION 1.27.5 +ENV NJS_VERSION 0.8.10 ENV NJS_RELEASE 1~bookworm ENV PKG_RELEASE 1~bookworm ENV DYNPKG_RELEASE 1~bookworm @@ -77,7 +77,7 @@ RUN set -x \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/update.sh b/update.sh index 8f79de6a..32e4a103 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.27.4' + [mainline]='1.27.5' [stable]='1.26.3' ) # Current njs versions declare -A njs=( - [mainline]='0.8.9' + [mainline]='0.8.10' [stable]='0.8.9' ) @@ -72,7 +72,7 @@ declare -A rev=( # revision/tag in the previous block # Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845' + [mainline]='c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745' [stable]='3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea' ) From 4e08af2988063a3b02420ef0040e2e13fc9d93d6 Mon Sep 17 00:00:00 2001 From: oxpa Date: Wed, 16 Apr 2025 16:01:48 +0100 Subject: [PATCH 141/160] Updated nginx otel for mainline to 0.1.2. --- mainline/alpine-otel/Dockerfile | 2 +- mainline/debian-otel/Dockerfile | 2 +- update.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index c0013029..d7b73e6e 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -5,7 +5,7 @@ # FROM nginx:1.27.5-alpine -ENV OTEL_VERSION 0.1.1 +ENV OTEL_VERSION 0.1.2 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 70151a28..199614ff 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -5,7 +5,7 @@ # FROM nginx:1.27.5 -ENV OTEL_VERSION 0.1.1 +ENV OTEL_VERSION 0.1.2 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ diff --git a/update.sh b/update.sh index 32e4a103..08744e96 100755 --- a/update.sh +++ b/update.sh @@ -31,7 +31,7 @@ declare -A njspkg=( # Current otel versions declare -A otel=( - [mainline]='0.1.1' + [mainline]='0.1.2' [stable]='0.1.1' ) From fb92d1121ab8f58830155d34aeb607f2375829dc Mon Sep 17 00:00:00 2001 From: Jesper Noordsij Date: Thu, 5 Dec 2024 14:23:22 +0100 Subject: [PATCH 142/160] Update stable to Alpine 3.21 --- stable/alpine-slim/Dockerfile | 2 +- update.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 65bd5449..af03749c 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.20 +FROM alpine:3.21 LABEL maintainer="NGINX Docker Maintainers " diff --git a/update.sh b/update.sh index 08744e96..7df556d6 100755 --- a/update.sh +++ b/update.sh @@ -56,7 +56,7 @@ declare -A debian=( declare -A alpine=( [mainline]='3.21' - [stable]='3.20' + [stable]='3.21' ) # When we bump njs version in a stable release we don't move the tag in the From 025c52f4168ed96e503e165741b0ba39ca80bd76 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 22 Apr 2025 13:51:29 -0700 Subject: [PATCH 143/160] Bump stable to 1.28.0. While at it, bump njs and otel to contemporary versions as well. --- generate-stackbrew-library.sh | 2 +- sync-awsecr.sh | 2 +- update.sh | 10 +++++----- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 5f1025dd..8776c686 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -4,7 +4,7 @@ set -eu declare -A aliases aliases=( [mainline]='1 1.27 latest' - [stable]='1.26' + [stable]='1.28' ) self="$(basename "$BASH_SOURCE")" diff --git a/sync-awsecr.sh b/sync-awsecr.sh index 547c83ff..af1ed2bc 100755 --- a/sync-awsecr.sh +++ b/sync-awsecr.sh @@ -7,7 +7,7 @@ registry="public.ecr.aws/z9d2n7e1" declare -A aliases aliases=( [mainline]='1 1.27 latest' - [stable]='1.26' + [stable]='1.28' ) architectures=( amd64 arm64v8 ) diff --git a/update.sh b/update.sh index 7df556d6..dfe7935a 100755 --- a/update.sh +++ b/update.sh @@ -13,13 +13,13 @@ declare branches=( # Remember to update pkgosschecksum when changing this. declare -A nginx=( [mainline]='1.27.5' - [stable]='1.26.3' + [stable]='1.28.0' ) # Current njs versions declare -A njs=( [mainline]='0.8.10' - [stable]='0.8.9' + [stable]='0.8.10' ) # Current njs patchlevel version @@ -32,7 +32,7 @@ declare -A njspkg=( # Current otel versions declare -A otel=( [mainline]='0.1.2' - [stable]='0.1.1' + [stable]='0.1.2' ) # Current nginx package patchlevel version @@ -46,7 +46,7 @@ declare -A pkg=( # Remember to update pkgosschecksum when changing this declare -A dynpkg=( [mainline]=1 - [stable]=2 + [stable]=1 ) declare -A debian=( @@ -73,7 +73,7 @@ declare -A rev=( # Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( [mainline]='c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745' - [stable]='3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea' + [stable]='517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4' ) get_packages() { From 7f1d49f6f222f7e588a9066fd53a0ce43c3466a5 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 23 Apr 2025 10:06:56 -0700 Subject: [PATCH 144/160] Regenerated stable dockerfiles after the last commits. --- stable/alpine-otel/Dockerfile | 6 +++--- stable/alpine-perl/Dockerfile | 4 ++-- stable/alpine-slim/Dockerfile | 6 +++--- stable/alpine/Dockerfile | 6 +++--- stable/debian-otel/Dockerfile | 6 +++--- stable/debian-perl/Dockerfile | 4 ++-- stable/debian/Dockerfile | 8 ++++---- 7 files changed, 20 insertions(+), 20 deletions(-) diff --git a/stable/alpine-otel/Dockerfile b/stable/alpine-otel/Dockerfile index cb6cd3bd..7ca1a94b 100644 --- a/stable/alpine-otel/Dockerfile +++ b/stable/alpine-otel/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.3-alpine +FROM nginx:1.28.0-alpine -ENV OTEL_VERSION 0.1.1 +ENV OTEL_VERSION 0.1.2 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 133c8a6e..9676d8bc 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.3-alpine +FROM nginx:1.28.0-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -46,7 +46,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index af03749c..29bf5ba2 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -7,9 +7,9 @@ FROM alpine:3.21 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.26.3 +ENV NGINX_VERSION 1.28.0 ENV PKG_RELEASE 1 -ENV DYNPKG_RELEASE 2 +ENV DYNPKG_RELEASE 1 RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index ec1007e4..fb0c900a 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.3-alpine-slim +FROM nginx:1.28.0-alpine-slim -ENV NJS_VERSION 0.8.9 +ENV NJS_VERSION 0.8.10 ENV NJS_RELEASE 1 RUN set -x \ @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/debian-otel/Dockerfile b/stable/debian-otel/Dockerfile index c39b0ee7..e4129a43 100644 --- a/stable/debian-otel/Dockerfile +++ b/stable/debian-otel/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.3 +FROM nginx:1.28.0 -ENV OTEL_VERSION 0.1.1 +ENV OTEL_VERSION 0.1.2 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -50,7 +50,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 18ca094e..bda0e1b8 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.3 +FROM nginx:1.28.0 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -48,7 +48,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 509a1f76..d0b7cf62 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -7,11 +7,11 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.26.3 -ENV NJS_VERSION 0.8.9 +ENV NGINX_VERSION 1.28.0 +ENV NJS_VERSION 0.8.10 ENV NJS_RELEASE 1~bookworm ENV PKG_RELEASE 1~bookworm -ENV DYNPKG_RELEASE 2~bookworm +ENV DYNPKG_RELEASE 1~bookworm RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -77,7 +77,7 @@ RUN set -x \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ From 1b87dc1ab18a1b15fe89d946f37987e2ec5793c9 Mon Sep 17 00:00:00 2001 From: Jesper Noordsij Date: Mon, 2 Jun 2025 14:28:35 +0200 Subject: [PATCH 145/160] Update mainline to Alpine 3.22 --- mainline/alpine-slim/Dockerfile | 2 +- update.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index bcf90752..b7258283 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.21 +FROM alpine:3.22 LABEL maintainer="NGINX Docker Maintainers " diff --git a/update.sh b/update.sh index dfe7935a..ede32ea2 100755 --- a/update.sh +++ b/update.sh @@ -55,7 +55,7 @@ declare -A debian=( ) declare -A alpine=( - [mainline]='3.21' + [mainline]='3.22' [stable]='3.21' ) From 6a0bb106841e86fb043b4cbfb526135c7a7f0c72 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 24 Jun 2025 12:11:04 -0700 Subject: [PATCH 146/160] Updated nginx mainline to 1.29.0 and njs to 0.9.0. --- update.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/update.sh b/update.sh index ede32ea2..e85d193f 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.27.5' + [mainline]='1.29.0' [stable]='1.28.0' ) # Current njs versions declare -A njs=( - [mainline]='0.8.10' + [mainline]='0.9.0' [stable]='0.8.10' ) @@ -72,7 +72,7 @@ declare -A rev=( # revision/tag in the previous block # Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745' + [mainline]='400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1' [stable]='517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4' ) From 7895505c41013f66d3841cd2613b436229c1fe0e Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 24 Jun 2025 12:11:24 -0700 Subject: [PATCH 147/160] Regenerated dockerfiles after the last commit. --- mainline/alpine-otel/Dockerfile | 4 ++-- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-otel/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 6 +++--- 7 files changed, 16 insertions(+), 16 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index d7b73e6e..87c8559b 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.5-alpine +FROM nginx:1.29.0-alpine ENV OTEL_VERSION 0.1.2 @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 43a9b54e..5bbd2d7c 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.5-alpine +FROM nginx:1.29.0-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -46,7 +46,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index b7258283..f9fd0dd6 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.22 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.27.5 +ENV NGINX_VERSION 1.29.0 ENV PKG_RELEASE 1 ENV DYNPKG_RELEASE 1 @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index aafff741..d5296027 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.5-alpine-slim +FROM nginx:1.29.0-alpine-slim -ENV NJS_VERSION 0.8.10 +ENV NJS_VERSION 0.9.0 ENV NJS_RELEASE 1 RUN set -x \ @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 199614ff..4b551fc4 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.5 +FROM nginx:1.29.0 ENV OTEL_VERSION 0.1.2 @@ -50,7 +50,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 940ef74d..37d0b871 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.5 +FROM nginx:1.29.0 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -48,7 +48,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index f034b778..9e9f0ce4 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.27.5 -ENV NJS_VERSION 0.8.10 +ENV NGINX_VERSION 1.29.0 +ENV NJS_VERSION 0.9.0 ENV NJS_RELEASE 1~bookworm ENV PKG_RELEASE 1~bookworm ENV DYNPKG_RELEASE 1~bookworm @@ -77,7 +77,7 @@ RUN set -x \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ From c3dcb125c9534ed5e76ebba48171b26411b8e478 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 24 Jun 2025 13:53:53 -0700 Subject: [PATCH 148/160] Bump versions in auxiliary scripts. --- generate-stackbrew-library.sh | 2 +- sync-awsecr.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 8776c686..021332fa 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -3,7 +3,7 @@ set -eu declare -A aliases aliases=( - [mainline]='1 1.27 latest' + [mainline]='1 1.29 latest' [stable]='1.28' ) diff --git a/sync-awsecr.sh b/sync-awsecr.sh index af1ed2bc..599a33a1 100755 --- a/sync-awsecr.sh +++ b/sync-awsecr.sh @@ -6,7 +6,7 @@ registry="public.ecr.aws/z9d2n7e1" declare -A aliases aliases=( - [mainline]='1 1.27 latest' + [mainline]='1 1.29 latest' [stable]='1.28' ) From 0b49b8b12fd214b633114ac16d2dfd65d45ff160 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 14 Jul 2025 14:36:10 -0700 Subject: [PATCH 149/160] Pass GPG key ids as separate arguments when exporting. This makes sure all keys are exported to a keyring archive, as opposed to only the first key. --- Dockerfile-debian.template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 9138f4c9..644e0de0 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -29,7 +29,7 @@ RUN set -x \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ done; \ - gpg1 --export "$NGINX_GPGKEYS" > "$NGINX_GPGKEY_PATH" ; \ + gpg1 --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \ rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ From b2faad22d5d15d966e46922033681639b2a6d6fa Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 14 Jul 2025 14:42:25 -0700 Subject: [PATCH 150/160] Regenerated dockerfiles after the last commit. --- mainline/debian/Dockerfile | 2 +- stable/debian/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 9e9f0ce4..84b47aef 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -34,7 +34,7 @@ RUN set -x \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ done; \ - gpg1 --export "$NGINX_GPGKEYS" > "$NGINX_GPGKEY_PATH" ; \ + gpg1 --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \ rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index d0b7cf62..447f10ec 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -34,7 +34,7 @@ RUN set -x \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ done; \ - gpg1 --export "$NGINX_GPGKEYS" > "$NGINX_GPGKEY_PATH" ; \ + gpg1 --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \ rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ From 8852665dbc86d516617450cf6117786a93f37bea Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 14 Jul 2025 18:04:28 -0700 Subject: [PATCH 151/160] gpg: use --batch for all invocations. Suggested-by: https://github.com/docker-library/official-images/pull/19467#issuecomment-3071271603 --- Dockerfile-debian.template | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 644e0de0..57abba1a 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -25,11 +25,11 @@ RUN set -x \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + gpg1 --batch --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ done; \ - gpg1 --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \ + gpg1 --batch --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \ rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ From 95de31b3a72d30853977968822f866727074662a Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 6 Aug 2025 16:12:22 -0700 Subject: [PATCH 152/160] Fixed a typo in 10-listen-on-ipv6-by-default.sh. --- entrypoint/10-listen-on-ipv6-by-default.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint/10-listen-on-ipv6-by-default.sh b/entrypoint/10-listen-on-ipv6-by-default.sh index b90bf0c9..61a901de 100755 --- a/entrypoint/10-listen-on-ipv6-by-default.sh +++ b/entrypoint/10-listen-on-ipv6-by-default.sh @@ -27,7 +27,7 @@ fi touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::\]:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release From 9b549fdf936778810dbe95a4813899c60444ef1c Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 6 Aug 2025 16:21:14 -0700 Subject: [PATCH 153/160] Regenerated dockerfiles after last commits. --- mainline/alpine-slim/10-listen-on-ipv6-by-default.sh | 2 +- mainline/debian/10-listen-on-ipv6-by-default.sh | 2 +- mainline/debian/Dockerfile | 4 ++-- stable/alpine-slim/10-listen-on-ipv6-by-default.sh | 2 +- stable/debian/10-listen-on-ipv6-by-default.sh | 2 +- stable/debian/Dockerfile | 4 ++-- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh b/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh index b90bf0c9..61a901de 100755 --- a/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh @@ -27,7 +27,7 @@ fi touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::\]:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release diff --git a/mainline/debian/10-listen-on-ipv6-by-default.sh b/mainline/debian/10-listen-on-ipv6-by-default.sh index b90bf0c9..61a901de 100755 --- a/mainline/debian/10-listen-on-ipv6-by-default.sh +++ b/mainline/debian/10-listen-on-ipv6-by-default.sh @@ -27,7 +27,7 @@ fi touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::\]:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 84b47aef..69b5fcf0 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -30,11 +30,11 @@ RUN set -x \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + gpg1 --batch --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ done; \ - gpg1 --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \ + gpg1 --batch --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \ rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ diff --git a/stable/alpine-slim/10-listen-on-ipv6-by-default.sh b/stable/alpine-slim/10-listen-on-ipv6-by-default.sh index b90bf0c9..61a901de 100755 --- a/stable/alpine-slim/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine-slim/10-listen-on-ipv6-by-default.sh @@ -27,7 +27,7 @@ fi touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::\]:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release diff --git a/stable/debian/10-listen-on-ipv6-by-default.sh b/stable/debian/10-listen-on-ipv6-by-default.sh index b90bf0c9..61a901de 100755 --- a/stable/debian/10-listen-on-ipv6-by-default.sh +++ b/stable/debian/10-listen-on-ipv6-by-default.sh @@ -27,7 +27,7 @@ fi touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::\]:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 447f10ec..99f34952 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -30,11 +30,11 @@ RUN set -x \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + gpg1 --batch --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ done; \ - gpg1 --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \ + gpg1 --batch --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \ rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ From 5a4ad48c733b365d69a4d1c9946a9d8480469c7f Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 13 Aug 2025 09:03:44 -0700 Subject: [PATCH 154/160] Updated nginx mainline to 1.29.1 and njs to 0.9.1. --- mainline/alpine-otel/Dockerfile | 4 ++-- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-otel/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 6 +++--- update.sh | 6 +++--- 8 files changed, 19 insertions(+), 19 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index 87c8559b..ae0cd5ea 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.0-alpine +FROM nginx:1.29.1-alpine ENV OTEL_VERSION 0.1.2 @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 5bbd2d7c..83bee112 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.0-alpine +FROM nginx:1.29.1-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -46,7 +46,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index f9fd0dd6..2edb0776 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.22 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.29.0 +ENV NGINX_VERSION 1.29.1 ENV PKG_RELEASE 1 ENV DYNPKG_RELEASE 1 @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index d5296027..6c7ad1f7 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.0-alpine-slim +FROM nginx:1.29.1-alpine-slim -ENV NJS_VERSION 0.9.0 +ENV NJS_VERSION 0.9.1 ENV NJS_RELEASE 1 RUN set -x \ @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 4b551fc4..6bdb7325 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.0 +FROM nginx:1.29.1 ENV OTEL_VERSION 0.1.2 @@ -50,7 +50,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 37d0b871..8e0e79ac 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.0 +FROM nginx:1.29.1 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -48,7 +48,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 69b5fcf0..3d08fc15 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.29.0 -ENV NJS_VERSION 0.9.0 +ENV NGINX_VERSION 1.29.1 +ENV NJS_VERSION 0.9.1 ENV NJS_RELEASE 1~bookworm ENV PKG_RELEASE 1~bookworm ENV DYNPKG_RELEASE 1~bookworm @@ -77,7 +77,7 @@ RUN set -x \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/update.sh b/update.sh index e85d193f..65e54101 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.29.0' + [mainline]='1.29.1' [stable]='1.28.0' ) # Current njs versions declare -A njs=( - [mainline]='0.9.0' + [mainline]='0.9.1' [stable]='0.8.10' ) @@ -72,7 +72,7 @@ declare -A rev=( # revision/tag in the previous block # Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1' + [mainline]='43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4' [stable]='517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4' ) From 3cabe641e7f111919a661430d77cf4c70a3a2794 Mon Sep 17 00:00:00 2001 From: Jesper Noordsij Date: Wed, 13 Aug 2025 09:29:26 +0200 Subject: [PATCH 155/160] Update mainline to Debian trixie --- mainline/debian-otel/Dockerfile | 2 +- mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 10 +++++----- update.sh | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 6bdb7325..41eb50f5 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -21,7 +21,7 @@ RUN set -x; \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ trixie nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 8e0e79ac..71a03461 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -19,7 +19,7 @@ RUN set -x; \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ trixie nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 3d08fc15..ecc07412 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -3,15 +3,15 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM debian:bookworm-slim +FROM debian:trixie-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.29.1 ENV NJS_VERSION 0.9.1 -ENV NJS_RELEASE 1~bookworm -ENV PKG_RELEASE 1~bookworm -ENV DYNPKG_RELEASE 1~bookworm +ENV NJS_RELEASE 1~trixie +ENV PKG_RELEASE 1~trixie +ENV DYNPKG_RELEASE 1~trixie RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -48,7 +48,7 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ trixie nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ diff --git a/update.sh b/update.sh index 65e54101..0b8af179 100755 --- a/update.sh +++ b/update.sh @@ -50,7 +50,7 @@ declare -A dynpkg=( ) declare -A debian=( - [mainline]='bookworm' + [mainline]='trixie' [stable]='bookworm' ) From 78438bffee73f0badc243eea35909cede2d3afd7 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 7 Oct 2025 12:47:41 -0700 Subject: [PATCH 156/160] Updated mainline nginx to 1.29.2 and njs to 0.9.3. --- update.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/update.sh b/update.sh index 0b8af179..ca949189 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.29.1' + [mainline]='1.29.2' [stable]='1.28.0' ) # Current njs versions declare -A njs=( - [mainline]='0.9.1' + [mainline]='0.9.3' [stable]='0.8.10' ) @@ -72,7 +72,7 @@ declare -A rev=( # revision/tag in the previous block # Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4' + [mainline]='633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700' [stable]='517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4' ) From c3785f2653008f9354c3d29a54d8c5459c53fa60 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 7 Oct 2025 12:48:18 -0700 Subject: [PATCH 157/160] Regenerated Dockerfiles after the last commit. --- mainline/alpine-otel/Dockerfile | 4 ++-- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-otel/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 6 +++--- 7 files changed, 16 insertions(+), 16 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index ae0cd5ea..52b98949 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.1-alpine +FROM nginx:1.29.2-alpine ENV OTEL_VERSION 0.1.2 @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 83bee112..b16c406f 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.1-alpine +FROM nginx:1.29.2-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -46,7 +46,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 2edb0776..d09211ee 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.22 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.29.1 +ENV NGINX_VERSION 1.29.2 ENV PKG_RELEASE 1 ENV DYNPKG_RELEASE 1 @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 6c7ad1f7..5d9aae8f 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.1-alpine-slim +FROM nginx:1.29.2-alpine-slim -ENV NJS_VERSION 0.9.1 +ENV NJS_VERSION 0.9.3 ENV NJS_RELEASE 1 RUN set -x \ @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 41eb50f5..075e43f5 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.1 +FROM nginx:1.29.2 ENV OTEL_VERSION 0.1.2 @@ -50,7 +50,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 71a03461..258db626 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.1 +FROM nginx:1.29.2 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -48,7 +48,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index ecc07412..b2eea0ea 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:trixie-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.29.1 -ENV NJS_VERSION 0.9.1 +ENV NGINX_VERSION 1.29.2 +ENV NJS_VERSION 0.9.3 ENV NJS_RELEASE 1~trixie ENV PKG_RELEASE 1~trixie ENV DYNPKG_RELEASE 1~trixie @@ -77,7 +77,7 @@ RUN set -x \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ From b75b089789daa4ce5510d6cb246147cb1eb8922d Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 7 Oct 2025 14:15:47 -0700 Subject: [PATCH 158/160] library: allow redefining architectures to build Debian-based images for. mainline is now based on trixie, which removes mips64le and adds riscv64. stable is currently kept as-is. --- generate-stackbrew-library.sh | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 021332fa..13a18cfe 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -13,6 +13,12 @@ base=debian versions=( mainline stable ) +declare -A debian_architectures +debian_architectures=( + [mainline]='amd64, arm32v5, arm32v7, arm64v8, i386, ppc64le, riscv64, s390x' + [stable]='amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x' +) + # get the most recent commit which modified any of "$@" fileCommit() { git log -1 --format='format:%H' HEAD -- "$@" @@ -69,7 +75,7 @@ for version in "${versions[@]}"; do echo cat <<-EOE Tags: $(join ', ' "${versionAliases[@]}"), $(join ', ' "${debianAliases[@]}") - Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x + Architectures: ${debian_architectures[$version]} GitCommit: $commit Directory: $version/$base EOE @@ -84,7 +90,7 @@ for version in "${versions[@]}"; do echo cat <<-EOE Tags: $(join ', ' "${variantAliases[@]}") - Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x + Architectures: ${debian_architectures[$version]} GitCommit: $commit Directory: $version/$variant EOE From 1a3dfcb82c76fa8d292d42188cc71866e657a005 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 28 Oct 2025 11:52:47 -0700 Subject: [PATCH 159/160] Update mainline nginx to 1.29.3 and njs to 0.9.4 --- update.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/update.sh b/update.sh index ca949189..50f9d2a1 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.29.2' + [mainline]='1.29.3' [stable]='1.28.0' ) # Current njs versions declare -A njs=( - [mainline]='0.9.3' + [mainline]='0.9.4' [stable]='0.8.10' ) @@ -72,7 +72,7 @@ declare -A rev=( # revision/tag in the previous block # Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700' + [mainline]='249858446828ace0c81ea3e057135aa368f3dab83430cf867bb9fc32598948f29c4bd50908491da704536af1106aa87553f6a76cc126c6833dc9b14dd00564b8' [stable]='517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4' ) From e4d5453581d9d3618f77c4aeccf2e6171a1cd6ff Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 28 Oct 2025 11:53:09 -0700 Subject: [PATCH 160/160] Regenerated Dockerfiles after the last commit --- mainline/alpine-otel/Dockerfile | 4 ++-- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-otel/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 6 +++--- 7 files changed, 16 insertions(+), 16 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index 52b98949..495c61e1 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.2-alpine +FROM nginx:1.29.3-alpine ENV OTEL_VERSION 0.1.2 @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"249858446828ace0c81ea3e057135aa368f3dab83430cf867bb9fc32598948f29c4bd50908491da704536af1106aa87553f6a76cc126c6833dc9b14dd00564b8 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index b16c406f..837daac1 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.2-alpine +FROM nginx:1.29.3-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -46,7 +46,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"249858446828ace0c81ea3e057135aa368f3dab83430cf867bb9fc32598948f29c4bd50908491da704536af1106aa87553f6a76cc126c6833dc9b14dd00564b8 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index d09211ee..9fe90d6f 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.22 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.29.2 +ENV NGINX_VERSION 1.29.3 ENV PKG_RELEASE 1 ENV DYNPKG_RELEASE 1 @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"249858446828ace0c81ea3e057135aa368f3dab83430cf867bb9fc32598948f29c4bd50908491da704536af1106aa87553f6a76cc126c6833dc9b14dd00564b8 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 5d9aae8f..ff89c3b2 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.2-alpine-slim +FROM nginx:1.29.3-alpine-slim -ENV NJS_VERSION 0.9.3 +ENV NJS_VERSION 0.9.4 ENV NJS_RELEASE 1 RUN set -x \ @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"249858446828ace0c81ea3e057135aa368f3dab83430cf867bb9fc32598948f29c4bd50908491da704536af1106aa87553f6a76cc126c6833dc9b14dd00564b8 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 075e43f5..da68ae7c 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.2 +FROM nginx:1.29.3 ENV OTEL_VERSION 0.1.2 @@ -50,7 +50,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="249858446828ace0c81ea3e057135aa368f3dab83430cf867bb9fc32598948f29c4bd50908491da704536af1106aa87553f6a76cc126c6833dc9b14dd00564b8 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 258db626..ef0ad258 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.2 +FROM nginx:1.29.3 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -48,7 +48,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="249858446828ace0c81ea3e057135aa368f3dab83430cf867bb9fc32598948f29c4bd50908491da704536af1106aa87553f6a76cc126c6833dc9b14dd00564b8 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index b2eea0ea..27b4e131 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:trixie-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.29.2 -ENV NJS_VERSION 0.9.3 +ENV NGINX_VERSION 1.29.3 +ENV NJS_VERSION 0.9.4 ENV NJS_RELEASE 1~trixie ENV PKG_RELEASE 1~trixie ENV DYNPKG_RELEASE 1~trixie @@ -77,7 +77,7 @@ RUN set -x \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="249858446828ace0c81ea3e057135aa368f3dab83430cf867bb9fc32598948f29c4bd50908491da704536af1106aa87553f6a76cc126c6833dc9b14dd00564b8 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \