From e82e776e7507868a887178bc7eaae5c1ed7aa47f Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 11 Feb 2016 17:31:57 +0300 Subject: [PATCH 001/377] 1.9.11 released. --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 4db7b8d9..ba6f4948 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,7 +2,7 @@ FROM debian:jessie MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.9.10-1~jessie +ENV NGINX_VERSION 1.9.11-1~jessie RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ && echo "deb http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list \ From e5ea8a390a8aa3f3a50111164bf8b2e2e9860b6c Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 16 Feb 2016 20:10:12 +0300 Subject: [PATCH 002/377] Moved to a different repository layout. This scheme allows to enable builds for various distributions and both stable and mainline nginx versions. Closes: #62, #63, incorporating work of Natanael Copa . Closes: #66. --- mainline/alpine/Dockerfile | 94 ++++++++++++++++++++++++ mainline/centos5/Dockerfile | 19 +++++ mainline/centos5/nginx.repo | 6 ++ mainline/centos6/Dockerfile | 19 +++++ mainline/centos6/nginx.repo | 6 ++ mainline/centos7/Dockerfile | 19 +++++ mainline/centos7/nginx.repo | 6 ++ Dockerfile => mainline/jessie/Dockerfile | 0 mainline/precise/Dockerfile | 19 +++++ mainline/trusty/Dockerfile | 19 +++++ mainline/wheezy/Dockerfile | 19 +++++ stable/alpine/Dockerfile | 90 +++++++++++++++++++++++ stable/centos5/Dockerfile | 19 +++++ stable/centos5/nginx.repo | 6 ++ stable/centos6/Dockerfile | 19 +++++ stable/centos6/nginx.repo | 6 ++ stable/centos7/Dockerfile | 19 +++++ stable/centos7/nginx.repo | 6 ++ stable/jessie/Dockerfile | 19 +++++ stable/precise/Dockerfile | 19 +++++ stable/trusty/Dockerfile | 19 +++++ stable/wheezy/Dockerfile | 19 +++++ 22 files changed, 467 insertions(+) create mode 100644 mainline/alpine/Dockerfile create mode 100644 mainline/centos5/Dockerfile create mode 100644 mainline/centos5/nginx.repo create mode 100644 mainline/centos6/Dockerfile create mode 100644 mainline/centos6/nginx.repo create mode 100644 mainline/centos7/Dockerfile create mode 100644 mainline/centos7/nginx.repo rename Dockerfile => mainline/jessie/Dockerfile (100%) create mode 100644 mainline/precise/Dockerfile create mode 100644 mainline/trusty/Dockerfile create mode 100644 mainline/wheezy/Dockerfile create mode 100644 stable/alpine/Dockerfile create mode 100644 stable/centos5/Dockerfile create mode 100644 stable/centos5/nginx.repo create mode 100644 stable/centos6/Dockerfile create mode 100644 stable/centos6/nginx.repo create mode 100644 stable/centos7/Dockerfile create mode 100644 stable/centos7/nginx.repo create mode 100644 stable/jessie/Dockerfile create mode 100644 stable/precise/Dockerfile create mode 100644 stable/trusty/Dockerfile create mode 100644 stable/wheezy/Dockerfile diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile new file mode 100644 index 00000000..62702e4e --- /dev/null +++ b/mainline/alpine/Dockerfile @@ -0,0 +1,94 @@ +FROM alpine:latest + +MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" + +ENV NGINX_VERSION 1.9.11 + +ENV GPG_KEYS B0F4253373F8F6F510D42178520A9993A1C052F8 +ENV CONFIG "\ + --prefix=/etc/nginx \ + --sbin-path=/usr/sbin/nginx \ + --conf-path=/etc/nginx/nginx.conf \ + --error-log-path=/var/log/nginx/error.log \ + --http-log-path=/var/log/nginx/access.log \ + --pid-path=/var/run/nginx.pid \ + --lock-path=/var/run/nginx.lock \ + --http-client-body-temp-path=/var/cache/nginx/client_temp \ + --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ + --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ + --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ + --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ + --user=nginx \ + --group=nginx \ + --with-http_ssl_module \ + --with-http_realip_module \ + --with-http_addition_module \ + --with-http_sub_module \ + --with-http_dav_module \ + --with-http_flv_module \ + --with-http_mp4_module \ + --with-http_gunzip_module \ + --with-http_gzip_static_module \ + --with-http_random_index_module \ + --with-http_secure_link_module \ + --with-http_stub_status_module \ + --with-http_auth_request_module \ + --with-threads \ + --with-stream \ + --with-stream_ssl_module \ + --with-http_slice_module \ + --with-mail \ + --with-mail_ssl_module \ + --with-file-aio \ + --with-http_v2_module \ + --with-ipv6 \ + " + +RUN \ + addgroup -S nginx \ + && adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre-dev \ + zlib-dev \ + linux-headers \ + curl \ + gnupg \ + && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEYS" \ + && curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ + && curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ + && gpg --verify nginx.tar.gz.asc \ + && mkdir -p /usr/src \ + && tar -zxC /usr/src -f nginx.tar.gz \ + && rm nginx.tar.gz* \ + && rm -r /root/.gnupg \ + && cd /usr/src/nginx-$NGINX_VERSION \ + && ./configure $CONFIG --with-debug \ + && make \ + && mv objs/nginx objs/nginx-debug \ + && ./configure $CONFIG \ + && make \ + && make install \ + && install -m755 objs/nginx-debug /usr/sbin/nginx-debug \ + && strip /usr/sbin/nginx* \ + && runDeps="$( \ + scanelf --needed --nobanner /usr/sbin/nginx \ + | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ + | sort -u \ + | xargs -r apk info --installed \ + | sort -u \ + )" \ + && apk add --virtual .nginx-rundeps $runDeps \ + && apk del .build-deps \ + && rm -rf /usr/src/nginx-* \ + \ + # forward request and error logs to docker log collector + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log + +EXPOSE 80 443 + +CMD ["nginx", "-g", "daemon off;"] diff --git a/mainline/centos5/Dockerfile b/mainline/centos5/Dockerfile new file mode 100644 index 00000000..05a606f9 --- /dev/null +++ b/mainline/centos5/Dockerfile @@ -0,0 +1,19 @@ +FROM centos:5 + +MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" + +ENV NGINX_VERSION 1.9.11-1.el5.ngx + +COPY ./nginx.repo /etc/yum.repos.d/nginx.repo + +RUN rpm --import http://nginx.org/keys/nginx_signing.key \ + && yum install -y openssl nginx-${NGINX_VERSION} gettext \ + && yum clean all + +# forward request and error logs to docker log collector +RUN ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log + +EXPOSE 80 443 + +CMD ["nginx", "-g", "daemon off;"] diff --git a/mainline/centos5/nginx.repo b/mainline/centos5/nginx.repo new file mode 100644 index 00000000..b8848939 --- /dev/null +++ b/mainline/centos5/nginx.repo @@ -0,0 +1,6 @@ +[nginx] +name=nginx repo +baseurl=http://nginx.org/packages/mainline/centos/5/$basearch/ +gpgcheck=1 +repogpgcheck=1 +enabled=1 diff --git a/mainline/centos6/Dockerfile b/mainline/centos6/Dockerfile new file mode 100644 index 00000000..b06238f5 --- /dev/null +++ b/mainline/centos6/Dockerfile @@ -0,0 +1,19 @@ +FROM centos:6 + +MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" + +ENV NGINX_VERSION 1.9.11-1.el6.ngx + +COPY ./nginx.repo /etc/yum.repos.d/nginx.repo + +RUN rpm --import http://nginx.org/keys/nginx_signing.key \ + && yum install -y ca-certificates nginx-${NGINX_VERSION} gettext \ + && yum clean all + +# forward request and error logs to docker log collector +RUN ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log + +EXPOSE 80 443 + +CMD ["nginx", "-g", "daemon off;"] diff --git a/mainline/centos6/nginx.repo b/mainline/centos6/nginx.repo new file mode 100644 index 00000000..f8a72908 --- /dev/null +++ b/mainline/centos6/nginx.repo @@ -0,0 +1,6 @@ +[nginx] +name=nginx repo +baseurl=http://nginx.org/packages/mainline/centos/6/$basearch/ +gpgcheck=1 +repogpgcheck=1 +enabled=1 diff --git a/mainline/centos7/Dockerfile b/mainline/centos7/Dockerfile new file mode 100644 index 00000000..76636b24 --- /dev/null +++ b/mainline/centos7/Dockerfile @@ -0,0 +1,19 @@ +FROM centos:7 + +MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" + +ENV NGINX_VERSION 1.9.11-1.el7.ngx + +COPY ./nginx.repo /etc/yum.repos.d/nginx.repo + +RUN rpm --import http://nginx.org/keys/nginx_signing.key \ + && yum install -y ca-certificates nginx-${NGINX_VERSION} gettext \ + && yum clean all + +# forward request and error logs to docker log collector +RUN ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log + +EXPOSE 80 443 + +CMD ["nginx", "-g", "daemon off;"] diff --git a/mainline/centos7/nginx.repo b/mainline/centos7/nginx.repo new file mode 100644 index 00000000..6aef10b9 --- /dev/null +++ b/mainline/centos7/nginx.repo @@ -0,0 +1,6 @@ +[nginx] +name=nginx repo +baseurl=http://nginx.org/packages/mainline/centos/7/$basearch/ +gpgcheck=1 +repogpgcheck=1 +enabled=1 diff --git a/Dockerfile b/mainline/jessie/Dockerfile similarity index 100% rename from Dockerfile rename to mainline/jessie/Dockerfile diff --git a/mainline/precise/Dockerfile b/mainline/precise/Dockerfile new file mode 100644 index 00000000..2c6f8ffa --- /dev/null +++ b/mainline/precise/Dockerfile @@ -0,0 +1,19 @@ +FROM ubuntu:precise + +MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" + +ENV NGINX_VERSION 1.9.11-1~precise + +RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ + && echo "deb http://nginx.org/packages/mainline/ubuntu/ precise nginx" >> /etc/apt/sources.list \ + && apt-get update \ + && apt-get install -y ca-certificates nginx=${NGINX_VERSION} gettext-base \ + && rm -rf /var/lib/apt/lists/* + +# forward request and error logs to docker log collector +RUN ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log + +EXPOSE 80 443 + +CMD ["nginx", "-g", "daemon off;"] diff --git a/mainline/trusty/Dockerfile b/mainline/trusty/Dockerfile new file mode 100644 index 00000000..f1d4bf49 --- /dev/null +++ b/mainline/trusty/Dockerfile @@ -0,0 +1,19 @@ +FROM ubuntu:trusty + +MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" + +ENV NGINX_VERSION 1.9.11-1~trusty + +RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ + && echo "deb http://nginx.org/packages/mainline/ubuntu/ trusty nginx" >> /etc/apt/sources.list \ + && apt-get update \ + && apt-get install -y ca-certificates nginx=${NGINX_VERSION} gettext-base \ + && rm -rf /var/lib/apt/lists/* + +# forward request and error logs to docker log collector +RUN ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log + +EXPOSE 80 443 + +CMD ["nginx", "-g", "daemon off;"] diff --git a/mainline/wheezy/Dockerfile b/mainline/wheezy/Dockerfile new file mode 100644 index 00000000..df63cb4c --- /dev/null +++ b/mainline/wheezy/Dockerfile @@ -0,0 +1,19 @@ +FROM debian:wheezy + +MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" + +ENV NGINX_VERSION 1.9.11-1~wheezy + +RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ + && echo "deb http://nginx.org/packages/mainline/debian/ wheezy nginx" >> /etc/apt/sources.list \ + && apt-get update \ + && apt-get install -y ca-certificates nginx=${NGINX_VERSION} gettext-base \ + && rm -rf /var/lib/apt/lists/* + +# forward request and error logs to docker log collector +RUN ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log + +EXPOSE 80 443 + +CMD ["nginx", "-g", "daemon off;"] diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile new file mode 100644 index 00000000..19e75969 --- /dev/null +++ b/stable/alpine/Dockerfile @@ -0,0 +1,90 @@ +FROM alpine:latest + +MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" + +ENV NGINX_VERSION 1.8.1 + +ENV GPG_KEYS B0F4253373F8F6F510D42178520A9993A1C052F8 +ENV CONFIG "\ + --prefix=/etc/nginx \ + --sbin-path=/usr/sbin/nginx \ + --conf-path=/etc/nginx/nginx.conf \ + --error-log-path=/var/log/nginx/error.log \ + --http-log-path=/var/log/nginx/access.log \ + --pid-path=/var/run/nginx.pid \ + --lock-path=/var/run/nginx.lock \ + --http-client-body-temp-path=/var/cache/nginx/client_temp \ + --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ + --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ + --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ + --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ + --user=nginx \ + --group=nginx \ + --with-http_ssl_module \ + --with-http_realip_module \ + --with-http_addition_module \ + --with-http_sub_module \ + --with-http_dav_module \ + --with-http_flv_module \ + --with-http_mp4_module \ + --with-http_gunzip_module \ + --with-http_gzip_static_module \ + --with-http_random_index_module \ + --with-http_secure_link_module \ + --with-http_stub_status_module \ + --with-http_auth_request_module \ + --with-mail \ + --with-mail_ssl_module \ + --with-file-aio \ + --with-http_spdy_module \ + --with-ipv6 \ + " + +RUN \ + addgroup -S nginx \ + && adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre-dev \ + zlib-dev \ + linux-headers \ + curl \ + gnupg \ + && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEYS" \ + && curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ + && curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ + && gpg --verify nginx.tar.gz.asc \ + && mkdir -p /usr/src \ + && tar -zxC /usr/src -f nginx.tar.gz \ + && rm nginx.tar.gz* \ + && rm -r /root/.gnupg \ + && cd /usr/src/nginx-$NGINX_VERSION \ + && ./configure $CONFIG --with-debug \ + && make \ + && mv objs/nginx objs/nginx-debug \ + && ./configure $CONFIG \ + && make \ + && make install \ + && install -m755 objs/nginx-debug /usr/sbin/nginx-debug \ + && strip /usr/sbin/nginx* \ + && runDeps="$( \ + scanelf --needed --nobanner /usr/sbin/nginx \ + | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ + | sort -u \ + | xargs -r apk info --installed \ + | sort -u \ + )" \ + && apk add --virtual .nginx-rundeps $runDeps \ + && apk del .build-deps \ + && rm -rf /usr/src/nginx-* \ + \ + # forward request and error logs to docker log collector + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log + +EXPOSE 80 443 + +CMD ["nginx", "-g", "daemon off;"] diff --git a/stable/centos5/Dockerfile b/stable/centos5/Dockerfile new file mode 100644 index 00000000..28979a94 --- /dev/null +++ b/stable/centos5/Dockerfile @@ -0,0 +1,19 @@ +FROM centos:5 + +MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" + +ENV NGINX_VERSION 1.8.1-1.el5.ngx + +COPY ./nginx.repo /etc/yum.repos.d/nginx.repo + +RUN rpm --import http://nginx.org/keys/nginx_signing.key \ + && yum install -y openssl nginx-${NGINX_VERSION} gettext \ + && yum clean all + +# forward request and error logs to docker log collector +RUN ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log + +EXPOSE 80 443 + +CMD ["nginx", "-g", "daemon off;"] diff --git a/stable/centos5/nginx.repo b/stable/centos5/nginx.repo new file mode 100644 index 00000000..ebd8835e --- /dev/null +++ b/stable/centos5/nginx.repo @@ -0,0 +1,6 @@ +[nginx] +name=nginx repo +baseurl=http://nginx.org/packages/centos/5/$basearch/ +gpgcheck=1 +repogpgcheck=1 +enabled=1 diff --git a/stable/centos6/Dockerfile b/stable/centos6/Dockerfile new file mode 100644 index 00000000..dd50973a --- /dev/null +++ b/stable/centos6/Dockerfile @@ -0,0 +1,19 @@ +FROM centos:6 + +MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" + +ENV NGINX_VERSION 1.8.1-1.el6.ngx + +COPY ./nginx.repo /etc/yum.repos.d/nginx.repo + +RUN rpm --import http://nginx.org/keys/nginx_signing.key \ + && yum install -y ca-certificates nginx-${NGINX_VERSION} gettext \ + && yum clean all + +# forward request and error logs to docker log collector +RUN ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log + +EXPOSE 80 443 + +CMD ["nginx", "-g", "daemon off;"] diff --git a/stable/centos6/nginx.repo b/stable/centos6/nginx.repo new file mode 100644 index 00000000..8247e75e --- /dev/null +++ b/stable/centos6/nginx.repo @@ -0,0 +1,6 @@ +[nginx] +name=nginx repo +baseurl=http://nginx.org/packages/centos/6/$basearch/ +gpgcheck=1 +repogpgcheck=1 +enabled=1 diff --git a/stable/centos7/Dockerfile b/stable/centos7/Dockerfile new file mode 100644 index 00000000..97c113b6 --- /dev/null +++ b/stable/centos7/Dockerfile @@ -0,0 +1,19 @@ +FROM centos:7 + +MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" + +ENV NGINX_VERSION 1.8.1-1.el7.ngx + +COPY ./nginx.repo /etc/yum.repos.d/nginx.repo + +RUN rpm --import http://nginx.org/keys/nginx_signing.key \ + && yum install -y ca-certificates nginx-${NGINX_VERSION} gettext \ + && yum clean all + +# forward request and error logs to docker log collector +RUN ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log + +EXPOSE 80 443 + +CMD ["nginx", "-g", "daemon off;"] diff --git a/stable/centos7/nginx.repo b/stable/centos7/nginx.repo new file mode 100644 index 00000000..2e4fb7ea --- /dev/null +++ b/stable/centos7/nginx.repo @@ -0,0 +1,6 @@ +[nginx] +name=nginx repo +baseurl=http://nginx.org/packages/centos/7/$basearch/ +gpgcheck=1 +repogpgcheck=1 +enabled=1 diff --git a/stable/jessie/Dockerfile b/stable/jessie/Dockerfile new file mode 100644 index 00000000..77ab7dd0 --- /dev/null +++ b/stable/jessie/Dockerfile @@ -0,0 +1,19 @@ +FROM debian:jessie + +MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" + +ENV NGINX_VERSION 1.8.1-1~jessie + +RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ + && echo "deb http://nginx.org/packages/debian/ jessie nginx" >> /etc/apt/sources.list \ + && apt-get update \ + && apt-get install -y ca-certificates nginx=${NGINX_VERSION} gettext-base \ + && rm -rf /var/lib/apt/lists/* + +# forward request and error logs to docker log collector +RUN ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log + +EXPOSE 80 443 + +CMD ["nginx", "-g", "daemon off;"] diff --git a/stable/precise/Dockerfile b/stable/precise/Dockerfile new file mode 100644 index 00000000..15582489 --- /dev/null +++ b/stable/precise/Dockerfile @@ -0,0 +1,19 @@ +FROM ubuntu:precise + +MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" + +ENV NGINX_VERSION 1.8.1-1~precise + +RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ + && echo "deb http://nginx.org/packages/ubuntu/ precise nginx" >> /etc/apt/sources.list \ + && apt-get update \ + && apt-get install -y ca-certificates nginx=${NGINX_VERSION} gettext-base \ + && rm -rf /var/lib/apt/lists/* + +# forward request and error logs to docker log collector +RUN ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log + +EXPOSE 80 443 + +CMD ["nginx", "-g", "daemon off;"] diff --git a/stable/trusty/Dockerfile b/stable/trusty/Dockerfile new file mode 100644 index 00000000..c05c491b --- /dev/null +++ b/stable/trusty/Dockerfile @@ -0,0 +1,19 @@ +FROM ubuntu:trusty + +MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" + +ENV NGINX_VERSION 1.8.1-1~trusty + +RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ + && echo "deb http://nginx.org/packages/ubuntu/ trusty nginx" >> /etc/apt/sources.list \ + && apt-get update \ + && apt-get install -y ca-certificates nginx=${NGINX_VERSION} gettext-base \ + && rm -rf /var/lib/apt/lists/* + +# forward request and error logs to docker log collector +RUN ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log + +EXPOSE 80 443 + +CMD ["nginx", "-g", "daemon off;"] diff --git a/stable/wheezy/Dockerfile b/stable/wheezy/Dockerfile new file mode 100644 index 00000000..2a9df483 --- /dev/null +++ b/stable/wheezy/Dockerfile @@ -0,0 +1,19 @@ +FROM debian:wheezy + +MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" + +ENV NGINX_VERSION 1.8.1-1~wheezy + +RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ + && echo "deb http://nginx.org/packages/debian/ wheezy nginx" >> /etc/apt/sources.list \ + && apt-get update \ + && apt-get install -y ca-certificates nginx=${NGINX_VERSION} gettext-base \ + && rm -rf /var/lib/apt/lists/* + +# forward request and error logs to docker log collector +RUN ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log + +EXPOSE 80 443 + +CMD ["nginx", "-g", "daemon off;"] From 7e2e90f70bbc071b97b6cf7b07222102d5d8dcbf Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 9 Mar 2016 15:32:50 +0300 Subject: [PATCH 003/377] Removed excessive distro variants. See https://github.com/docker-library/official-images/pull/1462 for the discussion and results. --- mainline/centos5/Dockerfile | 19 ------------------- mainline/centos5/nginx.repo | 6 ------ mainline/centos6/Dockerfile | 19 ------------------- mainline/centos6/nginx.repo | 6 ------ mainline/centos7/Dockerfile | 19 ------------------- mainline/centos7/nginx.repo | 6 ------ mainline/precise/Dockerfile | 19 ------------------- mainline/trusty/Dockerfile | 19 ------------------- mainline/wheezy/Dockerfile | 19 ------------------- stable/centos5/Dockerfile | 19 ------------------- stable/centos5/nginx.repo | 6 ------ stable/centos6/Dockerfile | 19 ------------------- stable/centos6/nginx.repo | 6 ------ stable/centos7/Dockerfile | 19 ------------------- stable/centos7/nginx.repo | 6 ------ stable/precise/Dockerfile | 19 ------------------- stable/trusty/Dockerfile | 19 ------------------- stable/wheezy/Dockerfile | 19 ------------------- 18 files changed, 264 deletions(-) delete mode 100644 mainline/centos5/Dockerfile delete mode 100644 mainline/centos5/nginx.repo delete mode 100644 mainline/centos6/Dockerfile delete mode 100644 mainline/centos6/nginx.repo delete mode 100644 mainline/centos7/Dockerfile delete mode 100644 mainline/centos7/nginx.repo delete mode 100644 mainline/precise/Dockerfile delete mode 100644 mainline/trusty/Dockerfile delete mode 100644 mainline/wheezy/Dockerfile delete mode 100644 stable/centos5/Dockerfile delete mode 100644 stable/centos5/nginx.repo delete mode 100644 stable/centos6/Dockerfile delete mode 100644 stable/centos6/nginx.repo delete mode 100644 stable/centos7/Dockerfile delete mode 100644 stable/centos7/nginx.repo delete mode 100644 stable/precise/Dockerfile delete mode 100644 stable/trusty/Dockerfile delete mode 100644 stable/wheezy/Dockerfile diff --git a/mainline/centos5/Dockerfile b/mainline/centos5/Dockerfile deleted file mode 100644 index 05a606f9..00000000 --- a/mainline/centos5/Dockerfile +++ /dev/null @@ -1,19 +0,0 @@ -FROM centos:5 - -MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" - -ENV NGINX_VERSION 1.9.11-1.el5.ngx - -COPY ./nginx.repo /etc/yum.repos.d/nginx.repo - -RUN rpm --import http://nginx.org/keys/nginx_signing.key \ - && yum install -y openssl nginx-${NGINX_VERSION} gettext \ - && yum clean all - -# forward request and error logs to docker log collector -RUN ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log - -EXPOSE 80 443 - -CMD ["nginx", "-g", "daemon off;"] diff --git a/mainline/centos5/nginx.repo b/mainline/centos5/nginx.repo deleted file mode 100644 index b8848939..00000000 --- a/mainline/centos5/nginx.repo +++ /dev/null @@ -1,6 +0,0 @@ -[nginx] -name=nginx repo -baseurl=http://nginx.org/packages/mainline/centos/5/$basearch/ -gpgcheck=1 -repogpgcheck=1 -enabled=1 diff --git a/mainline/centos6/Dockerfile b/mainline/centos6/Dockerfile deleted file mode 100644 index b06238f5..00000000 --- a/mainline/centos6/Dockerfile +++ /dev/null @@ -1,19 +0,0 @@ -FROM centos:6 - -MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" - -ENV NGINX_VERSION 1.9.11-1.el6.ngx - -COPY ./nginx.repo /etc/yum.repos.d/nginx.repo - -RUN rpm --import http://nginx.org/keys/nginx_signing.key \ - && yum install -y ca-certificates nginx-${NGINX_VERSION} gettext \ - && yum clean all - -# forward request and error logs to docker log collector -RUN ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log - -EXPOSE 80 443 - -CMD ["nginx", "-g", "daemon off;"] diff --git a/mainline/centos6/nginx.repo b/mainline/centos6/nginx.repo deleted file mode 100644 index f8a72908..00000000 --- a/mainline/centos6/nginx.repo +++ /dev/null @@ -1,6 +0,0 @@ -[nginx] -name=nginx repo -baseurl=http://nginx.org/packages/mainline/centos/6/$basearch/ -gpgcheck=1 -repogpgcheck=1 -enabled=1 diff --git a/mainline/centos7/Dockerfile b/mainline/centos7/Dockerfile deleted file mode 100644 index 76636b24..00000000 --- a/mainline/centos7/Dockerfile +++ /dev/null @@ -1,19 +0,0 @@ -FROM centos:7 - -MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" - -ENV NGINX_VERSION 1.9.11-1.el7.ngx - -COPY ./nginx.repo /etc/yum.repos.d/nginx.repo - -RUN rpm --import http://nginx.org/keys/nginx_signing.key \ - && yum install -y ca-certificates nginx-${NGINX_VERSION} gettext \ - && yum clean all - -# forward request and error logs to docker log collector -RUN ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log - -EXPOSE 80 443 - -CMD ["nginx", "-g", "daemon off;"] diff --git a/mainline/centos7/nginx.repo b/mainline/centos7/nginx.repo deleted file mode 100644 index 6aef10b9..00000000 --- a/mainline/centos7/nginx.repo +++ /dev/null @@ -1,6 +0,0 @@ -[nginx] -name=nginx repo -baseurl=http://nginx.org/packages/mainline/centos/7/$basearch/ -gpgcheck=1 -repogpgcheck=1 -enabled=1 diff --git a/mainline/precise/Dockerfile b/mainline/precise/Dockerfile deleted file mode 100644 index 2c6f8ffa..00000000 --- a/mainline/precise/Dockerfile +++ /dev/null @@ -1,19 +0,0 @@ -FROM ubuntu:precise - -MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" - -ENV NGINX_VERSION 1.9.11-1~precise - -RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ - && echo "deb http://nginx.org/packages/mainline/ubuntu/ precise nginx" >> /etc/apt/sources.list \ - && apt-get update \ - && apt-get install -y ca-certificates nginx=${NGINX_VERSION} gettext-base \ - && rm -rf /var/lib/apt/lists/* - -# forward request and error logs to docker log collector -RUN ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log - -EXPOSE 80 443 - -CMD ["nginx", "-g", "daemon off;"] diff --git a/mainline/trusty/Dockerfile b/mainline/trusty/Dockerfile deleted file mode 100644 index f1d4bf49..00000000 --- a/mainline/trusty/Dockerfile +++ /dev/null @@ -1,19 +0,0 @@ -FROM ubuntu:trusty - -MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" - -ENV NGINX_VERSION 1.9.11-1~trusty - -RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ - && echo "deb http://nginx.org/packages/mainline/ubuntu/ trusty nginx" >> /etc/apt/sources.list \ - && apt-get update \ - && apt-get install -y ca-certificates nginx=${NGINX_VERSION} gettext-base \ - && rm -rf /var/lib/apt/lists/* - -# forward request and error logs to docker log collector -RUN ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log - -EXPOSE 80 443 - -CMD ["nginx", "-g", "daemon off;"] diff --git a/mainline/wheezy/Dockerfile b/mainline/wheezy/Dockerfile deleted file mode 100644 index df63cb4c..00000000 --- a/mainline/wheezy/Dockerfile +++ /dev/null @@ -1,19 +0,0 @@ -FROM debian:wheezy - -MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" - -ENV NGINX_VERSION 1.9.11-1~wheezy - -RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ - && echo "deb http://nginx.org/packages/mainline/debian/ wheezy nginx" >> /etc/apt/sources.list \ - && apt-get update \ - && apt-get install -y ca-certificates nginx=${NGINX_VERSION} gettext-base \ - && rm -rf /var/lib/apt/lists/* - -# forward request and error logs to docker log collector -RUN ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log - -EXPOSE 80 443 - -CMD ["nginx", "-g", "daemon off;"] diff --git a/stable/centos5/Dockerfile b/stable/centos5/Dockerfile deleted file mode 100644 index 28979a94..00000000 --- a/stable/centos5/Dockerfile +++ /dev/null @@ -1,19 +0,0 @@ -FROM centos:5 - -MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" - -ENV NGINX_VERSION 1.8.1-1.el5.ngx - -COPY ./nginx.repo /etc/yum.repos.d/nginx.repo - -RUN rpm --import http://nginx.org/keys/nginx_signing.key \ - && yum install -y openssl nginx-${NGINX_VERSION} gettext \ - && yum clean all - -# forward request and error logs to docker log collector -RUN ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log - -EXPOSE 80 443 - -CMD ["nginx", "-g", "daemon off;"] diff --git a/stable/centos5/nginx.repo b/stable/centos5/nginx.repo deleted file mode 100644 index ebd8835e..00000000 --- a/stable/centos5/nginx.repo +++ /dev/null @@ -1,6 +0,0 @@ -[nginx] -name=nginx repo -baseurl=http://nginx.org/packages/centos/5/$basearch/ -gpgcheck=1 -repogpgcheck=1 -enabled=1 diff --git a/stable/centos6/Dockerfile b/stable/centos6/Dockerfile deleted file mode 100644 index dd50973a..00000000 --- a/stable/centos6/Dockerfile +++ /dev/null @@ -1,19 +0,0 @@ -FROM centos:6 - -MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" - -ENV NGINX_VERSION 1.8.1-1.el6.ngx - -COPY ./nginx.repo /etc/yum.repos.d/nginx.repo - -RUN rpm --import http://nginx.org/keys/nginx_signing.key \ - && yum install -y ca-certificates nginx-${NGINX_VERSION} gettext \ - && yum clean all - -# forward request and error logs to docker log collector -RUN ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log - -EXPOSE 80 443 - -CMD ["nginx", "-g", "daemon off;"] diff --git a/stable/centos6/nginx.repo b/stable/centos6/nginx.repo deleted file mode 100644 index 8247e75e..00000000 --- a/stable/centos6/nginx.repo +++ /dev/null @@ -1,6 +0,0 @@ -[nginx] -name=nginx repo -baseurl=http://nginx.org/packages/centos/6/$basearch/ -gpgcheck=1 -repogpgcheck=1 -enabled=1 diff --git a/stable/centos7/Dockerfile b/stable/centos7/Dockerfile deleted file mode 100644 index 97c113b6..00000000 --- a/stable/centos7/Dockerfile +++ /dev/null @@ -1,19 +0,0 @@ -FROM centos:7 - -MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" - -ENV NGINX_VERSION 1.8.1-1.el7.ngx - -COPY ./nginx.repo /etc/yum.repos.d/nginx.repo - -RUN rpm --import http://nginx.org/keys/nginx_signing.key \ - && yum install -y ca-certificates nginx-${NGINX_VERSION} gettext \ - && yum clean all - -# forward request and error logs to docker log collector -RUN ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log - -EXPOSE 80 443 - -CMD ["nginx", "-g", "daemon off;"] diff --git a/stable/centos7/nginx.repo b/stable/centos7/nginx.repo deleted file mode 100644 index 2e4fb7ea..00000000 --- a/stable/centos7/nginx.repo +++ /dev/null @@ -1,6 +0,0 @@ -[nginx] -name=nginx repo -baseurl=http://nginx.org/packages/centos/7/$basearch/ -gpgcheck=1 -repogpgcheck=1 -enabled=1 diff --git a/stable/precise/Dockerfile b/stable/precise/Dockerfile deleted file mode 100644 index 15582489..00000000 --- a/stable/precise/Dockerfile +++ /dev/null @@ -1,19 +0,0 @@ -FROM ubuntu:precise - -MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" - -ENV NGINX_VERSION 1.8.1-1~precise - -RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ - && echo "deb http://nginx.org/packages/ubuntu/ precise nginx" >> /etc/apt/sources.list \ - && apt-get update \ - && apt-get install -y ca-certificates nginx=${NGINX_VERSION} gettext-base \ - && rm -rf /var/lib/apt/lists/* - -# forward request and error logs to docker log collector -RUN ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log - -EXPOSE 80 443 - -CMD ["nginx", "-g", "daemon off;"] diff --git a/stable/trusty/Dockerfile b/stable/trusty/Dockerfile deleted file mode 100644 index c05c491b..00000000 --- a/stable/trusty/Dockerfile +++ /dev/null @@ -1,19 +0,0 @@ -FROM ubuntu:trusty - -MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" - -ENV NGINX_VERSION 1.8.1-1~trusty - -RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ - && echo "deb http://nginx.org/packages/ubuntu/ trusty nginx" >> /etc/apt/sources.list \ - && apt-get update \ - && apt-get install -y ca-certificates nginx=${NGINX_VERSION} gettext-base \ - && rm -rf /var/lib/apt/lists/* - -# forward request and error logs to docker log collector -RUN ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log - -EXPOSE 80 443 - -CMD ["nginx", "-g", "daemon off;"] diff --git a/stable/wheezy/Dockerfile b/stable/wheezy/Dockerfile deleted file mode 100644 index 2a9df483..00000000 --- a/stable/wheezy/Dockerfile +++ /dev/null @@ -1,19 +0,0 @@ -FROM debian:wheezy - -MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" - -ENV NGINX_VERSION 1.8.1-1~wheezy - -RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ - && echo "deb http://nginx.org/packages/debian/ wheezy nginx" >> /etc/apt/sources.list \ - && apt-get update \ - && apt-get install -y ca-certificates nginx=${NGINX_VERSION} gettext-base \ - && rm -rf /var/lib/apt/lists/* - -# forward request and error logs to docker log collector -RUN ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log - -EXPOSE 80 443 - -CMD ["nginx", "-g", "daemon off;"] From 14c1b938737cf4399a6bb039bc506957dce562ae Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 9 Mar 2016 17:52:32 +0300 Subject: [PATCH 004/377] 1.9.12 released. --- mainline/alpine/Dockerfile | 19 +++++++++++++++++-- mainline/jessie/Dockerfile | 2 +- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 62702e4e..62e30ab9 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,12 +2,13 @@ FROM alpine:latest MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.9.11 +ENV NGINX_VERSION 1.9.12 ENV GPG_KEYS B0F4253373F8F6F510D42178520A9993A1C052F8 ENV CONFIG "\ --prefix=/etc/nginx \ --sbin-path=/usr/sbin/nginx \ + --modules-path=/usr/lib/nginx/modules \ --conf-path=/etc/nginx/nginx.conf \ --error-log-path=/var/log/nginx/error.log \ --http-log-path=/var/log/nginx/access.log \ @@ -33,6 +34,9 @@ ENV CONFIG "\ --with-http_secure_link_module \ --with-http_stub_status_module \ --with-http_auth_request_module \ + --with-http_xslt_module=dynamic \ + --with-http_image_filter_module=dynamic \ + --with-http_geoip_module=dynamic \ --with-threads \ --with-stream \ --with-stream_ssl_module \ @@ -57,6 +61,9 @@ RUN \ linux-headers \ curl \ gnupg \ + libxslt-dev \ + gd-dev \ + geoip-dev \ && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEYS" \ && curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ && curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ @@ -69,13 +76,21 @@ RUN \ && ./configure $CONFIG --with-debug \ && make \ && mv objs/nginx objs/nginx-debug \ + && mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \ + && mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \ + && mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \ && ./configure $CONFIG \ && make \ && make install \ && install -m755 objs/nginx-debug /usr/sbin/nginx-debug \ + && install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so \ + && install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \ + && install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so \ + && ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \ && strip /usr/sbin/nginx* \ + && strip /usr/lib/nginx/modules/*.so \ && runDeps="$( \ - scanelf --needed --nobanner /usr/sbin/nginx \ + scanelf --needed --nobanner /usr/sbin/nginx /usr/lib/nginx/modules/*.so \ | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ | sort -u \ | xargs -r apk info --installed \ diff --git a/mainline/jessie/Dockerfile b/mainline/jessie/Dockerfile index ba6f4948..d1f9d7cc 100644 --- a/mainline/jessie/Dockerfile +++ b/mainline/jessie/Dockerfile @@ -2,7 +2,7 @@ FROM debian:jessie MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.9.11-1~jessie +ENV NGINX_VERSION 1.9.12-1~jessie RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ && echo "deb http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list \ From f48d943038eaafd1f69cb14d86db95b3044bd4d8 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 9 Mar 2016 19:21:38 +0300 Subject: [PATCH 005/377] Install dynamic modules packages: xslt, image_filter, geoip. Fixes #56. --- mainline/jessie/Dockerfile | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/mainline/jessie/Dockerfile b/mainline/jessie/Dockerfile index d1f9d7cc..d065845b 100644 --- a/mainline/jessie/Dockerfile +++ b/mainline/jessie/Dockerfile @@ -7,7 +7,13 @@ ENV NGINX_VERSION 1.9.12-1~jessie RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ && echo "deb http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list \ && apt-get update \ - && apt-get install -y ca-certificates nginx=${NGINX_VERSION} gettext-base \ + && apt-get install -y \ + ca-certificates \ + nginx=${NGINX_VERSION} \ + nginx-module-xslt \ + nginx-module-geoip \ + nginx-module-image-filter \ + gettext-base \ && rm -rf /var/lib/apt/lists/* # forward request and error logs to docker log collector From 0277b289fe35d8107624178b1a2107d6b0725e75 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 9 Mar 2016 15:09:42 -0800 Subject: [PATCH 006/377] Fix "gpg" usage to stop relying on deprecated and insecure behavior --- mainline/alpine/Dockerfile | 11 ++++++----- stable/alpine/Dockerfile | 11 ++++++----- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 62e30ab9..7bc4fac6 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -64,14 +64,15 @@ RUN \ libxslt-dev \ gd-dev \ geoip-dev \ - && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEYS" \ && curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ && curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ - && gpg --verify nginx.tar.gz.asc \ + && export GNUPGHOME="$(mktemp -d)" \ + && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEYS" \ + && gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \ + && rm -r "$GNUPGHOME" nginx.tar.gz.asc \ && mkdir -p /usr/src \ && tar -zxC /usr/src -f nginx.tar.gz \ - && rm nginx.tar.gz* \ - && rm -r /root/.gnupg \ + && rm nginx.tar.gz \ && cd /usr/src/nginx-$NGINX_VERSION \ && ./configure $CONFIG --with-debug \ && make \ @@ -98,7 +99,7 @@ RUN \ )" \ && apk add --virtual .nginx-rundeps $runDeps \ && apk del .build-deps \ - && rm -rf /usr/src/nginx-* \ + && rm -rf /usr/src/nginx-$NGINX_VERSION \ \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 19e75969..5214cc68 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -53,14 +53,15 @@ RUN \ linux-headers \ curl \ gnupg \ - && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEYS" \ && curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ && curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ - && gpg --verify nginx.tar.gz.asc \ + && export GNUPGHOME="$(mktemp -d)" \ + && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEYS" \ + && gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \ + && rm -r "$GNUPGHOME" nginx.tar.gz.asc \ && mkdir -p /usr/src \ && tar -zxC /usr/src -f nginx.tar.gz \ - && rm nginx.tar.gz* \ - && rm -r /root/.gnupg \ + && rm nginx.tar.gz \ && cd /usr/src/nginx-$NGINX_VERSION \ && ./configure $CONFIG --with-debug \ && make \ @@ -79,7 +80,7 @@ RUN \ )" \ && apk add --virtual .nginx-rundeps $runDeps \ && apk del .build-deps \ - && rm -rf /usr/src/nginx-* \ + && rm -rf /usr/src/nginx-$NGINX_VERSION \ \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ From e2bb987d7dec69bda9cf1a030cb202bc9c36c831 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 9 Mar 2016 15:11:25 -0800 Subject: [PATCH 007/377] Switch Alpine version to be explicit (to avoid any unexpected surprises with future releases) --- mainline/alpine/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 7bc4fac6..b2e907ec 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:latest +FROM alpine:3.3 MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 5214cc68..ca47092a 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:latest +FROM alpine:3.3 MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" From 9fdbe42cb7eab27b17b676923ab56013d5ef7f96 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 29 Mar 2016 15:21:02 +0300 Subject: [PATCH 008/377] alpine: synchronized configuration with debian. Fixes #74. --- mainline/alpine/Dockerfile | 8 +++++ mainline/alpine/nginx.conf | 32 +++++++++++++++++++ mainline/alpine/nginx.vh.default.conf | 45 +++++++++++++++++++++++++++ stable/alpine/Dockerfile | 10 +++++- stable/alpine/nginx.conf | 32 +++++++++++++++++++ stable/alpine/nginx.vh.default.conf | 45 +++++++++++++++++++++++++++ 6 files changed, 171 insertions(+), 1 deletion(-) create mode 100644 mainline/alpine/nginx.conf create mode 100644 mainline/alpine/nginx.vh.default.conf create mode 100644 stable/alpine/nginx.conf create mode 100644 stable/alpine/nginx.vh.default.conf diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index b2e907ec..78a9cdeb 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -83,6 +83,11 @@ RUN \ && ./configure $CONFIG \ && make \ && make install \ + && rm -rf /etc/nginx/html/ \ + && mkdir /etc/nginx/conf.d/ \ + && mkdir -p /usr/share/nginx/html/ \ + && install -m644 html/index.html /usr/share/nginx/html/ \ + && install -m644 html/50x.html /usr/share/nginx/html/ \ && install -m755 objs/nginx-debug /usr/sbin/nginx-debug \ && install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so \ && install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \ @@ -105,6 +110,9 @@ RUN \ && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log +COPY nginx.conf /etc/nginx/nginx.conf +COPY nginx.vh.default.conf /etc/nginx/conf.d/default.conf + EXPOSE 80 443 CMD ["nginx", "-g", "daemon off;"] diff --git a/mainline/alpine/nginx.conf b/mainline/alpine/nginx.conf new file mode 100644 index 00000000..e4bad8db --- /dev/null +++ b/mainline/alpine/nginx.conf @@ -0,0 +1,32 @@ + +user nginx; +worker_processes 1; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + include /etc/nginx/conf.d/*.conf; +} diff --git a/mainline/alpine/nginx.vh.default.conf b/mainline/alpine/nginx.vh.default.conf new file mode 100644 index 00000000..34aeb9ac --- /dev/null +++ b/mainline/alpine/nginx.vh.default.conf @@ -0,0 +1,45 @@ +server { + listen 80; + server_name localhost; + + #charset koi8-r; + #access_log /var/log/nginx/log/host.access.log main; + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + + # proxy the PHP scripts to Apache listening on 127.0.0.1:80 + # + #location ~ \.php$ { + # proxy_pass http://127.0.0.1; + #} + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # + #location ~ \.php$ { + # root html; + # fastcgi_pass 127.0.0.1:9000; + # fastcgi_index index.php; + # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; + # include fastcgi_params; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} + diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index ca47092a..14871d5c 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -36,7 +36,7 @@ ENV CONFIG "\ --with-mail \ --with-mail_ssl_module \ --with-file-aio \ - --with-http_spdy_module \ + --with-http_spdy_module \ --with-ipv6 \ " @@ -69,6 +69,11 @@ RUN \ && ./configure $CONFIG \ && make \ && make install \ + && rm -rf /etc/nginx/html/ \ + && mkdir /etc/nginx/conf.d/ \ + && mkdir -p /usr/share/nginx/html/ \ + && install -m644 html/index.html /usr/share/nginx/html/ \ + && install -m644 html/50x.html /usr/share/nginx/html/ \ && install -m755 objs/nginx-debug /usr/sbin/nginx-debug \ && strip /usr/sbin/nginx* \ && runDeps="$( \ @@ -86,6 +91,9 @@ RUN \ && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log +COPY nginx.conf /etc/nginx/nginx.conf +COPY nginx.vh.default.conf /etc/nginx/conf.d/default.conf + EXPOSE 80 443 CMD ["nginx", "-g", "daemon off;"] diff --git a/stable/alpine/nginx.conf b/stable/alpine/nginx.conf new file mode 100644 index 00000000..e4bad8db --- /dev/null +++ b/stable/alpine/nginx.conf @@ -0,0 +1,32 @@ + +user nginx; +worker_processes 1; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + include /etc/nginx/conf.d/*.conf; +} diff --git a/stable/alpine/nginx.vh.default.conf b/stable/alpine/nginx.vh.default.conf new file mode 100644 index 00000000..34aeb9ac --- /dev/null +++ b/stable/alpine/nginx.vh.default.conf @@ -0,0 +1,45 @@ +server { + listen 80; + server_name localhost; + + #charset koi8-r; + #access_log /var/log/nginx/log/host.access.log main; + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + + # proxy the PHP scripts to Apache listening on 127.0.0.1:80 + # + #location ~ \.php$ { + # proxy_pass http://127.0.0.1; + #} + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # + #location ~ \.php$ { + # root html; + # fastcgi_pass 127.0.0.1:9000; + # fastcgi_index index.php; + # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; + # include fastcgi_params; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} + From f65465e6433482525b345f825287f69538e16e07 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 29 Mar 2016 20:57:40 +0300 Subject: [PATCH 009/377] 1.9.13 released. --- mainline/alpine/Dockerfile | 2 +- mainline/jessie/Dockerfile | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 78a9cdeb..3f58d732 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.3 MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.9.12 +ENV NGINX_VERSION 1.9.13 ENV GPG_KEYS B0F4253373F8F6F510D42178520A9993A1C052F8 ENV CONFIG "\ diff --git a/mainline/jessie/Dockerfile b/mainline/jessie/Dockerfile index d065845b..d9e9cafe 100644 --- a/mainline/jessie/Dockerfile +++ b/mainline/jessie/Dockerfile @@ -2,7 +2,7 @@ FROM debian:jessie MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.9.12-1~jessie +ENV NGINX_VERSION 1.9.13-1~jessie RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ && echo "deb http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list \ @@ -13,6 +13,8 @@ RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC64107 nginx-module-xslt \ nginx-module-geoip \ nginx-module-image-filter \ + nginx-module-perl \ + nginx-module-njs \ gettext-base \ && rm -rf /var/lib/apt/lists/* From 0d2fa22e0700f670e3d10294530e5d43a15bf0d1 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 5 Apr 2016 19:34:55 +0300 Subject: [PATCH 010/377] debian: don't install suggested and recommended packages. --- mainline/jessie/Dockerfile | 2 +- stable/jessie/Dockerfile | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/mainline/jessie/Dockerfile b/mainline/jessie/Dockerfile index d9e9cafe..b251e25f 100644 --- a/mainline/jessie/Dockerfile +++ b/mainline/jessie/Dockerfile @@ -7,7 +7,7 @@ ENV NGINX_VERSION 1.9.13-1~jessie RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ && echo "deb http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list \ && apt-get update \ - && apt-get install -y \ + && apt-get install --no-install-recommends --no-install-suggests -y \ ca-certificates \ nginx=${NGINX_VERSION} \ nginx-module-xslt \ diff --git a/stable/jessie/Dockerfile b/stable/jessie/Dockerfile index 77ab7dd0..923541a5 100644 --- a/stable/jessie/Dockerfile +++ b/stable/jessie/Dockerfile @@ -7,7 +7,8 @@ ENV NGINX_VERSION 1.8.1-1~jessie RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ && echo "deb http://nginx.org/packages/debian/ jessie nginx" >> /etc/apt/sources.list \ && apt-get update \ - && apt-get install -y ca-certificates nginx=${NGINX_VERSION} gettext-base \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + ca-certificates nginx=${NGINX_VERSION} gettext-base \ && rm -rf /var/lib/apt/lists/* # forward request and error logs to docker log collector From 2b0b2939f52d1bcfc7e4e5be9a49233758e01133 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 5 Apr 2016 20:05:55 +0300 Subject: [PATCH 011/377] Alpine: added gettext to include envsubst. --- mainline/alpine/Dockerfile | 1 + stable/alpine/Dockerfile | 1 + 2 files changed, 2 insertions(+) diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 3f58d732..05123687 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -105,6 +105,7 @@ RUN \ && apk add --virtual .nginx-rundeps $runDeps \ && apk del .build-deps \ && rm -rf /usr/src/nginx-$NGINX_VERSION \ + && apk add --no-cache gettext \ \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 14871d5c..6f5323b7 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -86,6 +86,7 @@ RUN \ && apk add --virtual .nginx-rundeps $runDeps \ && apk del .build-deps \ && rm -rf /usr/src/nginx-$NGINX_VERSION \ + && apk add --no-cache gettext \ \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ From 89f799750f5967a1b2ed16081457c04ca52307ea Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 5 Apr 2016 20:00:15 +0300 Subject: [PATCH 012/377] alpine: added perl dynamic module to the build. The only part that is left unsynced with the Debian image is the support for nJScript. I will wait for the official release before including it to alpine build because there is no sane way to fetch and authenticate njs sources yet. --- mainline/alpine/Dockerfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 05123687..4e3dac67 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -37,6 +37,7 @@ ENV CONFIG "\ --with-http_xslt_module=dynamic \ --with-http_image_filter_module=dynamic \ --with-http_geoip_module=dynamic \ + --with-http_perl_module=dynamic \ --with-threads \ --with-stream \ --with-stream_ssl_module \ @@ -64,6 +65,7 @@ RUN \ libxslt-dev \ gd-dev \ geoip-dev \ + perl-dev \ && curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ && curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ && export GNUPGHOME="$(mktemp -d)" \ @@ -80,6 +82,7 @@ RUN \ && mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \ && mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \ && mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \ + && mv objs/ngx_http_perl_module.so objs/ngx_http_perl_module-debug.so \ && ./configure $CONFIG \ && make \ && make install \ @@ -92,6 +95,7 @@ RUN \ && install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so \ && install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \ && install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so \ + && install -m755 objs/ngx_http_perl_module-debug.so /usr/lib/nginx/modules/ngx_http_perl_module-debug.so \ && ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \ && strip /usr/sbin/nginx* \ && strip /usr/lib/nginx/modules/*.so \ From 19799fa644461ed6c5ea07c0bc0ea0cc277c2d77 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 5 Apr 2016 20:01:38 +0300 Subject: [PATCH 013/377] 1.9.14 released. --- mainline/alpine/Dockerfile | 2 +- mainline/jessie/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 4e3dac67..9bffd4fa 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.3 MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.9.13 +ENV NGINX_VERSION 1.9.14 ENV GPG_KEYS B0F4253373F8F6F510D42178520A9993A1C052F8 ENV CONFIG "\ diff --git a/mainline/jessie/Dockerfile b/mainline/jessie/Dockerfile index b251e25f..a9288c26 100644 --- a/mainline/jessie/Dockerfile +++ b/mainline/jessie/Dockerfile @@ -2,7 +2,7 @@ FROM debian:jessie MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.9.13-1~jessie +ENV NGINX_VERSION 1.9.14-1~jessie RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ && echo "deb http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list \ From 847416e892b07656522827ff78d23e979e626012 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 27 Apr 2016 13:57:57 +0300 Subject: [PATCH 014/377] 1.10.0 released. --- stable/alpine/Dockerfile | 29 ++++++++++++++++++++++++++--- stable/jessie/Dockerfile | 11 +++++++++-- 2 files changed, 35 insertions(+), 5 deletions(-) diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 6f5323b7..de36b2fa 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -2,12 +2,13 @@ FROM alpine:3.3 MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.8.1 +ENV NGINX_VERSION 1.10.0 ENV GPG_KEYS B0F4253373F8F6F510D42178520A9993A1C052F8 ENV CONFIG "\ --prefix=/etc/nginx \ --sbin-path=/usr/sbin/nginx \ + --modules-path=/usr/lib/nginx/modules \ --conf-path=/etc/nginx/nginx.conf \ --error-log-path=/var/log/nginx/error.log \ --http-log-path=/var/log/nginx/access.log \ @@ -33,10 +34,18 @@ ENV CONFIG "\ --with-http_secure_link_module \ --with-http_stub_status_module \ --with-http_auth_request_module \ + --with-http_xslt_module=dynamic \ + --with-http_image_filter_module=dynamic \ + --with-http_geoip_module=dynamic \ + --with-http_perl_module=dynamic \ + --with-threads \ + --with-stream \ + --with-stream_ssl_module \ + --with-http_slice_module \ --with-mail \ --with-mail_ssl_module \ --with-file-aio \ - --with-http_spdy_module \ + --with-http_v2_module \ --with-ipv6 \ " @@ -53,6 +62,10 @@ RUN \ linux-headers \ curl \ gnupg \ + libxslt-dev \ + gd-dev \ + geoip-dev \ + perl-dev \ && curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ && curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ && export GNUPGHOME="$(mktemp -d)" \ @@ -66,6 +79,10 @@ RUN \ && ./configure $CONFIG --with-debug \ && make \ && mv objs/nginx objs/nginx-debug \ + && mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \ + && mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \ + && mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \ + && mv objs/ngx_http_perl_module.so objs/ngx_http_perl_module-debug.so \ && ./configure $CONFIG \ && make \ && make install \ @@ -75,9 +92,15 @@ RUN \ && install -m644 html/index.html /usr/share/nginx/html/ \ && install -m644 html/50x.html /usr/share/nginx/html/ \ && install -m755 objs/nginx-debug /usr/sbin/nginx-debug \ + && install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so \ + && install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \ + && install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so \ + && install -m755 objs/ngx_http_perl_module-debug.so /usr/lib/nginx/modules/ngx_http_perl_module-debug.so \ + && ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \ && strip /usr/sbin/nginx* \ + && strip /usr/lib/nginx/modules/*.so \ && runDeps="$( \ - scanelf --needed --nobanner /usr/sbin/nginx \ + scanelf --needed --nobanner /usr/sbin/nginx /usr/lib/nginx/modules/*.so \ | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ | sort -u \ | xargs -r apk info --installed \ diff --git a/stable/jessie/Dockerfile b/stable/jessie/Dockerfile index 923541a5..426883dd 100644 --- a/stable/jessie/Dockerfile +++ b/stable/jessie/Dockerfile @@ -2,13 +2,20 @@ FROM debian:jessie MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.8.1-1~jessie +ENV NGINX_VERSION 1.10.0-1~jessie RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ && echo "deb http://nginx.org/packages/debian/ jessie nginx" >> /etc/apt/sources.list \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y \ - ca-certificates nginx=${NGINX_VERSION} gettext-base \ + ca-certificates \ + nginx=${NGINX_VERSION} \ + nginx-module-xslt \ + nginx-module-geoip \ + nginx-module-image-filter \ + nginx-module-perl \ + nginx-module-njs \ + gettext-base \ && rm -rf /var/lib/apt/lists/* # forward request and error logs to docker log collector From 41aa13f7d2c24407e483c40fb1e8b33e73462ff1 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 27 Apr 2016 13:59:35 +0300 Subject: [PATCH 015/377] 1.9.15 released. --- mainline/alpine/Dockerfile | 2 +- mainline/jessie/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 9bffd4fa..ee163e9d 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.3 MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.9.14 +ENV NGINX_VERSION 1.9.15 ENV GPG_KEYS B0F4253373F8F6F510D42178520A9993A1C052F8 ENV CONFIG "\ diff --git a/mainline/jessie/Dockerfile b/mainline/jessie/Dockerfile index a9288c26..b39efae6 100644 --- a/mainline/jessie/Dockerfile +++ b/mainline/jessie/Dockerfile @@ -2,7 +2,7 @@ FROM debian:jessie MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.9.14-1~jessie +ENV NGINX_VERSION 1.9.15-1~jessie RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ && echo "deb http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list \ From 2f25936db78f98a4fac8e9fd9ac8ff53f244d3ea Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 24 May 2016 18:15:49 -0400 Subject: [PATCH 016/377] 1.11.0 released. --- mainline/alpine/Dockerfile | 2 +- mainline/jessie/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index ee163e9d..cfada265 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.3 MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.9.15 +ENV NGINX_VERSION 1.11.0 ENV GPG_KEYS B0F4253373F8F6F510D42178520A9993A1C052F8 ENV CONFIG "\ diff --git a/mainline/jessie/Dockerfile b/mainline/jessie/Dockerfile index b39efae6..a9eac18e 100644 --- a/mainline/jessie/Dockerfile +++ b/mainline/jessie/Dockerfile @@ -2,7 +2,7 @@ FROM debian:jessie MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.9.15-1~jessie +ENV NGINX_VERSION 1.11.0-1~jessie RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ && echo "deb http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list \ From 11fc019b2be3ad51ba5d097b1857a099c4056213 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 1 Jun 2016 17:19:04 +0300 Subject: [PATCH 017/377] 1.10.1 and 1.11.1 released. Fixes https://github.com/nginxinc/docker-nginx/issues/94. --- mainline/alpine/Dockerfile | 2 +- mainline/jessie/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- stable/jessie/Dockerfile | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index cfada265..39918a57 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.3 MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.11.0 +ENV NGINX_VERSION 1.11.1 ENV GPG_KEYS B0F4253373F8F6F510D42178520A9993A1C052F8 ENV CONFIG "\ diff --git a/mainline/jessie/Dockerfile b/mainline/jessie/Dockerfile index a9eac18e..80ae322d 100644 --- a/mainline/jessie/Dockerfile +++ b/mainline/jessie/Dockerfile @@ -2,7 +2,7 @@ FROM debian:jessie MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.11.0-1~jessie +ENV NGINX_VERSION 1.11.1-1~jessie RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ && echo "deb http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index de36b2fa..a96e699d 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.3 MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.10.0 +ENV NGINX_VERSION 1.10.1 ENV GPG_KEYS B0F4253373F8F6F510D42178520A9993A1C052F8 ENV CONFIG "\ diff --git a/stable/jessie/Dockerfile b/stable/jessie/Dockerfile index 426883dd..54a862c8 100644 --- a/stable/jessie/Dockerfile +++ b/stable/jessie/Dockerfile @@ -2,7 +2,7 @@ FROM debian:jessie MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.10.0-1~jessie +ENV NGINX_VERSION 1.10.1-1~jessie RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ && echo "deb http://nginx.org/packages/debian/ jessie nginx" >> /etc/apt/sources.list \ From 345cc395d6a28a0148dc8270dde41a517f0e41a1 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 8 Jun 2016 20:25:21 +0300 Subject: [PATCH 018/377] Use alpine 3.4. --- mainline/alpine/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 39918a57..9b4fc8ea 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.3 +FROM alpine:3.4 MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index a96e699d..c696ff40 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.3 +FROM alpine:3.4 MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" From 024c1c8ddc84e351692b37a7656455dcf2707315 Mon Sep 17 00:00:00 2001 From: Matt Robenolt Date: Thu, 7 Jul 2016 02:02:17 -0700 Subject: [PATCH 019/377] Update to 1.11.2 --- mainline/alpine/Dockerfile | 2 +- mainline/jessie/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 9b4fc8ea..5a9fe10e 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.4 MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.11.1 +ENV NGINX_VERSION 1.11.2 ENV GPG_KEYS B0F4253373F8F6F510D42178520A9993A1C052F8 ENV CONFIG "\ diff --git a/mainline/jessie/Dockerfile b/mainline/jessie/Dockerfile index 80ae322d..e50e74be 100644 --- a/mainline/jessie/Dockerfile +++ b/mainline/jessie/Dockerfile @@ -2,7 +2,7 @@ FROM debian:jessie MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.11.1-1~jessie +ENV NGINX_VERSION 1.11.2-1~jessie RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ && echo "deb http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list \ From d54d200cac7add4566fb8b225ff4f3afd6577552 Mon Sep 17 00:00:00 2001 From: Matt Robenolt Date: Thu, 7 Jul 2016 02:37:40 -0700 Subject: [PATCH 020/377] Extract only envsubst out of gettext This results in a reduction of ~5.5MB from the image. Before: 59688904 bytes After: 54104509 bytes --- mainline/alpine/Dockerfile | 17 +++++++++++++---- stable/alpine/Dockerfile | 17 +++++++++++++---- 2 files changed, 26 insertions(+), 8 deletions(-) diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 5a9fe10e..8c36efdc 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -99,17 +99,26 @@ RUN \ && ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \ && strip /usr/sbin/nginx* \ && strip /usr/lib/nginx/modules/*.so \ + && rm -rf /usr/src/nginx-$NGINX_VERSION \ + \ + # Bring in gettext so we can get `envsubst`, then throw + # the rest away. To do this, we need to install `gettext` + # then move `envsubst` out of the way so `gettext` can + # be deleted completely, then move `envsubst` back. + && apk add --no-cache --virtual .gettext gettext \ + && mv /usr/bin/envsubst /tmp/ \ + \ && runDeps="$( \ - scanelf --needed --nobanner /usr/sbin/nginx /usr/lib/nginx/modules/*.so \ + scanelf --needed --nobanner /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \ | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ | sort -u \ | xargs -r apk info --installed \ | sort -u \ )" \ - && apk add --virtual .nginx-rundeps $runDeps \ + && apk add --no-cache --virtual .nginx-rundeps $runDeps \ && apk del .build-deps \ - && rm -rf /usr/src/nginx-$NGINX_VERSION \ - && apk add --no-cache gettext \ + && apk del .gettext \ + && mv /tmp/envsubst /usr/bin/ \ \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index c696ff40..d63e4128 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -99,17 +99,26 @@ RUN \ && ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \ && strip /usr/sbin/nginx* \ && strip /usr/lib/nginx/modules/*.so \ + && rm -rf /usr/src/nginx-$NGINX_VERSION \ + \ + # Bring in gettext so we can get `envsubst`, then throw + # the rest away. To do this, we need to install `gettext` + # then move `envsubst` out of the way so `gettext` can + # be deleted completely, then move `envsubst` back. + && apk add --no-cache --virtual .gettext gettext \ + && mv /usr/bin/envsubst /tmp/ \ + \ && runDeps="$( \ - scanelf --needed --nobanner /usr/sbin/nginx /usr/lib/nginx/modules/*.so \ + scanelf --needed --nobanner /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \ | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ | sort -u \ | xargs -r apk info --installed \ | sort -u \ )" \ - && apk add --virtual .nginx-rundeps $runDeps \ + && apk add --no-cache --virtual .nginx-rundeps $runDeps \ && apk del .build-deps \ - && rm -rf /usr/src/nginx-$NGINX_VERSION \ - && apk add --no-cache gettext \ + && apk del .gettext \ + && mv /tmp/envsubst /usr/bin/ \ \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ From 43c112100750cbd1e9f2160324c64988e7920ac9 Mon Sep 17 00:00:00 2001 From: Matt Robenolt Date: Thu, 7 Jul 2016 02:56:43 -0700 Subject: [PATCH 021/377] Move CONFIG/GPG_KEYS out of image ENV vars There's no reason for these to exist as environment variables, and CONFIG is pretty clunky and useless outside of build time. I'd argue that if someone wanted to be able to inspect this information, it could be retrieved from `nginx -V`. --- mainline/alpine/Dockerfile | 92 +++++++++++++++++++------------------- stable/alpine/Dockerfile | 92 +++++++++++++++++++------------------- 2 files changed, 90 insertions(+), 94 deletions(-) diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 8c36efdc..899c1a6d 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -4,53 +4,51 @@ MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" ENV NGINX_VERSION 1.11.2 -ENV GPG_KEYS B0F4253373F8F6F510D42178520A9993A1C052F8 -ENV CONFIG "\ - --prefix=/etc/nginx \ - --sbin-path=/usr/sbin/nginx \ - --modules-path=/usr/lib/nginx/modules \ - --conf-path=/etc/nginx/nginx.conf \ - --error-log-path=/var/log/nginx/error.log \ - --http-log-path=/var/log/nginx/access.log \ - --pid-path=/var/run/nginx.pid \ - --lock-path=/var/run/nginx.lock \ - --http-client-body-temp-path=/var/cache/nginx/client_temp \ - --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ - --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ - --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ - --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ - --user=nginx \ - --group=nginx \ - --with-http_ssl_module \ - --with-http_realip_module \ - --with-http_addition_module \ - --with-http_sub_module \ - --with-http_dav_module \ - --with-http_flv_module \ - --with-http_mp4_module \ - --with-http_gunzip_module \ - --with-http_gzip_static_module \ - --with-http_random_index_module \ - --with-http_secure_link_module \ - --with-http_stub_status_module \ - --with-http_auth_request_module \ - --with-http_xslt_module=dynamic \ - --with-http_image_filter_module=dynamic \ - --with-http_geoip_module=dynamic \ - --with-http_perl_module=dynamic \ - --with-threads \ - --with-stream \ - --with-stream_ssl_module \ - --with-http_slice_module \ - --with-mail \ - --with-mail_ssl_module \ - --with-file-aio \ - --with-http_v2_module \ - --with-ipv6 \ - " - -RUN \ - addgroup -S nginx \ +RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ + && CONFIG="\ + --prefix=/etc/nginx \ + --sbin-path=/usr/sbin/nginx \ + --modules-path=/usr/lib/nginx/modules \ + --conf-path=/etc/nginx/nginx.conf \ + --error-log-path=/var/log/nginx/error.log \ + --http-log-path=/var/log/nginx/access.log \ + --pid-path=/var/run/nginx.pid \ + --lock-path=/var/run/nginx.lock \ + --http-client-body-temp-path=/var/cache/nginx/client_temp \ + --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ + --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ + --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ + --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ + --user=nginx \ + --group=nginx \ + --with-http_ssl_module \ + --with-http_realip_module \ + --with-http_addition_module \ + --with-http_sub_module \ + --with-http_dav_module \ + --with-http_flv_module \ + --with-http_mp4_module \ + --with-http_gunzip_module \ + --with-http_gzip_static_module \ + --with-http_random_index_module \ + --with-http_secure_link_module \ + --with-http_stub_status_module \ + --with-http_auth_request_module \ + --with-http_xslt_module=dynamic \ + --with-http_image_filter_module=dynamic \ + --with-http_geoip_module=dynamic \ + --with-http_perl_module=dynamic \ + --with-threads \ + --with-stream \ + --with-stream_ssl_module \ + --with-http_slice_module \ + --with-mail \ + --with-mail_ssl_module \ + --with-file-aio \ + --with-http_v2_module \ + --with-ipv6 \ + " \ + && addgroup -S nginx \ && adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \ && apk add --no-cache --virtual .build-deps \ gcc \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index d63e4128..727ead26 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -4,53 +4,51 @@ MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" ENV NGINX_VERSION 1.10.1 -ENV GPG_KEYS B0F4253373F8F6F510D42178520A9993A1C052F8 -ENV CONFIG "\ - --prefix=/etc/nginx \ - --sbin-path=/usr/sbin/nginx \ - --modules-path=/usr/lib/nginx/modules \ - --conf-path=/etc/nginx/nginx.conf \ - --error-log-path=/var/log/nginx/error.log \ - --http-log-path=/var/log/nginx/access.log \ - --pid-path=/var/run/nginx.pid \ - --lock-path=/var/run/nginx.lock \ - --http-client-body-temp-path=/var/cache/nginx/client_temp \ - --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ - --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ - --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ - --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ - --user=nginx \ - --group=nginx \ - --with-http_ssl_module \ - --with-http_realip_module \ - --with-http_addition_module \ - --with-http_sub_module \ - --with-http_dav_module \ - --with-http_flv_module \ - --with-http_mp4_module \ - --with-http_gunzip_module \ - --with-http_gzip_static_module \ - --with-http_random_index_module \ - --with-http_secure_link_module \ - --with-http_stub_status_module \ - --with-http_auth_request_module \ - --with-http_xslt_module=dynamic \ - --with-http_image_filter_module=dynamic \ - --with-http_geoip_module=dynamic \ - --with-http_perl_module=dynamic \ - --with-threads \ - --with-stream \ - --with-stream_ssl_module \ - --with-http_slice_module \ - --with-mail \ - --with-mail_ssl_module \ - --with-file-aio \ - --with-http_v2_module \ - --with-ipv6 \ - " - -RUN \ - addgroup -S nginx \ +RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ + && CONFIG="\ + --prefix=/etc/nginx \ + --sbin-path=/usr/sbin/nginx \ + --modules-path=/usr/lib/nginx/modules \ + --conf-path=/etc/nginx/nginx.conf \ + --error-log-path=/var/log/nginx/error.log \ + --http-log-path=/var/log/nginx/access.log \ + --pid-path=/var/run/nginx.pid \ + --lock-path=/var/run/nginx.lock \ + --http-client-body-temp-path=/var/cache/nginx/client_temp \ + --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ + --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ + --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ + --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ + --user=nginx \ + --group=nginx \ + --with-http_ssl_module \ + --with-http_realip_module \ + --with-http_addition_module \ + --with-http_sub_module \ + --with-http_dav_module \ + --with-http_flv_module \ + --with-http_mp4_module \ + --with-http_gunzip_module \ + --with-http_gzip_static_module \ + --with-http_random_index_module \ + --with-http_secure_link_module \ + --with-http_stub_status_module \ + --with-http_auth_request_module \ + --with-http_xslt_module=dynamic \ + --with-http_image_filter_module=dynamic \ + --with-http_geoip_module=dynamic \ + --with-http_perl_module=dynamic \ + --with-threads \ + --with-stream \ + --with-stream_ssl_module \ + --with-http_slice_module \ + --with-mail \ + --with-mail_ssl_module \ + --with-file-aio \ + --with-http_v2_module \ + --with-ipv6 \ + " \ + && addgroup -S nginx \ && adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \ && apk add --no-cache --virtual .build-deps \ gcc \ From 1f7e3c6473c2c6211c305d85cdfcfd733fe1b348 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Aug 2016 14:52:49 +0300 Subject: [PATCH 022/377] Update mainline to 1.11.3. --- mainline/alpine/Dockerfile | 5 ++++- mainline/jessie/Dockerfile | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 899c1a6d..198de174 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.4 MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.11.2 +ENV NGINX_VERSION 1.11.3 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ @@ -41,6 +41,7 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ --with-threads \ --with-stream \ --with-stream_ssl_module \ + --with-stream_geoip_module=dynamic \ --with-http_slice_module \ --with-mail \ --with-mail_ssl_module \ @@ -81,6 +82,7 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \ && mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \ && mv objs/ngx_http_perl_module.so objs/ngx_http_perl_module-debug.so \ + && mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so \ && ./configure $CONFIG \ && make \ && make install \ @@ -94,6 +96,7 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \ && install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so \ && install -m755 objs/ngx_http_perl_module-debug.so /usr/lib/nginx/modules/ngx_http_perl_module-debug.so \ + && install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so \ && ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \ && strip /usr/sbin/nginx* \ && strip /usr/lib/nginx/modules/*.so \ diff --git a/mainline/jessie/Dockerfile b/mainline/jessie/Dockerfile index e50e74be..90a57c39 100644 --- a/mainline/jessie/Dockerfile +++ b/mainline/jessie/Dockerfile @@ -2,7 +2,7 @@ FROM debian:jessie MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.11.2-1~jessie +ENV NGINX_VERSION 1.11.3-1~jessie RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ && echo "deb http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list \ From 677b73d3d3b8bf4662f4e96f0eda9c14c302c42c Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Aug 2016 14:55:32 +0300 Subject: [PATCH 023/377] alpine: move envsubst to /usr/local/bin. --- mainline/alpine/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 198de174..922f878e 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -119,7 +119,7 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && apk add --no-cache --virtual .nginx-rundeps $runDeps \ && apk del .build-deps \ && apk del .gettext \ - && mv /tmp/envsubst /usr/bin/ \ + && mv /tmp/envsubst /usr/local/bin/ \ \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 727ead26..0b8b0dfa 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -116,7 +116,7 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && apk add --no-cache --virtual .nginx-rundeps $runDeps \ && apk del .build-deps \ && apk del .gettext \ - && mv /tmp/envsubst /usr/bin/ \ + && mv /tmp/envsubst /usr/local/bin/ \ \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ From e117bd83e9befe5582bc1da8f72248398fffa16c Mon Sep 17 00:00:00 2001 From: Matt Robenolt Date: Thu, 7 Jul 2016 02:08:19 -0700 Subject: [PATCH 024/377] Use all cores when compiling Signed-off-by: Konstantin Pavlov --- mainline/alpine/Dockerfile | 4 ++-- stable/alpine/Dockerfile | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 922f878e..829b640b 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -76,7 +76,7 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && rm nginx.tar.gz \ && cd /usr/src/nginx-$NGINX_VERSION \ && ./configure $CONFIG --with-debug \ - && make \ + && make -j$(getconf _NPROCESSORS_ONLN) \ && mv objs/nginx objs/nginx-debug \ && mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \ && mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \ @@ -84,7 +84,7 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && mv objs/ngx_http_perl_module.so objs/ngx_http_perl_module-debug.so \ && mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so \ && ./configure $CONFIG \ - && make \ + && make -j$(getconf _NPROCESSORS_ONLN) \ && make install \ && rm -rf /etc/nginx/html/ \ && mkdir /etc/nginx/conf.d/ \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 0b8b0dfa..c876ebc5 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -75,14 +75,14 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && rm nginx.tar.gz \ && cd /usr/src/nginx-$NGINX_VERSION \ && ./configure $CONFIG --with-debug \ - && make \ + && make -j$(getconf _NPROCESSORS_ONLN) \ && mv objs/nginx objs/nginx-debug \ && mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \ && mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \ && mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \ && mv objs/ngx_http_perl_module.so objs/ngx_http_perl_module-debug.so \ && ./configure $CONFIG \ - && make \ + && make -j$(getconf _NPROCESSORS_ONLN) \ && make install \ && rm -rf /etc/nginx/html/ \ && mkdir /etc/nginx/conf.d/ \ From 72725fc1d0584077de588955f1838d8140756bec Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Aug 2016 15:32:32 +0300 Subject: [PATCH 025/377] Added LICENSE file. Taken from http://nginx.org/LICENSE. --- LICENSE | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 LICENSE diff --git a/LICENSE b/LICENSE new file mode 100644 index 00000000..bc1d673f --- /dev/null +++ b/LICENSE @@ -0,0 +1,23 @@ +Copyright (C) 2011-2016 Nginx, Inc. +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. From 03bb6d06b63392e2e3e8ab246034fc883faaf509 Mon Sep 17 00:00:00 2001 From: Matt Robenolt Date: Sun, 7 Aug 2016 11:08:00 -0700 Subject: [PATCH 026/377] Add script to generate stackbrew library for upstream Signed-off-by: Konstantin Pavlov --- generate-stackbrew-library.sh | 85 +++++++++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+) create mode 100755 generate-stackbrew-library.sh diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh new file mode 100755 index 00000000..d1463583 --- /dev/null +++ b/generate-stackbrew-library.sh @@ -0,0 +1,85 @@ +#!/bin/bash +set -eu + +declare -A aliases +aliases=( + [mainline]='1 1.11 latest' + [stable]='1.10' +) + +self="$(basename "$BASH_SOURCE")" +cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" +base=jessie + +versions=( */ ) +versions=( "${versions[@]%/}" ) + +# get the most recent commit which modified any of "$@" +fileCommit() { + git log -1 --format='format:%H' HEAD -- "$@" +} + +# get the most recent commit which modified "$1/Dockerfile" or any file COPY'd from "$1/Dockerfile" +dirCommit() { + local dir="$1"; shift + ( + cd "$dir" + fileCommit \ + Dockerfile \ + $(git show HEAD:./Dockerfile | awk ' + toupper($1) == "COPY" { + for (i = 2; i < NF; i++) { + print $i + } + } + ') + ) +} + +cat <<-EOH +# this file is generated via https://github.com/nginxinc/docker-nginx/blob/$(fileCommit "$self")/$self + +Maintainers: Docker Maintainers +GitRepo: https://github.com/nginxinc/docker-nginx.git +EOH + +# prints "$2$1$3$1...$N" +join() { + local sep="$1"; shift + local out; printf -v out "${sep//%/%%}%s" "$@" + echo "${out#$sep}" +} + +for version in "${versions[@]}"; do + commit="$(dirCommit "$version/$base")" + + fullVersion="$(git show "$commit":"$version/$base/Dockerfile" | awk '$1 == "ENV" && $2 == "NGINX_VERSION" { print $3; exit }')" + fullVersion="${fullVersion%[.-]*}" + + versionAliases=( $fullVersion ) + if [ "$version" != "$fullVersion" ]; then + versionAliases+=( $version ) + fi + versionAliases+=( ${aliases[$version]:-} ) + + echo + cat <<-EOE + Tags: $(join ', ' "${versionAliases[@]}") + GitCommit: $commit + Directory: $version/$base + EOE + + for variant in alpine; do + commit="$(dirCommit "$version/$variant")" + + variantAliases=( "${versionAliases[@]/%/-$variant}" ) + variantAliases=( "${variantAliases[@]//latest-/}" ) + + echo + cat <<-EOE + Tags: $(join ', ' "${variantAliases[@]}") + GitCommit: $commit + Directory: $version/$variant + EOE + done +done From 933bd40ea71c32072826194272bb77bd35e9a04c Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Aug 2016 15:59:54 +0300 Subject: [PATCH 027/377] Updated Maintainers line. --- generate-stackbrew-library.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index d1463583..883173f9 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -39,7 +39,7 @@ dirCommit() { cat <<-EOH # this file is generated via https://github.com/nginxinc/docker-nginx/blob/$(fileCommit "$self")/$self -Maintainers: Docker Maintainers +Maintainers: NGINX Docker Maintainers (@nginxinc) GitRepo: https://github.com/nginxinc/docker-nginx.git EOH From 0dd9ef6a337474293b5e36c95a85da99b11e1a0a Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 15 Sep 2016 13:08:32 +0300 Subject: [PATCH 028/377] Update mainline to 1.11.4. --- mainline/alpine/Dockerfile | 3 ++- mainline/jessie/Dockerfile | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 829b640b..0a116516 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.4 MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.11.3 +ENV NGINX_VERSION 1.11.4 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ @@ -41,6 +41,7 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ --with-threads \ --with-stream \ --with-stream_ssl_module \ + --with-stream_realip_module \ --with-stream_geoip_module=dynamic \ --with-http_slice_module \ --with-mail \ diff --git a/mainline/jessie/Dockerfile b/mainline/jessie/Dockerfile index 90a57c39..22c8419c 100644 --- a/mainline/jessie/Dockerfile +++ b/mainline/jessie/Dockerfile @@ -2,7 +2,7 @@ FROM debian:jessie MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.11.3-1~jessie +ENV NGINX_VERSION 1.11.4-1~jessie RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ && echo "deb http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list \ From 8921999083def7ba43a06fabd5f80e4406651353 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 12 Oct 2016 15:13:36 +0300 Subject: [PATCH 029/377] Updated mainline to 1.11.5. --- mainline/alpine/Dockerfile | 5 +++-- mainline/jessie/Dockerfile | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 0a116516..71f6ea62 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.4 MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.11.4 +ENV NGINX_VERSION 1.11.5 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ @@ -41,14 +41,15 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ --with-threads \ --with-stream \ --with-stream_ssl_module \ + --with-stream_ssl_preread_module \ --with-stream_realip_module \ --with-stream_geoip_module=dynamic \ --with-http_slice_module \ --with-mail \ --with-mail_ssl_module \ + --with-compat \ --with-file-aio \ --with-http_v2_module \ - --with-ipv6 \ " \ && addgroup -S nginx \ && adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \ diff --git a/mainline/jessie/Dockerfile b/mainline/jessie/Dockerfile index 22c8419c..4fa7a3eb 100644 --- a/mainline/jessie/Dockerfile +++ b/mainline/jessie/Dockerfile @@ -2,7 +2,7 @@ FROM debian:jessie MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.11.4-1~jessie +ENV NGINX_VERSION 1.11.5-1~jessie RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ && echo "deb http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list \ From 25a3fc7343c6916fce1fba32caa1e8de8409d79f Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 19 Oct 2016 18:21:37 +0300 Subject: [PATCH 030/377] Updated stable to 1.10.2. --- stable/alpine/Dockerfile | 2 +- stable/jessie/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index c876ebc5..9f8e4688 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.4 MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.10.1 +ENV NGINX_VERSION 1.10.2 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/stable/jessie/Dockerfile b/stable/jessie/Dockerfile index 54a862c8..34842a73 100644 --- a/stable/jessie/Dockerfile +++ b/stable/jessie/Dockerfile @@ -2,7 +2,7 @@ FROM debian:jessie MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.10.1-1~jessie +ENV NGINX_VERSION 1.10.2-1~jessie RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ && echo "deb http://nginx.org/packages/debian/ jessie nginx" >> /etc/apt/sources.list \ From de8822d8d91ff0802989bc0a12f8ab55596a513c Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 28 Nov 2016 16:24:47 +0300 Subject: [PATCH 031/377] Updated mainline to 1.11.6. --- mainline/alpine/Dockerfile | 2 +- mainline/jessie/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 71f6ea62..df219f23 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.4 MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.11.5 +ENV NGINX_VERSION 1.11.6 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/jessie/Dockerfile b/mainline/jessie/Dockerfile index 4fa7a3eb..03efb1d8 100644 --- a/mainline/jessie/Dockerfile +++ b/mainline/jessie/Dockerfile @@ -2,7 +2,7 @@ FROM debian:jessie MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.11.5-1~jessie +ENV NGINX_VERSION 1.11.6-1~jessie RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ && echo "deb http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list \ From 844627e5cb58c751f8b43824c7b6ea84529c73bf Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 13 Dec 2016 19:35:55 +0300 Subject: [PATCH 032/377] Updated mainline to 1.11.7. --- mainline/alpine/Dockerfile | 2 +- mainline/jessie/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index df219f23..3eb325e9 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.4 MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.11.6 +ENV NGINX_VERSION 1.11.7 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/jessie/Dockerfile b/mainline/jessie/Dockerfile index 03efb1d8..2da99ab9 100644 --- a/mainline/jessie/Dockerfile +++ b/mainline/jessie/Dockerfile @@ -2,7 +2,7 @@ FROM debian:jessie MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.11.6-1~jessie +ENV NGINX_VERSION 1.11.7-1~jessie RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ && echo "deb http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list \ From 3e8a6ee0603bf6c9cd8846c5fa43e96b13b0f44b Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 27 Dec 2016 18:31:29 +0300 Subject: [PATCH 033/377] Updated mainline to 1.11.8. --- mainline/alpine/Dockerfile | 2 +- mainline/jessie/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 3eb325e9..e90d5dde 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.4 MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.11.7 +ENV NGINX_VERSION 1.11.8 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/jessie/Dockerfile b/mainline/jessie/Dockerfile index 2da99ab9..86bb1dd5 100644 --- a/mainline/jessie/Dockerfile +++ b/mainline/jessie/Dockerfile @@ -2,7 +2,7 @@ FROM debian:jessie MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.11.7-1~jessie +ENV NGINX_VERSION 1.11.8-1~jessie RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ && echo "deb http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list \ From e950fa7dfcee74933b1248a7fe345bdbc176fffb Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 24 Jan 2017 18:54:49 +0300 Subject: [PATCH 034/377] Updated mainline to 1.11.9. --- mainline/alpine/Dockerfile | 2 +- mainline/jessie/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index e90d5dde..663ce6bb 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.4 MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.11.8 +ENV NGINX_VERSION 1.11.9 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/jessie/Dockerfile b/mainline/jessie/Dockerfile index 86bb1dd5..a5a14182 100644 --- a/mainline/jessie/Dockerfile +++ b/mainline/jessie/Dockerfile @@ -2,7 +2,7 @@ FROM debian:jessie MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.11.8-1~jessie +ENV NGINX_VERSION 1.11.9-1~jessie RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ && echo "deb http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list \ From 014e624239987a0a46bee5b44088a8c5150bf0bb Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 31 Jan 2017 19:50:07 +0300 Subject: [PATCH 035/377] Updated stable to 1.10.3. --- stable/alpine/Dockerfile | 2 +- stable/jessie/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 9f8e4688..ec66631a 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.4 MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.10.2 +ENV NGINX_VERSION 1.10.3 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/stable/jessie/Dockerfile b/stable/jessie/Dockerfile index 34842a73..094b888e 100644 --- a/stable/jessie/Dockerfile +++ b/stable/jessie/Dockerfile @@ -2,7 +2,7 @@ FROM debian:jessie MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.10.2-1~jessie +ENV NGINX_VERSION 1.10.3-1~jessie RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ && echo "deb http://nginx.org/packages/debian/ jessie nginx" >> /etc/apt/sources.list \ From 7b33a90d7441909664a920b0687db8d984ac314b Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 15 Feb 2017 15:46:50 +0300 Subject: [PATCH 036/377] Updated mainline to 1.11.10. --- mainline/alpine/Dockerfile | 2 +- mainline/jessie/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 663ce6bb..563d2d14 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.4 MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.11.9 +ENV NGINX_VERSION 1.11.10 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/jessie/Dockerfile b/mainline/jessie/Dockerfile index a5a14182..88d221e0 100644 --- a/mainline/jessie/Dockerfile +++ b/mainline/jessie/Dockerfile @@ -2,7 +2,7 @@ FROM debian:jessie MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.11.9-1~jessie +ENV NGINX_VERSION 1.11.10-1~jessie RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ && echo "deb http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list \ From 7b5952d04d2c8e97e8bd5ed46f3d1515f13bc313 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 22 Mar 2017 10:52:13 +0300 Subject: [PATCH 037/377] Updated mainline to 1.11.11. --- mainline/alpine/Dockerfile | 2 +- mainline/jessie/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 563d2d14..75430ee7 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.4 MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.11.10 +ENV NGINX_VERSION 1.11.11 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/jessie/Dockerfile b/mainline/jessie/Dockerfile index 88d221e0..b6ac610d 100644 --- a/mainline/jessie/Dockerfile +++ b/mainline/jessie/Dockerfile @@ -2,7 +2,7 @@ FROM debian:jessie MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.11.10-1~jessie +ENV NGINX_VERSION 1.11.11-1~jessie RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ && echo "deb http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list \ From bec2d21f455607d81203879894480a0a7aa8c446 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 22 Mar 2017 18:33:06 +0300 Subject: [PATCH 038/377] Use pool.sks-keyservers.net instead of pgp.mit.edu. Closes #156. --- mainline/jessie/Dockerfile | 2 +- stable/jessie/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mainline/jessie/Dockerfile b/mainline/jessie/Dockerfile index b6ac610d..eb66f193 100644 --- a/mainline/jessie/Dockerfile +++ b/mainline/jessie/Dockerfile @@ -4,7 +4,7 @@ MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" ENV NGINX_VERSION 1.11.11-1~jessie -RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ +RUN apt-key adv --keyserver hkp://pool.sks-keyservers.net:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ && echo "deb http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y \ diff --git a/stable/jessie/Dockerfile b/stable/jessie/Dockerfile index 094b888e..91c412e0 100644 --- a/stable/jessie/Dockerfile +++ b/stable/jessie/Dockerfile @@ -4,7 +4,7 @@ MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" ENV NGINX_VERSION 1.10.3-1~jessie -RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ +RUN apt-key adv --keyserver hkp://pool.sks-keyservers.net:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ && echo "deb http://nginx.org/packages/debian/ jessie nginx" >> /etc/apt/sources.list \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y \ From 0453a0795cdeed9d91bb700ac64190cd303d090b Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 27 Mar 2017 13:47:50 +0000 Subject: [PATCH 039/377] Iterate over multiple GPG servers to try and fetch the GPG key. --- mainline/alpine/Dockerfile | 14 ++++++++++++-- mainline/jessie/Dockerfile | 18 ++++++++++++++++-- stable/alpine/Dockerfile | 14 ++++++++++++-- stable/jessie/Dockerfile | 18 ++++++++++++++++-- 4 files changed, 56 insertions(+), 8 deletions(-) diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 75430ee7..43d69b91 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -70,8 +70,18 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ && curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEYS" \ - && gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \ + && found=''; \ + for server in \ + ha.pool.sks-keyservers.net \ + hkp://keyserver.ubuntu.com:80 \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $GPG_KEYS from $server"; \ + gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \ + gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \ && rm -r "$GNUPGHOME" nginx.tar.gz.asc \ && mkdir -p /usr/src \ && tar -zxC /usr/src -f nginx.tar.gz \ diff --git a/mainline/jessie/Dockerfile b/mainline/jessie/Dockerfile index eb66f193..d0916778 100644 --- a/mainline/jessie/Dockerfile +++ b/mainline/jessie/Dockerfile @@ -4,8 +4,22 @@ MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" ENV NGINX_VERSION 1.11.11-1~jessie -RUN apt-key adv --keyserver hkp://pool.sks-keyservers.net:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ - && echo "deb http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list \ +RUN set -e; \ + NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + found=''; \ + for server in \ + ha.pool.sks-keyservers.net \ + hkp://keyserver.ubuntu.com:80 \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ + apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + exit 0 + +RUN echo "deb http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y \ ca-certificates \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index ec66631a..d231304f 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -67,8 +67,18 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ && curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEYS" \ - && gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \ + && found=''; \ + for server in \ + ha.pool.sks-keyservers.net \ + hkp://keyserver.ubuntu.com:80 \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $GPG_KEYS from $server"; \ + gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \ + gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \ && rm -r "$GNUPGHOME" nginx.tar.gz.asc \ && mkdir -p /usr/src \ && tar -zxC /usr/src -f nginx.tar.gz \ diff --git a/stable/jessie/Dockerfile b/stable/jessie/Dockerfile index 91c412e0..8a99a72d 100644 --- a/stable/jessie/Dockerfile +++ b/stable/jessie/Dockerfile @@ -4,8 +4,22 @@ MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" ENV NGINX_VERSION 1.10.3-1~jessie -RUN apt-key adv --keyserver hkp://pool.sks-keyservers.net:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \ - && echo "deb http://nginx.org/packages/debian/ jessie nginx" >> /etc/apt/sources.list \ +RUN set -e; \ + NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + found=''; \ + for server in \ + ha.pool.sks-keyservers.net \ + hkp://keyserver.ubuntu.com:80 \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ + apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + exit 0 + +RUN echo "deb http://nginx.org/packages/debian/ jessie nginx" >> /etc/apt/sources.list \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y \ ca-certificates \ From 29b52049eba48ce0eaef84696149b9b16160e900 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 27 Mar 2017 16:49:13 +0300 Subject: [PATCH 040/377] Updated mainline to 1.11.12. --- mainline/alpine/Dockerfile | 2 +- mainline/jessie/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 43d69b91..dfa410a5 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.4 MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.11.11 +ENV NGINX_VERSION 1.11.12 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/jessie/Dockerfile b/mainline/jessie/Dockerfile index d0916778..149bfa67 100644 --- a/mainline/jessie/Dockerfile +++ b/mainline/jessie/Dockerfile @@ -2,7 +2,7 @@ FROM debian:jessie MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.11.11-1~jessie +ENV NGINX_VERSION 1.11.12-1~jessie RUN set -e; \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ From 0c7611139f2ce7c5a6b1febbfd5b436c8c7d2d53 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 6 Apr 2017 13:49:36 +0300 Subject: [PATCH 041/377] Updated mainline to 1.11.13. --- mainline/alpine/Dockerfile | 2 +- mainline/jessie/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index dfa410a5..886e94d5 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.4 MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.11.12 +ENV NGINX_VERSION 1.11.13 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/jessie/Dockerfile b/mainline/jessie/Dockerfile index 149bfa67..af83974c 100644 --- a/mainline/jessie/Dockerfile +++ b/mainline/jessie/Dockerfile @@ -2,7 +2,7 @@ FROM debian:jessie MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.11.12-1~jessie +ENV NGINX_VERSION 1.11.13-1~jessie RUN set -e; \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ From 4d1f7f8ec281117d1d79bed4c6bc28b86039ca84 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 13 Apr 2017 16:07:45 +0300 Subject: [PATCH 042/377] Updated stable nginx to 1.12.0. There are breaking changes! - Alpine images now use 3.5 as a base. (refs: #136) - Debian images now use Debian 9 "Stretch" as a base, stretch-slim variant. (refs: #76) - Removed nginx perl module from default images and moved it to a separate -perl tag. (refs: #154) - Removed ca-certificates from Debian-based images as it greatly affects image size on stretch. (refs: #12) - Port 443 is no longer exposed by default since nginx does not listen on it. (refs: #130) - Explicitely set nginx and modules versions. (refs: #141) - Defined default stop signal as QUIT to allow graceful shutdown. (refs: #46) --- stable/alpine-perl/Dockerfile | 147 +++++++++++++++++++++++ stable/alpine-perl/nginx.conf | 32 +++++ stable/alpine-perl/nginx.vh.default.conf | 45 +++++++ stable/alpine/Dockerfile | 19 +-- stable/stretch-perl/Dockerfile | 44 +++++++ stable/{jessie => stretch}/Dockerfile | 28 +++-- 6 files changed, 294 insertions(+), 21 deletions(-) create mode 100644 stable/alpine-perl/Dockerfile create mode 100644 stable/alpine-perl/nginx.conf create mode 100644 stable/alpine-perl/nginx.vh.default.conf create mode 100644 stable/stretch-perl/Dockerfile rename stable/{jessie => stretch}/Dockerfile (60%) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile new file mode 100644 index 00000000..a40dd2e6 --- /dev/null +++ b/stable/alpine-perl/Dockerfile @@ -0,0 +1,147 @@ +FROM alpine:3.5 + +MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" + +ENV NGINX_VERSION 1.12.0 + +RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ + && CONFIG="\ + --prefix=/etc/nginx \ + --sbin-path=/usr/sbin/nginx \ + --modules-path=/usr/lib/nginx/modules \ + --conf-path=/etc/nginx/nginx.conf \ + --error-log-path=/var/log/nginx/error.log \ + --http-log-path=/var/log/nginx/access.log \ + --pid-path=/var/run/nginx.pid \ + --lock-path=/var/run/nginx.lock \ + --http-client-body-temp-path=/var/cache/nginx/client_temp \ + --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ + --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ + --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ + --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ + --user=nginx \ + --group=nginx \ + --with-http_ssl_module \ + --with-http_realip_module \ + --with-http_addition_module \ + --with-http_sub_module \ + --with-http_dav_module \ + --with-http_flv_module \ + --with-http_mp4_module \ + --with-http_gunzip_module \ + --with-http_gzip_static_module \ + --with-http_random_index_module \ + --with-http_secure_link_module \ + --with-http_stub_status_module \ + --with-http_auth_request_module \ + --with-http_xslt_module=dynamic \ + --with-http_image_filter_module=dynamic \ + --with-http_geoip_module=dynamic \ + --with-http_perl_module=dynamic \ + --with-threads \ + --with-stream \ + --with-stream_ssl_module \ + --with-stream_ssl_preread_module \ + --with-stream_realip_module \ + --with-stream_geoip_module=dynamic \ + --with-http_slice_module \ + --with-mail \ + --with-mail_ssl_module \ + --with-compat \ + --with-file-aio \ + --with-http_v2_module \ + " \ + && addgroup -S nginx \ + && adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre-dev \ + zlib-dev \ + linux-headers \ + curl \ + gnupg \ + libxslt-dev \ + gd-dev \ + geoip-dev \ + perl-dev \ + && curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ + && curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ + && export GNUPGHOME="$(mktemp -d)" \ + && found=''; \ + for server in \ + ha.pool.sks-keyservers.net \ + hkp://keyserver.ubuntu.com:80 \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $GPG_KEYS from $server"; \ + gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \ + gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \ + && rm -r "$GNUPGHOME" nginx.tar.gz.asc \ + && mkdir -p /usr/src \ + && tar -zxC /usr/src -f nginx.tar.gz \ + && rm nginx.tar.gz \ + && cd /usr/src/nginx-$NGINX_VERSION \ + && ./configure $CONFIG --with-debug \ + && make -j$(getconf _NPROCESSORS_ONLN) \ + && mv objs/nginx objs/nginx-debug \ + && mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \ + && mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \ + && mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \ + && mv objs/ngx_http_perl_module.so objs/ngx_http_perl_module-debug.so \ + && mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so \ + && ./configure $CONFIG \ + && make -j$(getconf _NPROCESSORS_ONLN) \ + && make install \ + && rm -rf /etc/nginx/html/ \ + && mkdir /etc/nginx/conf.d/ \ + && mkdir -p /usr/share/nginx/html/ \ + && install -m644 html/index.html /usr/share/nginx/html/ \ + && install -m644 html/50x.html /usr/share/nginx/html/ \ + && install -m755 objs/nginx-debug /usr/sbin/nginx-debug \ + && install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so \ + && install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \ + && install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so \ + && install -m755 objs/ngx_http_perl_module-debug.so /usr/lib/nginx/modules/ngx_http_perl_module-debug.so \ + && install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so \ + && ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \ + && strip /usr/sbin/nginx* \ + && strip /usr/lib/nginx/modules/*.so \ + && rm -rf /usr/src/nginx-$NGINX_VERSION \ + \ + # Bring in gettext so we can get `envsubst`, then throw + # the rest away. To do this, we need to install `gettext` + # then move `envsubst` out of the way so `gettext` can + # be deleted completely, then move `envsubst` back. + && apk add --no-cache --virtual .gettext gettext \ + && mv /usr/bin/envsubst /tmp/ \ + \ + && runDeps="$( \ + scanelf --needed --nobanner /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \ + | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ + | sort -u \ + | xargs -r apk info --installed \ + | sort -u \ + )" \ + && apk add --no-cache --virtual .nginx-rundeps $runDeps \ + && apk del .build-deps \ + && apk del .gettext \ + && mv /tmp/envsubst /usr/local/bin/ \ + \ + # forward request and error logs to docker log collector + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log + +COPY nginx.conf /etc/nginx/nginx.conf +COPY nginx.vh.default.conf /etc/nginx/conf.d/default.conf + +EXPOSE 80 + +STOPSIGNAL SIGQUIT + +CMD ["nginx", "-g", "daemon off;"] diff --git a/stable/alpine-perl/nginx.conf b/stable/alpine-perl/nginx.conf new file mode 100644 index 00000000..e4bad8db --- /dev/null +++ b/stable/alpine-perl/nginx.conf @@ -0,0 +1,32 @@ + +user nginx; +worker_processes 1; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + include /etc/nginx/conf.d/*.conf; +} diff --git a/stable/alpine-perl/nginx.vh.default.conf b/stable/alpine-perl/nginx.vh.default.conf new file mode 100644 index 00000000..34aeb9ac --- /dev/null +++ b/stable/alpine-perl/nginx.vh.default.conf @@ -0,0 +1,45 @@ +server { + listen 80; + server_name localhost; + + #charset koi8-r; + #access_log /var/log/nginx/log/host.access.log main; + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + + # proxy the PHP scripts to Apache listening on 127.0.0.1:80 + # + #location ~ \.php$ { + # proxy_pass http://127.0.0.1; + #} + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # + #location ~ \.php$ { + # root html; + # fastcgi_pass 127.0.0.1:9000; + # fastcgi_index index.php; + # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; + # include fastcgi_params; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} + diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index d231304f..a86dfa91 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -1,8 +1,8 @@ -FROM alpine:3.4 +FROM alpine:3.5 MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.10.3 +ENV NGINX_VERSION 1.12.0 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ @@ -37,16 +37,18 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ --with-http_xslt_module=dynamic \ --with-http_image_filter_module=dynamic \ --with-http_geoip_module=dynamic \ - --with-http_perl_module=dynamic \ --with-threads \ --with-stream \ --with-stream_ssl_module \ + --with-stream_ssl_preread_module \ + --with-stream_realip_module \ + --with-stream_geoip_module=dynamic \ --with-http_slice_module \ --with-mail \ --with-mail_ssl_module \ + --with-compat \ --with-file-aio \ --with-http_v2_module \ - --with-ipv6 \ " \ && addgroup -S nginx \ && adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \ @@ -63,7 +65,6 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ libxslt-dev \ gd-dev \ geoip-dev \ - perl-dev \ && curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ && curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ && export GNUPGHOME="$(mktemp -d)" \ @@ -90,7 +91,7 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \ && mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \ && mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \ - && mv objs/ngx_http_perl_module.so objs/ngx_http_perl_module-debug.so \ + && mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so \ && ./configure $CONFIG \ && make -j$(getconf _NPROCESSORS_ONLN) \ && make install \ @@ -103,7 +104,7 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so \ && install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \ && install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so \ - && install -m755 objs/ngx_http_perl_module-debug.so /usr/lib/nginx/modules/ngx_http_perl_module-debug.so \ + && install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so \ && ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \ && strip /usr/sbin/nginx* \ && strip /usr/lib/nginx/modules/*.so \ @@ -135,6 +136,8 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ COPY nginx.conf /etc/nginx/nginx.conf COPY nginx.vh.default.conf /etc/nginx/conf.d/default.conf -EXPOSE 80 443 +EXPOSE 80 + +STOPSIGNAL SIGQUIT CMD ["nginx", "-g", "daemon off;"] diff --git a/stable/stretch-perl/Dockerfile b/stable/stretch-perl/Dockerfile new file mode 100644 index 00000000..56e62fab --- /dev/null +++ b/stable/stretch-perl/Dockerfile @@ -0,0 +1,44 @@ +FROM debian:stretch-slim + +MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" + +ENV NGINX_VERSION 1.12.0-1~stretch +ENV NJS_VERSION 1.12.0.0.1.10-1~stretch + +RUN apt-get update \ + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 \ + && \ + NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + found=''; \ + for server in \ + ha.pool.sks-keyservers.net \ + hkp://keyserver.ubuntu.com:80 \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ + apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + apt-get remove --purge -y gnupg1 && apt-get -y --purge autoremove && rm -rf /var/lib/apt/lists/* \ + && echo "deb http://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list \ + && apt-get update \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + nginx=${NGINX_VERSION} \ + nginx-module-xslt=${NGINX_VERSION} \ + nginx-module-geoip=${NGINX_VERSION} \ + nginx-module-image-filter=${NGINX_VERSION} \ + nginx-module-perl=${NGINX_VERSION} \ + nginx-module-njs=${NJS_VERSION} \ + gettext-base \ + && rm -rf /var/lib/apt/lists/* + +# forward request and error logs to docker log collector +RUN ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log + +EXPOSE 80 + +STOPSIGNAL SIGQUIT + +CMD ["nginx", "-g", "daemon off;"] diff --git a/stable/jessie/Dockerfile b/stable/stretch/Dockerfile similarity index 60% rename from stable/jessie/Dockerfile rename to stable/stretch/Dockerfile index 8a99a72d..684c19f1 100644 --- a/stable/jessie/Dockerfile +++ b/stable/stretch/Dockerfile @@ -1,10 +1,13 @@ -FROM debian:jessie +FROM debian:stretch-slim MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.10.3-1~jessie +ENV NGINX_VERSION 1.12.0-1~stretch +ENV NJS_VERSION 1.12.0.0.1.10-1~stretch -RUN set -e; \ +RUN apt-get update \ + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 \ + && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ found=''; \ for server in \ @@ -17,18 +20,15 @@ RUN set -e; \ apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - exit 0 - -RUN echo "deb http://nginx.org/packages/debian/ jessie nginx" >> /etc/apt/sources.list \ + apt-get remove --purge -y gnupg1 && apt-get -y --purge autoremove && rm -rf /var/lib/apt/lists/* \ + && echo "deb http://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y \ - ca-certificates \ nginx=${NGINX_VERSION} \ - nginx-module-xslt \ - nginx-module-geoip \ - nginx-module-image-filter \ - nginx-module-perl \ - nginx-module-njs \ + nginx-module-xslt=${NGINX_VERSION} \ + nginx-module-geoip=${NGINX_VERSION} \ + nginx-module-image-filter=${NGINX_VERSION} \ + nginx-module-njs=${NJS_VERSION} \ gettext-base \ && rm -rf /var/lib/apt/lists/* @@ -36,6 +36,8 @@ RUN echo "deb http://nginx.org/packages/debian/ jessie nginx" >> /etc/apt/source RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log -EXPOSE 80 443 +EXPOSE 80 + +STOPSIGNAL SIGQUIT CMD ["nginx", "-g", "daemon off;"] From ec7ff8c0a3d58aba0e812598c2a7b7869aba985d Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 13 Apr 2017 16:01:43 +0000 Subject: [PATCH 043/377] Ported changes from stable to mainline. There are breaking changes! - Alpine images now use 3.5 as a base. (refs: #136) - Debian images now use Debian 9 "Stretch" as a base, stretch-slim variant. (refs: #76) - Removed nginx perl module from default images and moved it to a separate -perl tag. (refs: #154) - Removed ca-certificates from Debian-based images as it greatly affects image size on stretch. (refs: #12) - Port 443 is no longer exposed by default since nginx does not listen on it. (refs: #130) - Explicitely set nginx and modules versions. (refs: #141) - Defined default stop signal as QUIT to allow graceful shutdown. (refs: #46) --- mainline/alpine-perl/Dockerfile | 147 +++++++++++++++++++++ mainline/alpine-perl/nginx.conf | 32 +++++ mainline/alpine-perl/nginx.vh.default.conf | 45 +++++++ mainline/alpine/Dockerfile | 10 +- mainline/stretch-perl/Dockerfile | 44 ++++++ mainline/{jessie => stretch}/Dockerfile | 28 ++-- 6 files changed, 287 insertions(+), 19 deletions(-) create mode 100644 mainline/alpine-perl/Dockerfile create mode 100644 mainline/alpine-perl/nginx.conf create mode 100644 mainline/alpine-perl/nginx.vh.default.conf create mode 100644 mainline/stretch-perl/Dockerfile rename mainline/{jessie => stretch}/Dockerfile (60%) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile new file mode 100644 index 00000000..fbbd58ef --- /dev/null +++ b/mainline/alpine-perl/Dockerfile @@ -0,0 +1,147 @@ +FROM alpine:3.5 + +MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" + +ENV NGINX_VERSION 1.11.13 + +RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ + && CONFIG="\ + --prefix=/etc/nginx \ + --sbin-path=/usr/sbin/nginx \ + --modules-path=/usr/lib/nginx/modules \ + --conf-path=/etc/nginx/nginx.conf \ + --error-log-path=/var/log/nginx/error.log \ + --http-log-path=/var/log/nginx/access.log \ + --pid-path=/var/run/nginx.pid \ + --lock-path=/var/run/nginx.lock \ + --http-client-body-temp-path=/var/cache/nginx/client_temp \ + --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ + --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ + --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ + --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ + --user=nginx \ + --group=nginx \ + --with-http_ssl_module \ + --with-http_realip_module \ + --with-http_addition_module \ + --with-http_sub_module \ + --with-http_dav_module \ + --with-http_flv_module \ + --with-http_mp4_module \ + --with-http_gunzip_module \ + --with-http_gzip_static_module \ + --with-http_random_index_module \ + --with-http_secure_link_module \ + --with-http_stub_status_module \ + --with-http_auth_request_module \ + --with-http_xslt_module=dynamic \ + --with-http_image_filter_module=dynamic \ + --with-http_geoip_module=dynamic \ + --with-http_perl_module=dynamic \ + --with-threads \ + --with-stream \ + --with-stream_ssl_module \ + --with-stream_ssl_preread_module \ + --with-stream_realip_module \ + --with-stream_geoip_module=dynamic \ + --with-http_slice_module \ + --with-mail \ + --with-mail_ssl_module \ + --with-compat \ + --with-file-aio \ + --with-http_v2_module \ + " \ + && addgroup -S nginx \ + && adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre-dev \ + zlib-dev \ + linux-headers \ + curl \ + gnupg \ + libxslt-dev \ + gd-dev \ + geoip-dev \ + perl-dev \ + && curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ + && curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ + && export GNUPGHOME="$(mktemp -d)" \ + && found=''; \ + for server in \ + ha.pool.sks-keyservers.net \ + hkp://keyserver.ubuntu.com:80 \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $GPG_KEYS from $server"; \ + gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \ + gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \ + && rm -r "$GNUPGHOME" nginx.tar.gz.asc \ + && mkdir -p /usr/src \ + && tar -zxC /usr/src -f nginx.tar.gz \ + && rm nginx.tar.gz \ + && cd /usr/src/nginx-$NGINX_VERSION \ + && ./configure $CONFIG --with-debug \ + && make -j$(getconf _NPROCESSORS_ONLN) \ + && mv objs/nginx objs/nginx-debug \ + && mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \ + && mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \ + && mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \ + && mv objs/ngx_http_perl_module.so objs/ngx_http_perl_module-debug.so \ + && mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so \ + && ./configure $CONFIG \ + && make -j$(getconf _NPROCESSORS_ONLN) \ + && make install \ + && rm -rf /etc/nginx/html/ \ + && mkdir /etc/nginx/conf.d/ \ + && mkdir -p /usr/share/nginx/html/ \ + && install -m644 html/index.html /usr/share/nginx/html/ \ + && install -m644 html/50x.html /usr/share/nginx/html/ \ + && install -m755 objs/nginx-debug /usr/sbin/nginx-debug \ + && install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so \ + && install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \ + && install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so \ + && install -m755 objs/ngx_http_perl_module-debug.so /usr/lib/nginx/modules/ngx_http_perl_module-debug.so \ + && install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so \ + && ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \ + && strip /usr/sbin/nginx* \ + && strip /usr/lib/nginx/modules/*.so \ + && rm -rf /usr/src/nginx-$NGINX_VERSION \ + \ + # Bring in gettext so we can get `envsubst`, then throw + # the rest away. To do this, we need to install `gettext` + # then move `envsubst` out of the way so `gettext` can + # be deleted completely, then move `envsubst` back. + && apk add --no-cache --virtual .gettext gettext \ + && mv /usr/bin/envsubst /tmp/ \ + \ + && runDeps="$( \ + scanelf --needed --nobanner /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \ + | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ + | sort -u \ + | xargs -r apk info --installed \ + | sort -u \ + )" \ + && apk add --no-cache --virtual .nginx-rundeps $runDeps \ + && apk del .build-deps \ + && apk del .gettext \ + && mv /tmp/envsubst /usr/local/bin/ \ + \ + # forward request and error logs to docker log collector + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log + +COPY nginx.conf /etc/nginx/nginx.conf +COPY nginx.vh.default.conf /etc/nginx/conf.d/default.conf + +EXPOSE 80 + +STOPSIGNAL SIGQUIT + +CMD ["nginx", "-g", "daemon off;"] diff --git a/mainline/alpine-perl/nginx.conf b/mainline/alpine-perl/nginx.conf new file mode 100644 index 00000000..e4bad8db --- /dev/null +++ b/mainline/alpine-perl/nginx.conf @@ -0,0 +1,32 @@ + +user nginx; +worker_processes 1; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + include /etc/nginx/conf.d/*.conf; +} diff --git a/mainline/alpine-perl/nginx.vh.default.conf b/mainline/alpine-perl/nginx.vh.default.conf new file mode 100644 index 00000000..34aeb9ac --- /dev/null +++ b/mainline/alpine-perl/nginx.vh.default.conf @@ -0,0 +1,45 @@ +server { + listen 80; + server_name localhost; + + #charset koi8-r; + #access_log /var/log/nginx/log/host.access.log main; + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + + # proxy the PHP scripts to Apache listening on 127.0.0.1:80 + # + #location ~ \.php$ { + # proxy_pass http://127.0.0.1; + #} + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # + #location ~ \.php$ { + # root html; + # fastcgi_pass 127.0.0.1:9000; + # fastcgi_index index.php; + # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; + # include fastcgi_params; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} + diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 886e94d5..3d7b6774 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.4 +FROM alpine:3.5 MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" @@ -37,7 +37,6 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ --with-http_xslt_module=dynamic \ --with-http_image_filter_module=dynamic \ --with-http_geoip_module=dynamic \ - --with-http_perl_module=dynamic \ --with-threads \ --with-stream \ --with-stream_ssl_module \ @@ -66,7 +65,6 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ libxslt-dev \ gd-dev \ geoip-dev \ - perl-dev \ && curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ && curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ && export GNUPGHOME="$(mktemp -d)" \ @@ -93,7 +91,6 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \ && mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \ && mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \ - && mv objs/ngx_http_perl_module.so objs/ngx_http_perl_module-debug.so \ && mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so \ && ./configure $CONFIG \ && make -j$(getconf _NPROCESSORS_ONLN) \ @@ -107,7 +104,6 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so \ && install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \ && install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so \ - && install -m755 objs/ngx_http_perl_module-debug.so /usr/lib/nginx/modules/ngx_http_perl_module-debug.so \ && install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so \ && ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \ && strip /usr/sbin/nginx* \ @@ -140,6 +136,8 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ COPY nginx.conf /etc/nginx/nginx.conf COPY nginx.vh.default.conf /etc/nginx/conf.d/default.conf -EXPOSE 80 443 +EXPOSE 80 + +STOPSIGNAL SIGQUIT CMD ["nginx", "-g", "daemon off;"] diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile new file mode 100644 index 00000000..0bc32551 --- /dev/null +++ b/mainline/stretch-perl/Dockerfile @@ -0,0 +1,44 @@ +FROM debian:stretch-slim + +MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" + +ENV NGINX_VERSION 1.11.13-1~stretch +ENV NJS_VERSION 1.11.13.0.1.10-1~stretch + +RUN apt-get update \ + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 \ + && \ + NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + found=''; \ + for server in \ + ha.pool.sks-keyservers.net \ + hkp://keyserver.ubuntu.com:80 \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ + apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + apt-get remove --purge -y gnupg1 && apt-get -y --purge autoremove && rm -rf /var/lib/apt/lists/* \ + && echo "deb http://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list \ + && apt-get update \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + nginx=${NGINX_VERSION} \ + nginx-module-xslt=${NGINX_VERSION} \ + nginx-module-geoip=${NGINX_VERSION} \ + nginx-module-image-filter=${NGINX_VERSION} \ + nginx-module-perl=${NGINX_VERSION} \ + nginx-module-njs=${NJS_VERSION} \ + gettext-base \ + && rm -rf /var/lib/apt/lists/* + +# forward request and error logs to docker log collector +RUN ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log + +EXPOSE 80 + +STOPSIGNAL SIGQUIT + +CMD ["nginx", "-g", "daemon off;"] diff --git a/mainline/jessie/Dockerfile b/mainline/stretch/Dockerfile similarity index 60% rename from mainline/jessie/Dockerfile rename to mainline/stretch/Dockerfile index af83974c..e44e3c31 100644 --- a/mainline/jessie/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -1,10 +1,13 @@ -FROM debian:jessie +FROM debian:stretch-slim MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.11.13-1~jessie +ENV NGINX_VERSION 1.11.13-1~stretch +ENV NJS_VERSION 1.11.13.0.1.10-1~stretch -RUN set -e; \ +RUN apt-get update \ + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 \ + && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ found=''; \ for server in \ @@ -17,18 +20,15 @@ RUN set -e; \ apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - exit 0 - -RUN echo "deb http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list \ + apt-get remove --purge -y gnupg1 && apt-get -y --purge autoremove && rm -rf /var/lib/apt/lists/* \ + && echo "deb http://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y \ - ca-certificates \ nginx=${NGINX_VERSION} \ - nginx-module-xslt \ - nginx-module-geoip \ - nginx-module-image-filter \ - nginx-module-perl \ - nginx-module-njs \ + nginx-module-xslt=${NGINX_VERSION} \ + nginx-module-geoip=${NGINX_VERSION} \ + nginx-module-image-filter=${NGINX_VERSION} \ + nginx-module-njs=${NJS_VERSION} \ gettext-base \ && rm -rf /var/lib/apt/lists/* @@ -36,6 +36,8 @@ RUN echo "deb http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/a RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log -EXPOSE 80 443 +EXPOSE 80 + +STOPSIGNAL SIGQUIT CMD ["nginx", "-g", "daemon off;"] From 473465ac5f44fec8844ef595e2660849b8706075 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 13 Apr 2017 19:25:40 +0300 Subject: [PATCH 044/377] Updated generate-stackbrew-library.sh. --- generate-stackbrew-library.sh | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 883173f9..d249c0c4 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -4,12 +4,12 @@ set -eu declare -A aliases aliases=( [mainline]='1 1.11 latest' - [stable]='1.10' + [stable]='1.12' ) self="$(basename "$BASH_SOURCE")" cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" -base=jessie +base=stretch versions=( */ ) versions=( "${versions[@]%/}" ) @@ -69,7 +69,21 @@ for version in "${versions[@]}"; do Directory: $version/$base EOE - for variant in alpine; do + for variant in stretch-perl; do + commit="$(dirCommit "$version/$variant")" + + variantAliases=( "${versionAliases[@]/%/-perl}" ) + variantAliases=( "${variantAliases[@]//latest-/}" ) + + echo + cat <<-EOE + Tags: $(join ', ' "${variantAliases[@]}") + GitCommit: $commit + Directory: $version/$variant + EOE + done + + for variant in alpine alpine-perl; do commit="$(dirCommit "$version/$variant")" variantAliases=( "${versionAliases[@]/%/-$variant}" ) From 53da9a295dfa6c666630a72d9c03dfbd1d2eb37d Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 25 Apr 2017 19:16:04 +0300 Subject: [PATCH 045/377] Updated mainline nginx to 1.13.0. --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index fbbd58ef..9031e3e5 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.5 MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.11.13 +ENV NGINX_VERSION 1.13.0 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 3d7b6774..723602fe 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.5 MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.11.13 +ENV NGINX_VERSION 1.13.0 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index 0bc32551..89255dc4 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.11.13-1~stretch -ENV NJS_VERSION 1.11.13.0.1.10-1~stretch +ENV NGINX_VERSION 1.13.0-1~stretch +ENV NJS_VERSION 1.13.0.0.1.10-1~stretch RUN apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index e44e3c31..160b646d 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.11.13-1~stretch -ENV NJS_VERSION 1.11.13.0.1.10-1~stretch +ENV NGINX_VERSION 1.13.0-1~stretch +ENV NJS_VERSION 1.13.0.0.1.10-1~stretch RUN apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 \ From 6e59e2900c93e0fffad5718eaeb5fed58d059528 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 25 Apr 2017 19:17:56 +0300 Subject: [PATCH 046/377] Updated generate-stackbrew-library.sh to reflect new mainline versions. --- generate-stackbrew-library.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index d249c0c4..5ab59faa 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -3,7 +3,7 @@ set -eu declare -A aliases aliases=( - [mainline]='1 1.11 latest' + [mainline]='1 1.13 latest' [stable]='1.12' ) From 16ec71e7e8452fa28a95d014807f95605c09a8fe Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 30 May 2017 18:54:37 +0300 Subject: [PATCH 047/377] Use TERM as STOPSIGNAL. Fixes #167. --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/stretch-perl/Dockerfile | 2 +- mainline/stretch/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- stable/stretch-perl/Dockerfile | 2 +- stable/stretch/Dockerfile | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 9031e3e5..5d8acebd 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -142,6 +142,6 @@ COPY nginx.vh.default.conf /etc/nginx/conf.d/default.conf EXPOSE 80 -STOPSIGNAL SIGQUIT +STOPSIGNAL SIGTERM CMD ["nginx", "-g", "daemon off;"] diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 723602fe..2735d1c8 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -138,6 +138,6 @@ COPY nginx.vh.default.conf /etc/nginx/conf.d/default.conf EXPOSE 80 -STOPSIGNAL SIGQUIT +STOPSIGNAL SIGTERM CMD ["nginx", "-g", "daemon off;"] diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index 89255dc4..eeb32e7b 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -39,6 +39,6 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log \ EXPOSE 80 -STOPSIGNAL SIGQUIT +STOPSIGNAL SIGTERM CMD ["nginx", "-g", "daemon off;"] diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index 160b646d..0cd7c89d 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -38,6 +38,6 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log \ EXPOSE 80 -STOPSIGNAL SIGQUIT +STOPSIGNAL SIGTERM CMD ["nginx", "-g", "daemon off;"] diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index a40dd2e6..560a68e0 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -142,6 +142,6 @@ COPY nginx.vh.default.conf /etc/nginx/conf.d/default.conf EXPOSE 80 -STOPSIGNAL SIGQUIT +STOPSIGNAL SIGTERM CMD ["nginx", "-g", "daemon off;"] diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index a86dfa91..22b89e9d 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -138,6 +138,6 @@ COPY nginx.vh.default.conf /etc/nginx/conf.d/default.conf EXPOSE 80 -STOPSIGNAL SIGQUIT +STOPSIGNAL SIGTERM CMD ["nginx", "-g", "daemon off;"] diff --git a/stable/stretch-perl/Dockerfile b/stable/stretch-perl/Dockerfile index 56e62fab..62a23709 100644 --- a/stable/stretch-perl/Dockerfile +++ b/stable/stretch-perl/Dockerfile @@ -39,6 +39,6 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log \ EXPOSE 80 -STOPSIGNAL SIGQUIT +STOPSIGNAL SIGTERM CMD ["nginx", "-g", "daemon off;"] diff --git a/stable/stretch/Dockerfile b/stable/stretch/Dockerfile index 684c19f1..f469732b 100644 --- a/stable/stretch/Dockerfile +++ b/stable/stretch/Dockerfile @@ -38,6 +38,6 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log \ EXPOSE 80 -STOPSIGNAL SIGQUIT +STOPSIGNAL SIGTERM CMD ["nginx", "-g", "daemon off;"] From c769ad8ab21dfb374fa33d8fb9d0822d0fa8d2e5 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 30 May 2017 18:57:15 +0300 Subject: [PATCH 048/377] Updated mainline nginx to 1.13.1. --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 5d8acebd..494dfe4e 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.5 MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.13.0 +ENV NGINX_VERSION 1.13.1 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 2735d1c8..29bcb38a 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.5 MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.13.0 +ENV NGINX_VERSION 1.13.1 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index eeb32e7b..fc5f93fc 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.13.0-1~stretch -ENV NJS_VERSION 1.13.0.0.1.10-1~stretch +ENV NGINX_VERSION 1.13.1-1~stretch +ENV NJS_VERSION 1.13.1.0.1.10-1~stretch RUN apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index 0cd7c89d..cceae865 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.13.0-1~stretch -ENV NJS_VERSION 1.13.0.0.1.10-1~stretch +ENV NGINX_VERSION 1.13.1-1~stretch +ENV NJS_VERSION 1.13.1.0.1.10-1~stretch RUN apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 \ From a671712b216f94d84a5662ea3b475d0892f1d892 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 27 Jun 2017 19:16:18 +0300 Subject: [PATCH 049/377] Synced default config with upstream. --- mainline/alpine-perl/nginx.vh.default.conf | 2 +- mainline/alpine/nginx.vh.default.conf | 2 +- stable/alpine-perl/nginx.vh.default.conf | 2 +- stable/alpine/nginx.vh.default.conf | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mainline/alpine-perl/nginx.vh.default.conf b/mainline/alpine-perl/nginx.vh.default.conf index 34aeb9ac..299c622a 100644 --- a/mainline/alpine-perl/nginx.vh.default.conf +++ b/mainline/alpine-perl/nginx.vh.default.conf @@ -3,7 +3,7 @@ server { server_name localhost; #charset koi8-r; - #access_log /var/log/nginx/log/host.access.log main; + #access_log /var/log/nginx/host.access.log main; location / { root /usr/share/nginx/html; diff --git a/mainline/alpine/nginx.vh.default.conf b/mainline/alpine/nginx.vh.default.conf index 34aeb9ac..299c622a 100644 --- a/mainline/alpine/nginx.vh.default.conf +++ b/mainline/alpine/nginx.vh.default.conf @@ -3,7 +3,7 @@ server { server_name localhost; #charset koi8-r; - #access_log /var/log/nginx/log/host.access.log main; + #access_log /var/log/nginx/host.access.log main; location / { root /usr/share/nginx/html; diff --git a/stable/alpine-perl/nginx.vh.default.conf b/stable/alpine-perl/nginx.vh.default.conf index 34aeb9ac..299c622a 100644 --- a/stable/alpine-perl/nginx.vh.default.conf +++ b/stable/alpine-perl/nginx.vh.default.conf @@ -3,7 +3,7 @@ server { server_name localhost; #charset koi8-r; - #access_log /var/log/nginx/log/host.access.log main; + #access_log /var/log/nginx/host.access.log main; location / { root /usr/share/nginx/html; diff --git a/stable/alpine/nginx.vh.default.conf b/stable/alpine/nginx.vh.default.conf index 34aeb9ac..299c622a 100644 --- a/stable/alpine/nginx.vh.default.conf +++ b/stable/alpine/nginx.vh.default.conf @@ -3,7 +3,7 @@ server { server_name localhost; #charset koi8-r; - #access_log /var/log/nginx/log/host.access.log main; + #access_log /var/log/nginx/host.access.log main; location / { root /usr/share/nginx/html; From 0c1abdff5cc77a9545a9cbeebf026c5cc8d7fc77 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 27 Jun 2017 19:17:20 +0300 Subject: [PATCH 050/377] Updated mainline nginx to 1.13.2. --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 494dfe4e..3fe66379 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.5 MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.13.1 +ENV NGINX_VERSION 1.13.2 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 29bcb38a..a1356765 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.5 MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.13.1 +ENV NGINX_VERSION 1.13.2 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index fc5f93fc..e80580a4 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.13.1-1~stretch -ENV NJS_VERSION 1.13.1.0.1.10-1~stretch +ENV NGINX_VERSION 1.13.2-1~stretch +ENV NJS_VERSION 1.13.2.0.1.11-1~stretch RUN apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index cceae865..ef1ac24c 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.13.1-1~stretch -ENV NJS_VERSION 1.13.1.0.1.10-1~stretch +ENV NGINX_VERSION 1.13.2-1~stretch +ENV NJS_VERSION 1.13.2.0.1.11-1~stretch RUN apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 \ From 7e278fff2f12f852ef1be2aed17e9a2f822365ac Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 11 Jul 2017 20:34:01 +0300 Subject: [PATCH 051/377] Updated stable nginx to 1.12.1. --- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- stable/stretch-perl/Dockerfile | 4 ++-- stable/stretch/Dockerfile | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 560a68e0..ddabfcf6 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.5 MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.12.0 +ENV NGINX_VERSION 1.12.1 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 22b89e9d..87f4a47d 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.5 MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.12.0 +ENV NGINX_VERSION 1.12.1 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/stable/stretch-perl/Dockerfile b/stable/stretch-perl/Dockerfile index 62a23709..cec01b98 100644 --- a/stable/stretch-perl/Dockerfile +++ b/stable/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.12.0-1~stretch -ENV NJS_VERSION 1.12.0.0.1.10-1~stretch +ENV NGINX_VERSION 1.12.1-1~stretch +ENV NJS_VERSION 1.12.1.0.1.10-1~stretch RUN apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 \ diff --git a/stable/stretch/Dockerfile b/stable/stretch/Dockerfile index f469732b..58aeec3b 100644 --- a/stable/stretch/Dockerfile +++ b/stable/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.12.0-1~stretch -ENV NJS_VERSION 1.12.0.0.1.10-1~stretch +ENV NGINX_VERSION 1.12.1-1~stretch +ENV NJS_VERSION 1.12.1.0.1.10-1~stretch RUN apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 \ From 14aa3b1b80341099afbf90eb0a9b9061b7145f18 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 11 Jul 2017 20:34:47 +0300 Subject: [PATCH 052/377] Updated mainline nginx to 1.13.3. --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 3fe66379..0ec9d092 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.5 MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.13.2 +ENV NGINX_VERSION 1.13.3 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index a1356765..d8de89b1 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.5 MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.13.2 +ENV NGINX_VERSION 1.13.3 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index e80580a4..298ea855 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.13.2-1~stretch -ENV NJS_VERSION 1.13.2.0.1.11-1~stretch +ENV NGINX_VERSION 1.13.3-1~stretch +ENV NJS_VERSION 1.13.3.0.1.11-1~stretch RUN apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index ef1ac24c..94fafc3a 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" -ENV NGINX_VERSION 1.13.2-1~stretch -ENV NJS_VERSION 1.13.2.0.1.11-1~stretch +ENV NGINX_VERSION 1.13.3-1~stretch +ENV NJS_VERSION 1.13.3.0.1.11-1~stretch RUN apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 \ From 849fed0093112cd9f55491fccd2f861eb9fad5f9 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Mon, 7 Aug 2017 09:54:17 -0700 Subject: [PATCH 053/377] Maintainer instruction is deprecated Replace maintainer instruction by label instruction --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/stretch-perl/Dockerfile | 2 +- mainline/stretch/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- stable/stretch-perl/Dockerfile | 2 +- stable/stretch/Dockerfile | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 0ec9d092..f66fcab7 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -1,6 +1,6 @@ FROM alpine:3.5 -MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" +LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.13.3 diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index d8de89b1..b2e371d3 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -1,6 +1,6 @@ FROM alpine:3.5 -MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" +LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.13.3 diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index 298ea855..33fec654 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -1,6 +1,6 @@ FROM debian:stretch-slim -MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" +LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.13.3-1~stretch ENV NJS_VERSION 1.13.3.0.1.11-1~stretch diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index 94fafc3a..9ebc5da7 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -1,6 +1,6 @@ FROM debian:stretch-slim -MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" +LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.13.3-1~stretch ENV NJS_VERSION 1.13.3.0.1.11-1~stretch diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index ddabfcf6..de8f3041 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -1,6 +1,6 @@ FROM alpine:3.5 -MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" +LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.12.1 diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 87f4a47d..3a4093e5 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -1,6 +1,6 @@ FROM alpine:3.5 -MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" +LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.12.1 diff --git a/stable/stretch-perl/Dockerfile b/stable/stretch-perl/Dockerfile index cec01b98..4c07c918 100644 --- a/stable/stretch-perl/Dockerfile +++ b/stable/stretch-perl/Dockerfile @@ -1,6 +1,6 @@ FROM debian:stretch-slim -MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" +LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.12.1-1~stretch ENV NJS_VERSION 1.12.1.0.1.10-1~stretch diff --git a/stable/stretch/Dockerfile b/stable/stretch/Dockerfile index 58aeec3b..a37a6d40 100644 --- a/stable/stretch/Dockerfile +++ b/stable/stretch/Dockerfile @@ -1,6 +1,6 @@ FROM debian:stretch-slim -MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com" +LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.12.1-1~stretch ENV NJS_VERSION 1.12.1.0.1.10-1~stretch From 2c611c42138d1992d1b93a0d29b1806e807d6ae7 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Wed, 9 Aug 2017 09:55:31 -0700 Subject: [PATCH 054/377] Update mainline NGINX to 1.13.4 --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index f66fcab7..9a7bbe84 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.5 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.13.3 +ENV NGINX_VERSION 1.13.4 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index b2e371d3..4c2c1df7 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.5 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.13.3 +ENV NGINX_VERSION 1.13.4 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index 33fec654..8cced070 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.13.3-1~stretch -ENV NJS_VERSION 1.13.3.0.1.11-1~stretch +ENV NGINX_VERSION 1.13.4-1~stretch +ENV NJS_VERSION 1.13.4.0.1.11-1~stretch RUN apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index 9ebc5da7..0cdbb1c7 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.13.3-1~stretch -ENV NJS_VERSION 1.13.3.0.1.11-1~stretch +ENV NGINX_VERSION 1.13.4-1~stretch +ENV NJS_VERSION 1.13.4.0.1.11-1~stretch RUN apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 \ From 5f62ef9d0e4ab4d7baba7fa0aa237407b27296bf Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Wed, 9 Aug 2017 14:53:59 -0700 Subject: [PATCH 055/377] Update NJS version to 0.12 --- mainline/stretch-perl/Dockerfile | 2 +- mainline/stretch/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index 8cced070..b6a8c06d 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -3,7 +3,7 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.13.4-1~stretch -ENV NJS_VERSION 1.13.4.0.1.11-1~stretch +ENV NJS_VERSION 1.13.4.0.1.12-1~stretch RUN apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index 0cdbb1c7..1bafa5da 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -3,7 +3,7 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.13.4-1~stretch -ENV NJS_VERSION 1.13.4.0.1.11-1~stretch +ENV NJS_VERSION 1.13.4.0.1.12-1~stretch RUN apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 \ From 94eb6429613179a2d30a666c30912d5f2e1d5c93 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 31 Aug 2017 11:18:15 -0700 Subject: [PATCH 056/377] Add support for s390x via "apt-get source --compile" This takes advantage of the fact that http://nginx.org/packages/ includes the source packages as well, and simply compiles them on non-prebuilt architectures instead, which ensures we have a completely compatible experience with minimal maintenance overhead. --- generate-stackbrew-library.sh | 2 + mainline/stretch-perl/Dockerfile | 78 +++++++++++++++++++++++++++----- mainline/stretch/Dockerfile | 76 +++++++++++++++++++++++++++---- stable/stretch-perl/Dockerfile | 78 +++++++++++++++++++++++++++----- stable/stretch/Dockerfile | 76 +++++++++++++++++++++++++++---- 5 files changed, 268 insertions(+), 42 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 5ab59faa..43736661 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -65,6 +65,7 @@ for version in "${versions[@]}"; do echo cat <<-EOE Tags: $(join ', ' "${versionAliases[@]}") + Architectures: amd64, i386, s390x GitCommit: $commit Directory: $version/$base EOE @@ -78,6 +79,7 @@ for version in "${versions[@]}"; do echo cat <<-EOE Tags: $(join ', ' "${variantAliases[@]}") + Architectures: amd64, i386, s390x GitCommit: $commit Directory: $version/$variant EOE diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index b6a8c06d..9931429f 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -5,7 +5,8 @@ LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.13.4-1~stretch ENV NJS_VERSION 1.13.4.0.1.12-1~stretch -RUN apt-get update \ +RUN set -x \ + && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ @@ -20,18 +21,73 @@ RUN apt-get update \ apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - apt-get remove --purge -y gnupg1 && apt-get -y --purge autoremove && rm -rf /var/lib/apt/lists/* \ - && echo "deb http://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list \ - && apt-get update \ + apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ + && dpkgArch="$(dpkg --print-architecture)" \ + && nginxPackages=" \ + nginx=${NGINX_VERSION} \ + nginx-module-xslt=${NGINX_VERSION} \ + nginx-module-geoip=${NGINX_VERSION} \ + nginx-module-image-filter=${NGINX_VERSION} \ + nginx-module-perl=${NGINX_VERSION} \ + nginx-module-njs=${NJS_VERSION} \ + " \ + && case "$dpkgArch" in \ + amd64|i386) \ +# arches officialy built by upstream + echo "deb http://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list \ + && apt-get update \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published source packages + echo "deb-src http://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list \ + \ +# new directory for storing sources and .deb files + && tempDir="$(mktemp -d)" \ + && chmod 777 "$tempDir" \ +# (777 to ensure APT's "_apt" user can access it too) + \ +# save list of currently-installed packages so build dependencies can be cleanly removed later + && savedAptMark="$(apt-mark showmanual)" \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + && apt-get update \ + && apt-get build-dep -y $nginxPackages \ + && ( \ + cd "$tempDir" \ + && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile $nginxPackages \ + ) \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + && apt-mark showmanual | xargs apt-mark auto > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + && ls -lAFh "$tempDir" \ + && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ + && grep '^Package: ' "$tempDir/Packages" \ + && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + && apt-get -o Acquire::GzipIndexes=false update \ + ;; \ + esac \ + \ && apt-get install --no-install-recommends --no-install-suggests -y \ - nginx=${NGINX_VERSION} \ - nginx-module-xslt=${NGINX_VERSION} \ - nginx-module-geoip=${NGINX_VERSION} \ - nginx-module-image-filter=${NGINX_VERSION} \ - nginx-module-perl=${NGINX_VERSION} \ - nginx-module-njs=${NJS_VERSION} \ + $nginxPackages \ gettext-base \ - && rm -rf /var/lib/apt/lists/* + && rm -rf /var/lib/apt/lists/* \ + \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then \ + apt-get purge -y --auto-remove \ + && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi # forward request and error logs to docker log collector RUN ln -sf /dev/stdout /var/log/nginx/access.log \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index 1bafa5da..407d1ab9 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -5,7 +5,8 @@ LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.13.4-1~stretch ENV NJS_VERSION 1.13.4.0.1.12-1~stretch -RUN apt-get update \ +RUN set -x \ + && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ @@ -20,17 +21,72 @@ RUN apt-get update \ apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - apt-get remove --purge -y gnupg1 && apt-get -y --purge autoremove && rm -rf /var/lib/apt/lists/* \ - && echo "deb http://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list \ - && apt-get update \ + apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ + && dpkgArch="$(dpkg --print-architecture)" \ + && nginxPackages=" \ + nginx=${NGINX_VERSION} \ + nginx-module-xslt=${NGINX_VERSION} \ + nginx-module-geoip=${NGINX_VERSION} \ + nginx-module-image-filter=${NGINX_VERSION} \ + nginx-module-njs=${NJS_VERSION} \ + " \ + && case "$dpkgArch" in \ + amd64|i386) \ +# arches officialy built by upstream + echo "deb http://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list \ + && apt-get update \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published source packages + echo "deb-src http://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list \ + \ +# new directory for storing sources and .deb files + && tempDir="$(mktemp -d)" \ + && chmod 777 "$tempDir" \ +# (777 to ensure APT's "_apt" user can access it too) + \ +# save list of currently-installed packages so build dependencies can be cleanly removed later + && savedAptMark="$(apt-mark showmanual)" \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + && apt-get update \ + && apt-get build-dep -y $nginxPackages \ + && ( \ + cd "$tempDir" \ + && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile $nginxPackages \ + ) \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + && apt-mark showmanual | xargs apt-mark auto > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + && ls -lAFh "$tempDir" \ + && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ + && grep '^Package: ' "$tempDir/Packages" \ + && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + && apt-get -o Acquire::GzipIndexes=false update \ + ;; \ + esac \ + \ && apt-get install --no-install-recommends --no-install-suggests -y \ - nginx=${NGINX_VERSION} \ - nginx-module-xslt=${NGINX_VERSION} \ - nginx-module-geoip=${NGINX_VERSION} \ - nginx-module-image-filter=${NGINX_VERSION} \ - nginx-module-njs=${NJS_VERSION} \ + $nginxPackages \ gettext-base \ - && rm -rf /var/lib/apt/lists/* + && rm -rf /var/lib/apt/lists/* \ + \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then \ + apt-get purge -y --auto-remove \ + && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi # forward request and error logs to docker log collector RUN ln -sf /dev/stdout /var/log/nginx/access.log \ diff --git a/stable/stretch-perl/Dockerfile b/stable/stretch-perl/Dockerfile index 4c07c918..503c1412 100644 --- a/stable/stretch-perl/Dockerfile +++ b/stable/stretch-perl/Dockerfile @@ -5,7 +5,8 @@ LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.12.1-1~stretch ENV NJS_VERSION 1.12.1.0.1.10-1~stretch -RUN apt-get update \ +RUN set -x \ + && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ @@ -20,18 +21,73 @@ RUN apt-get update \ apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - apt-get remove --purge -y gnupg1 && apt-get -y --purge autoremove && rm -rf /var/lib/apt/lists/* \ - && echo "deb http://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list \ - && apt-get update \ + apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ + && dpkgArch="$(dpkg --print-architecture)" \ + && nginxPackages=" \ + nginx=${NGINX_VERSION} \ + nginx-module-xslt=${NGINX_VERSION} \ + nginx-module-geoip=${NGINX_VERSION} \ + nginx-module-image-filter=${NGINX_VERSION} \ + nginx-module-perl=${NGINX_VERSION} \ + nginx-module-njs=${NJS_VERSION} \ + " \ + && case "$dpkgArch" in \ + amd64|i386) \ +# arches officialy built by upstream + echo "deb http://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list \ + && apt-get update \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published source packages + echo "deb-src http://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list \ + \ +# new directory for storing sources and .deb files + && tempDir="$(mktemp -d)" \ + && chmod 777 "$tempDir" \ +# (777 to ensure APT's "_apt" user can access it too) + \ +# save list of currently-installed packages so build dependencies can be cleanly removed later + && savedAptMark="$(apt-mark showmanual)" \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + && apt-get update \ + && apt-get build-dep -y $nginxPackages \ + && ( \ + cd "$tempDir" \ + && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile $nginxPackages \ + ) \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + && apt-mark showmanual | xargs apt-mark auto > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + && ls -lAFh "$tempDir" \ + && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ + && grep '^Package: ' "$tempDir/Packages" \ + && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + && apt-get -o Acquire::GzipIndexes=false update \ + ;; \ + esac \ + \ && apt-get install --no-install-recommends --no-install-suggests -y \ - nginx=${NGINX_VERSION} \ - nginx-module-xslt=${NGINX_VERSION} \ - nginx-module-geoip=${NGINX_VERSION} \ - nginx-module-image-filter=${NGINX_VERSION} \ - nginx-module-perl=${NGINX_VERSION} \ - nginx-module-njs=${NJS_VERSION} \ + $nginxPackages \ gettext-base \ - && rm -rf /var/lib/apt/lists/* + && rm -rf /var/lib/apt/lists/* \ + \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then \ + apt-get purge -y --auto-remove \ + && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi # forward request and error logs to docker log collector RUN ln -sf /dev/stdout /var/log/nginx/access.log \ diff --git a/stable/stretch/Dockerfile b/stable/stretch/Dockerfile index a37a6d40..da310f16 100644 --- a/stable/stretch/Dockerfile +++ b/stable/stretch/Dockerfile @@ -5,7 +5,8 @@ LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.12.1-1~stretch ENV NJS_VERSION 1.12.1.0.1.10-1~stretch -RUN apt-get update \ +RUN set -x \ + && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ @@ -20,17 +21,72 @@ RUN apt-get update \ apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - apt-get remove --purge -y gnupg1 && apt-get -y --purge autoremove && rm -rf /var/lib/apt/lists/* \ - && echo "deb http://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list \ - && apt-get update \ + apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ + && dpkgArch="$(dpkg --print-architecture)" \ + && nginxPackages=" \ + nginx=${NGINX_VERSION} \ + nginx-module-xslt=${NGINX_VERSION} \ + nginx-module-geoip=${NGINX_VERSION} \ + nginx-module-image-filter=${NGINX_VERSION} \ + nginx-module-njs=${NJS_VERSION} \ + " \ + && case "$dpkgArch" in \ + amd64|i386) \ +# arches officialy built by upstream + echo "deb http://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list \ + && apt-get update \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published source packages + echo "deb-src http://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list \ + \ +# new directory for storing sources and .deb files + && tempDir="$(mktemp -d)" \ + && chmod 777 "$tempDir" \ +# (777 to ensure APT's "_apt" user can access it too) + \ +# save list of currently-installed packages so build dependencies can be cleanly removed later + && savedAptMark="$(apt-mark showmanual)" \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + && apt-get update \ + && apt-get build-dep -y $nginxPackages \ + && ( \ + cd "$tempDir" \ + && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile $nginxPackages \ + ) \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + && apt-mark showmanual | xargs apt-mark auto > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + && ls -lAFh "$tempDir" \ + && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ + && grep '^Package: ' "$tempDir/Packages" \ + && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + && apt-get -o Acquire::GzipIndexes=false update \ + ;; \ + esac \ + \ && apt-get install --no-install-recommends --no-install-suggests -y \ - nginx=${NGINX_VERSION} \ - nginx-module-xslt=${NGINX_VERSION} \ - nginx-module-geoip=${NGINX_VERSION} \ - nginx-module-image-filter=${NGINX_VERSION} \ - nginx-module-njs=${NJS_VERSION} \ + $nginxPackages \ gettext-base \ - && rm -rf /var/lib/apt/lists/* + && rm -rf /var/lib/apt/lists/* \ + \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then \ + apt-get purge -y --auto-remove \ + && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi # forward request and error logs to docker log collector RUN ln -sf /dev/stdout /var/log/nginx/access.log \ From 96ea05e085d9715b4518c1f67f0fe8fabc78189a Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Tue, 5 Sep 2017 09:49:34 -0700 Subject: [PATCH 057/377] Add arm32v7, arm64v8, and ppc64le (and a note about Alpine variants) --- generate-stackbrew-library.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 43736661..95639aa4 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -79,7 +79,7 @@ for version in "${versions[@]}"; do echo cat <<-EOE Tags: $(join ', ' "${variantAliases[@]}") - Architectures: amd64, i386, s390x + Architectures: amd64, arm32v7, arm64v8, i386, ppc64le, s390x GitCommit: $commit Directory: $version/$variant EOE @@ -91,6 +91,8 @@ for version in "${versions[@]}"; do variantAliases=( "${versionAliases[@]/%/-$variant}" ) variantAliases=( "${variantAliases[@]//latest-/}" ) + # TODO Architectures once https://github.com/gliderlabs/docker-alpine/issues/304 is resolved + echo cat <<-EOE Tags: $(join ', ' "${variantAliases[@]}") From 1d2e2ccae2f6e478f628f4091d8a5c36a122a157 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 6 Sep 2017 12:36:58 +0300 Subject: [PATCH 058/377] Updated mainline nginx to 1.13.5 and njs to 0.1.13. --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 9a7bbe84..2579b27c 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.5 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.13.4 +ENV NGINX_VERSION 1.13.5 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 4c2c1df7..fa6c012b 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.5 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.13.4 +ENV NGINX_VERSION 1.13.5 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index 9931429f..7860ae71 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.13.4-1~stretch -ENV NJS_VERSION 1.13.4.0.1.12-1~stretch +ENV NGINX_VERSION 1.13.5-1~stretch +ENV NJS_VERSION 1.13.5.0.1.13-1~stretch RUN set -x \ && apt-get update \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index 407d1ab9..b39ab333 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.13.4-1~stretch -ENV NJS_VERSION 1.13.4.0.1.12-1~stretch +ENV NGINX_VERSION 1.13.5-1~stretch +ENV NJS_VERSION 1.13.5.0.1.13-1~stretch RUN set -x \ && apt-get update \ From 922d8a4f3a289c0a44aaefad60392965b031cfaf Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 6 Sep 2017 17:57:28 +0300 Subject: [PATCH 059/377] Added amplify-agent image variant. The image is based on stretch one. --- generate-stackbrew-library.sh | 18 ++ mainline/amplify/Dockerfile | 80 +++++++++ mainline/amplify/README.md | 207 +++++++++++++++++++++++ mainline/amplify/conf.d/stub_status.conf | 9 + mainline/amplify/entrypoint.sh | 77 +++++++++ 5 files changed, 391 insertions(+) create mode 100644 mainline/amplify/Dockerfile create mode 100644 mainline/amplify/README.md create mode 100644 mainline/amplify/conf.d/stub_status.conf create mode 100755 mainline/amplify/entrypoint.sh diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 95639aa4..2d431fa5 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -100,4 +100,22 @@ for version in "${versions[@]}"; do Directory: $version/$variant EOE done + + for variant in amplify; do + if [ "$version" == "stable" ]; then + continue + fi + commit="$(dirCommit "$version/$variant")" + + variantAliases=( "${versionAliases[@]/%/-$variant}" ) + variantAliases=( "${variantAliases[@]//latest-/}" ) + + echo + cat <<-EOE + Tags: $(join ', ' "${variantAliases[@]}") + GitCommit: $commit + Directory: $version/$variant + EOE + done + done diff --git a/mainline/amplify/Dockerfile b/mainline/amplify/Dockerfile new file mode 100644 index 00000000..0e42b118 --- /dev/null +++ b/mainline/amplify/Dockerfile @@ -0,0 +1,80 @@ +FROM debian:stretch-slim + +LABEL maintainer="NGINX Amplify Engineering" + +ENV NGINX_VERSION 1.13.5-1~stretch +ENV NJS_VERSION 1.13.5.0.1.13-1~stretch +ENV AMPLIFY_AGENT_VERSION 0.45-2~stretch + +RUN set -x \ + && deps="apt-transport-https apt-utils gnupg1 ca-certificates" \ + && apt-get update \ + && apt-get install --no-install-recommends --no-install-suggests -y $deps \ + && echo "deb https://packages.amplify.nginx.com/debian/ stretch amplify-agent" > /etc/apt/sources.list.d/nginx-amplify.list \ + && echo "deb http://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ + && \ + NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + found=''; \ + for server in \ + ha.pool.sks-keyservers.net \ + hkp://keyserver.ubuntu.com:80 \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ + apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + apt-get update \ + && nginxPackages=" \ + nginx=${NGINX_VERSION} \ + nginx-module-xslt=${NGINX_VERSION} \ + nginx-module-geoip=${NGINX_VERSION} \ + nginx-module-image-filter=${NGINX_VERSION} \ + nginx-module-njs=${NJS_VERSION} \ + nginx-amplify-agent=${AMPLIFY_AGENT_VERSION} \ + " \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + $nginxPackages \ + gettext-base \ + procps \ + && apt-get remove --purge --auto-remove -y $deps \ + && rm -rf /etc/apt/sources.list.d/nginx-amplify.list \ + && rm -rf /etc/apt/sources.list.d/nginx-amplify.list \ + && rm -rf /var/lib/apt/lists/* + +# Copy nginx stub_status config +COPY ./conf.d/stub_status.conf /etc/nginx/conf.d + +# API_KEY is required for configuring the NGINX Amplify Agent. +# It could be your real API key for NGINX Amplify here if you wanted +# to build your own image to host it in a private registry. +# However, including private keys in the Dockerfile is not recommended. +# Use the environment variables at runtime as described below. + +#ENV API_KEY 1234567890 + +# If AMPLIFY_IMAGENAME is set, the startup wrapper script will use it to +# generate the 'imagename' to put in the /etc/amplify-agent/agent.conf +# If several instances use the same 'imagename', the metrics will +# be aggregated into a single object in NGINX Amplify. Otherwise Amplify +# will create separate objects for monitoring (an object per instance). +# AMPLIFY_IMAGENAME can also be passed to the instance at runtime as +# described below. + +#ENV AMPLIFY_IMAGENAME my-docker-instance-123 + +# The /entrypoint.sh script will launch nginx and the Amplify Agent. +# The script honors API_KEY and AMPLIFY_IMAGENAME environment +# variables, and updates /etc/amplify-agent/agent.conf accordingly. + +COPY ./entrypoint.sh /entrypoint.sh + +# TO set/override API_KEY and AMPLIFY_IMAGENAME when starting an instance: +# docker run --name my-nginx1 -e API_KEY='..effc' -e AMPLIFY_IMAGENAME="service-name" -d nginx-amplify + +EXPOSE 80 + +STOPSIGNAL SIGTERM + +ENTRYPOINT ["/entrypoint.sh"] diff --git a/mainline/amplify/README.md b/mainline/amplify/README.md new file mode 100644 index 00000000..3bc74cd4 --- /dev/null +++ b/mainline/amplify/README.md @@ -0,0 +1,207 @@ + + + + +- [1. Overview](#1-overview) + - [1.1. NGINX Amplify Agent Inside Docker Container](#11-nginx-amplify-agent-inside-docker-container) + - [1.2. Standalone Mode](#12-standalone-mode) + - [1.3. Aggregate Mode](#13-aggregate-mode) + - [1.4. Current Limitations](#14-current-limitations) +- [2. How to Build and Run an Amplify-enabled NGINX image?](#2-how-to-build-and-run-an-amplify-enabled-nginx-image) + - [2.1. Building an Amplify-enabled image with NGINX](#21-building-an-amplify-enabled-image-with-nginx) + - [2.2. Running an Amplify-enabled NGINX Docker Container](#22-running-an-amplify-enabled-nginx-docker-container) + + + + +## 1. Overview + +[NGINX Amplify](https://amplify.nginx.com/signup/) is a free monitoring tool that can be used with a microservice architecture based on NGINX and Docker. Amplify is developed and maintained by Nginx Inc. — the company behind the NGINX software. + +With Amplify it is possible to collect and aggregate metrics across Docker containers, and present a coherent set of visualizations of the key NGINX performance data, such as active connections or requests per second. It is also easy to quickly check for any performance degradations, traffic anomalies, and get a deeper insight into the NGINX configuration in general. + +In order to use Amplify, a small Python-based agent software [Amplify Agent](https://github.com/nginxinc/nginx-amplify-agent) should be installed inside the container. + +The official documentation for Amplify is available [here](https://github.com/nginxinc/nginx-amplify-doc/blob/master/amplify-guide.md). + +### 1.1. NGINX Amplify Agent Inside Docker Container + +The Amplify Agent can be deployed in a Docker environment to monitor NGINX instances inside Docker containers. + +The "agent-inside-the-container" is currenly the only mode of operation. In other words, the agent should be running in the same container, next to the NGINX instance. + +### 1.2. Standalone Mode + +By default the agent will try to determine the OS `hostname` on startup (see the docs [here](https://github.com/nginxinc/nginx-amplify-doc/blob/master/amplify-guide.md#changing-the-hostname-and-uuid) for more information). The `hostname` is used to generate an UUID to uniquely identify the new object in the monitoring backend. + +This means that in the absence of the additional configuration steps, each new container started from an Amplify-enabled Docker image will be reported as a standalone system in the Amplify web user interface. Moreover, the reported hostname is typically something not easily readable. + +When using Amplify with Docker, another option is available and recommended — which is `imagename`. The `imagename` option tells the Amplify Agent that it's running in a container environment, and that the agent should collect and report metrics and metadata accordingly. + +If you prefer to see the individual instances started from the same image as separate objects, assign different `imagename` to each of the running instances. + +You can learn more about the agent configuration options [here](https://github.com/nginxinc/nginx-amplify-doc/blob/master/amplify-guide.md#configuring-the-agent). + +### 1.3. Aggregate Mode + +As described above, when reporting a new object for monitoring, the agent honors the `imagename` configuration option in the **/etc/amplify-agent/agent.conf** file. + +The `imagename` option should be set either in the Dockerfile or using the environment variables. + +It is possible to explicitly specify the same `imagename` for multiple instances. In this scenario, the metrics received from several agents will be aggregated internally on the backend side — with a single 'container'-type object created for monitoring. + +This way a combined view of various statistics can be obtained (e.g. for a "microservice"). For example, this combined view can display the total number of requests per second through all backend instances of a microservice. + +Containers with a common `imagename` do not have to share the same local Docker image or NGINX configuration. They can be located on different physical hosts too. + +To set a common `imagename` for several containers started from the Amplify-enabled image, you may either: + + * Configure it explicitly in the Dockerfile + + ``` + # If AMPLIFY_IMAGENAME is set, the startup wrapper script will use it to + # generate the 'imagename' to put in the /etc/amplify-agent/agent.conf + # If several instances use the same 'imagename', the metrics will + # be aggregated into a single object in NGINX Amplify. Otherwise Amplify + # will create separate objects for monitoring (an object per instance). + # AMPLIFY_IMAGENAME can also be passed to the instance at runtime as + # described below. + + ENV AMPLIFY_IMAGENAME my-docker-instance-123 + ``` + + or + + * Use the `-e` option with `docker run` as in + + ``` + docker run --name mynginx1 -e API_KEY=ffeedd0102030405060708 -e AMPLIFY_IMAGENAME=my-service-123 -d nginx-amplify + ``` + +### 1.4. Current Limitations + +The following list summarizes existing limitations of monitoring Docker containers with Amplify: + + * In order for the agent to collect [additional NGINX metrics](https://github.com/nginxinc/nginx-amplify-doc/blob/master/amplify-guide.md#additional-nginx-metrics) the NGINX logs should be kept inside the container (by default the NGINX logs are redirected to the Docker log collector). Alternatively the NGINX logs can be fed to the agent via [syslog](https://github.com/nginxinc/nginx-amplify-doc/blob/master/amplify-guide.md#configuring-syslog). + * In "aggregate" mode, some of the OS metrics and metadata are not collected (e.g. hostnames, CPU usage, Disk I/O metrics, network interface configuration). + * The agent can only monitor NGINX from inside the container. It is not currently possible to run the agent in a separate container and monitor the neighboring containers running NGINX. + +We've been working on improving the support for Docker even more. Stay tuned! + +## 2. How to Build and Run an Amplify-enabled NGINX image? + +### 2.1. Building an Amplify-enabled image with NGINX + +(**Note**: If you are really new to Docker, [here's](https://docs.docker.com/engine/installation/) how to install Docker Engine on various OS.) + +Let's pick our official [NGINX Docker image](https://hub.docker.com/_/nginx/) as a good example. The Dockerfile that we're going to use for an Amplify-enabled image is [part of this repo](https://github.com/nginxinc/docker-nginx-amplify/blob/master/Dockerfile). + +Here's how you can build the Docker image with the Amplify Agent inside, based on the official NGINX image: + +``` +git clone https://github.com/nginxinc/docker-nginx-amplify.git +``` + +``` +cd docker-nginx-amplify +``` + +``` +docker build -t nginx-amplify . +``` + +After the image is built, check the list of Docker images: + +``` +docker images +``` + +``` +REPOSITORY TAG IMAGE ID CREATED SIZE +nginx-amplify latest d039b39d2987 3 minutes ago 241.6 MB +``` + +### 2.2. Running an Amplify-enabled NGINX Docker Container + +Unless already done, you have to [sign up](https://amplify.nginx.com/signup/), create an account in NGINX Amplify, and obtain a valid API_KEY. + +To start a container from the new image, use the command below: + +``` +docker run --name mynginx1 -e API_KEY=ffeedd0102030405060708 -e AMPLIFY_IMAGENAME=my-service-123 -d nginx-amplify +``` + +where the API_KEY is that assigned to your NGINX Amplify account, and the AMPLIFY_IMAGENAME is set to identify the running service as described in sections 1.2 and 1.3 above. + +After the container has started, you may check its status with `docker ps`: + +``` +docker ps +``` + +``` +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +7d7b47ba4c72 nginx-amplify "/entrypoint.sh" 3 seconds ago Up 2 seconds 80/tcp, 443/tcp mynginx1 +``` + +and you can also check `docker logs`: + +``` +docker logs 7d7b47ba4c72 +``` + +``` +starting nginx ... +updating /etc/amplify-agent/agent.conf ... +---> using api_key = ffeedd0102030405060708 +---> using imagename = my-service-123 +starting amplify-agent ... +``` + +Check what processes have started: + +``` +docker exec 7d7b47ba4c72 ps axu +``` + +``` +USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND +root 1 0.0 0.1 4328 676 ? Ss 19:33 0:00 /bin/sh /entrypoint.sh +root 5 0.0 0.5 31596 2832 ? S 19:33 0:00 nginx: master process nginx -g daemon off; +nginx 11 0.0 0.3 31988 1968 ? S 19:33 0:00 nginx: worker process +nginx 65 0.6 9.1 111584 45884 ? S 19:33 0:06 amplify-agent +``` + +If you see the **amplify-agent** process, it all went smoothly, and you should see the new container in the Amplify web user interface in about a minute or so. + +Check the Amplify Agent log: + +``` +docker exec 7d7b47ba4c72 tail /var/log/amplify-agent/agent.log +``` + +``` +2016-08-05 19:49:39,001 [65] supervisor agent started, version=0.37-1 pid=65 uuid=<..> imagename=my-service-123 +2016-08-05 19:49:39,047 [65] nginx_config running nginx -t -c /etc/nginx/nginx.conf +2016-08-05 19:49:40,047 [65] supervisor post https://receiver.amplify.nginx.com:443/<..>/ffeedd0102030405060708/agent/ 200 85 4 0.096 +2016-08-05 19:50:24,674 [65] bridge_manager post https://receiver.amplify.nginx.com:443/<..>/ffeedd0102030405060708/update/ 202 2370 0 0.084 +``` + +When you're done with the container, you can stop it like the following: + +``` +docker stop 7d7b47ba4c72 +``` + +To check the status of all containers (running and stopped): + +``` +docker ps -a +``` + +``` +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +7d7b47ba4c72 nginx-amplify "/entrypoint.sh" 22 minutes ago Exited (137) 19 seconds ago mynginx1 +``` + +Happy monitoring, and feel free to send us questions, opinions, and any feedback in general. diff --git a/mainline/amplify/conf.d/stub_status.conf b/mainline/amplify/conf.d/stub_status.conf new file mode 100644 index 00000000..e9bea0c8 --- /dev/null +++ b/mainline/amplify/conf.d/stub_status.conf @@ -0,0 +1,9 @@ +server { + listen 127.0.0.1:80; + server_name 127.0.0.1; + location /nginx_status { + stub_status on; + allow 127.0.0.1; + deny all; + } + } diff --git a/mainline/amplify/entrypoint.sh b/mainline/amplify/entrypoint.sh new file mode 100755 index 00000000..2b5afa8e --- /dev/null +++ b/mainline/amplify/entrypoint.sh @@ -0,0 +1,77 @@ +#!/bin/sh +# +# This script launches nginx and the NGINX Amplify Agent. +# +# Unless already baked in the image, a real API_KEY is required for the +# NGINX Amplify Agent to be able to connect to the backend. +# +# If AMPLIFY_IMAGENAME is set, the script will use it to generate +# the 'imagename' to put in the /etc/amplify-agent/agent.conf +# +# If several instances use the same imagename, the metrics will +# be aggregated into a single object in Amplify. Otherwise NGINX Amplify +# will create separate objects for monitoring (an object per instance). +# + +# Variables +agent_conf_file="/etc/amplify-agent/agent.conf" +agent_log_file="/var/log/amplify-agent/agent.log" +nginx_status_conf="/etc/nginx/conf.d/stub_status.conf" +api_key="" +amplify_imagename="" + +# Launch nginx +echo "starting nginx ..." +nginx -g "daemon off;" & + +nginx_pid=$! + +test -n "${API_KEY}" && \ + api_key=${API_KEY} + +test -n "${AMPLIFY_IMAGENAME}" && \ + amplify_imagename=${AMPLIFY_IMAGENAME} + +if [ -n "${api_key}" -o -n "${amplify_imagename}" ]; then + echo "updating ${agent_conf_file} ..." + + if [ ! -f "${agent_conf_file}" ]; then + test -f "${agent_conf_file}.default" && \ + cp -p "${agent_conf_file}.default" "${agent_conf_file}" || \ + { echo "no ${agent_conf_file}.default found! exiting."; exit 1; } + fi + + test -n "${api_key}" && \ + echo " ---> using api_key = ${api_key}" && \ + sh -c "sed -i.old -e 's/api_key.*$/api_key = $api_key/' \ + ${agent_conf_file}" + + test -n "${amplify_imagename}" && \ + echo " ---> using imagename = ${amplify_imagename}" && \ + sh -c "sed -i.old -e 's/imagename.*$/imagename = $amplify_imagename/' \ + ${agent_conf_file}" + + test -f "${agent_conf_file}" && \ + chmod 644 ${agent_conf_file} && \ + chown nginx ${agent_conf_file} > /dev/null 2>&1 + + test -f "${nginx_status_conf}" && \ + chmod 644 ${nginx_status_conf} && \ + chown nginx ${nginx_status_conf} > /dev/null 2>&1 +fi + +if ! grep '^api_key.*=[ ]*[[:alnum:]].*' ${agent_conf_file} > /dev/null 2>&1; then + echo "no api_key found in ${agent_conf_file}! exiting." +fi + +echo "starting amplify-agent ..." +service amplify-agent start > /dev/null 2>&1 < /dev/null + +if [ $? != 0 ]; then + echo "couldn't start the agent, please check ${agent_log_file}" + exit 1 +fi + +wait ${nginx_pid} + +echo "nginx master process has stopped, exiting." From 48a4c531fc4bfa80d4270f20a67e2e958856860c Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 6 Sep 2017 18:51:59 +0300 Subject: [PATCH 060/377] Added new architectures for non-perl tags as well. Seems forgotten in 94eb6429613179a2d30a666c30912d5f2e1d5c93. --- generate-stackbrew-library.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 2d431fa5..a2acd48c 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -65,7 +65,7 @@ for version in "${versions[@]}"; do echo cat <<-EOE Tags: $(join ', ' "${versionAliases[@]}") - Architectures: amd64, i386, s390x + Architectures: amd64, arm32v7, arm64v8, i386, ppc64le, s390x GitCommit: $commit Directory: $version/$base EOE From e16f9b57ab01d9391b2ba3b1351fb3fbd9fc2084 Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Fri, 22 Sep 2017 15:21:01 -0700 Subject: [PATCH 061/377] Adjust scanelf to ignore local libs Signed-off-by: Konstantin Pavlov --- mainline/alpine/Dockerfile | 7 +++---- stable/alpine/Dockerfile | 7 +++---- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index fa6c012b..cea8c94c 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -118,11 +118,10 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && mv /usr/bin/envsubst /tmp/ \ \ && runDeps="$( \ - scanelf --needed --nobanner /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \ - | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ - | sort -u \ - | xargs -r apk info --installed \ + scanelf --needed --nobanner --format '%n#p' /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \ + | tr ',' '\n' \ | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ )" \ && apk add --no-cache --virtual .nginx-rundeps $runDeps \ && apk del .build-deps \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 3a4093e5..01894ea2 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -118,11 +118,10 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && mv /usr/bin/envsubst /tmp/ \ \ && runDeps="$( \ - scanelf --needed --nobanner /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \ - | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ - | sort -u \ - | xargs -r apk info --installed \ + scanelf --needed --nobanner --format '%n#p' /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \ + | tr ',' '\n' \ | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ )" \ && apk add --no-cache --virtual .nginx-rundeps $runDeps \ && apk del .build-deps \ From 3ba04e37d8f9ed7709fd30bf4dc6c36554e578ac Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 10 Oct 2017 19:53:55 +0300 Subject: [PATCH 062/377] Updated mainline nginx to 1.13.6, njs to 0.1.14 and amplify-agent to 0.46-2. --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/amplify/Dockerfile | 6 +++--- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 2579b27c..c2746acc 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.5 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.13.5 +ENV NGINX_VERSION 1.13.6 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index cea8c94c..8868666d 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.5 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.13.5 +ENV NGINX_VERSION 1.13.6 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/amplify/Dockerfile b/mainline/amplify/Dockerfile index 0e42b118..f020604e 100644 --- a/mainline/amplify/Dockerfile +++ b/mainline/amplify/Dockerfile @@ -2,9 +2,9 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Amplify Engineering" -ENV NGINX_VERSION 1.13.5-1~stretch -ENV NJS_VERSION 1.13.5.0.1.13-1~stretch -ENV AMPLIFY_AGENT_VERSION 0.45-2~stretch +ENV NGINX_VERSION 1.13.6-1~stretch +ENV NJS_VERSION 1.13.6.0.1.14-1~stretch +ENV AMPLIFY_AGENT_VERSION 0.46-2~stretch RUN set -x \ && deps="apt-transport-https apt-utils gnupg1 ca-certificates" \ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index 7860ae71..5a9e590b 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.13.5-1~stretch -ENV NJS_VERSION 1.13.5.0.1.13-1~stretch +ENV NGINX_VERSION 1.13.6-1~stretch +ENV NJS_VERSION 1.13.6.0.1.14-1~stretch RUN set -x \ && apt-get update \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index b39ab333..fbfc09e2 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.13.5-1~stretch -ENV NJS_VERSION 1.13.5.0.1.13-1~stretch +ENV NGINX_VERSION 1.13.6-1~stretch +ENV NJS_VERSION 1.13.6.0.1.14-1~stretch RUN set -x \ && apt-get update \ From 12fbe201aef2ffebba809e223460f5bf3dc9b445 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 27 Oct 2017 17:21:34 -0400 Subject: [PATCH 063/377] Removed amplify agent. --- generate-stackbrew-library.sh | 17 -- mainline/amplify/Dockerfile | 80 --------- mainline/amplify/README.md | 207 ----------------------- mainline/amplify/conf.d/stub_status.conf | 9 - mainline/amplify/entrypoint.sh | 77 --------- 5 files changed, 390 deletions(-) delete mode 100644 mainline/amplify/Dockerfile delete mode 100644 mainline/amplify/README.md delete mode 100644 mainline/amplify/conf.d/stub_status.conf delete mode 100755 mainline/amplify/entrypoint.sh diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index a2acd48c..73418f82 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -101,21 +101,4 @@ for version in "${versions[@]}"; do EOE done - for variant in amplify; do - if [ "$version" == "stable" ]; then - continue - fi - commit="$(dirCommit "$version/$variant")" - - variantAliases=( "${versionAliases[@]/%/-$variant}" ) - variantAliases=( "${variantAliases[@]//latest-/}" ) - - echo - cat <<-EOE - Tags: $(join ', ' "${variantAliases[@]}") - GitCommit: $commit - Directory: $version/$variant - EOE - done - done diff --git a/mainline/amplify/Dockerfile b/mainline/amplify/Dockerfile deleted file mode 100644 index f020604e..00000000 --- a/mainline/amplify/Dockerfile +++ /dev/null @@ -1,80 +0,0 @@ -FROM debian:stretch-slim - -LABEL maintainer="NGINX Amplify Engineering" - -ENV NGINX_VERSION 1.13.6-1~stretch -ENV NJS_VERSION 1.13.6.0.1.14-1~stretch -ENV AMPLIFY_AGENT_VERSION 0.46-2~stretch - -RUN set -x \ - && deps="apt-transport-https apt-utils gnupg1 ca-certificates" \ - && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y $deps \ - && echo "deb https://packages.amplify.nginx.com/debian/ stretch amplify-agent" > /etc/apt/sources.list.d/nginx-amplify.list \ - && echo "deb http://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ - && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ - found=''; \ - for server in \ - ha.pool.sks-keyservers.net \ - hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - apt-get update \ - && nginxPackages=" \ - nginx=${NGINX_VERSION} \ - nginx-module-xslt=${NGINX_VERSION} \ - nginx-module-geoip=${NGINX_VERSION} \ - nginx-module-image-filter=${NGINX_VERSION} \ - nginx-module-njs=${NJS_VERSION} \ - nginx-amplify-agent=${AMPLIFY_AGENT_VERSION} \ - " \ - && apt-get install --no-install-recommends --no-install-suggests -y \ - $nginxPackages \ - gettext-base \ - procps \ - && apt-get remove --purge --auto-remove -y $deps \ - && rm -rf /etc/apt/sources.list.d/nginx-amplify.list \ - && rm -rf /etc/apt/sources.list.d/nginx-amplify.list \ - && rm -rf /var/lib/apt/lists/* - -# Copy nginx stub_status config -COPY ./conf.d/stub_status.conf /etc/nginx/conf.d - -# API_KEY is required for configuring the NGINX Amplify Agent. -# It could be your real API key for NGINX Amplify here if you wanted -# to build your own image to host it in a private registry. -# However, including private keys in the Dockerfile is not recommended. -# Use the environment variables at runtime as described below. - -#ENV API_KEY 1234567890 - -# If AMPLIFY_IMAGENAME is set, the startup wrapper script will use it to -# generate the 'imagename' to put in the /etc/amplify-agent/agent.conf -# If several instances use the same 'imagename', the metrics will -# be aggregated into a single object in NGINX Amplify. Otherwise Amplify -# will create separate objects for monitoring (an object per instance). -# AMPLIFY_IMAGENAME can also be passed to the instance at runtime as -# described below. - -#ENV AMPLIFY_IMAGENAME my-docker-instance-123 - -# The /entrypoint.sh script will launch nginx and the Amplify Agent. -# The script honors API_KEY and AMPLIFY_IMAGENAME environment -# variables, and updates /etc/amplify-agent/agent.conf accordingly. - -COPY ./entrypoint.sh /entrypoint.sh - -# TO set/override API_KEY and AMPLIFY_IMAGENAME when starting an instance: -# docker run --name my-nginx1 -e API_KEY='..effc' -e AMPLIFY_IMAGENAME="service-name" -d nginx-amplify - -EXPOSE 80 - -STOPSIGNAL SIGTERM - -ENTRYPOINT ["/entrypoint.sh"] diff --git a/mainline/amplify/README.md b/mainline/amplify/README.md deleted file mode 100644 index 3bc74cd4..00000000 --- a/mainline/amplify/README.md +++ /dev/null @@ -1,207 +0,0 @@ - - - - -- [1. Overview](#1-overview) - - [1.1. NGINX Amplify Agent Inside Docker Container](#11-nginx-amplify-agent-inside-docker-container) - - [1.2. Standalone Mode](#12-standalone-mode) - - [1.3. Aggregate Mode](#13-aggregate-mode) - - [1.4. Current Limitations](#14-current-limitations) -- [2. How to Build and Run an Amplify-enabled NGINX image?](#2-how-to-build-and-run-an-amplify-enabled-nginx-image) - - [2.1. Building an Amplify-enabled image with NGINX](#21-building-an-amplify-enabled-image-with-nginx) - - [2.2. Running an Amplify-enabled NGINX Docker Container](#22-running-an-amplify-enabled-nginx-docker-container) - - - - -## 1. Overview - -[NGINX Amplify](https://amplify.nginx.com/signup/) is a free monitoring tool that can be used with a microservice architecture based on NGINX and Docker. Amplify is developed and maintained by Nginx Inc. — the company behind the NGINX software. - -With Amplify it is possible to collect and aggregate metrics across Docker containers, and present a coherent set of visualizations of the key NGINX performance data, such as active connections or requests per second. It is also easy to quickly check for any performance degradations, traffic anomalies, and get a deeper insight into the NGINX configuration in general. - -In order to use Amplify, a small Python-based agent software [Amplify Agent](https://github.com/nginxinc/nginx-amplify-agent) should be installed inside the container. - -The official documentation for Amplify is available [here](https://github.com/nginxinc/nginx-amplify-doc/blob/master/amplify-guide.md). - -### 1.1. NGINX Amplify Agent Inside Docker Container - -The Amplify Agent can be deployed in a Docker environment to monitor NGINX instances inside Docker containers. - -The "agent-inside-the-container" is currenly the only mode of operation. In other words, the agent should be running in the same container, next to the NGINX instance. - -### 1.2. Standalone Mode - -By default the agent will try to determine the OS `hostname` on startup (see the docs [here](https://github.com/nginxinc/nginx-amplify-doc/blob/master/amplify-guide.md#changing-the-hostname-and-uuid) for more information). The `hostname` is used to generate an UUID to uniquely identify the new object in the monitoring backend. - -This means that in the absence of the additional configuration steps, each new container started from an Amplify-enabled Docker image will be reported as a standalone system in the Amplify web user interface. Moreover, the reported hostname is typically something not easily readable. - -When using Amplify with Docker, another option is available and recommended — which is `imagename`. The `imagename` option tells the Amplify Agent that it's running in a container environment, and that the agent should collect and report metrics and metadata accordingly. - -If you prefer to see the individual instances started from the same image as separate objects, assign different `imagename` to each of the running instances. - -You can learn more about the agent configuration options [here](https://github.com/nginxinc/nginx-amplify-doc/blob/master/amplify-guide.md#configuring-the-agent). - -### 1.3. Aggregate Mode - -As described above, when reporting a new object for monitoring, the agent honors the `imagename` configuration option in the **/etc/amplify-agent/agent.conf** file. - -The `imagename` option should be set either in the Dockerfile or using the environment variables. - -It is possible to explicitly specify the same `imagename` for multiple instances. In this scenario, the metrics received from several agents will be aggregated internally on the backend side — with a single 'container'-type object created for monitoring. - -This way a combined view of various statistics can be obtained (e.g. for a "microservice"). For example, this combined view can display the total number of requests per second through all backend instances of a microservice. - -Containers with a common `imagename` do not have to share the same local Docker image or NGINX configuration. They can be located on different physical hosts too. - -To set a common `imagename` for several containers started from the Amplify-enabled image, you may either: - - * Configure it explicitly in the Dockerfile - - ``` - # If AMPLIFY_IMAGENAME is set, the startup wrapper script will use it to - # generate the 'imagename' to put in the /etc/amplify-agent/agent.conf - # If several instances use the same 'imagename', the metrics will - # be aggregated into a single object in NGINX Amplify. Otherwise Amplify - # will create separate objects for monitoring (an object per instance). - # AMPLIFY_IMAGENAME can also be passed to the instance at runtime as - # described below. - - ENV AMPLIFY_IMAGENAME my-docker-instance-123 - ``` - - or - - * Use the `-e` option with `docker run` as in - - ``` - docker run --name mynginx1 -e API_KEY=ffeedd0102030405060708 -e AMPLIFY_IMAGENAME=my-service-123 -d nginx-amplify - ``` - -### 1.4. Current Limitations - -The following list summarizes existing limitations of monitoring Docker containers with Amplify: - - * In order for the agent to collect [additional NGINX metrics](https://github.com/nginxinc/nginx-amplify-doc/blob/master/amplify-guide.md#additional-nginx-metrics) the NGINX logs should be kept inside the container (by default the NGINX logs are redirected to the Docker log collector). Alternatively the NGINX logs can be fed to the agent via [syslog](https://github.com/nginxinc/nginx-amplify-doc/blob/master/amplify-guide.md#configuring-syslog). - * In "aggregate" mode, some of the OS metrics and metadata are not collected (e.g. hostnames, CPU usage, Disk I/O metrics, network interface configuration). - * The agent can only monitor NGINX from inside the container. It is not currently possible to run the agent in a separate container and monitor the neighboring containers running NGINX. - -We've been working on improving the support for Docker even more. Stay tuned! - -## 2. How to Build and Run an Amplify-enabled NGINX image? - -### 2.1. Building an Amplify-enabled image with NGINX - -(**Note**: If you are really new to Docker, [here's](https://docs.docker.com/engine/installation/) how to install Docker Engine on various OS.) - -Let's pick our official [NGINX Docker image](https://hub.docker.com/_/nginx/) as a good example. The Dockerfile that we're going to use for an Amplify-enabled image is [part of this repo](https://github.com/nginxinc/docker-nginx-amplify/blob/master/Dockerfile). - -Here's how you can build the Docker image with the Amplify Agent inside, based on the official NGINX image: - -``` -git clone https://github.com/nginxinc/docker-nginx-amplify.git -``` - -``` -cd docker-nginx-amplify -``` - -``` -docker build -t nginx-amplify . -``` - -After the image is built, check the list of Docker images: - -``` -docker images -``` - -``` -REPOSITORY TAG IMAGE ID CREATED SIZE -nginx-amplify latest d039b39d2987 3 minutes ago 241.6 MB -``` - -### 2.2. Running an Amplify-enabled NGINX Docker Container - -Unless already done, you have to [sign up](https://amplify.nginx.com/signup/), create an account in NGINX Amplify, and obtain a valid API_KEY. - -To start a container from the new image, use the command below: - -``` -docker run --name mynginx1 -e API_KEY=ffeedd0102030405060708 -e AMPLIFY_IMAGENAME=my-service-123 -d nginx-amplify -``` - -where the API_KEY is that assigned to your NGINX Amplify account, and the AMPLIFY_IMAGENAME is set to identify the running service as described in sections 1.2 and 1.3 above. - -After the container has started, you may check its status with `docker ps`: - -``` -docker ps -``` - -``` -CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -7d7b47ba4c72 nginx-amplify "/entrypoint.sh" 3 seconds ago Up 2 seconds 80/tcp, 443/tcp mynginx1 -``` - -and you can also check `docker logs`: - -``` -docker logs 7d7b47ba4c72 -``` - -``` -starting nginx ... -updating /etc/amplify-agent/agent.conf ... ----> using api_key = ffeedd0102030405060708 ----> using imagename = my-service-123 -starting amplify-agent ... -``` - -Check what processes have started: - -``` -docker exec 7d7b47ba4c72 ps axu -``` - -``` -USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND -root 1 0.0 0.1 4328 676 ? Ss 19:33 0:00 /bin/sh /entrypoint.sh -root 5 0.0 0.5 31596 2832 ? S 19:33 0:00 nginx: master process nginx -g daemon off; -nginx 11 0.0 0.3 31988 1968 ? S 19:33 0:00 nginx: worker process -nginx 65 0.6 9.1 111584 45884 ? S 19:33 0:06 amplify-agent -``` - -If you see the **amplify-agent** process, it all went smoothly, and you should see the new container in the Amplify web user interface in about a minute or so. - -Check the Amplify Agent log: - -``` -docker exec 7d7b47ba4c72 tail /var/log/amplify-agent/agent.log -``` - -``` -2016-08-05 19:49:39,001 [65] supervisor agent started, version=0.37-1 pid=65 uuid=<..> imagename=my-service-123 -2016-08-05 19:49:39,047 [65] nginx_config running nginx -t -c /etc/nginx/nginx.conf -2016-08-05 19:49:40,047 [65] supervisor post https://receiver.amplify.nginx.com:443/<..>/ffeedd0102030405060708/agent/ 200 85 4 0.096 -2016-08-05 19:50:24,674 [65] bridge_manager post https://receiver.amplify.nginx.com:443/<..>/ffeedd0102030405060708/update/ 202 2370 0 0.084 -``` - -When you're done with the container, you can stop it like the following: - -``` -docker stop 7d7b47ba4c72 -``` - -To check the status of all containers (running and stopped): - -``` -docker ps -a -``` - -``` -CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -7d7b47ba4c72 nginx-amplify "/entrypoint.sh" 22 minutes ago Exited (137) 19 seconds ago mynginx1 -``` - -Happy monitoring, and feel free to send us questions, opinions, and any feedback in general. diff --git a/mainline/amplify/conf.d/stub_status.conf b/mainline/amplify/conf.d/stub_status.conf deleted file mode 100644 index e9bea0c8..00000000 --- a/mainline/amplify/conf.d/stub_status.conf +++ /dev/null @@ -1,9 +0,0 @@ -server { - listen 127.0.0.1:80; - server_name 127.0.0.1; - location /nginx_status { - stub_status on; - allow 127.0.0.1; - deny all; - } - } diff --git a/mainline/amplify/entrypoint.sh b/mainline/amplify/entrypoint.sh deleted file mode 100755 index 2b5afa8e..00000000 --- a/mainline/amplify/entrypoint.sh +++ /dev/null @@ -1,77 +0,0 @@ -#!/bin/sh -# -# This script launches nginx and the NGINX Amplify Agent. -# -# Unless already baked in the image, a real API_KEY is required for the -# NGINX Amplify Agent to be able to connect to the backend. -# -# If AMPLIFY_IMAGENAME is set, the script will use it to generate -# the 'imagename' to put in the /etc/amplify-agent/agent.conf -# -# If several instances use the same imagename, the metrics will -# be aggregated into a single object in Amplify. Otherwise NGINX Amplify -# will create separate objects for monitoring (an object per instance). -# - -# Variables -agent_conf_file="/etc/amplify-agent/agent.conf" -agent_log_file="/var/log/amplify-agent/agent.log" -nginx_status_conf="/etc/nginx/conf.d/stub_status.conf" -api_key="" -amplify_imagename="" - -# Launch nginx -echo "starting nginx ..." -nginx -g "daemon off;" & - -nginx_pid=$! - -test -n "${API_KEY}" && \ - api_key=${API_KEY} - -test -n "${AMPLIFY_IMAGENAME}" && \ - amplify_imagename=${AMPLIFY_IMAGENAME} - -if [ -n "${api_key}" -o -n "${amplify_imagename}" ]; then - echo "updating ${agent_conf_file} ..." - - if [ ! -f "${agent_conf_file}" ]; then - test -f "${agent_conf_file}.default" && \ - cp -p "${agent_conf_file}.default" "${agent_conf_file}" || \ - { echo "no ${agent_conf_file}.default found! exiting."; exit 1; } - fi - - test -n "${api_key}" && \ - echo " ---> using api_key = ${api_key}" && \ - sh -c "sed -i.old -e 's/api_key.*$/api_key = $api_key/' \ - ${agent_conf_file}" - - test -n "${amplify_imagename}" && \ - echo " ---> using imagename = ${amplify_imagename}" && \ - sh -c "sed -i.old -e 's/imagename.*$/imagename = $amplify_imagename/' \ - ${agent_conf_file}" - - test -f "${agent_conf_file}" && \ - chmod 644 ${agent_conf_file} && \ - chown nginx ${agent_conf_file} > /dev/null 2>&1 - - test -f "${nginx_status_conf}" && \ - chmod 644 ${nginx_status_conf} && \ - chown nginx ${nginx_status_conf} > /dev/null 2>&1 -fi - -if ! grep '^api_key.*=[ ]*[[:alnum:]].*' ${agent_conf_file} > /dev/null 2>&1; then - echo "no api_key found in ${agent_conf_file}! exiting." -fi - -echo "starting amplify-agent ..." -service amplify-agent start > /dev/null 2>&1 < /dev/null - -if [ $? != 0 ]; then - echo "couldn't start the agent, please check ${agent_log_file}" - exit 1 -fi - -wait ${nginx_pid} - -echo "nginx master process has stopped, exiting." From 72ac2226580ee73c170163dbe6e4436373b6ece9 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 27 Oct 2017 17:24:20 -0400 Subject: [PATCH 064/377] Upgraded stable nginx to 1.12.2 --- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- stable/stretch-perl/Dockerfile | 4 ++-- stable/stretch/Dockerfile | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index de8f3041..bfe6aea2 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.5 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.12.1 +ENV NGINX_VERSION 1.12.2 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 01894ea2..6c923fca 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.5 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.12.1 +ENV NGINX_VERSION 1.12.2 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/stable/stretch-perl/Dockerfile b/stable/stretch-perl/Dockerfile index 503c1412..6f3a3246 100644 --- a/stable/stretch-perl/Dockerfile +++ b/stable/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.12.1-1~stretch -ENV NJS_VERSION 1.12.1.0.1.10-1~stretch +ENV NGINX_VERSION 1.12.2-1~stretch +ENV NJS_VERSION 1.12.2.0.1.14-1~stretch RUN set -x \ && apt-get update \ diff --git a/stable/stretch/Dockerfile b/stable/stretch/Dockerfile index da310f16..f147713f 100644 --- a/stable/stretch/Dockerfile +++ b/stable/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.12.1-1~stretch -ENV NJS_VERSION 1.12.1.0.1.10-1~stretch +ENV NGINX_VERSION 1.12.2-1~stretch +ENV NJS_VERSION 1.12.2.0.1.14-1~stretch RUN set -x \ && apt-get update \ From c8bfb9b5260d4ad308deac5343b73b027f684375 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 22 Nov 2017 14:13:54 +0300 Subject: [PATCH 065/377] Updated mainline nginx to 1.13.7. --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index c2746acc..6ef5b03b 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.5 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.13.6 +ENV NGINX_VERSION 1.13.7 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 8868666d..c027c1eb 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.5 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.13.6 +ENV NGINX_VERSION 1.13.7 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index 5a9e590b..3ac0d326 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.13.6-1~stretch -ENV NJS_VERSION 1.13.6.0.1.14-1~stretch +ENV NGINX_VERSION 1.13.7-1~stretch +ENV NJS_VERSION 1.13.7.0.1.15-1~stretch RUN set -x \ && apt-get update \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index fbfc09e2..e6aa79ac 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.13.6-1~stretch -ENV NJS_VERSION 1.13.6.0.1.14-1~stretch +ENV NGINX_VERSION 1.13.7-1~stretch +ENV NJS_VERSION 1.13.7.0.1.15-1~stretch RUN set -x \ && apt-get update \ From 7c7ca54eee0a1ea6f610cd5db4b97f69c27b0ed3 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 21 Dec 2017 14:32:22 +0300 Subject: [PATCH 066/377] Added tzdata package to alpine variants. Closes: #204 Closes: #149 Closes: #150 --- mainline/alpine-perl/Dockerfile | 4 ++++ mainline/alpine/Dockerfile | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 6ef5b03b..e0ec908e 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -133,6 +133,10 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && apk del .gettext \ && mv /tmp/envsubst /usr/local/bin/ \ \ + # Bring in tzdata so users could set the timezones through the environment + # variables + && apk add --no-cache tzdata \ + \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index c027c1eb..77999cb6 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -128,6 +128,10 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && apk del .gettext \ && mv /tmp/envsubst /usr/local/bin/ \ \ + # Bring in tzdata so users could set the timezones through the environment + # variables + && apk add --no-cache tzdata \ + \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log From 77e314a52b206ec18833df66e898c22658d3a486 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 21 Dec 2017 14:37:56 +0300 Subject: [PATCH 067/377] Added tzdata package to stable alpine variants as well. --- stable/alpine-perl/Dockerfile | 4 ++++ stable/alpine/Dockerfile | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index bfe6aea2..b945f44b 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -133,6 +133,10 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && apk del .gettext \ && mv /tmp/envsubst /usr/local/bin/ \ \ + # Bring in tzdata so users could set the timezones through the environment + # variables + && apk add --no-cache tzdata \ + \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 6c923fca..a5180629 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -128,6 +128,10 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && apk del .gettext \ && mv /tmp/envsubst /usr/local/bin/ \ \ + # Bring in tzdata so users could set the timezones through the environment + # variables + && apk add --no-cache tzdata \ + \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log From f8fad321cf58d5cbcafa3d9fa15314b8a77b5e65 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 26 Dec 2017 20:09:32 +0300 Subject: [PATCH 068/377] Updated mainline nginx to 1.13.8. --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index e0ec908e..3d8b6b77 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.5 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.13.7 +ENV NGINX_VERSION 1.13.8 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 77999cb6..f56770e1 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.5 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.13.7 +ENV NGINX_VERSION 1.13.8 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index 3ac0d326..7065ba3b 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.13.7-1~stretch -ENV NJS_VERSION 1.13.7.0.1.15-1~stretch +ENV NGINX_VERSION 1.13.8-1~stretch +ENV NJS_VERSION 1.13.8.0.1.15-1~stretch RUN set -x \ && apt-get update \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index e6aa79ac..d3819862 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.13.7-1~stretch -ENV NJS_VERSION 1.13.7.0.1.15-1~stretch +ENV NGINX_VERSION 1.13.8-1~stretch +ENV NJS_VERSION 1.13.8.0.1.15-1~stretch RUN set -x \ && apt-get update \ From cc3dd184b1b1ae79529616e292896366489774b0 Mon Sep 17 00:00:00 2001 From: J0WI Date: Tue, 17 Oct 2017 18:23:10 +0200 Subject: [PATCH 069/377] Use HTTPS to fetch nginx sources Signed-off-by: Konstantin Pavlov --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- stable/alpine-perl/Dockerfile | 4 ++-- stable/alpine/Dockerfile | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 3d8b6b77..df9ff81b 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -67,8 +67,8 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ gd-dev \ geoip-dev \ perl-dev \ - && curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ - && curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ + && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ + && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ && export GNUPGHOME="$(mktemp -d)" \ && found=''; \ for server in \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index f56770e1..5d855f16 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -65,8 +65,8 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ libxslt-dev \ gd-dev \ geoip-dev \ - && curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ - && curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ + && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ + && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ && export GNUPGHOME="$(mktemp -d)" \ && found=''; \ for server in \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index b945f44b..2d7c51c6 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -67,8 +67,8 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ gd-dev \ geoip-dev \ perl-dev \ - && curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ - && curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ + && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ + && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ && export GNUPGHOME="$(mktemp -d)" \ && found=''; \ for server in \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index a5180629..75c868a4 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -65,8 +65,8 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ libxslt-dev \ gd-dev \ geoip-dev \ - && curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ - && curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ + && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ + && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ && export GNUPGHOME="$(mktemp -d)" \ && found=''; \ for server in \ From 26d7731f0a7b182c8fea76610dd7aa9a3369ab48 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 28 Dec 2017 14:39:05 +0300 Subject: [PATCH 070/377] Use https to fetch nginx packages. --- mainline/stretch-perl/Dockerfile | 8 ++++---- mainline/stretch/Dockerfile | 8 ++++---- stable/stretch-perl/Dockerfile | 8 ++++---- stable/stretch/Dockerfile | 8 ++++---- 4 files changed, 16 insertions(+), 16 deletions(-) diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index 7065ba3b..16976486 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -7,7 +7,7 @@ ENV NJS_VERSION 1.13.8.0.1.15-1~stretch RUN set -x \ && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 \ + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ found=''; \ @@ -34,13 +34,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|i386) \ # arches officialy built by upstream - echo "deb http://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list \ + echo "deb https://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src http://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list \ + echo "deb-src https://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ @@ -81,7 +81,7 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y \ $nginxPackages \ gettext-base \ - && rm -rf /var/lib/apt/lists/* \ + && apt-get remove --purge --auto-remove -y apt-transport-https ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list/nginx.list \ \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index d3819862..d94728e7 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -7,7 +7,7 @@ ENV NJS_VERSION 1.13.8.0.1.15-1~stretch RUN set -x \ && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 \ + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ found=''; \ @@ -33,13 +33,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|i386) \ # arches officialy built by upstream - echo "deb http://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list \ + echo "deb https://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src http://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list \ + echo "deb-src https://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ @@ -80,7 +80,7 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y \ $nginxPackages \ gettext-base \ - && rm -rf /var/lib/apt/lists/* \ + && apt-get remove --purge --auto-remove -y apt-transport-https ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list/nginx.list \ \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then \ diff --git a/stable/stretch-perl/Dockerfile b/stable/stretch-perl/Dockerfile index 6f3a3246..543e4c03 100644 --- a/stable/stretch-perl/Dockerfile +++ b/stable/stretch-perl/Dockerfile @@ -7,7 +7,7 @@ ENV NJS_VERSION 1.12.2.0.1.14-1~stretch RUN set -x \ && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 \ + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ found=''; \ @@ -34,13 +34,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|i386) \ # arches officialy built by upstream - echo "deb http://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list \ + echo "deb https://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src http://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list \ + echo "deb-src https://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ @@ -81,7 +81,7 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y \ $nginxPackages \ gettext-base \ - && rm -rf /var/lib/apt/lists/* \ + && apt-get remove --purge --auto-remove -y apt-transport-https ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then \ diff --git a/stable/stretch/Dockerfile b/stable/stretch/Dockerfile index f147713f..a0c490c0 100644 --- a/stable/stretch/Dockerfile +++ b/stable/stretch/Dockerfile @@ -7,7 +7,7 @@ ENV NJS_VERSION 1.12.2.0.1.14-1~stretch RUN set -x \ && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 \ + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ found=''; \ @@ -33,13 +33,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|i386) \ # arches officialy built by upstream - echo "deb http://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list \ + echo "deb https://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src http://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list \ + echo "deb-src https://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ @@ -80,7 +80,7 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y \ $nginxPackages \ gettext-base \ - && rm -rf /var/lib/apt/lists/* \ + && apt-get remove --purge --auto-remove -y apt-transport-https ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then \ From 80d4df4c9dac780f8906c96928fac484c6559b20 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Tue, 16 Jan 2018 15:17:02 -0800 Subject: [PATCH 071/377] Update Alpine to 3.7 (for multiarch support) This also adds an appropriate "Architectures" value to "generate-stackbrew-library.sh". Signed-off-by: Konstantin Pavlov --- generate-stackbrew-library.sh | 3 +-- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- 5 files changed, 5 insertions(+), 6 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 73418f82..69e7695e 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -91,11 +91,10 @@ for version in "${versions[@]}"; do variantAliases=( "${versionAliases[@]/%/-$variant}" ) variantAliases=( "${variantAliases[@]//latest-/}" ) - # TODO Architectures once https://github.com/gliderlabs/docker-alpine/issues/304 is resolved - echo cat <<-EOE Tags: $(join ', ' "${variantAliases[@]}") + Architectures: amd64, arm32v6, arm64v8, i386, ppc64le, s390x GitCommit: $commit Directory: $version/$variant EOE diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index df9ff81b..ff3e4459 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.5 +FROM alpine:3.7 LABEL maintainer="NGINX Docker Maintainers " diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 5d855f16..cf12377b 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.5 +FROM alpine:3.7 LABEL maintainer="NGINX Docker Maintainers " diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 2d7c51c6..46153dda 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.5 +FROM alpine:3.7 LABEL maintainer="NGINX Docker Maintainers " diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 75c868a4..85017ebb 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.5 +FROM alpine:3.7 LABEL maintainer="NGINX Docker Maintainers " From 5ea0da17f5d3c4f569afab90d4d16acf2dfae1d4 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Jan 2018 14:47:46 +0300 Subject: [PATCH 072/377] Fixed typo. --- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index 16976486..c4f8618a 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -40,7 +40,7 @@ RUN set -x \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list/nginx.list \ + echo "deb-src https://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ @@ -81,7 +81,7 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y \ $nginxPackages \ gettext-base \ - && apt-get remove --purge --auto-remove -y apt-transport-https ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list/nginx.list \ + && apt-get remove --purge --auto-remove -y apt-transport-https ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index d94728e7..1947e049 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -39,7 +39,7 @@ RUN set -x \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list/nginx.list \ + echo "deb-src https://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ @@ -80,7 +80,7 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y \ $nginxPackages \ gettext-base \ - && apt-get remove --purge --auto-remove -y apt-transport-https ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list/nginx.list \ + && apt-get remove --purge --auto-remove -y apt-transport-https ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then \ From dbd053d52727bc8db0fec704caa22b8e0d5f6c84 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 20 Feb 2018 18:27:16 +0300 Subject: [PATCH 073/377] Updated mainline nginx to 1.13.9. --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index ff3e4459..b902744a 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.7 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.13.8 +ENV NGINX_VERSION 1.13.9 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index cf12377b..249b38b6 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.7 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.13.8 +ENV NGINX_VERSION 1.13.9 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index c4f8618a..afb7a65a 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.13.8-1~stretch -ENV NJS_VERSION 1.13.8.0.1.15-1~stretch +ENV NGINX_VERSION 1.13.9-1~stretch +ENV NJS_VERSION 1.13.9.0.1.15-1~stretch RUN set -x \ && apt-get update \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index 1947e049..4bbed710 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.13.8-1~stretch -ENV NJS_VERSION 1.13.8.0.1.15-1~stretch +ENV NGINX_VERSION 1.13.9-1~stretch +ENV NJS_VERSION 1.13.9.0.1.15-1~stretch RUN set -x \ && apt-get update \ From 491f994f1a97a002745a6d19eff343e14b149321 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 21 Feb 2018 11:42:31 -0800 Subject: [PATCH 074/377] Add "-f" to GNUPGHOME deletions (helps avoid a GnuPG 2.x race condition) This is the race condition that has been plaguing the official build for the past many hours, and we've found that adding "-f" helps mitigate it (doesn't completely eliminate it, but it's a dramatic improvement in the successful build ratio). --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index b902744a..30ff381f 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -82,7 +82,7 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \ gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \ - && rm -r "$GNUPGHOME" nginx.tar.gz.asc \ + && rm -rf "$GNUPGHOME" nginx.tar.gz.asc \ && mkdir -p /usr/src \ && tar -zxC /usr/src -f nginx.tar.gz \ && rm nginx.tar.gz \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 249b38b6..020ff444 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -80,7 +80,7 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \ gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \ - && rm -r "$GNUPGHOME" nginx.tar.gz.asc \ + && rm -rf "$GNUPGHOME" nginx.tar.gz.asc \ && mkdir -p /usr/src \ && tar -zxC /usr/src -f nginx.tar.gz \ && rm nginx.tar.gz \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 46153dda..33131599 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -82,7 +82,7 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \ gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \ - && rm -r "$GNUPGHOME" nginx.tar.gz.asc \ + && rm -rf "$GNUPGHOME" nginx.tar.gz.asc \ && mkdir -p /usr/src \ && tar -zxC /usr/src -f nginx.tar.gz \ && rm nginx.tar.gz \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 85017ebb..781c7ed9 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -80,7 +80,7 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \ gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \ - && rm -r "$GNUPGHOME" nginx.tar.gz.asc \ + && rm -rf "$GNUPGHOME" nginx.tar.gz.asc \ && mkdir -p /usr/src \ && tar -zxC /usr/src -f nginx.tar.gz \ && rm nginx.tar.gz \ From 4f5bae5928baee89433ecb20a50283546f217dfa Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 21 Mar 2018 12:10:08 +0300 Subject: [PATCH 075/377] Updated mainline nginx to 1.13.10. --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 30ff381f..c0302352 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.7 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.13.9 +ENV NGINX_VERSION 1.13.10 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 020ff444..ba03b2b5 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.7 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.13.9 +ENV NGINX_VERSION 1.13.10 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index afb7a65a..1be75a46 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.13.9-1~stretch -ENV NJS_VERSION 1.13.9.0.1.15-1~stretch +ENV NGINX_VERSION 1.13.10-1~stretch +ENV NJS_VERSION 1.13.10.0.1.15-1~stretch RUN set -x \ && apt-get update \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index 4bbed710..ba5b7bbf 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.13.9-1~stretch -ENV NJS_VERSION 1.13.9.0.1.15-1~stretch +ENV NGINX_VERSION 1.13.10-1~stretch +ENV NJS_VERSION 1.13.10.0.1.15-1~stretch RUN set -x \ && apt-get update \ From 43943f766ed3ee0b5278e58c5c89895381b1a3b3 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 3 Apr 2018 18:41:56 +0300 Subject: [PATCH 076/377] Updated mainline nginx to 1.13.11 and njs to 0.2.0. --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index c0302352..3f453da9 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.7 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.13.10 +ENV NGINX_VERSION 1.13.11 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index ba03b2b5..dac94911 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.7 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.13.10 +ENV NGINX_VERSION 1.13.11 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index 1be75a46..3593be6b 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.13.10-1~stretch -ENV NJS_VERSION 1.13.10.0.1.15-1~stretch +ENV NGINX_VERSION 1.13.11-1~stretch +ENV NJS_VERSION 1.13.11.0.2.0-1~stretch RUN set -x \ && apt-get update \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index ba5b7bbf..3dc7daa9 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.13.10-1~stretch -ENV NJS_VERSION 1.13.10.0.1.15-1~stretch +ENV NGINX_VERSION 1.13.11-1~stretch +ENV NJS_VERSION 1.13.11.0.2.0-1~stretch RUN set -x \ && apt-get update \ From 590f9ba27d6d11da346440682891bee6694245f5 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 10 Apr 2018 18:06:02 +0300 Subject: [PATCH 077/377] Updated mainline nginx to 1.13.12. --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 3f453da9..5a6cb7ac 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.7 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.13.11 +ENV NGINX_VERSION 1.13.12 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index dac94911..228c8c7b 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.7 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.13.11 +ENV NGINX_VERSION 1.13.12 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index 3593be6b..d951339b 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.13.11-1~stretch -ENV NJS_VERSION 1.13.11.0.2.0-1~stretch +ENV NGINX_VERSION 1.13.12-1~stretch +ENV NJS_VERSION 1.13.12.0.2.0-1~stretch RUN set -x \ && apt-get update \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index 3dc7daa9..e7225eb2 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.13.11-1~stretch -ENV NJS_VERSION 1.13.11.0.2.0-1~stretch +ENV NGINX_VERSION 1.13.12-1~stretch +ENV NJS_VERSION 1.13.12.0.2.0-1~stretch RUN set -x \ && apt-get update \ From d377983a14b214fcae4b8e34357761282aca788f Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 23 Apr 2018 16:59:44 +0300 Subject: [PATCH 078/377] Updated stable nginx to 1.14.0. --- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- stable/stretch-perl/Dockerfile | 4 ++-- stable/stretch/Dockerfile | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 33131599..f5a2d014 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.7 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.12.2 +ENV NGINX_VERSION 1.14.0 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 781c7ed9..83de7060 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.7 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.12.2 +ENV NGINX_VERSION 1.14.0 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/stable/stretch-perl/Dockerfile b/stable/stretch-perl/Dockerfile index 543e4c03..2e262ece 100644 --- a/stable/stretch-perl/Dockerfile +++ b/stable/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.12.2-1~stretch -ENV NJS_VERSION 1.12.2.0.1.14-1~stretch +ENV NGINX_VERSION 1.14.0-1~stretch +ENV NJS_VERSION 1.14.0.0.2.0-1~stretch RUN set -x \ && apt-get update \ diff --git a/stable/stretch/Dockerfile b/stable/stretch/Dockerfile index a0c490c0..a436cf47 100644 --- a/stable/stretch/Dockerfile +++ b/stable/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.12.2-1~stretch -ENV NJS_VERSION 1.12.2.0.1.14-1~stretch +ENV NGINX_VERSION 1.14.0-1~stretch +ENV NJS_VERSION 1.14.0.0.2.0-1~stretch RUN set -x \ && apt-get update \ From 6ca98dd71ec6f1b10566d26a33ab384a9316d8c1 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 8 May 2018 12:15:23 +0300 Subject: [PATCH 079/377] Updated generate-stackbrew-library.sh. --- generate-stackbrew-library.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 69e7695e..4d70a428 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -3,8 +3,8 @@ set -eu declare -A aliases aliases=( - [mainline]='1 1.13 latest' - [stable]='1.12' + [mainline]='1 1.15 latest' + [stable]='1.14' ) self="$(basename "$BASH_SOURCE")" From f603bb3632ea6df0bc9da2179c18eb322c286298 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 5 Jun 2018 18:06:02 +0300 Subject: [PATCH 080/377] Updated mainline nginx to 1.15.0 and njs to 0.2.1. --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 5a6cb7ac..22c88cb3 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.7 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.13.12 +ENV NGINX_VERSION 1.15.0 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 228c8c7b..a7fff63c 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.7 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.13.12 +ENV NGINX_VERSION 1.15.0 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index d951339b..e38624ae 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.13.12-1~stretch -ENV NJS_VERSION 1.13.12.0.2.0-1~stretch +ENV NGINX_VERSION 1.15.0-1~stretch +ENV NJS_VERSION 1.15.0.0.2.1-1~stretch RUN set -x \ && apt-get update \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index e7225eb2..61727aa3 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.13.12-1~stretch -ENV NJS_VERSION 1.13.12.0.2.0-1~stretch +ENV NGINX_VERSION 1.15.0-1~stretch +ENV NJS_VERSION 1.15.0.0.2.1-1~stretch RUN set -x \ && apt-get update \ From e3e35236b2c77e02266955c875b74bdbceb79c44 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 3 Jul 2018 19:04:56 +0300 Subject: [PATCH 081/377] Updated mainline nginx to 1.15.1 and njs to 0.2.2. --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 22c88cb3..1e287ce3 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.7 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.0 +ENV NGINX_VERSION 1.15.1 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index a7fff63c..1f44c09d 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.7 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.0 +ENV NGINX_VERSION 1.15.1 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index e38624ae..f66055c1 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.0-1~stretch -ENV NJS_VERSION 1.15.0.0.2.1-1~stretch +ENV NGINX_VERSION 1.15.1-1~stretch +ENV NJS_VERSION 1.15.1.0.2.2-1~stretch RUN set -x \ && apt-get update \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index 61727aa3..490d6e06 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.0-1~stretch -ENV NJS_VERSION 1.15.0.0.2.1-1~stretch +ENV NGINX_VERSION 1.15.1-1~stretch +ENV NJS_VERSION 1.15.1.0.2.2-1~stretch RUN set -x \ && apt-get update \ From ddbbbdf9c410d105f82aa1b4dbf05c0021c84fd6 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 24 Jul 2018 17:45:56 +0300 Subject: [PATCH 082/377] Updated mainline nginx to 1.15.2. --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 1e287ce3..efeebbf6 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.7 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.1 +ENV NGINX_VERSION 1.15.2 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 1f44c09d..c1b42a5c 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.7 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.1 +ENV NGINX_VERSION 1.15.2 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index f66055c1..7c34189d 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.1-1~stretch -ENV NJS_VERSION 1.15.1.0.2.2-1~stretch +ENV NGINX_VERSION 1.15.2-1~stretch +ENV NJS_VERSION 1.15.2.0.2.2-1~stretch RUN set -x \ && apt-get update \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index 490d6e06..a7b5ce89 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.1-1~stretch -ENV NJS_VERSION 1.15.1.0.2.2-1~stretch +ENV NGINX_VERSION 1.15.2-1~stretch +ENV NJS_VERSION 1.15.2.0.2.2-1~stretch RUN set -x \ && apt-get update \ From 3b108b59619655e3bd4597a059f544afa374b7fb Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 28 Aug 2018 19:34:10 +0300 Subject: [PATCH 083/377] Updated mainline nginx to 1.15.3 and njs to 0.2.3. --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index efeebbf6..f201b0c2 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.7 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.2 +ENV NGINX_VERSION 1.15.3 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index c1b42a5c..2afc41fd 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.7 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.2 +ENV NGINX_VERSION 1.15.3 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index 7c34189d..31528e9f 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.2-1~stretch -ENV NJS_VERSION 1.15.2.0.2.2-1~stretch +ENV NGINX_VERSION 1.15.3-1~stretch +ENV NJS_VERSION 1.15.3.0.2.3-1~stretch RUN set -x \ && apt-get update \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index a7b5ce89..2aa0975c 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.2-1~stretch -ENV NJS_VERSION 1.15.2.0.2.2-1~stretch +ENV NGINX_VERSION 1.15.3-1~stretch +ENV NJS_VERSION 1.15.3.0.2.3-1~stretch RUN set -x \ && apt-get update \ From f3fc4d5753f0ebb9107738183b9c5cea1bf3f618 Mon Sep 17 00:00:00 2001 From: Clemens Buchacher Date: Fri, 14 Sep 2018 09:08:32 +0200 Subject: [PATCH 084/377] downgrade to gnupg1 The build sometimes fails to remove the `S.gpg-agent.extra` unix domain socket when it deletes the temporary GNUPGHOME directory after running gpg commands. rm: can't remove '/tmp/tmp.hBDCKF/S.gpg-agent.extra': No such file or directory The previous gpg --recv-keys command starts the gpg-agent. The gpg-agent connects to the following sockets and does not terminate on its own. / # netstat -x -a -p Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node PID/Program name Path unix 2 [ ACC ] STREAM LISTENING 8627378 17/dirmngr /root/.gnupg/S.dirmngr unix 2 [ ACC ] STREAM LISTENING 8625135 21/gpg-agent /root/.gnupg/S.gpg-agent unix 2 [ ACC ] STREAM LISTENING 8625136 21/gpg-agent /root/.gnupg/S.gpg-agent.extra unix 2 [ ACC ] STREAM LISTENING 8625137 21/gpg-agent /root/.gnupg/S.gpg-agent.browser unix 2 [ ACC ] STREAM LISTENING 8625138 21/gpg-agent /root/.gnupg/S.gpg-agent.ssh If one of the sockets is removed, then the agent terminates and removes the other sockets as well. This causes a race condition between `rm -rf $GNUPGHOME` and gpg-agent. If gpg-agent manages to remove the sockets first, then `rm` fails while trying to remove the same socket. Move to gnupg1 in alpine just like we do for stretch. Gnupg version 1 does not launch a GPG agent. It is not possible to disable gpg-agent in gnupg version 2. (cherry picked from commit 684e1c634b56694633402c34e73b0cbc500b8d0e) Signed-off-by: Konstantin Pavlov --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index f201b0c2..30997c4f 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -62,7 +62,7 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ zlib-dev \ linux-headers \ curl \ - gnupg \ + gnupg1 \ libxslt-dev \ gd-dev \ geoip-dev \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 2afc41fd..a3dcbbd1 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -61,7 +61,7 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ zlib-dev \ linux-headers \ curl \ - gnupg \ + gnupg1 \ libxslt-dev \ gd-dev \ geoip-dev \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index f5a2d014..efa664e1 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -62,7 +62,7 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ zlib-dev \ linux-headers \ curl \ - gnupg \ + gnupg1 \ libxslt-dev \ gd-dev \ geoip-dev \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 83de7060..9dc45b6d 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -61,7 +61,7 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ zlib-dev \ linux-headers \ curl \ - gnupg \ + gnupg1 \ libxslt-dev \ gd-dev \ geoip-dev \ From 866b071f099f96898563f9a003c2dbb03bb90339 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 25 Sep 2018 19:18:17 +0300 Subject: [PATCH 085/377] Updated mainline nginx to 1.15.4 and njs to 0.2.4. --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 30997c4f..0f5e43f8 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.7 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.3 +ENV NGINX_VERSION 1.15.4 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index a3dcbbd1..41bf64ac 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.7 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.3 +ENV NGINX_VERSION 1.15.4 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index 31528e9f..cc0f9f84 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.3-1~stretch -ENV NJS_VERSION 1.15.3.0.2.3-1~stretch +ENV NGINX_VERSION 1.15.4-1~stretch +ENV NJS_VERSION 1.15.4.0.2.4-1~stretch RUN set -x \ && apt-get update \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index 2aa0975c..66793262 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.3-1~stretch -ENV NJS_VERSION 1.15.3.0.2.3-1~stretch +ENV NGINX_VERSION 1.15.4-1~stretch +ENV NJS_VERSION 1.15.4.0.2.4-1~stretch RUN set -x \ && apt-get update \ From 3c446adddf7b04e877d5c5191b151c794c74bb58 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 25 Sep 2018 19:19:07 +0300 Subject: [PATCH 086/377] Update Alpine to 3.8. --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 0f5e43f8..f739e899 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.7 +FROM alpine:3.8 LABEL maintainer="NGINX Docker Maintainers " diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 41bf64ac..42450325 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.7 +FROM alpine:3.8 LABEL maintainer="NGINX Docker Maintainers " diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index efa664e1..647d9891 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.7 +FROM alpine:3.8 LABEL maintainer="NGINX Docker Maintainers " diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 9dc45b6d..579707f2 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.7 +FROM alpine:3.8 LABEL maintainer="NGINX Docker Maintainers " From a22b9f46fe3a586b02d974f64441a4c07215dc5d Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 2 Oct 2018 19:17:50 +0300 Subject: [PATCH 087/377] Updated mainline nginx to 1.15.5. --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index f739e899..2ee0e5af 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.8 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.4 +ENV NGINX_VERSION 1.15.5 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 42450325..112b81d2 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.8 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.4 +ENV NGINX_VERSION 1.15.5 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index cc0f9f84..b51915cb 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.4-1~stretch -ENV NJS_VERSION 1.15.4.0.2.4-1~stretch +ENV NGINX_VERSION 1.15.5-1~stretch +ENV NJS_VERSION 1.15.5.0.2.4-1~stretch RUN set -x \ && apt-get update \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index 66793262..f21be866 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.4-1~stretch -ENV NJS_VERSION 1.15.4.0.2.4-1~stretch +ENV NGINX_VERSION 1.15.5-1~stretch +ENV NJS_VERSION 1.15.5.0.2.4-1~stretch RUN set -x \ && apt-get update \ From f4d30145c60c433966df96f618d78513fee9d322 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 6 Nov 2018 18:37:40 +0300 Subject: [PATCH 088/377] Updated mainline nginx to 1.15.6, stable to 1.14.1 and njs to 0.2.5. --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- stable/stretch-perl/Dockerfile | 4 ++-- stable/stretch/Dockerfile | 4 ++-- 8 files changed, 12 insertions(+), 12 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 2ee0e5af..8ee95288 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.8 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.5 +ENV NGINX_VERSION 1.15.6 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 112b81d2..6082f139 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.8 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.5 +ENV NGINX_VERSION 1.15.6 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index b51915cb..df976345 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.5-1~stretch -ENV NJS_VERSION 1.15.5.0.2.4-1~stretch +ENV NGINX_VERSION 1.15.6-1~stretch +ENV NJS_VERSION 1.15.6.0.2.5-1~stretch RUN set -x \ && apt-get update \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index f21be866..dfe575ec 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.5-1~stretch -ENV NJS_VERSION 1.15.5.0.2.4-1~stretch +ENV NGINX_VERSION 1.15.6-1~stretch +ENV NJS_VERSION 1.15.6.0.2.5-1~stretch RUN set -x \ && apt-get update \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 647d9891..cdbfb6e5 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.8 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.14.0 +ENV NGINX_VERSION 1.14.1 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 579707f2..488980b3 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.8 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.14.0 +ENV NGINX_VERSION 1.14.1 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/stable/stretch-perl/Dockerfile b/stable/stretch-perl/Dockerfile index 2e262ece..7895437d 100644 --- a/stable/stretch-perl/Dockerfile +++ b/stable/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.14.0-1~stretch -ENV NJS_VERSION 1.14.0.0.2.0-1~stretch +ENV NGINX_VERSION 1.14.1-1~stretch +ENV NJS_VERSION 1.14.1.0.2.5-1~stretch RUN set -x \ && apt-get update \ diff --git a/stable/stretch/Dockerfile b/stable/stretch/Dockerfile index a436cf47..3a0ceb3b 100644 --- a/stable/stretch/Dockerfile +++ b/stable/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.14.0-1~stretch -ENV NJS_VERSION 1.14.0.0.2.0-1~stretch +ENV NGINX_VERSION 1.14.1-1~stretch +ENV NJS_VERSION 1.14.1.0.2.5-1~stretch RUN set -x \ && apt-get update \ From 1fe92b86a3c3a6482c54a0858d1fcb22e591279f Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 27 Nov 2018 19:20:17 +0300 Subject: [PATCH 089/377] Updated mainline nginx to 1.15.7 and njs to 0.2.6. --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 8ee95288..e2e73e51 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.8 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.6 +ENV NGINX_VERSION 1.15.7 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 6082f139..614ef3de 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.8 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.6 +ENV NGINX_VERSION 1.15.7 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index df976345..edc26c05 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.6-1~stretch -ENV NJS_VERSION 1.15.6.0.2.5-1~stretch +ENV NGINX_VERSION 1.15.7-1~stretch +ENV NJS_VERSION 1.15.7.0.2.6-1~stretch RUN set -x \ && apt-get update \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index dfe575ec..4be26e81 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.6-1~stretch -ENV NJS_VERSION 1.15.6.0.2.5-1~stretch +ENV NGINX_VERSION 1.15.7-1~stretch +ENV NJS_VERSION 1.15.7.0.2.6-1~stretch RUN set -x \ && apt-get update \ From b71469ab815f580ba0ad658a32e91c86f8565ed4 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 5 Dec 2018 13:02:50 +0300 Subject: [PATCH 090/377] Updated stable nginx to 1.14.2 and njs to 0.2.6. --- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- stable/stretch-perl/Dockerfile | 4 ++-- stable/stretch/Dockerfile | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index cdbfb6e5..17cf6e0a 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.8 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.14.1 +ENV NGINX_VERSION 1.14.2 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 488980b3..5945a4a7 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.8 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.14.1 +ENV NGINX_VERSION 1.14.2 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/stable/stretch-perl/Dockerfile b/stable/stretch-perl/Dockerfile index 7895437d..05cf5697 100644 --- a/stable/stretch-perl/Dockerfile +++ b/stable/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.14.1-1~stretch -ENV NJS_VERSION 1.14.1.0.2.5-1~stretch +ENV NGINX_VERSION 1.14.2-1~stretch +ENV NJS_VERSION 1.14.2.0.2.6-1~stretch RUN set -x \ && apt-get update \ diff --git a/stable/stretch/Dockerfile b/stable/stretch/Dockerfile index 3a0ceb3b..097b04b9 100644 --- a/stable/stretch/Dockerfile +++ b/stable/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.14.1-1~stretch -ENV NJS_VERSION 1.14.1.0.2.5-1~stretch +ENV NGINX_VERSION 1.14.2-1~stretch +ENV NJS_VERSION 1.14.2.0.2.6-1~stretch RUN set -x \ && apt-get update \ From baa050df601b5e798431a9db458e16f53b1031f6 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 25 Dec 2018 20:47:18 +0300 Subject: [PATCH 091/377] Updated mainline nginx to 1.15.8 and njs to 0.2.7. --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index e2e73e51..58c62c0f 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.8 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.7 +ENV NGINX_VERSION 1.15.8 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 614ef3de..771d5b0c 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.8 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.7 +ENV NGINX_VERSION 1.15.8 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index edc26c05..156f343f 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.7-1~stretch -ENV NJS_VERSION 1.15.7.0.2.6-1~stretch +ENV NGINX_VERSION 1.15.8-1~stretch +ENV NJS_VERSION 1.15.8.0.2.7-1~stretch RUN set -x \ && apt-get update \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index 4be26e81..09e2d842 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.7-1~stretch -ENV NJS_VERSION 1.15.7.0.2.6-1~stretch +ENV NGINX_VERSION 1.15.8-1~stretch +ENV NJS_VERSION 1.15.8.0.2.7-1~stretch RUN set -x \ && apt-get update \ From 2364fdc54af554d28ef95b7be381677d10987986 Mon Sep 17 00:00:00 2001 From: J0WI Date: Wed, 30 Jan 2019 00:49:37 +0100 Subject: [PATCH 092/377] Update to Alpine 3.9 (cherry picked from commit 420928130ec092ae5ccef16863813604b1b1eb37) Signed-off-by: Konstantin Pavlov --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 58c62c0f..1e675dff 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.8 +FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 771d5b0c..4b008278 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.8 +FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 17cf6e0a..c952e56c 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.8 +FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 5945a4a7..7a7ded45 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.8 +FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " From 7890fc2342613e6669ad83ceead9c81136d2cc0a Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 27 Feb 2019 13:45:42 +0300 Subject: [PATCH 093/377] Updated mainline nginx to 1.15.9 and njs to 0.2.8 --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 1e675dff..4c299989 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.8 +ENV NGINX_VERSION 1.15.9 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 4b008278..ea42632a 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.8 +ENV NGINX_VERSION 1.15.9 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index 156f343f..a5f77e77 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.8-1~stretch -ENV NJS_VERSION 1.15.8.0.2.7-1~stretch +ENV NGINX_VERSION 1.15.9-1~stretch +ENV NJS_VERSION 1.15.9.0.2.8-1~stretch RUN set -x \ && apt-get update \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index 09e2d842..1fbd3f82 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.8-1~stretch -ENV NJS_VERSION 1.15.8.0.2.7-1~stretch +ENV NGINX_VERSION 1.15.9-1~stretch +ENV NJS_VERSION 1.15.9.0.2.8-1~stretch RUN set -x \ && apt-get update \ From 97b65112180e0c7764465aa47a974fc7af3c99ae Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 26 Mar 2019 18:57:47 +0300 Subject: [PATCH 094/377] Updated mainline nginx to 1.15.10 and njs to 0.3.0 --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 4c299989..b57cdebe 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.9 +ENV NGINX_VERSION 1.15.10 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index ea42632a..cb254b51 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.9 +ENV NGINX_VERSION 1.15.10 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index a5f77e77..de02aceb 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.9-1~stretch -ENV NJS_VERSION 1.15.9.0.2.8-1~stretch +ENV NGINX_VERSION 1.15.10-1~stretch +ENV NJS_VERSION 1.15.10.0.3.0-1~stretch RUN set -x \ && apt-get update \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index 1fbd3f82..01b69df9 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.9-1~stretch -ENV NJS_VERSION 1.15.9.0.2.8-1~stretch +ENV NGINX_VERSION 1.15.10-1~stretch +ENV NJS_VERSION 1.15.10.0.3.0-1~stretch RUN set -x \ && apt-get update \ From 7d7c67f2eaa6b2b32c718ba9d93f152870513c7c Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 9 Apr 2019 17:54:11 +0300 Subject: [PATCH 095/377] Updated mainline nginx to 1.15.11 --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index b57cdebe..5c1731dd 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.10 +ENV NGINX_VERSION 1.15.11 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index cb254b51..956b0004 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.10 +ENV NGINX_VERSION 1.15.11 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index de02aceb..5fca7ddd 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.10-1~stretch -ENV NJS_VERSION 1.15.10.0.3.0-1~stretch +ENV NGINX_VERSION 1.15.11-1~stretch +ENV NJS_VERSION 1.15.11.0.3.0-1~stretch RUN set -x \ && apt-get update \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index 01b69df9..b7002d8b 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.10-1~stretch -ENV NJS_VERSION 1.15.10.0.3.0-1~stretch +ENV NGINX_VERSION 1.15.11-1~stretch +ENV NJS_VERSION 1.15.11.0.3.0-1~stretch RUN set -x \ && apt-get update \ From e5123eea0d29c8d13df17d782f15679458ff899e Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 16 Apr 2019 19:25:41 +0300 Subject: [PATCH 096/377] Updated mainline nginx to 1.15.12 and njs to 0.3.1 --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 5c1731dd..24b56bf3 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.11 +ENV NGINX_VERSION 1.15.12 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 956b0004..7b9f3a3e 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.11 +ENV NGINX_VERSION 1.15.12 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index 5fca7ddd..07270881 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.11-1~stretch -ENV NJS_VERSION 1.15.11.0.3.0-1~stretch +ENV NGINX_VERSION 1.15.12-1~stretch +ENV NJS_VERSION 1.15.12.0.3.1-1~stretch RUN set -x \ && apt-get update \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index b7002d8b..9c54b75e 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.11-1~stretch -ENV NJS_VERSION 1.15.11.0.3.0-1~stretch +ENV NGINX_VERSION 1.15.12-1~stretch +ENV NJS_VERSION 1.15.12.0.3.1-1~stretch RUN set -x \ && apt-get update \ From 0501f0b73fd7fbfb139d1e98a7fd3b63426b16a1 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 11 Mar 2019 17:46:56 +0300 Subject: [PATCH 097/377] alpine: use nginx.org-provided packages. For the architectures unavailable on nginx.org, build from the official packaging sources. Also adds njs. --- mainline/alpine-perl/Dockerfile | 242 +++++++++----------- mainline/alpine-perl/nginx.conf | 32 --- mainline/alpine-perl/nginx.vh.default.conf | 45 ---- mainline/alpine/Dockerfile | 236 +++++++++----------- mainline/alpine/nginx.conf | 32 --- mainline/alpine/nginx.vh.default.conf | 45 ---- stable/alpine-perl/Dockerfile | 244 +++++++++------------ stable/alpine-perl/nginx.conf | 32 --- stable/alpine-perl/nginx.vh.default.conf | 45 ---- stable/alpine/Dockerfile | 238 +++++++++----------- stable/alpine/nginx.conf | 32 --- stable/alpine/nginx.vh.default.conf | 45 ---- 12 files changed, 414 insertions(+), 854 deletions(-) delete mode 100644 mainline/alpine-perl/nginx.conf delete mode 100644 mainline/alpine-perl/nginx.vh.default.conf delete mode 100644 mainline/alpine/nginx.conf delete mode 100644 mainline/alpine/nginx.vh.default.conf delete mode 100644 stable/alpine-perl/nginx.conf delete mode 100644 stable/alpine-perl/nginx.vh.default.conf delete mode 100644 stable/alpine/nginx.conf delete mode 100644 stable/alpine/nginx.vh.default.conf diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 24b56bf3..3d577de3 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,146 +3,110 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.15.12 +ENV NJS_VERSION 1.15.12.0.3.1 +ENV PKG_RELEASE 1 -RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ - && CONFIG="\ - --prefix=/etc/nginx \ - --sbin-path=/usr/sbin/nginx \ - --modules-path=/usr/lib/nginx/modules \ - --conf-path=/etc/nginx/nginx.conf \ - --error-log-path=/var/log/nginx/error.log \ - --http-log-path=/var/log/nginx/access.log \ - --pid-path=/var/run/nginx.pid \ - --lock-path=/var/run/nginx.lock \ - --http-client-body-temp-path=/var/cache/nginx/client_temp \ - --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ - --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ - --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ - --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ - --user=nginx \ - --group=nginx \ - --with-http_ssl_module \ - --with-http_realip_module \ - --with-http_addition_module \ - --with-http_sub_module \ - --with-http_dav_module \ - --with-http_flv_module \ - --with-http_mp4_module \ - --with-http_gunzip_module \ - --with-http_gzip_static_module \ - --with-http_random_index_module \ - --with-http_secure_link_module \ - --with-http_stub_status_module \ - --with-http_auth_request_module \ - --with-http_xslt_module=dynamic \ - --with-http_image_filter_module=dynamic \ - --with-http_geoip_module=dynamic \ - --with-http_perl_module=dynamic \ - --with-threads \ - --with-stream \ - --with-stream_ssl_module \ - --with-stream_ssl_preread_module \ - --with-stream_realip_module \ - --with-stream_geoip_module=dynamic \ - --with-http_slice_module \ - --with-mail \ - --with-mail_ssl_module \ - --with-compat \ - --with-file-aio \ - --with-http_v2_module \ - " \ - && addgroup -S nginx \ - && adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \ - && apk add --no-cache --virtual .build-deps \ - gcc \ - libc-dev \ - make \ - openssl-dev \ - pcre-dev \ - zlib-dev \ - linux-headers \ - curl \ - gnupg1 \ - libxslt-dev \ - gd-dev \ - geoip-dev \ - perl-dev \ - && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ - && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ - && export GNUPGHOME="$(mktemp -d)" \ - && found=''; \ - for server in \ - ha.pool.sks-keyservers.net \ - hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $GPG_KEYS from $server"; \ - gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \ - gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \ - && rm -rf "$GNUPGHOME" nginx.tar.gz.asc \ - && mkdir -p /usr/src \ - && tar -zxC /usr/src -f nginx.tar.gz \ - && rm nginx.tar.gz \ - && cd /usr/src/nginx-$NGINX_VERSION \ - && ./configure $CONFIG --with-debug \ - && make -j$(getconf _NPROCESSORS_ONLN) \ - && mv objs/nginx objs/nginx-debug \ - && mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \ - && mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \ - && mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \ - && mv objs/ngx_http_perl_module.so objs/ngx_http_perl_module-debug.so \ - && mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so \ - && ./configure $CONFIG \ - && make -j$(getconf _NPROCESSORS_ONLN) \ - && make install \ - && rm -rf /etc/nginx/html/ \ - && mkdir /etc/nginx/conf.d/ \ - && mkdir -p /usr/share/nginx/html/ \ - && install -m644 html/index.html /usr/share/nginx/html/ \ - && install -m644 html/50x.html /usr/share/nginx/html/ \ - && install -m755 objs/nginx-debug /usr/sbin/nginx-debug \ - && install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so \ - && install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \ - && install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so \ - && install -m755 objs/ngx_http_perl_module-debug.so /usr/lib/nginx/modules/ngx_http_perl_module-debug.so \ - && install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so \ - && ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \ - && strip /usr/sbin/nginx* \ - && strip /usr/lib/nginx/modules/*.so \ - && rm -rf /usr/src/nginx-$NGINX_VERSION \ - \ - # Bring in gettext so we can get `envsubst`, then throw - # the rest away. To do this, we need to install `gettext` - # then move `envsubst` out of the way so `gettext` can - # be deleted completely, then move `envsubst` back. - && apk add --no-cache --virtual .gettext gettext \ - && mv /usr/bin/envsubst /tmp/ \ - \ - && runDeps="$( \ - scanelf --needed --nobanner /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \ - | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ - | sort -u \ - | xargs -r apk info --installed \ - | sort -u \ - )" \ - && apk add --no-cache --virtual .nginx-rundeps $runDeps \ - && apk del .build-deps \ - && apk del .gettext \ - && mv /tmp/envsubst /usr/local/bin/ \ - \ - # Bring in tzdata so users could set the timezones through the environment - # variables - && apk add --no-cache tzdata \ - \ - # forward request and error logs to docker log collector - && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log - -COPY nginx.conf /etc/nginx/nginx.conf -COPY nginx.vh.default.conf /etc/nginx/conf.d/default.conf +RUN set -x \ + && apkArch="$(cat /etc/apk/arch)" \ + && nginxPackages=" \ + nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-perl=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NJS_VERSION}-r${PKG_RELEASE} \ + " \ + && case "$apkArch" in \ + x86_64) \ +# arches officially built by upstream + set -x \ + && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && apk add --no-cache --virtual .cert-deps \ + openssl curl ca-certificates \ + && curl -o /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ + && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + echo "key verification succeeded!"; \ + mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ + else \ + echo "key verification failed!"; \ + exit 1; \ + fi \ + && printf "%s%s%s\n" \ + "http://nginx.org/packages/mainline/alpine/v" \ + `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \ + "/main" \ + | tee -a /etc/apk/repositories \ + && apk del .cert-deps \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published packaging sources + set -x \ + && tempDir="$(mktemp -d)" \ + && chown nobody:nobody $tempDir \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre-dev \ + zlib-dev \ + linux-headers \ + libxslt-dev \ + gd-dev \ + geoip-dev \ + perl-dev \ + libedit-dev \ + mercurial \ + bash \ + alpine-sdk \ + findutils \ + && su - nobody -s /bin/sh -c " \ + export HOME=${tempDir} \ + && cd ${tempDir} \ + && hg clone https://hg.nginx.org/pkg-oss \ + && cd pkg-oss \ + && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ + && cd alpine \ + && make all \ + && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ + " \ + && echo "${tempDir}/packages/alpine/" >> /etc/apk/repositories \ + && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ + && apk del .build-deps \ + ;; \ + esac \ + && apk add --no-cache $nginxPackages \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ +# remove the last line with the packages repos in the repositories file + && sed -i '$ d' /etc/apk/repositories \ +# Bring in gettext so we can get `envsubst`, then throw +# the rest away. To do this, we need to install `gettext` +# then move `envsubst` out of the way so `gettext` can +# be deleted completely, then move `envsubst` back. + && apk add --no-cache --virtual .gettext gettext \ + && mv /usr/bin/envsubst /tmp/ \ + \ + && runDeps="$( \ + scanelf --needed --nobanner /tmp/envsubst \ + | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ + | sort -u \ + | xargs -r apk info --installed \ + | sort -u \ + )" \ + && apk add --no-cache $runDeps \ + && apk del .gettext \ + && mv /tmp/envsubst /usr/local/bin/ \ +# Bring in tzdata so users could set the timezones through the environment +# variables + && apk add --no-cache tzdata \ +# forward request and error logs to docker log collector + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log EXPOSE 80 diff --git a/mainline/alpine-perl/nginx.conf b/mainline/alpine-perl/nginx.conf deleted file mode 100644 index e4bad8db..00000000 --- a/mainline/alpine-perl/nginx.conf +++ /dev/null @@ -1,32 +0,0 @@ - -user nginx; -worker_processes 1; - -error_log /var/log/nginx/error.log warn; -pid /var/run/nginx.pid; - - -events { - worker_connections 1024; -} - - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - #gzip on; - - include /etc/nginx/conf.d/*.conf; -} diff --git a/mainline/alpine-perl/nginx.vh.default.conf b/mainline/alpine-perl/nginx.vh.default.conf deleted file mode 100644 index 299c622a..00000000 --- a/mainline/alpine-perl/nginx.vh.default.conf +++ /dev/null @@ -1,45 +0,0 @@ -server { - listen 80; - server_name localhost; - - #charset koi8-r; - #access_log /var/log/nginx/host.access.log main; - - location / { - root /usr/share/nginx/html; - index index.html index.htm; - } - - #error_page 404 /404.html; - - # redirect server error pages to the static page /50x.html - # - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } - - # proxy the PHP scripts to Apache listening on 127.0.0.1:80 - # - #location ~ \.php$ { - # proxy_pass http://127.0.0.1; - #} - - # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 - # - #location ~ \.php$ { - # root html; - # fastcgi_pass 127.0.0.1:9000; - # fastcgi_index index.php; - # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; - # include fastcgi_params; - #} - - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - # - #location ~ /\.ht { - # deny all; - #} -} - diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 7b9f3a3e..bee9f5d8 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,141 +3,109 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.15.12 +ENV NJS_VERSION 1.15.12.0.3.1 +ENV PKG_RELEASE 1 -RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ - && CONFIG="\ - --prefix=/etc/nginx \ - --sbin-path=/usr/sbin/nginx \ - --modules-path=/usr/lib/nginx/modules \ - --conf-path=/etc/nginx/nginx.conf \ - --error-log-path=/var/log/nginx/error.log \ - --http-log-path=/var/log/nginx/access.log \ - --pid-path=/var/run/nginx.pid \ - --lock-path=/var/run/nginx.lock \ - --http-client-body-temp-path=/var/cache/nginx/client_temp \ - --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ - --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ - --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ - --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ - --user=nginx \ - --group=nginx \ - --with-http_ssl_module \ - --with-http_realip_module \ - --with-http_addition_module \ - --with-http_sub_module \ - --with-http_dav_module \ - --with-http_flv_module \ - --with-http_mp4_module \ - --with-http_gunzip_module \ - --with-http_gzip_static_module \ - --with-http_random_index_module \ - --with-http_secure_link_module \ - --with-http_stub_status_module \ - --with-http_auth_request_module \ - --with-http_xslt_module=dynamic \ - --with-http_image_filter_module=dynamic \ - --with-http_geoip_module=dynamic \ - --with-threads \ - --with-stream \ - --with-stream_ssl_module \ - --with-stream_ssl_preread_module \ - --with-stream_realip_module \ - --with-stream_geoip_module=dynamic \ - --with-http_slice_module \ - --with-mail \ - --with-mail_ssl_module \ - --with-compat \ - --with-file-aio \ - --with-http_v2_module \ - " \ - && addgroup -S nginx \ - && adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \ - && apk add --no-cache --virtual .build-deps \ - gcc \ - libc-dev \ - make \ - openssl-dev \ - pcre-dev \ - zlib-dev \ - linux-headers \ - curl \ - gnupg1 \ - libxslt-dev \ - gd-dev \ - geoip-dev \ - && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ - && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ - && export GNUPGHOME="$(mktemp -d)" \ - && found=''; \ - for server in \ - ha.pool.sks-keyservers.net \ - hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $GPG_KEYS from $server"; \ - gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \ - gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \ - && rm -rf "$GNUPGHOME" nginx.tar.gz.asc \ - && mkdir -p /usr/src \ - && tar -zxC /usr/src -f nginx.tar.gz \ - && rm nginx.tar.gz \ - && cd /usr/src/nginx-$NGINX_VERSION \ - && ./configure $CONFIG --with-debug \ - && make -j$(getconf _NPROCESSORS_ONLN) \ - && mv objs/nginx objs/nginx-debug \ - && mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \ - && mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \ - && mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \ - && mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so \ - && ./configure $CONFIG \ - && make -j$(getconf _NPROCESSORS_ONLN) \ - && make install \ - && rm -rf /etc/nginx/html/ \ - && mkdir /etc/nginx/conf.d/ \ - && mkdir -p /usr/share/nginx/html/ \ - && install -m644 html/index.html /usr/share/nginx/html/ \ - && install -m644 html/50x.html /usr/share/nginx/html/ \ - && install -m755 objs/nginx-debug /usr/sbin/nginx-debug \ - && install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so \ - && install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \ - && install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so \ - && install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so \ - && ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \ - && strip /usr/sbin/nginx* \ - && strip /usr/lib/nginx/modules/*.so \ - && rm -rf /usr/src/nginx-$NGINX_VERSION \ - \ - # Bring in gettext so we can get `envsubst`, then throw - # the rest away. To do this, we need to install `gettext` - # then move `envsubst` out of the way so `gettext` can - # be deleted completely, then move `envsubst` back. - && apk add --no-cache --virtual .gettext gettext \ - && mv /usr/bin/envsubst /tmp/ \ - \ - && runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )" \ - && apk add --no-cache --virtual .nginx-rundeps $runDeps \ - && apk del .build-deps \ - && apk del .gettext \ - && mv /tmp/envsubst /usr/local/bin/ \ - \ - # Bring in tzdata so users could set the timezones through the environment - # variables - && apk add --no-cache tzdata \ - \ - # forward request and error logs to docker log collector - && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log - -COPY nginx.conf /etc/nginx/nginx.conf -COPY nginx.vh.default.conf /etc/nginx/conf.d/default.conf +RUN set -x \ + && apkArch="$(cat /etc/apk/arch)" \ + && nginxPackages=" \ + nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NJS_VERSION}-r${PKG_RELEASE} \ + " \ + && case "$apkArch" in \ + x86_64) \ +# arches officially built by upstream + set -x \ + && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && apk add --no-cache --virtual .cert-deps \ + openssl curl ca-certificates \ + && curl -o /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ + && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + echo "key verification succeeded!"; \ + mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ + else \ + echo "key verification failed!"; \ + exit 1; \ + fi \ + && printf "%s%s%s\n" \ + "http://nginx.org/packages/mainline/alpine/v" \ + `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \ + "/main" \ + | tee -a /etc/apk/repositories \ + && apk del .cert-deps \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published packaging sources + set -x \ + && tempDir="$(mktemp -d)" \ + && chown nobody:nobody $tempDir \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre-dev \ + zlib-dev \ + linux-headers \ + libxslt-dev \ + gd-dev \ + geoip-dev \ + perl-dev \ + libedit-dev \ + mercurial \ + bash \ + alpine-sdk \ + findutils \ + && su - nobody -s /bin/sh -c " \ + export HOME=${tempDir} \ + && cd ${tempDir} \ + && hg clone https://hg.nginx.org/pkg-oss \ + && cd pkg-oss \ + && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ + && cd alpine \ + && make all \ + && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ + " \ + && echo "${tempDir}/packages/alpine/" >> /etc/apk/repositories \ + && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ + && apk del .build-deps \ + ;; \ + esac \ + && apk add --no-cache $nginxPackages \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ +# remove the last line with the packages repos in the repositories file + && sed -i '$ d' /etc/apk/repositories \ +# Bring in gettext so we can get `envsubst`, then throw +# the rest away. To do this, we need to install `gettext` +# then move `envsubst` out of the way so `gettext` can +# be deleted completely, then move `envsubst` back. + && apk add --no-cache --virtual .gettext gettext \ + && mv /usr/bin/envsubst /tmp/ \ + \ + && runDeps="$( \ + scanelf --needed --nobanner /tmp/envsubst \ + | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ + | sort -u \ + | xargs -r apk info --installed \ + | sort -u \ + )" \ + && apk add --no-cache $runDeps \ + && apk del .gettext \ + && mv /tmp/envsubst /usr/local/bin/ \ +# Bring in tzdata so users could set the timezones through the environment +# variables + && apk add --no-cache tzdata \ +# forward request and error logs to docker log collector + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log EXPOSE 80 diff --git a/mainline/alpine/nginx.conf b/mainline/alpine/nginx.conf deleted file mode 100644 index e4bad8db..00000000 --- a/mainline/alpine/nginx.conf +++ /dev/null @@ -1,32 +0,0 @@ - -user nginx; -worker_processes 1; - -error_log /var/log/nginx/error.log warn; -pid /var/run/nginx.pid; - - -events { - worker_connections 1024; -} - - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - #gzip on; - - include /etc/nginx/conf.d/*.conf; -} diff --git a/mainline/alpine/nginx.vh.default.conf b/mainline/alpine/nginx.vh.default.conf deleted file mode 100644 index 299c622a..00000000 --- a/mainline/alpine/nginx.vh.default.conf +++ /dev/null @@ -1,45 +0,0 @@ -server { - listen 80; - server_name localhost; - - #charset koi8-r; - #access_log /var/log/nginx/host.access.log main; - - location / { - root /usr/share/nginx/html; - index index.html index.htm; - } - - #error_page 404 /404.html; - - # redirect server error pages to the static page /50x.html - # - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } - - # proxy the PHP scripts to Apache listening on 127.0.0.1:80 - # - #location ~ \.php$ { - # proxy_pass http://127.0.0.1; - #} - - # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 - # - #location ~ \.php$ { - # root html; - # fastcgi_pass 127.0.0.1:9000; - # fastcgi_index index.php; - # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; - # include fastcgi_params; - #} - - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - # - #location ~ /\.ht { - # deny all; - #} -} - diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index c952e56c..6a3ec93c 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,146 +3,112 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.14.2 +ENV NJS_VERSION 1.14.2.0.2.7 +ENV PKG_RELEASE 1 -RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ - && CONFIG="\ - --prefix=/etc/nginx \ - --sbin-path=/usr/sbin/nginx \ - --modules-path=/usr/lib/nginx/modules \ - --conf-path=/etc/nginx/nginx.conf \ - --error-log-path=/var/log/nginx/error.log \ - --http-log-path=/var/log/nginx/access.log \ - --pid-path=/var/run/nginx.pid \ - --lock-path=/var/run/nginx.lock \ - --http-client-body-temp-path=/var/cache/nginx/client_temp \ - --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ - --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ - --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ - --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ - --user=nginx \ - --group=nginx \ - --with-http_ssl_module \ - --with-http_realip_module \ - --with-http_addition_module \ - --with-http_sub_module \ - --with-http_dav_module \ - --with-http_flv_module \ - --with-http_mp4_module \ - --with-http_gunzip_module \ - --with-http_gzip_static_module \ - --with-http_random_index_module \ - --with-http_secure_link_module \ - --with-http_stub_status_module \ - --with-http_auth_request_module \ - --with-http_xslt_module=dynamic \ - --with-http_image_filter_module=dynamic \ - --with-http_geoip_module=dynamic \ - --with-http_perl_module=dynamic \ - --with-threads \ - --with-stream \ - --with-stream_ssl_module \ - --with-stream_ssl_preread_module \ - --with-stream_realip_module \ - --with-stream_geoip_module=dynamic \ - --with-http_slice_module \ - --with-mail \ - --with-mail_ssl_module \ - --with-compat \ - --with-file-aio \ - --with-http_v2_module \ - " \ - && addgroup -S nginx \ - && adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \ - && apk add --no-cache --virtual .build-deps \ - gcc \ - libc-dev \ - make \ - openssl-dev \ - pcre-dev \ - zlib-dev \ - linux-headers \ - curl \ - gnupg1 \ - libxslt-dev \ - gd-dev \ - geoip-dev \ - perl-dev \ - && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ - && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ - && export GNUPGHOME="$(mktemp -d)" \ - && found=''; \ - for server in \ - ha.pool.sks-keyservers.net \ - hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $GPG_KEYS from $server"; \ - gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \ - gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \ - && rm -rf "$GNUPGHOME" nginx.tar.gz.asc \ - && mkdir -p /usr/src \ - && tar -zxC /usr/src -f nginx.tar.gz \ - && rm nginx.tar.gz \ - && cd /usr/src/nginx-$NGINX_VERSION \ - && ./configure $CONFIG --with-debug \ - && make -j$(getconf _NPROCESSORS_ONLN) \ - && mv objs/nginx objs/nginx-debug \ - && mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \ - && mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \ - && mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \ - && mv objs/ngx_http_perl_module.so objs/ngx_http_perl_module-debug.so \ - && mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so \ - && ./configure $CONFIG \ - && make -j$(getconf _NPROCESSORS_ONLN) \ - && make install \ - && rm -rf /etc/nginx/html/ \ - && mkdir /etc/nginx/conf.d/ \ - && mkdir -p /usr/share/nginx/html/ \ - && install -m644 html/index.html /usr/share/nginx/html/ \ - && install -m644 html/50x.html /usr/share/nginx/html/ \ - && install -m755 objs/nginx-debug /usr/sbin/nginx-debug \ - && install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so \ - && install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \ - && install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so \ - && install -m755 objs/ngx_http_perl_module-debug.so /usr/lib/nginx/modules/ngx_http_perl_module-debug.so \ - && install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so \ - && ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \ - && strip /usr/sbin/nginx* \ - && strip /usr/lib/nginx/modules/*.so \ - && rm -rf /usr/src/nginx-$NGINX_VERSION \ - \ - # Bring in gettext so we can get `envsubst`, then throw - # the rest away. To do this, we need to install `gettext` - # then move `envsubst` out of the way so `gettext` can - # be deleted completely, then move `envsubst` back. - && apk add --no-cache --virtual .gettext gettext \ - && mv /usr/bin/envsubst /tmp/ \ - \ - && runDeps="$( \ - scanelf --needed --nobanner /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \ - | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ - | sort -u \ - | xargs -r apk info --installed \ - | sort -u \ - )" \ - && apk add --no-cache --virtual .nginx-rundeps $runDeps \ - && apk del .build-deps \ - && apk del .gettext \ - && mv /tmp/envsubst /usr/local/bin/ \ - \ - # Bring in tzdata so users could set the timezones through the environment - # variables - && apk add --no-cache tzdata \ - \ - # forward request and error logs to docker log collector - && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log - -COPY nginx.conf /etc/nginx/nginx.conf -COPY nginx.vh.default.conf /etc/nginx/conf.d/default.conf +RUN set -x \ + && apkArch="$(cat /etc/apk/arch)" \ + && nginxPackages=" \ + nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-perl=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NJS_VERSION}-r${PKG_RELEASE} \ + " \ + && case "$apkArch" in \ + x86_64) \ +# arches officially built by upstream + set -x \ + && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && apk add --no-cache --virtual .cert-deps \ + openssl curl ca-certificates \ + && curl -o /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ + && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + echo "key verification succeeded!"; \ + mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ + else \ + echo "key verification failed!"; \ + exit 1; \ + fi \ + && printf "%s%s%s\n" \ + "http://nginx.org/packages/alpine/v" \ + `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \ + "/main" \ + | tee -a /etc/apk/repositories \ + && apk del .cert-deps \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published packaging sources + set -x \ + && tempDir="$(mktemp -d)" \ + && chown nobody:nobody $tempDir \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre-dev \ + zlib-dev \ + linux-headers \ + libxslt-dev \ + gd-dev \ + geoip-dev \ + perl-dev \ + libedit-dev \ + mercurial \ + bash \ + alpine-sdk \ + findutils \ + && su - nobody -s /bin/sh -c " \ + export HOME=${tempDir} \ + && cd ${tempDir} \ + && hg clone https://hg.nginx.org/pkg-oss \ + && cd pkg-oss \ +# fixme: needs to check out a tag on the next 1.14 release + && hg up stable-1.14 \ + && echo hg up ${NGINX_VERSION}-${PKG_RELEASE} \ + && cd alpine \ + && make all \ + && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ + " \ + && echo "${tempDir}/packages/alpine/" >> /etc/apk/repositories \ + && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ + && apk del .build-deps \ + ;; \ + esac \ + && apk add --no-cache $nginxPackages \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ +# remove the last line with the packages repos in the repositories file + && sed -i '$ d' /etc/apk/repositories \ +# Bring in gettext so we can get `envsubst`, then throw +# the rest away. To do this, we need to install `gettext` +# then move `envsubst` out of the way so `gettext` can +# be deleted completely, then move `envsubst` back. + && apk add --no-cache --virtual .gettext gettext \ + && mv /usr/bin/envsubst /tmp/ \ + \ + && runDeps="$( \ + scanelf --needed --nobanner /tmp/envsubst \ + | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ + | sort -u \ + | xargs -r apk info --installed \ + | sort -u \ + )" \ + && apk add --no-cache $runDeps \ + && apk del .gettext \ + && mv /tmp/envsubst /usr/local/bin/ \ +# Bring in tzdata so users could set the timezones through the environment +# variables + && apk add --no-cache tzdata \ +# forward request and error logs to docker log collector + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log EXPOSE 80 diff --git a/stable/alpine-perl/nginx.conf b/stable/alpine-perl/nginx.conf deleted file mode 100644 index e4bad8db..00000000 --- a/stable/alpine-perl/nginx.conf +++ /dev/null @@ -1,32 +0,0 @@ - -user nginx; -worker_processes 1; - -error_log /var/log/nginx/error.log warn; -pid /var/run/nginx.pid; - - -events { - worker_connections 1024; -} - - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - #gzip on; - - include /etc/nginx/conf.d/*.conf; -} diff --git a/stable/alpine-perl/nginx.vh.default.conf b/stable/alpine-perl/nginx.vh.default.conf deleted file mode 100644 index 299c622a..00000000 --- a/stable/alpine-perl/nginx.vh.default.conf +++ /dev/null @@ -1,45 +0,0 @@ -server { - listen 80; - server_name localhost; - - #charset koi8-r; - #access_log /var/log/nginx/host.access.log main; - - location / { - root /usr/share/nginx/html; - index index.html index.htm; - } - - #error_page 404 /404.html; - - # redirect server error pages to the static page /50x.html - # - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } - - # proxy the PHP scripts to Apache listening on 127.0.0.1:80 - # - #location ~ \.php$ { - # proxy_pass http://127.0.0.1; - #} - - # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 - # - #location ~ \.php$ { - # root html; - # fastcgi_pass 127.0.0.1:9000; - # fastcgi_index index.php; - # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; - # include fastcgi_params; - #} - - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - # - #location ~ /\.ht { - # deny all; - #} -} - diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 7a7ded45..4c760c6e 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,141 +3,111 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.14.2 +ENV NJS_VERSION 1.14.2.0.2.7 +ENV PKG_RELEASE 1 -RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ - && CONFIG="\ - --prefix=/etc/nginx \ - --sbin-path=/usr/sbin/nginx \ - --modules-path=/usr/lib/nginx/modules \ - --conf-path=/etc/nginx/nginx.conf \ - --error-log-path=/var/log/nginx/error.log \ - --http-log-path=/var/log/nginx/access.log \ - --pid-path=/var/run/nginx.pid \ - --lock-path=/var/run/nginx.lock \ - --http-client-body-temp-path=/var/cache/nginx/client_temp \ - --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ - --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ - --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ - --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ - --user=nginx \ - --group=nginx \ - --with-http_ssl_module \ - --with-http_realip_module \ - --with-http_addition_module \ - --with-http_sub_module \ - --with-http_dav_module \ - --with-http_flv_module \ - --with-http_mp4_module \ - --with-http_gunzip_module \ - --with-http_gzip_static_module \ - --with-http_random_index_module \ - --with-http_secure_link_module \ - --with-http_stub_status_module \ - --with-http_auth_request_module \ - --with-http_xslt_module=dynamic \ - --with-http_image_filter_module=dynamic \ - --with-http_geoip_module=dynamic \ - --with-threads \ - --with-stream \ - --with-stream_ssl_module \ - --with-stream_ssl_preread_module \ - --with-stream_realip_module \ - --with-stream_geoip_module=dynamic \ - --with-http_slice_module \ - --with-mail \ - --with-mail_ssl_module \ - --with-compat \ - --with-file-aio \ - --with-http_v2_module \ - " \ - && addgroup -S nginx \ - && adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \ - && apk add --no-cache --virtual .build-deps \ - gcc \ - libc-dev \ - make \ - openssl-dev \ - pcre-dev \ - zlib-dev \ - linux-headers \ - curl \ - gnupg1 \ - libxslt-dev \ - gd-dev \ - geoip-dev \ - && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ - && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ - && export GNUPGHOME="$(mktemp -d)" \ - && found=''; \ - for server in \ - ha.pool.sks-keyservers.net \ - hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $GPG_KEYS from $server"; \ - gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \ - gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \ - && rm -rf "$GNUPGHOME" nginx.tar.gz.asc \ - && mkdir -p /usr/src \ - && tar -zxC /usr/src -f nginx.tar.gz \ - && rm nginx.tar.gz \ - && cd /usr/src/nginx-$NGINX_VERSION \ - && ./configure $CONFIG --with-debug \ - && make -j$(getconf _NPROCESSORS_ONLN) \ - && mv objs/nginx objs/nginx-debug \ - && mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \ - && mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \ - && mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \ - && mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so \ - && ./configure $CONFIG \ - && make -j$(getconf _NPROCESSORS_ONLN) \ - && make install \ - && rm -rf /etc/nginx/html/ \ - && mkdir /etc/nginx/conf.d/ \ - && mkdir -p /usr/share/nginx/html/ \ - && install -m644 html/index.html /usr/share/nginx/html/ \ - && install -m644 html/50x.html /usr/share/nginx/html/ \ - && install -m755 objs/nginx-debug /usr/sbin/nginx-debug \ - && install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so \ - && install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \ - && install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so \ - && install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so \ - && ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \ - && strip /usr/sbin/nginx* \ - && strip /usr/lib/nginx/modules/*.so \ - && rm -rf /usr/src/nginx-$NGINX_VERSION \ - \ - # Bring in gettext so we can get `envsubst`, then throw - # the rest away. To do this, we need to install `gettext` - # then move `envsubst` out of the way so `gettext` can - # be deleted completely, then move `envsubst` back. - && apk add --no-cache --virtual .gettext gettext \ - && mv /usr/bin/envsubst /tmp/ \ - \ - && runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )" \ - && apk add --no-cache --virtual .nginx-rundeps $runDeps \ - && apk del .build-deps \ - && apk del .gettext \ - && mv /tmp/envsubst /usr/local/bin/ \ - \ - # Bring in tzdata so users could set the timezones through the environment - # variables - && apk add --no-cache tzdata \ - \ - # forward request and error logs to docker log collector - && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log - -COPY nginx.conf /etc/nginx/nginx.conf -COPY nginx.vh.default.conf /etc/nginx/conf.d/default.conf +RUN set -x \ + && apkArch="$(cat /etc/apk/arch)" \ + && nginxPackages=" \ + nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NJS_VERSION}-r${PKG_RELEASE} \ + " \ + && case "$apkArch" in \ + x86_64) \ +# arches officially built by upstream + set -x \ + && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && apk add --no-cache --virtual .cert-deps \ + openssl curl ca-certificates \ + && curl -o /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ + && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + echo "key verification succeeded!"; \ + mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ + else \ + echo "key verification failed!"; \ + exit 1; \ + fi \ + && printf "%s%s%s\n" \ + "http://nginx.org/packages/alpine/v" \ + `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \ + "/main" \ + | tee -a /etc/apk/repositories \ + && apk del .cert-deps \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published packaging sources + set -x \ + && tempDir="$(mktemp -d)" \ + && chown nobody:nobody $tempDir \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre-dev \ + zlib-dev \ + linux-headers \ + libxslt-dev \ + gd-dev \ + geoip-dev \ + perl-dev \ + libedit-dev \ + mercurial \ + bash \ + alpine-sdk \ + findutils \ + && su - nobody -s /bin/sh -c " \ + export HOME=${tempDir} \ + && cd ${tempDir} \ + && hg clone https://hg.nginx.org/pkg-oss \ + && cd pkg-oss \ +# fixme: needs to check out a tag on the next 1.14 release + && hg up stable-1.14 \ + && echo hg up ${NGINX_VERSION}-${PKG_RELEASE} \ + && cd alpine \ + && make all \ + && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ + " \ + && echo "${tempDir}/packages/alpine/" >> /etc/apk/repositories \ + && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ + && apk del .build-deps \ + ;; \ + esac \ + && apk add --no-cache $nginxPackages \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ +# remove the last line with the packages repos in the repositories file + && sed -i '$ d' /etc/apk/repositories \ +# Bring in gettext so we can get `envsubst`, then throw +# the rest away. To do this, we need to install `gettext` +# then move `envsubst` out of the way so `gettext` can +# be deleted completely, then move `envsubst` back. + && apk add --no-cache --virtual .gettext gettext \ + && mv /usr/bin/envsubst /tmp/ \ + \ + && runDeps="$( \ + scanelf --needed --nobanner /tmp/envsubst \ + | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ + | sort -u \ + | xargs -r apk info --installed \ + | sort -u \ + )" \ + && apk add --no-cache $runDeps \ + && apk del .gettext \ + && mv /tmp/envsubst /usr/local/bin/ \ +# Bring in tzdata so users could set the timezones through the environment +# variables + && apk add --no-cache tzdata \ +# forward request and error logs to docker log collector + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log EXPOSE 80 diff --git a/stable/alpine/nginx.conf b/stable/alpine/nginx.conf deleted file mode 100644 index e4bad8db..00000000 --- a/stable/alpine/nginx.conf +++ /dev/null @@ -1,32 +0,0 @@ - -user nginx; -worker_processes 1; - -error_log /var/log/nginx/error.log warn; -pid /var/run/nginx.pid; - - -events { - worker_connections 1024; -} - - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - #gzip on; - - include /etc/nginx/conf.d/*.conf; -} diff --git a/stable/alpine/nginx.vh.default.conf b/stable/alpine/nginx.vh.default.conf deleted file mode 100644 index 299c622a..00000000 --- a/stable/alpine/nginx.vh.default.conf +++ /dev/null @@ -1,45 +0,0 @@ -server { - listen 80; - server_name localhost; - - #charset koi8-r; - #access_log /var/log/nginx/host.access.log main; - - location / { - root /usr/share/nginx/html; - index index.html index.htm; - } - - #error_page 404 /404.html; - - # redirect server error pages to the static page /50x.html - # - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } - - # proxy the PHP scripts to Apache listening on 127.0.0.1:80 - # - #location ~ \.php$ { - # proxy_pass http://127.0.0.1; - #} - - # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 - # - #location ~ \.php$ { - # root html; - # fastcgi_pass 127.0.0.1:9000; - # fastcgi_index index.php; - # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; - # include fastcgi_params; - #} - - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - # - #location ~ /\.ht { - # deny all; - #} -} - From 42b9a87db35929dec0f9c329486f16d6f6254d55 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Apr 2019 15:45:08 +0300 Subject: [PATCH 098/377] mainline: get rid of duplication in variables versions --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/stretch-perl/Dockerfile | 19 ++++++++++--------- mainline/stretch/Dockerfile | 15 ++++++++------- 4 files changed, 22 insertions(+), 20 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 3d577de3..257a7ef2 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.15.12 -ENV NJS_VERSION 1.15.12.0.3.1 +ENV NJS_VERSION 0.3.1 ENV PKG_RELEASE 1 RUN set -x \ @@ -14,7 +14,7 @@ RUN set -x \ nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-perl=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-njs=${NJS_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ " \ && case "$apkArch" in \ x86_64) \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index bee9f5d8..503ef875 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.15.12 -ENV NJS_VERSION 1.15.12.0.3.1 +ENV NJS_VERSION 0.3.1 ENV PKG_RELEASE 1 RUN set -x \ @@ -13,7 +13,7 @@ RUN set -x \ nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-njs=${NJS_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ " \ && case "$apkArch" in \ x86_64) \ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index 07270881..14664705 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,9 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.12-1~stretch -ENV NJS_VERSION 1.15.12.0.3.1-1~stretch +ENV NGINX_VERSION 1.15.12 +ENV NJS_VERSION 0.3.1 +ENV PKG_RELEASE 1~stretch RUN set -x \ && apt-get update \ @@ -23,13 +24,13 @@ RUN set -x \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ - && nginxPackages=" \ - nginx=${NGINX_VERSION} \ - nginx-module-xslt=${NGINX_VERSION} \ - nginx-module-geoip=${NGINX_VERSION} \ - nginx-module-image-filter=${NGINX_VERSION} \ - nginx-module-perl=${NGINX_VERSION} \ - nginx-module-njs=${NJS_VERSION} \ + && nginxPackages=" \ + nginx=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ amd64|i386) \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index 9c54b75e..45f8c6ea 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,9 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.12-1~stretch -ENV NJS_VERSION 1.15.12.0.3.1-1~stretch +ENV NGINX_VERSION 1.15.12 +ENV NJS_VERSION 0.3.1 +ENV PKG_RELEASE 1~stretch RUN set -x \ && apt-get update \ @@ -24,11 +25,11 @@ RUN set -x \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ - nginx=${NGINX_VERSION} \ - nginx-module-xslt=${NGINX_VERSION} \ - nginx-module-geoip=${NGINX_VERSION} \ - nginx-module-image-filter=${NGINX_VERSION} \ - nginx-module-njs=${NJS_VERSION} \ + nginx=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ amd64|i386) \ From 9a052e07b2c283df9960375ee40be50c5c462a7e Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Apr 2019 15:49:02 +0300 Subject: [PATCH 099/377] Updated stable nginx to 1.16.0 While at it, merge mainline versioning changes. --- stable/alpine-perl/Dockerfile | 10 ++++------ stable/alpine/Dockerfile | 10 ++++------ stable/stretch-perl/Dockerfile | 19 ++++++++++--------- stable/stretch/Dockerfile | 15 ++++++++------- 4 files changed, 26 insertions(+), 28 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 6a3ec93c..556ff741 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.14.2 -ENV NJS_VERSION 1.14.2.0.2.7 +ENV NGINX_VERSION 1.16.0 +ENV NJS_VERSION 0.3.1 ENV PKG_RELEASE 1 RUN set -x \ @@ -14,7 +14,7 @@ RUN set -x \ nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-perl=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-njs=${NJS_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ " \ && case "$apkArch" in \ x86_64) \ @@ -66,9 +66,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ -# fixme: needs to check out a tag on the next 1.14 release - && hg up stable-1.14 \ - && echo hg up ${NGINX_VERSION}-${PKG_RELEASE} \ + && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 4c760c6e..00a6b291 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.14.2 -ENV NJS_VERSION 1.14.2.0.2.7 +ENV NGINX_VERSION 1.16.0 +ENV NJS_VERSION 0.3.1 ENV PKG_RELEASE 1 RUN set -x \ @@ -13,7 +13,7 @@ RUN set -x \ nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-njs=${NJS_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ " \ && case "$apkArch" in \ x86_64) \ @@ -65,9 +65,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ -# fixme: needs to check out a tag on the next 1.14 release - && hg up stable-1.14 \ - && echo hg up ${NGINX_VERSION}-${PKG_RELEASE} \ + && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/stretch-perl/Dockerfile b/stable/stretch-perl/Dockerfile index 05cf5697..a43184bc 100644 --- a/stable/stretch-perl/Dockerfile +++ b/stable/stretch-perl/Dockerfile @@ -2,8 +2,9 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.14.2-1~stretch -ENV NJS_VERSION 1.14.2.0.2.6-1~stretch +ENV NGINX_VERSION 1.16.0 +ENV NJS_VERSION 0.3.1 +ENV PKG_RELEASE 1~stretch RUN set -x \ && apt-get update \ @@ -23,13 +24,13 @@ RUN set -x \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ - && nginxPackages=" \ - nginx=${NGINX_VERSION} \ - nginx-module-xslt=${NGINX_VERSION} \ - nginx-module-geoip=${NGINX_VERSION} \ - nginx-module-image-filter=${NGINX_VERSION} \ - nginx-module-perl=${NGINX_VERSION} \ - nginx-module-njs=${NJS_VERSION} \ + && nginxPackages=" \ + nginx=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ amd64|i386) \ diff --git a/stable/stretch/Dockerfile b/stable/stretch/Dockerfile index 097b04b9..c358e608 100644 --- a/stable/stretch/Dockerfile +++ b/stable/stretch/Dockerfile @@ -2,8 +2,9 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.14.2-1~stretch -ENV NJS_VERSION 1.14.2.0.2.6-1~stretch +ENV NGINX_VERSION 1.16.0 +ENV NJS_VERSION 0.3.1 +ENV PKG_RELEASE 1~stretch RUN set -x \ && apt-get update \ @@ -24,11 +25,11 @@ RUN set -x \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ - nginx=${NGINX_VERSION} \ - nginx-module-xslt=${NGINX_VERSION} \ - nginx-module-geoip=${NGINX_VERSION} \ - nginx-module-image-filter=${NGINX_VERSION} \ - nginx-module-njs=${NJS_VERSION} \ + nginx=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ amd64|i386) \ From 61973ac9c0c7fecdaa251b5ef7568f81486a0e8a Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Apr 2019 18:56:55 +0300 Subject: [PATCH 100/377] Updated generate-stackbrew-library.sh --- generate-stackbrew-library.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 4d70a428..22587c2f 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -3,8 +3,8 @@ set -eu declare -A aliases aliases=( - [mainline]='1 1.15 latest' - [stable]='1.14' + [mainline]='1 1.17 latest' + [stable]='1.16' ) self="$(basename "$BASH_SOURCE")" From 6f41f97b39b1a3d658f25329e7206324a1e883b5 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Apr 2019 19:04:52 +0300 Subject: [PATCH 101/377] Updated generate-stackbrew-library.sh to use new versioning scheme --- generate-stackbrew-library.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 22587c2f..3f3a9886 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -54,7 +54,6 @@ for version in "${versions[@]}"; do commit="$(dirCommit "$version/$base")" fullVersion="$(git show "$commit":"$version/$base/Dockerfile" | awk '$1 == "ENV" && $2 == "NGINX_VERSION" { print $3; exit }')" - fullVersion="${fullVersion%[.-]*}" versionAliases=( $fullVersion ) if [ "$version" != "$fullVersion" ]; then From 9674d1078009f49ee2d3d4d168a2a1eb9b86e638 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 21 May 2019 19:42:16 +0300 Subject: [PATCH 102/377] Updated mainline nginx to 1.17.0 and njs to 0.3.2 Fixes: #331, #317. --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 257a7ef2..96279e97 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.12 -ENV NJS_VERSION 0.3.1 +ENV NGINX_VERSION 1.17.0 +ENV NJS_VERSION 0.3.2 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 503ef875..c5724bc7 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.12 -ENV NJS_VERSION 0.3.1 +ENV NGINX_VERSION 1.17.0 +ENV NJS_VERSION 0.3.2 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index 14664705..7526870d 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.12 -ENV NJS_VERSION 0.3.1 +ENV NGINX_VERSION 1.17.0 +ENV NJS_VERSION 0.3.2 ENV PKG_RELEASE 1~stretch RUN set -x \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index 45f8c6ea..16efe844 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.12 -ENV NJS_VERSION 0.3.1 +ENV NGINX_VERSION 1.17.0 +ENV NJS_VERSION 0.3.2 ENV PKG_RELEASE 1~stretch RUN set -x \ From c308ce3f7b9f94de299b3f19b86524d35253493f Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 21 May 2019 19:42:34 +0300 Subject: [PATCH 103/377] Updated njs for stable images to 0.3.2 --- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- stable/stretch-perl/Dockerfile | 2 +- stable/stretch/Dockerfile | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 556ff741..21744f51 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.16.0 -ENV NJS_VERSION 0.3.1 +ENV NJS_VERSION 0.3.2 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 00a6b291..3e323045 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.16.0 -ENV NJS_VERSION 0.3.1 +ENV NJS_VERSION 0.3.2 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/stable/stretch-perl/Dockerfile b/stable/stretch-perl/Dockerfile index a43184bc..372c7f7e 100644 --- a/stable/stretch-perl/Dockerfile +++ b/stable/stretch-perl/Dockerfile @@ -3,7 +3,7 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.16.0 -ENV NJS_VERSION 0.3.1 +ENV NJS_VERSION 0.3.2 ENV PKG_RELEASE 1~stretch RUN set -x \ diff --git a/stable/stretch/Dockerfile b/stable/stretch/Dockerfile index c358e608..0b75d730 100644 --- a/stable/stretch/Dockerfile +++ b/stable/stretch/Dockerfile @@ -3,7 +3,7 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.16.0 -ENV NJS_VERSION 0.3.1 +ENV NJS_VERSION 0.3.2 ENV PKG_RELEASE 1~stretch RUN set -x \ From b749353968a57ebd9da17e12d23f1a5fb62f9de9 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 4 Jun 2019 14:27:46 +0300 Subject: [PATCH 104/377] Made the UID/GID consistent throughout the variants. 101 was chosen as UID/GID for both supported platforms since that's the first unused pair. This also looks forward compatible at least for now with Debian Buster and Alpine 3.10 as from the :edge tag of the time writing this message. Fixes: #218. --- mainline/alpine-perl/Dockerfile | 3 +++ mainline/alpine/Dockerfile | 3 +++ mainline/stretch-perl/Dockerfile | 3 +++ mainline/stretch/Dockerfile | 3 +++ stable/alpine-perl/Dockerfile | 3 +++ stable/alpine/Dockerfile | 3 +++ stable/stretch-perl/Dockerfile | 3 +++ stable/stretch/Dockerfile | 3 +++ 8 files changed, 24 insertions(+) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 96279e97..cbb6e96c 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -7,6 +7,9 @@ ENV NJS_VERSION 0.3.2 ENV PKG_RELEASE 1 RUN set -x \ +# create nginx user/group first, to be consistent throughout docker variants + && addgroup -g 101 -S nginx \ + && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index c5724bc7..17822daf 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -7,6 +7,9 @@ ENV NJS_VERSION 0.3.2 ENV PKG_RELEASE 1 RUN set -x \ +# create nginx user/group first, to be consistent throughout docker variants + && addgroup -g 101 -S nginx \ + && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index 7526870d..54d9941f 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -7,6 +7,9 @@ ENV NJS_VERSION 0.3.2 ENV PKG_RELEASE 1~stretch RUN set -x \ +# create nginx user/group first, to be consistent throughout docker variants + && addgroup --system --gid 101 nginx \ + && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ && \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index 16efe844..11ab8975 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -7,6 +7,9 @@ ENV NJS_VERSION 0.3.2 ENV PKG_RELEASE 1~stretch RUN set -x \ +# create nginx user/group first, to be consistent throughout docker variants + && addgroup --system --gid 101 nginx \ + && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ && \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 21744f51..255e8d75 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -7,6 +7,9 @@ ENV NJS_VERSION 0.3.2 ENV PKG_RELEASE 1 RUN set -x \ +# create nginx user/group first, to be consistent throughout docker variants + && addgroup -g 101 -S nginx \ + && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 3e323045..1e88ebd2 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -7,6 +7,9 @@ ENV NJS_VERSION 0.3.2 ENV PKG_RELEASE 1 RUN set -x \ +# create nginx user/group first, to be consistent throughout docker variants + && addgroup -g 101 -S nginx \ + && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ diff --git a/stable/stretch-perl/Dockerfile b/stable/stretch-perl/Dockerfile index 372c7f7e..d82f6225 100644 --- a/stable/stretch-perl/Dockerfile +++ b/stable/stretch-perl/Dockerfile @@ -7,6 +7,9 @@ ENV NJS_VERSION 0.3.2 ENV PKG_RELEASE 1~stretch RUN set -x \ +# create nginx user/group first, to be consistent throughout docker variants + && addgroup --system --gid 101 nginx \ + && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ && \ diff --git a/stable/stretch/Dockerfile b/stable/stretch/Dockerfile index 0b75d730..85816f3f 100644 --- a/stable/stretch/Dockerfile +++ b/stable/stretch/Dockerfile @@ -7,6 +7,9 @@ ENV NJS_VERSION 0.3.2 ENV PKG_RELEASE 1~stretch RUN set -x \ +# create nginx user/group first, to be consistent throughout docker variants + && addgroup --system --gid 101 nginx \ + && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ && \ From 0e47be34c3fcdc15078e51d6b0bcc4abd81f1383 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Thu, 6 Jun 2019 16:13:55 +0200 Subject: [PATCH 105/377] Remove dash from su command Fixes #327 --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index cbb6e96c..d9c7ca10 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -64,7 +64,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ - && su - nobody -s /bin/sh -c " \ + && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 17822daf..78d5b0a8 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -63,7 +63,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ - && su - nobody -s /bin/sh -c " \ + && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 255e8d75..17d1384b 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -64,7 +64,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ - && su - nobody -s /bin/sh -c " \ + && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 1e88ebd2..266ffb02 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -63,7 +63,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ - && su - nobody -s /bin/sh -c " \ + && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ From c10dfd0d6df13b33f498eb49d499df26fb0c440b Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Thu, 6 Jun 2019 16:33:15 +0200 Subject: [PATCH 106/377] Change tabs to spaces And other minor formatting fixes Signed-off-by: Konstantin Pavlov --- mainline/alpine-perl/Dockerfile | 14 ++-- mainline/alpine/Dockerfile | 14 ++-- mainline/stretch-perl/Dockerfile | 120 ++++++++++++++-------------- mainline/stretch/Dockerfile | 132 +++++++++++++++---------------- stable/alpine-perl/Dockerfile | 14 ++-- stable/alpine/Dockerfile | 14 ++-- stable/stretch-perl/Dockerfile | 120 ++++++++++++++-------------- stable/stretch/Dockerfile | 132 +++++++++++++++---------------- 8 files changed, 280 insertions(+), 280 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index d9c7ca10..359991a2 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -4,7 +4,7 @@ LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.17.0 ENV NJS_VERSION 0.3.2 -ENV PKG_RELEASE 1 +ENV PKG_RELEASE 1 RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -28,12 +28,12 @@ RUN set -x \ openssl curl ca-certificates \ && curl -o /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ - echo "key verification succeeded!"; \ - mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ - else \ - echo "key verification failed!"; \ - exit 1; \ - fi \ + echo "key verification succeeded!"; \ + mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ + else \ + echo "key verification failed!"; \ + exit 1; \ + fi \ && printf "%s%s%s\n" \ "http://nginx.org/packages/mainline/alpine/v" \ `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 78d5b0a8..e0fbb828 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -4,7 +4,7 @@ LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.17.0 ENV NJS_VERSION 0.3.2 -ENV PKG_RELEASE 1 +ENV PKG_RELEASE 1 RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -27,12 +27,12 @@ RUN set -x \ openssl curl ca-certificates \ && curl -o /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ - echo "key verification succeeded!"; \ - mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ - else \ - echo "key verification failed!"; \ - exit 1; \ - fi \ + echo "key verification succeeded!"; \ + mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ + else \ + echo "key verification failed!"; \ + exit 1; \ + fi \ && printf "%s%s%s\n" \ "http://nginx.org/packages/mainline/alpine/v" \ `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index 54d9941f..01ddc4bf 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -10,23 +10,23 @@ RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants && addgroup --system --gid 101 nginx \ && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ - && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ - && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ - found=''; \ - for server in \ - ha.pool.sks-keyservers.net \ - hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ - && dpkgArch="$(dpkg --print-architecture)" \ + && apt-get update \ + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ + && \ + NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + found=''; \ + for server in \ + ha.pool.sks-keyservers.net \ + hkp://keyserver.ubuntu.com:80 \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ + apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ + && dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ @@ -34,68 +34,68 @@ RUN set -x \ nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-${PKG_RELEASE} \ - " \ - && case "$dpkgArch" in \ - amd64|i386) \ + " \ + && case "$dpkgArch" in \ + amd64|i386) \ # arches officialy built by upstream - echo "deb https://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ - && apt-get update \ - ;; \ - *) \ + echo "deb https://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ + && apt-get update \ + ;; \ + *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ - \ + echo "deb-src https://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ + \ # new directory for storing sources and .deb files - && tempDir="$(mktemp -d)" \ - && chmod 777 "$tempDir" \ + && tempDir="$(mktemp -d)" \ + && chmod 777 "$tempDir" \ # (777 to ensure APT's "_apt" user can access it too) - \ + \ # save list of currently-installed packages so build dependencies can be cleanly removed later - && savedAptMark="$(apt-mark showmanual)" \ - \ + && savedAptMark="$(apt-mark showmanual)" \ + \ # build .deb files from upstream's source packages (which are verified by apt-get) - && apt-get update \ - && apt-get build-dep -y $nginxPackages \ - && ( \ - cd "$tempDir" \ - && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile $nginxPackages \ - ) \ + && apt-get update \ + && apt-get build-dep -y $nginxPackages \ + && ( \ + cd "$tempDir" \ + && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile $nginxPackages \ + ) \ # we don't remove APT lists here because they get re-downloaded and removed later - \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies # (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - && apt-mark showmanual | xargs apt-mark auto > /dev/null \ - && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ - \ + && apt-mark showmanual | xargs apt-mark auto > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ + \ # create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - && ls -lAFh "$tempDir" \ - && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ - && grep '^Package: ' "$tempDir/Packages" \ - && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ + && ls -lAFh "$tempDir" \ + && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ + && grep '^Package: ' "$tempDir/Packages" \ + && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ # work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") # Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) # ... # E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - && apt-get -o Acquire::GzipIndexes=false update \ - ;; \ - esac \ - \ - && apt-get install --no-install-recommends --no-install-suggests -y \ - $nginxPackages \ - gettext-base \ - && apt-get remove --purge --auto-remove -y apt-transport-https ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ - \ + && apt-get -o Acquire::GzipIndexes=false update \ + ;; \ + esac \ + \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + $nginxPackages \ + gettext-base \ + && apt-get remove --purge --auto-remove -y apt-transport-https ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then \ - apt-get purge -y --auto-remove \ - && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi + && if [ -n "$tempDir" ]; then \ + apt-get purge -y --auto-remove \ + && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi # forward request and error logs to docker log collector RUN ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log + && ln -sf /dev/stderr /var/log/nginx/error.log EXPOSE 80 diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index 11ab8975..12a3130a 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -10,91 +10,91 @@ RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants && addgroup --system --gid 101 nginx \ && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ - && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ - && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ - found=''; \ - for server in \ - ha.pool.sks-keyservers.net \ - hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ - && dpkgArch="$(dpkg --print-architecture)" \ - && nginxPackages=" \ - nginx=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-${PKG_RELEASE} \ - " \ - && case "$dpkgArch" in \ - amd64|i386) \ + && apt-get update \ + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ + && \ + NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + found=''; \ + for server in \ + ha.pool.sks-keyservers.net \ + hkp://keyserver.ubuntu.com:80 \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ + apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ + && dpkgArch="$(dpkg --print-architecture)" \ + && nginxPackages=" \ + nginx=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-${PKG_RELEASE} \ + " \ + && case "$dpkgArch" in \ + amd64|i386) \ # arches officialy built by upstream - echo "deb https://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ - && apt-get update \ - ;; \ - *) \ + echo "deb https://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ + && apt-get update \ + ;; \ + *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ - \ + echo "deb-src https://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ + \ # new directory for storing sources and .deb files - && tempDir="$(mktemp -d)" \ - && chmod 777 "$tempDir" \ + && tempDir="$(mktemp -d)" \ + && chmod 777 "$tempDir" \ # (777 to ensure APT's "_apt" user can access it too) - \ + \ # save list of currently-installed packages so build dependencies can be cleanly removed later - && savedAptMark="$(apt-mark showmanual)" \ - \ + && savedAptMark="$(apt-mark showmanual)" \ + \ # build .deb files from upstream's source packages (which are verified by apt-get) - && apt-get update \ - && apt-get build-dep -y $nginxPackages \ - && ( \ - cd "$tempDir" \ - && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile $nginxPackages \ - ) \ + && apt-get update \ + && apt-get build-dep -y $nginxPackages \ + && ( \ + cd "$tempDir" \ + && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile $nginxPackages \ + ) \ # we don't remove APT lists here because they get re-downloaded and removed later - \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies # (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - && apt-mark showmanual | xargs apt-mark auto > /dev/null \ - && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ - \ + && apt-mark showmanual | xargs apt-mark auto > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ + \ # create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - && ls -lAFh "$tempDir" \ - && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ - && grep '^Package: ' "$tempDir/Packages" \ - && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ + && ls -lAFh "$tempDir" \ + && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ + && grep '^Package: ' "$tempDir/Packages" \ + && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ # work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") # Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) # ... # E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - && apt-get -o Acquire::GzipIndexes=false update \ - ;; \ - esac \ - \ - && apt-get install --no-install-recommends --no-install-suggests -y \ - $nginxPackages \ - gettext-base \ - && apt-get remove --purge --auto-remove -y apt-transport-https ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ - \ + && apt-get -o Acquire::GzipIndexes=false update \ + ;; \ + esac \ + \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + $nginxPackages \ + gettext-base \ + && apt-get remove --purge --auto-remove -y apt-transport-https ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then \ - apt-get purge -y --auto-remove \ - && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi + && if [ -n "$tempDir" ]; then \ + apt-get purge -y --auto-remove \ + && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi # forward request and error logs to docker log collector RUN ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log + && ln -sf /dev/stderr /var/log/nginx/error.log EXPOSE 80 diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 17d1384b..b5a54f4e 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -4,7 +4,7 @@ LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.16.0 ENV NJS_VERSION 0.3.2 -ENV PKG_RELEASE 1 +ENV PKG_RELEASE 1 RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -28,12 +28,12 @@ RUN set -x \ openssl curl ca-certificates \ && curl -o /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ - echo "key verification succeeded!"; \ - mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ - else \ - echo "key verification failed!"; \ - exit 1; \ - fi \ + echo "key verification succeeded!"; \ + mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ + else \ + echo "key verification failed!"; \ + exit 1; \ + fi \ && printf "%s%s%s\n" \ "http://nginx.org/packages/alpine/v" \ `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 266ffb02..b51ada35 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -4,7 +4,7 @@ LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.16.0 ENV NJS_VERSION 0.3.2 -ENV PKG_RELEASE 1 +ENV PKG_RELEASE 1 RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -27,12 +27,12 @@ RUN set -x \ openssl curl ca-certificates \ && curl -o /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ - echo "key verification succeeded!"; \ - mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ - else \ - echo "key verification failed!"; \ - exit 1; \ - fi \ + echo "key verification succeeded!"; \ + mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ + else \ + echo "key verification failed!"; \ + exit 1; \ + fi \ && printf "%s%s%s\n" \ "http://nginx.org/packages/alpine/v" \ `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \ diff --git a/stable/stretch-perl/Dockerfile b/stable/stretch-perl/Dockerfile index d82f6225..9f038d28 100644 --- a/stable/stretch-perl/Dockerfile +++ b/stable/stretch-perl/Dockerfile @@ -10,23 +10,23 @@ RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants && addgroup --system --gid 101 nginx \ && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ - && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ - && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ - found=''; \ - for server in \ - ha.pool.sks-keyservers.net \ - hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ - && dpkgArch="$(dpkg --print-architecture)" \ + && apt-get update \ + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ + && \ + NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + found=''; \ + for server in \ + ha.pool.sks-keyservers.net \ + hkp://keyserver.ubuntu.com:80 \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ + apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ + && dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ @@ -34,68 +34,68 @@ RUN set -x \ nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-${PKG_RELEASE} \ - " \ - && case "$dpkgArch" in \ - amd64|i386) \ + " \ + && case "$dpkgArch" in \ + amd64|i386) \ # arches officialy built by upstream - echo "deb https://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ - && apt-get update \ - ;; \ - *) \ + echo "deb https://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ + && apt-get update \ + ;; \ + *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ - \ + echo "deb-src https://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ + \ # new directory for storing sources and .deb files - && tempDir="$(mktemp -d)" \ - && chmod 777 "$tempDir" \ + && tempDir="$(mktemp -d)" \ + && chmod 777 "$tempDir" \ # (777 to ensure APT's "_apt" user can access it too) - \ + \ # save list of currently-installed packages so build dependencies can be cleanly removed later - && savedAptMark="$(apt-mark showmanual)" \ - \ + && savedAptMark="$(apt-mark showmanual)" \ + \ # build .deb files from upstream's source packages (which are verified by apt-get) - && apt-get update \ - && apt-get build-dep -y $nginxPackages \ - && ( \ - cd "$tempDir" \ - && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile $nginxPackages \ - ) \ + && apt-get update \ + && apt-get build-dep -y $nginxPackages \ + && ( \ + cd "$tempDir" \ + && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile $nginxPackages \ + ) \ # we don't remove APT lists here because they get re-downloaded and removed later - \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies # (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - && apt-mark showmanual | xargs apt-mark auto > /dev/null \ - && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ - \ + && apt-mark showmanual | xargs apt-mark auto > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ + \ # create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - && ls -lAFh "$tempDir" \ - && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ - && grep '^Package: ' "$tempDir/Packages" \ - && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ + && ls -lAFh "$tempDir" \ + && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ + && grep '^Package: ' "$tempDir/Packages" \ + && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ # work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") # Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) # ... # E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - && apt-get -o Acquire::GzipIndexes=false update \ - ;; \ - esac \ - \ - && apt-get install --no-install-recommends --no-install-suggests -y \ - $nginxPackages \ - gettext-base \ - && apt-get remove --purge --auto-remove -y apt-transport-https ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ - \ + && apt-get -o Acquire::GzipIndexes=false update \ + ;; \ + esac \ + \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + $nginxPackages \ + gettext-base \ + && apt-get remove --purge --auto-remove -y apt-transport-https ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then \ - apt-get purge -y --auto-remove \ - && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi + && if [ -n "$tempDir" ]; then \ + apt-get purge -y --auto-remove \ + && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi # forward request and error logs to docker log collector RUN ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log + && ln -sf /dev/stderr /var/log/nginx/error.log EXPOSE 80 diff --git a/stable/stretch/Dockerfile b/stable/stretch/Dockerfile index 85816f3f..f7dc48c5 100644 --- a/stable/stretch/Dockerfile +++ b/stable/stretch/Dockerfile @@ -10,91 +10,91 @@ RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants && addgroup --system --gid 101 nginx \ && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ - && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ - && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ - found=''; \ - for server in \ - ha.pool.sks-keyservers.net \ - hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ - && dpkgArch="$(dpkg --print-architecture)" \ - && nginxPackages=" \ - nginx=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-${PKG_RELEASE} \ - " \ - && case "$dpkgArch" in \ - amd64|i386) \ + && apt-get update \ + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ + && \ + NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + found=''; \ + for server in \ + ha.pool.sks-keyservers.net \ + hkp://keyserver.ubuntu.com:80 \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ + apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ + && dpkgArch="$(dpkg --print-architecture)" \ + && nginxPackages=" \ + nginx=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-${PKG_RELEASE} \ + " \ + && case "$dpkgArch" in \ + amd64|i386) \ # arches officialy built by upstream - echo "deb https://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ - && apt-get update \ - ;; \ - *) \ + echo "deb https://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ + && apt-get update \ + ;; \ + *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ - \ + echo "deb-src https://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ + \ # new directory for storing sources and .deb files - && tempDir="$(mktemp -d)" \ - && chmod 777 "$tempDir" \ + && tempDir="$(mktemp -d)" \ + && chmod 777 "$tempDir" \ # (777 to ensure APT's "_apt" user can access it too) - \ + \ # save list of currently-installed packages so build dependencies can be cleanly removed later - && savedAptMark="$(apt-mark showmanual)" \ - \ + && savedAptMark="$(apt-mark showmanual)" \ + \ # build .deb files from upstream's source packages (which are verified by apt-get) - && apt-get update \ - && apt-get build-dep -y $nginxPackages \ - && ( \ - cd "$tempDir" \ - && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile $nginxPackages \ - ) \ + && apt-get update \ + && apt-get build-dep -y $nginxPackages \ + && ( \ + cd "$tempDir" \ + && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile $nginxPackages \ + ) \ # we don't remove APT lists here because they get re-downloaded and removed later - \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies # (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - && apt-mark showmanual | xargs apt-mark auto > /dev/null \ - && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ - \ + && apt-mark showmanual | xargs apt-mark auto > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ + \ # create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - && ls -lAFh "$tempDir" \ - && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ - && grep '^Package: ' "$tempDir/Packages" \ - && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ + && ls -lAFh "$tempDir" \ + && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ + && grep '^Package: ' "$tempDir/Packages" \ + && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ # work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") # Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) # ... # E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - && apt-get -o Acquire::GzipIndexes=false update \ - ;; \ - esac \ - \ - && apt-get install --no-install-recommends --no-install-suggests -y \ - $nginxPackages \ - gettext-base \ - && apt-get remove --purge --auto-remove -y apt-transport-https ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ - \ + && apt-get -o Acquire::GzipIndexes=false update \ + ;; \ + esac \ + \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + $nginxPackages \ + gettext-base \ + && apt-get remove --purge --auto-remove -y apt-transport-https ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then \ - apt-get purge -y --auto-remove \ - && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi + && if [ -n "$tempDir" ]; then \ + apt-get purge -y --auto-remove \ + && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi # forward request and error logs to docker log collector RUN ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log + && ln -sf /dev/stderr /var/log/nginx/error.log EXPOSE 80 From 1ebbaf6c2f94fb4f60917220d1fae9482fb65e81 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 7 Jun 2019 14:46:29 +0300 Subject: [PATCH 107/377] stable alpine: ping to revision 417 of http://hg.nginx.org/pkg-oss. This makes stable images buildable until the next version bump. --- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index b5a54f4e..57b521d0 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -69,7 +69,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ + && hg up -r 417 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index b51ada35..1dcb7636 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -68,7 +68,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ + && hg up -r 417 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ From 011ca42d34576e884610e8842b5dfb28f175fc7c Mon Sep 17 00:00:00 2001 From: J0WI Date: Thu, 20 Jun 2019 14:38:31 +0200 Subject: [PATCH 108/377] Fetch Alpine package over https --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 359991a2..0984a7de 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -35,7 +35,7 @@ RUN set -x \ exit 1; \ fi \ && printf "%s%s%s\n" \ - "http://nginx.org/packages/mainline/alpine/v" \ + "https://nginx.org/packages/mainline/alpine/v" \ `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \ "/main" \ | tee -a /etc/apk/repositories \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index e0fbb828..d021c4bc 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -34,7 +34,7 @@ RUN set -x \ exit 1; \ fi \ && printf "%s%s%s\n" \ - "http://nginx.org/packages/mainline/alpine/v" \ + "https://nginx.org/packages/mainline/alpine/v" \ `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \ "/main" \ | tee -a /etc/apk/repositories \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 57b521d0..1a10857c 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -35,7 +35,7 @@ RUN set -x \ exit 1; \ fi \ && printf "%s%s%s\n" \ - "http://nginx.org/packages/alpine/v" \ + "https://nginx.org/packages/alpine/v" \ `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \ "/main" \ | tee -a /etc/apk/repositories \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 1dcb7636..2c5e2d97 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -34,7 +34,7 @@ RUN set -x \ exit 1; \ fi \ && printf "%s%s%s\n" \ - "http://nginx.org/packages/alpine/v" \ + "https://nginx.org/packages/alpine/v" \ `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \ "/main" \ | tee -a /etc/apk/repositories \ From 17c4abd5f5fb7d1edebeab36e0f5ac40f23f6b9b Mon Sep 17 00:00:00 2001 From: Nick Porter Date: Sat, 29 Jun 2019 23:15:20 -0400 Subject: [PATCH 109/377] Fix typo in README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f0d253c2..7adf25f3 100644 --- a/README.md +++ b/README.md @@ -5,5 +5,5 @@ Hub page for the full readme on how to use the Docker image and for information regarding contributing and issues. The full readme is generated over in [docker-library/docs](https://github.com/docker-library/docs), -specificially in [docker-library/docs/nginx](https://github.com/docker-library/docs/tree/master/nginx). +specifically in [docker-library/docs/nginx](https://github.com/docker-library/docs/tree/master/nginx). From 976f38e04cce6a70625b24189fda405907d9cebf Mon Sep 17 00:00:00 2001 From: J0WI Date: Tue, 25 Jun 2019 01:38:30 +0200 Subject: [PATCH 110/377] Remove curl dependency from Alpine varaint --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- stable/alpine-perl/Dockerfile | 4 ++-- stable/alpine/Dockerfile | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 0984a7de..eff71f42 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -25,8 +25,8 @@ RUN set -x \ set -x \ && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ && apk add --no-cache --virtual .cert-deps \ - openssl curl ca-certificates \ - && curl -o /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ + openssl \ + && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ echo "key verification succeeded!"; \ mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index d021c4bc..da123df9 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -24,8 +24,8 @@ RUN set -x \ set -x \ && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ && apk add --no-cache --virtual .cert-deps \ - openssl curl ca-certificates \ - && curl -o /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ + openssl \ + && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ echo "key verification succeeded!"; \ mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 1a10857c..420072f6 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -25,8 +25,8 @@ RUN set -x \ set -x \ && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ && apk add --no-cache --virtual .cert-deps \ - openssl curl ca-certificates \ - && curl -o /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ + openssl \ + && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ echo "key verification succeeded!"; \ mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 2c5e2d97..a483653c 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -24,8 +24,8 @@ RUN set -x \ set -x \ && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ && apk add --no-cache --virtual .cert-deps \ - openssl curl ca-certificates \ - && curl -o /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ + openssl \ + && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ echo "key verification succeeded!"; \ mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ From f9fbfcbcb24cb1fd6d207d33e9345d3e6dbb8ff2 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 1 Jul 2019 15:46:11 +0300 Subject: [PATCH 111/377] Updated nginx to 1.17.1 and njs to 0.3.3 Fixes #343 --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index eff71f42..ef35167c 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.0 -ENV NJS_VERSION 0.3.2 +ENV NGINX_VERSION 1.17.1 +ENV NJS_VERSION 0.3.3 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index da123df9..f23a275e 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.0 -ENV NJS_VERSION 0.3.2 +ENV NGINX_VERSION 1.17.1 +ENV NJS_VERSION 0.3.3 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index 01ddc4bf..1e2fee6f 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.0 -ENV NJS_VERSION 0.3.2 +ENV NGINX_VERSION 1.17.1 +ENV NJS_VERSION 0.3.3 ENV PKG_RELEASE 1~stretch RUN set -x \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index 12a3130a..caec21c1 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.0 -ENV NJS_VERSION 0.3.2 +ENV NGINX_VERSION 1.17.1 +ENV NJS_VERSION 0.3.3 ENV PKG_RELEASE 1~stretch RUN set -x \ From 5abbd4a936e9ebd0bd116511c0dcd5ca27b9f4ad Mon Sep 17 00:00:00 2001 From: J0WI Date: Thu, 20 Jun 2019 14:39:27 +0200 Subject: [PATCH 112/377] Update Alpine to 3.10 Signed-off-by: Konstantin Pavlov --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index ef35167c..92e09573 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.9 +FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index f23a275e..312bd350 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.9 +FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 420072f6..794c446c 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.9 +FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index a483653c..49a567ef 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.9 +FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " From 7956a3fed9b57f4796881c99ec23c03c05945d43 Mon Sep 17 00:00:00 2001 From: J0WI Date: Wed, 10 Jul 2019 16:42:11 +0200 Subject: [PATCH 113/377] Upgrade to Debian Buster Signed-off-by: Konstantin Pavlov --- generate-stackbrew-library.sh | 4 ++-- mainline/{stretch-perl => buster-perl}/Dockerfile | 12 ++++++------ mainline/{stretch => buster}/Dockerfile | 12 ++++++------ stable/{stretch-perl => buster-perl}/Dockerfile | 12 ++++++------ stable/{stretch => buster}/Dockerfile | 12 ++++++------ 5 files changed, 26 insertions(+), 26 deletions(-) rename mainline/{stretch-perl => buster-perl}/Dockerfile (92%) rename mainline/{stretch => buster}/Dockerfile (92%) rename stable/{stretch-perl => buster-perl}/Dockerfile (90%) rename stable/{stretch => buster}/Dockerfile (90%) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 3f3a9886..4464e466 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -9,7 +9,7 @@ aliases=( self="$(basename "$BASH_SOURCE")" cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" -base=stretch +base=buster versions=( */ ) versions=( "${versions[@]%/}" ) @@ -69,7 +69,7 @@ for version in "${versions[@]}"; do Directory: $version/$base EOE - for variant in stretch-perl; do + for variant in buster-perl; do commit="$(dirCommit "$version/$variant")" variantAliases=( "${versionAliases[@]/%/-perl}" ) diff --git a/mainline/stretch-perl/Dockerfile b/mainline/buster-perl/Dockerfile similarity index 92% rename from mainline/stretch-perl/Dockerfile rename to mainline/buster-perl/Dockerfile index 1e2fee6f..a1ad85a8 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -1,17 +1,17 @@ -FROM debian:stretch-slim +FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.17.1 ENV NJS_VERSION 0.3.3 -ENV PKG_RELEASE 1~stretch +ENV PKG_RELEASE 1~buster RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants && addgroup --system --gid 101 nginx \ && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ found=''; \ @@ -38,13 +38,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|i386) \ # arches officialy built by upstream - echo "deb https://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb https://nginx.org/packages/mainline/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src https://nginx.org/packages/mainline/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ @@ -85,7 +85,7 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y \ $nginxPackages \ gettext-base \ - && apt-get remove --purge --auto-remove -y apt-transport-https ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + && apt-get remove --purge --auto-remove -y ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then \ diff --git a/mainline/stretch/Dockerfile b/mainline/buster/Dockerfile similarity index 92% rename from mainline/stretch/Dockerfile rename to mainline/buster/Dockerfile index caec21c1..046ed052 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/buster/Dockerfile @@ -1,17 +1,17 @@ -FROM debian:stretch-slim +FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.17.1 ENV NJS_VERSION 0.3.3 -ENV PKG_RELEASE 1~stretch +ENV PKG_RELEASE 1~buster RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants && addgroup --system --gid 101 nginx \ && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ found=''; \ @@ -37,13 +37,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|i386) \ # arches officialy built by upstream - echo "deb https://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb https://nginx.org/packages/mainline/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src https://nginx.org/packages/mainline/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ @@ -84,7 +84,7 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y \ $nginxPackages \ gettext-base \ - && apt-get remove --purge --auto-remove -y apt-transport-https ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + && apt-get remove --purge --auto-remove -y ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then \ diff --git a/stable/stretch-perl/Dockerfile b/stable/buster-perl/Dockerfile similarity index 90% rename from stable/stretch-perl/Dockerfile rename to stable/buster-perl/Dockerfile index 9f038d28..2657f64a 100644 --- a/stable/stretch-perl/Dockerfile +++ b/stable/buster-perl/Dockerfile @@ -1,17 +1,17 @@ -FROM debian:stretch-slim +FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.16.0 ENV NJS_VERSION 0.3.2 -ENV PKG_RELEASE 1~stretch +ENV PKG_RELEASE 1~buster RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants && addgroup --system --gid 101 nginx \ && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ found=''; \ @@ -38,13 +38,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|i386) \ # arches officialy built by upstream - echo "deb https://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb https://nginx.org/packages/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src https://nginx.org/packages/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ @@ -85,7 +85,7 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y \ $nginxPackages \ gettext-base \ - && apt-get remove --purge --auto-remove -y apt-transport-https ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + && apt-get remove --purge --auto-remove -y ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then \ diff --git a/stable/stretch/Dockerfile b/stable/buster/Dockerfile similarity index 90% rename from stable/stretch/Dockerfile rename to stable/buster/Dockerfile index f7dc48c5..05d593ec 100644 --- a/stable/stretch/Dockerfile +++ b/stable/buster/Dockerfile @@ -1,17 +1,17 @@ -FROM debian:stretch-slim +FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.16.0 ENV NJS_VERSION 0.3.2 -ENV PKG_RELEASE 1~stretch +ENV PKG_RELEASE 1~buster RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants && addgroup --system --gid 101 nginx \ && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ found=''; \ @@ -37,13 +37,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|i386) \ # arches officialy built by upstream - echo "deb https://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb https://nginx.org/packages/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src https://nginx.org/packages/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ @@ -84,7 +84,7 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y \ $nginxPackages \ gettext-base \ - && apt-get remove --purge --auto-remove -y apt-transport-https ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + && apt-get remove --purge --auto-remove -y ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then \ From c817e28dd68b6daa33265a8cb527b1c4cd723b59 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Jul 2019 16:33:30 +0300 Subject: [PATCH 114/377] Updated mainline nginx to 1.17.2 --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/buster-perl/Dockerfile | 2 +- mainline/buster/Dockerfile | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 92e09573..d376c2ca 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.1 +ENV NGINX_VERSION 1.17.2 ENV NJS_VERSION 0.3.3 ENV PKG_RELEASE 1 diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 312bd350..c910f580 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.1 +ENV NGINX_VERSION 1.17.2 ENV NJS_VERSION 0.3.3 ENV PKG_RELEASE 1 diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index a1ad85a8..7c083606 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -2,7 +2,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.1 +ENV NGINX_VERSION 1.17.2 ENV NJS_VERSION 0.3.3 ENV PKG_RELEASE 1~buster diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index 046ed052..480b7a3b 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -2,7 +2,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.1 +ENV NGINX_VERSION 1.17.2 ENV NJS_VERSION 0.3.3 ENV PKG_RELEASE 1~buster From 952de68bda48815a1fc9137b51633a6ea053251c Mon Sep 17 00:00:00 2001 From: Andrei Belov Date: Thu, 15 Aug 2019 12:03:42 +0300 Subject: [PATCH 115/377] Updated nginx to 1.17.3 and njs to 0.3.4 --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/buster-perl/Dockerfile | 4 ++-- mainline/buster/Dockerfile | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index d376c2ca..17f53416 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.2 -ENV NJS_VERSION 0.3.3 +ENV NGINX_VERSION 1.17.3 +ENV NJS_VERSION 0.3.4 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index c910f580..4ab42553 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.2 -ENV NJS_VERSION 0.3.3 +ENV NGINX_VERSION 1.17.3 +ENV NJS_VERSION 0.3.4 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index 7c083606..97b100c4 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.2 -ENV NJS_VERSION 0.3.3 +ENV NGINX_VERSION 1.17.3 +ENV NJS_VERSION 0.3.4 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index 480b7a3b..d4137f04 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.2 -ENV NJS_VERSION 0.3.3 +ENV NGINX_VERSION 1.17.3 +ENV NJS_VERSION 0.3.4 ENV PKG_RELEASE 1~buster RUN set -x \ From f5a5bc9926f0bdcd45073ee7d80f73a5656fabe9 Mon Sep 17 00:00:00 2001 From: Benjamin Dos Santos Date: Thu, 15 Aug 2019 11:09:20 +0200 Subject: [PATCH 116/377] Updated stable nginx to 1.16.1 and njs to 0.3.4 --- stable/alpine-perl/Dockerfile | 4 ++-- stable/alpine/Dockerfile | 4 ++-- stable/buster-perl/Dockerfile | 4 ++-- stable/buster/Dockerfile | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 794c446c..4d18a32c 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.16.0 -ENV NJS_VERSION 0.3.2 +ENV NGINX_VERSION 1.16.1 +ENV NJS_VERSION 0.3.4 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 49a567ef..116c25fe 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.16.0 -ENV NJS_VERSION 0.3.2 +ENV NGINX_VERSION 1.16.1 +ENV NJS_VERSION 0.3.4 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/stable/buster-perl/Dockerfile b/stable/buster-perl/Dockerfile index 2657f64a..60ccaeec 100644 --- a/stable/buster-perl/Dockerfile +++ b/stable/buster-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.16.0 -ENV NJS_VERSION 0.3.2 +ENV NGINX_VERSION 1.16.1 +ENV NJS_VERSION 0.3.4 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/stable/buster/Dockerfile b/stable/buster/Dockerfile index 05d593ec..ac2d790f 100644 --- a/stable/buster/Dockerfile +++ b/stable/buster/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.16.0 -ENV NJS_VERSION 0.3.2 +ENV NGINX_VERSION 1.16.1 +ENV NJS_VERSION 0.3.4 ENV PKG_RELEASE 1~buster RUN set -x \ From e3bbc1131a683dabf868268e62b9d3fbd250191b Mon Sep 17 00:00:00 2001 From: Andrei Belov Date: Thu, 15 Aug 2019 22:12:21 +0300 Subject: [PATCH 117/377] Updated njs to 0.3.5 --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/buster-perl/Dockerfile | 2 +- mainline/buster/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- stable/buster-perl/Dockerfile | 2 +- stable/buster/Dockerfile | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 17f53416..3451a3ab 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.17.3 -ENV NJS_VERSION 0.3.4 +ENV NJS_VERSION 0.3.5 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 4ab42553..60c8fbe2 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.17.3 -ENV NJS_VERSION 0.3.4 +ENV NJS_VERSION 0.3.5 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index 97b100c4..8c827f2f 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -3,7 +3,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.17.3 -ENV NJS_VERSION 0.3.4 +ENV NJS_VERSION 0.3.5 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index d4137f04..b8692972 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -3,7 +3,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.17.3 -ENV NJS_VERSION 0.3.4 +ENV NJS_VERSION 0.3.5 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 4d18a32c..f4f228c6 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.16.1 -ENV NJS_VERSION 0.3.4 +ENV NJS_VERSION 0.3.5 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 116c25fe..ee26e541 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.16.1 -ENV NJS_VERSION 0.3.4 +ENV NJS_VERSION 0.3.5 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/stable/buster-perl/Dockerfile b/stable/buster-perl/Dockerfile index 60ccaeec..ea60a497 100644 --- a/stable/buster-perl/Dockerfile +++ b/stable/buster-perl/Dockerfile @@ -3,7 +3,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.16.1 -ENV NJS_VERSION 0.3.4 +ENV NJS_VERSION 0.3.5 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/stable/buster/Dockerfile b/stable/buster/Dockerfile index ac2d790f..84d269ce 100644 --- a/stable/buster/Dockerfile +++ b/stable/buster/Dockerfile @@ -3,7 +3,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.16.1 -ENV NJS_VERSION 0.3.4 +ENV NJS_VERSION 0.3.5 ENV PKG_RELEASE 1~buster RUN set -x \ From 0ad6faa0790f423fb239f2b8800dc339d763869a Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 27 Aug 2019 13:17:27 +0300 Subject: [PATCH 118/377] alpine: bump pkg-oss revision to fetch njs 0.3.5 sources --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 3451a3ab..0739c280 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -69,7 +69,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ + && hg up -r 428 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 60c8fbe2..52424888 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -68,7 +68,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ + && hg up -r 428 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index f4f228c6..0251a44e 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -69,7 +69,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up -r 417 \ + && hg up -r 429 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index ee26e541..0bbe6668 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -68,7 +68,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up -r 417 \ + && hg up -r 429 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ From 23a990403d6dbe102bf2c72ab2f6a239e940e3c3 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 24 Sep 2019 19:33:38 +0300 Subject: [PATCH 119/377] Updated mainline nginx to 1.17.4 --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/buster-perl/Dockerfile | 2 +- mainline/buster/Dockerfile | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 0739c280..f274a309 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.3 +ENV NGINX_VERSION 1.17.4 ENV NJS_VERSION 0.3.5 ENV PKG_RELEASE 1 @@ -69,7 +69,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up -r 428 \ + && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 52424888..d2fbdfec 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.3 +ENV NGINX_VERSION 1.17.4 ENV NJS_VERSION 0.3.5 ENV PKG_RELEASE 1 @@ -68,7 +68,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up -r 428 \ + && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index 8c827f2f..a25851a2 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -2,7 +2,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.3 +ENV NGINX_VERSION 1.17.4 ENV NJS_VERSION 0.3.5 ENV PKG_RELEASE 1~buster diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index b8692972..8bb1cdae 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -2,7 +2,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.3 +ENV NGINX_VERSION 1.17.4 ENV NJS_VERSION 0.3.5 ENV PKG_RELEASE 1~buster From fe97d699daae7e04f916771ac520f7cf25ab2b27 Mon Sep 17 00:00:00 2001 From: Andrei Belov Date: Tue, 22 Oct 2019 19:28:56 +0300 Subject: [PATCH 120/377] Updated nginx to 1.17.5 and njs to 0.3.6 --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/buster-perl/Dockerfile | 4 ++-- mainline/buster/Dockerfile | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index f274a309..5f25c711 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.4 -ENV NJS_VERSION 0.3.5 +ENV NGINX_VERSION 1.17.5 +ENV NJS_VERSION 0.3.6 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index d2fbdfec..9db13acb 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.4 -ENV NJS_VERSION 0.3.5 +ENV NGINX_VERSION 1.17.5 +ENV NJS_VERSION 0.3.6 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index a25851a2..e7c11edc 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.4 -ENV NJS_VERSION 0.3.5 +ENV NGINX_VERSION 1.17.5 +ENV NJS_VERSION 0.3.6 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index 8bb1cdae..01601cd2 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.4 -ENV NJS_VERSION 0.3.5 +ENV NGINX_VERSION 1.17.5 +ENV NJS_VERSION 0.3.6 ENV PKG_RELEASE 1~buster RUN set -x \ From 7413661f772413ce02456db044d246c811a734be Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 13 Nov 2019 18:25:56 +0300 Subject: [PATCH 121/377] alpine: forced installing nginx packages from our repos That fixes clashes between alpine linux own repositories and our repos when they have the same versions available. --- mainline/alpine-perl/Dockerfile | 11 ++--------- mainline/alpine/Dockerfile | 11 ++--------- stable/alpine-perl/Dockerfile | 11 ++--------- stable/alpine/Dockerfile | 11 ++--------- 4 files changed, 8 insertions(+), 36 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 5f25c711..7a2253ac 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -34,12 +34,8 @@ RUN set -x \ echo "key verification failed!"; \ exit 1; \ fi \ - && printf "%s%s%s\n" \ - "https://nginx.org/packages/mainline/alpine/v" \ - `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \ - "/main" \ - | tee -a /etc/apk/repositories \ && apk del .cert-deps \ + && apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for @@ -75,18 +71,15 @@ RUN set -x \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ - && echo "${tempDir}/packages/alpine/" >> /etc/apk/repositories \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ && apk del .build-deps \ + && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ - && apk add --no-cache $nginxPackages \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ -# remove the last line with the packages repos in the repositories file - && sed -i '$ d' /etc/apk/repositories \ # Bring in gettext so we can get `envsubst`, then throw # the rest away. To do this, we need to install `gettext` # then move `envsubst` out of the way so `gettext` can diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 9db13acb..d5917e14 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -33,12 +33,8 @@ RUN set -x \ echo "key verification failed!"; \ exit 1; \ fi \ - && printf "%s%s%s\n" \ - "https://nginx.org/packages/mainline/alpine/v" \ - `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \ - "/main" \ - | tee -a /etc/apk/repositories \ && apk del .cert-deps \ + && apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for @@ -74,18 +70,15 @@ RUN set -x \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ - && echo "${tempDir}/packages/alpine/" >> /etc/apk/repositories \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ && apk del .build-deps \ + && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ - && apk add --no-cache $nginxPackages \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ -# remove the last line with the packages repos in the repositories file - && sed -i '$ d' /etc/apk/repositories \ # Bring in gettext so we can get `envsubst`, then throw # the rest away. To do this, we need to install `gettext` # then move `envsubst` out of the way so `gettext` can diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 0251a44e..c47a16b5 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -34,12 +34,8 @@ RUN set -x \ echo "key verification failed!"; \ exit 1; \ fi \ - && printf "%s%s%s\n" \ - "https://nginx.org/packages/alpine/v" \ - `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \ - "/main" \ - | tee -a /etc/apk/repositories \ && apk del .cert-deps \ + && apk add -X "https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for @@ -75,18 +71,15 @@ RUN set -x \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ - && echo "${tempDir}/packages/alpine/" >> /etc/apk/repositories \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ && apk del .build-deps \ + && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ - && apk add --no-cache $nginxPackages \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ -# remove the last line with the packages repos in the repositories file - && sed -i '$ d' /etc/apk/repositories \ # Bring in gettext so we can get `envsubst`, then throw # the rest away. To do this, we need to install `gettext` # then move `envsubst` out of the way so `gettext` can diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 0bbe6668..38378c49 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -33,12 +33,8 @@ RUN set -x \ echo "key verification failed!"; \ exit 1; \ fi \ - && printf "%s%s%s\n" \ - "https://nginx.org/packages/alpine/v" \ - `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \ - "/main" \ - | tee -a /etc/apk/repositories \ && apk del .cert-deps \ + && apk add -X "https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for @@ -74,18 +70,15 @@ RUN set -x \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ - && echo "${tempDir}/packages/alpine/" >> /etc/apk/repositories \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ && apk del .build-deps \ + && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ - && apk add --no-cache $nginxPackages \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ -# remove the last line with the packages repos in the repositories file - && sed -i '$ d' /etc/apk/repositories \ # Bring in gettext so we can get `envsubst`, then throw # the rest away. To do this, we need to install `gettext` # then move `envsubst` out of the way so `gettext` can From a973c221f6cedede4dab3ab36d18240c4d3e3d74 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 19 Nov 2019 19:20:45 +0300 Subject: [PATCH 122/377] Updated nginx to 1.17.6 and njs to 0.3.7 --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/buster-perl/Dockerfile | 4 ++-- mainline/buster/Dockerfile | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 7a2253ac..f21b8565 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.5 -ENV NJS_VERSION 0.3.6 +ENV NGINX_VERSION 1.17.6 +ENV NJS_VERSION 0.3.7 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index d5917e14..1ca4bd46 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.5 -ENV NJS_VERSION 0.3.6 +ENV NGINX_VERSION 1.17.6 +ENV NJS_VERSION 0.3.7 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index e7c11edc..467dd49c 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.5 -ENV NJS_VERSION 0.3.6 +ENV NGINX_VERSION 1.17.6 +ENV NJS_VERSION 0.3.7 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index 01601cd2..f039a637 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.5 -ENV NJS_VERSION 0.3.6 +ENV NGINX_VERSION 1.17.6 +ENV NJS_VERSION 0.3.7 ENV PKG_RELEASE 1~buster RUN set -x \ From 0f2f33169297d7571d733f3a9122e3486704c859 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 9 Jan 2020 13:00:19 +0300 Subject: [PATCH 123/377] Updated mainline nginx to 1.17.7 --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/buster-perl/Dockerfile | 2 +- mainline/buster/Dockerfile | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index f21b8565..48ffe0e5 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.6 +ENV NGINX_VERSION 1.17.7 ENV NJS_VERSION 0.3.7 ENV PKG_RELEASE 1 diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 1ca4bd46..8b204230 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.6 +ENV NGINX_VERSION 1.17.7 ENV NJS_VERSION 0.3.7 ENV PKG_RELEASE 1 diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index 467dd49c..9dbcd3ae 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -2,7 +2,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.6 +ENV NGINX_VERSION 1.17.7 ENV NJS_VERSION 0.3.7 ENV PKG_RELEASE 1~buster diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index f039a637..8bd9c0cb 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -2,7 +2,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.6 +ENV NGINX_VERSION 1.17.7 ENV NJS_VERSION 0.3.7 ENV PKG_RELEASE 1~buster From 5971de30c487356d5d2a2e1a79e02b2612f9a72f Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 21 Jan 2020 18:29:20 +0300 Subject: [PATCH 124/377] Updated nginx to 1.17.8 and njs to 0.3.8 --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/buster-perl/Dockerfile | 4 ++-- mainline/buster/Dockerfile | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 48ffe0e5..95dd1510 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.7 -ENV NJS_VERSION 0.3.7 +ENV NGINX_VERSION 1.17.8 +ENV NJS_VERSION 0.3.8 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 8b204230..ce06ecad 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.7 -ENV NJS_VERSION 0.3.7 +ENV NGINX_VERSION 1.17.8 +ENV NJS_VERSION 0.3.8 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index 9dbcd3ae..182876f0 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.7 -ENV NJS_VERSION 0.3.7 +ENV NGINX_VERSION 1.17.8 +ENV NJS_VERSION 0.3.8 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index 8bd9c0cb..00d36742 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.7 -ENV NJS_VERSION 0.3.7 +ENV NGINX_VERSION 1.17.8 +ENV NJS_VERSION 0.3.8 ENV PKG_RELEASE 1~buster RUN set -x \ From f7738edec51adb47470a96ad120cd63975a9d3d0 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 21 Jan 2020 19:56:39 +0300 Subject: [PATCH 125/377] Updated njs to 0.3.8 in stable nginx --- stable/alpine-perl/Dockerfile | 4 ++-- stable/alpine/Dockerfile | 4 ++-- stable/buster-perl/Dockerfile | 2 +- stable/buster/Dockerfile | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index c47a16b5..e0382158 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.16.1 -ENV NJS_VERSION 0.3.5 +ENV NJS_VERSION 0.3.8 ENV PKG_RELEASE 1 RUN set -x \ @@ -65,7 +65,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up -r 429 \ + && hg up -r 450 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 38378c49..a7f8cdf4 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.16.1 -ENV NJS_VERSION 0.3.5 +ENV NJS_VERSION 0.3.8 ENV PKG_RELEASE 1 RUN set -x \ @@ -64,7 +64,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up -r 429 \ + && hg up -r 450 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/buster-perl/Dockerfile b/stable/buster-perl/Dockerfile index ea60a497..0c092ee0 100644 --- a/stable/buster-perl/Dockerfile +++ b/stable/buster-perl/Dockerfile @@ -3,7 +3,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.16.1 -ENV NJS_VERSION 0.3.5 +ENV NJS_VERSION 0.3.8 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/stable/buster/Dockerfile b/stable/buster/Dockerfile index 84d269ce..f958d44b 100644 --- a/stable/buster/Dockerfile +++ b/stable/buster/Dockerfile @@ -3,7 +3,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.16.1 -ENV NJS_VERSION 0.3.5 +ENV NJS_VERSION 0.3.8 ENV PKG_RELEASE 1~buster RUN set -x \ From 5c15613519a26c6adc244c24f814a95c786cfbc3 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 4 Mar 2020 16:11:44 +0300 Subject: [PATCH 126/377] Updated nginx to 1.17.9 and njs to 0.3.9 --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/buster-perl/Dockerfile | 4 ++-- mainline/buster/Dockerfile | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 95dd1510..dd90e4b3 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.8 -ENV NJS_VERSION 0.3.8 +ENV NGINX_VERSION 1.17.9 +ENV NJS_VERSION 0.3.9 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index ce06ecad..e5d32ece 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.8 -ENV NJS_VERSION 0.3.8 +ENV NGINX_VERSION 1.17.9 +ENV NJS_VERSION 0.3.9 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index 182876f0..612def6c 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.8 -ENV NJS_VERSION 0.3.8 +ENV NGINX_VERSION 1.17.9 +ENV NJS_VERSION 0.3.9 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index 00d36742..ef322cb6 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.8 -ENV NJS_VERSION 0.3.8 +ENV NGINX_VERSION 1.17.9 +ENV NJS_VERSION 0.3.9 ENV PKG_RELEASE 1~buster RUN set -x \ From 594ce7a8bc26c85af88495ac94d5cd0096b306f7 Mon Sep 17 00:00:00 2001 From: J0WI Date: Tue, 14 Apr 2020 20:44:35 +0200 Subject: [PATCH 127/377] Update nginx to 1.17.10 and Alpine to 3.11 --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/buster-perl/Dockerfile | 2 +- mainline/buster/Dockerfile | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index dd90e4b3..7e974841 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -1,8 +1,8 @@ -FROM alpine:3.10 +FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.9 +ENV NGINX_VERSION 1.17.10 ENV NJS_VERSION 0.3.9 ENV PKG_RELEASE 1 diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index e5d32ece..24452578 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -1,8 +1,8 @@ -FROM alpine:3.10 +FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.9 +ENV NGINX_VERSION 1.17.10 ENV NJS_VERSION 0.3.9 ENV PKG_RELEASE 1 diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index 612def6c..9b4e0487 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -2,7 +2,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.9 +ENV NGINX_VERSION 1.17.10 ENV NJS_VERSION 0.3.9 ENV PKG_RELEASE 1~buster diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index ef322cb6..23e8a816 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -2,7 +2,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.9 +ENV NGINX_VERSION 1.17.10 ENV NJS_VERSION 0.3.9 ENV PKG_RELEASE 1~buster From cab4f85211cef6e0672d4a44c783b09ae518b5ef Mon Sep 17 00:00:00 2001 From: chotow Date: Wed, 22 Apr 2020 17:44:52 +0800 Subject: [PATCH 128/377] Updated stable nginx to 1.18.0 --- stable/alpine-perl/Dockerfile | 8 ++++---- stable/alpine/Dockerfile | 8 ++++---- stable/buster-perl/Dockerfile | 4 ++-- stable/buster/Dockerfile | 4 ++-- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index e0382158..ed451a03 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -1,9 +1,9 @@ -FROM alpine:3.10 +FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.16.1 -ENV NJS_VERSION 0.3.8 +ENV NGINX_VERSION 1.18.0 +ENV NJS_VERSION 0.3.9 ENV PKG_RELEASE 1 RUN set -x \ @@ -65,7 +65,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up -r 450 \ + && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index a7f8cdf4..ef1088e8 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -1,9 +1,9 @@ -FROM alpine:3.10 +FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.16.1 -ENV NJS_VERSION 0.3.8 +ENV NGINX_VERSION 1.18.0 +ENV NJS_VERSION 0.3.9 ENV PKG_RELEASE 1 RUN set -x \ @@ -64,7 +64,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up -r 450 \ + && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/buster-perl/Dockerfile b/stable/buster-perl/Dockerfile index 0c092ee0..a477b1c7 100644 --- a/stable/buster-perl/Dockerfile +++ b/stable/buster-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.16.1 -ENV NJS_VERSION 0.3.8 +ENV NGINX_VERSION 1.18.0 +ENV NJS_VERSION 0.3.9 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/stable/buster/Dockerfile b/stable/buster/Dockerfile index f958d44b..9f289bf4 100644 --- a/stable/buster/Dockerfile +++ b/stable/buster/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.16.1 -ENV NJS_VERSION 0.3.8 +ENV NGINX_VERSION 1.18.0 +ENV NJS_VERSION 0.3.9 ENV PKG_RELEASE 1~buster RUN set -x \ From b6120b10418b3f892cd5d141467419eb6fd6c3a0 Mon Sep 17 00:00:00 2001 From: chotow Date: Wed, 22 Apr 2020 17:46:51 +0800 Subject: [PATCH 129/377] Updated generate-stackbrew-library.sh --- generate-stackbrew-library.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 4464e466..1f506244 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -3,8 +3,8 @@ set -eu declare -A aliases aliases=( - [mainline]='1 1.17 latest' - [stable]='1.16' + [mainline]='1 1.19 latest' + [stable]='1.18' ) self="$(basename "$BASH_SOURCE")" From abef566d0a619721144d59f7a8dd482669250276 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 21 Apr 2020 16:19:59 +0300 Subject: [PATCH 130/377] Listen on ipv6 by default Fixes #394. --- mainline/alpine-perl/Dockerfile | 5 ++++- mainline/alpine/Dockerfile | 5 ++++- mainline/buster-perl/Dockerfile | 4 ++++ mainline/buster/Dockerfile | 4 ++++ stable/alpine-perl/Dockerfile | 5 ++++- stable/alpine/Dockerfile | 5 ++++- stable/buster-perl/Dockerfile | 4 ++++ stable/buster/Dockerfile | 4 ++++ 8 files changed, 32 insertions(+), 4 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 7e974841..64ecd48f 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -102,7 +102,10 @@ RUN set -x \ && apk add --no-cache tzdata \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log + && ln -sf /dev/stderr /var/log/nginx/error.log \ +# make default server listen on ipv6 + && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ + /etc/nginx/conf.d/default.conf EXPOSE 80 diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 24452578..d7ec4c40 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -101,7 +101,10 @@ RUN set -x \ && apk add --no-cache tzdata \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log + && ln -sf /dev/stderr /var/log/nginx/error.log \ +# make default server listen on ipv6 + && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ + /etc/nginx/conf.d/default.conf EXPOSE 80 diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index 9b4e0487..af72698b 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -97,6 +97,10 @@ RUN set -x \ RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log +# make default server listen on ipv6 +RUN sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ + /etc/nginx/conf.d/default.conf + EXPOSE 80 STOPSIGNAL SIGTERM diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index 23e8a816..33943181 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -96,6 +96,10 @@ RUN set -x \ RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log +# make default server listen on ipv6 +RUN sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ + /etc/nginx/conf.d/default.conf + EXPOSE 80 STOPSIGNAL SIGTERM diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index ed451a03..213f33f8 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -102,7 +102,10 @@ RUN set -x \ && apk add --no-cache tzdata \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log + && ln -sf /dev/stderr /var/log/nginx/error.log \ +# make default server listen on ipv6 + && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ + /etc/nginx/conf.d/default.conf EXPOSE 80 diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index ef1088e8..debe3ac7 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -101,7 +101,10 @@ RUN set -x \ && apk add --no-cache tzdata \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log + && ln -sf /dev/stderr /var/log/nginx/error.log \ +# make default server listen on ipv6 + && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ + /etc/nginx/conf.d/default.conf EXPOSE 80 diff --git a/stable/buster-perl/Dockerfile b/stable/buster-perl/Dockerfile index a477b1c7..72c0c92f 100644 --- a/stable/buster-perl/Dockerfile +++ b/stable/buster-perl/Dockerfile @@ -97,6 +97,10 @@ RUN set -x \ RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log +# make default server listen on ipv6 +RUN sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ + /etc/nginx/conf.d/default.conf + EXPOSE 80 STOPSIGNAL SIGTERM diff --git a/stable/buster/Dockerfile b/stable/buster/Dockerfile index 9f289bf4..8049d482 100644 --- a/stable/buster/Dockerfile +++ b/stable/buster/Dockerfile @@ -96,6 +96,10 @@ RUN set -x \ RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log +# make default server listen on ipv6 +RUN sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ + /etc/nginx/conf.d/default.conf + EXPOSE 80 STOPSIGNAL SIGTERM From 87f9340ea4b85b6ffada26d40e8a7ca99ef74a03 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 21 Apr 2020 16:37:37 +0300 Subject: [PATCH 131/377] Provide curl inside images to simplify service discovery registration Fixes #378. --- mainline/alpine-perl/Dockerfile | 2 ++ mainline/alpine/Dockerfile | 2 ++ mainline/buster-perl/Dockerfile | 3 ++- mainline/buster/Dockerfile | 3 ++- stable/alpine-perl/Dockerfile | 2 ++ stable/alpine/Dockerfile | 2 ++ stable/buster-perl/Dockerfile | 3 ++- stable/buster/Dockerfile | 3 ++- 8 files changed, 16 insertions(+), 4 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 64ecd48f..1d46a0c5 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -100,6 +100,8 @@ RUN set -x \ # Bring in tzdata so users could set the timezones through the environment # variables && apk add --no-cache tzdata \ +# Bring in curl and ca-certificates to make registering on DNS SD easier + && apk add --no-cache curl ca-certificates \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index d7ec4c40..5d3bea96 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -99,6 +99,8 @@ RUN set -x \ # Bring in tzdata so users could set the timezones through the environment # variables && apk add --no-cache tzdata \ +# Bring in curl and ca-certificates to make registering on DNS SD easier + && apk add --no-cache curl ca-certificates \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log \ diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index af72698b..eabb7223 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -85,7 +85,8 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y \ $nginxPackages \ gettext-base \ - && apt-get remove --purge --auto-remove -y ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + curl \ + && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then \ diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index 33943181..4c2cc9a7 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -84,7 +84,8 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y \ $nginxPackages \ gettext-base \ - && apt-get remove --purge --auto-remove -y ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + curl \ + && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 213f33f8..e094aca8 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -100,6 +100,8 @@ RUN set -x \ # Bring in tzdata so users could set the timezones through the environment # variables && apk add --no-cache tzdata \ +# Bring in curl and ca-certificates to make registering on DNS SD easier + && apk add --no-cache curl ca-certificates \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index debe3ac7..517fc646 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -99,6 +99,8 @@ RUN set -x \ # Bring in tzdata so users could set the timezones through the environment # variables && apk add --no-cache tzdata \ +# Bring in curl and ca-certificates to make registering on DNS SD easier + && apk add --no-cache curl ca-certificates \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log \ diff --git a/stable/buster-perl/Dockerfile b/stable/buster-perl/Dockerfile index 72c0c92f..890a455d 100644 --- a/stable/buster-perl/Dockerfile +++ b/stable/buster-perl/Dockerfile @@ -85,7 +85,8 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y \ $nginxPackages \ gettext-base \ - && apt-get remove --purge --auto-remove -y ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + curl \ + && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then \ diff --git a/stable/buster/Dockerfile b/stable/buster/Dockerfile index 8049d482..d14be027 100644 --- a/stable/buster/Dockerfile +++ b/stable/buster/Dockerfile @@ -84,7 +84,8 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y \ $nginxPackages \ gettext-base \ - && apt-get remove --purge --auto-remove -y ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + curl \ + && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then \ From 70e44865208627c5ada57242b46920205603c096 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 23 Apr 2020 17:32:05 +0300 Subject: [PATCH 132/377] Updated njs to 0.4.0 --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/buster-perl/Dockerfile | 2 +- mainline/buster/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 4 ++-- stable/alpine/Dockerfile | 4 ++-- stable/buster-perl/Dockerfile | 2 +- stable/buster/Dockerfile | 2 +- 8 files changed, 10 insertions(+), 10 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 1d46a0c5..d14ebc4b 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.17.10 -ENV NJS_VERSION 0.3.9 +ENV NJS_VERSION 0.4.0 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 5d3bea96..6b839186 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.17.10 -ENV NJS_VERSION 0.3.9 +ENV NJS_VERSION 0.4.0 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index eabb7223..456baaa9 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -3,7 +3,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.17.10 -ENV NJS_VERSION 0.3.9 +ENV NJS_VERSION 0.4.0 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index 4c2cc9a7..da207926 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -3,7 +3,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.17.10 -ENV NJS_VERSION 0.3.9 +ENV NJS_VERSION 0.4.0 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index e094aca8..8aa45d0c 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.18.0 -ENV NJS_VERSION 0.3.9 +ENV NJS_VERSION 0.4.0 ENV PKG_RELEASE 1 RUN set -x \ @@ -65,7 +65,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ + && hg up -r 474 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 517fc646..fedb169c 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.18.0 -ENV NJS_VERSION 0.3.9 +ENV NJS_VERSION 0.4.0 ENV PKG_RELEASE 1 RUN set -x \ @@ -64,7 +64,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ + && hg up -r 474 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/buster-perl/Dockerfile b/stable/buster-perl/Dockerfile index 890a455d..f313a7bc 100644 --- a/stable/buster-perl/Dockerfile +++ b/stable/buster-perl/Dockerfile @@ -3,7 +3,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.18.0 -ENV NJS_VERSION 0.3.9 +ENV NJS_VERSION 0.4.0 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/stable/buster/Dockerfile b/stable/buster/Dockerfile index d14be027..22085bc5 100644 --- a/stable/buster/Dockerfile +++ b/stable/buster/Dockerfile @@ -3,7 +3,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.18.0 -ENV NJS_VERSION 0.3.9 +ENV NJS_VERSION 0.4.0 ENV PKG_RELEASE 1~buster RUN set -x \ From 8ec60b8d3132eb78a2c9ec120490095142f9bcab Mon Sep 17 00:00:00 2001 From: J0WI Date: Thu, 30 Apr 2020 22:42:57 +0200 Subject: [PATCH 133/377] Update supported architectures (fix #405) Added: - arm32v7 for Alpine - arm32v5 and mips64le for Debian --- generate-stackbrew-library.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 1f506244..13e252de 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -64,7 +64,7 @@ for version in "${versions[@]}"; do echo cat <<-EOE Tags: $(join ', ' "${versionAliases[@]}") - Architectures: amd64, arm32v7, arm64v8, i386, ppc64le, s390x + Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x GitCommit: $commit Directory: $version/$base EOE @@ -78,7 +78,7 @@ for version in "${versions[@]}"; do echo cat <<-EOE Tags: $(join ', ' "${variantAliases[@]}") - Architectures: amd64, arm32v7, arm64v8, i386, ppc64le, s390x + Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x GitCommit: $commit Directory: $version/$variant EOE @@ -93,7 +93,7 @@ for version in "${versions[@]}"; do echo cat <<-EOE Tags: $(join ', ' "${variantAliases[@]}") - Architectures: amd64, arm32v6, arm64v8, i386, ppc64le, s390x + Architectures: arm64v8, arm32v6, arm32v7, ppc64le, s390x, i386, amd64 GitCommit: $commit Directory: $version/$variant EOE From 1acd7f697e11482edfdb0b3779f39aa3d0529cd0 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 26 May 2020 00:37:55 +0300 Subject: [PATCH 134/377] Reduced the number of layers in debian-based images --- mainline/buster-perl/Dockerfile | 10 ++++------ mainline/buster/Dockerfile | 10 ++++------ stable/buster-perl/Dockerfile | 10 ++++------ stable/buster/Dockerfile | 10 ++++------ 4 files changed, 16 insertions(+), 24 deletions(-) diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index 456baaa9..294f86ec 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -92,14 +92,12 @@ RUN set -x \ && if [ -n "$tempDir" ]; then \ apt-get purge -y --auto-remove \ && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi - + fi \ # forward request and error logs to docker log collector -RUN ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log - + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ # make default server listen on ipv6 -RUN sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ + && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ /etc/nginx/conf.d/default.conf EXPOSE 80 diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index da207926..70421716 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -91,14 +91,12 @@ RUN set -x \ && if [ -n "$tempDir" ]; then \ apt-get purge -y --auto-remove \ && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi - + fi \ # forward request and error logs to docker log collector -RUN ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log - + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ # make default server listen on ipv6 -RUN sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ + && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ /etc/nginx/conf.d/default.conf EXPOSE 80 diff --git a/stable/buster-perl/Dockerfile b/stable/buster-perl/Dockerfile index f313a7bc..2cc01e50 100644 --- a/stable/buster-perl/Dockerfile +++ b/stable/buster-perl/Dockerfile @@ -92,14 +92,12 @@ RUN set -x \ && if [ -n "$tempDir" ]; then \ apt-get purge -y --auto-remove \ && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi - + fi \ # forward request and error logs to docker log collector -RUN ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log - + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ # make default server listen on ipv6 -RUN sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ + && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ /etc/nginx/conf.d/default.conf EXPOSE 80 diff --git a/stable/buster/Dockerfile b/stable/buster/Dockerfile index 22085bc5..cce6f7d0 100644 --- a/stable/buster/Dockerfile +++ b/stable/buster/Dockerfile @@ -91,14 +91,12 @@ RUN set -x \ && if [ -n "$tempDir" ]; then \ apt-get purge -y --auto-remove \ && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi - + fi \ # forward request and error logs to docker log collector -RUN ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log - + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ # make default server listen on ipv6 -RUN sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ + && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ /etc/nginx/conf.d/default.conf EXPOSE 80 From e36b4f57b77618787caae825a72b93f8f40a8f74 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 26 May 2020 16:19:14 +0300 Subject: [PATCH 135/377] Introduced entrypoint This allows to launch configuration scripts on the start of container. --- mainline/alpine-perl/Dockerfile | 7 ++++- mainline/alpine-perl/docker-entrypoint.sh | 31 +++++++++++++++++++++++ mainline/alpine/Dockerfile | 7 ++++- mainline/alpine/docker-entrypoint.sh | 31 +++++++++++++++++++++++ mainline/buster-perl/Dockerfile | 7 ++++- mainline/buster-perl/docker-entrypoint.sh | 31 +++++++++++++++++++++++ mainline/buster/Dockerfile | 7 ++++- mainline/buster/docker-entrypoint.sh | 31 +++++++++++++++++++++++ stable/alpine-perl/Dockerfile | 7 ++++- stable/alpine-perl/docker-entrypoint.sh | 31 +++++++++++++++++++++++ stable/alpine/Dockerfile | 7 ++++- stable/alpine/docker-entrypoint.sh | 31 +++++++++++++++++++++++ stable/buster-perl/Dockerfile | 7 ++++- stable/buster-perl/docker-entrypoint.sh | 31 +++++++++++++++++++++++ stable/buster/Dockerfile | 7 ++++- stable/buster/docker-entrypoint.sh | 31 +++++++++++++++++++++++ 16 files changed, 296 insertions(+), 8 deletions(-) create mode 100755 mainline/alpine-perl/docker-entrypoint.sh create mode 100755 mainline/alpine/docker-entrypoint.sh create mode 100755 mainline/buster-perl/docker-entrypoint.sh create mode 100755 mainline/buster/docker-entrypoint.sh create mode 100755 stable/alpine-perl/docker-entrypoint.sh create mode 100755 stable/alpine/docker-entrypoint.sh create mode 100755 stable/buster-perl/docker-entrypoint.sh create mode 100755 stable/buster/docker-entrypoint.sh diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index d14ebc4b..3fef8fbe 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -107,7 +107,12 @@ RUN set -x \ && ln -sf /dev/stderr /var/log/nginx/error.log \ # make default server listen on ipv6 && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ - /etc/nginx/conf.d/default.conf + /etc/nginx/conf.d/default.conf \ +# create a docker-entrypoint.d directory + && mkdir /docker-entrypoint.d + +COPY docker-entrypoint.sh / +ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/mainline/alpine-perl/docker-entrypoint.sh b/mainline/alpine-perl/docker-entrypoint.sh new file mode 100755 index 00000000..3836402b --- /dev/null +++ b/mainline/alpine-perl/docker-entrypoint.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env sh +# vim:sw=4:ts=4:et + +set -e + +if [ "$1" = "nginx" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -print -quit 2>/dev/null | /bin/grep -q .; then + echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform an initial configuration" + + echo "$0: Looking for shell scripts in /docker-entrypoint.d/" + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -executable | sort -n); do + echo "$0: Launching $f"; + "$f" + done + + # warn on shell scripts without exec bit + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -not -executable); do + echo "$0: Ignoring $f, not executable"; + done + # warn on filetypes we don't know what to do with + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -not -name "*.sh"); do + echo "$0: Ignoring $f"; + done + + echo "$0: Initial configuration complete; ready for start up" + else + echo "$0: /docker-entrypoint.d/ is empty, skipping initial configuration" + fi +fi + +exec "$@" diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 6b839186..619fc4e9 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -106,7 +106,12 @@ RUN set -x \ && ln -sf /dev/stderr /var/log/nginx/error.log \ # make default server listen on ipv6 && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ - /etc/nginx/conf.d/default.conf + /etc/nginx/conf.d/default.conf \ +# create a docker-entrypoint.d directory + && mkdir /docker-entrypoint.d + +COPY docker-entrypoint.sh / +ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/mainline/alpine/docker-entrypoint.sh b/mainline/alpine/docker-entrypoint.sh new file mode 100755 index 00000000..3836402b --- /dev/null +++ b/mainline/alpine/docker-entrypoint.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env sh +# vim:sw=4:ts=4:et + +set -e + +if [ "$1" = "nginx" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -print -quit 2>/dev/null | /bin/grep -q .; then + echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform an initial configuration" + + echo "$0: Looking for shell scripts in /docker-entrypoint.d/" + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -executable | sort -n); do + echo "$0: Launching $f"; + "$f" + done + + # warn on shell scripts without exec bit + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -not -executable); do + echo "$0: Ignoring $f, not executable"; + done + # warn on filetypes we don't know what to do with + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -not -name "*.sh"); do + echo "$0: Ignoring $f"; + done + + echo "$0: Initial configuration complete; ready for start up" + else + echo "$0: /docker-entrypoint.d/ is empty, skipping initial configuration" + fi +fi + +exec "$@" diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index 294f86ec..26ac40dd 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -98,7 +98,12 @@ RUN set -x \ && ln -sf /dev/stderr /var/log/nginx/error.log \ # make default server listen on ipv6 && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ - /etc/nginx/conf.d/default.conf + /etc/nginx/conf.d/default.conf \ +# create a docker-entrypoint.d directory + && mkdir /docker-entrypoint.d + +COPY docker-entrypoint.sh / +ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/mainline/buster-perl/docker-entrypoint.sh b/mainline/buster-perl/docker-entrypoint.sh new file mode 100755 index 00000000..3836402b --- /dev/null +++ b/mainline/buster-perl/docker-entrypoint.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env sh +# vim:sw=4:ts=4:et + +set -e + +if [ "$1" = "nginx" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -print -quit 2>/dev/null | /bin/grep -q .; then + echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform an initial configuration" + + echo "$0: Looking for shell scripts in /docker-entrypoint.d/" + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -executable | sort -n); do + echo "$0: Launching $f"; + "$f" + done + + # warn on shell scripts without exec bit + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -not -executable); do + echo "$0: Ignoring $f, not executable"; + done + # warn on filetypes we don't know what to do with + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -not -name "*.sh"); do + echo "$0: Ignoring $f"; + done + + echo "$0: Initial configuration complete; ready for start up" + else + echo "$0: /docker-entrypoint.d/ is empty, skipping initial configuration" + fi +fi + +exec "$@" diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index 70421716..392e0526 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -97,7 +97,12 @@ RUN set -x \ && ln -sf /dev/stderr /var/log/nginx/error.log \ # make default server listen on ipv6 && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ - /etc/nginx/conf.d/default.conf + /etc/nginx/conf.d/default.conf \ +# create a docker-entrypoint.d directory + && mkdir /docker-entrypoint.d + +COPY docker-entrypoint.sh / +ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/mainline/buster/docker-entrypoint.sh b/mainline/buster/docker-entrypoint.sh new file mode 100755 index 00000000..3836402b --- /dev/null +++ b/mainline/buster/docker-entrypoint.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env sh +# vim:sw=4:ts=4:et + +set -e + +if [ "$1" = "nginx" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -print -quit 2>/dev/null | /bin/grep -q .; then + echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform an initial configuration" + + echo "$0: Looking for shell scripts in /docker-entrypoint.d/" + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -executable | sort -n); do + echo "$0: Launching $f"; + "$f" + done + + # warn on shell scripts without exec bit + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -not -executable); do + echo "$0: Ignoring $f, not executable"; + done + # warn on filetypes we don't know what to do with + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -not -name "*.sh"); do + echo "$0: Ignoring $f"; + done + + echo "$0: Initial configuration complete; ready for start up" + else + echo "$0: /docker-entrypoint.d/ is empty, skipping initial configuration" + fi +fi + +exec "$@" diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 8aa45d0c..d470dada 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -107,7 +107,12 @@ RUN set -x \ && ln -sf /dev/stderr /var/log/nginx/error.log \ # make default server listen on ipv6 && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ - /etc/nginx/conf.d/default.conf + /etc/nginx/conf.d/default.conf \ +# create a docker-entrypoint.d directory + && mkdir /docker-entrypoint.d + +COPY docker-entrypoint.sh / +ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/stable/alpine-perl/docker-entrypoint.sh b/stable/alpine-perl/docker-entrypoint.sh new file mode 100755 index 00000000..3836402b --- /dev/null +++ b/stable/alpine-perl/docker-entrypoint.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env sh +# vim:sw=4:ts=4:et + +set -e + +if [ "$1" = "nginx" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -print -quit 2>/dev/null | /bin/grep -q .; then + echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform an initial configuration" + + echo "$0: Looking for shell scripts in /docker-entrypoint.d/" + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -executable | sort -n); do + echo "$0: Launching $f"; + "$f" + done + + # warn on shell scripts without exec bit + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -not -executable); do + echo "$0: Ignoring $f, not executable"; + done + # warn on filetypes we don't know what to do with + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -not -name "*.sh"); do + echo "$0: Ignoring $f"; + done + + echo "$0: Initial configuration complete; ready for start up" + else + echo "$0: /docker-entrypoint.d/ is empty, skipping initial configuration" + fi +fi + +exec "$@" diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index fedb169c..32c6746d 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -106,7 +106,12 @@ RUN set -x \ && ln -sf /dev/stderr /var/log/nginx/error.log \ # make default server listen on ipv6 && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ - /etc/nginx/conf.d/default.conf + /etc/nginx/conf.d/default.conf \ +# create a docker-entrypoint.d directory + && mkdir /docker-entrypoint.d + +COPY docker-entrypoint.sh / +ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/stable/alpine/docker-entrypoint.sh b/stable/alpine/docker-entrypoint.sh new file mode 100755 index 00000000..3836402b --- /dev/null +++ b/stable/alpine/docker-entrypoint.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env sh +# vim:sw=4:ts=4:et + +set -e + +if [ "$1" = "nginx" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -print -quit 2>/dev/null | /bin/grep -q .; then + echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform an initial configuration" + + echo "$0: Looking for shell scripts in /docker-entrypoint.d/" + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -executable | sort -n); do + echo "$0: Launching $f"; + "$f" + done + + # warn on shell scripts without exec bit + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -not -executable); do + echo "$0: Ignoring $f, not executable"; + done + # warn on filetypes we don't know what to do with + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -not -name "*.sh"); do + echo "$0: Ignoring $f"; + done + + echo "$0: Initial configuration complete; ready for start up" + else + echo "$0: /docker-entrypoint.d/ is empty, skipping initial configuration" + fi +fi + +exec "$@" diff --git a/stable/buster-perl/Dockerfile b/stable/buster-perl/Dockerfile index 2cc01e50..59bcfb0f 100644 --- a/stable/buster-perl/Dockerfile +++ b/stable/buster-perl/Dockerfile @@ -98,7 +98,12 @@ RUN set -x \ && ln -sf /dev/stderr /var/log/nginx/error.log \ # make default server listen on ipv6 && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ - /etc/nginx/conf.d/default.conf + /etc/nginx/conf.d/default.conf \ +# create a docker-entrypoint.d directory + && mkdir /docker-entrypoint.d + +COPY docker-entrypoint.sh / +ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/stable/buster-perl/docker-entrypoint.sh b/stable/buster-perl/docker-entrypoint.sh new file mode 100755 index 00000000..3836402b --- /dev/null +++ b/stable/buster-perl/docker-entrypoint.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env sh +# vim:sw=4:ts=4:et + +set -e + +if [ "$1" = "nginx" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -print -quit 2>/dev/null | /bin/grep -q .; then + echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform an initial configuration" + + echo "$0: Looking for shell scripts in /docker-entrypoint.d/" + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -executable | sort -n); do + echo "$0: Launching $f"; + "$f" + done + + # warn on shell scripts without exec bit + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -not -executable); do + echo "$0: Ignoring $f, not executable"; + done + # warn on filetypes we don't know what to do with + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -not -name "*.sh"); do + echo "$0: Ignoring $f"; + done + + echo "$0: Initial configuration complete; ready for start up" + else + echo "$0: /docker-entrypoint.d/ is empty, skipping initial configuration" + fi +fi + +exec "$@" diff --git a/stable/buster/Dockerfile b/stable/buster/Dockerfile index cce6f7d0..3b906795 100644 --- a/stable/buster/Dockerfile +++ b/stable/buster/Dockerfile @@ -97,7 +97,12 @@ RUN set -x \ && ln -sf /dev/stderr /var/log/nginx/error.log \ # make default server listen on ipv6 && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ - /etc/nginx/conf.d/default.conf + /etc/nginx/conf.d/default.conf \ +# create a docker-entrypoint.d directory + && mkdir /docker-entrypoint.d + +COPY docker-entrypoint.sh / +ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/stable/buster/docker-entrypoint.sh b/stable/buster/docker-entrypoint.sh new file mode 100755 index 00000000..3836402b --- /dev/null +++ b/stable/buster/docker-entrypoint.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env sh +# vim:sw=4:ts=4:et + +set -e + +if [ "$1" = "nginx" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -print -quit 2>/dev/null | /bin/grep -q .; then + echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform an initial configuration" + + echo "$0: Looking for shell scripts in /docker-entrypoint.d/" + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -executable | sort -n); do + echo "$0: Launching $f"; + "$f" + done + + # warn on shell scripts without exec bit + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -not -executable); do + echo "$0: Ignoring $f, not executable"; + done + # warn on filetypes we don't know what to do with + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -not -name "*.sh"); do + echo "$0: Ignoring $f"; + done + + echo "$0: Initial configuration complete; ready for start up" + else + echo "$0: /docker-entrypoint.d/ is empty, skipping initial configuration" + fi +fi + +exec "$@" From 47f11ab83f79a6c445c5c5c14dbad5b577a01019 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 26 May 2020 16:29:45 +0300 Subject: [PATCH 136/377] Enable ipv6 listens on the containers where ipv6 is detected This aims to fix #394. IPv6 will not be enabled if /proc/net/if_inet6 is not available inside a container or a default.conf differs from the one installed by the package manager. Those who modify default.conf are considered savvy enough to enable ipv6 via custom configuration. --- .../10-listen-on-ipv6-by-default.sh | 60 +++++++++++++++++++ mainline/alpine-perl/Dockerfile | 4 +- .../alpine/10-listen-on-ipv6-by-default.sh | 60 +++++++++++++++++++ mainline/alpine/Dockerfile | 4 +- .../10-listen-on-ipv6-by-default.sh | 60 +++++++++++++++++++ mainline/buster-perl/Dockerfile | 4 +- .../buster/10-listen-on-ipv6-by-default.sh | 60 +++++++++++++++++++ mainline/buster/Dockerfile | 4 +- .../10-listen-on-ipv6-by-default.sh | 60 +++++++++++++++++++ stable/alpine-perl/Dockerfile | 4 +- stable/alpine/10-listen-on-ipv6-by-default.sh | 60 +++++++++++++++++++ stable/alpine/Dockerfile | 4 +- .../10-listen-on-ipv6-by-default.sh | 60 +++++++++++++++++++ stable/buster-perl/Dockerfile | 4 +- stable/buster/10-listen-on-ipv6-by-default.sh | 60 +++++++++++++++++++ stable/buster/Dockerfile | 4 +- 16 files changed, 488 insertions(+), 24 deletions(-) create mode 100755 mainline/alpine-perl/10-listen-on-ipv6-by-default.sh create mode 100755 mainline/alpine/10-listen-on-ipv6-by-default.sh create mode 100755 mainline/buster-perl/10-listen-on-ipv6-by-default.sh create mode 100755 mainline/buster/10-listen-on-ipv6-by-default.sh create mode 100755 stable/alpine-perl/10-listen-on-ipv6-by-default.sh create mode 100755 stable/alpine/10-listen-on-ipv6-by-default.sh create mode 100755 stable/buster-perl/10-listen-on-ipv6-by-default.sh create mode 100755 stable/buster/10-listen-on-ipv6-by-default.sh diff --git a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh new file mode 100755 index 00000000..4c52245b --- /dev/null +++ b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -0,0 +1,60 @@ +#!/bin/sh +# vim:sw=4:ts=4:et + +set -e + +ME=$(basename $0) +DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" + +# check if we have ipv6 available +if [ -f "/proc/net/if_inet6" ]; then + continue +else + echo "$ME: ipv6 not available, exiting" 1>&2 + exit 0 +fi + + +if [ -f "/$DEFAULT_CONF_FILE" ]; then + continue +else + echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 + exit 0 +fi + +if [ -f "/etc/os-release" ]; then + . /etc/os-release +else + echo "$ME: can not guess the operating system, exiting" 1>&2 + exit 0 +fi + +echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" + +case "$ID" in + "debian") + CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 + exit 0 + } + ;; + "alpine") + CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { + echo "$ME: /$DEFAULT_CONF_FILE differs from the packages version, exiting" 1>&2 + exit 0 + } + ;; + *) + echo "$ME: Unsupported distribution, exiting" 1>&2 + exit 0 + ;; +esac + +# enable ipv6 on default.conf listen sockets +sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE + +echo "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" + +exit 0 diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 3fef8fbe..3ac6f431 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -105,13 +105,11 @@ RUN set -x \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log \ -# make default server listen on ipv6 - && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ - /etc/nginx/conf.d/default.conf \ # create a docker-entrypoint.d directory && mkdir /docker-entrypoint.d COPY docker-entrypoint.sh / +COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/mainline/alpine/10-listen-on-ipv6-by-default.sh b/mainline/alpine/10-listen-on-ipv6-by-default.sh new file mode 100755 index 00000000..4c52245b --- /dev/null +++ b/mainline/alpine/10-listen-on-ipv6-by-default.sh @@ -0,0 +1,60 @@ +#!/bin/sh +# vim:sw=4:ts=4:et + +set -e + +ME=$(basename $0) +DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" + +# check if we have ipv6 available +if [ -f "/proc/net/if_inet6" ]; then + continue +else + echo "$ME: ipv6 not available, exiting" 1>&2 + exit 0 +fi + + +if [ -f "/$DEFAULT_CONF_FILE" ]; then + continue +else + echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 + exit 0 +fi + +if [ -f "/etc/os-release" ]; then + . /etc/os-release +else + echo "$ME: can not guess the operating system, exiting" 1>&2 + exit 0 +fi + +echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" + +case "$ID" in + "debian") + CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 + exit 0 + } + ;; + "alpine") + CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { + echo "$ME: /$DEFAULT_CONF_FILE differs from the packages version, exiting" 1>&2 + exit 0 + } + ;; + *) + echo "$ME: Unsupported distribution, exiting" 1>&2 + exit 0 + ;; +esac + +# enable ipv6 on default.conf listen sockets +sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE + +echo "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" + +exit 0 diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 619fc4e9..afc8a8f1 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -104,13 +104,11 @@ RUN set -x \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log \ -# make default server listen on ipv6 - && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ - /etc/nginx/conf.d/default.conf \ # create a docker-entrypoint.d directory && mkdir /docker-entrypoint.d COPY docker-entrypoint.sh / +COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/mainline/buster-perl/10-listen-on-ipv6-by-default.sh b/mainline/buster-perl/10-listen-on-ipv6-by-default.sh new file mode 100755 index 00000000..4c52245b --- /dev/null +++ b/mainline/buster-perl/10-listen-on-ipv6-by-default.sh @@ -0,0 +1,60 @@ +#!/bin/sh +# vim:sw=4:ts=4:et + +set -e + +ME=$(basename $0) +DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" + +# check if we have ipv6 available +if [ -f "/proc/net/if_inet6" ]; then + continue +else + echo "$ME: ipv6 not available, exiting" 1>&2 + exit 0 +fi + + +if [ -f "/$DEFAULT_CONF_FILE" ]; then + continue +else + echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 + exit 0 +fi + +if [ -f "/etc/os-release" ]; then + . /etc/os-release +else + echo "$ME: can not guess the operating system, exiting" 1>&2 + exit 0 +fi + +echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" + +case "$ID" in + "debian") + CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 + exit 0 + } + ;; + "alpine") + CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { + echo "$ME: /$DEFAULT_CONF_FILE differs from the packages version, exiting" 1>&2 + exit 0 + } + ;; + *) + echo "$ME: Unsupported distribution, exiting" 1>&2 + exit 0 + ;; +esac + +# enable ipv6 on default.conf listen sockets +sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE + +echo "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" + +exit 0 diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index 26ac40dd..8bf66cfb 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -96,13 +96,11 @@ RUN set -x \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log \ -# make default server listen on ipv6 - && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ - /etc/nginx/conf.d/default.conf \ # create a docker-entrypoint.d directory && mkdir /docker-entrypoint.d COPY docker-entrypoint.sh / +COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/mainline/buster/10-listen-on-ipv6-by-default.sh b/mainline/buster/10-listen-on-ipv6-by-default.sh new file mode 100755 index 00000000..4c52245b --- /dev/null +++ b/mainline/buster/10-listen-on-ipv6-by-default.sh @@ -0,0 +1,60 @@ +#!/bin/sh +# vim:sw=4:ts=4:et + +set -e + +ME=$(basename $0) +DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" + +# check if we have ipv6 available +if [ -f "/proc/net/if_inet6" ]; then + continue +else + echo "$ME: ipv6 not available, exiting" 1>&2 + exit 0 +fi + + +if [ -f "/$DEFAULT_CONF_FILE" ]; then + continue +else + echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 + exit 0 +fi + +if [ -f "/etc/os-release" ]; then + . /etc/os-release +else + echo "$ME: can not guess the operating system, exiting" 1>&2 + exit 0 +fi + +echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" + +case "$ID" in + "debian") + CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 + exit 0 + } + ;; + "alpine") + CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { + echo "$ME: /$DEFAULT_CONF_FILE differs from the packages version, exiting" 1>&2 + exit 0 + } + ;; + *) + echo "$ME: Unsupported distribution, exiting" 1>&2 + exit 0 + ;; +esac + +# enable ipv6 on default.conf listen sockets +sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE + +echo "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" + +exit 0 diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index 392e0526..4529d063 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -95,13 +95,11 @@ RUN set -x \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log \ -# make default server listen on ipv6 - && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ - /etc/nginx/conf.d/default.conf \ # create a docker-entrypoint.d directory && mkdir /docker-entrypoint.d COPY docker-entrypoint.sh / +COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh new file mode 100755 index 00000000..4c52245b --- /dev/null +++ b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -0,0 +1,60 @@ +#!/bin/sh +# vim:sw=4:ts=4:et + +set -e + +ME=$(basename $0) +DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" + +# check if we have ipv6 available +if [ -f "/proc/net/if_inet6" ]; then + continue +else + echo "$ME: ipv6 not available, exiting" 1>&2 + exit 0 +fi + + +if [ -f "/$DEFAULT_CONF_FILE" ]; then + continue +else + echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 + exit 0 +fi + +if [ -f "/etc/os-release" ]; then + . /etc/os-release +else + echo "$ME: can not guess the operating system, exiting" 1>&2 + exit 0 +fi + +echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" + +case "$ID" in + "debian") + CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 + exit 0 + } + ;; + "alpine") + CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { + echo "$ME: /$DEFAULT_CONF_FILE differs from the packages version, exiting" 1>&2 + exit 0 + } + ;; + *) + echo "$ME: Unsupported distribution, exiting" 1>&2 + exit 0 + ;; +esac + +# enable ipv6 on default.conf listen sockets +sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE + +echo "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" + +exit 0 diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index d470dada..f2556fbb 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -105,13 +105,11 @@ RUN set -x \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log \ -# make default server listen on ipv6 - && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ - /etc/nginx/conf.d/default.conf \ # create a docker-entrypoint.d directory && mkdir /docker-entrypoint.d COPY docker-entrypoint.sh / +COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/stable/alpine/10-listen-on-ipv6-by-default.sh b/stable/alpine/10-listen-on-ipv6-by-default.sh new file mode 100755 index 00000000..4c52245b --- /dev/null +++ b/stable/alpine/10-listen-on-ipv6-by-default.sh @@ -0,0 +1,60 @@ +#!/bin/sh +# vim:sw=4:ts=4:et + +set -e + +ME=$(basename $0) +DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" + +# check if we have ipv6 available +if [ -f "/proc/net/if_inet6" ]; then + continue +else + echo "$ME: ipv6 not available, exiting" 1>&2 + exit 0 +fi + + +if [ -f "/$DEFAULT_CONF_FILE" ]; then + continue +else + echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 + exit 0 +fi + +if [ -f "/etc/os-release" ]; then + . /etc/os-release +else + echo "$ME: can not guess the operating system, exiting" 1>&2 + exit 0 +fi + +echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" + +case "$ID" in + "debian") + CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 + exit 0 + } + ;; + "alpine") + CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { + echo "$ME: /$DEFAULT_CONF_FILE differs from the packages version, exiting" 1>&2 + exit 0 + } + ;; + *) + echo "$ME: Unsupported distribution, exiting" 1>&2 + exit 0 + ;; +esac + +# enable ipv6 on default.conf listen sockets +sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE + +echo "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" + +exit 0 diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 32c6746d..46267047 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -104,13 +104,11 @@ RUN set -x \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log \ -# make default server listen on ipv6 - && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ - /etc/nginx/conf.d/default.conf \ # create a docker-entrypoint.d directory && mkdir /docker-entrypoint.d COPY docker-entrypoint.sh / +COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/stable/buster-perl/10-listen-on-ipv6-by-default.sh b/stable/buster-perl/10-listen-on-ipv6-by-default.sh new file mode 100755 index 00000000..4c52245b --- /dev/null +++ b/stable/buster-perl/10-listen-on-ipv6-by-default.sh @@ -0,0 +1,60 @@ +#!/bin/sh +# vim:sw=4:ts=4:et + +set -e + +ME=$(basename $0) +DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" + +# check if we have ipv6 available +if [ -f "/proc/net/if_inet6" ]; then + continue +else + echo "$ME: ipv6 not available, exiting" 1>&2 + exit 0 +fi + + +if [ -f "/$DEFAULT_CONF_FILE" ]; then + continue +else + echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 + exit 0 +fi + +if [ -f "/etc/os-release" ]; then + . /etc/os-release +else + echo "$ME: can not guess the operating system, exiting" 1>&2 + exit 0 +fi + +echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" + +case "$ID" in + "debian") + CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 + exit 0 + } + ;; + "alpine") + CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { + echo "$ME: /$DEFAULT_CONF_FILE differs from the packages version, exiting" 1>&2 + exit 0 + } + ;; + *) + echo "$ME: Unsupported distribution, exiting" 1>&2 + exit 0 + ;; +esac + +# enable ipv6 on default.conf listen sockets +sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE + +echo "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" + +exit 0 diff --git a/stable/buster-perl/Dockerfile b/stable/buster-perl/Dockerfile index 59bcfb0f..5212e28e 100644 --- a/stable/buster-perl/Dockerfile +++ b/stable/buster-perl/Dockerfile @@ -96,13 +96,11 @@ RUN set -x \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log \ -# make default server listen on ipv6 - && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ - /etc/nginx/conf.d/default.conf \ # create a docker-entrypoint.d directory && mkdir /docker-entrypoint.d COPY docker-entrypoint.sh / +COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/stable/buster/10-listen-on-ipv6-by-default.sh b/stable/buster/10-listen-on-ipv6-by-default.sh new file mode 100755 index 00000000..4c52245b --- /dev/null +++ b/stable/buster/10-listen-on-ipv6-by-default.sh @@ -0,0 +1,60 @@ +#!/bin/sh +# vim:sw=4:ts=4:et + +set -e + +ME=$(basename $0) +DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" + +# check if we have ipv6 available +if [ -f "/proc/net/if_inet6" ]; then + continue +else + echo "$ME: ipv6 not available, exiting" 1>&2 + exit 0 +fi + + +if [ -f "/$DEFAULT_CONF_FILE" ]; then + continue +else + echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 + exit 0 +fi + +if [ -f "/etc/os-release" ]; then + . /etc/os-release +else + echo "$ME: can not guess the operating system, exiting" 1>&2 + exit 0 +fi + +echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" + +case "$ID" in + "debian") + CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 + exit 0 + } + ;; + "alpine") + CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { + echo "$ME: /$DEFAULT_CONF_FILE differs from the packages version, exiting" 1>&2 + exit 0 + } + ;; + *) + echo "$ME: Unsupported distribution, exiting" 1>&2 + exit 0 + ;; +esac + +# enable ipv6 on default.conf listen sockets +sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE + +echo "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" + +exit 0 diff --git a/stable/buster/Dockerfile b/stable/buster/Dockerfile index 3b906795..3050aa88 100644 --- a/stable/buster/Dockerfile +++ b/stable/buster/Dockerfile @@ -95,13 +95,11 @@ RUN set -x \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log \ -# make default server listen on ipv6 - && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ - /etc/nginx/conf.d/default.conf \ # create a docker-entrypoint.d directory && mkdir /docker-entrypoint.d COPY docker-entrypoint.sh / +COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 From cd98e75ce640e77633cd79035e41c9a122897fdf Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 26 May 2020 16:38:20 +0300 Subject: [PATCH 137/377] Run envsubst on container start to make templating easier This entrypoint script will look for files in /etc/nginx/templates/ with a ".conf.template" suffix, run them through envsubst replacing defined environment variables, and output to /etc/nginx/conf.d/ preserving file name sans .template. Fixes #232. --- .../alpine-perl/20-envsubst-on-templates.sh | 32 +++++++++++++++++++ mainline/alpine-perl/Dockerfile | 1 + mainline/alpine/20-envsubst-on-templates.sh | 32 +++++++++++++++++++ mainline/alpine/Dockerfile | 1 + .../buster-perl/20-envsubst-on-templates.sh | 32 +++++++++++++++++++ mainline/buster-perl/Dockerfile | 1 + mainline/buster/20-envsubst-on-templates.sh | 32 +++++++++++++++++++ mainline/buster/Dockerfile | 1 + .../alpine-perl/20-envsubst-on-templates.sh | 32 +++++++++++++++++++ stable/alpine-perl/Dockerfile | 1 + stable/alpine/20-envsubst-on-templates.sh | 32 +++++++++++++++++++ stable/alpine/Dockerfile | 1 + .../buster-perl/20-envsubst-on-templates.sh | 32 +++++++++++++++++++ stable/buster-perl/Dockerfile | 1 + stable/buster/20-envsubst-on-templates.sh | 32 +++++++++++++++++++ stable/buster/Dockerfile | 1 + 16 files changed, 264 insertions(+) create mode 100755 mainline/alpine-perl/20-envsubst-on-templates.sh create mode 100755 mainline/alpine/20-envsubst-on-templates.sh create mode 100755 mainline/buster-perl/20-envsubst-on-templates.sh create mode 100755 mainline/buster/20-envsubst-on-templates.sh create mode 100755 stable/alpine-perl/20-envsubst-on-templates.sh create mode 100755 stable/alpine/20-envsubst-on-templates.sh create mode 100755 stable/buster-perl/20-envsubst-on-templates.sh create mode 100755 stable/buster/20-envsubst-on-templates.sh diff --git a/mainline/alpine-perl/20-envsubst-on-templates.sh b/mainline/alpine-perl/20-envsubst-on-templates.sh new file mode 100755 index 00000000..b2b6e123 --- /dev/null +++ b/mainline/alpine-perl/20-envsubst-on-templates.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +set -e + +ME=$(basename $0) + +auto_envsubst() { + local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" + local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" + local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + + local template defined_envs relative_path output_path subdir + defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + [ -d "$template_dir" ] || return 0 + if [ ! -w "$output_dir" ]; then + echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 + return 0 + fi + for template in $(find "$template_dir" -follow -name "*$suffix"); do + relative_path="${template#$template_dir/}" + output_path="$output_dir/${relative_path%$suffix}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$output_dir/$subdir" + echo "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done +} + +auto_envsubst + +exit 0 diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 3ac6f431..3202a052 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -110,6 +110,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 20-envsubst-on-templates.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/mainline/alpine/20-envsubst-on-templates.sh b/mainline/alpine/20-envsubst-on-templates.sh new file mode 100755 index 00000000..b2b6e123 --- /dev/null +++ b/mainline/alpine/20-envsubst-on-templates.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +set -e + +ME=$(basename $0) + +auto_envsubst() { + local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" + local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" + local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + + local template defined_envs relative_path output_path subdir + defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + [ -d "$template_dir" ] || return 0 + if [ ! -w "$output_dir" ]; then + echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 + return 0 + fi + for template in $(find "$template_dir" -follow -name "*$suffix"); do + relative_path="${template#$template_dir/}" + output_path="$output_dir/${relative_path%$suffix}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$output_dir/$subdir" + echo "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done +} + +auto_envsubst + +exit 0 diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index afc8a8f1..e660c4c0 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -109,6 +109,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 20-envsubst-on-templates.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/mainline/buster-perl/20-envsubst-on-templates.sh b/mainline/buster-perl/20-envsubst-on-templates.sh new file mode 100755 index 00000000..b2b6e123 --- /dev/null +++ b/mainline/buster-perl/20-envsubst-on-templates.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +set -e + +ME=$(basename $0) + +auto_envsubst() { + local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" + local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" + local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + + local template defined_envs relative_path output_path subdir + defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + [ -d "$template_dir" ] || return 0 + if [ ! -w "$output_dir" ]; then + echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 + return 0 + fi + for template in $(find "$template_dir" -follow -name "*$suffix"); do + relative_path="${template#$template_dir/}" + output_path="$output_dir/${relative_path%$suffix}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$output_dir/$subdir" + echo "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done +} + +auto_envsubst + +exit 0 diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index 8bf66cfb..e7ce8739 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -101,6 +101,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 20-envsubst-on-templates.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/mainline/buster/20-envsubst-on-templates.sh b/mainline/buster/20-envsubst-on-templates.sh new file mode 100755 index 00000000..b2b6e123 --- /dev/null +++ b/mainline/buster/20-envsubst-on-templates.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +set -e + +ME=$(basename $0) + +auto_envsubst() { + local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" + local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" + local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + + local template defined_envs relative_path output_path subdir + defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + [ -d "$template_dir" ] || return 0 + if [ ! -w "$output_dir" ]; then + echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 + return 0 + fi + for template in $(find "$template_dir" -follow -name "*$suffix"); do + relative_path="${template#$template_dir/}" + output_path="$output_dir/${relative_path%$suffix}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$output_dir/$subdir" + echo "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done +} + +auto_envsubst + +exit 0 diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index 4529d063..856f3fd0 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -100,6 +100,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 20-envsubst-on-templates.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/stable/alpine-perl/20-envsubst-on-templates.sh b/stable/alpine-perl/20-envsubst-on-templates.sh new file mode 100755 index 00000000..b2b6e123 --- /dev/null +++ b/stable/alpine-perl/20-envsubst-on-templates.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +set -e + +ME=$(basename $0) + +auto_envsubst() { + local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" + local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" + local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + + local template defined_envs relative_path output_path subdir + defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + [ -d "$template_dir" ] || return 0 + if [ ! -w "$output_dir" ]; then + echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 + return 0 + fi + for template in $(find "$template_dir" -follow -name "*$suffix"); do + relative_path="${template#$template_dir/}" + output_path="$output_dir/${relative_path%$suffix}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$output_dir/$subdir" + echo "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done +} + +auto_envsubst + +exit 0 diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index f2556fbb..c4e7d17e 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -110,6 +110,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 20-envsubst-on-templates.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/stable/alpine/20-envsubst-on-templates.sh b/stable/alpine/20-envsubst-on-templates.sh new file mode 100755 index 00000000..b2b6e123 --- /dev/null +++ b/stable/alpine/20-envsubst-on-templates.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +set -e + +ME=$(basename $0) + +auto_envsubst() { + local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" + local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" + local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + + local template defined_envs relative_path output_path subdir + defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + [ -d "$template_dir" ] || return 0 + if [ ! -w "$output_dir" ]; then + echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 + return 0 + fi + for template in $(find "$template_dir" -follow -name "*$suffix"); do + relative_path="${template#$template_dir/}" + output_path="$output_dir/${relative_path%$suffix}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$output_dir/$subdir" + echo "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done +} + +auto_envsubst + +exit 0 diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 46267047..09e6b618 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -109,6 +109,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 20-envsubst-on-templates.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/stable/buster-perl/20-envsubst-on-templates.sh b/stable/buster-perl/20-envsubst-on-templates.sh new file mode 100755 index 00000000..b2b6e123 --- /dev/null +++ b/stable/buster-perl/20-envsubst-on-templates.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +set -e + +ME=$(basename $0) + +auto_envsubst() { + local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" + local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" + local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + + local template defined_envs relative_path output_path subdir + defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + [ -d "$template_dir" ] || return 0 + if [ ! -w "$output_dir" ]; then + echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 + return 0 + fi + for template in $(find "$template_dir" -follow -name "*$suffix"); do + relative_path="${template#$template_dir/}" + output_path="$output_dir/${relative_path%$suffix}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$output_dir/$subdir" + echo "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done +} + +auto_envsubst + +exit 0 diff --git a/stable/buster-perl/Dockerfile b/stable/buster-perl/Dockerfile index 5212e28e..bb582472 100644 --- a/stable/buster-perl/Dockerfile +++ b/stable/buster-perl/Dockerfile @@ -101,6 +101,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 20-envsubst-on-templates.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/stable/buster/20-envsubst-on-templates.sh b/stable/buster/20-envsubst-on-templates.sh new file mode 100755 index 00000000..b2b6e123 --- /dev/null +++ b/stable/buster/20-envsubst-on-templates.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +set -e + +ME=$(basename $0) + +auto_envsubst() { + local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" + local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" + local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + + local template defined_envs relative_path output_path subdir + defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + [ -d "$template_dir" ] || return 0 + if [ ! -w "$output_dir" ]; then + echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 + return 0 + fi + for template in $(find "$template_dir" -follow -name "*$suffix"); do + relative_path="${template#$template_dir/}" + output_path="$output_dir/${relative_path%$suffix}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$output_dir/$subdir" + echo "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done +} + +auto_envsubst + +exit 0 diff --git a/stable/buster/Dockerfile b/stable/buster/Dockerfile index 3050aa88..6c98f2f7 100644 --- a/stable/buster/Dockerfile +++ b/stable/buster/Dockerfile @@ -100,6 +100,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 20-envsubst-on-templates.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 From 6c7dde575cecad8d6f8ec486ca9d4b76358e643e Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 26 May 2020 19:22:41 +0300 Subject: [PATCH 138/377] Updated mainline nginx to 1.19.0 and njs to 0.4.1 --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/buster-perl/Dockerfile | 4 ++-- mainline/buster/Dockerfile | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 3202a052..ab362874 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.10 -ENV NJS_VERSION 0.4.0 +ENV NGINX_VERSION 1.19.0 +ENV NJS_VERSION 0.4.1 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index e660c4c0..b33795b7 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.10 -ENV NJS_VERSION 0.4.0 +ENV NGINX_VERSION 1.19.0 +ENV NJS_VERSION 0.4.1 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index e7ce8739..f4a99ce4 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.10 -ENV NJS_VERSION 0.4.0 +ENV NGINX_VERSION 1.19.0 +ENV NJS_VERSION 0.4.1 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index 856f3fd0..88784152 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.10 -ENV NJS_VERSION 0.4.0 +ENV NGINX_VERSION 1.19.0 +ENV NJS_VERSION 0.4.1 ENV PKG_RELEASE 1~buster RUN set -x \ From 41e6b2c686dc811e82aaca7db79dd0813432083b Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 28 May 2020 14:49:00 +0300 Subject: [PATCH 139/377] ipv6-listen: deal with edge cases and fixes - remove undefined behaviour from the if statements - exit early if a file already has an ipv6 listen - fixed md5sum check --- .../alpine-perl/10-listen-on-ipv6-by-default.sh | 14 ++++++-------- mainline/alpine/10-listen-on-ipv6-by-default.sh | 14 ++++++-------- .../buster-perl/10-listen-on-ipv6-by-default.sh | 14 ++++++-------- mainline/buster/10-listen-on-ipv6-by-default.sh | 14 ++++++-------- stable/alpine-perl/10-listen-on-ipv6-by-default.sh | 14 ++++++-------- stable/alpine/10-listen-on-ipv6-by-default.sh | 14 ++++++-------- stable/buster-perl/10-listen-on-ipv6-by-default.sh | 14 ++++++-------- stable/buster/10-listen-on-ipv6-by-default.sh | 14 ++++++-------- 8 files changed, 48 insertions(+), 64 deletions(-) diff --git a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh index 4c52245b..0ee48721 100755 --- a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -7,21 +7,19 @@ ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available -if [ -f "/proc/net/if_inet6" ]; then - continue -else +if [ ! -f "/proc/net/if_inet6" ]; then echo "$ME: ipv6 not available, exiting" 1>&2 exit 0 fi - -if [ -f "/$DEFAULT_CONF_FILE" ]; then - continue -else +if [ ! -f "/$DEFAULT_CONF_FILE" ]; then echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 exit 0 fi +# check if the file is already modified, e.g. on a container restart +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } + if [ -f "/etc/os-release" ]; then . /etc/os-release else @@ -34,7 +32,7 @@ echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 exit 0 } diff --git a/mainline/alpine/10-listen-on-ipv6-by-default.sh b/mainline/alpine/10-listen-on-ipv6-by-default.sh index 4c52245b..0ee48721 100755 --- a/mainline/alpine/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine/10-listen-on-ipv6-by-default.sh @@ -7,21 +7,19 @@ ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available -if [ -f "/proc/net/if_inet6" ]; then - continue -else +if [ ! -f "/proc/net/if_inet6" ]; then echo "$ME: ipv6 not available, exiting" 1>&2 exit 0 fi - -if [ -f "/$DEFAULT_CONF_FILE" ]; then - continue -else +if [ ! -f "/$DEFAULT_CONF_FILE" ]; then echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 exit 0 fi +# check if the file is already modified, e.g. on a container restart +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } + if [ -f "/etc/os-release" ]; then . /etc/os-release else @@ -34,7 +32,7 @@ echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 exit 0 } diff --git a/mainline/buster-perl/10-listen-on-ipv6-by-default.sh b/mainline/buster-perl/10-listen-on-ipv6-by-default.sh index 4c52245b..0ee48721 100755 --- a/mainline/buster-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/buster-perl/10-listen-on-ipv6-by-default.sh @@ -7,21 +7,19 @@ ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available -if [ -f "/proc/net/if_inet6" ]; then - continue -else +if [ ! -f "/proc/net/if_inet6" ]; then echo "$ME: ipv6 not available, exiting" 1>&2 exit 0 fi - -if [ -f "/$DEFAULT_CONF_FILE" ]; then - continue -else +if [ ! -f "/$DEFAULT_CONF_FILE" ]; then echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 exit 0 fi +# check if the file is already modified, e.g. on a container restart +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } + if [ -f "/etc/os-release" ]; then . /etc/os-release else @@ -34,7 +32,7 @@ echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 exit 0 } diff --git a/mainline/buster/10-listen-on-ipv6-by-default.sh b/mainline/buster/10-listen-on-ipv6-by-default.sh index 4c52245b..0ee48721 100755 --- a/mainline/buster/10-listen-on-ipv6-by-default.sh +++ b/mainline/buster/10-listen-on-ipv6-by-default.sh @@ -7,21 +7,19 @@ ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available -if [ -f "/proc/net/if_inet6" ]; then - continue -else +if [ ! -f "/proc/net/if_inet6" ]; then echo "$ME: ipv6 not available, exiting" 1>&2 exit 0 fi - -if [ -f "/$DEFAULT_CONF_FILE" ]; then - continue -else +if [ ! -f "/$DEFAULT_CONF_FILE" ]; then echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 exit 0 fi +# check if the file is already modified, e.g. on a container restart +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } + if [ -f "/etc/os-release" ]; then . /etc/os-release else @@ -34,7 +32,7 @@ echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 exit 0 } diff --git a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh index 4c52245b..0ee48721 100755 --- a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -7,21 +7,19 @@ ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available -if [ -f "/proc/net/if_inet6" ]; then - continue -else +if [ ! -f "/proc/net/if_inet6" ]; then echo "$ME: ipv6 not available, exiting" 1>&2 exit 0 fi - -if [ -f "/$DEFAULT_CONF_FILE" ]; then - continue -else +if [ ! -f "/$DEFAULT_CONF_FILE" ]; then echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 exit 0 fi +# check if the file is already modified, e.g. on a container restart +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } + if [ -f "/etc/os-release" ]; then . /etc/os-release else @@ -34,7 +32,7 @@ echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 exit 0 } diff --git a/stable/alpine/10-listen-on-ipv6-by-default.sh b/stable/alpine/10-listen-on-ipv6-by-default.sh index 4c52245b..0ee48721 100755 --- a/stable/alpine/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine/10-listen-on-ipv6-by-default.sh @@ -7,21 +7,19 @@ ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available -if [ -f "/proc/net/if_inet6" ]; then - continue -else +if [ ! -f "/proc/net/if_inet6" ]; then echo "$ME: ipv6 not available, exiting" 1>&2 exit 0 fi - -if [ -f "/$DEFAULT_CONF_FILE" ]; then - continue -else +if [ ! -f "/$DEFAULT_CONF_FILE" ]; then echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 exit 0 fi +# check if the file is already modified, e.g. on a container restart +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } + if [ -f "/etc/os-release" ]; then . /etc/os-release else @@ -34,7 +32,7 @@ echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 exit 0 } diff --git a/stable/buster-perl/10-listen-on-ipv6-by-default.sh b/stable/buster-perl/10-listen-on-ipv6-by-default.sh index 4c52245b..0ee48721 100755 --- a/stable/buster-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/buster-perl/10-listen-on-ipv6-by-default.sh @@ -7,21 +7,19 @@ ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available -if [ -f "/proc/net/if_inet6" ]; then - continue -else +if [ ! -f "/proc/net/if_inet6" ]; then echo "$ME: ipv6 not available, exiting" 1>&2 exit 0 fi - -if [ -f "/$DEFAULT_CONF_FILE" ]; then - continue -else +if [ ! -f "/$DEFAULT_CONF_FILE" ]; then echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 exit 0 fi +# check if the file is already modified, e.g. on a container restart +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } + if [ -f "/etc/os-release" ]; then . /etc/os-release else @@ -34,7 +32,7 @@ echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 exit 0 } diff --git a/stable/buster/10-listen-on-ipv6-by-default.sh b/stable/buster/10-listen-on-ipv6-by-default.sh index 4c52245b..0ee48721 100755 --- a/stable/buster/10-listen-on-ipv6-by-default.sh +++ b/stable/buster/10-listen-on-ipv6-by-default.sh @@ -7,21 +7,19 @@ ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available -if [ -f "/proc/net/if_inet6" ]; then - continue -else +if [ ! -f "/proc/net/if_inet6" ]; then echo "$ME: ipv6 not available, exiting" 1>&2 exit 0 fi - -if [ -f "/$DEFAULT_CONF_FILE" ]; then - continue -else +if [ ! -f "/$DEFAULT_CONF_FILE" ]; then echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 exit 0 fi +# check if the file is already modified, e.g. on a container restart +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } + if [ -f "/etc/os-release" ]; then . /etc/os-release else @@ -34,7 +32,7 @@ echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 exit 0 } From 383bbaa29ff990a0583466c152805ab79966f102 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 29 May 2020 18:07:39 +0300 Subject: [PATCH 140/377] 20-env-subst: guard against whitespaces in file/folder names Additionally, ignore folders that could match suffixes. --- mainline/alpine-perl/20-envsubst-on-templates.sh | 2 +- mainline/alpine/20-envsubst-on-templates.sh | 2 +- mainline/buster-perl/20-envsubst-on-templates.sh | 2 +- mainline/buster/20-envsubst-on-templates.sh | 2 +- stable/alpine-perl/20-envsubst-on-templates.sh | 2 +- stable/alpine/20-envsubst-on-templates.sh | 2 +- stable/buster-perl/20-envsubst-on-templates.sh | 2 +- stable/buster/20-envsubst-on-templates.sh | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-perl/20-envsubst-on-templates.sh b/mainline/alpine-perl/20-envsubst-on-templates.sh index b2b6e123..4d202a6f 100755 --- a/mainline/alpine-perl/20-envsubst-on-templates.sh +++ b/mainline/alpine-perl/20-envsubst-on-templates.sh @@ -16,7 +16,7 @@ auto_envsubst() { echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 return 0 fi - for template in $(find "$template_dir" -follow -name "*$suffix"); do + find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do relative_path="${template#$template_dir/}" output_path="$output_dir/${relative_path%$suffix}" subdir=$(dirname "$relative_path") diff --git a/mainline/alpine/20-envsubst-on-templates.sh b/mainline/alpine/20-envsubst-on-templates.sh index b2b6e123..4d202a6f 100755 --- a/mainline/alpine/20-envsubst-on-templates.sh +++ b/mainline/alpine/20-envsubst-on-templates.sh @@ -16,7 +16,7 @@ auto_envsubst() { echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 return 0 fi - for template in $(find "$template_dir" -follow -name "*$suffix"); do + find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do relative_path="${template#$template_dir/}" output_path="$output_dir/${relative_path%$suffix}" subdir=$(dirname "$relative_path") diff --git a/mainline/buster-perl/20-envsubst-on-templates.sh b/mainline/buster-perl/20-envsubst-on-templates.sh index b2b6e123..4d202a6f 100755 --- a/mainline/buster-perl/20-envsubst-on-templates.sh +++ b/mainline/buster-perl/20-envsubst-on-templates.sh @@ -16,7 +16,7 @@ auto_envsubst() { echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 return 0 fi - for template in $(find "$template_dir" -follow -name "*$suffix"); do + find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do relative_path="${template#$template_dir/}" output_path="$output_dir/${relative_path%$suffix}" subdir=$(dirname "$relative_path") diff --git a/mainline/buster/20-envsubst-on-templates.sh b/mainline/buster/20-envsubst-on-templates.sh index b2b6e123..4d202a6f 100755 --- a/mainline/buster/20-envsubst-on-templates.sh +++ b/mainline/buster/20-envsubst-on-templates.sh @@ -16,7 +16,7 @@ auto_envsubst() { echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 return 0 fi - for template in $(find "$template_dir" -follow -name "*$suffix"); do + find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do relative_path="${template#$template_dir/}" output_path="$output_dir/${relative_path%$suffix}" subdir=$(dirname "$relative_path") diff --git a/stable/alpine-perl/20-envsubst-on-templates.sh b/stable/alpine-perl/20-envsubst-on-templates.sh index b2b6e123..4d202a6f 100755 --- a/stable/alpine-perl/20-envsubst-on-templates.sh +++ b/stable/alpine-perl/20-envsubst-on-templates.sh @@ -16,7 +16,7 @@ auto_envsubst() { echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 return 0 fi - for template in $(find "$template_dir" -follow -name "*$suffix"); do + find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do relative_path="${template#$template_dir/}" output_path="$output_dir/${relative_path%$suffix}" subdir=$(dirname "$relative_path") diff --git a/stable/alpine/20-envsubst-on-templates.sh b/stable/alpine/20-envsubst-on-templates.sh index b2b6e123..4d202a6f 100755 --- a/stable/alpine/20-envsubst-on-templates.sh +++ b/stable/alpine/20-envsubst-on-templates.sh @@ -16,7 +16,7 @@ auto_envsubst() { echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 return 0 fi - for template in $(find "$template_dir" -follow -name "*$suffix"); do + find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do relative_path="${template#$template_dir/}" output_path="$output_dir/${relative_path%$suffix}" subdir=$(dirname "$relative_path") diff --git a/stable/buster-perl/20-envsubst-on-templates.sh b/stable/buster-perl/20-envsubst-on-templates.sh index b2b6e123..4d202a6f 100755 --- a/stable/buster-perl/20-envsubst-on-templates.sh +++ b/stable/buster-perl/20-envsubst-on-templates.sh @@ -16,7 +16,7 @@ auto_envsubst() { echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 return 0 fi - for template in $(find "$template_dir" -follow -name "*$suffix"); do + find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do relative_path="${template#$template_dir/}" output_path="$output_dir/${relative_path%$suffix}" subdir=$(dirname "$relative_path") diff --git a/stable/buster/20-envsubst-on-templates.sh b/stable/buster/20-envsubst-on-templates.sh index b2b6e123..4d202a6f 100755 --- a/stable/buster/20-envsubst-on-templates.sh +++ b/stable/buster/20-envsubst-on-templates.sh @@ -16,7 +16,7 @@ auto_envsubst() { echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 return 0 fi - for template in $(find "$template_dir" -follow -name "*$suffix"); do + find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do relative_path="${template#$template_dir/}" output_path="$output_dir/${relative_path%$suffix}" subdir=$(dirname "$relative_path") From 0b607f324d208664f37f7c1136ada6b249ddcd9b Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 1 Jun 2020 12:31:24 +0300 Subject: [PATCH 141/377] docker-entrypoint: multiple changes - allow to run with nginx-debug cmd - prevent running if /docker-entrypoint.d was replaced with unreadable or empty dir - don't run find multiple times --- mainline/alpine-perl/docker-entrypoint.sh | 35 ++++++++++++----------- mainline/alpine/docker-entrypoint.sh | 35 ++++++++++++----------- mainline/buster-perl/docker-entrypoint.sh | 35 ++++++++++++----------- mainline/buster/docker-entrypoint.sh | 35 ++++++++++++----------- stable/alpine-perl/docker-entrypoint.sh | 35 ++++++++++++----------- stable/alpine/docker-entrypoint.sh | 35 ++++++++++++----------- stable/buster-perl/docker-entrypoint.sh | 35 ++++++++++++----------- stable/buster/docker-entrypoint.sh | 35 ++++++++++++----------- 8 files changed, 144 insertions(+), 136 deletions(-) diff --git a/mainline/alpine-perl/docker-entrypoint.sh b/mainline/alpine-perl/docker-entrypoint.sh index 3836402b..6d7ee8c9 100755 --- a/mainline/alpine-perl/docker-entrypoint.sh +++ b/mainline/alpine-perl/docker-entrypoint.sh @@ -3,28 +3,29 @@ set -e -if [ "$1" = "nginx" ]; then - if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -print -quit 2>/dev/null | /bin/grep -q .; then - echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform an initial configuration" +if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then + echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" echo "$0: Looking for shell scripts in /docker-entrypoint.d/" - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -executable | sort -n); do - echo "$0: Launching $f"; - "$f" + find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do + case "$f" in + *.sh) + if [ -x "$f" ]; then + echo "$0: Launching $f"; + "$f" + else + # warn on shell scripts without exec bit + echo "$0: Ignoring $f, not executable"; + fi + ;; + *) echo "$0: Ignoring $f";; + esac done - # warn on shell scripts without exec bit - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -not -executable); do - echo "$0: Ignoring $f, not executable"; - done - # warn on filetypes we don't know what to do with - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -not -name "*.sh"); do - echo "$0: Ignoring $f"; - done - - echo "$0: Initial configuration complete; ready for start up" + echo "$0: Configuration complete; ready for start up" else - echo "$0: /docker-entrypoint.d/ is empty, skipping initial configuration" + echo "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/mainline/alpine/docker-entrypoint.sh b/mainline/alpine/docker-entrypoint.sh index 3836402b..6d7ee8c9 100755 --- a/mainline/alpine/docker-entrypoint.sh +++ b/mainline/alpine/docker-entrypoint.sh @@ -3,28 +3,29 @@ set -e -if [ "$1" = "nginx" ]; then - if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -print -quit 2>/dev/null | /bin/grep -q .; then - echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform an initial configuration" +if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then + echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" echo "$0: Looking for shell scripts in /docker-entrypoint.d/" - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -executable | sort -n); do - echo "$0: Launching $f"; - "$f" + find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do + case "$f" in + *.sh) + if [ -x "$f" ]; then + echo "$0: Launching $f"; + "$f" + else + # warn on shell scripts without exec bit + echo "$0: Ignoring $f, not executable"; + fi + ;; + *) echo "$0: Ignoring $f";; + esac done - # warn on shell scripts without exec bit - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -not -executable); do - echo "$0: Ignoring $f, not executable"; - done - # warn on filetypes we don't know what to do with - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -not -name "*.sh"); do - echo "$0: Ignoring $f"; - done - - echo "$0: Initial configuration complete; ready for start up" + echo "$0: Configuration complete; ready for start up" else - echo "$0: /docker-entrypoint.d/ is empty, skipping initial configuration" + echo "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/mainline/buster-perl/docker-entrypoint.sh b/mainline/buster-perl/docker-entrypoint.sh index 3836402b..6d7ee8c9 100755 --- a/mainline/buster-perl/docker-entrypoint.sh +++ b/mainline/buster-perl/docker-entrypoint.sh @@ -3,28 +3,29 @@ set -e -if [ "$1" = "nginx" ]; then - if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -print -quit 2>/dev/null | /bin/grep -q .; then - echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform an initial configuration" +if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then + echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" echo "$0: Looking for shell scripts in /docker-entrypoint.d/" - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -executable | sort -n); do - echo "$0: Launching $f"; - "$f" + find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do + case "$f" in + *.sh) + if [ -x "$f" ]; then + echo "$0: Launching $f"; + "$f" + else + # warn on shell scripts without exec bit + echo "$0: Ignoring $f, not executable"; + fi + ;; + *) echo "$0: Ignoring $f";; + esac done - # warn on shell scripts without exec bit - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -not -executable); do - echo "$0: Ignoring $f, not executable"; - done - # warn on filetypes we don't know what to do with - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -not -name "*.sh"); do - echo "$0: Ignoring $f"; - done - - echo "$0: Initial configuration complete; ready for start up" + echo "$0: Configuration complete; ready for start up" else - echo "$0: /docker-entrypoint.d/ is empty, skipping initial configuration" + echo "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/mainline/buster/docker-entrypoint.sh b/mainline/buster/docker-entrypoint.sh index 3836402b..6d7ee8c9 100755 --- a/mainline/buster/docker-entrypoint.sh +++ b/mainline/buster/docker-entrypoint.sh @@ -3,28 +3,29 @@ set -e -if [ "$1" = "nginx" ]; then - if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -print -quit 2>/dev/null | /bin/grep -q .; then - echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform an initial configuration" +if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then + echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" echo "$0: Looking for shell scripts in /docker-entrypoint.d/" - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -executable | sort -n); do - echo "$0: Launching $f"; - "$f" + find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do + case "$f" in + *.sh) + if [ -x "$f" ]; then + echo "$0: Launching $f"; + "$f" + else + # warn on shell scripts without exec bit + echo "$0: Ignoring $f, not executable"; + fi + ;; + *) echo "$0: Ignoring $f";; + esac done - # warn on shell scripts without exec bit - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -not -executable); do - echo "$0: Ignoring $f, not executable"; - done - # warn on filetypes we don't know what to do with - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -not -name "*.sh"); do - echo "$0: Ignoring $f"; - done - - echo "$0: Initial configuration complete; ready for start up" + echo "$0: Configuration complete; ready for start up" else - echo "$0: /docker-entrypoint.d/ is empty, skipping initial configuration" + echo "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/stable/alpine-perl/docker-entrypoint.sh b/stable/alpine-perl/docker-entrypoint.sh index 3836402b..6d7ee8c9 100755 --- a/stable/alpine-perl/docker-entrypoint.sh +++ b/stable/alpine-perl/docker-entrypoint.sh @@ -3,28 +3,29 @@ set -e -if [ "$1" = "nginx" ]; then - if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -print -quit 2>/dev/null | /bin/grep -q .; then - echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform an initial configuration" +if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then + echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" echo "$0: Looking for shell scripts in /docker-entrypoint.d/" - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -executable | sort -n); do - echo "$0: Launching $f"; - "$f" + find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do + case "$f" in + *.sh) + if [ -x "$f" ]; then + echo "$0: Launching $f"; + "$f" + else + # warn on shell scripts without exec bit + echo "$0: Ignoring $f, not executable"; + fi + ;; + *) echo "$0: Ignoring $f";; + esac done - # warn on shell scripts without exec bit - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -not -executable); do - echo "$0: Ignoring $f, not executable"; - done - # warn on filetypes we don't know what to do with - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -not -name "*.sh"); do - echo "$0: Ignoring $f"; - done - - echo "$0: Initial configuration complete; ready for start up" + echo "$0: Configuration complete; ready for start up" else - echo "$0: /docker-entrypoint.d/ is empty, skipping initial configuration" + echo "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/stable/alpine/docker-entrypoint.sh b/stable/alpine/docker-entrypoint.sh index 3836402b..6d7ee8c9 100755 --- a/stable/alpine/docker-entrypoint.sh +++ b/stable/alpine/docker-entrypoint.sh @@ -3,28 +3,29 @@ set -e -if [ "$1" = "nginx" ]; then - if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -print -quit 2>/dev/null | /bin/grep -q .; then - echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform an initial configuration" +if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then + echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" echo "$0: Looking for shell scripts in /docker-entrypoint.d/" - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -executable | sort -n); do - echo "$0: Launching $f"; - "$f" + find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do + case "$f" in + *.sh) + if [ -x "$f" ]; then + echo "$0: Launching $f"; + "$f" + else + # warn on shell scripts without exec bit + echo "$0: Ignoring $f, not executable"; + fi + ;; + *) echo "$0: Ignoring $f";; + esac done - # warn on shell scripts without exec bit - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -not -executable); do - echo "$0: Ignoring $f, not executable"; - done - # warn on filetypes we don't know what to do with - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -not -name "*.sh"); do - echo "$0: Ignoring $f"; - done - - echo "$0: Initial configuration complete; ready for start up" + echo "$0: Configuration complete; ready for start up" else - echo "$0: /docker-entrypoint.d/ is empty, skipping initial configuration" + echo "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/stable/buster-perl/docker-entrypoint.sh b/stable/buster-perl/docker-entrypoint.sh index 3836402b..6d7ee8c9 100755 --- a/stable/buster-perl/docker-entrypoint.sh +++ b/stable/buster-perl/docker-entrypoint.sh @@ -3,28 +3,29 @@ set -e -if [ "$1" = "nginx" ]; then - if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -print -quit 2>/dev/null | /bin/grep -q .; then - echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform an initial configuration" +if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then + echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" echo "$0: Looking for shell scripts in /docker-entrypoint.d/" - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -executable | sort -n); do - echo "$0: Launching $f"; - "$f" + find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do + case "$f" in + *.sh) + if [ -x "$f" ]; then + echo "$0: Launching $f"; + "$f" + else + # warn on shell scripts without exec bit + echo "$0: Ignoring $f, not executable"; + fi + ;; + *) echo "$0: Ignoring $f";; + esac done - # warn on shell scripts without exec bit - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -not -executable); do - echo "$0: Ignoring $f, not executable"; - done - # warn on filetypes we don't know what to do with - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -not -name "*.sh"); do - echo "$0: Ignoring $f"; - done - - echo "$0: Initial configuration complete; ready for start up" + echo "$0: Configuration complete; ready for start up" else - echo "$0: /docker-entrypoint.d/ is empty, skipping initial configuration" + echo "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/stable/buster/docker-entrypoint.sh b/stable/buster/docker-entrypoint.sh index 3836402b..6d7ee8c9 100755 --- a/stable/buster/docker-entrypoint.sh +++ b/stable/buster/docker-entrypoint.sh @@ -3,28 +3,29 @@ set -e -if [ "$1" = "nginx" ]; then - if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -print -quit 2>/dev/null | /bin/grep -q .; then - echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform an initial configuration" +if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then + echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" echo "$0: Looking for shell scripts in /docker-entrypoint.d/" - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -executable | sort -n); do - echo "$0: Launching $f"; - "$f" + find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do + case "$f" in + *.sh) + if [ -x "$f" ]; then + echo "$0: Launching $f"; + "$f" + else + # warn on shell scripts without exec bit + echo "$0: Ignoring $f, not executable"; + fi + ;; + *) echo "$0: Ignoring $f";; + esac done - # warn on shell scripts without exec bit - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -not -executable); do - echo "$0: Ignoring $f, not executable"; - done - # warn on filetypes we don't know what to do with - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -not -name "*.sh"); do - echo "$0: Ignoring $f"; - done - - echo "$0: Initial configuration complete; ready for start up" + echo "$0: Configuration complete; ready for start up" else - echo "$0: /docker-entrypoint.d/ is empty, skipping initial configuration" + echo "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi From 2ef3fa66f2a434cd5e44e35a02f4ac502cf50808 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 2 Jun 2020 18:22:29 +0300 Subject: [PATCH 142/377] ipv6-listen: detect if default.conf is writable Fixes #416 --- mainline/alpine-perl/10-listen-on-ipv6-by-default.sh | 3 +++ mainline/alpine/10-listen-on-ipv6-by-default.sh | 3 +++ mainline/buster-perl/10-listen-on-ipv6-by-default.sh | 3 +++ mainline/buster/10-listen-on-ipv6-by-default.sh | 3 +++ stable/alpine-perl/10-listen-on-ipv6-by-default.sh | 3 +++ stable/alpine/10-listen-on-ipv6-by-default.sh | 3 +++ stable/buster-perl/10-listen-on-ipv6-by-default.sh | 3 +++ stable/buster/10-listen-on-ipv6-by-default.sh | 3 +++ 8 files changed, 24 insertions(+) diff --git a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh index 0ee48721..6885a9db 100755 --- a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -17,6 +17,9 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then exit 0 fi +# check if the file can be modified, e.g. not on a r/o filesystem +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } + # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } diff --git a/mainline/alpine/10-listen-on-ipv6-by-default.sh b/mainline/alpine/10-listen-on-ipv6-by-default.sh index 0ee48721..6885a9db 100755 --- a/mainline/alpine/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine/10-listen-on-ipv6-by-default.sh @@ -17,6 +17,9 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then exit 0 fi +# check if the file can be modified, e.g. not on a r/o filesystem +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } + # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } diff --git a/mainline/buster-perl/10-listen-on-ipv6-by-default.sh b/mainline/buster-perl/10-listen-on-ipv6-by-default.sh index 0ee48721..6885a9db 100755 --- a/mainline/buster-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/buster-perl/10-listen-on-ipv6-by-default.sh @@ -17,6 +17,9 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then exit 0 fi +# check if the file can be modified, e.g. not on a r/o filesystem +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } + # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } diff --git a/mainline/buster/10-listen-on-ipv6-by-default.sh b/mainline/buster/10-listen-on-ipv6-by-default.sh index 0ee48721..6885a9db 100755 --- a/mainline/buster/10-listen-on-ipv6-by-default.sh +++ b/mainline/buster/10-listen-on-ipv6-by-default.sh @@ -17,6 +17,9 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then exit 0 fi +# check if the file can be modified, e.g. not on a r/o filesystem +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } + # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } diff --git a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh index 0ee48721..6885a9db 100755 --- a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -17,6 +17,9 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then exit 0 fi +# check if the file can be modified, e.g. not on a r/o filesystem +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } + # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } diff --git a/stable/alpine/10-listen-on-ipv6-by-default.sh b/stable/alpine/10-listen-on-ipv6-by-default.sh index 0ee48721..6885a9db 100755 --- a/stable/alpine/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine/10-listen-on-ipv6-by-default.sh @@ -17,6 +17,9 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then exit 0 fi +# check if the file can be modified, e.g. not on a r/o filesystem +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } + # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } diff --git a/stable/buster-perl/10-listen-on-ipv6-by-default.sh b/stable/buster-perl/10-listen-on-ipv6-by-default.sh index 0ee48721..6885a9db 100755 --- a/stable/buster-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/buster-perl/10-listen-on-ipv6-by-default.sh @@ -17,6 +17,9 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then exit 0 fi +# check if the file can be modified, e.g. not on a r/o filesystem +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } + # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } diff --git a/stable/buster/10-listen-on-ipv6-by-default.sh b/stable/buster/10-listen-on-ipv6-by-default.sh index 0ee48721..6885a9db 100755 --- a/stable/buster/10-listen-on-ipv6-by-default.sh +++ b/stable/buster/10-listen-on-ipv6-by-default.sh @@ -17,6 +17,9 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then exit 0 fi +# check if the file can be modified, e.g. not on a r/o filesystem +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } + # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } From d8cbd8e266ea39d188590cd8cd26ae08fbbe3d59 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20D=C3=BCsterhus?= Date: Fri, 12 Jun 2020 22:04:18 +0200 Subject: [PATCH 143/377] Use /bin/sh in shebang instead of /usr/bin/env A POSIX compatible sh is guaranteed to be available as /bin/sh. By not using /usr/bin/env simply whitelisting /docker-entrypoint.sh within mandatory access control frameworks, such as AppArmor, is sufficient. When /usr/bin/env is used /docker-entrypoint.sh and the shell that provides sh (e.g. /bin/dash for debian based images) need to be whitelisted, increasing the possible attack area, by providing access to a full shell. --- mainline/alpine-perl/docker-entrypoint.sh | 2 +- mainline/alpine/docker-entrypoint.sh | 2 +- mainline/buster-perl/docker-entrypoint.sh | 2 +- mainline/buster/docker-entrypoint.sh | 2 +- stable/alpine-perl/docker-entrypoint.sh | 2 +- stable/alpine/docker-entrypoint.sh | 2 +- stable/buster-perl/docker-entrypoint.sh | 2 +- stable/buster/docker-entrypoint.sh | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-perl/docker-entrypoint.sh b/mainline/alpine-perl/docker-entrypoint.sh index 6d7ee8c9..63c6905c 100755 --- a/mainline/alpine-perl/docker-entrypoint.sh +++ b/mainline/alpine-perl/docker-entrypoint.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env sh +#!/bin/sh # vim:sw=4:ts=4:et set -e diff --git a/mainline/alpine/docker-entrypoint.sh b/mainline/alpine/docker-entrypoint.sh index 6d7ee8c9..63c6905c 100755 --- a/mainline/alpine/docker-entrypoint.sh +++ b/mainline/alpine/docker-entrypoint.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env sh +#!/bin/sh # vim:sw=4:ts=4:et set -e diff --git a/mainline/buster-perl/docker-entrypoint.sh b/mainline/buster-perl/docker-entrypoint.sh index 6d7ee8c9..63c6905c 100755 --- a/mainline/buster-perl/docker-entrypoint.sh +++ b/mainline/buster-perl/docker-entrypoint.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env sh +#!/bin/sh # vim:sw=4:ts=4:et set -e diff --git a/mainline/buster/docker-entrypoint.sh b/mainline/buster/docker-entrypoint.sh index 6d7ee8c9..63c6905c 100755 --- a/mainline/buster/docker-entrypoint.sh +++ b/mainline/buster/docker-entrypoint.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env sh +#!/bin/sh # vim:sw=4:ts=4:et set -e diff --git a/stable/alpine-perl/docker-entrypoint.sh b/stable/alpine-perl/docker-entrypoint.sh index 6d7ee8c9..63c6905c 100755 --- a/stable/alpine-perl/docker-entrypoint.sh +++ b/stable/alpine-perl/docker-entrypoint.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env sh +#!/bin/sh # vim:sw=4:ts=4:et set -e diff --git a/stable/alpine/docker-entrypoint.sh b/stable/alpine/docker-entrypoint.sh index 6d7ee8c9..63c6905c 100755 --- a/stable/alpine/docker-entrypoint.sh +++ b/stable/alpine/docker-entrypoint.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env sh +#!/bin/sh # vim:sw=4:ts=4:et set -e diff --git a/stable/buster-perl/docker-entrypoint.sh b/stable/buster-perl/docker-entrypoint.sh index 6d7ee8c9..63c6905c 100755 --- a/stable/buster-perl/docker-entrypoint.sh +++ b/stable/buster-perl/docker-entrypoint.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env sh +#!/bin/sh # vim:sw=4:ts=4:et set -e diff --git a/stable/buster/docker-entrypoint.sh b/stable/buster/docker-entrypoint.sh index 6d7ee8c9..63c6905c 100755 --- a/stable/buster/docker-entrypoint.sh +++ b/stable/buster/docker-entrypoint.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env sh +#!/bin/sh # vim:sw=4:ts=4:et set -e From a86ccdc94e394d9cf93c13a0e6a0dd0cca48d64d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexandre=20Salom=C3=A9?= Date: Mon, 8 Jun 2020 10:40:57 +0200 Subject: [PATCH 144/377] Add NGINX_ENTRYPOINT_QUIET_LOGS environment variable --- .../10-listen-on-ipv6-by-default.sh | 8 ++++---- .../alpine-perl/20-envsubst-on-templates.sh | 2 +- mainline/alpine-perl/docker-entrypoint.sh | 20 ++++++++++++------- .../alpine/10-listen-on-ipv6-by-default.sh | 8 ++++---- mainline/alpine/20-envsubst-on-templates.sh | 2 +- mainline/alpine/docker-entrypoint.sh | 20 ++++++++++++------- .../10-listen-on-ipv6-by-default.sh | 8 ++++---- .../buster-perl/20-envsubst-on-templates.sh | 2 +- mainline/buster-perl/docker-entrypoint.sh | 20 ++++++++++++------- .../buster/10-listen-on-ipv6-by-default.sh | 8 ++++---- mainline/buster/20-envsubst-on-templates.sh | 2 +- mainline/buster/docker-entrypoint.sh | 20 ++++++++++++------- .../10-listen-on-ipv6-by-default.sh | 8 ++++---- .../alpine-perl/20-envsubst-on-templates.sh | 2 +- stable/alpine-perl/docker-entrypoint.sh | 20 ++++++++++++------- stable/alpine/10-listen-on-ipv6-by-default.sh | 8 ++++---- stable/alpine/20-envsubst-on-templates.sh | 2 +- stable/alpine/docker-entrypoint.sh | 20 ++++++++++++------- .../10-listen-on-ipv6-by-default.sh | 8 ++++---- .../buster-perl/20-envsubst-on-templates.sh | 2 +- stable/buster-perl/docker-entrypoint.sh | 20 ++++++++++++------- stable/buster/10-listen-on-ipv6-by-default.sh | 8 ++++---- stable/buster/20-envsubst-on-templates.sh | 2 +- stable/buster/docker-entrypoint.sh | 20 ++++++++++++------- 24 files changed, 144 insertions(+), 96 deletions(-) diff --git a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh index 6885a9db..8ce9e9a3 100755 --- a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -18,10 +18,10 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release @@ -30,7 +30,7 @@ else exit 0 fi -echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" +echo >&3 "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") @@ -56,6 +56,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +echo >&3 "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/mainline/alpine-perl/20-envsubst-on-templates.sh b/mainline/alpine-perl/20-envsubst-on-templates.sh index 4d202a6f..38df3a67 100755 --- a/mainline/alpine-perl/20-envsubst-on-templates.sh +++ b/mainline/alpine-perl/20-envsubst-on-templates.sh @@ -22,7 +22,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo "$ME: Running envsubst on $template to $output_path" + echo >&3 "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/mainline/alpine-perl/docker-entrypoint.sh b/mainline/alpine-perl/docker-entrypoint.sh index 63c6905c..88732541 100755 --- a/mainline/alpine-perl/docker-entrypoint.sh +++ b/mainline/alpine-perl/docker-entrypoint.sh @@ -3,29 +3,35 @@ set -e +if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + exec 3>&1 +else + exec 3>/dev/null +fi + if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo "$0: Looking for shell scripts in /docker-entrypoint.d/" + echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then - echo "$0: Launching $f"; + echo >&3 "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo "$0: Ignoring $f, not executable"; + echo >&3 "$0: Ignoring $f, not executable"; fi ;; - *) echo "$0: Ignoring $f";; + *) echo >&3 "$0: Ignoring $f";; esac done - echo "$0: Configuration complete; ready for start up" + echo >&3 "$0: Configuration complete; ready for start up" else - echo "$0: No files found in /docker-entrypoint.d/, skipping configuration" + echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/mainline/alpine/10-listen-on-ipv6-by-default.sh b/mainline/alpine/10-listen-on-ipv6-by-default.sh index 6885a9db..8ce9e9a3 100755 --- a/mainline/alpine/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine/10-listen-on-ipv6-by-default.sh @@ -18,10 +18,10 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release @@ -30,7 +30,7 @@ else exit 0 fi -echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" +echo >&3 "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") @@ -56,6 +56,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +echo >&3 "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/mainline/alpine/20-envsubst-on-templates.sh b/mainline/alpine/20-envsubst-on-templates.sh index 4d202a6f..38df3a67 100755 --- a/mainline/alpine/20-envsubst-on-templates.sh +++ b/mainline/alpine/20-envsubst-on-templates.sh @@ -22,7 +22,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo "$ME: Running envsubst on $template to $output_path" + echo >&3 "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/mainline/alpine/docker-entrypoint.sh b/mainline/alpine/docker-entrypoint.sh index 63c6905c..88732541 100755 --- a/mainline/alpine/docker-entrypoint.sh +++ b/mainline/alpine/docker-entrypoint.sh @@ -3,29 +3,35 @@ set -e +if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + exec 3>&1 +else + exec 3>/dev/null +fi + if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo "$0: Looking for shell scripts in /docker-entrypoint.d/" + echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then - echo "$0: Launching $f"; + echo >&3 "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo "$0: Ignoring $f, not executable"; + echo >&3 "$0: Ignoring $f, not executable"; fi ;; - *) echo "$0: Ignoring $f";; + *) echo >&3 "$0: Ignoring $f";; esac done - echo "$0: Configuration complete; ready for start up" + echo >&3 "$0: Configuration complete; ready for start up" else - echo "$0: No files found in /docker-entrypoint.d/, skipping configuration" + echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/mainline/buster-perl/10-listen-on-ipv6-by-default.sh b/mainline/buster-perl/10-listen-on-ipv6-by-default.sh index 6885a9db..8ce9e9a3 100755 --- a/mainline/buster-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/buster-perl/10-listen-on-ipv6-by-default.sh @@ -18,10 +18,10 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release @@ -30,7 +30,7 @@ else exit 0 fi -echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" +echo >&3 "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") @@ -56,6 +56,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +echo >&3 "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/mainline/buster-perl/20-envsubst-on-templates.sh b/mainline/buster-perl/20-envsubst-on-templates.sh index 4d202a6f..38df3a67 100755 --- a/mainline/buster-perl/20-envsubst-on-templates.sh +++ b/mainline/buster-perl/20-envsubst-on-templates.sh @@ -22,7 +22,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo "$ME: Running envsubst on $template to $output_path" + echo >&3 "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/mainline/buster-perl/docker-entrypoint.sh b/mainline/buster-perl/docker-entrypoint.sh index 63c6905c..88732541 100755 --- a/mainline/buster-perl/docker-entrypoint.sh +++ b/mainline/buster-perl/docker-entrypoint.sh @@ -3,29 +3,35 @@ set -e +if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + exec 3>&1 +else + exec 3>/dev/null +fi + if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo "$0: Looking for shell scripts in /docker-entrypoint.d/" + echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then - echo "$0: Launching $f"; + echo >&3 "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo "$0: Ignoring $f, not executable"; + echo >&3 "$0: Ignoring $f, not executable"; fi ;; - *) echo "$0: Ignoring $f";; + *) echo >&3 "$0: Ignoring $f";; esac done - echo "$0: Configuration complete; ready for start up" + echo >&3 "$0: Configuration complete; ready for start up" else - echo "$0: No files found in /docker-entrypoint.d/, skipping configuration" + echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/mainline/buster/10-listen-on-ipv6-by-default.sh b/mainline/buster/10-listen-on-ipv6-by-default.sh index 6885a9db..8ce9e9a3 100755 --- a/mainline/buster/10-listen-on-ipv6-by-default.sh +++ b/mainline/buster/10-listen-on-ipv6-by-default.sh @@ -18,10 +18,10 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release @@ -30,7 +30,7 @@ else exit 0 fi -echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" +echo >&3 "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") @@ -56,6 +56,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +echo >&3 "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/mainline/buster/20-envsubst-on-templates.sh b/mainline/buster/20-envsubst-on-templates.sh index 4d202a6f..38df3a67 100755 --- a/mainline/buster/20-envsubst-on-templates.sh +++ b/mainline/buster/20-envsubst-on-templates.sh @@ -22,7 +22,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo "$ME: Running envsubst on $template to $output_path" + echo >&3 "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/mainline/buster/docker-entrypoint.sh b/mainline/buster/docker-entrypoint.sh index 63c6905c..88732541 100755 --- a/mainline/buster/docker-entrypoint.sh +++ b/mainline/buster/docker-entrypoint.sh @@ -3,29 +3,35 @@ set -e +if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + exec 3>&1 +else + exec 3>/dev/null +fi + if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo "$0: Looking for shell scripts in /docker-entrypoint.d/" + echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then - echo "$0: Launching $f"; + echo >&3 "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo "$0: Ignoring $f, not executable"; + echo >&3 "$0: Ignoring $f, not executable"; fi ;; - *) echo "$0: Ignoring $f";; + *) echo >&3 "$0: Ignoring $f";; esac done - echo "$0: Configuration complete; ready for start up" + echo >&3 "$0: Configuration complete; ready for start up" else - echo "$0: No files found in /docker-entrypoint.d/, skipping configuration" + echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh index 6885a9db..8ce9e9a3 100755 --- a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -18,10 +18,10 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release @@ -30,7 +30,7 @@ else exit 0 fi -echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" +echo >&3 "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") @@ -56,6 +56,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +echo >&3 "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/stable/alpine-perl/20-envsubst-on-templates.sh b/stable/alpine-perl/20-envsubst-on-templates.sh index 4d202a6f..38df3a67 100755 --- a/stable/alpine-perl/20-envsubst-on-templates.sh +++ b/stable/alpine-perl/20-envsubst-on-templates.sh @@ -22,7 +22,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo "$ME: Running envsubst on $template to $output_path" + echo >&3 "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/stable/alpine-perl/docker-entrypoint.sh b/stable/alpine-perl/docker-entrypoint.sh index 63c6905c..88732541 100755 --- a/stable/alpine-perl/docker-entrypoint.sh +++ b/stable/alpine-perl/docker-entrypoint.sh @@ -3,29 +3,35 @@ set -e +if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + exec 3>&1 +else + exec 3>/dev/null +fi + if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo "$0: Looking for shell scripts in /docker-entrypoint.d/" + echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then - echo "$0: Launching $f"; + echo >&3 "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo "$0: Ignoring $f, not executable"; + echo >&3 "$0: Ignoring $f, not executable"; fi ;; - *) echo "$0: Ignoring $f";; + *) echo >&3 "$0: Ignoring $f";; esac done - echo "$0: Configuration complete; ready for start up" + echo >&3 "$0: Configuration complete; ready for start up" else - echo "$0: No files found in /docker-entrypoint.d/, skipping configuration" + echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/stable/alpine/10-listen-on-ipv6-by-default.sh b/stable/alpine/10-listen-on-ipv6-by-default.sh index 6885a9db..8ce9e9a3 100755 --- a/stable/alpine/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine/10-listen-on-ipv6-by-default.sh @@ -18,10 +18,10 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release @@ -30,7 +30,7 @@ else exit 0 fi -echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" +echo >&3 "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") @@ -56,6 +56,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +echo >&3 "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/stable/alpine/20-envsubst-on-templates.sh b/stable/alpine/20-envsubst-on-templates.sh index 4d202a6f..38df3a67 100755 --- a/stable/alpine/20-envsubst-on-templates.sh +++ b/stable/alpine/20-envsubst-on-templates.sh @@ -22,7 +22,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo "$ME: Running envsubst on $template to $output_path" + echo >&3 "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/stable/alpine/docker-entrypoint.sh b/stable/alpine/docker-entrypoint.sh index 63c6905c..88732541 100755 --- a/stable/alpine/docker-entrypoint.sh +++ b/stable/alpine/docker-entrypoint.sh @@ -3,29 +3,35 @@ set -e +if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + exec 3>&1 +else + exec 3>/dev/null +fi + if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo "$0: Looking for shell scripts in /docker-entrypoint.d/" + echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then - echo "$0: Launching $f"; + echo >&3 "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo "$0: Ignoring $f, not executable"; + echo >&3 "$0: Ignoring $f, not executable"; fi ;; - *) echo "$0: Ignoring $f";; + *) echo >&3 "$0: Ignoring $f";; esac done - echo "$0: Configuration complete; ready for start up" + echo >&3 "$0: Configuration complete; ready for start up" else - echo "$0: No files found in /docker-entrypoint.d/, skipping configuration" + echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/stable/buster-perl/10-listen-on-ipv6-by-default.sh b/stable/buster-perl/10-listen-on-ipv6-by-default.sh index 6885a9db..8ce9e9a3 100755 --- a/stable/buster-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/buster-perl/10-listen-on-ipv6-by-default.sh @@ -18,10 +18,10 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release @@ -30,7 +30,7 @@ else exit 0 fi -echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" +echo >&3 "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") @@ -56,6 +56,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +echo >&3 "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/stable/buster-perl/20-envsubst-on-templates.sh b/stable/buster-perl/20-envsubst-on-templates.sh index 4d202a6f..38df3a67 100755 --- a/stable/buster-perl/20-envsubst-on-templates.sh +++ b/stable/buster-perl/20-envsubst-on-templates.sh @@ -22,7 +22,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo "$ME: Running envsubst on $template to $output_path" + echo >&3 "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/stable/buster-perl/docker-entrypoint.sh b/stable/buster-perl/docker-entrypoint.sh index 63c6905c..88732541 100755 --- a/stable/buster-perl/docker-entrypoint.sh +++ b/stable/buster-perl/docker-entrypoint.sh @@ -3,29 +3,35 @@ set -e +if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + exec 3>&1 +else + exec 3>/dev/null +fi + if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo "$0: Looking for shell scripts in /docker-entrypoint.d/" + echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then - echo "$0: Launching $f"; + echo >&3 "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo "$0: Ignoring $f, not executable"; + echo >&3 "$0: Ignoring $f, not executable"; fi ;; - *) echo "$0: Ignoring $f";; + *) echo >&3 "$0: Ignoring $f";; esac done - echo "$0: Configuration complete; ready for start up" + echo >&3 "$0: Configuration complete; ready for start up" else - echo "$0: No files found in /docker-entrypoint.d/, skipping configuration" + echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/stable/buster/10-listen-on-ipv6-by-default.sh b/stable/buster/10-listen-on-ipv6-by-default.sh index 6885a9db..8ce9e9a3 100755 --- a/stable/buster/10-listen-on-ipv6-by-default.sh +++ b/stable/buster/10-listen-on-ipv6-by-default.sh @@ -18,10 +18,10 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release @@ -30,7 +30,7 @@ else exit 0 fi -echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" +echo >&3 "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") @@ -56,6 +56,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +echo >&3 "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/stable/buster/20-envsubst-on-templates.sh b/stable/buster/20-envsubst-on-templates.sh index 4d202a6f..38df3a67 100755 --- a/stable/buster/20-envsubst-on-templates.sh +++ b/stable/buster/20-envsubst-on-templates.sh @@ -22,7 +22,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo "$ME: Running envsubst on $template to $output_path" + echo >&3 "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/stable/buster/docker-entrypoint.sh b/stable/buster/docker-entrypoint.sh index 63c6905c..88732541 100755 --- a/stable/buster/docker-entrypoint.sh +++ b/stable/buster/docker-entrypoint.sh @@ -3,29 +3,35 @@ set -e +if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + exec 3>&1 +else + exec 3>/dev/null +fi + if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo "$0: Looking for shell scripts in /docker-entrypoint.d/" + echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then - echo "$0: Launching $f"; + echo >&3 "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo "$0: Ignoring $f, not executable"; + echo >&3 "$0: Ignoring $f, not executable"; fi ;; - *) echo "$0: Ignoring $f";; + *) echo >&3 "$0: Ignoring $f";; esac done - echo "$0: Configuration complete; ready for start up" + echo >&3 "$0: Configuration complete; ready for start up" else - echo "$0: No files found in /docker-entrypoint.d/, skipping configuration" + echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi From 172571e53c1c6dacc86bcef2b09abf91c451bd69 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 17 Jun 2020 14:24:07 +0300 Subject: [PATCH 145/377] ipv6 listen: put r/o filesystem alert to stderr --- mainline/alpine-perl/10-listen-on-ipv6-by-default.sh | 2 +- mainline/alpine/10-listen-on-ipv6-by-default.sh | 2 +- mainline/buster-perl/10-listen-on-ipv6-by-default.sh | 2 +- mainline/buster/10-listen-on-ipv6-by-default.sh | 2 +- stable/alpine-perl/10-listen-on-ipv6-by-default.sh | 2 +- stable/alpine/10-listen-on-ipv6-by-default.sh | 2 +- stable/buster-perl/10-listen-on-ipv6-by-default.sh | 2 +- stable/buster/10-listen-on-ipv6-by-default.sh | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh index 8ce9e9a3..85418f3c 100755 --- a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -18,7 +18,7 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting" >1&2; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } diff --git a/mainline/alpine/10-listen-on-ipv6-by-default.sh b/mainline/alpine/10-listen-on-ipv6-by-default.sh index 8ce9e9a3..85418f3c 100755 --- a/mainline/alpine/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine/10-listen-on-ipv6-by-default.sh @@ -18,7 +18,7 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting" >1&2; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } diff --git a/mainline/buster-perl/10-listen-on-ipv6-by-default.sh b/mainline/buster-perl/10-listen-on-ipv6-by-default.sh index 8ce9e9a3..85418f3c 100755 --- a/mainline/buster-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/buster-perl/10-listen-on-ipv6-by-default.sh @@ -18,7 +18,7 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting" >1&2; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } diff --git a/mainline/buster/10-listen-on-ipv6-by-default.sh b/mainline/buster/10-listen-on-ipv6-by-default.sh index 8ce9e9a3..85418f3c 100755 --- a/mainline/buster/10-listen-on-ipv6-by-default.sh +++ b/mainline/buster/10-listen-on-ipv6-by-default.sh @@ -18,7 +18,7 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting" >1&2; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } diff --git a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh index 8ce9e9a3..85418f3c 100755 --- a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -18,7 +18,7 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting" >1&2; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } diff --git a/stable/alpine/10-listen-on-ipv6-by-default.sh b/stable/alpine/10-listen-on-ipv6-by-default.sh index 8ce9e9a3..85418f3c 100755 --- a/stable/alpine/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine/10-listen-on-ipv6-by-default.sh @@ -18,7 +18,7 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting" >1&2; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } diff --git a/stable/buster-perl/10-listen-on-ipv6-by-default.sh b/stable/buster-perl/10-listen-on-ipv6-by-default.sh index 8ce9e9a3..85418f3c 100755 --- a/stable/buster-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/buster-perl/10-listen-on-ipv6-by-default.sh @@ -18,7 +18,7 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting" >1&2; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } diff --git a/stable/buster/10-listen-on-ipv6-by-default.sh b/stable/buster/10-listen-on-ipv6-by-default.sh index 8ce9e9a3..85418f3c 100755 --- a/stable/buster/10-listen-on-ipv6-by-default.sh +++ b/stable/buster/10-listen-on-ipv6-by-default.sh @@ -18,7 +18,7 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting" >1&2; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } From 6086122863e2d269dd99b63ed7b2f0e95821dc0b Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 17 Jun 2020 14:38:57 +0300 Subject: [PATCH 146/377] Reworded entrypoint scripts error messages to avoid confusion Fixes #419 --- .../alpine-perl/10-listen-on-ipv6-by-default.sh | 16 ++++++++-------- mainline/alpine-perl/20-envsubst-on-templates.sh | 2 +- mainline/alpine/10-listen-on-ipv6-by-default.sh | 16 ++++++++-------- mainline/alpine/20-envsubst-on-templates.sh | 2 +- .../buster-perl/10-listen-on-ipv6-by-default.sh | 16 ++++++++-------- mainline/buster-perl/20-envsubst-on-templates.sh | 2 +- mainline/buster/10-listen-on-ipv6-by-default.sh | 16 ++++++++-------- mainline/buster/20-envsubst-on-templates.sh | 2 +- .../alpine-perl/10-listen-on-ipv6-by-default.sh | 16 ++++++++-------- stable/alpine-perl/20-envsubst-on-templates.sh | 2 +- stable/alpine/10-listen-on-ipv6-by-default.sh | 16 ++++++++-------- stable/alpine/20-envsubst-on-templates.sh | 2 +- .../buster-perl/10-listen-on-ipv6-by-default.sh | 16 ++++++++-------- stable/buster-perl/20-envsubst-on-templates.sh | 2 +- stable/buster/10-listen-on-ipv6-by-default.sh | 16 ++++++++-------- stable/buster/20-envsubst-on-templates.sh | 2 +- 16 files changed, 72 insertions(+), 72 deletions(-) diff --git a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh index 85418f3c..f9cf4dad 100755 --- a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -8,25 +8,25 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo "$ME: ipv6 not available, exiting" 1>&2 + echo "$ME: error: ipv6 not available" 1>&2 exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" 1>&2 exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting" >1&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" >1&2; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo "$ME: can not guess the operating system, exiting" 1>&2 + echo "$ME: error: can not guess the operating system" 1>&2 exit 0 fi @@ -36,19 +36,19 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" 1>&2 exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo "$ME: /$DEFAULT_CONF_FILE differs from the packages version, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" 1>&2 exit 0 } ;; *) - echo "$ME: Unsupported distribution, exiting" 1>&2 + echo "$ME: error: Unsupported distribution" 1>&2 exit 0 ;; esac diff --git a/mainline/alpine-perl/20-envsubst-on-templates.sh b/mainline/alpine-perl/20-envsubst-on-templates.sh index 38df3a67..545c765b 100755 --- a/mainline/alpine-perl/20-envsubst-on-templates.sh +++ b/mainline/alpine-perl/20-envsubst-on-templates.sh @@ -13,7 +13,7 @@ auto_envsubst() { defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 + echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable" 1>&2 return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do diff --git a/mainline/alpine/10-listen-on-ipv6-by-default.sh b/mainline/alpine/10-listen-on-ipv6-by-default.sh index 85418f3c..f9cf4dad 100755 --- a/mainline/alpine/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine/10-listen-on-ipv6-by-default.sh @@ -8,25 +8,25 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo "$ME: ipv6 not available, exiting" 1>&2 + echo "$ME: error: ipv6 not available" 1>&2 exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" 1>&2 exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting" >1&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" >1&2; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo "$ME: can not guess the operating system, exiting" 1>&2 + echo "$ME: error: can not guess the operating system" 1>&2 exit 0 fi @@ -36,19 +36,19 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" 1>&2 exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo "$ME: /$DEFAULT_CONF_FILE differs from the packages version, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" 1>&2 exit 0 } ;; *) - echo "$ME: Unsupported distribution, exiting" 1>&2 + echo "$ME: error: Unsupported distribution" 1>&2 exit 0 ;; esac diff --git a/mainline/alpine/20-envsubst-on-templates.sh b/mainline/alpine/20-envsubst-on-templates.sh index 38df3a67..545c765b 100755 --- a/mainline/alpine/20-envsubst-on-templates.sh +++ b/mainline/alpine/20-envsubst-on-templates.sh @@ -13,7 +13,7 @@ auto_envsubst() { defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 + echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable" 1>&2 return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do diff --git a/mainline/buster-perl/10-listen-on-ipv6-by-default.sh b/mainline/buster-perl/10-listen-on-ipv6-by-default.sh index 85418f3c..f9cf4dad 100755 --- a/mainline/buster-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/buster-perl/10-listen-on-ipv6-by-default.sh @@ -8,25 +8,25 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo "$ME: ipv6 not available, exiting" 1>&2 + echo "$ME: error: ipv6 not available" 1>&2 exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" 1>&2 exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting" >1&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" >1&2; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo "$ME: can not guess the operating system, exiting" 1>&2 + echo "$ME: error: can not guess the operating system" 1>&2 exit 0 fi @@ -36,19 +36,19 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" 1>&2 exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo "$ME: /$DEFAULT_CONF_FILE differs from the packages version, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" 1>&2 exit 0 } ;; *) - echo "$ME: Unsupported distribution, exiting" 1>&2 + echo "$ME: error: Unsupported distribution" 1>&2 exit 0 ;; esac diff --git a/mainline/buster-perl/20-envsubst-on-templates.sh b/mainline/buster-perl/20-envsubst-on-templates.sh index 38df3a67..545c765b 100755 --- a/mainline/buster-perl/20-envsubst-on-templates.sh +++ b/mainline/buster-perl/20-envsubst-on-templates.sh @@ -13,7 +13,7 @@ auto_envsubst() { defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 + echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable" 1>&2 return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do diff --git a/mainline/buster/10-listen-on-ipv6-by-default.sh b/mainline/buster/10-listen-on-ipv6-by-default.sh index 85418f3c..f9cf4dad 100755 --- a/mainline/buster/10-listen-on-ipv6-by-default.sh +++ b/mainline/buster/10-listen-on-ipv6-by-default.sh @@ -8,25 +8,25 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo "$ME: ipv6 not available, exiting" 1>&2 + echo "$ME: error: ipv6 not available" 1>&2 exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" 1>&2 exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting" >1&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" >1&2; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo "$ME: can not guess the operating system, exiting" 1>&2 + echo "$ME: error: can not guess the operating system" 1>&2 exit 0 fi @@ -36,19 +36,19 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" 1>&2 exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo "$ME: /$DEFAULT_CONF_FILE differs from the packages version, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" 1>&2 exit 0 } ;; *) - echo "$ME: Unsupported distribution, exiting" 1>&2 + echo "$ME: error: Unsupported distribution" 1>&2 exit 0 ;; esac diff --git a/mainline/buster/20-envsubst-on-templates.sh b/mainline/buster/20-envsubst-on-templates.sh index 38df3a67..545c765b 100755 --- a/mainline/buster/20-envsubst-on-templates.sh +++ b/mainline/buster/20-envsubst-on-templates.sh @@ -13,7 +13,7 @@ auto_envsubst() { defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 + echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable" 1>&2 return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do diff --git a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh index 85418f3c..f9cf4dad 100755 --- a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -8,25 +8,25 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo "$ME: ipv6 not available, exiting" 1>&2 + echo "$ME: error: ipv6 not available" 1>&2 exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" 1>&2 exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting" >1&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" >1&2; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo "$ME: can not guess the operating system, exiting" 1>&2 + echo "$ME: error: can not guess the operating system" 1>&2 exit 0 fi @@ -36,19 +36,19 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" 1>&2 exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo "$ME: /$DEFAULT_CONF_FILE differs from the packages version, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" 1>&2 exit 0 } ;; *) - echo "$ME: Unsupported distribution, exiting" 1>&2 + echo "$ME: error: Unsupported distribution" 1>&2 exit 0 ;; esac diff --git a/stable/alpine-perl/20-envsubst-on-templates.sh b/stable/alpine-perl/20-envsubst-on-templates.sh index 38df3a67..545c765b 100755 --- a/stable/alpine-perl/20-envsubst-on-templates.sh +++ b/stable/alpine-perl/20-envsubst-on-templates.sh @@ -13,7 +13,7 @@ auto_envsubst() { defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 + echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable" 1>&2 return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do diff --git a/stable/alpine/10-listen-on-ipv6-by-default.sh b/stable/alpine/10-listen-on-ipv6-by-default.sh index 85418f3c..f9cf4dad 100755 --- a/stable/alpine/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine/10-listen-on-ipv6-by-default.sh @@ -8,25 +8,25 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo "$ME: ipv6 not available, exiting" 1>&2 + echo "$ME: error: ipv6 not available" 1>&2 exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" 1>&2 exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting" >1&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" >1&2; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo "$ME: can not guess the operating system, exiting" 1>&2 + echo "$ME: error: can not guess the operating system" 1>&2 exit 0 fi @@ -36,19 +36,19 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" 1>&2 exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo "$ME: /$DEFAULT_CONF_FILE differs from the packages version, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" 1>&2 exit 0 } ;; *) - echo "$ME: Unsupported distribution, exiting" 1>&2 + echo "$ME: error: Unsupported distribution" 1>&2 exit 0 ;; esac diff --git a/stable/alpine/20-envsubst-on-templates.sh b/stable/alpine/20-envsubst-on-templates.sh index 38df3a67..545c765b 100755 --- a/stable/alpine/20-envsubst-on-templates.sh +++ b/stable/alpine/20-envsubst-on-templates.sh @@ -13,7 +13,7 @@ auto_envsubst() { defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 + echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable" 1>&2 return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do diff --git a/stable/buster-perl/10-listen-on-ipv6-by-default.sh b/stable/buster-perl/10-listen-on-ipv6-by-default.sh index 85418f3c..f9cf4dad 100755 --- a/stable/buster-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/buster-perl/10-listen-on-ipv6-by-default.sh @@ -8,25 +8,25 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo "$ME: ipv6 not available, exiting" 1>&2 + echo "$ME: error: ipv6 not available" 1>&2 exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" 1>&2 exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting" >1&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" >1&2; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo "$ME: can not guess the operating system, exiting" 1>&2 + echo "$ME: error: can not guess the operating system" 1>&2 exit 0 fi @@ -36,19 +36,19 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" 1>&2 exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo "$ME: /$DEFAULT_CONF_FILE differs from the packages version, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" 1>&2 exit 0 } ;; *) - echo "$ME: Unsupported distribution, exiting" 1>&2 + echo "$ME: error: Unsupported distribution" 1>&2 exit 0 ;; esac diff --git a/stable/buster-perl/20-envsubst-on-templates.sh b/stable/buster-perl/20-envsubst-on-templates.sh index 38df3a67..545c765b 100755 --- a/stable/buster-perl/20-envsubst-on-templates.sh +++ b/stable/buster-perl/20-envsubst-on-templates.sh @@ -13,7 +13,7 @@ auto_envsubst() { defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 + echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable" 1>&2 return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do diff --git a/stable/buster/10-listen-on-ipv6-by-default.sh b/stable/buster/10-listen-on-ipv6-by-default.sh index 85418f3c..f9cf4dad 100755 --- a/stable/buster/10-listen-on-ipv6-by-default.sh +++ b/stable/buster/10-listen-on-ipv6-by-default.sh @@ -8,25 +8,25 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo "$ME: ipv6 not available, exiting" 1>&2 + echo "$ME: error: ipv6 not available" 1>&2 exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" 1>&2 exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting" >1&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" >1&2; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo "$ME: can not guess the operating system, exiting" 1>&2 + echo "$ME: error: can not guess the operating system" 1>&2 exit 0 fi @@ -36,19 +36,19 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" 1>&2 exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo "$ME: /$DEFAULT_CONF_FILE differs from the packages version, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" 1>&2 exit 0 } ;; *) - echo "$ME: Unsupported distribution, exiting" 1>&2 + echo "$ME: error: Unsupported distribution" 1>&2 exit 0 ;; esac diff --git a/stable/buster/20-envsubst-on-templates.sh b/stable/buster/20-envsubst-on-templates.sh index 38df3a67..545c765b 100755 --- a/stable/buster/20-envsubst-on-templates.sh +++ b/stable/buster/20-envsubst-on-templates.sh @@ -13,7 +13,7 @@ auto_envsubst() { defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 + echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable" 1>&2 return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do From 3dcf654f100182075f01dcb5f0c1e42c3fa402f2 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 18 Jun 2020 12:26:47 +0300 Subject: [PATCH 147/377] Fixed typo introduced in 172571e53c1c6dacc86bcef2b09abf91c451bd69 --- mainline/alpine-perl/10-listen-on-ipv6-by-default.sh | 2 +- mainline/alpine/10-listen-on-ipv6-by-default.sh | 2 +- mainline/buster-perl/10-listen-on-ipv6-by-default.sh | 2 +- mainline/buster/10-listen-on-ipv6-by-default.sh | 2 +- stable/alpine-perl/10-listen-on-ipv6-by-default.sh | 2 +- stable/alpine/10-listen-on-ipv6-by-default.sh | 2 +- stable/buster-perl/10-listen-on-ipv6-by-default.sh | 2 +- stable/buster/10-listen-on-ipv6-by-default.sh | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh index f9cf4dad..9636f4c6 100755 --- a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -18,7 +18,7 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" >1&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" 1>&2; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } diff --git a/mainline/alpine/10-listen-on-ipv6-by-default.sh b/mainline/alpine/10-listen-on-ipv6-by-default.sh index f9cf4dad..9636f4c6 100755 --- a/mainline/alpine/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine/10-listen-on-ipv6-by-default.sh @@ -18,7 +18,7 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" >1&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" 1>&2; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } diff --git a/mainline/buster-perl/10-listen-on-ipv6-by-default.sh b/mainline/buster-perl/10-listen-on-ipv6-by-default.sh index f9cf4dad..9636f4c6 100755 --- a/mainline/buster-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/buster-perl/10-listen-on-ipv6-by-default.sh @@ -18,7 +18,7 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" >1&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" 1>&2; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } diff --git a/mainline/buster/10-listen-on-ipv6-by-default.sh b/mainline/buster/10-listen-on-ipv6-by-default.sh index f9cf4dad..9636f4c6 100755 --- a/mainline/buster/10-listen-on-ipv6-by-default.sh +++ b/mainline/buster/10-listen-on-ipv6-by-default.sh @@ -18,7 +18,7 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" >1&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" 1>&2; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } diff --git a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh index f9cf4dad..9636f4c6 100755 --- a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -18,7 +18,7 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" >1&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" 1>&2; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } diff --git a/stable/alpine/10-listen-on-ipv6-by-default.sh b/stable/alpine/10-listen-on-ipv6-by-default.sh index f9cf4dad..9636f4c6 100755 --- a/stable/alpine/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine/10-listen-on-ipv6-by-default.sh @@ -18,7 +18,7 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" >1&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" 1>&2; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } diff --git a/stable/buster-perl/10-listen-on-ipv6-by-default.sh b/stable/buster-perl/10-listen-on-ipv6-by-default.sh index f9cf4dad..9636f4c6 100755 --- a/stable/buster-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/buster-perl/10-listen-on-ipv6-by-default.sh @@ -18,7 +18,7 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" >1&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" 1>&2; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } diff --git a/stable/buster/10-listen-on-ipv6-by-default.sh b/stable/buster/10-listen-on-ipv6-by-default.sh index f9cf4dad..9636f4c6 100755 --- a/stable/buster/10-listen-on-ipv6-by-default.sh +++ b/stable/buster/10-listen-on-ipv6-by-default.sh @@ -18,7 +18,7 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" >1&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" 1>&2; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } From ea63c8ef2ffbd861e0d504af0451f76dfba95832 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 10 Jul 2020 14:10:16 +0300 Subject: [PATCH 148/377] Updated mainline nginx to 1.19.1 and njs to 0.4.2 --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/buster-perl/Dockerfile | 4 ++-- mainline/buster/Dockerfile | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index ab362874..1950ff14 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.0 -ENV NJS_VERSION 0.4.1 +ENV NGINX_VERSION 1.19.1 +ENV NJS_VERSION 0.4.2 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index b33795b7..aea7a424 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.0 -ENV NJS_VERSION 0.4.1 +ENV NGINX_VERSION 1.19.1 +ENV NJS_VERSION 0.4.2 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index f4a99ce4..033ea6a7 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.0 -ENV NJS_VERSION 0.4.1 +ENV NGINX_VERSION 1.19.1 +ENV NJS_VERSION 0.4.2 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index 88784152..b7c29cbb 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.0 -ENV NJS_VERSION 0.4.1 +ENV NGINX_VERSION 1.19.1 +ENV NJS_VERSION 0.4.2 ENV PKG_RELEASE 1~buster RUN set -x \ From a88587d28928da1134d7a73d4fd2087bef966583 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 10 Jul 2020 14:12:43 +0300 Subject: [PATCH 149/377] Updated njs to 0.4.2 for stable images --- stable/alpine-perl/Dockerfile | 4 ++-- stable/alpine/Dockerfile | 4 ++-- stable/buster-perl/Dockerfile | 2 +- stable/buster/Dockerfile | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index c4e7d17e..da428ec6 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.18.0 -ENV NJS_VERSION 0.4.0 +ENV NJS_VERSION 0.4.2 ENV PKG_RELEASE 1 RUN set -x \ @@ -65,7 +65,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up -r 474 \ + && hg up -r 489 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 09e6b618..17cabf24 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.18.0 -ENV NJS_VERSION 0.4.0 +ENV NJS_VERSION 0.4.2 ENV PKG_RELEASE 1 RUN set -x \ @@ -64,7 +64,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up -r 474 \ + && hg up -r 489 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/buster-perl/Dockerfile b/stable/buster-perl/Dockerfile index bb582472..ea06f94e 100644 --- a/stable/buster-perl/Dockerfile +++ b/stable/buster-perl/Dockerfile @@ -3,7 +3,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.18.0 -ENV NJS_VERSION 0.4.0 +ENV NJS_VERSION 0.4.2 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/stable/buster/Dockerfile b/stable/buster/Dockerfile index 6c98f2f7..2e6c4618 100644 --- a/stable/buster/Dockerfile +++ b/stable/buster/Dockerfile @@ -3,7 +3,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.18.0 -ENV NJS_VERSION 0.4.0 +ENV NJS_VERSION 0.4.2 ENV PKG_RELEASE 1~buster RUN set -x \ From 793319d7251c03eccecbf27b60e0cfbbd2d1f400 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 10 Jul 2020 14:23:41 +0300 Subject: [PATCH 150/377] Made all entrypoint scripts honour NGINX_ENTRYPOINT_QUIET_LOGS in full Fixes #437 --- .../alpine-perl/10-listen-on-ipv6-by-default.sh | 14 +++++++------- mainline/alpine-perl/20-envsubst-on-templates.sh | 2 +- mainline/alpine/10-listen-on-ipv6-by-default.sh | 14 +++++++------- mainline/alpine/20-envsubst-on-templates.sh | 2 +- .../buster-perl/10-listen-on-ipv6-by-default.sh | 14 +++++++------- mainline/buster-perl/20-envsubst-on-templates.sh | 2 +- mainline/buster/10-listen-on-ipv6-by-default.sh | 14 +++++++------- mainline/buster/20-envsubst-on-templates.sh | 2 +- stable/alpine-perl/10-listen-on-ipv6-by-default.sh | 14 +++++++------- stable/alpine-perl/20-envsubst-on-templates.sh | 2 +- stable/alpine/10-listen-on-ipv6-by-default.sh | 14 +++++++------- stable/alpine/20-envsubst-on-templates.sh | 2 +- stable/buster-perl/10-listen-on-ipv6-by-default.sh | 14 +++++++------- stable/buster-perl/20-envsubst-on-templates.sh | 2 +- stable/buster/10-listen-on-ipv6-by-default.sh | 14 +++++++------- stable/buster/20-envsubst-on-templates.sh | 2 +- 16 files changed, 64 insertions(+), 64 deletions(-) diff --git a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh index 9636f4c6..9f73f9da 100755 --- a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -8,17 +8,17 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo "$ME: error: ipv6 not available" 1>&2 + echo >&3 "$ME: error: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" 1>&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } @@ -26,7 +26,7 @@ grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo "$ME: error: can not guess the operating system" 1>&2 + echo >&3 "$ME: error: can not guess the operating system" exit 0 fi @@ -36,19 +36,19 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" exit 0 } ;; *) - echo "$ME: error: Unsupported distribution" 1>&2 + echo >&3 "$ME: error: Unsupported distribution" exit 0 ;; esac diff --git a/mainline/alpine-perl/20-envsubst-on-templates.sh b/mainline/alpine-perl/20-envsubst-on-templates.sh index 545c765b..4f330295 100755 --- a/mainline/alpine-perl/20-envsubst-on-templates.sh +++ b/mainline/alpine-perl/20-envsubst-on-templates.sh @@ -13,7 +13,7 @@ auto_envsubst() { defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable" 1>&2 + echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do diff --git a/mainline/alpine/10-listen-on-ipv6-by-default.sh b/mainline/alpine/10-listen-on-ipv6-by-default.sh index 9636f4c6..9f73f9da 100755 --- a/mainline/alpine/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine/10-listen-on-ipv6-by-default.sh @@ -8,17 +8,17 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo "$ME: error: ipv6 not available" 1>&2 + echo >&3 "$ME: error: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" 1>&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } @@ -26,7 +26,7 @@ grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo "$ME: error: can not guess the operating system" 1>&2 + echo >&3 "$ME: error: can not guess the operating system" exit 0 fi @@ -36,19 +36,19 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" exit 0 } ;; *) - echo "$ME: error: Unsupported distribution" 1>&2 + echo >&3 "$ME: error: Unsupported distribution" exit 0 ;; esac diff --git a/mainline/alpine/20-envsubst-on-templates.sh b/mainline/alpine/20-envsubst-on-templates.sh index 545c765b..4f330295 100755 --- a/mainline/alpine/20-envsubst-on-templates.sh +++ b/mainline/alpine/20-envsubst-on-templates.sh @@ -13,7 +13,7 @@ auto_envsubst() { defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable" 1>&2 + echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do diff --git a/mainline/buster-perl/10-listen-on-ipv6-by-default.sh b/mainline/buster-perl/10-listen-on-ipv6-by-default.sh index 9636f4c6..9f73f9da 100755 --- a/mainline/buster-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/buster-perl/10-listen-on-ipv6-by-default.sh @@ -8,17 +8,17 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo "$ME: error: ipv6 not available" 1>&2 + echo >&3 "$ME: error: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" 1>&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } @@ -26,7 +26,7 @@ grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo "$ME: error: can not guess the operating system" 1>&2 + echo >&3 "$ME: error: can not guess the operating system" exit 0 fi @@ -36,19 +36,19 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" exit 0 } ;; *) - echo "$ME: error: Unsupported distribution" 1>&2 + echo >&3 "$ME: error: Unsupported distribution" exit 0 ;; esac diff --git a/mainline/buster-perl/20-envsubst-on-templates.sh b/mainline/buster-perl/20-envsubst-on-templates.sh index 545c765b..4f330295 100755 --- a/mainline/buster-perl/20-envsubst-on-templates.sh +++ b/mainline/buster-perl/20-envsubst-on-templates.sh @@ -13,7 +13,7 @@ auto_envsubst() { defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable" 1>&2 + echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do diff --git a/mainline/buster/10-listen-on-ipv6-by-default.sh b/mainline/buster/10-listen-on-ipv6-by-default.sh index 9636f4c6..9f73f9da 100755 --- a/mainline/buster/10-listen-on-ipv6-by-default.sh +++ b/mainline/buster/10-listen-on-ipv6-by-default.sh @@ -8,17 +8,17 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo "$ME: error: ipv6 not available" 1>&2 + echo >&3 "$ME: error: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" 1>&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } @@ -26,7 +26,7 @@ grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo "$ME: error: can not guess the operating system" 1>&2 + echo >&3 "$ME: error: can not guess the operating system" exit 0 fi @@ -36,19 +36,19 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" exit 0 } ;; *) - echo "$ME: error: Unsupported distribution" 1>&2 + echo >&3 "$ME: error: Unsupported distribution" exit 0 ;; esac diff --git a/mainline/buster/20-envsubst-on-templates.sh b/mainline/buster/20-envsubst-on-templates.sh index 545c765b..4f330295 100755 --- a/mainline/buster/20-envsubst-on-templates.sh +++ b/mainline/buster/20-envsubst-on-templates.sh @@ -13,7 +13,7 @@ auto_envsubst() { defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable" 1>&2 + echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do diff --git a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh index 9636f4c6..9f73f9da 100755 --- a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -8,17 +8,17 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo "$ME: error: ipv6 not available" 1>&2 + echo >&3 "$ME: error: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" 1>&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } @@ -26,7 +26,7 @@ grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo "$ME: error: can not guess the operating system" 1>&2 + echo >&3 "$ME: error: can not guess the operating system" exit 0 fi @@ -36,19 +36,19 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" exit 0 } ;; *) - echo "$ME: error: Unsupported distribution" 1>&2 + echo >&3 "$ME: error: Unsupported distribution" exit 0 ;; esac diff --git a/stable/alpine-perl/20-envsubst-on-templates.sh b/stable/alpine-perl/20-envsubst-on-templates.sh index 545c765b..4f330295 100755 --- a/stable/alpine-perl/20-envsubst-on-templates.sh +++ b/stable/alpine-perl/20-envsubst-on-templates.sh @@ -13,7 +13,7 @@ auto_envsubst() { defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable" 1>&2 + echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do diff --git a/stable/alpine/10-listen-on-ipv6-by-default.sh b/stable/alpine/10-listen-on-ipv6-by-default.sh index 9636f4c6..9f73f9da 100755 --- a/stable/alpine/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine/10-listen-on-ipv6-by-default.sh @@ -8,17 +8,17 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo "$ME: error: ipv6 not available" 1>&2 + echo >&3 "$ME: error: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" 1>&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } @@ -26,7 +26,7 @@ grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo "$ME: error: can not guess the operating system" 1>&2 + echo >&3 "$ME: error: can not guess the operating system" exit 0 fi @@ -36,19 +36,19 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" exit 0 } ;; *) - echo "$ME: error: Unsupported distribution" 1>&2 + echo >&3 "$ME: error: Unsupported distribution" exit 0 ;; esac diff --git a/stable/alpine/20-envsubst-on-templates.sh b/stable/alpine/20-envsubst-on-templates.sh index 545c765b..4f330295 100755 --- a/stable/alpine/20-envsubst-on-templates.sh +++ b/stable/alpine/20-envsubst-on-templates.sh @@ -13,7 +13,7 @@ auto_envsubst() { defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable" 1>&2 + echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do diff --git a/stable/buster-perl/10-listen-on-ipv6-by-default.sh b/stable/buster-perl/10-listen-on-ipv6-by-default.sh index 9636f4c6..9f73f9da 100755 --- a/stable/buster-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/buster-perl/10-listen-on-ipv6-by-default.sh @@ -8,17 +8,17 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo "$ME: error: ipv6 not available" 1>&2 + echo >&3 "$ME: error: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" 1>&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } @@ -26,7 +26,7 @@ grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo "$ME: error: can not guess the operating system" 1>&2 + echo >&3 "$ME: error: can not guess the operating system" exit 0 fi @@ -36,19 +36,19 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" exit 0 } ;; *) - echo "$ME: error: Unsupported distribution" 1>&2 + echo >&3 "$ME: error: Unsupported distribution" exit 0 ;; esac diff --git a/stable/buster-perl/20-envsubst-on-templates.sh b/stable/buster-perl/20-envsubst-on-templates.sh index 545c765b..4f330295 100755 --- a/stable/buster-perl/20-envsubst-on-templates.sh +++ b/stable/buster-perl/20-envsubst-on-templates.sh @@ -13,7 +13,7 @@ auto_envsubst() { defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable" 1>&2 + echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do diff --git a/stable/buster/10-listen-on-ipv6-by-default.sh b/stable/buster/10-listen-on-ipv6-by-default.sh index 9636f4c6..9f73f9da 100755 --- a/stable/buster/10-listen-on-ipv6-by-default.sh +++ b/stable/buster/10-listen-on-ipv6-by-default.sh @@ -8,17 +8,17 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo "$ME: error: ipv6 not available" 1>&2 + echo >&3 "$ME: error: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" 1>&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } @@ -26,7 +26,7 @@ grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo "$ME: error: can not guess the operating system" 1>&2 + echo >&3 "$ME: error: can not guess the operating system" exit 0 fi @@ -36,19 +36,19 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" exit 0 } ;; *) - echo "$ME: error: Unsupported distribution" 1>&2 + echo >&3 "$ME: error: Unsupported distribution" exit 0 ;; esac diff --git a/stable/buster/20-envsubst-on-templates.sh b/stable/buster/20-envsubst-on-templates.sh index 545c765b..4f330295 100755 --- a/stable/buster/20-envsubst-on-templates.sh +++ b/stable/buster/20-envsubst-on-templates.sh @@ -13,7 +13,7 @@ auto_envsubst() { defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable" 1>&2 + echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do From 9774b522d4661effea57a1fbf64c883e699ac3ec Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 13 Aug 2020 11:27:00 +0300 Subject: [PATCH 151/377] Update nginx to 1.19.2 and njs to 0.4.3 on mainline images --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/buster-perl/Dockerfile | 4 ++-- mainline/buster/Dockerfile | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 1950ff14..1fdeb33e 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.1 -ENV NJS_VERSION 0.4.2 +ENV NGINX_VERSION 1.19.2 +ENV NJS_VERSION 0.4.3 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index aea7a424..b2b59d86 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.1 -ENV NJS_VERSION 0.4.2 +ENV NGINX_VERSION 1.19.2 +ENV NJS_VERSION 0.4.3 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index 033ea6a7..244c5d6c 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.1 -ENV NJS_VERSION 0.4.2 +ENV NGINX_VERSION 1.19.2 +ENV NJS_VERSION 0.4.3 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index b7c29cbb..6c31244a 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.1 -ENV NJS_VERSION 0.4.2 +ENV NGINX_VERSION 1.19.2 +ENV NJS_VERSION 0.4.3 ENV PKG_RELEASE 1~buster RUN set -x \ From dded647966e2a2d09db621d896be6ee682085d5a Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 13 Aug 2020 11:28:44 +0300 Subject: [PATCH 152/377] Updated njs to 0.4.3 on stable images --- stable/alpine-perl/Dockerfile | 4 ++-- stable/alpine/Dockerfile | 4 ++-- stable/buster-perl/Dockerfile | 2 +- stable/buster/Dockerfile | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index da428ec6..7b44d35f 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.18.0 -ENV NJS_VERSION 0.4.2 +ENV NJS_VERSION 0.4.3 ENV PKG_RELEASE 1 RUN set -x \ @@ -65,7 +65,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up -r 489 \ + && hg up -r 494 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 17cabf24..f425e7a0 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.18.0 -ENV NJS_VERSION 0.4.2 +ENV NJS_VERSION 0.4.3 ENV PKG_RELEASE 1 RUN set -x \ @@ -64,7 +64,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up -r 489 \ + && hg up -r 494 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/buster-perl/Dockerfile b/stable/buster-perl/Dockerfile index ea06f94e..5ae0c767 100644 --- a/stable/buster-perl/Dockerfile +++ b/stable/buster-perl/Dockerfile @@ -3,7 +3,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.18.0 -ENV NJS_VERSION 0.4.2 +ENV NJS_VERSION 0.4.3 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/stable/buster/Dockerfile b/stable/buster/Dockerfile index 2e6c4618..2df09486 100644 --- a/stable/buster/Dockerfile +++ b/stable/buster/Dockerfile @@ -3,7 +3,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.18.0 -ENV NJS_VERSION 0.4.2 +ENV NJS_VERSION 0.4.3 ENV PKG_RELEASE 1~buster RUN set -x \ From aa41ddeef871b7f0ea64a44f26d3f4aa0e6d5e7b Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 13 Aug 2020 11:29:19 +0300 Subject: [PATCH 153/377] Moved mainline alpine images to 3.12 --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 1fdeb33e..631ce29b 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.11 +FROM alpine:3.12 LABEL maintainer="NGINX Docker Maintainers " diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index b2b59d86..6b185bff 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.11 +FROM alpine:3.12 LABEL maintainer="NGINX Docker Maintainers " From 0dc809fa606828a78087cd0a824bed06268d73e0 Mon Sep 17 00:00:00 2001 From: Nicolas Floquet Date: Mon, 5 Oct 2020 13:17:22 +0200 Subject: [PATCH 154/377] Update nginx version to 1.19.3 --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/buster-perl/Dockerfile | 4 ++-- mainline/buster/Dockerfile | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 631ce29b..52156c9a 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.12 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.2 -ENV NJS_VERSION 0.4.3 +ENV NGINX_VERSION 1.19.3 +ENV NJS_VERSION 0.4.4 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 6b185bff..79ae29e0 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.12 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.2 -ENV NJS_VERSION 0.4.3 +ENV NGINX_VERSION 1.19.3 +ENV NJS_VERSION 0.4.4 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index 244c5d6c..ef7c48f8 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.2 -ENV NJS_VERSION 0.4.3 +ENV NGINX_VERSION 1.19.3 +ENV NJS_VERSION 0.4.4 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index 6c31244a..c3747bc7 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.2 -ENV NJS_VERSION 0.4.3 +ENV NGINX_VERSION 1.19.3 +ENV NJS_VERSION 0.4.4 ENV PKG_RELEASE 1~buster RUN set -x \ From 5488180ebdd45b12b45107694dfa92dc878a2795 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 5 Oct 2020 15:23:50 +0300 Subject: [PATCH 155/377] Updated njs to 0.4.4 on stable images --- stable/alpine-perl/Dockerfile | 4 ++-- stable/alpine/Dockerfile | 4 ++-- stable/buster-perl/Dockerfile | 2 +- stable/buster/Dockerfile | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 7b44d35f..48f7ceda 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.18.0 -ENV NJS_VERSION 0.4.3 +ENV NJS_VERSION 0.4.4 ENV PKG_RELEASE 1 RUN set -x \ @@ -65,7 +65,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up -r 494 \ + && hg up -r 500 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index f425e7a0..9c38a418 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.18.0 -ENV NJS_VERSION 0.4.3 +ENV NJS_VERSION 0.4.4 ENV PKG_RELEASE 1 RUN set -x \ @@ -64,7 +64,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up -r 494 \ + && hg up -r 500 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/buster-perl/Dockerfile b/stable/buster-perl/Dockerfile index 5ae0c767..814652f7 100644 --- a/stable/buster-perl/Dockerfile +++ b/stable/buster-perl/Dockerfile @@ -3,7 +3,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.18.0 -ENV NJS_VERSION 0.4.3 +ENV NJS_VERSION 0.4.4 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/stable/buster/Dockerfile b/stable/buster/Dockerfile index 2df09486..3200ce0a 100644 --- a/stable/buster/Dockerfile +++ b/stable/buster/Dockerfile @@ -3,7 +3,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.18.0 -ENV NJS_VERSION 0.4.3 +ENV NJS_VERSION 0.4.4 ENV PKG_RELEASE 1~buster RUN set -x \ From a4208f853fa3fcb73a146a268fb2d5f0eee7733b Mon Sep 17 00:00:00 2001 From: Vlad GURDIGA Date: Mon, 31 Aug 2020 17:50:21 +0300 Subject: [PATCH 156/377] Fix typo in 10-listen-on-ipv6-by-default.sh --- mainline/alpine-perl/10-listen-on-ipv6-by-default.sh | 2 +- mainline/alpine/10-listen-on-ipv6-by-default.sh | 2 +- mainline/buster-perl/10-listen-on-ipv6-by-default.sh | 2 +- mainline/buster/10-listen-on-ipv6-by-default.sh | 2 +- stable/alpine-perl/10-listen-on-ipv6-by-default.sh | 2 +- stable/alpine/10-listen-on-ipv6-by-default.sh | 2 +- stable/buster-perl/10-listen-on-ipv6-by-default.sh | 2 +- stable/buster/10-listen-on-ipv6-by-default.sh | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh index 9f73f9da..54366c2c 100755 --- a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -43,7 +43,7 @@ case "$ID" in "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; diff --git a/mainline/alpine/10-listen-on-ipv6-by-default.sh b/mainline/alpine/10-listen-on-ipv6-by-default.sh index 9f73f9da..54366c2c 100755 --- a/mainline/alpine/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine/10-listen-on-ipv6-by-default.sh @@ -43,7 +43,7 @@ case "$ID" in "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; diff --git a/mainline/buster-perl/10-listen-on-ipv6-by-default.sh b/mainline/buster-perl/10-listen-on-ipv6-by-default.sh index 9f73f9da..54366c2c 100755 --- a/mainline/buster-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/buster-perl/10-listen-on-ipv6-by-default.sh @@ -43,7 +43,7 @@ case "$ID" in "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; diff --git a/mainline/buster/10-listen-on-ipv6-by-default.sh b/mainline/buster/10-listen-on-ipv6-by-default.sh index 9f73f9da..54366c2c 100755 --- a/mainline/buster/10-listen-on-ipv6-by-default.sh +++ b/mainline/buster/10-listen-on-ipv6-by-default.sh @@ -43,7 +43,7 @@ case "$ID" in "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; diff --git a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh index 9f73f9da..54366c2c 100755 --- a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -43,7 +43,7 @@ case "$ID" in "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; diff --git a/stable/alpine/10-listen-on-ipv6-by-default.sh b/stable/alpine/10-listen-on-ipv6-by-default.sh index 9f73f9da..54366c2c 100755 --- a/stable/alpine/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine/10-listen-on-ipv6-by-default.sh @@ -43,7 +43,7 @@ case "$ID" in "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; diff --git a/stable/buster-perl/10-listen-on-ipv6-by-default.sh b/stable/buster-perl/10-listen-on-ipv6-by-default.sh index 9f73f9da..54366c2c 100755 --- a/stable/buster-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/buster-perl/10-listen-on-ipv6-by-default.sh @@ -43,7 +43,7 @@ case "$ID" in "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; diff --git a/stable/buster/10-listen-on-ipv6-by-default.sh b/stable/buster/10-listen-on-ipv6-by-default.sh index 9f73f9da..54366c2c 100755 --- a/stable/buster/10-listen-on-ipv6-by-default.sh +++ b/stable/buster/10-listen-on-ipv6-by-default.sh @@ -43,7 +43,7 @@ case "$ID" in "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; From aebdace36df83690ca283405efd283bc750ff41e Mon Sep 17 00:00:00 2001 From: J0WI Date: Tue, 3 Nov 2020 23:38:56 +0100 Subject: [PATCH 157/377] Update nginx to 1.19.4 --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/buster-perl/Dockerfile | 2 +- mainline/buster/Dockerfile | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 52156c9a..7e032074 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.12 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.3 +ENV NGINX_VERSION 1.19.4 ENV NJS_VERSION 0.4.4 ENV PKG_RELEASE 1 diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 79ae29e0..19bf8d42 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.12 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.3 +ENV NGINX_VERSION 1.19.4 ENV NJS_VERSION 0.4.4 ENV PKG_RELEASE 1 diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index ef7c48f8..e989dbee 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -2,7 +2,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.3 +ENV NGINX_VERSION 1.19.4 ENV NJS_VERSION 0.4.4 ENV PKG_RELEASE 1~buster diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index c3747bc7..94f0bf66 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -2,7 +2,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.3 +ENV NGINX_VERSION 1.19.4 ENV NJS_VERSION 0.4.4 ENV PKG_RELEASE 1~buster From deff8fbe9d3e8613de110265aa932d84d1827acf Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 5 Nov 2020 12:12:27 +0300 Subject: [PATCH 158/377] Fixed njs package versioning --- mainline/buster-perl/Dockerfile | 2 +- mainline/buster/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index e989dbee..edba63dc 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -33,7 +33,7 @@ RUN set -x \ nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ amd64|i386) \ diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index 94f0bf66..b3f07e4a 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -32,7 +32,7 @@ RUN set -x \ nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ amd64|i386) \ From d5f4d236dccea71a84c410170566d397066612a5 Mon Sep 17 00:00:00 2001 From: Dmitry Verkhoturov Date: Tue, 10 Nov 2020 16:14:41 +0100 Subject: [PATCH 159/377] Bump 1.18.0 PKG_RELEASE from 1 to 2 --- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- stable/buster-perl/Dockerfile | 2 +- stable/buster/Dockerfile | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 48f7ceda..b6d91ef4 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -4,7 +4,7 @@ LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.18.0 ENV NJS_VERSION 0.4.4 -ENV PKG_RELEASE 1 +ENV PKG_RELEASE 2 RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 9c38a418..ec708a03 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -4,7 +4,7 @@ LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.18.0 ENV NJS_VERSION 0.4.4 -ENV PKG_RELEASE 1 +ENV PKG_RELEASE 2 RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants diff --git a/stable/buster-perl/Dockerfile b/stable/buster-perl/Dockerfile index 814652f7..2fea6ed0 100644 --- a/stable/buster-perl/Dockerfile +++ b/stable/buster-perl/Dockerfile @@ -4,7 +4,7 @@ LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.18.0 ENV NJS_VERSION 0.4.4 -ENV PKG_RELEASE 1~buster +ENV PKG_RELEASE 2~buster RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants diff --git a/stable/buster/Dockerfile b/stable/buster/Dockerfile index 3200ce0a..5b912320 100644 --- a/stable/buster/Dockerfile +++ b/stable/buster/Dockerfile @@ -4,7 +4,7 @@ LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.18.0 ENV NJS_VERSION 0.4.4 -ENV PKG_RELEASE 1~buster +ENV PKG_RELEASE 2~buster RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants From c84a1a2d8845707821af2b79a210b234a805a6a2 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 11 Nov 2020 12:18:37 +0300 Subject: [PATCH 160/377] Lower the severity of logging messages on ipv6-enabling script. Fixes #419 --- mainline/alpine-perl/10-listen-on-ipv6-by-default.sh | 6 +++--- mainline/alpine/10-listen-on-ipv6-by-default.sh | 6 +++--- mainline/buster-perl/10-listen-on-ipv6-by-default.sh | 6 +++--- mainline/buster/10-listen-on-ipv6-by-default.sh | 6 +++--- stable/alpine-perl/10-listen-on-ipv6-by-default.sh | 6 +++--- stable/alpine/10-listen-on-ipv6-by-default.sh | 6 +++--- stable/buster-perl/10-listen-on-ipv6-by-default.sh | 6 +++--- stable/buster/10-listen-on-ipv6-by-default.sh | 6 +++--- 8 files changed, 24 insertions(+), 24 deletions(-) diff --git a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh index 54366c2c..832918a2 100755 --- a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -21,7 +21,7 @@ fi touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release @@ -36,14 +36,14 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; diff --git a/mainline/alpine/10-listen-on-ipv6-by-default.sh b/mainline/alpine/10-listen-on-ipv6-by-default.sh index 54366c2c..832918a2 100755 --- a/mainline/alpine/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine/10-listen-on-ipv6-by-default.sh @@ -21,7 +21,7 @@ fi touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release @@ -36,14 +36,14 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; diff --git a/mainline/buster-perl/10-listen-on-ipv6-by-default.sh b/mainline/buster-perl/10-listen-on-ipv6-by-default.sh index 54366c2c..832918a2 100755 --- a/mainline/buster-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/buster-perl/10-listen-on-ipv6-by-default.sh @@ -21,7 +21,7 @@ fi touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release @@ -36,14 +36,14 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; diff --git a/mainline/buster/10-listen-on-ipv6-by-default.sh b/mainline/buster/10-listen-on-ipv6-by-default.sh index 54366c2c..832918a2 100755 --- a/mainline/buster/10-listen-on-ipv6-by-default.sh +++ b/mainline/buster/10-listen-on-ipv6-by-default.sh @@ -21,7 +21,7 @@ fi touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release @@ -36,14 +36,14 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; diff --git a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh index 54366c2c..832918a2 100755 --- a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -21,7 +21,7 @@ fi touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release @@ -36,14 +36,14 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; diff --git a/stable/alpine/10-listen-on-ipv6-by-default.sh b/stable/alpine/10-listen-on-ipv6-by-default.sh index 54366c2c..832918a2 100755 --- a/stable/alpine/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine/10-listen-on-ipv6-by-default.sh @@ -21,7 +21,7 @@ fi touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release @@ -36,14 +36,14 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; diff --git a/stable/buster-perl/10-listen-on-ipv6-by-default.sh b/stable/buster-perl/10-listen-on-ipv6-by-default.sh index 54366c2c..832918a2 100755 --- a/stable/buster-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/buster-perl/10-listen-on-ipv6-by-default.sh @@ -21,7 +21,7 @@ fi touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release @@ -36,14 +36,14 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; diff --git a/stable/buster/10-listen-on-ipv6-by-default.sh b/stable/buster/10-listen-on-ipv6-by-default.sh index 54366c2c..832918a2 100755 --- a/stable/buster/10-listen-on-ipv6-by-default.sh +++ b/stable/buster/10-listen-on-ipv6-by-default.sh @@ -21,7 +21,7 @@ fi touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release @@ -36,14 +36,14 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; From 4a6623af8e1035cf32b5cb7829a3e8106406cccd Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 12 Nov 2020 18:19:40 +0300 Subject: [PATCH 161/377] Fixed stable alpine builds on non-amd64 --- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index b6d91ef4..7226df34 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -65,7 +65,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up -r 500 \ + && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index ec708a03..5eddcc29 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -64,7 +64,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up -r 500 \ + && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ From 56a20ba866321e5e5a3bd7dc2569d4a182e62506 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 18 Nov 2020 21:16:51 +0300 Subject: [PATCH 162/377] Added update script and template to make changes management easier --- Dockerfile-alpine.template | 114 ++++++++++++++++ Dockerfile-debian.template | 105 +++++++++++++++ entrypoint/10-listen-on-ipv6-by-default.sh | 61 +++++++++ entrypoint/20-envsubst-on-templates.sh | 32 +++++ entrypoint/docker-entrypoint.sh | 38 ++++++ update.sh | 148 +++++++++++++++++++++ 6 files changed, 498 insertions(+) create mode 100644 Dockerfile-alpine.template create mode 100644 Dockerfile-debian.template create mode 100755 entrypoint/10-listen-on-ipv6-by-default.sh create mode 100755 entrypoint/20-envsubst-on-templates.sh create mode 100755 entrypoint/docker-entrypoint.sh create mode 100755 update.sh diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template new file mode 100644 index 00000000..56e62f36 --- /dev/null +++ b/Dockerfile-alpine.template @@ -0,0 +1,114 @@ +FROM alpine:%%ALPINE_VERSION%% + +LABEL maintainer="NGINX Docker Maintainers " + +ENV NGINX_VERSION %%NGINX_VERSION%% +ENV NJS_VERSION %%NJS_VERSION%% +ENV PKG_RELEASE %%PKG_RELEASE%% + +RUN set -x \ +# create nginx user/group first, to be consistent throughout docker variants + && addgroup -g 101 -S nginx \ + && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \ + && apkArch="$(cat /etc/apk/arch)" \ + && nginxPackages="%%PACKAGES%% + " \ + && case "$apkArch" in \ + x86_64) \ +# arches officially built by upstream + set -x \ + && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && apk add --no-cache --virtual .cert-deps \ + openssl \ + && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ + && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + echo "key verification succeeded!"; \ + mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ + else \ + echo "key verification failed!"; \ + exit 1; \ + fi \ + && apk del .cert-deps \ + && apk add -X "%%PACKAGEREPO%%v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published packaging sources + set -x \ + && tempDir="$(mktemp -d)" \ + && chown nobody:nobody $tempDir \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre-dev \ + zlib-dev \ + linux-headers \ + libxslt-dev \ + gd-dev \ + geoip-dev \ + perl-dev \ + libedit-dev \ + mercurial \ + bash \ + alpine-sdk \ + findutils \ + && su nobody -s /bin/sh -c " \ + export HOME=${tempDir} \ + && cd ${tempDir} \ + && hg clone https://hg.nginx.org/pkg-oss \ + && cd pkg-oss \ + && hg up %%REVISION%% \ + && cd alpine \ + && make all \ + && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ + " \ + && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ + && apk del .build-deps \ + && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ + ;; \ + esac \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ +# Bring in gettext so we can get `envsubst`, then throw +# the rest away. To do this, we need to install `gettext` +# then move `envsubst` out of the way so `gettext` can +# be deleted completely, then move `envsubst` back. + && apk add --no-cache --virtual .gettext gettext \ + && mv /usr/bin/envsubst /tmp/ \ + \ + && runDeps="$( \ + scanelf --needed --nobanner /tmp/envsubst \ + | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ + | sort -u \ + | xargs -r apk info --installed \ + | sort -u \ + )" \ + && apk add --no-cache $runDeps \ + && apk del .gettext \ + && mv /tmp/envsubst /usr/local/bin/ \ +# Bring in tzdata so users could set the timezones through the environment +# variables + && apk add --no-cache tzdata \ +# Bring in curl and ca-certificates to make registering on DNS SD easier + && apk add --no-cache curl ca-certificates \ +# forward request and error logs to docker log collector + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ +# create a docker-entrypoint.d directory + && mkdir /docker-entrypoint.d + +COPY docker-entrypoint.sh / +COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 20-envsubst-on-templates.sh /docker-entrypoint.d +ENTRYPOINT ["/docker-entrypoint.sh"] + +EXPOSE 80 + +STOPSIGNAL SIGTERM + +CMD ["nginx", "-g", "daemon off;"] diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template new file mode 100644 index 00000000..ca89e8f9 --- /dev/null +++ b/Dockerfile-debian.template @@ -0,0 +1,105 @@ +FROM debian:%%DEBIAN_VERSION%%-slim + +LABEL maintainer="NGINX Docker Maintainers " + +ENV NGINX_VERSION %%NGINX_VERSION%% +ENV NJS_VERSION %%NJS_VERSION%% +ENV PKG_RELEASE %%PKG_RELEASE%% + +RUN set -x \ +# create nginx user/group first, to be consistent throughout docker variants + && addgroup --system --gid 101 nginx \ + && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ + && apt-get update \ + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ + && \ + NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + found=''; \ + for server in \ + ha.pool.sks-keyservers.net \ + hkp://keyserver.ubuntu.com:80 \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ + apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ + && dpkgArch="$(dpkg --print-architecture)" \ + && nginxPackages="%%PACKAGES%% + " \ + && case "$dpkgArch" in \ + amd64|i386) \ +# arches officialy built by upstream + echo "deb %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ + && apt-get update \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published source packages + echo "deb-src %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ + \ +# new directory for storing sources and .deb files + && tempDir="$(mktemp -d)" \ + && chmod 777 "$tempDir" \ +# (777 to ensure APT's "_apt" user can access it too) + \ +# save list of currently-installed packages so build dependencies can be cleanly removed later + && savedAptMark="$(apt-mark showmanual)" \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + && apt-get update \ + && apt-get build-dep -y $nginxPackages \ + && ( \ + cd "$tempDir" \ + && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile $nginxPackages \ + ) \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + && apt-mark showmanual | xargs apt-mark auto > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + && ls -lAFh "$tempDir" \ + && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ + && grep '^Package: ' "$tempDir/Packages" \ + && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + && apt-get -o Acquire::GzipIndexes=false update \ + ;; \ + esac \ + \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + $nginxPackages \ + gettext-base \ + curl \ + && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then \ + apt-get purge -y --auto-remove \ + && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi \ +# forward request and error logs to docker log collector + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ +# create a docker-entrypoint.d directory + && mkdir /docker-entrypoint.d + +COPY docker-entrypoint.sh / +COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 20-envsubst-on-templates.sh /docker-entrypoint.d +ENTRYPOINT ["/docker-entrypoint.sh"] + +EXPOSE 80 + +STOPSIGNAL SIGTERM + +CMD ["nginx", "-g", "daemon off;"] diff --git a/entrypoint/10-listen-on-ipv6-by-default.sh b/entrypoint/10-listen-on-ipv6-by-default.sh new file mode 100755 index 00000000..832918a2 --- /dev/null +++ b/entrypoint/10-listen-on-ipv6-by-default.sh @@ -0,0 +1,61 @@ +#!/bin/sh +# vim:sw=4:ts=4:et + +set -e + +ME=$(basename $0) +DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" + +# check if we have ipv6 available +if [ ! -f "/proc/net/if_inet6" ]; then + echo >&3 "$ME: error: ipv6 not available" + exit 0 +fi + +if [ ! -f "/$DEFAULT_CONF_FILE" ]; then + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" + exit 0 +fi + +# check if the file can be modified, e.g. not on a r/o filesystem +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } + +# check if the file is already modified, e.g. on a container restart +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } + +if [ -f "/etc/os-release" ]; then + . /etc/os-release +else + echo >&3 "$ME: error: can not guess the operating system" + exit 0 +fi + +echo >&3 "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" + +case "$ID" in + "debian") + CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + exit 0 + } + ;; + "alpine") + CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + exit 0 + } + ;; + *) + echo >&3 "$ME: error: Unsupported distribution" + exit 0 + ;; +esac + +# enable ipv6 on default.conf listen sockets +sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE + +echo >&3 "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" + +exit 0 diff --git a/entrypoint/20-envsubst-on-templates.sh b/entrypoint/20-envsubst-on-templates.sh new file mode 100755 index 00000000..4f330295 --- /dev/null +++ b/entrypoint/20-envsubst-on-templates.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +set -e + +ME=$(basename $0) + +auto_envsubst() { + local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" + local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" + local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + + local template defined_envs relative_path output_path subdir + defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + [ -d "$template_dir" ] || return 0 + if [ ! -w "$output_dir" ]; then + echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + return 0 + fi + find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do + relative_path="${template#$template_dir/}" + output_path="$output_dir/${relative_path%$suffix}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$output_dir/$subdir" + echo >&3 "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done +} + +auto_envsubst + +exit 0 diff --git a/entrypoint/docker-entrypoint.sh b/entrypoint/docker-entrypoint.sh new file mode 100755 index 00000000..88732541 --- /dev/null +++ b/entrypoint/docker-entrypoint.sh @@ -0,0 +1,38 @@ +#!/bin/sh +# vim:sw=4:ts=4:et + +set -e + +if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + exec 3>&1 +else + exec 3>/dev/null +fi + +if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then + echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + + echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do + case "$f" in + *.sh) + if [ -x "$f" ]; then + echo >&3 "$0: Launching $f"; + "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; + *) echo >&3 "$0: Ignoring $f";; + esac + done + + echo >&3 "$0: Configuration complete; ready for start up" + else + echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + fi +fi + +exec "$@" diff --git a/update.sh b/update.sh new file mode 100755 index 00000000..e0606bd0 --- /dev/null +++ b/update.sh @@ -0,0 +1,148 @@ +#!/usr/bin/env bash +set -Eeuo pipefail +shopt -s nullglob + +cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" + +declare branches=( + "stable" + "mainline" +) + +declare -A nginx=( + [mainline]='1.19.4' + [stable]='1.18.0' +) + +defaultnjs='0.4.4' +declare -A njs=( + #[stable]='0.4.3' +) + +defaultpkg='1' +declare -A pkg=( + [stable]=2 +) + +defaultdebian='buster' +declare -A debian=( + #[stable]='stretch' +) + +defaultalpine='3.12' +declare -A alpine=( + [stable]='3.11' +) + +# When we bump njs version in a stable release we don't move the tag in the +# mercurial repo. This setting allows us to specify a revision to check out +# when building alpine packages on architectures not supported by nginx.org +defaultrev='${NGINX_VERSION}-${PKG_RELEASE}' +declare -A rev=( + #[stable]='-r 500' +) + +get_packages() { + local distro="$1"; shift; + local branch="$1"; shift; + local perl= + local r= + local sep= + + case "$distro:$branch" in + alpine*:*) + r="r" + sep="." + ;; + debian*:stable) + sep="." + ;; + debian*:*) + sep="+" + ;; + esac + + case "$distro" in + *-perl) + perl="nginx-module-perl" + ;; + esac + + echo -n ' \\\n' + for p in nginx nginx-module-xslt nginx-module-geoip nginx-module-image-filter $perl; do + echo -n ' '"$p"'=${NGINX_VERSION}-'"$r"'${PKG_RELEASE} \\\n' + done + for p in nginx-module-njs; do + echo -n ' '"$p"'=${NGINX_VERSION}'"$sep"'${NJS_VERSION}-'"$r"'${PKG_RELEASE} \\' + done +} + +get_packagerepo() { + local distro="${1%-perl}"; shift; + local branch="$1"; shift; + + [ "$branch" = "mainline" ] && branch="$branch/" || branch="" + + echo "https://nginx.org/packages/${branch}${distro}/" +} + +get_packagever() { + local distro="${1%-perl}"; shift; + local branch="$1"; shift; + local suffix= + + [ "${distro}" = "debian" ] && suffix="~${debianver}" + + echo ${pkg[$branch]:-$defaultpkg}${suffix} +} + +generated_warning() { + cat << __EOF__ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# +__EOF__ +} + +for branch in "${branches[@]}"; do + for variant in \ + alpine{,-perl} \ + debian{,-perl} \ + ; do + echo "$branch: $variant" + dir="$branch/$variant" + variant="$(basename "$variant")" + + [ -d "$dir" ] || continue + + template="Dockerfile-${variant%-perl}.template" + { generated_warning; cat "$template"; } > "$dir/Dockerfile" + + debianver="${debian[$branch]:-$defaultdebian}" + alpinever="${alpine[$branch]:-$defaultalpine}" + nginxver="${nginx[$branch]}" + njsver="${njs[${branch}]:-$defaultnjs}" + pkgver="${pkg[${branch}]:-$defaultpkg}" + revver="${rev[${branch}]:-$defaultrev}" + + packagerepo=$(get_packagerepo "$variant" "$branch") + packages=$(get_packages "$variant" "$branch") + packagever=$(get_packagever "$variant" "$branch") + + sed -i \ + -e 's,%%ALPINE_VERSION%%,'"$alpinever"',' \ + -e 's,%%DEBIAN_VERSION%%,'"$debianver"',' \ + -e 's,%%NGINX_VERSION%%,'"$nginxver"',' \ + -e 's,%%NJS_VERSION%%,'"$njsver"',' \ + -e 's,%%PKG_RELEASE%%,'"$packagever"',' \ + -e 's,%%PACKAGES%%,'"$packages"',' \ + -e 's,%%PACKAGEREPO%%,'"$packagerepo"',' \ + -e 's,%%REVISION%%,'"$revver"',' \ + "$dir/Dockerfile" + + cp -a entrypoint/*.sh "$dir/" + + done +done From 4370fa1e7c8a2aa66205b26c3fb08beb2c37c1b0 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 18 Nov 2020 21:18:36 +0300 Subject: [PATCH 163/377] Renegerated targets via update.sh --- mainline/alpine-perl/Dockerfile | 5 +++++ mainline/alpine/Dockerfile | 5 +++++ .../10-listen-on-ipv6-by-default.sh | 0 .../{buster-perl => debian-perl}/20-envsubst-on-templates.sh | 0 mainline/{buster-perl => debian-perl}/Dockerfile | 5 +++++ mainline/{buster-perl => debian-perl}/docker-entrypoint.sh | 0 mainline/{buster => debian}/10-listen-on-ipv6-by-default.sh | 0 mainline/{buster => debian}/20-envsubst-on-templates.sh | 0 mainline/{buster => debian}/Dockerfile | 5 +++++ mainline/{buster => debian}/docker-entrypoint.sh | 0 stable/alpine-perl/Dockerfile | 5 +++++ stable/alpine/Dockerfile | 5 +++++ .../10-listen-on-ipv6-by-default.sh | 0 .../{buster-perl => debian-perl}/20-envsubst-on-templates.sh | 0 stable/{buster-perl => debian-perl}/Dockerfile | 5 +++++ stable/{buster-perl => debian-perl}/docker-entrypoint.sh | 0 stable/{buster => debian}/10-listen-on-ipv6-by-default.sh | 0 stable/{buster => debian}/20-envsubst-on-templates.sh | 0 stable/{buster => debian}/Dockerfile | 5 +++++ stable/{buster => debian}/docker-entrypoint.sh | 0 20 files changed, 40 insertions(+) rename mainline/{buster-perl => debian-perl}/10-listen-on-ipv6-by-default.sh (100%) rename mainline/{buster-perl => debian-perl}/20-envsubst-on-templates.sh (100%) rename mainline/{buster-perl => debian-perl}/Dockerfile (98%) rename mainline/{buster-perl => debian-perl}/docker-entrypoint.sh (100%) rename mainline/{buster => debian}/10-listen-on-ipv6-by-default.sh (100%) rename mainline/{buster => debian}/20-envsubst-on-templates.sh (100%) rename mainline/{buster => debian}/Dockerfile (98%) rename mainline/{buster => debian}/docker-entrypoint.sh (100%) rename stable/{buster-perl => debian-perl}/10-listen-on-ipv6-by-default.sh (100%) rename stable/{buster-perl => debian-perl}/20-envsubst-on-templates.sh (100%) rename stable/{buster-perl => debian-perl}/Dockerfile (98%) rename stable/{buster-perl => debian-perl}/docker-entrypoint.sh (100%) rename stable/{buster => debian}/10-listen-on-ipv6-by-default.sh (100%) rename stable/{buster => debian}/20-envsubst-on-templates.sh (100%) rename stable/{buster => debian}/Dockerfile (98%) rename stable/{buster => debian}/docker-entrypoint.sh (100%) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 7e032074..e0c54b80 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -1,3 +1,8 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# FROM alpine:3.12 LABEL maintainer="NGINX Docker Maintainers " diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 19bf8d42..69487071 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -1,3 +1,8 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# FROM alpine:3.12 LABEL maintainer="NGINX Docker Maintainers " diff --git a/mainline/buster-perl/10-listen-on-ipv6-by-default.sh b/mainline/debian-perl/10-listen-on-ipv6-by-default.sh similarity index 100% rename from mainline/buster-perl/10-listen-on-ipv6-by-default.sh rename to mainline/debian-perl/10-listen-on-ipv6-by-default.sh diff --git a/mainline/buster-perl/20-envsubst-on-templates.sh b/mainline/debian-perl/20-envsubst-on-templates.sh similarity index 100% rename from mainline/buster-perl/20-envsubst-on-templates.sh rename to mainline/debian-perl/20-envsubst-on-templates.sh diff --git a/mainline/buster-perl/Dockerfile b/mainline/debian-perl/Dockerfile similarity index 98% rename from mainline/buster-perl/Dockerfile rename to mainline/debian-perl/Dockerfile index edba63dc..7b34d369 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -1,3 +1,8 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " diff --git a/mainline/buster-perl/docker-entrypoint.sh b/mainline/debian-perl/docker-entrypoint.sh similarity index 100% rename from mainline/buster-perl/docker-entrypoint.sh rename to mainline/debian-perl/docker-entrypoint.sh diff --git a/mainline/buster/10-listen-on-ipv6-by-default.sh b/mainline/debian/10-listen-on-ipv6-by-default.sh similarity index 100% rename from mainline/buster/10-listen-on-ipv6-by-default.sh rename to mainline/debian/10-listen-on-ipv6-by-default.sh diff --git a/mainline/buster/20-envsubst-on-templates.sh b/mainline/debian/20-envsubst-on-templates.sh similarity index 100% rename from mainline/buster/20-envsubst-on-templates.sh rename to mainline/debian/20-envsubst-on-templates.sh diff --git a/mainline/buster/Dockerfile b/mainline/debian/Dockerfile similarity index 98% rename from mainline/buster/Dockerfile rename to mainline/debian/Dockerfile index b3f07e4a..34ff4e60 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/debian/Dockerfile @@ -1,3 +1,8 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " diff --git a/mainline/buster/docker-entrypoint.sh b/mainline/debian/docker-entrypoint.sh similarity index 100% rename from mainline/buster/docker-entrypoint.sh rename to mainline/debian/docker-entrypoint.sh diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 7226df34..fcb7da5b 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -1,3 +1,8 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 5eddcc29..1bf80d1f 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -1,3 +1,8 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " diff --git a/stable/buster-perl/10-listen-on-ipv6-by-default.sh b/stable/debian-perl/10-listen-on-ipv6-by-default.sh similarity index 100% rename from stable/buster-perl/10-listen-on-ipv6-by-default.sh rename to stable/debian-perl/10-listen-on-ipv6-by-default.sh diff --git a/stable/buster-perl/20-envsubst-on-templates.sh b/stable/debian-perl/20-envsubst-on-templates.sh similarity index 100% rename from stable/buster-perl/20-envsubst-on-templates.sh rename to stable/debian-perl/20-envsubst-on-templates.sh diff --git a/stable/buster-perl/Dockerfile b/stable/debian-perl/Dockerfile similarity index 98% rename from stable/buster-perl/Dockerfile rename to stable/debian-perl/Dockerfile index 2fea6ed0..64a1cf0d 100644 --- a/stable/buster-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -1,3 +1,8 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " diff --git a/stable/buster-perl/docker-entrypoint.sh b/stable/debian-perl/docker-entrypoint.sh similarity index 100% rename from stable/buster-perl/docker-entrypoint.sh rename to stable/debian-perl/docker-entrypoint.sh diff --git a/stable/buster/10-listen-on-ipv6-by-default.sh b/stable/debian/10-listen-on-ipv6-by-default.sh similarity index 100% rename from stable/buster/10-listen-on-ipv6-by-default.sh rename to stable/debian/10-listen-on-ipv6-by-default.sh diff --git a/stable/buster/20-envsubst-on-templates.sh b/stable/debian/20-envsubst-on-templates.sh similarity index 100% rename from stable/buster/20-envsubst-on-templates.sh rename to stable/debian/20-envsubst-on-templates.sh diff --git a/stable/buster/Dockerfile b/stable/debian/Dockerfile similarity index 98% rename from stable/buster/Dockerfile rename to stable/debian/Dockerfile index 5b912320..7cd94d52 100644 --- a/stable/buster/Dockerfile +++ b/stable/debian/Dockerfile @@ -1,3 +1,8 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " diff --git a/stable/buster/docker-entrypoint.sh b/stable/debian/docker-entrypoint.sh similarity index 100% rename from stable/buster/docker-entrypoint.sh rename to stable/debian/docker-entrypoint.sh From f836ba88de77f1b7c7d200c4c98625def7f7f102 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 18 Nov 2020 21:19:56 +0300 Subject: [PATCH 164/377] Updated generate-stackbrew-library.sh to pick up naming changes --- generate-stackbrew-library.sh | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 13e252de..4ebadcb0 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -9,10 +9,9 @@ aliases=( self="$(basename "$BASH_SOURCE")" cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" -base=buster +base=debian -versions=( */ ) -versions=( "${versions[@]%/}" ) +versions=( mainline stable ) # get the most recent commit which modified any of "$@" fileCommit() { @@ -69,7 +68,7 @@ for version in "${versions[@]}"; do Directory: $version/$base EOE - for variant in buster-perl; do + for variant in debian-perl; do commit="$(dirCommit "$version/$variant")" variantAliases=( "${versionAliases[@]/%/-perl}" ) From 08d37de30259d48b54c06172ae09736b70734ac9 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 18 Nov 2020 21:23:14 +0300 Subject: [PATCH 165/377] debian: don't build arm64 packages since nginx.org provides them now --- Dockerfile-debian.template | 2 +- mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 2 +- stable/debian-perl/Dockerfile | 2 +- stable/debian/Dockerfile | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index ca89e8f9..e614aae1 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -30,7 +30,7 @@ RUN set -x \ && nginxPackages="%%PACKAGES%% " \ && case "$dpkgArch" in \ - amd64|i386) \ + amd64|i386|arm64) \ # arches officialy built by upstream echo "deb %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 7b34d369..5ff72afc 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -41,7 +41,7 @@ RUN set -x \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ - amd64|i386) \ + amd64|i386|arm64) \ # arches officialy built by upstream echo "deb https://nginx.org/packages/mainline/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 34ff4e60..ab4595f6 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -40,7 +40,7 @@ RUN set -x \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ - amd64|i386) \ + amd64|i386|arm64) \ # arches officialy built by upstream echo "deb https://nginx.org/packages/mainline/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 64a1cf0d..a3cf3477 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -41,7 +41,7 @@ RUN set -x \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ - amd64|i386) \ + amd64|i386|arm64) \ # arches officialy built by upstream echo "deb https://nginx.org/packages/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 7cd94d52..b9cf7d16 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -40,7 +40,7 @@ RUN set -x \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ - amd64|i386) \ + amd64|i386|arm64) \ # arches officialy built by upstream echo "deb https://nginx.org/packages/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ From 3fb70ddd7094c1fdd50cc83d432643dc10ab6243 Mon Sep 17 00:00:00 2001 From: Patrick Scheid Date: Tue, 24 Nov 2020 16:43:57 +0300 Subject: [PATCH 166/377] Use SIGQUIT instead of SIGTERM for graceful shutdown of nginx Fixes #377, #457 --- Dockerfile-alpine.template | 2 +- Dockerfile-debian.template | 2 +- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- stable/debian-perl/Dockerfile | 2 +- stable/debian/Dockerfile | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 56e62f36..eb623c2e 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -109,6 +109,6 @@ ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 -STOPSIGNAL SIGTERM +STOPSIGNAL SIGQUIT CMD ["nginx", "-g", "daemon off;"] diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index e614aae1..8521d5a9 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -100,6 +100,6 @@ ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 -STOPSIGNAL SIGTERM +STOPSIGNAL SIGQUIT CMD ["nginx", "-g", "daemon off;"] diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index e0c54b80..1b5dfd07 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -120,6 +120,6 @@ ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 -STOPSIGNAL SIGTERM +STOPSIGNAL SIGQUIT CMD ["nginx", "-g", "daemon off;"] diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 69487071..dce93c6b 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -119,6 +119,6 @@ ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 -STOPSIGNAL SIGTERM +STOPSIGNAL SIGQUIT CMD ["nginx", "-g", "daemon off;"] diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 5ff72afc..1513ece8 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -111,6 +111,6 @@ ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 -STOPSIGNAL SIGTERM +STOPSIGNAL SIGQUIT CMD ["nginx", "-g", "daemon off;"] diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index ab4595f6..df444aea 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -110,6 +110,6 @@ ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 -STOPSIGNAL SIGTERM +STOPSIGNAL SIGQUIT CMD ["nginx", "-g", "daemon off;"] diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index fcb7da5b..d86c2ccd 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -120,6 +120,6 @@ ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 -STOPSIGNAL SIGTERM +STOPSIGNAL SIGQUIT CMD ["nginx", "-g", "daemon off;"] diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 1bf80d1f..bd34cfb1 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -119,6 +119,6 @@ ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 -STOPSIGNAL SIGTERM +STOPSIGNAL SIGQUIT CMD ["nginx", "-g", "daemon off;"] diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index a3cf3477..9998d132 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -111,6 +111,6 @@ ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 -STOPSIGNAL SIGTERM +STOPSIGNAL SIGQUIT CMD ["nginx", "-g", "daemon off;"] diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index b9cf7d16..a4b6b7f0 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -110,6 +110,6 @@ ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 -STOPSIGNAL SIGTERM +STOPSIGNAL SIGQUIT CMD ["nginx", "-g", "daemon off;"] From c411fdefd6655144f6cdab425026a8a427adc273 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 24 Nov 2020 17:08:46 +0300 Subject: [PATCH 167/377] Updated mainline nginx to 1.19.5 --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 2 +- update.sh | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 1b5dfd07..513d7c6e 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.12 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.4 +ENV NGINX_VERSION 1.19.5 ENV NJS_VERSION 0.4.4 ENV PKG_RELEASE 1 diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index dce93c6b..5fc76efc 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.12 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.4 +ENV NGINX_VERSION 1.19.5 ENV NJS_VERSION 0.4.4 ENV PKG_RELEASE 1 diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 1513ece8..2080b844 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -7,7 +7,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.4 +ENV NGINX_VERSION 1.19.5 ENV NJS_VERSION 0.4.4 ENV PKG_RELEASE 1~buster diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index df444aea..fd707c51 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,7 +7,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.4 +ENV NGINX_VERSION 1.19.5 ENV NJS_VERSION 0.4.4 ENV PKG_RELEASE 1~buster diff --git a/update.sh b/update.sh index e0606bd0..285d6553 100755 --- a/update.sh +++ b/update.sh @@ -10,7 +10,7 @@ declare branches=( ) declare -A nginx=( - [mainline]='1.19.4' + [mainline]='1.19.5' [stable]='1.18.0' ) From 3d618e31dedbc8a5c817c4dfc9d300f3e570b5a4 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 4 Dec 2020 19:03:58 +0300 Subject: [PATCH 168/377] Added a script to simplify images mirroring to AWS ECR --- sync-awsecr.sh | 154 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 154 insertions(+) create mode 100755 sync-awsecr.sh diff --git a/sync-awsecr.sh b/sync-awsecr.sh new file mode 100755 index 00000000..f9746f01 --- /dev/null +++ b/sync-awsecr.sh @@ -0,0 +1,154 @@ +#!/bin/bash +set -eu + +image="nginx" +registry="public.ecr.aws/z9d2n7e1" + +declare -A aliases +aliases=( + [mainline]='1 1.19 latest' + [stable]='1.18' +) + +architectures=( amd64 arm64v8 ) + +self="$(basename "$BASH_SOURCE")" +cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" +base=debian + +versions=( mainline stable ) + +pulllist=() +declare -A taglist +taglist=() + +# get the most recent commit which modified any of "$@" +fileCommit() { + git log -1 --format='format:%H' HEAD -- "$@" +} + +# get the most recent commit which modified "$1/Dockerfile" or any file COPY'd from "$1/Dockerfile" +dirCommit() { + local dir="$1"; shift + ( + cd "$dir" + fileCommit \ + Dockerfile \ + $(git show HEAD:./Dockerfile | awk ' + toupper($1) == "COPY" { + for (i = 2; i < NF; i++) { + print $i + } + } + ') + ) +} + +# prints "$2$1$3$1...$N" +join() { + local sep="$1"; shift + local out; printf -v out "${sep//%/%%}%s" "$@" + echo "${out#$sep}" +} + +for version in "${versions[@]}"; do + commit="$(dirCommit "$version/$base")" + fullVersion="$(git show "$commit":"$version/$base/Dockerfile" | awk '$1 == "ENV" && $2 == "NGINX_VERSION" { print $3; exit }')" + pulllist+=( "$image:$fullVersion" ) + for variant in perl alpine alpine-perl; do + pulllist+=( "$image:$fullVersion-$variant" ) + done +done + +for version in "${versions[@]}"; do + commit="$(dirCommit "$version/$base")" + + fullVersion="$(git show "$commit":"$version/$base/Dockerfile" | awk '$1 == "ENV" && $2 == "NGINX_VERSION" { print $3; exit }')" + + versionAliases=( $fullVersion ) + if [ "$version" != "$fullVersion" ]; then + versionAliases+=( $version ) + fi + versionAliases+=( ${aliases[$version]:-} ) + + for tag in ${versionAliases[@]:1}; do + taglist["$image:$tag"]="$image:$fullVersion" + done + + for variant in debian-perl; do + variantAliases=( "${versionAliases[@]/%/-perl}" ) + variantAliases=( "${variantAliases[@]//latest-/}" ) + + for tag in ${variantAliases[@]}; do + if [ "$tag" != "${fullVersion}-perl" ]; then + taglist["$image:$tag"]="$image:$fullVersion-perl" + fi + done + done + + for variant in alpine alpine-perl; do + commit="$(dirCommit "$version/$variant")" + + variantAliases=( "${versionAliases[@]/%/-$variant}" ) + variantAliases=( "${variantAliases[@]//latest-/}" ) + + for tag in ${variantAliases[@]}; do + if [ "$tag" != "${fullVersion}-$variant" ]; then + taglist["$image:$tag"]="$image:${fullVersion}-$variant" + fi + done + done + +done + +echo "#!/bin/sh" +echo "set -ex" +echo +echo "export DOCKER_CLI_EXPERIMENTAL=enabled" +echo +echo "# pulling stuff" +for arch in ${architectures[@]}; do +for tag in ${pulllist[@]}; do + echo "docker pull $arch/$tag"; +done +done + +echo + +echo "# tagging stuff" + +for arch in ${architectures[@]}; do +for tag in ${pulllist[@]}; do + echo "docker tag $arch/$tag $registry/$tag-$arch" +done +for tag in ${!taglist[@]}; do + echo "docker tag $arch/${taglist[$tag]} $registry/$tag-$arch" +done +done + +echo "# pushing stuff" + +for arch in ${architectures[@]}; do +for tag in ${pulllist[@]}; do + echo "docker push $registry/$tag-$arch" +done +for tag in ${!taglist[@]}; do + echo "docker push $registry/$tag-$arch" +done +done + +echo +echo "# manifesting stuff" +for tag in ${pulllist[@]} ${!taglist[@]}; do + string="docker manifest create --amend $registry/$tag" + for arch in ${architectures[@]}; do + string+=" $registry/$tag-$arch" + done + echo $string +done + +echo +echo "# pushing manifests" +for tag in ${pulllist[@]} ${!taglist[@]}; do + echo "docker manifest push --purge $registry/$tag" +done From 14e73942f37a7f4c1eb886a28b1e183555b4eacd Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 15 Dec 2020 17:37:27 +0300 Subject: [PATCH 169/377] 10-liste-on-ipv6-by-default: use "info" instead of error By popular request in https://github.com/nginxinc/docker-nginx/issues/419 --- entrypoint/10-listen-on-ipv6-by-default.sh | 14 +++++++------- .../alpine-perl/10-listen-on-ipv6-by-default.sh | 14 +++++++------- mainline/alpine/10-listen-on-ipv6-by-default.sh | 14 +++++++------- .../debian-perl/10-listen-on-ipv6-by-default.sh | 14 +++++++------- mainline/debian/10-listen-on-ipv6-by-default.sh | 14 +++++++------- stable/alpine-perl/10-listen-on-ipv6-by-default.sh | 14 +++++++------- stable/alpine/10-listen-on-ipv6-by-default.sh | 14 +++++++------- stable/debian-perl/10-listen-on-ipv6-by-default.sh | 14 +++++++------- stable/debian/10-listen-on-ipv6-by-default.sh | 14 +++++++------- 9 files changed, 63 insertions(+), 63 deletions(-) diff --git a/entrypoint/10-listen-on-ipv6-by-default.sh b/entrypoint/10-listen-on-ipv6-by-default.sh index 832918a2..9585152b 100755 --- a/entrypoint/10-listen-on-ipv6-by-default.sh +++ b/entrypoint/10-listen-on-ipv6-by-default.sh @@ -8,17 +8,17 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: error: ipv6 not available" + echo >&3 "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } @@ -26,11 +26,11 @@ grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: error: can not guess the operating system" + echo >&3 "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" +echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") @@ -48,7 +48,7 @@ case "$ID" in } ;; *) - echo >&3 "$ME: error: Unsupported distribution" + echo >&3 "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +56,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh index 832918a2..9585152b 100755 --- a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -8,17 +8,17 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: error: ipv6 not available" + echo >&3 "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } @@ -26,11 +26,11 @@ grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: error: can not guess the operating system" + echo >&3 "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" +echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") @@ -48,7 +48,7 @@ case "$ID" in } ;; *) - echo >&3 "$ME: error: Unsupported distribution" + echo >&3 "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +56,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/mainline/alpine/10-listen-on-ipv6-by-default.sh b/mainline/alpine/10-listen-on-ipv6-by-default.sh index 832918a2..9585152b 100755 --- a/mainline/alpine/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine/10-listen-on-ipv6-by-default.sh @@ -8,17 +8,17 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: error: ipv6 not available" + echo >&3 "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } @@ -26,11 +26,11 @@ grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: error: can not guess the operating system" + echo >&3 "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" +echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") @@ -48,7 +48,7 @@ case "$ID" in } ;; *) - echo >&3 "$ME: error: Unsupported distribution" + echo >&3 "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +56,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/mainline/debian-perl/10-listen-on-ipv6-by-default.sh b/mainline/debian-perl/10-listen-on-ipv6-by-default.sh index 832918a2..9585152b 100755 --- a/mainline/debian-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/debian-perl/10-listen-on-ipv6-by-default.sh @@ -8,17 +8,17 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: error: ipv6 not available" + echo >&3 "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } @@ -26,11 +26,11 @@ grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: error: can not guess the operating system" + echo >&3 "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" +echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") @@ -48,7 +48,7 @@ case "$ID" in } ;; *) - echo >&3 "$ME: error: Unsupported distribution" + echo >&3 "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +56,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/mainline/debian/10-listen-on-ipv6-by-default.sh b/mainline/debian/10-listen-on-ipv6-by-default.sh index 832918a2..9585152b 100755 --- a/mainline/debian/10-listen-on-ipv6-by-default.sh +++ b/mainline/debian/10-listen-on-ipv6-by-default.sh @@ -8,17 +8,17 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: error: ipv6 not available" + echo >&3 "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } @@ -26,11 +26,11 @@ grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: error: can not guess the operating system" + echo >&3 "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" +echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") @@ -48,7 +48,7 @@ case "$ID" in } ;; *) - echo >&3 "$ME: error: Unsupported distribution" + echo >&3 "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +56,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh index 832918a2..9585152b 100755 --- a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -8,17 +8,17 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: error: ipv6 not available" + echo >&3 "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } @@ -26,11 +26,11 @@ grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: error: can not guess the operating system" + echo >&3 "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" +echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") @@ -48,7 +48,7 @@ case "$ID" in } ;; *) - echo >&3 "$ME: error: Unsupported distribution" + echo >&3 "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +56,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/stable/alpine/10-listen-on-ipv6-by-default.sh b/stable/alpine/10-listen-on-ipv6-by-default.sh index 832918a2..9585152b 100755 --- a/stable/alpine/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine/10-listen-on-ipv6-by-default.sh @@ -8,17 +8,17 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: error: ipv6 not available" + echo >&3 "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } @@ -26,11 +26,11 @@ grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: error: can not guess the operating system" + echo >&3 "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" +echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") @@ -48,7 +48,7 @@ case "$ID" in } ;; *) - echo >&3 "$ME: error: Unsupported distribution" + echo >&3 "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +56,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/stable/debian-perl/10-listen-on-ipv6-by-default.sh b/stable/debian-perl/10-listen-on-ipv6-by-default.sh index 832918a2..9585152b 100755 --- a/stable/debian-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/debian-perl/10-listen-on-ipv6-by-default.sh @@ -8,17 +8,17 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: error: ipv6 not available" + echo >&3 "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } @@ -26,11 +26,11 @@ grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: error: can not guess the operating system" + echo >&3 "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" +echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") @@ -48,7 +48,7 @@ case "$ID" in } ;; *) - echo >&3 "$ME: error: Unsupported distribution" + echo >&3 "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +56,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/stable/debian/10-listen-on-ipv6-by-default.sh b/stable/debian/10-listen-on-ipv6-by-default.sh index 832918a2..9585152b 100755 --- a/stable/debian/10-listen-on-ipv6-by-default.sh +++ b/stable/debian/10-listen-on-ipv6-by-default.sh @@ -8,17 +8,17 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: error: ipv6 not available" + echo >&3 "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } @@ -26,11 +26,11 @@ grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: error: can not guess the operating system" + echo >&3 "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" +echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") @@ -48,7 +48,7 @@ case "$ID" in } ;; *) - echo >&3 "$ME: error: Unsupported distribution" + echo >&3 "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +56,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 From 41156d8a36bd03b2fb36353ba31f16ada08d9e48 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 15 Dec 2020 18:40:46 +0300 Subject: [PATCH 170/377] Updated mainline nginx to 1.19.6 and njs to 0.5.0 --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 4 ++-- update.sh | 6 +++--- 5 files changed, 11 insertions(+), 11 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 513d7c6e..53269308 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.12 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.5 -ENV NJS_VERSION 0.4.4 +ENV NGINX_VERSION 1.19.6 +ENV NJS_VERSION 0.5.0 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 5fc76efc..deafec08 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.12 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.5 -ENV NJS_VERSION 0.4.4 +ENV NGINX_VERSION 1.19.6 +ENV NJS_VERSION 0.5.0 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 2080b844..1f818c94 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -7,8 +7,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.5 -ENV NJS_VERSION 0.4.4 +ENV NGINX_VERSION 1.19.6 +ENV NJS_VERSION 0.5.0 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index fd707c51..43d69701 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.5 -ENV NJS_VERSION 0.4.4 +ENV NGINX_VERSION 1.19.6 +ENV NJS_VERSION 0.5.0 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/update.sh b/update.sh index 285d6553..828859fd 100755 --- a/update.sh +++ b/update.sh @@ -10,13 +10,13 @@ declare branches=( ) declare -A nginx=( - [mainline]='1.19.5' + [mainline]='1.19.6' [stable]='1.18.0' ) -defaultnjs='0.4.4' +defaultnjs='0.5.0' declare -A njs=( - #[stable]='0.4.3' + [stable]='0.4.4' ) defaultpkg='1' From fc5d895ad72b9d91162a8075197d0f7cadbbb197 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 2 Nov 2020 13:06:43 +0300 Subject: [PATCH 171/377] Provided a way to install third-party modules in a sane manner --- modules/Dockerfile | 67 +++++++++++++++++++++++++++++++ modules/Dockerfile.alpine | 67 +++++++++++++++++++++++++++++++ modules/README.md | 83 +++++++++++++++++++++++++++++++++++++++ modules/echo/build-deps | 1 + modules/echo/prebuild | 12 ++++++ modules/echo/source | 1 + 6 files changed, 231 insertions(+) create mode 100644 modules/Dockerfile create mode 100644 modules/Dockerfile.alpine create mode 100644 modules/README.md create mode 100644 modules/echo/build-deps create mode 100755 modules/echo/prebuild create mode 100644 modules/echo/source diff --git a/modules/Dockerfile b/modules/Dockerfile new file mode 100644 index 00000000..9ea6df85 --- /dev/null +++ b/modules/Dockerfile @@ -0,0 +1,67 @@ +FROM nginx:mainline as builder + +ARG ENABLED_MODULES + +RUN set -ex \ + && if [ "$ENABLED_MODULES" = "" ]; then \ + echo "No additional modules enabled, exiting"; \ + exit 1; \ + fi + +COPY ./ /modules/ + +RUN set -ex \ + && apt update \ + && apt install -y --no-install-suggests --no-install-recommends \ + patch make wget mercurial devscripts debhelper dpkg-dev \ + quilt lsb-release build-essential libxml2-utils xsltproc \ + equivs git g++ \ + && hg clone https://hg.nginx.org/pkg-oss/ \ + && cd pkg-oss \ + && mkdir /tmp/packages \ + && for module in $ENABLED_MODULES; do \ + echo "Building $module for nginx-$NGINX_VERSION"; \ + if [ -d /modules/$module ]; then \ + echo "Building $module from user-supplied sources"; \ + # check if module sources file is there and not empty + if [ ! -s /modules/$module/source ]; then \ + echo "No source file for $module in modules/$module/source, exiting"; \ + exit 1; \ + fi; \ + # some modules require build dependencies + if [ -f /modules/$module/build-deps ]; then \ + echo "Installing $module build dependencies"; \ + apt update && apt install -y --no-install-suggests --no-install-recommends $(cat /modules/$module/build-deps | xargs); \ + fi; \ + # if a module has a build dependency that is not in a distro, provide a + # shell script to fetch/build/install those + # note that shared libraries produced as a result of this script will + # not be copied from the builder image to the main one so build static + if [ -x /modules/$module/prebuild ]; then \ + echo "Running prebuild script for $module"; \ + /modules/$module/prebuild; \ + fi; \ + /pkg-oss/build_module.sh -v $NGINX_VERSION -f -y -o /tmp/packages -n $module $(cat /modules/$module/source); \ + elif make -C /pkg-oss/debian list | grep -P "^$module\s+\d" > /dev/null; then \ + echo "Building $module from pkg-oss sources"; \ + cd /pkg-oss/debian; \ + make rules-module-$module BASE_VERSION=$NGINX_VERSION; \ + mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" debuild-module-$module/nginx-$NGINX_VERSION/debian/control; \ + make module-$module BASE_VERSION=$NGINX_VERSION; \ + find ../../ -maxdepth 1 -mindepth 1 -type f -name "*.deb" -exec mv -v {} /tmp/packages/ \;; \ + else \ + echo "Don't know how to build $module module, exiting"; \ + exit 1; \ + fi; \ + done + +FROM nginx:mainline +ARG ENABLED_MODULES +COPY --from=builder /tmp/packages /tmp/packages +RUN set -ex \ + && apt update \ + && for module in $ENABLED_MODULES; do \ + apt install --no-install-suggests --no-install-recommends -y /tmp/packages/nginx-module-${module}_${NGINX_VERSION}*.deb; \ + done \ + && rm -rf /tmp/packages \ + && rm -rf /var/lib/apt/lists/ diff --git a/modules/Dockerfile.alpine b/modules/Dockerfile.alpine new file mode 100644 index 00000000..b2b8b3e3 --- /dev/null +++ b/modules/Dockerfile.alpine @@ -0,0 +1,67 @@ +FROM nginx:mainline-alpine as builder + +ARG ENABLED_MODULES + +RUN set -ex \ + && if [ "$ENABLED_MODULES" = "" ]; then \ + echo "No additional modules enabled, exiting"; \ + exit 1; \ + fi + +COPY ./ /modules/ + +RUN set -ex \ + && apk update \ + && apk add linux-headers openssl-dev pcre-dev zlib-dev openssl abuild \ + musl-dev libxslt libxml2-utils make mercurial gcc unzip git \ + xz g++ \ + # allow abuild as a root user \ + && printf "#!/bin/sh\\n/usr/bin/abuild -F \"\$@\"\\n" > /usr/local/bin/abuild \ + && chmod +x /usr/local/bin/abuild \ + && hg clone https://hg.nginx.org/pkg-oss/ \ + && cd pkg-oss \ + && mkdir /tmp/packages \ + && for module in $ENABLED_MODULES; do \ + echo "Building $module for nginx-$NGINX_VERSION"; \ + if [ -d /modules/$module ]; then \ + echo "Building $module from user-supplied sources"; \ + # check if module sources file is there and not empty + if [ ! -s /modules/$module/source ]; then \ + echo "No source file for $module in modules/$module/source, exiting"; \ + exit 1; \ + fi; \ + # some modules require build dependencies + if [ -f /modules/$module/build-deps ]; then \ + echo "Installing $module build dependencies"; \ + apk update && apk add $(cat /modules/$module/build-deps | xargs); \ + fi; \ + # if a module has a build dependency that is not in a distro, provide a + # shell script to fetch/build/install those + # note that shared libraries produced as a result of this script will + # not be copied from the builder image to the main one so build static + if [ -x /modules/$module/prebuild ]; then \ + echo "Running prebuild script for $module"; \ + /modules/$module/prebuild; \ + fi; \ + /pkg-oss/build_module.sh -v $NGINX_VERSION -f -y -o /tmp/packages -n $module $(cat /modules/$module/source); \ + elif make -C /pkg-oss/alpine list | grep -E "^$module\s+\d+" > /dev/null; then \ + echo "Building $module from pkg-oss sources"; \ + cd /pkg-oss/alpine; \ + make abuild-module-$module BASE_VERSION=$NGINX_VERSION; \ + apk add $(. ./abuild-module-$module/APKBUILD; echo $makedepends;); \ + make module-$module BASE_VERSION=$NGINX_VERSION; \ + find ~/packages -type f -name "*.apk" -exec mv -v {} /tmp/packages/ \;; \ + else \ + echo "Don't know how to build $module module, exiting"; \ + exit 1; \ + fi; \ + done + +FROM nginx:mainline-alpine +ARG ENABLED_MODULES +COPY --from=builder /tmp/packages /tmp/packages +RUN set -ex \ + && for module in $ENABLED_MODULES; do \ + apk add --no-cache --allow-untrusted /tmp/packages/nginx-module-${module}-${NGINX_VERSION}*.apk; \ + done \ + && rm -rf /tmp/packages diff --git a/modules/README.md b/modules/README.md new file mode 100644 index 00000000..8680022e --- /dev/null +++ b/modules/README.md @@ -0,0 +1,83 @@ +# Adding third-party modules to nginx official image + +It's possible to extend a mainline image with third-party modules either from +your own instuctions following a simple filesystem layout/syntax using +`build_module.sh` helper script, or failing back to package sources from +`https://hg.nginx.org/pkg-oss`. + +## Usage + +``` +$ docker build --build-arg ENABLED_MODULES="ndk lua" -t my-nginx-with-lua . +``` +This command will attempt to build an image called `my-nginx-with-lua` based on +official nginx docker hub image with two modules: `ndk` and `lua`. +By default, a Debian-based image will be used. If you wish to use Alpine +instead, add `-f Dockerfile.alpine` to the command line. + +The build script will look for module build definition files on filesystem +directory under the same name as the module (and resulting package) and if +those are not found will try to look up requested modules in the pkg-oss +repository. + +For well-known modules we maintain a set of build sources packages over at +`pkg-oss`, so it's probably a good idea to rely on those instead of providing +your own implementation. + +As of the time of writing this README, the following modules and their versions +are available from `pkg-oss` repository: + +``` +/pkg-oss $ LC_ALL=C make -C debian list-all-modules +make: Entering directory '/pkg-oss/debian' +brotli 1.0.0-1 +encrypted-session 0.08-1 +geoip 1.19.6-1 +geoip2 3.3-1 +headers-more 0.33-1 +image-filter 1.19.6-1 +lua 0.10.19-1 +modsecurity 1.0.1-1 +ndk 0.3.1-1 +njs 0.5.0-1 +opentracing 0.10.0-1 +passenger 6.0.6-1 +perl 1.19.6-1 +rtmp 1.2.1-1 +set-misc 0.32-1 +subs-filter 0.6.4-1 +xslt 1.19.6-1 +make: Leaving directory '/pkg-oss/debian' +``` + +If you still want to provide your own instructions for a specific module, +organize the build directory in a following way, e.g. for `echo` module: + +``` +docker-nginx/modules $ tree echo +echo +├── build-deps +├── prebuild +└── source + +0 directories, 3 files +``` + +The scripts expect one file to always exist for a module you wish to build +manually: `source`. It should contain a link to a zip/tarball source code of a +module you want to build. In `build-deps` you can specify build dependencies +for a module as found in Debian or Alpine repositories. `prebuild` is a shell +script (make it `chmod +x prebuild`!) that will be executed prior to building +the module but after installing the dependencies, so it can be used to install +additional build dependencies if they are not available from Debian or Alpine. +Keep in mind that those dependencies wont be automatically copied to the +resulting image and if you're building a library, build it statically. + +Once the build is done in the builder image, the built packages are copied over +to resulting image and installed via apt/apk. The resulting image will be +tagged and can be used the same way as an official docker hub image. + +Note that we can not provide any support for those modifications and in no way +guarantee they will work as nice as a build without third-party modules. If +you encounter any issues running your image with the modules enabled, please +reproduce with a vanilla image first. diff --git a/modules/echo/build-deps b/modules/echo/build-deps new file mode 100644 index 00000000..1ccfbc2f --- /dev/null +++ b/modules/echo/build-deps @@ -0,0 +1 @@ +make gcc diff --git a/modules/echo/prebuild b/modules/echo/prebuild new file mode 100755 index 00000000..cd2864b0 --- /dev/null +++ b/modules/echo/prebuild @@ -0,0 +1,12 @@ +#!/bin/sh + +# if a module has a build dependency that is not in debian/alpine +# use this script to fetch/build/install them +# +# note that shared libraries produced as a result of this script will +# not be copied from the builder image to the resulting one, so you need to +# build them statically + +echo "No prebuild stage required - all dependencies are satisfied already!" + +exit 0 diff --git a/modules/echo/source b/modules/echo/source new file mode 100644 index 00000000..3a6ad274 --- /dev/null +++ b/modules/echo/source @@ -0,0 +1 @@ +https://github.com/openresty/echo-nginx-module/archive/v0.62.tar.gz From 734e1de30709e375e1b7176d0601d55f840e96ec Mon Sep 17 00:00:00 2001 From: J0WI Date: Fri, 29 Jan 2021 22:49:09 +0100 Subject: [PATCH 172/377] Alpine 3.13 --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- update.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 53269308..ae3b6ba2 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.12 +FROM alpine:3.13 LABEL maintainer="NGINX Docker Maintainers " diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index deafec08..11eeab8d 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.12 +FROM alpine:3.13 LABEL maintainer="NGINX Docker Maintainers " diff --git a/update.sh b/update.sh index 828859fd..49ec3c87 100755 --- a/update.sh +++ b/update.sh @@ -29,7 +29,7 @@ declare -A debian=( #[stable]='stretch' ) -defaultalpine='3.12' +defaultalpine='3.13' declare -A alpine=( [stable]='3.11' ) From 5c93520500b222f6a735a5ea9838cd37c3d867c6 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 1 Feb 2021 12:42:14 +0300 Subject: [PATCH 173/377] docker-entrypoint: use natural sort for scripts to launch Fixes #489. --- entrypoint/docker-entrypoint.sh | 2 +- mainline/alpine-perl/docker-entrypoint.sh | 2 +- mainline/alpine/docker-entrypoint.sh | 2 +- mainline/debian-perl/docker-entrypoint.sh | 2 +- mainline/debian/docker-entrypoint.sh | 2 +- stable/alpine-perl/docker-entrypoint.sh | 2 +- stable/alpine/docker-entrypoint.sh | 2 +- stable/debian-perl/docker-entrypoint.sh | 2 +- stable/debian/docker-entrypoint.sh | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/entrypoint/docker-entrypoint.sh b/entrypoint/docker-entrypoint.sh index 88732541..72d5cd94 100755 --- a/entrypoint/docker-entrypoint.sh +++ b/entrypoint/docker-entrypoint.sh @@ -14,7 +14,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do + find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then diff --git a/mainline/alpine-perl/docker-entrypoint.sh b/mainline/alpine-perl/docker-entrypoint.sh index 88732541..72d5cd94 100755 --- a/mainline/alpine-perl/docker-entrypoint.sh +++ b/mainline/alpine-perl/docker-entrypoint.sh @@ -14,7 +14,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do + find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then diff --git a/mainline/alpine/docker-entrypoint.sh b/mainline/alpine/docker-entrypoint.sh index 88732541..72d5cd94 100755 --- a/mainline/alpine/docker-entrypoint.sh +++ b/mainline/alpine/docker-entrypoint.sh @@ -14,7 +14,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do + find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then diff --git a/mainline/debian-perl/docker-entrypoint.sh b/mainline/debian-perl/docker-entrypoint.sh index 88732541..72d5cd94 100755 --- a/mainline/debian-perl/docker-entrypoint.sh +++ b/mainline/debian-perl/docker-entrypoint.sh @@ -14,7 +14,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do + find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then diff --git a/mainline/debian/docker-entrypoint.sh b/mainline/debian/docker-entrypoint.sh index 88732541..72d5cd94 100755 --- a/mainline/debian/docker-entrypoint.sh +++ b/mainline/debian/docker-entrypoint.sh @@ -14,7 +14,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do + find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then diff --git a/stable/alpine-perl/docker-entrypoint.sh b/stable/alpine-perl/docker-entrypoint.sh index 88732541..72d5cd94 100755 --- a/stable/alpine-perl/docker-entrypoint.sh +++ b/stable/alpine-perl/docker-entrypoint.sh @@ -14,7 +14,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do + find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then diff --git a/stable/alpine/docker-entrypoint.sh b/stable/alpine/docker-entrypoint.sh index 88732541..72d5cd94 100755 --- a/stable/alpine/docker-entrypoint.sh +++ b/stable/alpine/docker-entrypoint.sh @@ -14,7 +14,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do + find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then diff --git a/stable/debian-perl/docker-entrypoint.sh b/stable/debian-perl/docker-entrypoint.sh index 88732541..72d5cd94 100755 --- a/stable/debian-perl/docker-entrypoint.sh +++ b/stable/debian-perl/docker-entrypoint.sh @@ -14,7 +14,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do + find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then diff --git a/stable/debian/docker-entrypoint.sh b/stable/debian/docker-entrypoint.sh index 88732541..72d5cd94 100755 --- a/stable/debian/docker-entrypoint.sh +++ b/stable/debian/docker-entrypoint.sh @@ -14,7 +14,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do + find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then From 2f2859121ae8b0ccf8e9111bf252787a24ad372c Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 1 Feb 2021 13:13:17 +0300 Subject: [PATCH 174/377] README: mentioned nginx.org changelog Fixes #491 --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 7adf25f3..5fa769cb 100644 --- a/README.md +++ b/README.md @@ -7,3 +7,4 @@ regarding contributing and issues. The full readme is generated over in [docker-library/docs](https://github.com/docker-library/docs), specifically in [docker-library/docs/nginx](https://github.com/docker-library/docs/tree/master/nginx). +The changelog for NGINX releases is available at [nginx.org changes page](https://nginx.org/en/CHANGES). From 2b064090d1ebb724865ce7e6f4b6cc64c4c5cd6e Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 25 Nov 2020 21:41:08 +0300 Subject: [PATCH 175/377] Introduced an entrypoint script to autotune the number of worker processes The script is a no-op bye default, you would need to enable its logic by setting an NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE variable to any value. The script then tries to get the following values: - getconf _NPROCESSORS_ONLN - the amount of cpus from cpuset cgroupv1 - the quotas from cpu/cpuacct cgroupv1 - the amount of cpus from cgroupv2 - the quotas from cgroupv2 The lowest of all five is then applied to nginx.conf. Fixes #472 --- Dockerfile-alpine.template | 1 + Dockerfile-debian.template | 1 + entrypoint/30-tune-worker-processes.sh | 194 ++++++++++++++++++ .../alpine-perl/30-tune-worker-processes.sh | 194 ++++++++++++++++++ mainline/alpine-perl/Dockerfile | 1 + mainline/alpine/30-tune-worker-processes.sh | 194 ++++++++++++++++++ mainline/alpine/Dockerfile | 1 + .../debian-perl/30-tune-worker-processes.sh | 194 ++++++++++++++++++ mainline/debian-perl/Dockerfile | 1 + mainline/debian/30-tune-worker-processes.sh | 194 ++++++++++++++++++ mainline/debian/Dockerfile | 1 + .../alpine-perl/30-tune-worker-processes.sh | 194 ++++++++++++++++++ stable/alpine-perl/Dockerfile | 1 + stable/alpine/30-tune-worker-processes.sh | 194 ++++++++++++++++++ stable/alpine/Dockerfile | 1 + .../debian-perl/30-tune-worker-processes.sh | 194 ++++++++++++++++++ stable/debian-perl/Dockerfile | 1 + stable/debian/30-tune-worker-processes.sh | 194 ++++++++++++++++++ stable/debian/Dockerfile | 1 + 19 files changed, 1756 insertions(+) create mode 100755 entrypoint/30-tune-worker-processes.sh create mode 100755 mainline/alpine-perl/30-tune-worker-processes.sh create mode 100755 mainline/alpine/30-tune-worker-processes.sh create mode 100755 mainline/debian-perl/30-tune-worker-processes.sh create mode 100755 mainline/debian/30-tune-worker-processes.sh create mode 100755 stable/alpine-perl/30-tune-worker-processes.sh create mode 100755 stable/alpine/30-tune-worker-processes.sh create mode 100755 stable/debian-perl/30-tune-worker-processes.sh create mode 100755 stable/debian/30-tune-worker-processes.sh diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index eb623c2e..1ce4411a 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -105,6 +105,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d COPY 20-envsubst-on-templates.sh /docker-entrypoint.d +COPY 30-tune-worker-processes.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 8521d5a9..91b7cf78 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -96,6 +96,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d COPY 20-envsubst-on-templates.sh /docker-entrypoint.d +COPY 30-tune-worker-processes.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/entrypoint/30-tune-worker-processes.sh b/entrypoint/30-tune-worker-processes.sh new file mode 100755 index 00000000..4adb0432 --- /dev/null +++ b/entrypoint/30-tune-worker-processes.sh @@ -0,0 +1,194 @@ +#!/bin/sh +# vim:sw=2:ts=2:sts=2:et + +set -eu + +LC_ALL=C +ME=$( basename "$0" ) +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 + +touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } + +ceildiv() { + num=$1 + div=$2 + echo $(( (num + div - 1) / div )) +} + +get_cpuset() { + cpusetroot=$1 + cpusetfile=$2 + ncpu=0 + [ -f "$cpusetroot/$cpusetfile" ] || return + for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do + case "$token" in + *-*) + count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) + ncpu=$(( ncpu+count )) + ;; + *) + ncpu=$(( ncpu+1 )) + ;; + esac + done + echo "$ncpu" +} + +get_quota() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return + [ -f "$cpuroot/cpu.cfs_period_us" ] || return + cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) + cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) + [ "$cfs_quota" = "-1" ] && return + [ "$cfs_period" = "0" ] && return + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return + echo "$ncpu" +} + +get_quota_v2() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.max" ] || return + cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) + cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) + [ "$cfs_quota" = "max" ] && return + [ "$cfs_period" = "0" ] && return + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return + echo "$ncpu" +} + +get_cgroup_v1_path() { + needle=$1 + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return + [ -r "/proc/self/cgroup" ] || return + + while IFS= read -r line; do + case "$needle" in + "cpuset") + case "$line" in + *cpuset*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + ;; + esac + ;; + "cpu") + case "$line" in + *cpuset*) + ;; + *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + ;; + esac + esac + done << __EOF__ +$( grep -F -- '- cgroup ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + controller=$( echo "$line" | cut -d: -f 2 ) + case "$needle" in + "cpuset") + case "$controller" in + cpuset) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + ;; + esac + ;; + "cpu") + case "$controller" in + cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + ;; + esac + ;; + esac +done << __EOF__ +$( grep -F -- 'cpu' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +get_cgroup_v2_path() { + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return + [ -r "/proc/self/cgroup" ] || return + + while IFS= read -r line; do + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + done << __EOF__ +$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + mountpoint=$( echo "$line" | cut -d: -f 3 ) +done << __EOF__ +$( grep -F -- '0::' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "") + return + ;; + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +ncpu_online=$( getconf _NPROCESSORS_ONLN ) +ncpu_cpuset= +ncpu_quota= +ncpu_cpuset_v2= +ncpu_quota_v2= + +cpuset=$( get_cgroup_v1_path "cpuset" ) +[ "$cpuset" ] && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) +[ "$ncpu_cpuset" ] || ncpu_cpuset=$ncpu_online + +cpu=$( get_cgroup_v1_path "cpu" ) +[ "$cpu" ] && ncpu_quota=$( get_quota "$cpu" ) +[ "$ncpu_quota" ] || ncpu_quota=$ncpu_online + +cgroup_v2=$( get_cgroup_v2_path ) +[ "$cgroup_v2" ] && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) +[ "$ncpu_cpuset_v2" ] || ncpu_cpuset_v2=$ncpu_online + +[ "$cgroup_v2" ] && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) +[ "$ncpu_quota_v2" ] || ncpu_quota_v2=$ncpu_online + +ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ + "$ncpu_online" \ + "$ncpu_cpuset" \ + "$ncpu_quota" \ + "$ncpu_cpuset_v2" \ + "$ncpu_quota_v2" \ + | sort -n \ + | head -n 1 ) + +sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/mainline/alpine-perl/30-tune-worker-processes.sh b/mainline/alpine-perl/30-tune-worker-processes.sh new file mode 100755 index 00000000..4adb0432 --- /dev/null +++ b/mainline/alpine-perl/30-tune-worker-processes.sh @@ -0,0 +1,194 @@ +#!/bin/sh +# vim:sw=2:ts=2:sts=2:et + +set -eu + +LC_ALL=C +ME=$( basename "$0" ) +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 + +touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } + +ceildiv() { + num=$1 + div=$2 + echo $(( (num + div - 1) / div )) +} + +get_cpuset() { + cpusetroot=$1 + cpusetfile=$2 + ncpu=0 + [ -f "$cpusetroot/$cpusetfile" ] || return + for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do + case "$token" in + *-*) + count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) + ncpu=$(( ncpu+count )) + ;; + *) + ncpu=$(( ncpu+1 )) + ;; + esac + done + echo "$ncpu" +} + +get_quota() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return + [ -f "$cpuroot/cpu.cfs_period_us" ] || return + cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) + cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) + [ "$cfs_quota" = "-1" ] && return + [ "$cfs_period" = "0" ] && return + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return + echo "$ncpu" +} + +get_quota_v2() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.max" ] || return + cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) + cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) + [ "$cfs_quota" = "max" ] && return + [ "$cfs_period" = "0" ] && return + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return + echo "$ncpu" +} + +get_cgroup_v1_path() { + needle=$1 + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return + [ -r "/proc/self/cgroup" ] || return + + while IFS= read -r line; do + case "$needle" in + "cpuset") + case "$line" in + *cpuset*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + ;; + esac + ;; + "cpu") + case "$line" in + *cpuset*) + ;; + *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + ;; + esac + esac + done << __EOF__ +$( grep -F -- '- cgroup ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + controller=$( echo "$line" | cut -d: -f 2 ) + case "$needle" in + "cpuset") + case "$controller" in + cpuset) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + ;; + esac + ;; + "cpu") + case "$controller" in + cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + ;; + esac + ;; + esac +done << __EOF__ +$( grep -F -- 'cpu' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +get_cgroup_v2_path() { + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return + [ -r "/proc/self/cgroup" ] || return + + while IFS= read -r line; do + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + done << __EOF__ +$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + mountpoint=$( echo "$line" | cut -d: -f 3 ) +done << __EOF__ +$( grep -F -- '0::' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "") + return + ;; + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +ncpu_online=$( getconf _NPROCESSORS_ONLN ) +ncpu_cpuset= +ncpu_quota= +ncpu_cpuset_v2= +ncpu_quota_v2= + +cpuset=$( get_cgroup_v1_path "cpuset" ) +[ "$cpuset" ] && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) +[ "$ncpu_cpuset" ] || ncpu_cpuset=$ncpu_online + +cpu=$( get_cgroup_v1_path "cpu" ) +[ "$cpu" ] && ncpu_quota=$( get_quota "$cpu" ) +[ "$ncpu_quota" ] || ncpu_quota=$ncpu_online + +cgroup_v2=$( get_cgroup_v2_path ) +[ "$cgroup_v2" ] && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) +[ "$ncpu_cpuset_v2" ] || ncpu_cpuset_v2=$ncpu_online + +[ "$cgroup_v2" ] && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) +[ "$ncpu_quota_v2" ] || ncpu_quota_v2=$ncpu_online + +ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ + "$ncpu_online" \ + "$ncpu_cpuset" \ + "$ncpu_quota" \ + "$ncpu_cpuset_v2" \ + "$ncpu_quota_v2" \ + | sort -n \ + | head -n 1 ) + +sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index ae3b6ba2..d3d9a146 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -116,6 +116,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d COPY 20-envsubst-on-templates.sh /docker-entrypoint.d +COPY 30-tune-worker-processes.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/mainline/alpine/30-tune-worker-processes.sh b/mainline/alpine/30-tune-worker-processes.sh new file mode 100755 index 00000000..4adb0432 --- /dev/null +++ b/mainline/alpine/30-tune-worker-processes.sh @@ -0,0 +1,194 @@ +#!/bin/sh +# vim:sw=2:ts=2:sts=2:et + +set -eu + +LC_ALL=C +ME=$( basename "$0" ) +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 + +touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } + +ceildiv() { + num=$1 + div=$2 + echo $(( (num + div - 1) / div )) +} + +get_cpuset() { + cpusetroot=$1 + cpusetfile=$2 + ncpu=0 + [ -f "$cpusetroot/$cpusetfile" ] || return + for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do + case "$token" in + *-*) + count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) + ncpu=$(( ncpu+count )) + ;; + *) + ncpu=$(( ncpu+1 )) + ;; + esac + done + echo "$ncpu" +} + +get_quota() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return + [ -f "$cpuroot/cpu.cfs_period_us" ] || return + cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) + cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) + [ "$cfs_quota" = "-1" ] && return + [ "$cfs_period" = "0" ] && return + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return + echo "$ncpu" +} + +get_quota_v2() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.max" ] || return + cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) + cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) + [ "$cfs_quota" = "max" ] && return + [ "$cfs_period" = "0" ] && return + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return + echo "$ncpu" +} + +get_cgroup_v1_path() { + needle=$1 + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return + [ -r "/proc/self/cgroup" ] || return + + while IFS= read -r line; do + case "$needle" in + "cpuset") + case "$line" in + *cpuset*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + ;; + esac + ;; + "cpu") + case "$line" in + *cpuset*) + ;; + *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + ;; + esac + esac + done << __EOF__ +$( grep -F -- '- cgroup ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + controller=$( echo "$line" | cut -d: -f 2 ) + case "$needle" in + "cpuset") + case "$controller" in + cpuset) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + ;; + esac + ;; + "cpu") + case "$controller" in + cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + ;; + esac + ;; + esac +done << __EOF__ +$( grep -F -- 'cpu' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +get_cgroup_v2_path() { + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return + [ -r "/proc/self/cgroup" ] || return + + while IFS= read -r line; do + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + done << __EOF__ +$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + mountpoint=$( echo "$line" | cut -d: -f 3 ) +done << __EOF__ +$( grep -F -- '0::' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "") + return + ;; + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +ncpu_online=$( getconf _NPROCESSORS_ONLN ) +ncpu_cpuset= +ncpu_quota= +ncpu_cpuset_v2= +ncpu_quota_v2= + +cpuset=$( get_cgroup_v1_path "cpuset" ) +[ "$cpuset" ] && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) +[ "$ncpu_cpuset" ] || ncpu_cpuset=$ncpu_online + +cpu=$( get_cgroup_v1_path "cpu" ) +[ "$cpu" ] && ncpu_quota=$( get_quota "$cpu" ) +[ "$ncpu_quota" ] || ncpu_quota=$ncpu_online + +cgroup_v2=$( get_cgroup_v2_path ) +[ "$cgroup_v2" ] && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) +[ "$ncpu_cpuset_v2" ] || ncpu_cpuset_v2=$ncpu_online + +[ "$cgroup_v2" ] && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) +[ "$ncpu_quota_v2" ] || ncpu_quota_v2=$ncpu_online + +ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ + "$ncpu_online" \ + "$ncpu_cpuset" \ + "$ncpu_quota" \ + "$ncpu_cpuset_v2" \ + "$ncpu_quota_v2" \ + | sort -n \ + | head -n 1 ) + +sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 11eeab8d..ea8829e1 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -115,6 +115,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d COPY 20-envsubst-on-templates.sh /docker-entrypoint.d +COPY 30-tune-worker-processes.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/mainline/debian-perl/30-tune-worker-processes.sh b/mainline/debian-perl/30-tune-worker-processes.sh new file mode 100755 index 00000000..4adb0432 --- /dev/null +++ b/mainline/debian-perl/30-tune-worker-processes.sh @@ -0,0 +1,194 @@ +#!/bin/sh +# vim:sw=2:ts=2:sts=2:et + +set -eu + +LC_ALL=C +ME=$( basename "$0" ) +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 + +touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } + +ceildiv() { + num=$1 + div=$2 + echo $(( (num + div - 1) / div )) +} + +get_cpuset() { + cpusetroot=$1 + cpusetfile=$2 + ncpu=0 + [ -f "$cpusetroot/$cpusetfile" ] || return + for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do + case "$token" in + *-*) + count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) + ncpu=$(( ncpu+count )) + ;; + *) + ncpu=$(( ncpu+1 )) + ;; + esac + done + echo "$ncpu" +} + +get_quota() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return + [ -f "$cpuroot/cpu.cfs_period_us" ] || return + cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) + cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) + [ "$cfs_quota" = "-1" ] && return + [ "$cfs_period" = "0" ] && return + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return + echo "$ncpu" +} + +get_quota_v2() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.max" ] || return + cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) + cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) + [ "$cfs_quota" = "max" ] && return + [ "$cfs_period" = "0" ] && return + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return + echo "$ncpu" +} + +get_cgroup_v1_path() { + needle=$1 + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return + [ -r "/proc/self/cgroup" ] || return + + while IFS= read -r line; do + case "$needle" in + "cpuset") + case "$line" in + *cpuset*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + ;; + esac + ;; + "cpu") + case "$line" in + *cpuset*) + ;; + *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + ;; + esac + esac + done << __EOF__ +$( grep -F -- '- cgroup ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + controller=$( echo "$line" | cut -d: -f 2 ) + case "$needle" in + "cpuset") + case "$controller" in + cpuset) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + ;; + esac + ;; + "cpu") + case "$controller" in + cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + ;; + esac + ;; + esac +done << __EOF__ +$( grep -F -- 'cpu' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +get_cgroup_v2_path() { + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return + [ -r "/proc/self/cgroup" ] || return + + while IFS= read -r line; do + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + done << __EOF__ +$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + mountpoint=$( echo "$line" | cut -d: -f 3 ) +done << __EOF__ +$( grep -F -- '0::' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "") + return + ;; + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +ncpu_online=$( getconf _NPROCESSORS_ONLN ) +ncpu_cpuset= +ncpu_quota= +ncpu_cpuset_v2= +ncpu_quota_v2= + +cpuset=$( get_cgroup_v1_path "cpuset" ) +[ "$cpuset" ] && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) +[ "$ncpu_cpuset" ] || ncpu_cpuset=$ncpu_online + +cpu=$( get_cgroup_v1_path "cpu" ) +[ "$cpu" ] && ncpu_quota=$( get_quota "$cpu" ) +[ "$ncpu_quota" ] || ncpu_quota=$ncpu_online + +cgroup_v2=$( get_cgroup_v2_path ) +[ "$cgroup_v2" ] && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) +[ "$ncpu_cpuset_v2" ] || ncpu_cpuset_v2=$ncpu_online + +[ "$cgroup_v2" ] && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) +[ "$ncpu_quota_v2" ] || ncpu_quota_v2=$ncpu_online + +ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ + "$ncpu_online" \ + "$ncpu_cpuset" \ + "$ncpu_quota" \ + "$ncpu_cpuset_v2" \ + "$ncpu_quota_v2" \ + | sort -n \ + | head -n 1 ) + +sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 1f818c94..aa215d79 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -107,6 +107,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d COPY 20-envsubst-on-templates.sh /docker-entrypoint.d +COPY 30-tune-worker-processes.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/mainline/debian/30-tune-worker-processes.sh b/mainline/debian/30-tune-worker-processes.sh new file mode 100755 index 00000000..4adb0432 --- /dev/null +++ b/mainline/debian/30-tune-worker-processes.sh @@ -0,0 +1,194 @@ +#!/bin/sh +# vim:sw=2:ts=2:sts=2:et + +set -eu + +LC_ALL=C +ME=$( basename "$0" ) +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 + +touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } + +ceildiv() { + num=$1 + div=$2 + echo $(( (num + div - 1) / div )) +} + +get_cpuset() { + cpusetroot=$1 + cpusetfile=$2 + ncpu=0 + [ -f "$cpusetroot/$cpusetfile" ] || return + for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do + case "$token" in + *-*) + count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) + ncpu=$(( ncpu+count )) + ;; + *) + ncpu=$(( ncpu+1 )) + ;; + esac + done + echo "$ncpu" +} + +get_quota() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return + [ -f "$cpuroot/cpu.cfs_period_us" ] || return + cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) + cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) + [ "$cfs_quota" = "-1" ] && return + [ "$cfs_period" = "0" ] && return + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return + echo "$ncpu" +} + +get_quota_v2() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.max" ] || return + cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) + cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) + [ "$cfs_quota" = "max" ] && return + [ "$cfs_period" = "0" ] && return + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return + echo "$ncpu" +} + +get_cgroup_v1_path() { + needle=$1 + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return + [ -r "/proc/self/cgroup" ] || return + + while IFS= read -r line; do + case "$needle" in + "cpuset") + case "$line" in + *cpuset*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + ;; + esac + ;; + "cpu") + case "$line" in + *cpuset*) + ;; + *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + ;; + esac + esac + done << __EOF__ +$( grep -F -- '- cgroup ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + controller=$( echo "$line" | cut -d: -f 2 ) + case "$needle" in + "cpuset") + case "$controller" in + cpuset) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + ;; + esac + ;; + "cpu") + case "$controller" in + cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + ;; + esac + ;; + esac +done << __EOF__ +$( grep -F -- 'cpu' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +get_cgroup_v2_path() { + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return + [ -r "/proc/self/cgroup" ] || return + + while IFS= read -r line; do + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + done << __EOF__ +$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + mountpoint=$( echo "$line" | cut -d: -f 3 ) +done << __EOF__ +$( grep -F -- '0::' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "") + return + ;; + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +ncpu_online=$( getconf _NPROCESSORS_ONLN ) +ncpu_cpuset= +ncpu_quota= +ncpu_cpuset_v2= +ncpu_quota_v2= + +cpuset=$( get_cgroup_v1_path "cpuset" ) +[ "$cpuset" ] && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) +[ "$ncpu_cpuset" ] || ncpu_cpuset=$ncpu_online + +cpu=$( get_cgroup_v1_path "cpu" ) +[ "$cpu" ] && ncpu_quota=$( get_quota "$cpu" ) +[ "$ncpu_quota" ] || ncpu_quota=$ncpu_online + +cgroup_v2=$( get_cgroup_v2_path ) +[ "$cgroup_v2" ] && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) +[ "$ncpu_cpuset_v2" ] || ncpu_cpuset_v2=$ncpu_online + +[ "$cgroup_v2" ] && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) +[ "$ncpu_quota_v2" ] || ncpu_quota_v2=$ncpu_online + +ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ + "$ncpu_online" \ + "$ncpu_cpuset" \ + "$ncpu_quota" \ + "$ncpu_cpuset_v2" \ + "$ncpu_quota_v2" \ + | sort -n \ + | head -n 1 ) + +sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 43d69701..e9fdc169 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -106,6 +106,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d COPY 20-envsubst-on-templates.sh /docker-entrypoint.d +COPY 30-tune-worker-processes.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/stable/alpine-perl/30-tune-worker-processes.sh b/stable/alpine-perl/30-tune-worker-processes.sh new file mode 100755 index 00000000..4adb0432 --- /dev/null +++ b/stable/alpine-perl/30-tune-worker-processes.sh @@ -0,0 +1,194 @@ +#!/bin/sh +# vim:sw=2:ts=2:sts=2:et + +set -eu + +LC_ALL=C +ME=$( basename "$0" ) +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 + +touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } + +ceildiv() { + num=$1 + div=$2 + echo $(( (num + div - 1) / div )) +} + +get_cpuset() { + cpusetroot=$1 + cpusetfile=$2 + ncpu=0 + [ -f "$cpusetroot/$cpusetfile" ] || return + for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do + case "$token" in + *-*) + count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) + ncpu=$(( ncpu+count )) + ;; + *) + ncpu=$(( ncpu+1 )) + ;; + esac + done + echo "$ncpu" +} + +get_quota() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return + [ -f "$cpuroot/cpu.cfs_period_us" ] || return + cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) + cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) + [ "$cfs_quota" = "-1" ] && return + [ "$cfs_period" = "0" ] && return + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return + echo "$ncpu" +} + +get_quota_v2() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.max" ] || return + cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) + cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) + [ "$cfs_quota" = "max" ] && return + [ "$cfs_period" = "0" ] && return + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return + echo "$ncpu" +} + +get_cgroup_v1_path() { + needle=$1 + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return + [ -r "/proc/self/cgroup" ] || return + + while IFS= read -r line; do + case "$needle" in + "cpuset") + case "$line" in + *cpuset*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + ;; + esac + ;; + "cpu") + case "$line" in + *cpuset*) + ;; + *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + ;; + esac + esac + done << __EOF__ +$( grep -F -- '- cgroup ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + controller=$( echo "$line" | cut -d: -f 2 ) + case "$needle" in + "cpuset") + case "$controller" in + cpuset) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + ;; + esac + ;; + "cpu") + case "$controller" in + cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + ;; + esac + ;; + esac +done << __EOF__ +$( grep -F -- 'cpu' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +get_cgroup_v2_path() { + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return + [ -r "/proc/self/cgroup" ] || return + + while IFS= read -r line; do + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + done << __EOF__ +$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + mountpoint=$( echo "$line" | cut -d: -f 3 ) +done << __EOF__ +$( grep -F -- '0::' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "") + return + ;; + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +ncpu_online=$( getconf _NPROCESSORS_ONLN ) +ncpu_cpuset= +ncpu_quota= +ncpu_cpuset_v2= +ncpu_quota_v2= + +cpuset=$( get_cgroup_v1_path "cpuset" ) +[ "$cpuset" ] && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) +[ "$ncpu_cpuset" ] || ncpu_cpuset=$ncpu_online + +cpu=$( get_cgroup_v1_path "cpu" ) +[ "$cpu" ] && ncpu_quota=$( get_quota "$cpu" ) +[ "$ncpu_quota" ] || ncpu_quota=$ncpu_online + +cgroup_v2=$( get_cgroup_v2_path ) +[ "$cgroup_v2" ] && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) +[ "$ncpu_cpuset_v2" ] || ncpu_cpuset_v2=$ncpu_online + +[ "$cgroup_v2" ] && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) +[ "$ncpu_quota_v2" ] || ncpu_quota_v2=$ncpu_online + +ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ + "$ncpu_online" \ + "$ncpu_cpuset" \ + "$ncpu_quota" \ + "$ncpu_cpuset_v2" \ + "$ncpu_quota_v2" \ + | sort -n \ + | head -n 1 ) + +sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index d86c2ccd..6df7dde2 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -116,6 +116,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d COPY 20-envsubst-on-templates.sh /docker-entrypoint.d +COPY 30-tune-worker-processes.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/stable/alpine/30-tune-worker-processes.sh b/stable/alpine/30-tune-worker-processes.sh new file mode 100755 index 00000000..4adb0432 --- /dev/null +++ b/stable/alpine/30-tune-worker-processes.sh @@ -0,0 +1,194 @@ +#!/bin/sh +# vim:sw=2:ts=2:sts=2:et + +set -eu + +LC_ALL=C +ME=$( basename "$0" ) +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 + +touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } + +ceildiv() { + num=$1 + div=$2 + echo $(( (num + div - 1) / div )) +} + +get_cpuset() { + cpusetroot=$1 + cpusetfile=$2 + ncpu=0 + [ -f "$cpusetroot/$cpusetfile" ] || return + for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do + case "$token" in + *-*) + count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) + ncpu=$(( ncpu+count )) + ;; + *) + ncpu=$(( ncpu+1 )) + ;; + esac + done + echo "$ncpu" +} + +get_quota() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return + [ -f "$cpuroot/cpu.cfs_period_us" ] || return + cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) + cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) + [ "$cfs_quota" = "-1" ] && return + [ "$cfs_period" = "0" ] && return + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return + echo "$ncpu" +} + +get_quota_v2() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.max" ] || return + cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) + cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) + [ "$cfs_quota" = "max" ] && return + [ "$cfs_period" = "0" ] && return + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return + echo "$ncpu" +} + +get_cgroup_v1_path() { + needle=$1 + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return + [ -r "/proc/self/cgroup" ] || return + + while IFS= read -r line; do + case "$needle" in + "cpuset") + case "$line" in + *cpuset*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + ;; + esac + ;; + "cpu") + case "$line" in + *cpuset*) + ;; + *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + ;; + esac + esac + done << __EOF__ +$( grep -F -- '- cgroup ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + controller=$( echo "$line" | cut -d: -f 2 ) + case "$needle" in + "cpuset") + case "$controller" in + cpuset) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + ;; + esac + ;; + "cpu") + case "$controller" in + cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + ;; + esac + ;; + esac +done << __EOF__ +$( grep -F -- 'cpu' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +get_cgroup_v2_path() { + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return + [ -r "/proc/self/cgroup" ] || return + + while IFS= read -r line; do + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + done << __EOF__ +$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + mountpoint=$( echo "$line" | cut -d: -f 3 ) +done << __EOF__ +$( grep -F -- '0::' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "") + return + ;; + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +ncpu_online=$( getconf _NPROCESSORS_ONLN ) +ncpu_cpuset= +ncpu_quota= +ncpu_cpuset_v2= +ncpu_quota_v2= + +cpuset=$( get_cgroup_v1_path "cpuset" ) +[ "$cpuset" ] && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) +[ "$ncpu_cpuset" ] || ncpu_cpuset=$ncpu_online + +cpu=$( get_cgroup_v1_path "cpu" ) +[ "$cpu" ] && ncpu_quota=$( get_quota "$cpu" ) +[ "$ncpu_quota" ] || ncpu_quota=$ncpu_online + +cgroup_v2=$( get_cgroup_v2_path ) +[ "$cgroup_v2" ] && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) +[ "$ncpu_cpuset_v2" ] || ncpu_cpuset_v2=$ncpu_online + +[ "$cgroup_v2" ] && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) +[ "$ncpu_quota_v2" ] || ncpu_quota_v2=$ncpu_online + +ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ + "$ncpu_online" \ + "$ncpu_cpuset" \ + "$ncpu_quota" \ + "$ncpu_cpuset_v2" \ + "$ncpu_quota_v2" \ + | sort -n \ + | head -n 1 ) + +sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index bd34cfb1..397380ad 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -115,6 +115,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d COPY 20-envsubst-on-templates.sh /docker-entrypoint.d +COPY 30-tune-worker-processes.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/stable/debian-perl/30-tune-worker-processes.sh b/stable/debian-perl/30-tune-worker-processes.sh new file mode 100755 index 00000000..4adb0432 --- /dev/null +++ b/stable/debian-perl/30-tune-worker-processes.sh @@ -0,0 +1,194 @@ +#!/bin/sh +# vim:sw=2:ts=2:sts=2:et + +set -eu + +LC_ALL=C +ME=$( basename "$0" ) +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 + +touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } + +ceildiv() { + num=$1 + div=$2 + echo $(( (num + div - 1) / div )) +} + +get_cpuset() { + cpusetroot=$1 + cpusetfile=$2 + ncpu=0 + [ -f "$cpusetroot/$cpusetfile" ] || return + for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do + case "$token" in + *-*) + count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) + ncpu=$(( ncpu+count )) + ;; + *) + ncpu=$(( ncpu+1 )) + ;; + esac + done + echo "$ncpu" +} + +get_quota() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return + [ -f "$cpuroot/cpu.cfs_period_us" ] || return + cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) + cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) + [ "$cfs_quota" = "-1" ] && return + [ "$cfs_period" = "0" ] && return + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return + echo "$ncpu" +} + +get_quota_v2() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.max" ] || return + cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) + cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) + [ "$cfs_quota" = "max" ] && return + [ "$cfs_period" = "0" ] && return + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return + echo "$ncpu" +} + +get_cgroup_v1_path() { + needle=$1 + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return + [ -r "/proc/self/cgroup" ] || return + + while IFS= read -r line; do + case "$needle" in + "cpuset") + case "$line" in + *cpuset*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + ;; + esac + ;; + "cpu") + case "$line" in + *cpuset*) + ;; + *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + ;; + esac + esac + done << __EOF__ +$( grep -F -- '- cgroup ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + controller=$( echo "$line" | cut -d: -f 2 ) + case "$needle" in + "cpuset") + case "$controller" in + cpuset) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + ;; + esac + ;; + "cpu") + case "$controller" in + cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + ;; + esac + ;; + esac +done << __EOF__ +$( grep -F -- 'cpu' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +get_cgroup_v2_path() { + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return + [ -r "/proc/self/cgroup" ] || return + + while IFS= read -r line; do + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + done << __EOF__ +$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + mountpoint=$( echo "$line" | cut -d: -f 3 ) +done << __EOF__ +$( grep -F -- '0::' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "") + return + ;; + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +ncpu_online=$( getconf _NPROCESSORS_ONLN ) +ncpu_cpuset= +ncpu_quota= +ncpu_cpuset_v2= +ncpu_quota_v2= + +cpuset=$( get_cgroup_v1_path "cpuset" ) +[ "$cpuset" ] && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) +[ "$ncpu_cpuset" ] || ncpu_cpuset=$ncpu_online + +cpu=$( get_cgroup_v1_path "cpu" ) +[ "$cpu" ] && ncpu_quota=$( get_quota "$cpu" ) +[ "$ncpu_quota" ] || ncpu_quota=$ncpu_online + +cgroup_v2=$( get_cgroup_v2_path ) +[ "$cgroup_v2" ] && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) +[ "$ncpu_cpuset_v2" ] || ncpu_cpuset_v2=$ncpu_online + +[ "$cgroup_v2" ] && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) +[ "$ncpu_quota_v2" ] || ncpu_quota_v2=$ncpu_online + +ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ + "$ncpu_online" \ + "$ncpu_cpuset" \ + "$ncpu_quota" \ + "$ncpu_cpuset_v2" \ + "$ncpu_quota_v2" \ + | sort -n \ + | head -n 1 ) + +sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 9998d132..90a797dc 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -107,6 +107,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d COPY 20-envsubst-on-templates.sh /docker-entrypoint.d +COPY 30-tune-worker-processes.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/stable/debian/30-tune-worker-processes.sh b/stable/debian/30-tune-worker-processes.sh new file mode 100755 index 00000000..4adb0432 --- /dev/null +++ b/stable/debian/30-tune-worker-processes.sh @@ -0,0 +1,194 @@ +#!/bin/sh +# vim:sw=2:ts=2:sts=2:et + +set -eu + +LC_ALL=C +ME=$( basename "$0" ) +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 + +touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } + +ceildiv() { + num=$1 + div=$2 + echo $(( (num + div - 1) / div )) +} + +get_cpuset() { + cpusetroot=$1 + cpusetfile=$2 + ncpu=0 + [ -f "$cpusetroot/$cpusetfile" ] || return + for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do + case "$token" in + *-*) + count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) + ncpu=$(( ncpu+count )) + ;; + *) + ncpu=$(( ncpu+1 )) + ;; + esac + done + echo "$ncpu" +} + +get_quota() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return + [ -f "$cpuroot/cpu.cfs_period_us" ] || return + cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) + cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) + [ "$cfs_quota" = "-1" ] && return + [ "$cfs_period" = "0" ] && return + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return + echo "$ncpu" +} + +get_quota_v2() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.max" ] || return + cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) + cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) + [ "$cfs_quota" = "max" ] && return + [ "$cfs_period" = "0" ] && return + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return + echo "$ncpu" +} + +get_cgroup_v1_path() { + needle=$1 + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return + [ -r "/proc/self/cgroup" ] || return + + while IFS= read -r line; do + case "$needle" in + "cpuset") + case "$line" in + *cpuset*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + ;; + esac + ;; + "cpu") + case "$line" in + *cpuset*) + ;; + *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + ;; + esac + esac + done << __EOF__ +$( grep -F -- '- cgroup ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + controller=$( echo "$line" | cut -d: -f 2 ) + case "$needle" in + "cpuset") + case "$controller" in + cpuset) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + ;; + esac + ;; + "cpu") + case "$controller" in + cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + ;; + esac + ;; + esac +done << __EOF__ +$( grep -F -- 'cpu' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +get_cgroup_v2_path() { + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return + [ -r "/proc/self/cgroup" ] || return + + while IFS= read -r line; do + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + done << __EOF__ +$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + mountpoint=$( echo "$line" | cut -d: -f 3 ) +done << __EOF__ +$( grep -F -- '0::' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "") + return + ;; + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +ncpu_online=$( getconf _NPROCESSORS_ONLN ) +ncpu_cpuset= +ncpu_quota= +ncpu_cpuset_v2= +ncpu_quota_v2= + +cpuset=$( get_cgroup_v1_path "cpuset" ) +[ "$cpuset" ] && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) +[ "$ncpu_cpuset" ] || ncpu_cpuset=$ncpu_online + +cpu=$( get_cgroup_v1_path "cpu" ) +[ "$cpu" ] && ncpu_quota=$( get_quota "$cpu" ) +[ "$ncpu_quota" ] || ncpu_quota=$ncpu_online + +cgroup_v2=$( get_cgroup_v2_path ) +[ "$cgroup_v2" ] && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) +[ "$ncpu_cpuset_v2" ] || ncpu_cpuset_v2=$ncpu_online + +[ "$cgroup_v2" ] && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) +[ "$ncpu_quota_v2" ] || ncpu_quota_v2=$ncpu_online + +ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ + "$ncpu_online" \ + "$ncpu_cpuset" \ + "$ncpu_quota" \ + "$ncpu_cpuset_v2" \ + "$ncpu_quota_v2" \ + | sort -n \ + | head -n 1 ) + +sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index a4b6b7f0..a4d932bf 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -106,6 +106,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d COPY 20-envsubst-on-templates.sh /docker-entrypoint.d +COPY 30-tune-worker-processes.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 From fa2213a76da35137a5aee565cef5095a209aeb3d Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 16 Feb 2021 20:28:33 +0300 Subject: [PATCH 176/377] Updated nginx to 1.19.7 and njs to 0.5.1 for mainline --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 4 ++-- update.sh | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index d3d9a146..851b86d6 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.13 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.6 -ENV NJS_VERSION 0.5.0 +ENV NGINX_VERSION 1.19.7 +ENV NJS_VERSION 0.5.1 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index ea8829e1..59519217 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.13 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.6 -ENV NJS_VERSION 0.5.0 +ENV NGINX_VERSION 1.19.7 +ENV NJS_VERSION 0.5.1 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index aa215d79..0874f07d 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -7,8 +7,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.6 -ENV NJS_VERSION 0.5.0 +ENV NGINX_VERSION 1.19.7 +ENV NJS_VERSION 0.5.1 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index e9fdc169..198e225c 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.6 -ENV NJS_VERSION 0.5.0 +ENV NGINX_VERSION 1.19.7 +ENV NJS_VERSION 0.5.1 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/update.sh b/update.sh index 49ec3c87..c6f95612 100755 --- a/update.sh +++ b/update.sh @@ -10,11 +10,11 @@ declare branches=( ) declare -A nginx=( - [mainline]='1.19.6' + [mainline]='1.19.7' [stable]='1.18.0' ) -defaultnjs='0.5.0' +defaultnjs='0.5.1' declare -A njs=( [stable]='0.4.4' ) From e559b4da5b4cf0cf94990906f7523d6efcdcdbc9 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 17 Feb 2021 18:22:27 +0300 Subject: [PATCH 177/377] modules: Added a hack to make build system fetch a requested nginx version We're now using a tip of default branch on pkg-oss which moves fast and breaks things. A better solution is probably to check out a specific nginx tag and build whatever is available for it. This, however, is not currently possible with 1.19.6, and only works for 1.19.7. This should probably be reverted once we have enough tags supporting it. --- modules/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/Dockerfile b/modules/Dockerfile index 9ea6df85..de4c0a76 100644 --- a/modules/Dockerfile +++ b/modules/Dockerfile @@ -45,9 +45,9 @@ RUN set -ex \ elif make -C /pkg-oss/debian list | grep -P "^$module\s+\d" > /dev/null; then \ echo "Building $module from pkg-oss sources"; \ cd /pkg-oss/debian; \ - make rules-module-$module BASE_VERSION=$NGINX_VERSION; \ + make rules-module-$module BASE_VERSION=$NGINX_VERSION NGINX_VERSION=$NGINX_VERSION; \ mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" debuild-module-$module/nginx-$NGINX_VERSION/debian/control; \ - make module-$module BASE_VERSION=$NGINX_VERSION; \ + make module-$module BASE_VERSION=$NGINX_VERSION NGINX_VERSION=$NGINX_VERSION; \ find ../../ -maxdepth 1 -mindepth 1 -type f -name "*.deb" -exec mv -v {} /tmp/packages/ \;; \ else \ echo "Don't know how to build $module module, exiting"; \ From 636b7e3616ffebd9220f793aad672246c7e18376 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 2 Mar 2021 15:54:52 +0300 Subject: [PATCH 178/377] Updated and improved third-party modules documentation Fixes #511 --- modules/README.md | 101 ++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 94 insertions(+), 7 deletions(-) diff --git a/modules/README.md b/modules/README.md index 8680022e..db8c93e9 100644 --- a/modules/README.md +++ b/modules/README.md @@ -3,7 +3,7 @@ It's possible to extend a mainline image with third-party modules either from your own instuctions following a simple filesystem layout/syntax using `build_module.sh` helper script, or failing back to package sources from -`https://hg.nginx.org/pkg-oss`. +[pkg-oss](https://hg.nginx.org/pkg-oss). ## Usage @@ -30,23 +30,25 @@ are available from `pkg-oss` repository: ``` /pkg-oss $ LC_ALL=C make -C debian list-all-modules make: Entering directory '/pkg-oss/debian' +auth-spnego 1.1.0-1 brotli 1.0.0-1 encrypted-session 0.08-1 -geoip 1.19.6-1 +fips-check 0.1-1 +geoip 1.19.7-1 geoip2 3.3-1 headers-more 0.33-1 -image-filter 1.19.6-1 +image-filter 1.19.7-1 lua 0.10.19-1 -modsecurity 1.0.1-1 +modsecurity 1.0.1-2 ndk 0.3.1-1 -njs 0.5.0-1 +njs 0.5.1-1 opentracing 0.10.0-1 passenger 6.0.6-1 -perl 1.19.6-1 +perl 1.19.7-1 rtmp 1.2.1-1 set-misc 0.32-1 subs-filter 0.6.4-1 -xslt 1.19.6-1 +xslt 1.19.7-1 make: Leaving directory '/pkg-oss/debian' ``` @@ -81,3 +83,88 @@ Note that we can not provide any support for those modifications and in no way guarantee they will work as nice as a build without third-party modules. If you encounter any issues running your image with the modules enabled, please reproduce with a vanilla image first. + +## Examples + +### docker-compose with pre-packaged modules + +If desired modules are already packaged in +[pkg-oss](https://hg.nginx.org/pkg-oss/) - e.g. `debian/Makefile.module-*` +exists for a given module, you can use this example. + +1. Create a directory for your project: + +``` +mkdir myapp +cd myapp +```` + +2. Populate the build context for a custom nginx image: + +``` +mkdir my-nginx +curl -o my-nginx/Dockerfile https://raw.githubusercontent.com/nginxinc/docker-nginx/master/modules/Dockerfile +``` + +3. Create a `docker-compose.yml` file: + +``` +cat > docker-compose.yml << __EOF__ +version: "3.3" +services: + web: + build: + context: ./my-nginx/ + args: + ENABLED_MODULES: ndk lua + image: my-nginx-with-lua:v1 + ports: + - "80:8000" +__EOF__ +``` + +Now, running `docker-compose up --build -d` will build the image and run the application for you. + +### docker-compose with a non-packaged module + +If a needed module is not available via `pkg-oss`, you can use this example. + +We're going to build the image with [ngx_cache_purge](https://github.com/FRiCKLE/ngx_cache_purge) module. + +The steps are similar to a previous example, with a notable difference of +providing a URL to fetch the module source code from. + +1. Create a directory for your project: + +``` +mkdir myapp-cache +cd myapp-cache +```` + +2. Populate the build context for a custom nginx image: + +``` +mkdir my-nginx +curl -o my-nginx/Dockerfile https://raw.githubusercontent.com/nginxinc/docker-nginx/master/modules/Dockerfile +mkdir my-nginx/cachepurge +echo "https://github.com/FRiCKLE/ngx_cache_purge/archive/2.3.tar.gz" > my-nginx/cachepurge/source +``` + +3. Create a `docker-compose.yml` file: + +``` +cat > docker-compose.yml << __EOF__ +version: "3.3" +services: + web: + build: + context: ./my-nginx/ + args: + ENABLED_MODULES: cachepurge + image: my-nginx-with-cachepurge:v1 + ports: + - "80:8080" +__EOF__ +``` + +Now, running `docker-compose up --build -d` will build the image and run the application for you. From dcaaf66e4464037b1a887541f39acf8182233ab8 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 9 Mar 2021 20:19:57 +0300 Subject: [PATCH 179/377] Updated mainline nginx to 1.19.8 and njs to 0.5.2 --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 4 ++-- update.sh | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 851b86d6..2f629e00 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.13 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.7 -ENV NJS_VERSION 0.5.1 +ENV NGINX_VERSION 1.19.8 +ENV NJS_VERSION 0.5.2 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 59519217..9e7f149a 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.13 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.7 -ENV NJS_VERSION 0.5.1 +ENV NGINX_VERSION 1.19.8 +ENV NJS_VERSION 0.5.2 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 0874f07d..47f68d5c 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -7,8 +7,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.7 -ENV NJS_VERSION 0.5.1 +ENV NGINX_VERSION 1.19.8 +ENV NJS_VERSION 0.5.2 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 198e225c..2ff9655d 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.7 -ENV NJS_VERSION 0.5.1 +ENV NGINX_VERSION 1.19.8 +ENV NJS_VERSION 0.5.2 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/update.sh b/update.sh index c6f95612..71696fc2 100755 --- a/update.sh +++ b/update.sh @@ -10,11 +10,11 @@ declare branches=( ) declare -A nginx=( - [mainline]='1.19.7' + [mainline]='1.19.8' [stable]='1.18.0' ) -defaultnjs='0.5.1' +defaultnjs='0.5.2' declare -A njs=( [stable]='0.4.4' ) From d1ed2dddd604c216b49c23a0ed747472c122c5bf Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 11 Mar 2021 19:56:02 +0300 Subject: [PATCH 180/377] Made 30-tune-worker-processes.sh more robust and error-prone. Fixes #520. --- entrypoint/30-tune-worker-processes.sh | 52 ++++++++----------- .../alpine-perl/30-tune-worker-processes.sh | 52 ++++++++----------- mainline/alpine/30-tune-worker-processes.sh | 52 ++++++++----------- .../debian-perl/30-tune-worker-processes.sh | 52 ++++++++----------- mainline/debian/30-tune-worker-processes.sh | 52 ++++++++----------- .../alpine-perl/30-tune-worker-processes.sh | 52 ++++++++----------- stable/alpine/30-tune-worker-processes.sh | 52 ++++++++----------- .../debian-perl/30-tune-worker-processes.sh | 52 ++++++++----------- stable/debian/30-tune-worker-processes.sh | 52 ++++++++----------- 9 files changed, 207 insertions(+), 261 deletions(-) diff --git a/entrypoint/30-tune-worker-processes.sh b/entrypoint/30-tune-worker-processes.sh index 4adb0432..56505871 100755 --- a/entrypoint/30-tune-worker-processes.sh +++ b/entrypoint/30-tune-worker-processes.sh @@ -21,7 +21,7 @@ get_cpuset() { cpusetroot=$1 cpusetfile=$2 ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return + [ -f "$cpusetroot/$cpusetfile" ] || return 1 for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do case "$token" in *-*) @@ -39,27 +39,27 @@ get_cpuset() { get_quota() { cpuroot=$1 ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return - [ -f "$cpuroot/cpu.cfs_period_us" ] || return + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 + [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return - [ "$cfs_period" = "0" ] && return + [ "$cfs_quota" = "-1" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return + [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } get_quota_v2() { cpuroot=$1 ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return + [ -f "$cpuroot/cpu.max" ] || return 1 cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return - [ "$cfs_period" = "0" ] && return + [ "$cfs_quota" = "max" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return + [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } @@ -69,8 +69,8 @@ get_cgroup_v1_path() { foundroot= mountpoint= - [ -r "/proc/self/mountinfo" ] || return - [ -r "/proc/self/cgroup" ] || return + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do case "$needle" in @@ -78,6 +78,7 @@ get_cgroup_v1_path() { case "$line" in *cpuset*) found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break ;; esac ;; @@ -87,6 +88,7 @@ get_cgroup_v1_path() { ;; *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break ;; esac esac @@ -101,6 +103,7 @@ __EOF__ case "$controller" in cpuset) mountpoint=$( echo "$line" | cut -d: -f 3 ) + break ;; esac ;; @@ -108,6 +111,7 @@ __EOF__ case "$controller" in cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) mountpoint=$( echo "$line" | cut -d: -f 3 ) + break ;; esac ;; @@ -132,8 +136,8 @@ get_cgroup_v2_path() { foundroot= mountpoint= - [ -r "/proc/self/mountinfo" ] || return - [ -r "/proc/self/cgroup" ] || return + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do found=$( echo "$line" | cut -d ' ' -f 4,5 ) @@ -149,7 +153,7 @@ __EOF__ case "${found%% *}" in "") - return + return 1 ;; "/") foundroot="${found##* }$mountpoint" @@ -167,20 +171,10 @@ ncpu_quota= ncpu_cpuset_v2= ncpu_quota_v2= -cpuset=$( get_cgroup_v1_path "cpuset" ) -[ "$cpuset" ] && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) -[ "$ncpu_cpuset" ] || ncpu_cpuset=$ncpu_online - -cpu=$( get_cgroup_v1_path "cpu" ) -[ "$cpu" ] && ncpu_quota=$( get_quota "$cpu" ) -[ "$ncpu_quota" ] || ncpu_quota=$ncpu_online - -cgroup_v2=$( get_cgroup_v2_path ) -[ "$cgroup_v2" ] && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) -[ "$ncpu_cpuset_v2" ] || ncpu_cpuset_v2=$ncpu_online - -[ "$cgroup_v2" ] && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) -[ "$ncpu_quota_v2" ] || ncpu_quota_v2=$ncpu_online +cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online +cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ "$ncpu_online" \ diff --git a/mainline/alpine-perl/30-tune-worker-processes.sh b/mainline/alpine-perl/30-tune-worker-processes.sh index 4adb0432..56505871 100755 --- a/mainline/alpine-perl/30-tune-worker-processes.sh +++ b/mainline/alpine-perl/30-tune-worker-processes.sh @@ -21,7 +21,7 @@ get_cpuset() { cpusetroot=$1 cpusetfile=$2 ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return + [ -f "$cpusetroot/$cpusetfile" ] || return 1 for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do case "$token" in *-*) @@ -39,27 +39,27 @@ get_cpuset() { get_quota() { cpuroot=$1 ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return - [ -f "$cpuroot/cpu.cfs_period_us" ] || return + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 + [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return - [ "$cfs_period" = "0" ] && return + [ "$cfs_quota" = "-1" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return + [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } get_quota_v2() { cpuroot=$1 ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return + [ -f "$cpuroot/cpu.max" ] || return 1 cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return - [ "$cfs_period" = "0" ] && return + [ "$cfs_quota" = "max" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return + [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } @@ -69,8 +69,8 @@ get_cgroup_v1_path() { foundroot= mountpoint= - [ -r "/proc/self/mountinfo" ] || return - [ -r "/proc/self/cgroup" ] || return + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do case "$needle" in @@ -78,6 +78,7 @@ get_cgroup_v1_path() { case "$line" in *cpuset*) found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break ;; esac ;; @@ -87,6 +88,7 @@ get_cgroup_v1_path() { ;; *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break ;; esac esac @@ -101,6 +103,7 @@ __EOF__ case "$controller" in cpuset) mountpoint=$( echo "$line" | cut -d: -f 3 ) + break ;; esac ;; @@ -108,6 +111,7 @@ __EOF__ case "$controller" in cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) mountpoint=$( echo "$line" | cut -d: -f 3 ) + break ;; esac ;; @@ -132,8 +136,8 @@ get_cgroup_v2_path() { foundroot= mountpoint= - [ -r "/proc/self/mountinfo" ] || return - [ -r "/proc/self/cgroup" ] || return + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do found=$( echo "$line" | cut -d ' ' -f 4,5 ) @@ -149,7 +153,7 @@ __EOF__ case "${found%% *}" in "") - return + return 1 ;; "/") foundroot="${found##* }$mountpoint" @@ -167,20 +171,10 @@ ncpu_quota= ncpu_cpuset_v2= ncpu_quota_v2= -cpuset=$( get_cgroup_v1_path "cpuset" ) -[ "$cpuset" ] && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) -[ "$ncpu_cpuset" ] || ncpu_cpuset=$ncpu_online - -cpu=$( get_cgroup_v1_path "cpu" ) -[ "$cpu" ] && ncpu_quota=$( get_quota "$cpu" ) -[ "$ncpu_quota" ] || ncpu_quota=$ncpu_online - -cgroup_v2=$( get_cgroup_v2_path ) -[ "$cgroup_v2" ] && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) -[ "$ncpu_cpuset_v2" ] || ncpu_cpuset_v2=$ncpu_online - -[ "$cgroup_v2" ] && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) -[ "$ncpu_quota_v2" ] || ncpu_quota_v2=$ncpu_online +cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online +cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ "$ncpu_online" \ diff --git a/mainline/alpine/30-tune-worker-processes.sh b/mainline/alpine/30-tune-worker-processes.sh index 4adb0432..56505871 100755 --- a/mainline/alpine/30-tune-worker-processes.sh +++ b/mainline/alpine/30-tune-worker-processes.sh @@ -21,7 +21,7 @@ get_cpuset() { cpusetroot=$1 cpusetfile=$2 ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return + [ -f "$cpusetroot/$cpusetfile" ] || return 1 for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do case "$token" in *-*) @@ -39,27 +39,27 @@ get_cpuset() { get_quota() { cpuroot=$1 ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return - [ -f "$cpuroot/cpu.cfs_period_us" ] || return + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 + [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return - [ "$cfs_period" = "0" ] && return + [ "$cfs_quota" = "-1" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return + [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } get_quota_v2() { cpuroot=$1 ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return + [ -f "$cpuroot/cpu.max" ] || return 1 cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return - [ "$cfs_period" = "0" ] && return + [ "$cfs_quota" = "max" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return + [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } @@ -69,8 +69,8 @@ get_cgroup_v1_path() { foundroot= mountpoint= - [ -r "/proc/self/mountinfo" ] || return - [ -r "/proc/self/cgroup" ] || return + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do case "$needle" in @@ -78,6 +78,7 @@ get_cgroup_v1_path() { case "$line" in *cpuset*) found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break ;; esac ;; @@ -87,6 +88,7 @@ get_cgroup_v1_path() { ;; *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break ;; esac esac @@ -101,6 +103,7 @@ __EOF__ case "$controller" in cpuset) mountpoint=$( echo "$line" | cut -d: -f 3 ) + break ;; esac ;; @@ -108,6 +111,7 @@ __EOF__ case "$controller" in cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) mountpoint=$( echo "$line" | cut -d: -f 3 ) + break ;; esac ;; @@ -132,8 +136,8 @@ get_cgroup_v2_path() { foundroot= mountpoint= - [ -r "/proc/self/mountinfo" ] || return - [ -r "/proc/self/cgroup" ] || return + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do found=$( echo "$line" | cut -d ' ' -f 4,5 ) @@ -149,7 +153,7 @@ __EOF__ case "${found%% *}" in "") - return + return 1 ;; "/") foundroot="${found##* }$mountpoint" @@ -167,20 +171,10 @@ ncpu_quota= ncpu_cpuset_v2= ncpu_quota_v2= -cpuset=$( get_cgroup_v1_path "cpuset" ) -[ "$cpuset" ] && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) -[ "$ncpu_cpuset" ] || ncpu_cpuset=$ncpu_online - -cpu=$( get_cgroup_v1_path "cpu" ) -[ "$cpu" ] && ncpu_quota=$( get_quota "$cpu" ) -[ "$ncpu_quota" ] || ncpu_quota=$ncpu_online - -cgroup_v2=$( get_cgroup_v2_path ) -[ "$cgroup_v2" ] && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) -[ "$ncpu_cpuset_v2" ] || ncpu_cpuset_v2=$ncpu_online - -[ "$cgroup_v2" ] && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) -[ "$ncpu_quota_v2" ] || ncpu_quota_v2=$ncpu_online +cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online +cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ "$ncpu_online" \ diff --git a/mainline/debian-perl/30-tune-worker-processes.sh b/mainline/debian-perl/30-tune-worker-processes.sh index 4adb0432..56505871 100755 --- a/mainline/debian-perl/30-tune-worker-processes.sh +++ b/mainline/debian-perl/30-tune-worker-processes.sh @@ -21,7 +21,7 @@ get_cpuset() { cpusetroot=$1 cpusetfile=$2 ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return + [ -f "$cpusetroot/$cpusetfile" ] || return 1 for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do case "$token" in *-*) @@ -39,27 +39,27 @@ get_cpuset() { get_quota() { cpuroot=$1 ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return - [ -f "$cpuroot/cpu.cfs_period_us" ] || return + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 + [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return - [ "$cfs_period" = "0" ] && return + [ "$cfs_quota" = "-1" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return + [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } get_quota_v2() { cpuroot=$1 ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return + [ -f "$cpuroot/cpu.max" ] || return 1 cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return - [ "$cfs_period" = "0" ] && return + [ "$cfs_quota" = "max" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return + [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } @@ -69,8 +69,8 @@ get_cgroup_v1_path() { foundroot= mountpoint= - [ -r "/proc/self/mountinfo" ] || return - [ -r "/proc/self/cgroup" ] || return + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do case "$needle" in @@ -78,6 +78,7 @@ get_cgroup_v1_path() { case "$line" in *cpuset*) found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break ;; esac ;; @@ -87,6 +88,7 @@ get_cgroup_v1_path() { ;; *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break ;; esac esac @@ -101,6 +103,7 @@ __EOF__ case "$controller" in cpuset) mountpoint=$( echo "$line" | cut -d: -f 3 ) + break ;; esac ;; @@ -108,6 +111,7 @@ __EOF__ case "$controller" in cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) mountpoint=$( echo "$line" | cut -d: -f 3 ) + break ;; esac ;; @@ -132,8 +136,8 @@ get_cgroup_v2_path() { foundroot= mountpoint= - [ -r "/proc/self/mountinfo" ] || return - [ -r "/proc/self/cgroup" ] || return + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do found=$( echo "$line" | cut -d ' ' -f 4,5 ) @@ -149,7 +153,7 @@ __EOF__ case "${found%% *}" in "") - return + return 1 ;; "/") foundroot="${found##* }$mountpoint" @@ -167,20 +171,10 @@ ncpu_quota= ncpu_cpuset_v2= ncpu_quota_v2= -cpuset=$( get_cgroup_v1_path "cpuset" ) -[ "$cpuset" ] && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) -[ "$ncpu_cpuset" ] || ncpu_cpuset=$ncpu_online - -cpu=$( get_cgroup_v1_path "cpu" ) -[ "$cpu" ] && ncpu_quota=$( get_quota "$cpu" ) -[ "$ncpu_quota" ] || ncpu_quota=$ncpu_online - -cgroup_v2=$( get_cgroup_v2_path ) -[ "$cgroup_v2" ] && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) -[ "$ncpu_cpuset_v2" ] || ncpu_cpuset_v2=$ncpu_online - -[ "$cgroup_v2" ] && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) -[ "$ncpu_quota_v2" ] || ncpu_quota_v2=$ncpu_online +cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online +cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ "$ncpu_online" \ diff --git a/mainline/debian/30-tune-worker-processes.sh b/mainline/debian/30-tune-worker-processes.sh index 4adb0432..56505871 100755 --- a/mainline/debian/30-tune-worker-processes.sh +++ b/mainline/debian/30-tune-worker-processes.sh @@ -21,7 +21,7 @@ get_cpuset() { cpusetroot=$1 cpusetfile=$2 ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return + [ -f "$cpusetroot/$cpusetfile" ] || return 1 for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do case "$token" in *-*) @@ -39,27 +39,27 @@ get_cpuset() { get_quota() { cpuroot=$1 ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return - [ -f "$cpuroot/cpu.cfs_period_us" ] || return + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 + [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return - [ "$cfs_period" = "0" ] && return + [ "$cfs_quota" = "-1" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return + [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } get_quota_v2() { cpuroot=$1 ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return + [ -f "$cpuroot/cpu.max" ] || return 1 cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return - [ "$cfs_period" = "0" ] && return + [ "$cfs_quota" = "max" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return + [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } @@ -69,8 +69,8 @@ get_cgroup_v1_path() { foundroot= mountpoint= - [ -r "/proc/self/mountinfo" ] || return - [ -r "/proc/self/cgroup" ] || return + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do case "$needle" in @@ -78,6 +78,7 @@ get_cgroup_v1_path() { case "$line" in *cpuset*) found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break ;; esac ;; @@ -87,6 +88,7 @@ get_cgroup_v1_path() { ;; *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break ;; esac esac @@ -101,6 +103,7 @@ __EOF__ case "$controller" in cpuset) mountpoint=$( echo "$line" | cut -d: -f 3 ) + break ;; esac ;; @@ -108,6 +111,7 @@ __EOF__ case "$controller" in cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) mountpoint=$( echo "$line" | cut -d: -f 3 ) + break ;; esac ;; @@ -132,8 +136,8 @@ get_cgroup_v2_path() { foundroot= mountpoint= - [ -r "/proc/self/mountinfo" ] || return - [ -r "/proc/self/cgroup" ] || return + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do found=$( echo "$line" | cut -d ' ' -f 4,5 ) @@ -149,7 +153,7 @@ __EOF__ case "${found%% *}" in "") - return + return 1 ;; "/") foundroot="${found##* }$mountpoint" @@ -167,20 +171,10 @@ ncpu_quota= ncpu_cpuset_v2= ncpu_quota_v2= -cpuset=$( get_cgroup_v1_path "cpuset" ) -[ "$cpuset" ] && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) -[ "$ncpu_cpuset" ] || ncpu_cpuset=$ncpu_online - -cpu=$( get_cgroup_v1_path "cpu" ) -[ "$cpu" ] && ncpu_quota=$( get_quota "$cpu" ) -[ "$ncpu_quota" ] || ncpu_quota=$ncpu_online - -cgroup_v2=$( get_cgroup_v2_path ) -[ "$cgroup_v2" ] && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) -[ "$ncpu_cpuset_v2" ] || ncpu_cpuset_v2=$ncpu_online - -[ "$cgroup_v2" ] && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) -[ "$ncpu_quota_v2" ] || ncpu_quota_v2=$ncpu_online +cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online +cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ "$ncpu_online" \ diff --git a/stable/alpine-perl/30-tune-worker-processes.sh b/stable/alpine-perl/30-tune-worker-processes.sh index 4adb0432..56505871 100755 --- a/stable/alpine-perl/30-tune-worker-processes.sh +++ b/stable/alpine-perl/30-tune-worker-processes.sh @@ -21,7 +21,7 @@ get_cpuset() { cpusetroot=$1 cpusetfile=$2 ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return + [ -f "$cpusetroot/$cpusetfile" ] || return 1 for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do case "$token" in *-*) @@ -39,27 +39,27 @@ get_cpuset() { get_quota() { cpuroot=$1 ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return - [ -f "$cpuroot/cpu.cfs_period_us" ] || return + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 + [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return - [ "$cfs_period" = "0" ] && return + [ "$cfs_quota" = "-1" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return + [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } get_quota_v2() { cpuroot=$1 ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return + [ -f "$cpuroot/cpu.max" ] || return 1 cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return - [ "$cfs_period" = "0" ] && return + [ "$cfs_quota" = "max" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return + [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } @@ -69,8 +69,8 @@ get_cgroup_v1_path() { foundroot= mountpoint= - [ -r "/proc/self/mountinfo" ] || return - [ -r "/proc/self/cgroup" ] || return + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do case "$needle" in @@ -78,6 +78,7 @@ get_cgroup_v1_path() { case "$line" in *cpuset*) found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break ;; esac ;; @@ -87,6 +88,7 @@ get_cgroup_v1_path() { ;; *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break ;; esac esac @@ -101,6 +103,7 @@ __EOF__ case "$controller" in cpuset) mountpoint=$( echo "$line" | cut -d: -f 3 ) + break ;; esac ;; @@ -108,6 +111,7 @@ __EOF__ case "$controller" in cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) mountpoint=$( echo "$line" | cut -d: -f 3 ) + break ;; esac ;; @@ -132,8 +136,8 @@ get_cgroup_v2_path() { foundroot= mountpoint= - [ -r "/proc/self/mountinfo" ] || return - [ -r "/proc/self/cgroup" ] || return + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do found=$( echo "$line" | cut -d ' ' -f 4,5 ) @@ -149,7 +153,7 @@ __EOF__ case "${found%% *}" in "") - return + return 1 ;; "/") foundroot="${found##* }$mountpoint" @@ -167,20 +171,10 @@ ncpu_quota= ncpu_cpuset_v2= ncpu_quota_v2= -cpuset=$( get_cgroup_v1_path "cpuset" ) -[ "$cpuset" ] && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) -[ "$ncpu_cpuset" ] || ncpu_cpuset=$ncpu_online - -cpu=$( get_cgroup_v1_path "cpu" ) -[ "$cpu" ] && ncpu_quota=$( get_quota "$cpu" ) -[ "$ncpu_quota" ] || ncpu_quota=$ncpu_online - -cgroup_v2=$( get_cgroup_v2_path ) -[ "$cgroup_v2" ] && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) -[ "$ncpu_cpuset_v2" ] || ncpu_cpuset_v2=$ncpu_online - -[ "$cgroup_v2" ] && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) -[ "$ncpu_quota_v2" ] || ncpu_quota_v2=$ncpu_online +cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online +cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ "$ncpu_online" \ diff --git a/stable/alpine/30-tune-worker-processes.sh b/stable/alpine/30-tune-worker-processes.sh index 4adb0432..56505871 100755 --- a/stable/alpine/30-tune-worker-processes.sh +++ b/stable/alpine/30-tune-worker-processes.sh @@ -21,7 +21,7 @@ get_cpuset() { cpusetroot=$1 cpusetfile=$2 ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return + [ -f "$cpusetroot/$cpusetfile" ] || return 1 for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do case "$token" in *-*) @@ -39,27 +39,27 @@ get_cpuset() { get_quota() { cpuroot=$1 ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return - [ -f "$cpuroot/cpu.cfs_period_us" ] || return + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 + [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return - [ "$cfs_period" = "0" ] && return + [ "$cfs_quota" = "-1" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return + [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } get_quota_v2() { cpuroot=$1 ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return + [ -f "$cpuroot/cpu.max" ] || return 1 cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return - [ "$cfs_period" = "0" ] && return + [ "$cfs_quota" = "max" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return + [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } @@ -69,8 +69,8 @@ get_cgroup_v1_path() { foundroot= mountpoint= - [ -r "/proc/self/mountinfo" ] || return - [ -r "/proc/self/cgroup" ] || return + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do case "$needle" in @@ -78,6 +78,7 @@ get_cgroup_v1_path() { case "$line" in *cpuset*) found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break ;; esac ;; @@ -87,6 +88,7 @@ get_cgroup_v1_path() { ;; *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break ;; esac esac @@ -101,6 +103,7 @@ __EOF__ case "$controller" in cpuset) mountpoint=$( echo "$line" | cut -d: -f 3 ) + break ;; esac ;; @@ -108,6 +111,7 @@ __EOF__ case "$controller" in cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) mountpoint=$( echo "$line" | cut -d: -f 3 ) + break ;; esac ;; @@ -132,8 +136,8 @@ get_cgroup_v2_path() { foundroot= mountpoint= - [ -r "/proc/self/mountinfo" ] || return - [ -r "/proc/self/cgroup" ] || return + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do found=$( echo "$line" | cut -d ' ' -f 4,5 ) @@ -149,7 +153,7 @@ __EOF__ case "${found%% *}" in "") - return + return 1 ;; "/") foundroot="${found##* }$mountpoint" @@ -167,20 +171,10 @@ ncpu_quota= ncpu_cpuset_v2= ncpu_quota_v2= -cpuset=$( get_cgroup_v1_path "cpuset" ) -[ "$cpuset" ] && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) -[ "$ncpu_cpuset" ] || ncpu_cpuset=$ncpu_online - -cpu=$( get_cgroup_v1_path "cpu" ) -[ "$cpu" ] && ncpu_quota=$( get_quota "$cpu" ) -[ "$ncpu_quota" ] || ncpu_quota=$ncpu_online - -cgroup_v2=$( get_cgroup_v2_path ) -[ "$cgroup_v2" ] && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) -[ "$ncpu_cpuset_v2" ] || ncpu_cpuset_v2=$ncpu_online - -[ "$cgroup_v2" ] && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) -[ "$ncpu_quota_v2" ] || ncpu_quota_v2=$ncpu_online +cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online +cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ "$ncpu_online" \ diff --git a/stable/debian-perl/30-tune-worker-processes.sh b/stable/debian-perl/30-tune-worker-processes.sh index 4adb0432..56505871 100755 --- a/stable/debian-perl/30-tune-worker-processes.sh +++ b/stable/debian-perl/30-tune-worker-processes.sh @@ -21,7 +21,7 @@ get_cpuset() { cpusetroot=$1 cpusetfile=$2 ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return + [ -f "$cpusetroot/$cpusetfile" ] || return 1 for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do case "$token" in *-*) @@ -39,27 +39,27 @@ get_cpuset() { get_quota() { cpuroot=$1 ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return - [ -f "$cpuroot/cpu.cfs_period_us" ] || return + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 + [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return - [ "$cfs_period" = "0" ] && return + [ "$cfs_quota" = "-1" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return + [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } get_quota_v2() { cpuroot=$1 ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return + [ -f "$cpuroot/cpu.max" ] || return 1 cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return - [ "$cfs_period" = "0" ] && return + [ "$cfs_quota" = "max" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return + [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } @@ -69,8 +69,8 @@ get_cgroup_v1_path() { foundroot= mountpoint= - [ -r "/proc/self/mountinfo" ] || return - [ -r "/proc/self/cgroup" ] || return + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do case "$needle" in @@ -78,6 +78,7 @@ get_cgroup_v1_path() { case "$line" in *cpuset*) found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break ;; esac ;; @@ -87,6 +88,7 @@ get_cgroup_v1_path() { ;; *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break ;; esac esac @@ -101,6 +103,7 @@ __EOF__ case "$controller" in cpuset) mountpoint=$( echo "$line" | cut -d: -f 3 ) + break ;; esac ;; @@ -108,6 +111,7 @@ __EOF__ case "$controller" in cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) mountpoint=$( echo "$line" | cut -d: -f 3 ) + break ;; esac ;; @@ -132,8 +136,8 @@ get_cgroup_v2_path() { foundroot= mountpoint= - [ -r "/proc/self/mountinfo" ] || return - [ -r "/proc/self/cgroup" ] || return + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do found=$( echo "$line" | cut -d ' ' -f 4,5 ) @@ -149,7 +153,7 @@ __EOF__ case "${found%% *}" in "") - return + return 1 ;; "/") foundroot="${found##* }$mountpoint" @@ -167,20 +171,10 @@ ncpu_quota= ncpu_cpuset_v2= ncpu_quota_v2= -cpuset=$( get_cgroup_v1_path "cpuset" ) -[ "$cpuset" ] && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) -[ "$ncpu_cpuset" ] || ncpu_cpuset=$ncpu_online - -cpu=$( get_cgroup_v1_path "cpu" ) -[ "$cpu" ] && ncpu_quota=$( get_quota "$cpu" ) -[ "$ncpu_quota" ] || ncpu_quota=$ncpu_online - -cgroup_v2=$( get_cgroup_v2_path ) -[ "$cgroup_v2" ] && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) -[ "$ncpu_cpuset_v2" ] || ncpu_cpuset_v2=$ncpu_online - -[ "$cgroup_v2" ] && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) -[ "$ncpu_quota_v2" ] || ncpu_quota_v2=$ncpu_online +cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online +cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ "$ncpu_online" \ diff --git a/stable/debian/30-tune-worker-processes.sh b/stable/debian/30-tune-worker-processes.sh index 4adb0432..56505871 100755 --- a/stable/debian/30-tune-worker-processes.sh +++ b/stable/debian/30-tune-worker-processes.sh @@ -21,7 +21,7 @@ get_cpuset() { cpusetroot=$1 cpusetfile=$2 ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return + [ -f "$cpusetroot/$cpusetfile" ] || return 1 for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do case "$token" in *-*) @@ -39,27 +39,27 @@ get_cpuset() { get_quota() { cpuroot=$1 ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return - [ -f "$cpuroot/cpu.cfs_period_us" ] || return + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 + [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return - [ "$cfs_period" = "0" ] && return + [ "$cfs_quota" = "-1" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return + [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } get_quota_v2() { cpuroot=$1 ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return + [ -f "$cpuroot/cpu.max" ] || return 1 cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return - [ "$cfs_period" = "0" ] && return + [ "$cfs_quota" = "max" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return + [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } @@ -69,8 +69,8 @@ get_cgroup_v1_path() { foundroot= mountpoint= - [ -r "/proc/self/mountinfo" ] || return - [ -r "/proc/self/cgroup" ] || return + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do case "$needle" in @@ -78,6 +78,7 @@ get_cgroup_v1_path() { case "$line" in *cpuset*) found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break ;; esac ;; @@ -87,6 +88,7 @@ get_cgroup_v1_path() { ;; *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break ;; esac esac @@ -101,6 +103,7 @@ __EOF__ case "$controller" in cpuset) mountpoint=$( echo "$line" | cut -d: -f 3 ) + break ;; esac ;; @@ -108,6 +111,7 @@ __EOF__ case "$controller" in cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) mountpoint=$( echo "$line" | cut -d: -f 3 ) + break ;; esac ;; @@ -132,8 +136,8 @@ get_cgroup_v2_path() { foundroot= mountpoint= - [ -r "/proc/self/mountinfo" ] || return - [ -r "/proc/self/cgroup" ] || return + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do found=$( echo "$line" | cut -d ' ' -f 4,5 ) @@ -149,7 +153,7 @@ __EOF__ case "${found%% *}" in "") - return + return 1 ;; "/") foundroot="${found##* }$mountpoint" @@ -167,20 +171,10 @@ ncpu_quota= ncpu_cpuset_v2= ncpu_quota_v2= -cpuset=$( get_cgroup_v1_path "cpuset" ) -[ "$cpuset" ] && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) -[ "$ncpu_cpuset" ] || ncpu_cpuset=$ncpu_online - -cpu=$( get_cgroup_v1_path "cpu" ) -[ "$cpu" ] && ncpu_quota=$( get_quota "$cpu" ) -[ "$ncpu_quota" ] || ncpu_quota=$ncpu_online - -cgroup_v2=$( get_cgroup_v2_path ) -[ "$cgroup_v2" ] && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) -[ "$ncpu_cpuset_v2" ] || ncpu_cpuset_v2=$ncpu_online - -[ "$cgroup_v2" ] && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) -[ "$ncpu_quota_v2" ] || ncpu_quota_v2=$ncpu_online +cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online +cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ "$ncpu_online" \ From e7bab21fb789267fcf5b4d8d3b8a9a4df82966c3 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 12 Mar 2021 18:32:43 +0300 Subject: [PATCH 181/377] modules: use the same workaround for Alpine as we had for Debian Same as e559b4da5b4cf0cf94990906f7523d6efcdcdbc9. --- modules/Dockerfile.alpine | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/Dockerfile.alpine b/modules/Dockerfile.alpine index b2b8b3e3..ec64282a 100644 --- a/modules/Dockerfile.alpine +++ b/modules/Dockerfile.alpine @@ -47,9 +47,9 @@ RUN set -ex \ elif make -C /pkg-oss/alpine list | grep -E "^$module\s+\d+" > /dev/null; then \ echo "Building $module from pkg-oss sources"; \ cd /pkg-oss/alpine; \ - make abuild-module-$module BASE_VERSION=$NGINX_VERSION; \ + make abuild-module-$module BASE_VERSION=$NGINX_VERSION NGINX_VERSION=$NGINX_VERSION; \ apk add $(. ./abuild-module-$module/APKBUILD; echo $makedepends;); \ - make module-$module BASE_VERSION=$NGINX_VERSION; \ + make module-$module BASE_VERSION=$NGINX_VERSION NGINX_VERSION=$NGINX_VERSION; \ find ~/packages -type f -name "*.apk" -exec mv -v {} /tmp/packages/ \;; \ else \ echo "Don't know how to build $module module, exiting"; \ From 511c0fe67247c918395640e73abd2913695c10b1 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 30 Mar 2021 16:42:52 +0300 Subject: [PATCH 182/377] modules: check out an explicit pkg-oss tag. Fixes #518 --- modules/Dockerfile | 2 +- modules/Dockerfile.alpine | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/Dockerfile b/modules/Dockerfile index de4c0a76..cbd3a55f 100644 --- a/modules/Dockerfile +++ b/modules/Dockerfile @@ -16,7 +16,7 @@ RUN set -ex \ patch make wget mercurial devscripts debhelper dpkg-dev \ quilt lsb-release build-essential libxml2-utils xsltproc \ equivs git g++ \ - && hg clone https://hg.nginx.org/pkg-oss/ \ + && hg clone -r ${NGINX_VERSION}-${PKG_RELEASE} https://hg.nginx.org/pkg-oss/ \ && cd pkg-oss \ && mkdir /tmp/packages \ && for module in $ENABLED_MODULES; do \ diff --git a/modules/Dockerfile.alpine b/modules/Dockerfile.alpine index ec64282a..68644172 100644 --- a/modules/Dockerfile.alpine +++ b/modules/Dockerfile.alpine @@ -18,7 +18,7 @@ RUN set -ex \ # allow abuild as a root user \ && printf "#!/bin/sh\\n/usr/bin/abuild -F \"\$@\"\\n" > /usr/local/bin/abuild \ && chmod +x /usr/local/bin/abuild \ - && hg clone https://hg.nginx.org/pkg-oss/ \ + && hg clone -r ${NGINX_VERSION}-${PKG_RELEASE} https://hg.nginx.org/pkg-oss/ \ && cd pkg-oss \ && mkdir /tmp/packages \ && for module in $ENABLED_MODULES; do \ From 0f300ed4ae80724c569c9694bf89014e96ab567b Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 30 Mar 2021 19:26:57 +0300 Subject: [PATCH 183/377] Updated mainline nginx to 1.19.9 and njs to 0.5.3 --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 4 ++-- update.sh | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 2f629e00..9d8d5b4c 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.13 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.8 -ENV NJS_VERSION 0.5.2 +ENV NGINX_VERSION 1.19.9 +ENV NJS_VERSION 0.5.3 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 9e7f149a..a15e0e39 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.13 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.8 -ENV NJS_VERSION 0.5.2 +ENV NGINX_VERSION 1.19.9 +ENV NJS_VERSION 0.5.3 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 47f68d5c..6c432428 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -7,8 +7,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.8 -ENV NJS_VERSION 0.5.2 +ENV NGINX_VERSION 1.19.9 +ENV NJS_VERSION 0.5.3 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 2ff9655d..44891177 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.8 -ENV NJS_VERSION 0.5.2 +ENV NGINX_VERSION 1.19.9 +ENV NJS_VERSION 0.5.3 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/update.sh b/update.sh index 71696fc2..d5ec49ee 100755 --- a/update.sh +++ b/update.sh @@ -10,11 +10,11 @@ declare branches=( ) declare -A nginx=( - [mainline]='1.19.8' + [mainline]='1.19.9' [stable]='1.18.0' ) -defaultnjs='0.5.2' +defaultnjs='0.5.3' declare -A njs=( [stable]='0.4.4' ) From e129306eecbb60a5acc335fcd394e0878a3600ab Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 7 Apr 2021 14:36:28 +0300 Subject: [PATCH 184/377] modules: strip debian version from PKG_RELEASE Fixes #527 --- modules/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Dockerfile b/modules/Dockerfile index cbd3a55f..9dcbe400 100644 --- a/modules/Dockerfile +++ b/modules/Dockerfile @@ -16,7 +16,7 @@ RUN set -ex \ patch make wget mercurial devscripts debhelper dpkg-dev \ quilt lsb-release build-essential libxml2-utils xsltproc \ equivs git g++ \ - && hg clone -r ${NGINX_VERSION}-${PKG_RELEASE} https://hg.nginx.org/pkg-oss/ \ + && hg clone -r ${NGINX_VERSION}-${PKG_RELEASE%%~*} https://hg.nginx.org/pkg-oss/ \ && cd pkg-oss \ && mkdir /tmp/packages \ && for module in $ENABLED_MODULES; do \ From 464886ab21ebe4b036ceb36d7557bf491f6d9320 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 13 Apr 2021 19:48:13 +0300 Subject: [PATCH 185/377] Updated mainline nginx to 1.19.10 --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 2 +- update.sh | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 9d8d5b4c..ee7d540b 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.13 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.9 +ENV NGINX_VERSION 1.19.10 ENV NJS_VERSION 0.5.3 ENV PKG_RELEASE 1 diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index a15e0e39..bba7ac8c 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.13 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.9 +ENV NGINX_VERSION 1.19.10 ENV NJS_VERSION 0.5.3 ENV PKG_RELEASE 1 diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 6c432428..4380f2d9 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -7,7 +7,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.9 +ENV NGINX_VERSION 1.19.10 ENV NJS_VERSION 0.5.3 ENV PKG_RELEASE 1~buster diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 44891177..727af2ba 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,7 +7,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.9 +ENV NGINX_VERSION 1.19.10 ENV NJS_VERSION 0.5.3 ENV PKG_RELEASE 1~buster diff --git a/update.sh b/update.sh index d5ec49ee..b2ce85bc 100755 --- a/update.sh +++ b/update.sh @@ -10,7 +10,7 @@ declare branches=( ) declare -A nginx=( - [mainline]='1.19.9' + [mainline]='1.19.10' [stable]='1.18.0' ) From 010bcbf4db311fd682029b71d92cf2633392fe13 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 20 Apr 2021 19:12:21 +0300 Subject: [PATCH 186/377] Alpine template: nginx.org now provides aarch64 packages. --- Dockerfile-alpine.template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 1ce4411a..a9eb066e 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -14,7 +14,7 @@ RUN set -x \ && nginxPackages="%%PACKAGES%% " \ && case "$apkArch" in \ - x86_64) \ + x86_64|aarch64) \ # arches officially built by upstream set -x \ && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ From ab8516ed3a212d8a03392567c8f55c570c839e59 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 20 Apr 2021 19:13:24 +0300 Subject: [PATCH 187/377] Updated stable nginx to 1.20.0 While at it, bumped alpine base image to 3.13 and njs to 0.5.3 --- stable/alpine-perl/Dockerfile | 10 +++++----- stable/alpine/Dockerfile | 10 +++++----- stable/debian-perl/Dockerfile | 8 ++++---- stable/debian/Dockerfile | 8 ++++---- update.sh | 11 ++++------- 5 files changed, 22 insertions(+), 25 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 6df7dde2..4a6766e5 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,13 +3,13 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.11 +FROM alpine:3.13 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.18.0 -ENV NJS_VERSION 0.4.4 -ENV PKG_RELEASE 2 +ENV NGINX_VERSION 1.20.0 +ENV NJS_VERSION 0.5.3 +ENV PKG_RELEASE 1 RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -25,7 +25,7 @@ RUN set -x \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ " \ && case "$apkArch" in \ - x86_64) \ + x86_64|aarch64) \ # arches officially built by upstream set -x \ && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 397380ad..0a04fa80 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,13 +3,13 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.11 +FROM alpine:3.13 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.18.0 -ENV NJS_VERSION 0.4.4 -ENV PKG_RELEASE 2 +ENV NGINX_VERSION 1.20.0 +ENV NJS_VERSION 0.5.3 +ENV PKG_RELEASE 1 RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -24,7 +24,7 @@ RUN set -x \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ " \ && case "$apkArch" in \ - x86_64) \ + x86_64|aarch64) \ # arches officially built by upstream set -x \ && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 90a797dc..f68d9929 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -7,9 +7,9 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.18.0 -ENV NJS_VERSION 0.4.4 -ENV PKG_RELEASE 2~buster +ENV NGINX_VERSION 1.20.0 +ENV NJS_VERSION 0.5.3 +ENV PKG_RELEASE 1~buster RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -38,7 +38,7 @@ RUN set -x \ nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ amd64|i386|arm64) \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index a4d932bf..7010be03 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -7,9 +7,9 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.18.0 -ENV NJS_VERSION 0.4.4 -ENV PKG_RELEASE 2~buster +ENV NGINX_VERSION 1.20.0 +ENV NJS_VERSION 0.5.3 +ENV PKG_RELEASE 1~buster RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -37,7 +37,7 @@ RUN set -x \ nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ amd64|i386|arm64) \ diff --git a/update.sh b/update.sh index b2ce85bc..e47284f5 100755 --- a/update.sh +++ b/update.sh @@ -11,17 +11,17 @@ declare branches=( declare -A nginx=( [mainline]='1.19.10' - [stable]='1.18.0' + [stable]='1.20.0' ) defaultnjs='0.5.3' declare -A njs=( - [stable]='0.4.4' +# [stable]='0.4.4' ) defaultpkg='1' declare -A pkg=( - [stable]=2 +# [stable]=2 ) defaultdebian='buster' @@ -31,7 +31,7 @@ declare -A debian=( defaultalpine='3.13' declare -A alpine=( - [stable]='3.11' +# [stable]='3.11' ) # When we bump njs version in a stable release we don't move the tag in the @@ -54,9 +54,6 @@ get_packages() { r="r" sep="." ;; - debian*:stable) - sep="." - ;; debian*:*) sep="+" ;; From 1612733ec60173d9d4a18a0916b860a0ff255e74 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 21 Apr 2021 11:53:41 +0300 Subject: [PATCH 188/377] generate-stackbrew-library.sh: bump stable to 1.20 --- generate-stackbrew-library.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 4ebadcb0..428e4125 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -4,7 +4,7 @@ set -eu declare -A aliases aliases=( [mainline]='1 1.19 latest' - [stable]='1.18' + [stable]='1.20' ) self="$(basename "$BASH_SOURCE")" From be61420a4a6b97ad1e40325b3bbba198bf555e58 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 11 May 2021 12:25:34 +0300 Subject: [PATCH 189/377] sync-awsecr.sh: bump stable to 1.20 Refs: #545 --- sync-awsecr.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sync-awsecr.sh b/sync-awsecr.sh index f9746f01..26196dda 100755 --- a/sync-awsecr.sh +++ b/sync-awsecr.sh @@ -7,7 +7,7 @@ registry="public.ecr.aws/z9d2n7e1" declare -A aliases aliases=( [mainline]='1 1.19 latest' - [stable]='1.18' + [stable]='1.20' ) architectures=( amd64 arm64v8 ) From f3fe494531f9b157d9c09ba509e412dace54cd4f Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 25 May 2021 17:17:47 +0300 Subject: [PATCH 190/377] Updated nginx to 1.20.1 and 1.21.0 --- generate-stackbrew-library.sh | 2 +- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- stable/debian-perl/Dockerfile | 2 +- stable/debian/Dockerfile | 2 +- sync-awsecr.sh | 2 +- update.sh | 4 ++-- 11 files changed, 14 insertions(+), 14 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 428e4125..4ff7ea38 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -3,7 +3,7 @@ set -eu declare -A aliases aliases=( - [mainline]='1 1.19 latest' + [mainline]='1 1.21 latest' [stable]='1.20' ) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index ee7d540b..8bf36e07 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.13 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.10 +ENV NGINX_VERSION 1.21.0 ENV NJS_VERSION 0.5.3 ENV PKG_RELEASE 1 @@ -25,7 +25,7 @@ RUN set -x \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ " \ && case "$apkArch" in \ - x86_64) \ + x86_64|aarch64) \ # arches officially built by upstream set -x \ && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index bba7ac8c..96e351ce 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.13 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.10 +ENV NGINX_VERSION 1.21.0 ENV NJS_VERSION 0.5.3 ENV PKG_RELEASE 1 @@ -24,7 +24,7 @@ RUN set -x \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ " \ && case "$apkArch" in \ - x86_64) \ + x86_64|aarch64) \ # arches officially built by upstream set -x \ && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 4380f2d9..65007826 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -7,7 +7,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.10 +ENV NGINX_VERSION 1.21.0 ENV NJS_VERSION 0.5.3 ENV PKG_RELEASE 1~buster diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 727af2ba..cdeb9c8c 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,7 +7,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.10 +ENV NGINX_VERSION 1.21.0 ENV NJS_VERSION 0.5.3 ENV PKG_RELEASE 1~buster diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 4a6766e5..f2ca2278 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.13 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.20.0 +ENV NGINX_VERSION 1.20.1 ENV NJS_VERSION 0.5.3 ENV PKG_RELEASE 1 diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 0a04fa80..f6bd08fe 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.13 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.20.0 +ENV NGINX_VERSION 1.20.1 ENV NJS_VERSION 0.5.3 ENV PKG_RELEASE 1 diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index f68d9929..6d5fd1a4 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -7,7 +7,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.20.0 +ENV NGINX_VERSION 1.20.1 ENV NJS_VERSION 0.5.3 ENV PKG_RELEASE 1~buster diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 7010be03..40b4d9ac 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -7,7 +7,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.20.0 +ENV NGINX_VERSION 1.20.1 ENV NJS_VERSION 0.5.3 ENV PKG_RELEASE 1~buster diff --git a/sync-awsecr.sh b/sync-awsecr.sh index 26196dda..767e03d4 100755 --- a/sync-awsecr.sh +++ b/sync-awsecr.sh @@ -6,7 +6,7 @@ registry="public.ecr.aws/z9d2n7e1" declare -A aliases aliases=( - [mainline]='1 1.19 latest' + [mainline]='1 1.21 latest' [stable]='1.20' ) diff --git a/update.sh b/update.sh index e47284f5..f315d367 100755 --- a/update.sh +++ b/update.sh @@ -10,8 +10,8 @@ declare branches=( ) declare -A nginx=( - [mainline]='1.19.10' - [stable]='1.20.0' + [mainline]='1.21.0' + [stable]='1.20.1' ) defaultnjs='0.5.3' From fe33fad50a41a866a73e0a6607cb189f56169201 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 2 Jun 2021 13:17:12 +0300 Subject: [PATCH 191/377] modules/Dockerfile.alpine: added coreutils to use proper tr --- modules/Dockerfile.alpine | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Dockerfile.alpine b/modules/Dockerfile.alpine index 68644172..3e47a413 100644 --- a/modules/Dockerfile.alpine +++ b/modules/Dockerfile.alpine @@ -14,7 +14,7 @@ RUN set -ex \ && apk update \ && apk add linux-headers openssl-dev pcre-dev zlib-dev openssl abuild \ musl-dev libxslt libxml2-utils make mercurial gcc unzip git \ - xz g++ \ + xz g++ coreutils \ # allow abuild as a root user \ && printf "#!/bin/sh\\n/usr/bin/abuild -F \"\$@\"\\n" > /usr/local/bin/abuild \ && chmod +x /usr/local/bin/abuild \ From 6a9fffa542c291b92bb5b135e67cea1e6c92c346 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 2 Jun 2021 14:26:25 +0300 Subject: [PATCH 192/377] third party: fixed builds with non-alphanumeric characters in module names Closes #540 Fixes #550 --- modules/Dockerfile | 9 ++++++--- modules/Dockerfile.alpine | 9 ++++++--- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/modules/Dockerfile b/modules/Dockerfile index 9dcbe400..7a4e7141 100644 --- a/modules/Dockerfile +++ b/modules/Dockerfile @@ -42,6 +42,7 @@ RUN set -ex \ /modules/$module/prebuild; \ fi; \ /pkg-oss/build_module.sh -v $NGINX_VERSION -f -y -o /tmp/packages -n $module $(cat /modules/$module/source); \ + BUILT_MODULES="$BUILT_MODULES $(echo $module | tr '[A-Z]' '[a-z]' | tr -d '[/_\-\.\t ]')"; \ elif make -C /pkg-oss/debian list | grep -P "^$module\s+\d" > /dev/null; then \ echo "Building $module from pkg-oss sources"; \ cd /pkg-oss/debian; \ @@ -49,18 +50,20 @@ RUN set -ex \ mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" debuild-module-$module/nginx-$NGINX_VERSION/debian/control; \ make module-$module BASE_VERSION=$NGINX_VERSION NGINX_VERSION=$NGINX_VERSION; \ find ../../ -maxdepth 1 -mindepth 1 -type f -name "*.deb" -exec mv -v {} /tmp/packages/ \;; \ + BUILT_MODULES="$BUILT_MODULES $module"; \ else \ echo "Don't know how to build $module module, exiting"; \ exit 1; \ fi; \ - done + done \ + && echo "BUILT_MODULES=\"$BUILT_MODULES\"" > /tmp/packages/modules.env FROM nginx:mainline -ARG ENABLED_MODULES COPY --from=builder /tmp/packages /tmp/packages RUN set -ex \ && apt update \ - && for module in $ENABLED_MODULES; do \ + && . /tmp/packages/modules.env \ + && for module in $BUILT_MODULES; do \ apt install --no-install-suggests --no-install-recommends -y /tmp/packages/nginx-module-${module}_${NGINX_VERSION}*.deb; \ done \ && rm -rf /tmp/packages \ diff --git a/modules/Dockerfile.alpine b/modules/Dockerfile.alpine index 3e47a413..63dcc69f 100644 --- a/modules/Dockerfile.alpine +++ b/modules/Dockerfile.alpine @@ -44,6 +44,7 @@ RUN set -ex \ /modules/$module/prebuild; \ fi; \ /pkg-oss/build_module.sh -v $NGINX_VERSION -f -y -o /tmp/packages -n $module $(cat /modules/$module/source); \ + BUILT_MODULES="$BUILT_MODULES $(echo $module | tr '[A-Z]' '[a-z]' | tr -d '[/_\-\.\t ]')"; \ elif make -C /pkg-oss/alpine list | grep -E "^$module\s+\d+" > /dev/null; then \ echo "Building $module from pkg-oss sources"; \ cd /pkg-oss/alpine; \ @@ -51,17 +52,19 @@ RUN set -ex \ apk add $(. ./abuild-module-$module/APKBUILD; echo $makedepends;); \ make module-$module BASE_VERSION=$NGINX_VERSION NGINX_VERSION=$NGINX_VERSION; \ find ~/packages -type f -name "*.apk" -exec mv -v {} /tmp/packages/ \;; \ + BUILT_MODULES="$BUILT_MODULES $module"; \ else \ echo "Don't know how to build $module module, exiting"; \ exit 1; \ fi; \ - done + done \ + && echo "BUILT_MODULES=\"$BUILT_MODULES\"" > /tmp/packages/modules.env FROM nginx:mainline-alpine -ARG ENABLED_MODULES COPY --from=builder /tmp/packages /tmp/packages RUN set -ex \ - && for module in $ENABLED_MODULES; do \ + && . /tmp/packages/modules.env \ + && for module in $BUILT_MODULES; do \ apk add --no-cache --allow-untrusted /tmp/packages/nginx-module-${module}-${NGINX_VERSION}*.apk; \ done \ && rm -rf /tmp/packages From 1c123ec554ac65238c57c2b9c5e97513829238d0 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 2 Jun 2021 14:41:58 +0300 Subject: [PATCH 193/377] modules: updated the list of supported modules --- modules/README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/modules/README.md b/modules/README.md index db8c93e9..f558e34a 100644 --- a/modules/README.md +++ b/modules/README.md @@ -34,21 +34,21 @@ auth-spnego 1.1.0-1 brotli 1.0.0-1 encrypted-session 0.08-1 fips-check 0.1-1 -geoip 1.19.7-1 +geoip 1.21.0-1 geoip2 3.3-1 headers-more 0.33-1 -image-filter 1.19.7-1 +image-filter 1.21.0-1 lua 0.10.19-1 modsecurity 1.0.1-2 ndk 0.3.1-1 -njs 0.5.1-1 -opentracing 0.10.0-1 -passenger 6.0.6-1 -perl 1.19.7-1 +njs 0.5.3-1 +opentracing 0.14.0-1 +passenger 6.0.8-1 +perl 1.21.0-1 rtmp 1.2.1-1 set-misc 0.32-1 subs-filter 0.6.4-1 -xslt 1.19.7-1 +xslt 1.21.0-1 make: Leaving directory '/pkg-oss/debian' ``` From 4fb962398934526d5851c07d1f6107db97918c71 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 2 Jul 2021 11:56:24 +0300 Subject: [PATCH 194/377] modules: Dockerfile.alpine: set SETFATTR=true to skip setfattr. This is suggested as a fix for build issues (#525) in https://gitlab.alpinelinux.org/alpine/abuild/-/commit/32b7789e9ac09dad7f6d39df349c9a94e93e00c8 --- modules/Dockerfile.alpine | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Dockerfile.alpine b/modules/Dockerfile.alpine index 63dcc69f..c154363e 100644 --- a/modules/Dockerfile.alpine +++ b/modules/Dockerfile.alpine @@ -16,7 +16,7 @@ RUN set -ex \ musl-dev libxslt libxml2-utils make mercurial gcc unzip git \ xz g++ coreutils \ # allow abuild as a root user \ - && printf "#!/bin/sh\\n/usr/bin/abuild -F \"\$@\"\\n" > /usr/local/bin/abuild \ + && printf "#!/bin/sh\\nSETFATTR=true /usr/bin/abuild -F \"\$@\"\\n" > /usr/local/bin/abuild \ && chmod +x /usr/local/bin/abuild \ && hg clone -r ${NGINX_VERSION}-${PKG_RELEASE} https://hg.nginx.org/pkg-oss/ \ && cd pkg-oss \ From f958fbacada447737319e979db45a1da49123142 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 6 Jul 2021 21:35:28 +0300 Subject: [PATCH 195/377] Updated nginx to 1.21.1 and njs to 0.6.1 on mainline builds. While at it, move mainline builds to alpine 3.14. --- mainline/alpine-perl/Dockerfile | 6 +++--- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 4 ++-- update.sh | 10 +++++----- 5 files changed, 15 insertions(+), 15 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 8bf36e07..943622fa 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,12 +3,12 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.13 +FROM alpine:3.14 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.0 -ENV NJS_VERSION 0.5.3 +ENV NGINX_VERSION 1.21.1 +ENV NJS_VERSION 0.6.1 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 96e351ce..d02e9262 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,12 +3,12 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.13 +FROM alpine:3.14 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.0 -ENV NJS_VERSION 0.5.3 +ENV NGINX_VERSION 1.21.1 +ENV NJS_VERSION 0.6.1 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 65007826..1e5ecd12 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -7,8 +7,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.0 -ENV NJS_VERSION 0.5.3 +ENV NGINX_VERSION 1.21.1 +ENV NJS_VERSION 0.6.1 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index cdeb9c8c..54ee2f1b 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.0 -ENV NJS_VERSION 0.5.3 +ENV NGINX_VERSION 1.21.1 +ENV NJS_VERSION 0.6.1 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/update.sh b/update.sh index f315d367..6dadf693 100755 --- a/update.sh +++ b/update.sh @@ -10,13 +10,13 @@ declare branches=( ) declare -A nginx=( - [mainline]='1.21.0' + [mainline]='1.21.1' [stable]='1.20.1' ) -defaultnjs='0.5.3' +defaultnjs='0.6.1' declare -A njs=( -# [stable]='0.4.4' + [stable]='0.5.3' ) defaultpkg='1' @@ -29,9 +29,9 @@ declare -A debian=( #[stable]='stretch' ) -defaultalpine='3.13' +defaultalpine='3.14' declare -A alpine=( -# [stable]='3.11' + [stable]='3.13' ) # When we bump njs version in a stable release we don't move the tag in the From 75bc83e409e7ad1e93f65600374319e835442996 Mon Sep 17 00:00:00 2001 From: Chotow Date: Mon, 6 Sep 2021 10:17:28 +0800 Subject: [PATCH 196/377] Updated nginx to 1.21.2 and njs to 0.6.2 on mainline builds. --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 4 ++-- update.sh | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 943622fa..af8a6629 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.14 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.1 -ENV NJS_VERSION 0.6.1 +ENV NGINX_VERSION 1.21.2 +ENV NJS_VERSION 0.6.2 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index d02e9262..99f7cbaf 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.14 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.1 -ENV NJS_VERSION 0.6.1 +ENV NGINX_VERSION 1.21.2 +ENV NJS_VERSION 0.6.2 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 1e5ecd12..d4e42550 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -7,8 +7,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.1 -ENV NJS_VERSION 0.6.1 +ENV NGINX_VERSION 1.21.2 +ENV NJS_VERSION 0.6.2 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 54ee2f1b..892bf708 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.1 -ENV NJS_VERSION 0.6.1 +ENV NGINX_VERSION 1.21.2 +ENV NJS_VERSION 0.6.2 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/update.sh b/update.sh index 6dadf693..7aab54f3 100755 --- a/update.sh +++ b/update.sh @@ -10,11 +10,11 @@ declare branches=( ) declare -A nginx=( - [mainline]='1.21.1' + [mainline]='1.21.2' [stable]='1.20.1' ) -defaultnjs='0.6.1' +defaultnjs='0.6.2' declare -A njs=( [stable]='0.5.3' ) From d496baf859613adfe391ca8e7615cc7ec7966621 Mon Sep 17 00:00:00 2001 From: Elouan Martinet Date: Tue, 7 Sep 2021 19:06:10 +0200 Subject: [PATCH 197/377] Updated nginx mainline to 1.21.3 Signed-off-by: Elouan Martinet --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 2 +- update.sh | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index af8a6629..146f48b4 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.14 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.2 +ENV NGINX_VERSION 1.21.3 ENV NJS_VERSION 0.6.2 ENV PKG_RELEASE 1 diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 99f7cbaf..73fd3ca1 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.14 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.2 +ENV NGINX_VERSION 1.21.3 ENV NJS_VERSION 0.6.2 ENV PKG_RELEASE 1 diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index d4e42550..4e091fc2 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -7,7 +7,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.2 +ENV NGINX_VERSION 1.21.3 ENV NJS_VERSION 0.6.2 ENV PKG_RELEASE 1~buster diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 892bf708..5fce21d0 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,7 +7,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.2 +ENV NGINX_VERSION 1.21.3 ENV NJS_VERSION 0.6.2 ENV PKG_RELEASE 1~buster diff --git a/update.sh b/update.sh index 7aab54f3..46c5e4d4 100755 --- a/update.sh +++ b/update.sh @@ -10,7 +10,7 @@ declare branches=( ) declare -A nginx=( - [mainline]='1.21.2' + [mainline]='1.21.3' [stable]='1.20.1' ) From abc9db01fe510de05efb3fda49015a236089cf82 Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Mon, 20 Sep 2021 13:00:51 -0700 Subject: [PATCH 198/377] Update mainline base image to Debian Bullseye --- mainline/debian-perl/Dockerfile | 8 ++++---- mainline/debian/Dockerfile | 8 ++++---- update.sh | 4 ++-- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 4e091fc2..e67c1c04 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,13 +3,13 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM debian:buster-slim +FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.21.3 ENV NJS_VERSION 0.6.2 -ENV PKG_RELEASE 1~buster +ENV PKG_RELEASE 1~bullseye RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -43,13 +43,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|i386|arm64) \ # arches officialy built by upstream - echo "deb https://nginx.org/packages/mainline/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/mainline/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 5fce21d0..695b6640 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -3,13 +3,13 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM debian:buster-slim +FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.21.3 ENV NJS_VERSION 0.6.2 -ENV PKG_RELEASE 1~buster +ENV PKG_RELEASE 1~bullseye RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -42,13 +42,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|i386|arm64) \ # arches officialy built by upstream - echo "deb https://nginx.org/packages/mainline/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/mainline/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ diff --git a/update.sh b/update.sh index 46c5e4d4..7a28b114 100755 --- a/update.sh +++ b/update.sh @@ -24,9 +24,9 @@ declare -A pkg=( # [stable]=2 ) -defaultdebian='buster' +defaultdebian='bullseye' declare -A debian=( - #[stable]='stretch' + [stable]='buster' ) defaultalpine='3.14' From 4afdc5e1ce43df1e2acba6950f41d28c0ec23768 Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Tue, 21 Sep 2021 08:39:37 -0700 Subject: [PATCH 199/377] Lint update.sh --- update.sh | 52 ++++++++++++++++++++++++++++++---------------------- 1 file changed, 30 insertions(+), 22 deletions(-) diff --git a/update.sh b/update.sh index 7a28b114..4aa0dc89 100755 --- a/update.sh +++ b/update.sh @@ -21,12 +21,12 @@ declare -A njs=( defaultpkg='1' declare -A pkg=( -# [stable]=2 + # [stable]=2 ) defaultdebian='bullseye' declare -A debian=( - [stable]='buster' + [stable]='buster' ) defaultalpine='3.14' @@ -43,26 +43,28 @@ declare -A rev=( ) get_packages() { - local distro="$1"; shift; - local branch="$1"; shift; + local distro="$1" + shift + local branch="$1" + shift local perl= local r= local sep= case "$distro:$branch" in - alpine*:*) - r="r" - sep="." - ;; - debian*:*) - sep="+" - ;; + alpine*:*) + r="r" + sep="." + ;; + debian*:*) + sep="+" + ;; esac case "$distro" in - *-perl) - perl="nginx-module-perl" - ;; + *-perl) + perl="nginx-module-perl" + ;; esac echo -n ' \\\n' @@ -75,8 +77,10 @@ get_packages() { } get_packagerepo() { - local distro="${1%-perl}"; shift; - local branch="$1"; shift; + local distro="${1%-perl}" + shift + local branch="$1" + shift [ "$branch" = "mainline" ] && branch="$branch/" || branch="" @@ -84,8 +88,10 @@ get_packagerepo() { } get_packagever() { - local distro="${1%-perl}"; shift; - local branch="$1"; shift; + local distro="${1%-perl}" + shift + local branch="$1" + shift local suffix= [ "${distro}" = "debian" ] && suffix="~${debianver}" @@ -94,7 +100,7 @@ get_packagever() { } generated_warning() { - cat << __EOF__ + cat <<__EOF__ # # NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" # @@ -106,8 +112,7 @@ __EOF__ for branch in "${branches[@]}"; do for variant in \ alpine{,-perl} \ - debian{,-perl} \ - ; do + debian{,-perl}; do echo "$branch: $variant" dir="$branch/$variant" variant="$(basename "$variant")" @@ -115,7 +120,10 @@ for branch in "${branches[@]}"; do [ -d "$dir" ] || continue template="Dockerfile-${variant%-perl}.template" - { generated_warning; cat "$template"; } > "$dir/Dockerfile" + { + generated_warning + cat "$template" + } >"$dir/Dockerfile" debianver="${debian[$branch]:-$defaultdebian}" alpinever="${alpine[$branch]:-$defaultalpine}" From 7be6b74faf374da3018e7c28f9926abe9e8a3bbc Mon Sep 17 00:00:00 2001 From: Robert Heim Date: Wed, 20 Oct 2021 12:26:15 +0200 Subject: [PATCH 200/377] Fix typo --- modules/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/README.md b/modules/README.md index f558e34a..d5091a0c 100644 --- a/modules/README.md +++ b/modules/README.md @@ -2,7 +2,7 @@ It's possible to extend a mainline image with third-party modules either from your own instuctions following a simple filesystem layout/syntax using -`build_module.sh` helper script, or failing back to package sources from +`build_module.sh` helper script, or falling back to package sources from [pkg-oss](https://hg.nginx.org/pkg-oss). ## Usage From 328e0f36eae92571465bdd3d268762d2445118f7 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 22 Oct 2021 12:45:58 +0300 Subject: [PATCH 201/377] Alpine: don't depend on mercurial to fetch packaging sources. Alpine doesnt ship mercurial package on x86. --- Dockerfile-alpine.template | 7 +++---- update.sh | 2 +- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index a9eb066e..c4af94f9 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -50,16 +50,15 @@ RUN set -x \ geoip-dev \ perl-dev \ libedit-dev \ - mercurial \ bash \ alpine-sdk \ findutils \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && hg clone https://hg.nginx.org/pkg-oss \ - && cd pkg-oss \ - && hg up %%REVISION%% \ + && curl -O https://hg.nginx.org/pkg-oss/archive/%%REVISION%%.tar.gz \ + && tar xzvf %%REVISION%%.tar.gz \ + && cd pkg-oss-%%REVISION%% \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/update.sh b/update.sh index 4aa0dc89..5f870f50 100755 --- a/update.sh +++ b/update.sh @@ -39,7 +39,7 @@ declare -A alpine=( # when building alpine packages on architectures not supported by nginx.org defaultrev='${NGINX_VERSION}-${PKG_RELEASE}' declare -A rev=( - #[stable]='-r 500' + #[stable]='500' ) get_packages() { From 2decc81a019b5df087c9162d3621b1c9beb3104f Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Tue, 2 Nov 2021 11:36:14 -0700 Subject: [PATCH 202/377] Update nginx mainline to 1.21.4, njs to 0.7.0 --- mainline/alpine-perl/Dockerfile | 11 +++++------ mainline/alpine/Dockerfile | 11 +++++------ mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 4 ++-- stable/alpine-perl/Dockerfile | 7 +++---- stable/alpine/Dockerfile | 7 +++---- update.sh | 4 ++-- 7 files changed, 22 insertions(+), 26 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 146f48b4..494548f3 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.14 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.3 -ENV NJS_VERSION 0.6.2 +ENV NGINX_VERSION 1.21.4 +ENV NJS_VERSION 0.7.0 ENV PKG_RELEASE 1 RUN set -x \ @@ -61,16 +61,15 @@ RUN set -x \ geoip-dev \ perl-dev \ libedit-dev \ - mercurial \ bash \ alpine-sdk \ findutils \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && hg clone https://hg.nginx.org/pkg-oss \ - && cd pkg-oss \ - && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ + && curl -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 73fd3ca1..087cb73d 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.14 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.3 -ENV NJS_VERSION 0.6.2 +ENV NGINX_VERSION 1.21.4 +ENV NJS_VERSION 0.7.0 ENV PKG_RELEASE 1 RUN set -x \ @@ -60,16 +60,15 @@ RUN set -x \ geoip-dev \ perl-dev \ libedit-dev \ - mercurial \ bash \ alpine-sdk \ findutils \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && hg clone https://hg.nginx.org/pkg-oss \ - && cd pkg-oss \ - && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ + && curl -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index e67c1c04..6b0e8279 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.3 -ENV NJS_VERSION 0.6.2 +ENV NGINX_VERSION 1.21.4 +ENV NJS_VERSION 0.7.0 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 695b6640..973102a6 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.3 -ENV NJS_VERSION 0.6.2 +ENV NGINX_VERSION 1.21.4 +ENV NJS_VERSION 0.7.0 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index f2ca2278..4bea3a8c 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -61,16 +61,15 @@ RUN set -x \ geoip-dev \ perl-dev \ libedit-dev \ - mercurial \ bash \ alpine-sdk \ findutils \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && hg clone https://hg.nginx.org/pkg-oss \ - && cd pkg-oss \ - && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ + && curl -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index f6bd08fe..6d74c648 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -60,16 +60,15 @@ RUN set -x \ geoip-dev \ perl-dev \ libedit-dev \ - mercurial \ bash \ alpine-sdk \ findutils \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && hg clone https://hg.nginx.org/pkg-oss \ - && cd pkg-oss \ - && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ + && curl -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/update.sh b/update.sh index 5f870f50..377e4b8d 100755 --- a/update.sh +++ b/update.sh @@ -10,11 +10,11 @@ declare branches=( ) declare -A nginx=( - [mainline]='1.21.3' + [mainline]='1.21.4' [stable]='1.20.1' ) -defaultnjs='0.6.2' +defaultnjs='0.7.0' declare -A njs=( [stable]='0.5.3' ) From 9fcda7c150d0a6d360a969b81092ae9962585d2d Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 9 Nov 2021 14:33:52 +0300 Subject: [PATCH 203/377] Alpine: verify the checksum of pkg-oss tarball --- Dockerfile-alpine.template | 15 ++++++++++--- mainline/alpine-perl/Dockerfile | 15 ++++++++++--- mainline/alpine/Dockerfile | 15 ++++++++++--- stable/alpine-perl/Dockerfile | 15 ++++++++++--- stable/alpine/Dockerfile | 15 ++++++++++--- update.sh | 40 +++++++++++++++++++++++---------- 6 files changed, 88 insertions(+), 27 deletions(-) diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index c4af94f9..33d35f5c 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -13,13 +13,14 @@ RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages="%%PACKAGES%% " \ +# install prerequisites for public key and pkg-oss checks + && apk add --no-cache --virtual .checksum-deps \ + openssl \ && case "$apkArch" in \ x86_64|aarch64) \ # arches officially built by upstream set -x \ && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ - && apk add --no-cache --virtual .cert-deps \ - openssl \ && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ echo "key verification succeeded!"; \ @@ -28,7 +29,6 @@ RUN set -x \ echo "key verification failed!"; \ exit 1; \ fi \ - && apk del .cert-deps \ && apk add -X "%%PACKAGEREPO%%v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ @@ -57,6 +57,13 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -O https://hg.nginx.org/pkg-oss/archive/%%REVISION%%.tar.gz \ + && PKGOSSCHECKSUM=\"%%PKGOSSCHECKSUM%% *%%REVISION%%.tar.gz\" \ + && if [ \"\$(openssl sha512 -r %%REVISION%%.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + echo \"pkg-oss tarball checksum verification succeeded!\"; \ + else \ + echo \"pkg-oss tarball checksum verification failed!\"; \ + exit 1; \ + fi \ && tar xzvf %%REVISION%%.tar.gz \ && cd pkg-oss-%%REVISION%% \ && cd alpine \ @@ -69,6 +76,8 @@ RUN set -x \ && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ +# remove checksum deps + && apk del .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 494548f3..f4e2aec4 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -24,13 +24,14 @@ RUN set -x \ nginx-module-perl=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ " \ +# install prerequisites for public key and pkg-oss checks + && apk add --no-cache --virtual .checksum-deps \ + openssl \ && case "$apkArch" in \ x86_64|aarch64) \ # arches officially built by upstream set -x \ && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ - && apk add --no-cache --virtual .cert-deps \ - openssl \ && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ echo "key verification succeeded!"; \ @@ -39,7 +40,6 @@ RUN set -x \ echo "key verification failed!"; \ exit 1; \ fi \ - && apk del .cert-deps \ && apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ @@ -68,6 +68,13 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"f917c27702aa89cda46878fc80d446839c592c43ce7f251b3f4ced60c7033d34496a92d283927225d458cbc4f2f89499e7fb16344923317cd7725ad722eaf93e *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + echo \"pkg-oss tarball checksum verification succeeded!\"; \ + else \ + echo \"pkg-oss tarball checksum verification failed!\"; \ + exit 1; \ + fi \ && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ @@ -80,6 +87,8 @@ RUN set -x \ && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ +# remove checksum deps + && apk del .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 087cb73d..735c1c03 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -23,13 +23,14 @@ RUN set -x \ nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ " \ +# install prerequisites for public key and pkg-oss checks + && apk add --no-cache --virtual .checksum-deps \ + openssl \ && case "$apkArch" in \ x86_64|aarch64) \ # arches officially built by upstream set -x \ && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ - && apk add --no-cache --virtual .cert-deps \ - openssl \ && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ echo "key verification succeeded!"; \ @@ -38,7 +39,6 @@ RUN set -x \ echo "key verification failed!"; \ exit 1; \ fi \ - && apk del .cert-deps \ && apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ @@ -67,6 +67,13 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"f917c27702aa89cda46878fc80d446839c592c43ce7f251b3f4ced60c7033d34496a92d283927225d458cbc4f2f89499e7fb16344923317cd7725ad722eaf93e *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + echo \"pkg-oss tarball checksum verification succeeded!\"; \ + else \ + echo \"pkg-oss tarball checksum verification failed!\"; \ + exit 1; \ + fi \ && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ @@ -79,6 +86,8 @@ RUN set -x \ && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ +# remove checksum deps + && apk del .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 4bea3a8c..2ddc18ae 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -24,13 +24,14 @@ RUN set -x \ nginx-module-perl=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ " \ +# install prerequisites for public key and pkg-oss checks + && apk add --no-cache --virtual .checksum-deps \ + openssl \ && case "$apkArch" in \ x86_64|aarch64) \ # arches officially built by upstream set -x \ && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ - && apk add --no-cache --virtual .cert-deps \ - openssl \ && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ echo "key verification succeeded!"; \ @@ -39,7 +40,6 @@ RUN set -x \ echo "key verification failed!"; \ exit 1; \ fi \ - && apk del .cert-deps \ && apk add -X "https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ @@ -68,6 +68,13 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"024718988028320b587f03989b76facff6ba899d9bbb36eeb6564fc2569fc32021427fd35ad24a23d7cec63813227ff2f73c953bbb71786a2d3308e65efaf0b1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + echo \"pkg-oss tarball checksum verification succeeded!\"; \ + else \ + echo \"pkg-oss tarball checksum verification failed!\"; \ + exit 1; \ + fi \ && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ @@ -80,6 +87,8 @@ RUN set -x \ && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ +# remove checksum deps + && apk del .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 6d74c648..e3a0afb9 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -23,13 +23,14 @@ RUN set -x \ nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ " \ +# install prerequisites for public key and pkg-oss checks + && apk add --no-cache --virtual .checksum-deps \ + openssl \ && case "$apkArch" in \ x86_64|aarch64) \ # arches officially built by upstream set -x \ && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ - && apk add --no-cache --virtual .cert-deps \ - openssl \ && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ echo "key verification succeeded!"; \ @@ -38,7 +39,6 @@ RUN set -x \ echo "key verification failed!"; \ exit 1; \ fi \ - && apk del .cert-deps \ && apk add -X "https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ @@ -67,6 +67,13 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"024718988028320b587f03989b76facff6ba899d9bbb36eeb6564fc2569fc32021427fd35ad24a23d7cec63813227ff2f73c953bbb71786a2d3308e65efaf0b1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + echo \"pkg-oss tarball checksum verification succeeded!\"; \ + else \ + echo \"pkg-oss tarball checksum verification failed!\"; \ + exit 1; \ + fi \ && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ @@ -79,6 +86,8 @@ RUN set -x \ && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ +# remove checksum deps + && apk del .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ diff --git a/update.sh b/update.sh index 377e4b8d..c549a308 100755 --- a/update.sh +++ b/update.sh @@ -9,39 +9,54 @@ declare branches=( "mainline" ) +# Current nginx versions +# Remember to update pkgosschecksum when changing this. declare -A nginx=( [mainline]='1.21.4' [stable]='1.20.1' ) -defaultnjs='0.7.0' +# Current njs versions declare -A njs=( + [mainline]='0.7.0' [stable]='0.5.3' ) -defaultpkg='1' +# Current package patchlevel version +# Remember to update pkgosschecksum when changing this. declare -A pkg=( - # [stable]=2 + [mainline]=1 + [stable]=1 ) -defaultdebian='bullseye' declare -A debian=( + [mainline]='bullseye' [stable]='buster' ) -defaultalpine='3.14' declare -A alpine=( + [mainline]='3.14' [stable]='3.13' ) # When we bump njs version in a stable release we don't move the tag in the # mercurial repo. This setting allows us to specify a revision to check out # when building alpine packages on architectures not supported by nginx.org -defaultrev='${NGINX_VERSION}-${PKG_RELEASE}' +# Remember to update pkgosschecksum when changing this. declare -A rev=( + [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' + [stable]='${NGINX_VERSION}-${PKG_RELEASE}' #[stable]='500' ) +# Holds SHA512 checksum for the pkg-oss tarball produced by source code +# revision/tag in the previous block +# Used in alpine builds for architectures not packaged by nginx.org +declare -A pkgosschecksum=( + [mainline]='f917c27702aa89cda46878fc80d446839c592c43ce7f251b3f4ced60c7033d34496a92d283927225d458cbc4f2f89499e7fb16344923317cd7725ad722eaf93e' + [stable]='024718988028320b587f03989b76facff6ba899d9bbb36eeb6564fc2569fc32021427fd35ad24a23d7cec63813227ff2f73c953bbb71786a2d3308e65efaf0b1' +) + get_packages() { local distro="$1" shift @@ -96,7 +111,7 @@ get_packagever() { [ "${distro}" = "debian" ] && suffix="~${debianver}" - echo ${pkg[$branch]:-$defaultpkg}${suffix} + echo ${pkg[$branch]}${suffix} } generated_warning() { @@ -125,12 +140,12 @@ for branch in "${branches[@]}"; do cat "$template" } >"$dir/Dockerfile" - debianver="${debian[$branch]:-$defaultdebian}" - alpinever="${alpine[$branch]:-$defaultalpine}" + debianver="${debian[$branch]}" + alpinever="${alpine[$branch]}" nginxver="${nginx[$branch]}" - njsver="${njs[${branch}]:-$defaultnjs}" - pkgver="${pkg[${branch}]:-$defaultpkg}" - revver="${rev[${branch}]:-$defaultrev}" + njsver="${njs[${branch}]}" + revver="${rev[${branch}]}" + pkgosschecksumver="${pkgosschecksum[${branch}]}" packagerepo=$(get_packagerepo "$variant" "$branch") packages=$(get_packages "$variant" "$branch") @@ -145,6 +160,7 @@ for branch in "${branches[@]}"; do -e 's,%%PACKAGES%%,'"$packages"',' \ -e 's,%%PACKAGEREPO%%,'"$packagerepo"',' \ -e 's,%%REVISION%%,'"$revver"',' \ + -e 's,%%PKGOSSCHECKSUM%%,'"$pkgosschecksumver"',' \ "$dir/Dockerfile" cp -a entrypoint/*.sh "$dir/" From 57f73af83954482c647ac32724a5408bcfc1e7fd Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 9 Nov 2021 14:59:13 +0300 Subject: [PATCH 204/377] Made curl fail on non-200 responses. --- Dockerfile-alpine.template | 2 +- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 33d35f5c..514be0d3 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -56,7 +56,7 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -O https://hg.nginx.org/pkg-oss/archive/%%REVISION%%.tar.gz \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/%%REVISION%%.tar.gz \ && PKGOSSCHECKSUM=\"%%PKGOSSCHECKSUM%% *%%REVISION%%.tar.gz\" \ && if [ \"\$(openssl sha512 -r %%REVISION%%.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index f4e2aec4..f03d524a 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -67,7 +67,7 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ && PKGOSSCHECKSUM=\"f917c27702aa89cda46878fc80d446839c592c43ce7f251b3f4ced60c7033d34496a92d283927225d458cbc4f2f89499e7fb16344923317cd7725ad722eaf93e *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 735c1c03..210fc45a 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -66,7 +66,7 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ && PKGOSSCHECKSUM=\"f917c27702aa89cda46878fc80d446839c592c43ce7f251b3f4ced60c7033d34496a92d283927225d458cbc4f2f89499e7fb16344923317cd7725ad722eaf93e *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 2ddc18ae..bf2c9d1c 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -67,7 +67,7 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ && PKGOSSCHECKSUM=\"024718988028320b587f03989b76facff6ba899d9bbb36eeb6564fc2569fc32021427fd35ad24a23d7cec63813227ff2f73c953bbb71786a2d3308e65efaf0b1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index e3a0afb9..3b5060ad 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -66,7 +66,7 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ && PKGOSSCHECKSUM=\"024718988028320b587f03989b76facff6ba899d9bbb36eeb6564fc2569fc32021427fd35ad24a23d7cec63813227ff2f73c953bbb71786a2d3308e65efaf0b1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ From fe1fff5d3d1d980e6d1cb3cad3082c24b1deb5ce Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Wed, 10 Nov 2021 19:35:15 -0800 Subject: [PATCH 205/377] Remove i386 from packages built by upstream for Debian --- Dockerfile-debian.template | 2 +- mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 91b7cf78..c6cfb325 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -30,7 +30,7 @@ RUN set -x \ && nginxPackages="%%PACKAGES%% " \ && case "$dpkgArch" in \ - amd64|i386|arm64) \ + amd64|arm64) \ # arches officialy built by upstream echo "deb %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 6b0e8279..36cdae69 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -41,7 +41,7 @@ RUN set -x \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ - amd64|i386|arm64) \ + amd64|arm64) \ # arches officialy built by upstream echo "deb https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 973102a6..93e9629d 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -40,7 +40,7 @@ RUN set -x \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ - amd64|i386|arm64) \ + amd64|arm64) \ # arches officialy built by upstream echo "deb https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ From ef8e9912a2de9b51ce9d1f79a5c047eb48b05fc1 Mon Sep 17 00:00:00 2001 From: PM Extra Date: Thu, 11 Nov 2021 17:51:02 +0800 Subject: [PATCH 206/377] Remove deprecated sks-keyservers for debian. --- Dockerfile-debian.template | 2 -- mainline/debian-perl/Dockerfile | 2 -- mainline/debian/Dockerfile | 2 -- stable/debian-perl/Dockerfile | 2 -- stable/debian/Dockerfile | 2 -- 5 files changed, 10 deletions(-) diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index c6cfb325..8c7bf16f 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -16,9 +16,7 @@ RUN set -x \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ found=''; \ for server in \ - ha.pool.sks-keyservers.net \ hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 36cdae69..13bca04f 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -21,9 +21,7 @@ RUN set -x \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ found=''; \ for server in \ - ha.pool.sks-keyservers.net \ hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 93e9629d..3deb3b53 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -21,9 +21,7 @@ RUN set -x \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ found=''; \ for server in \ - ha.pool.sks-keyservers.net \ hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 6d5fd1a4..05d2148a 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -21,9 +21,7 @@ RUN set -x \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ found=''; \ for server in \ - ha.pool.sks-keyservers.net \ hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 40b4d9ac..d4fa56bd 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -21,9 +21,7 @@ RUN set -x \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ found=''; \ for server in \ - ha.pool.sks-keyservers.net \ hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ From 09a63857ebffd270968d675544b7d5f6c1f303ea Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 15 Nov 2021 15:35:34 +0300 Subject: [PATCH 207/377] Moved stable nginx builds to Debian 11 "Bullseye" and Alpine Linux 3.14. --- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- stable/debian-perl/Dockerfile | 8 ++++---- stable/debian/Dockerfile | 8 ++++---- update.sh | 4 ++-- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index bf2c9d1c..1600f118 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.13 +FROM alpine:3.14 LABEL maintainer="NGINX Docker Maintainers " diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 3b5060ad..d2144417 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.13 +FROM alpine:3.14 LABEL maintainer="NGINX Docker Maintainers " diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 05d2148a..2f0c5e59 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -3,13 +3,13 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM debian:buster-slim +FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.20.1 ENV NJS_VERSION 0.5.3 -ENV PKG_RELEASE 1~buster +ENV PKG_RELEASE 1~bullseye RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -41,13 +41,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|i386|arm64) \ # arches officialy built by upstream - echo "deb https://nginx.org/packages/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index d4fa56bd..577e76ef 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -3,13 +3,13 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM debian:buster-slim +FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.20.1 ENV NJS_VERSION 0.5.3 -ENV PKG_RELEASE 1~buster +ENV PKG_RELEASE 1~bullseye RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -40,13 +40,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|i386|arm64) \ # arches officialy built by upstream - echo "deb https://nginx.org/packages/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ diff --git a/update.sh b/update.sh index c549a308..98f25c26 100755 --- a/update.sh +++ b/update.sh @@ -31,12 +31,12 @@ declare -A pkg=( declare -A debian=( [mainline]='bullseye' - [stable]='buster' + [stable]='bullseye' ) declare -A alpine=( [mainline]='3.14' - [stable]='3.13' + [stable]='3.14' ) # When we bump njs version in a stable release we don't move the tag in the From b0e153a1b644ca8b2bd378b14913fff316e07cf2 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 16 Nov 2021 18:56:21 +0300 Subject: [PATCH 208/377] Updated stable nginx to 1.20.2 and njs to 0.7.0. --- stable/alpine-perl/Dockerfile | 6 +++--- stable/alpine/Dockerfile | 6 +++--- stable/debian-perl/Dockerfile | 6 +++--- stable/debian/Dockerfile | 6 +++--- update.sh | 6 +++--- 5 files changed, 15 insertions(+), 15 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 1600f118..7ea9d174 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.14 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.20.1 -ENV NJS_VERSION 0.5.3 +ENV NGINX_VERSION 1.20.2 +ENV NJS_VERSION 0.7.0 ENV PKG_RELEASE 1 RUN set -x \ @@ -68,7 +68,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"024718988028320b587f03989b76facff6ba899d9bbb36eeb6564fc2569fc32021427fd35ad24a23d7cec63813227ff2f73c953bbb71786a2d3308e65efaf0b1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"af6e7eb25594dffe2903358f7a2c5c956f5b67b8df3f4e8237c30b63e50ce28e6eada3ed453687409beef8f3afa8f551cb20df2f06bd5e235eb66df212ece2ed *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index d2144417..6c09b751 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.14 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.20.1 -ENV NJS_VERSION 0.5.3 +ENV NGINX_VERSION 1.20.2 +ENV NJS_VERSION 0.7.0 ENV PKG_RELEASE 1 RUN set -x \ @@ -67,7 +67,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"024718988028320b587f03989b76facff6ba899d9bbb36eeb6564fc2569fc32021427fd35ad24a23d7cec63813227ff2f73c953bbb71786a2d3308e65efaf0b1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"af6e7eb25594dffe2903358f7a2c5c956f5b67b8df3f4e8237c30b63e50ce28e6eada3ed453687409beef8f3afa8f551cb20df2f06bd5e235eb66df212ece2ed *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 2f0c5e59..ef7fe8b9 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.20.1 -ENV NJS_VERSION 0.5.3 +ENV NGINX_VERSION 1.20.2 +ENV NJS_VERSION 0.7.0 ENV PKG_RELEASE 1~bullseye RUN set -x \ @@ -39,7 +39,7 @@ RUN set -x \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ - amd64|i386|arm64) \ + amd64|arm64) \ # arches officialy built by upstream echo "deb https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 577e76ef..de83d24b 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.20.1 -ENV NJS_VERSION 0.5.3 +ENV NGINX_VERSION 1.20.2 +ENV NJS_VERSION 0.7.0 ENV PKG_RELEASE 1~bullseye RUN set -x \ @@ -38,7 +38,7 @@ RUN set -x \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ - amd64|i386|arm64) \ + amd64|arm64) \ # arches officialy built by upstream echo "deb https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ diff --git a/update.sh b/update.sh index 98f25c26..1fec82f1 100755 --- a/update.sh +++ b/update.sh @@ -13,13 +13,13 @@ declare branches=( # Remember to update pkgosschecksum when changing this. declare -A nginx=( [mainline]='1.21.4' - [stable]='1.20.1' + [stable]='1.20.2' ) # Current njs versions declare -A njs=( [mainline]='0.7.0' - [stable]='0.5.3' + [stable]='0.7.0' ) # Current package patchlevel version @@ -54,7 +54,7 @@ declare -A rev=( # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( [mainline]='f917c27702aa89cda46878fc80d446839c592c43ce7f251b3f4ced60c7033d34496a92d283927225d458cbc4f2f89499e7fb16344923317cd7725ad722eaf93e' - [stable]='024718988028320b587f03989b76facff6ba899d9bbb36eeb6564fc2569fc32021427fd35ad24a23d7cec63813227ff2f73c953bbb71786a2d3308e65efaf0b1' + [stable]='af6e7eb25594dffe2903358f7a2c5c956f5b67b8df3f4e8237c30b63e50ce28e6eada3ed453687409beef8f3afa8f551cb20df2f06bd5e235eb66df212ece2ed' ) get_packages() { From 930c2e26dee0aceca03c9ca7c5686d6c43b26526 Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Mon, 29 Nov 2021 19:46:20 -0800 Subject: [PATCH 209/377] Update mainline base image to Alpine 3.15 --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- update.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index f03d524a..3603d751 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.14 +FROM alpine:3.15 LABEL maintainer="NGINX Docker Maintainers " diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 210fc45a..8065a49c 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.14 +FROM alpine:3.15 LABEL maintainer="NGINX Docker Maintainers " diff --git a/update.sh b/update.sh index 1fec82f1..f10fceda 100755 --- a/update.sh +++ b/update.sh @@ -35,7 +35,7 @@ declare -A debian=( ) declare -A alpine=( - [mainline]='3.14' + [mainline]='3.15' [stable]='3.14' ) From d07b71be964b53184d829dfd00e2eaa51e4e6ecf Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 24 Dec 2021 16:44:35 +0300 Subject: [PATCH 210/377] Changed build dependencies to pcre2 --- Dockerfile-alpine.template | 2 +- modules/Dockerfile.alpine | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 514be0d3..909323d8 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -42,7 +42,7 @@ RUN set -x \ libc-dev \ make \ openssl-dev \ - pcre-dev \ + pcre2-dev \ zlib-dev \ linux-headers \ libxslt-dev \ diff --git a/modules/Dockerfile.alpine b/modules/Dockerfile.alpine index c154363e..d575d5d9 100644 --- a/modules/Dockerfile.alpine +++ b/modules/Dockerfile.alpine @@ -12,7 +12,7 @@ COPY ./ /modules/ RUN set -ex \ && apk update \ - && apk add linux-headers openssl-dev pcre-dev zlib-dev openssl abuild \ + && apk add linux-headers openssl-dev pcre2-dev zlib-dev openssl abuild \ musl-dev libxslt libxml2-utils make mercurial gcc unzip git \ xz g++ coreutils \ # allow abuild as a root user \ From 3a7105159a6c743188cb1c61e4186a9a59c025db Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Tue, 28 Dec 2021 17:19:58 -0800 Subject: [PATCH 211/377] Update nginx mainline to 1.21.5, njs to 0.7.1 --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 4 ++-- update.sh | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 3603d751..17baacc8 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.15 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.4 -ENV NJS_VERSION 0.7.0 +ENV NGINX_VERSION 1.21.5 +ENV NJS_VERSION 0.7.1 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 8065a49c..ef58e272 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.15 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.4 -ENV NJS_VERSION 0.7.0 +ENV NGINX_VERSION 1.21.5 +ENV NJS_VERSION 0.7.1 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 13bca04f..17825ab0 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.4 -ENV NJS_VERSION 0.7.0 +ENV NGINX_VERSION 1.21.5 +ENV NJS_VERSION 0.7.1 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 3deb3b53..4abb749e 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.4 -ENV NJS_VERSION 0.7.0 +ENV NGINX_VERSION 1.21.5 +ENV NJS_VERSION 0.7.1 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/update.sh b/update.sh index f10fceda..13820a77 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.21.4' + [mainline]='1.21.5' [stable]='1.20.2' ) # Current njs versions declare -A njs=( - [mainline]='0.7.0' + [mainline]='0.7.1' [stable]='0.7.0' ) From 5caf453cf8a3d3305b9054525bc213462a49ddc1 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 29 Dec 2021 12:46:57 +0300 Subject: [PATCH 212/377] Updated the pkg-oss tarball checksum. --- update.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/update.sh b/update.sh index 13820a77..4c961bee 100755 --- a/update.sh +++ b/update.sh @@ -53,7 +53,7 @@ declare -A rev=( # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='f917c27702aa89cda46878fc80d446839c592c43ce7f251b3f4ced60c7033d34496a92d283927225d458cbc4f2f89499e7fb16344923317cd7725ad722eaf93e' + [mainline]='b0ed109a820a2e8921f313d653032b8e70d3020138d634039ebb9194dc3968493f6eb4d85bdbf18d2aea7229deddb98ca0f1d9825defcc5af45f68ee37845232' [stable]='af6e7eb25594dffe2903358f7a2c5c956f5b67b8df3f4e8237c30b63e50ce28e6eada3ed453687409beef8f3afa8f551cb20df2f06bd5e235eb66df212ece2ed' ) From 01561128671d4e33c039a654fe198c6259a2514c Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 29 Dec 2021 14:00:57 +0300 Subject: [PATCH 213/377] Updated mainline Dockerfiles to pick up latest changes. --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 17baacc8..bbb52e13 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -53,7 +53,7 @@ RUN set -x \ libc-dev \ make \ openssl-dev \ - pcre-dev \ + pcre2-dev \ zlib-dev \ linux-headers \ libxslt-dev \ @@ -68,7 +68,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"f917c27702aa89cda46878fc80d446839c592c43ce7f251b3f4ced60c7033d34496a92d283927225d458cbc4f2f89499e7fb16344923317cd7725ad722eaf93e *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"b0ed109a820a2e8921f313d653032b8e70d3020138d634039ebb9194dc3968493f6eb4d85bdbf18d2aea7229deddb98ca0f1d9825defcc5af45f68ee37845232 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index ef58e272..6d2144b0 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -52,7 +52,7 @@ RUN set -x \ libc-dev \ make \ openssl-dev \ - pcre-dev \ + pcre2-dev \ zlib-dev \ linux-headers \ libxslt-dev \ @@ -67,7 +67,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"f917c27702aa89cda46878fc80d446839c592c43ce7f251b3f4ced60c7033d34496a92d283927225d458cbc4f2f89499e7fb16344923317cd7725ad722eaf93e *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"b0ed109a820a2e8921f313d653032b8e70d3020138d634039ebb9194dc3968493f6eb4d85bdbf18d2aea7229deddb98ca0f1d9825defcc5af45f68ee37845232 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ From d660ee43cb10fae9eb916e048c72e488d2b25ee4 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 25 Jan 2022 11:02:13 +0300 Subject: [PATCH 214/377] Updated pkg-oss check sum (the tag was updated on hg.nginx.org). --- update.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/update.sh b/update.sh index 4c961bee..bae26118 100755 --- a/update.sh +++ b/update.sh @@ -53,7 +53,7 @@ declare -A rev=( # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='b0ed109a820a2e8921f313d653032b8e70d3020138d634039ebb9194dc3968493f6eb4d85bdbf18d2aea7229deddb98ca0f1d9825defcc5af45f68ee37845232' + [mainline]='01e788d3eed17f072aab2b17d5cb83879fea9a360027ae8dc279557d9b149462a363f31b3b672d07efef472fceeb0d1705e26f83376da4b34f4d7c7cf60960b0' [stable]='af6e7eb25594dffe2903358f7a2c5c956f5b67b8df3f4e8237c30b63e50ce28e6eada3ed453687409beef8f3afa8f551cb20df2f06bd5e235eb66df212ece2ed' ) From 135978e032a4db66ca6bde03978107102065f406 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 25 Jan 2022 11:04:35 +0300 Subject: [PATCH 215/377] Updated Dockerfiles. --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index bbb52e13..5d452cc8 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -68,7 +68,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"b0ed109a820a2e8921f313d653032b8e70d3020138d634039ebb9194dc3968493f6eb4d85bdbf18d2aea7229deddb98ca0f1d9825defcc5af45f68ee37845232 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"01e788d3eed17f072aab2b17d5cb83879fea9a360027ae8dc279557d9b149462a363f31b3b672d07efef472fceeb0d1705e26f83376da4b34f4d7c7cf60960b0 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 6d2144b0..f0dc3b58 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -67,7 +67,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"b0ed109a820a2e8921f313d653032b8e70d3020138d634039ebb9194dc3968493f6eb4d85bdbf18d2aea7229deddb98ca0f1d9825defcc5af45f68ee37845232 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"01e788d3eed17f072aab2b17d5cb83879fea9a360027ae8dc279557d9b149462a363f31b3b672d07efef472fceeb0d1705e26f83376da4b34f4d7c7cf60960b0 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ From 6f0396c1e06837672698bc97865ffcea9dc841d5 Mon Sep 17 00:00:00 2001 From: shmux8 <75251845+shmux8@users.noreply.github.com> Date: Tue, 25 Jan 2022 19:45:44 +0300 Subject: [PATCH 216/377] Update nginx mainline to 1.21.6, njs to 0.7.2 --- mainline/alpine-perl/Dockerfile | 6 +++--- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 4 ++-- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- update.sh | 6 +++--- 7 files changed, 15 insertions(+), 15 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 5d452cc8..2514aa09 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.15 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.5 -ENV NJS_VERSION 0.7.1 +ENV NGINX_VERSION 1.21.6 +ENV NJS_VERSION 0.7.2 ENV PKG_RELEASE 1 RUN set -x \ @@ -68,7 +68,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"01e788d3eed17f072aab2b17d5cb83879fea9a360027ae8dc279557d9b149462a363f31b3b672d07efef472fceeb0d1705e26f83376da4b34f4d7c7cf60960b0 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"29ec1c635da36b7727953544e1a20e9d75bd9d2050e063b9f81f88ca07bb7ea0b65cef46d0f3cb7134b38ce9b94ecada631619f233231845a3d8a16b6ad0db82 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index f0dc3b58..638da921 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.15 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.5 -ENV NJS_VERSION 0.7.1 +ENV NGINX_VERSION 1.21.6 +ENV NJS_VERSION 0.7.2 ENV PKG_RELEASE 1 RUN set -x \ @@ -67,7 +67,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"01e788d3eed17f072aab2b17d5cb83879fea9a360027ae8dc279557d9b149462a363f31b3b672d07efef472fceeb0d1705e26f83376da4b34f4d7c7cf60960b0 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"29ec1c635da36b7727953544e1a20e9d75bd9d2050e063b9f81f88ca07bb7ea0b65cef46d0f3cb7134b38ce9b94ecada631619f233231845a3d8a16b6ad0db82 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 17825ab0..28d2488f 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.5 -ENV NJS_VERSION 0.7.1 +ENV NGINX_VERSION 1.21.6 +ENV NJS_VERSION 0.7.2 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 4abb749e..a1afdde5 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.5 -ENV NJS_VERSION 0.7.1 +ENV NGINX_VERSION 1.21.6 +ENV NJS_VERSION 0.7.2 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 7ea9d174..b250e405 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -53,7 +53,7 @@ RUN set -x \ libc-dev \ make \ openssl-dev \ - pcre-dev \ + pcre2-dev \ zlib-dev \ linux-headers \ libxslt-dev \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 6c09b751..181e6a48 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -52,7 +52,7 @@ RUN set -x \ libc-dev \ make \ openssl-dev \ - pcre-dev \ + pcre2-dev \ zlib-dev \ linux-headers \ libxslt-dev \ diff --git a/update.sh b/update.sh index bae26118..f2486b69 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.21.5' + [mainline]='1.21.6' [stable]='1.20.2' ) # Current njs versions declare -A njs=( - [mainline]='0.7.1' + [mainline]='0.7.2' [stable]='0.7.0' ) @@ -53,7 +53,7 @@ declare -A rev=( # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='01e788d3eed17f072aab2b17d5cb83879fea9a360027ae8dc279557d9b149462a363f31b3b672d07efef472fceeb0d1705e26f83376da4b34f4d7c7cf60960b0' + [mainline]='29ec1c635da36b7727953544e1a20e9d75bd9d2050e063b9f81f88ca07bb7ea0b65cef46d0f3cb7134b38ce9b94ecada631619f233231845a3d8a16b6ad0db82' [stable]='af6e7eb25594dffe2903358f7a2c5c956f5b67b8df3f4e8237c30b63e50ce28e6eada3ed453687409beef8f3afa8f551cb20df2f06bd5e235eb66df212ece2ed' ) From 92973a30900b2ed881d208d10cadade34bbbab33 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 25 Jan 2022 19:59:53 +0300 Subject: [PATCH 217/377] Revert pcre2-related changes to the stable alpine images. stable doesnt support pcre2 yet. --- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index b250e405..7ea9d174 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -53,7 +53,7 @@ RUN set -x \ libc-dev \ make \ openssl-dev \ - pcre2-dev \ + pcre-dev \ zlib-dev \ linux-headers \ libxslt-dev \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 181e6a48..6c09b751 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -52,7 +52,7 @@ RUN set -x \ libc-dev \ make \ openssl-dev \ - pcre2-dev \ + pcre-dev \ zlib-dev \ linux-headers \ libxslt-dev \ From d039609e3a537df4e15a454fdb5a004d519e9a11 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 17 May 2022 10:31:53 +0400 Subject: [PATCH 218/377] Bump njs revisions for mainline and stable. --- mainline/alpine-perl/Dockerfile | 12 ++++++------ mainline/alpine/Dockerfile | 12 ++++++------ mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 12 ++++++------ stable/alpine/Dockerfile | 12 ++++++------ stable/debian-perl/Dockerfile | 2 +- stable/debian/Dockerfile | 2 +- update.sh | 13 ++++++------- 9 files changed, 34 insertions(+), 35 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 2514aa09..67a1df19 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -8,7 +8,7 @@ FROM alpine:3.15 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.21.6 -ENV NJS_VERSION 0.7.2 +ENV NJS_VERSION 0.7.3 ENV PKG_RELEASE 1 RUN set -x \ @@ -67,16 +67,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"29ec1c635da36b7727953544e1a20e9d75bd9d2050e063b9f81f88ca07bb7ea0b65cef46d0f3cb7134b38ce9b94ecada631619f233231845a3d8a16b6ad0db82 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/688.tar.gz \ + && PKGOSSCHECKSUM=\"a8ab6ff80ab67c6c9567a9103b52a42a5962e9c1bc7091b7710aaf553a3b484af61b0797dd9b048c518e371a6f69e34d474cfaaeaa116fd2824bffa1cd9d4718 *688.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 688.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 688.tar.gz \ + && cd pkg-oss-688 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 638da921..79a1e711 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -8,7 +8,7 @@ FROM alpine:3.15 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.21.6 -ENV NJS_VERSION 0.7.2 +ENV NJS_VERSION 0.7.3 ENV PKG_RELEASE 1 RUN set -x \ @@ -66,16 +66,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"29ec1c635da36b7727953544e1a20e9d75bd9d2050e063b9f81f88ca07bb7ea0b65cef46d0f3cb7134b38ce9b94ecada631619f233231845a3d8a16b6ad0db82 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/688.tar.gz \ + && PKGOSSCHECKSUM=\"a8ab6ff80ab67c6c9567a9103b52a42a5962e9c1bc7091b7710aaf553a3b484af61b0797dd9b048c518e371a6f69e34d474cfaaeaa116fd2824bffa1cd9d4718 *688.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 688.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 688.tar.gz \ + && cd pkg-oss-688 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 28d2488f..cbf01484 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.21.6 -ENV NJS_VERSION 0.7.2 +ENV NJS_VERSION 0.7.3 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index a1afdde5..82683a4d 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.21.6 -ENV NJS_VERSION 0.7.2 +ENV NJS_VERSION 0.7.3 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 7ea9d174..9bf4be3a 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -8,7 +8,7 @@ FROM alpine:3.14 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.20.2 -ENV NJS_VERSION 0.7.0 +ENV NJS_VERSION 0.7.3 ENV PKG_RELEASE 1 RUN set -x \ @@ -67,16 +67,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"af6e7eb25594dffe2903358f7a2c5c956f5b67b8df3f4e8237c30b63e50ce28e6eada3ed453687409beef8f3afa8f551cb20df2f06bd5e235eb66df212ece2ed *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/689.tar.gz \ + && PKGOSSCHECKSUM=\"b3cb5de3d22b4db2ab478e60469638e1935cb91c20405e33bdbf7303766278cf864bace62f95ef40f4fe39e92731f53ce1c4a18192ec7f7820f4083cd9384116 *689.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 689.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 689.tar.gz \ + && cd pkg-oss-689 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 6c09b751..54f2089c 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -8,7 +8,7 @@ FROM alpine:3.14 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.20.2 -ENV NJS_VERSION 0.7.0 +ENV NJS_VERSION 0.7.3 ENV PKG_RELEASE 1 RUN set -x \ @@ -66,16 +66,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"af6e7eb25594dffe2903358f7a2c5c956f5b67b8df3f4e8237c30b63e50ce28e6eada3ed453687409beef8f3afa8f551cb20df2f06bd5e235eb66df212ece2ed *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/689.tar.gz \ + && PKGOSSCHECKSUM=\"b3cb5de3d22b4db2ab478e60469638e1935cb91c20405e33bdbf7303766278cf864bace62f95ef40f4fe39e92731f53ce1c4a18192ec7f7820f4083cd9384116 *689.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 689.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 689.tar.gz \ + && cd pkg-oss-689 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index ef7fe8b9..74063520 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.20.2 -ENV NJS_VERSION 0.7.0 +ENV NJS_VERSION 0.7.3 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index de83d24b..515b6ba1 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.20.2 -ENV NJS_VERSION 0.7.0 +ENV NJS_VERSION 0.7.3 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/update.sh b/update.sh index f2486b69..e247549c 100755 --- a/update.sh +++ b/update.sh @@ -18,8 +18,8 @@ declare -A nginx=( # Current njs versions declare -A njs=( - [mainline]='0.7.2' - [stable]='0.7.0' + [mainline]='0.7.3' + [stable]='0.7.3' ) # Current package patchlevel version @@ -44,17 +44,16 @@ declare -A alpine=( # when building alpine packages on architectures not supported by nginx.org # Remember to update pkgosschecksum when changing this. declare -A rev=( - [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' - [stable]='${NGINX_VERSION}-${PKG_RELEASE}' - #[stable]='500' + [mainline]='688' + [stable]='689' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='29ec1c635da36b7727953544e1a20e9d75bd9d2050e063b9f81f88ca07bb7ea0b65cef46d0f3cb7134b38ce9b94ecada631619f233231845a3d8a16b6ad0db82' - [stable]='af6e7eb25594dffe2903358f7a2c5c956f5b67b8df3f4e8237c30b63e50ce28e6eada3ed453687409beef8f3afa8f551cb20df2f06bd5e235eb66df212ece2ed' + [mainline]='a8ab6ff80ab67c6c9567a9103b52a42a5962e9c1bc7091b7710aaf553a3b484af61b0797dd9b048c518e371a6f69e34d474cfaaeaa116fd2824bffa1cd9d4718' + [stable]='b3cb5de3d22b4db2ab478e60469638e1935cb91c20405e33bdbf7303766278cf864bace62f95ef40f4fe39e92731f53ce1c4a18192ec7f7820f4083cd9384116' ) get_packages() { From 6e580a6f592c02f0bf3d254e0a14c57f3a71e2ff Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 25 May 2022 15:31:16 +0400 Subject: [PATCH 219/377] Updated stable nginx to 1.22.0 and njs to 0.7.4. While at it, bump base OS for Alpine-based stable builds to Alpine 3.16. --- update.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/update.sh b/update.sh index e247549c..dc0f207f 100755 --- a/update.sh +++ b/update.sh @@ -13,13 +13,13 @@ declare branches=( # Remember to update pkgosschecksum when changing this. declare -A nginx=( [mainline]='1.21.6' - [stable]='1.20.2' + [stable]='1.22.0' ) # Current njs versions declare -A njs=( [mainline]='0.7.3' - [stable]='0.7.3' + [stable]='0.7.4' ) # Current package patchlevel version @@ -36,7 +36,7 @@ declare -A debian=( declare -A alpine=( [mainline]='3.15' - [stable]='3.14' + [stable]='3.16' ) # When we bump njs version in a stable release we don't move the tag in the @@ -45,7 +45,7 @@ declare -A alpine=( # Remember to update pkgosschecksum when changing this. declare -A rev=( [mainline]='688' - [stable]='689' + [stable]='696' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code @@ -53,7 +53,7 @@ declare -A rev=( # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( [mainline]='a8ab6ff80ab67c6c9567a9103b52a42a5962e9c1bc7091b7710aaf553a3b484af61b0797dd9b048c518e371a6f69e34d474cfaaeaa116fd2824bffa1cd9d4718' - [stable]='b3cb5de3d22b4db2ab478e60469638e1935cb91c20405e33bdbf7303766278cf864bace62f95ef40f4fe39e92731f53ce1c4a18192ec7f7820f4083cd9384116' + [stable]='fabf394af60d935d7c3f5e36db65dddcced9595fd06d3dfdfabbb77aaea88a5b772ef9c1521531673bdbb2876390cdea3b81c51030d36ab76cf5bfc0bfe79230' ) get_packages() { From 40923d1dfb59f6c66bed31012c5b4e2e044b7835 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 25 May 2022 15:35:10 +0400 Subject: [PATCH 220/377] update.sh: be a bit more BSD-friendly. --- update.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/update.sh b/update.sh index dc0f207f..3017090d 100755 --- a/update.sh +++ b/update.sh @@ -150,7 +150,7 @@ for branch in "${branches[@]}"; do packages=$(get_packages "$variant" "$branch") packagever=$(get_packagever "$variant" "$branch") - sed -i \ + sed -i.bak \ -e 's,%%ALPINE_VERSION%%,'"$alpinever"',' \ -e 's,%%DEBIAN_VERSION%%,'"$debianver"',' \ -e 's,%%NGINX_VERSION%%,'"$nginxver"',' \ From b18fb328f999b28a7bb6d86e06b0756c1befa21a Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 25 May 2022 16:00:53 +0400 Subject: [PATCH 221/377] Updated Dockerfiles. --- stable/alpine-perl/Dockerfile | 18 +++++++++--------- stable/alpine/Dockerfile | 18 +++++++++--------- stable/debian-perl/Dockerfile | 4 ++-- stable/debian/Dockerfile | 4 ++-- 4 files changed, 22 insertions(+), 22 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 9bf4be3a..e3596af6 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,12 +3,12 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.14 +FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.20.2 -ENV NJS_VERSION 0.7.3 +ENV NGINX_VERSION 1.22.0 +ENV NJS_VERSION 0.7.4 ENV PKG_RELEASE 1 RUN set -x \ @@ -53,7 +53,7 @@ RUN set -x \ libc-dev \ make \ openssl-dev \ - pcre-dev \ + pcre2-dev \ zlib-dev \ linux-headers \ libxslt-dev \ @@ -67,16 +67,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/689.tar.gz \ - && PKGOSSCHECKSUM=\"b3cb5de3d22b4db2ab478e60469638e1935cb91c20405e33bdbf7303766278cf864bace62f95ef40f4fe39e92731f53ce1c4a18192ec7f7820f4083cd9384116 *689.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 689.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/696.tar.gz \ + && PKGOSSCHECKSUM=\"fabf394af60d935d7c3f5e36db65dddcced9595fd06d3dfdfabbb77aaea88a5b772ef9c1521531673bdbb2876390cdea3b81c51030d36ab76cf5bfc0bfe79230 *696.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 696.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 689.tar.gz \ - && cd pkg-oss-689 \ + && tar xzvf 696.tar.gz \ + && cd pkg-oss-696 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 54f2089c..66049768 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,12 +3,12 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.14 +FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.20.2 -ENV NJS_VERSION 0.7.3 +ENV NGINX_VERSION 1.22.0 +ENV NJS_VERSION 0.7.4 ENV PKG_RELEASE 1 RUN set -x \ @@ -52,7 +52,7 @@ RUN set -x \ libc-dev \ make \ openssl-dev \ - pcre-dev \ + pcre2-dev \ zlib-dev \ linux-headers \ libxslt-dev \ @@ -66,16 +66,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/689.tar.gz \ - && PKGOSSCHECKSUM=\"b3cb5de3d22b4db2ab478e60469638e1935cb91c20405e33bdbf7303766278cf864bace62f95ef40f4fe39e92731f53ce1c4a18192ec7f7820f4083cd9384116 *689.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 689.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/696.tar.gz \ + && PKGOSSCHECKSUM=\"fabf394af60d935d7c3f5e36db65dddcced9595fd06d3dfdfabbb77aaea88a5b772ef9c1521531673bdbb2876390cdea3b81c51030d36ab76cf5bfc0bfe79230 *696.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 696.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 689.tar.gz \ - && cd pkg-oss-689 \ + && tar xzvf 696.tar.gz \ + && cd pkg-oss-696 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 74063520..e5612bfe 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.20.2 -ENV NJS_VERSION 0.7.3 +ENV NGINX_VERSION 1.22.0 +ENV NJS_VERSION 0.7.4 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 515b6ba1..a9f05fcf 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.20.2 -ENV NJS_VERSION 0.7.3 +ENV NGINX_VERSION 1.22.0 +ENV NJS_VERSION 0.7.4 ENV PKG_RELEASE 1~bullseye RUN set -x \ From 88018137053bdda23bd31fd61249b4b521eaffcf Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 25 May 2022 16:02:16 +0400 Subject: [PATCH 222/377] generate-stackbrew-library.sh: updated stable version. --- generate-stackbrew-library.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 4ff7ea38..92ee3413 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -4,7 +4,7 @@ set -eu declare -A aliases aliases=( [mainline]='1 1.21 latest' - [stable]='1.20' + [stable]='1.22' ) self="$(basename "$BASH_SOURCE")" From 7ff24ba2bed1438c1b72f573dc69532ac26e9cdc Mon Sep 17 00:00:00 2001 From: Jesper Noordsij Date: Thu, 26 May 2022 11:23:57 +0200 Subject: [PATCH 223/377] Update mainline to Alpine 3.16 --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- update.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 67a1df19..2eeea52f 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.15 +FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 79a1e711..76e50fce 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.15 +FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " diff --git a/update.sh b/update.sh index 3017090d..039231b0 100755 --- a/update.sh +++ b/update.sh @@ -35,7 +35,7 @@ declare -A debian=( ) declare -A alpine=( - [mainline]='3.15' + [mainline]='3.16' [stable]='3.16' ) From 04226fe92cc11bed68dae464eb60fd5399daf3b1 Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Tue, 21 Jun 2022 15:57:15 -0500 Subject: [PATCH 224/377] Update NGINX to 1.23, NJS to 0.7.5 --- .gitignore | 1 + mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 4 ++-- update.sh | 4 ++-- 6 files changed, 11 insertions(+), 10 deletions(-) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..751553b3 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +*.bak diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 2eeea52f..c8dea2e0 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.6 -ENV NJS_VERSION 0.7.3 +ENV NGINX_VERSION 1.23.0 +ENV NJS_VERSION 0.7.5 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 76e50fce..c52c2411 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.6 -ENV NJS_VERSION 0.7.3 +ENV NGINX_VERSION 1.23.0 +ENV NJS_VERSION 0.7.5 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index cbf01484..a0c1781b 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.6 -ENV NJS_VERSION 0.7.3 +ENV NGINX_VERSION 1.23.0 +ENV NJS_VERSION 0.7.5 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 82683a4d..4be092e9 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.6 -ENV NJS_VERSION 0.7.3 +ENV NGINX_VERSION 1.23.0 +ENV NJS_VERSION 0.7.5 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/update.sh b/update.sh index 039231b0..17cd14db 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.21.6' + [mainline]='1.23.0' [stable]='1.22.0' ) # Current njs versions declare -A njs=( - [mainline]='0.7.3' + [mainline]='0.7.5' [stable]='0.7.4' ) From d4a47bc6602d3a1412dad48a8513b83805605ef3 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 22 Jun 2022 10:30:30 +0400 Subject: [PATCH 225/377] Moved stable to njs 0.7.5. While at it, updated revisions and checksums for current tags. --- mainline/alpine-perl/Dockerfile | 10 +++++----- mainline/alpine/Dockerfile | 10 +++++----- stable/alpine-perl/Dockerfile | 12 ++++++------ stable/alpine/Dockerfile | 12 ++++++------ stable/debian-perl/Dockerfile | 2 +- stable/debian/Dockerfile | 2 +- update.sh | 10 +++++----- 7 files changed, 29 insertions(+), 29 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index c8dea2e0..74b16afb 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -67,16 +67,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/688.tar.gz \ - && PKGOSSCHECKSUM=\"a8ab6ff80ab67c6c9567a9103b52a42a5962e9c1bc7091b7710aaf553a3b484af61b0797dd9b048c518e371a6f69e34d474cfaaeaa116fd2824bffa1cd9d4718 *688.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 688.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"678b1e9ab34777f1a1a1a8717aff0dfa08cc187cf2cf140c084d23205f3ba3af97805e72ebbed49dd7bfcb23bbeca982b150fff5c2a6c96f161ed9085101f1a4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 688.tar.gz \ - && cd pkg-oss-688 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index c52c2411..75aebbe9 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -66,16 +66,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/688.tar.gz \ - && PKGOSSCHECKSUM=\"a8ab6ff80ab67c6c9567a9103b52a42a5962e9c1bc7091b7710aaf553a3b484af61b0797dd9b048c518e371a6f69e34d474cfaaeaa116fd2824bffa1cd9d4718 *688.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 688.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"678b1e9ab34777f1a1a1a8717aff0dfa08cc187cf2cf140c084d23205f3ba3af97805e72ebbed49dd7bfcb23bbeca982b150fff5c2a6c96f161ed9085101f1a4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 688.tar.gz \ - && cd pkg-oss-688 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index e3596af6..4f89d029 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -8,7 +8,7 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.22.0 -ENV NJS_VERSION 0.7.4 +ENV NJS_VERSION 0.7.5 ENV PKG_RELEASE 1 RUN set -x \ @@ -67,16 +67,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/696.tar.gz \ - && PKGOSSCHECKSUM=\"fabf394af60d935d7c3f5e36db65dddcced9595fd06d3dfdfabbb77aaea88a5b772ef9c1521531673bdbb2876390cdea3b81c51030d36ab76cf5bfc0bfe79230 *696.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 696.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/714.tar.gz \ + && PKGOSSCHECKSUM=\"f457d5988c1f2663e04c5cdad71874c25e94754277dd9da5d73c1d37c32bdaf288b3b20d8b5d070ffb33aab363eaf4a7abbcf95fcfd72b0729a1c1908c37e30e *714.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 714.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 696.tar.gz \ - && cd pkg-oss-696 \ + && tar xzvf 714.tar.gz \ + && cd pkg-oss-714 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 66049768..5c79c906 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -8,7 +8,7 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.22.0 -ENV NJS_VERSION 0.7.4 +ENV NJS_VERSION 0.7.5 ENV PKG_RELEASE 1 RUN set -x \ @@ -66,16 +66,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/696.tar.gz \ - && PKGOSSCHECKSUM=\"fabf394af60d935d7c3f5e36db65dddcced9595fd06d3dfdfabbb77aaea88a5b772ef9c1521531673bdbb2876390cdea3b81c51030d36ab76cf5bfc0bfe79230 *696.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 696.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/714.tar.gz \ + && PKGOSSCHECKSUM=\"f457d5988c1f2663e04c5cdad71874c25e94754277dd9da5d73c1d37c32bdaf288b3b20d8b5d070ffb33aab363eaf4a7abbcf95fcfd72b0729a1c1908c37e30e *714.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 714.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 696.tar.gz \ - && cd pkg-oss-696 \ + && tar xzvf 714.tar.gz \ + && cd pkg-oss-714 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index e5612bfe..57d8a670 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.22.0 -ENV NJS_VERSION 0.7.4 +ENV NJS_VERSION 0.7.5 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index a9f05fcf..12eecb65 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.22.0 -ENV NJS_VERSION 0.7.4 +ENV NJS_VERSION 0.7.5 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/update.sh b/update.sh index 17cd14db..6f0bb000 100755 --- a/update.sh +++ b/update.sh @@ -19,7 +19,7 @@ declare -A nginx=( # Current njs versions declare -A njs=( [mainline]='0.7.5' - [stable]='0.7.4' + [stable]='0.7.5' ) # Current package patchlevel version @@ -44,16 +44,16 @@ declare -A alpine=( # when building alpine packages on architectures not supported by nginx.org # Remember to update pkgosschecksum when changing this. declare -A rev=( - [mainline]='688' - [stable]='696' + [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' + [stable]='714' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='a8ab6ff80ab67c6c9567a9103b52a42a5962e9c1bc7091b7710aaf553a3b484af61b0797dd9b048c518e371a6f69e34d474cfaaeaa116fd2824bffa1cd9d4718' - [stable]='fabf394af60d935d7c3f5e36db65dddcced9595fd06d3dfdfabbb77aaea88a5b772ef9c1521531673bdbb2876390cdea3b81c51030d36ab76cf5bfc0bfe79230' + [mainline]='678b1e9ab34777f1a1a1a8717aff0dfa08cc187cf2cf140c084d23205f3ba3af97805e72ebbed49dd7bfcb23bbeca982b150fff5c2a6c96f161ed9085101f1a4' + [stable]='f457d5988c1f2663e04c5cdad71874c25e94754277dd9da5d73c1d37c32bdaf288b3b20d8b5d070ffb33aab363eaf4a7abbcf95fcfd72b0729a1c1908c37e30e' ) get_packages() { From 3e472aef70a13fd52ebac3a6b7902c7ea8e7f7ce Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 22 Jun 2022 11:03:11 +0400 Subject: [PATCH 226/377] generate-stackbrew-library.sh: updated mainline version. --- generate-stackbrew-library.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 92ee3413..d9a24d04 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -3,7 +3,7 @@ set -eu declare -A aliases aliases=( - [mainline]='1 1.21 latest' + [mainline]='1 1.23 latest' [stable]='1.22' ) From a563dda2d52e2aae1883ad174c54add563db78c8 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 27 Jun 2022 12:33:36 +0400 Subject: [PATCH 227/377] sync-awsecr.sh: bumped mainline/stable. --- sync-awsecr.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sync-awsecr.sh b/sync-awsecr.sh index 767e03d4..3e10a9ba 100755 --- a/sync-awsecr.sh +++ b/sync-awsecr.sh @@ -6,8 +6,8 @@ registry="public.ecr.aws/z9d2n7e1" declare -A aliases aliases=( - [mainline]='1 1.21 latest' - [stable]='1.20' + [mainline]='1 1.23 latest' + [stable]='1.22' ) architectures=( amd64 arm64v8 ) From 3581b6708a9ad8f8511db4a2fd57a703b17903c2 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 29 Jun 2022 13:47:28 +0400 Subject: [PATCH 228/377] modules: added xslscript.pl to debian-based image. This should not be really required. Sometimes when building debian changelogs in pkg-oss there seems to be a timestamp issue forcing changes.xslt to be rebuilt. I can not reliable reproduce it, but a workaround seems to be just to ship the script and use it when it's needed. Fixes #677. --- modules/Dockerfile | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/modules/Dockerfile b/modules/Dockerfile index 7a4e7141..1cce673d 100644 --- a/modules/Dockerfile +++ b/modules/Dockerfile @@ -15,7 +15,17 @@ RUN set -ex \ && apt install -y --no-install-suggests --no-install-recommends \ patch make wget mercurial devscripts debhelper dpkg-dev \ quilt lsb-release build-essential libxml2-utils xsltproc \ - equivs git g++ \ + equivs git g++ libparse-recdescent-perl \ + && XSLSCRIPT_SHA512="f7194c5198daeab9b3b0c3aebf006922c7df1d345d454bd8474489ff2eb6b4bf8e2ffe442489a45d1aab80da6ecebe0097759a1e12cc26b5f0613d05b7c09ffa *stdin" \ + && wget -O /tmp/xslscript.pl https://hg.nginx.org/xslscript/raw-file/01dc9ba12e1b/xslscript.pl \ + && if [ "$(cat /tmp/xslscript.pl | openssl sha512 -r)" = "$XSLSCRIPT_SHA512" ]; then \ + echo "XSLScript checksum verification succeeded!"; \ + chmod +x /tmp/xslscript.pl; \ + mv /tmp/xslscript.pl /usr/local/bin/; \ + else \ + echo "XSLScript checksum verification failed!"; \ + exit 1; \ + fi \ && hg clone -r ${NGINX_VERSION}-${PKG_RELEASE%%~*} https://hg.nginx.org/pkg-oss/ \ && cd pkg-oss \ && mkdir /tmp/packages \ From f3d86e99ba2db5d9918ede7b094fcad7b9128cd8 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 19 Jul 2022 20:41:42 +0400 Subject: [PATCH 229/377] Updated NGINX to 1.23.1, NJS to 0.7.6 --- mainline/alpine-perl/Dockerfile | 6 +++--- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 4 ++-- stable/alpine-perl/Dockerfile | 12 ++++++------ stable/alpine/Dockerfile | 12 ++++++------ stable/debian-perl/Dockerfile | 2 +- stable/debian/Dockerfile | 2 +- update.sh | 12 ++++++------ 9 files changed, 30 insertions(+), 30 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 74b16afb..a67df4f7 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.0 -ENV NJS_VERSION 0.7.5 +ENV NGINX_VERSION 1.23.1 +ENV NJS_VERSION 0.7.6 ENV PKG_RELEASE 1 RUN set -x \ @@ -68,7 +68,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"678b1e9ab34777f1a1a1a8717aff0dfa08cc187cf2cf140c084d23205f3ba3af97805e72ebbed49dd7bfcb23bbeca982b150fff5c2a6c96f161ed9085101f1a4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"513952f1e0432e667a8e3afef791a2daa036911f35573c849712747f10418f3f5b8712faf75fcb87f91bfaf593622b1e1c4f38ad9fef830f4cae141357206ecd *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 75aebbe9..d8a995bd 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.0 -ENV NJS_VERSION 0.7.5 +ENV NGINX_VERSION 1.23.1 +ENV NJS_VERSION 0.7.6 ENV PKG_RELEASE 1 RUN set -x \ @@ -67,7 +67,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"678b1e9ab34777f1a1a1a8717aff0dfa08cc187cf2cf140c084d23205f3ba3af97805e72ebbed49dd7bfcb23bbeca982b150fff5c2a6c96f161ed9085101f1a4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"513952f1e0432e667a8e3afef791a2daa036911f35573c849712747f10418f3f5b8712faf75fcb87f91bfaf593622b1e1c4f38ad9fef830f4cae141357206ecd *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index a0c1781b..a0a4c590 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.0 -ENV NJS_VERSION 0.7.5 +ENV NGINX_VERSION 1.23.1 +ENV NJS_VERSION 0.7.6 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 4be092e9..dd378e7e 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.0 -ENV NJS_VERSION 0.7.5 +ENV NGINX_VERSION 1.23.1 +ENV NJS_VERSION 0.7.6 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 4f89d029..50cac385 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -8,7 +8,7 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.22.0 -ENV NJS_VERSION 0.7.5 +ENV NJS_VERSION 0.7.6 ENV PKG_RELEASE 1 RUN set -x \ @@ -67,16 +67,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/714.tar.gz \ - && PKGOSSCHECKSUM=\"f457d5988c1f2663e04c5cdad71874c25e94754277dd9da5d73c1d37c32bdaf288b3b20d8b5d070ffb33aab363eaf4a7abbcf95fcfd72b0729a1c1908c37e30e *714.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 714.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/725.tar.gz \ + && PKGOSSCHECKSUM=\"a6c56bb7e98be77337affe349e1316a71ddad7a732dc3b34294a794b3e740d68385022f0de72d08c090156f194580a92dcb8b5e2aa1c9c29b5a8484a6431e9b3 *725.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 725.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 714.tar.gz \ - && cd pkg-oss-714 \ + && tar xzvf 725.tar.gz \ + && cd pkg-oss-725 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 5c79c906..4bec54dc 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -8,7 +8,7 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.22.0 -ENV NJS_VERSION 0.7.5 +ENV NJS_VERSION 0.7.6 ENV PKG_RELEASE 1 RUN set -x \ @@ -66,16 +66,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/714.tar.gz \ - && PKGOSSCHECKSUM=\"f457d5988c1f2663e04c5cdad71874c25e94754277dd9da5d73c1d37c32bdaf288b3b20d8b5d070ffb33aab363eaf4a7abbcf95fcfd72b0729a1c1908c37e30e *714.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 714.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/725.tar.gz \ + && PKGOSSCHECKSUM=\"a6c56bb7e98be77337affe349e1316a71ddad7a732dc3b34294a794b3e740d68385022f0de72d08c090156f194580a92dcb8b5e2aa1c9c29b5a8484a6431e9b3 *725.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 725.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 714.tar.gz \ - && cd pkg-oss-714 \ + && tar xzvf 725.tar.gz \ + && cd pkg-oss-725 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 57d8a670..fac18e55 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.22.0 -ENV NJS_VERSION 0.7.5 +ENV NJS_VERSION 0.7.6 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 12eecb65..48258bac 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.22.0 -ENV NJS_VERSION 0.7.5 +ENV NJS_VERSION 0.7.6 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/update.sh b/update.sh index 6f0bb000..f1bb316c 100755 --- a/update.sh +++ b/update.sh @@ -12,14 +12,14 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.23.0' + [mainline]='1.23.1' [stable]='1.22.0' ) # Current njs versions declare -A njs=( - [mainline]='0.7.5' - [stable]='0.7.5' + [mainline]='0.7.6' + [stable]='0.7.6' ) # Current package patchlevel version @@ -45,15 +45,15 @@ declare -A alpine=( # Remember to update pkgosschecksum when changing this. declare -A rev=( [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' - [stable]='714' + [stable]='725' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='678b1e9ab34777f1a1a1a8717aff0dfa08cc187cf2cf140c084d23205f3ba3af97805e72ebbed49dd7bfcb23bbeca982b150fff5c2a6c96f161ed9085101f1a4' - [stable]='f457d5988c1f2663e04c5cdad71874c25e94754277dd9da5d73c1d37c32bdaf288b3b20d8b5d070ffb33aab363eaf4a7abbcf95fcfd72b0729a1c1908c37e30e' + [mainline]='513952f1e0432e667a8e3afef791a2daa036911f35573c849712747f10418f3f5b8712faf75fcb87f91bfaf593622b1e1c4f38ad9fef830f4cae141357206ecd' + [stable]='a6c56bb7e98be77337affe349e1316a71ddad7a732dc3b34294a794b3e740d68385022f0de72d08c090156f194580a92dcb8b5e2aa1c9c29b5a8484a6431e9b3' ) get_packages() { From 1dca42f99b3f032d862a1d35e8a5b951d629dc98 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 9 Sep 2022 16:54:47 +0400 Subject: [PATCH 230/377] Introduced alpine-slim image variant. --- Dockerfile-alpine-slim.template | 115 +++++++++++ generate-stackbrew-library.sh | 15 ++ .../10-listen-on-ipv6-by-default.sh | 61 ++++++ .../alpine-slim/20-envsubst-on-templates.sh | 32 +++ .../alpine-slim/30-tune-worker-processes.sh | 188 ++++++++++++++++++ mainline/alpine-slim/Dockerfile | 121 +++++++++++ mainline/alpine-slim/docker-entrypoint.sh | 38 ++++ .../10-listen-on-ipv6-by-default.sh | 61 ++++++ .../alpine-slim/20-envsubst-on-templates.sh | 32 +++ .../alpine-slim/30-tune-worker-processes.sh | 188 ++++++++++++++++++ stable/alpine-slim/Dockerfile | 121 +++++++++++ stable/alpine-slim/docker-entrypoint.sh | 38 ++++ update.sh | 24 ++- 13 files changed, 1027 insertions(+), 7 deletions(-) create mode 100644 Dockerfile-alpine-slim.template create mode 100755 mainline/alpine-slim/10-listen-on-ipv6-by-default.sh create mode 100755 mainline/alpine-slim/20-envsubst-on-templates.sh create mode 100755 mainline/alpine-slim/30-tune-worker-processes.sh create mode 100644 mainline/alpine-slim/Dockerfile create mode 100755 mainline/alpine-slim/docker-entrypoint.sh create mode 100755 stable/alpine-slim/10-listen-on-ipv6-by-default.sh create mode 100755 stable/alpine-slim/20-envsubst-on-templates.sh create mode 100755 stable/alpine-slim/30-tune-worker-processes.sh create mode 100644 stable/alpine-slim/Dockerfile create mode 100755 stable/alpine-slim/docker-entrypoint.sh diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template new file mode 100644 index 00000000..b394d05e --- /dev/null +++ b/Dockerfile-alpine-slim.template @@ -0,0 +1,115 @@ +FROM alpine:%%ALPINE_VERSION%% + +LABEL maintainer="NGINX Docker Maintainers " + +ENV NGINX_VERSION %%NGINX_VERSION%% +ENV PKG_RELEASE %%PKG_RELEASE%% + +RUN set -x \ +# create nginx user/group first, to be consistent throughout docker variants + && addgroup -g 101 -S nginx \ + && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \ + && apkArch="$(cat /etc/apk/arch)" \ + && nginxPackages="%%PACKAGES%% + " \ +# install prerequisites for public key and pkg-oss checks + && apk add --no-cache --virtual .checksum-deps \ + openssl \ + && case "$apkArch" in \ + x86_64|aarch64) \ +# arches officially built by upstream + set -x \ + && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ + && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + echo "key verification succeeded!"; \ + mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ + else \ + echo "key verification failed!"; \ + exit 1; \ + fi \ + && apk add -X "%%PACKAGEREPO%%v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published packaging sources + set -x \ + && tempDir="$(mktemp -d)" \ + && chown nobody:nobody $tempDir \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre2-dev \ + zlib-dev \ + linux-headers \ + bash \ + alpine-sdk \ + findutils \ + && su nobody -s /bin/sh -c " \ + export HOME=${tempDir} \ + && cd ${tempDir} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/%%REVISION%%.tar.gz \ + && PKGOSSCHECKSUM=\"%%PKGOSSCHECKSUM%% *%%REVISION%%.tar.gz\" \ + && if [ \"\$(openssl sha512 -r %%REVISION%%.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + echo \"pkg-oss tarball checksum verification succeeded!\"; \ + else \ + echo \"pkg-oss tarball checksum verification failed!\"; \ + exit 1; \ + fi \ + && tar xzvf %%REVISION%%.tar.gz \ + && cd pkg-oss-%%REVISION%% \ + && cd alpine \ + && make base \ + && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ + " \ + && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ + && apk del .build-deps \ + && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ + ;; \ + esac \ +# remove checksum deps + && apk del .checksum-deps \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ +# Bring in gettext so we can get `envsubst`, then throw +# the rest away. To do this, we need to install `gettext` +# then move `envsubst` out of the way so `gettext` can +# be deleted completely, then move `envsubst` back. + && apk add --no-cache --virtual .gettext gettext \ + && mv /usr/bin/envsubst /tmp/ \ + \ + && runDeps="$( \ + scanelf --needed --nobanner /tmp/envsubst \ + | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ + | sort -u \ + | xargs -r apk info --installed \ + | sort -u \ + )" \ + && apk add --no-cache $runDeps \ + && apk del .gettext \ + && mv /tmp/envsubst /usr/local/bin/ \ +# Bring in tzdata so users could set the timezones through the environment +# variables + && apk add --no-cache tzdata \ +# forward request and error logs to docker log collector + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ +# create a docker-entrypoint.d directory + && mkdir /docker-entrypoint.d + +COPY docker-entrypoint.sh / +COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 20-envsubst-on-templates.sh /docker-entrypoint.d +COPY 30-tune-worker-processes.sh /docker-entrypoint.d +ENTRYPOINT ["/docker-entrypoint.sh"] + +EXPOSE 80 + +STOPSIGNAL SIGQUIT + +CMD ["nginx", "-g", "daemon off;"] diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index d9a24d04..9bc067d2 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -98,4 +98,19 @@ for version in "${versions[@]}"; do EOE done + for variant in alpine-slim; do + commit="$(dirCommit "$version/$variant")" + + variantAliases=( "${versionAliases[@]/%/-$variant}" ) + variantAliases=( "${variantAliases[@]//latest-/}" ) + + echo + cat <<-EOE + Tags: $(join ', ' "${variantAliases[@]}") + Architectures: arm64v8, amd64 + GitCommit: $commit + Directory: $version/$variant + EOE + done + done diff --git a/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh b/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh new file mode 100755 index 00000000..9585152b --- /dev/null +++ b/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh @@ -0,0 +1,61 @@ +#!/bin/sh +# vim:sw=4:ts=4:et + +set -e + +ME=$(basename $0) +DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" + +# check if we have ipv6 available +if [ ! -f "/proc/net/if_inet6" ]; then + echo >&3 "$ME: info: ipv6 not available" + exit 0 +fi + +if [ ! -f "/$DEFAULT_CONF_FILE" ]; then + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + exit 0 +fi + +# check if the file can be modified, e.g. not on a r/o filesystem +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } + +# check if the file is already modified, e.g. on a container restart +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } + +if [ -f "/etc/os-release" ]; then + . /etc/os-release +else + echo >&3 "$ME: info: can not guess the operating system" + exit 0 +fi + +echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" + +case "$ID" in + "debian") + CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + exit 0 + } + ;; + "alpine") + CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + exit 0 + } + ;; + *) + echo >&3 "$ME: info: Unsupported distribution" + exit 0 + ;; +esac + +# enable ipv6 on default.conf listen sockets +sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE + +echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" + +exit 0 diff --git a/mainline/alpine-slim/20-envsubst-on-templates.sh b/mainline/alpine-slim/20-envsubst-on-templates.sh new file mode 100755 index 00000000..4f330295 --- /dev/null +++ b/mainline/alpine-slim/20-envsubst-on-templates.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +set -e + +ME=$(basename $0) + +auto_envsubst() { + local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" + local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" + local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + + local template defined_envs relative_path output_path subdir + defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + [ -d "$template_dir" ] || return 0 + if [ ! -w "$output_dir" ]; then + echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + return 0 + fi + find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do + relative_path="${template#$template_dir/}" + output_path="$output_dir/${relative_path%$suffix}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$output_dir/$subdir" + echo >&3 "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done +} + +auto_envsubst + +exit 0 diff --git a/mainline/alpine-slim/30-tune-worker-processes.sh b/mainline/alpine-slim/30-tune-worker-processes.sh new file mode 100755 index 00000000..56505871 --- /dev/null +++ b/mainline/alpine-slim/30-tune-worker-processes.sh @@ -0,0 +1,188 @@ +#!/bin/sh +# vim:sw=2:ts=2:sts=2:et + +set -eu + +LC_ALL=C +ME=$( basename "$0" ) +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 + +touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } + +ceildiv() { + num=$1 + div=$2 + echo $(( (num + div - 1) / div )) +} + +get_cpuset() { + cpusetroot=$1 + cpusetfile=$2 + ncpu=0 + [ -f "$cpusetroot/$cpusetfile" ] || return 1 + for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do + case "$token" in + *-*) + count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) + ncpu=$(( ncpu+count )) + ;; + *) + ncpu=$(( ncpu+1 )) + ;; + esac + done + echo "$ncpu" +} + +get_quota() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 + [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 + cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) + cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) + [ "$cfs_quota" = "-1" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return 1 + echo "$ncpu" +} + +get_quota_v2() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.max" ] || return 1 + cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) + cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) + [ "$cfs_quota" = "max" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return 1 + echo "$ncpu" +} + +get_cgroup_v1_path() { + needle=$1 + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 + + while IFS= read -r line; do + case "$needle" in + "cpuset") + case "$line" in + *cpuset*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break + ;; + esac + ;; + "cpu") + case "$line" in + *cpuset*) + ;; + *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break + ;; + esac + esac + done << __EOF__ +$( grep -F -- '- cgroup ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + controller=$( echo "$line" | cut -d: -f 2 ) + case "$needle" in + "cpuset") + case "$controller" in + cpuset) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + break + ;; + esac + ;; + "cpu") + case "$controller" in + cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + break + ;; + esac + ;; + esac +done << __EOF__ +$( grep -F -- 'cpu' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +get_cgroup_v2_path() { + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 + + while IFS= read -r line; do + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + done << __EOF__ +$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + mountpoint=$( echo "$line" | cut -d: -f 3 ) +done << __EOF__ +$( grep -F -- '0::' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "") + return 1 + ;; + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +ncpu_online=$( getconf _NPROCESSORS_ONLN ) +ncpu_cpuset= +ncpu_quota= +ncpu_cpuset_v2= +ncpu_quota_v2= + +cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online +cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online + +ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ + "$ncpu_online" \ + "$ncpu_cpuset" \ + "$ncpu_quota" \ + "$ncpu_cpuset_v2" \ + "$ncpu_quota_v2" \ + | sort -n \ + | head -n 1 ) + +sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile new file mode 100644 index 00000000..b5cfded6 --- /dev/null +++ b/mainline/alpine-slim/Dockerfile @@ -0,0 +1,121 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# +FROM alpine:3.16 + +LABEL maintainer="NGINX Docker Maintainers " + +ENV NGINX_VERSION 1.23.1 +ENV PKG_RELEASE 1 + +RUN set -x \ +# create nginx user/group first, to be consistent throughout docker variants + && addgroup -g 101 -S nginx \ + && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \ + && apkArch="$(cat /etc/apk/arch)" \ + && nginxPackages=" \ + nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ + " \ +# install prerequisites for public key and pkg-oss checks + && apk add --no-cache --virtual .checksum-deps \ + openssl \ + && case "$apkArch" in \ + x86_64|aarch64) \ +# arches officially built by upstream + set -x \ + && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ + && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + echo "key verification succeeded!"; \ + mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ + else \ + echo "key verification failed!"; \ + exit 1; \ + fi \ + && apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published packaging sources + set -x \ + && tempDir="$(mktemp -d)" \ + && chown nobody:nobody $tempDir \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre2-dev \ + zlib-dev \ + linux-headers \ + bash \ + alpine-sdk \ + findutils \ + && su nobody -s /bin/sh -c " \ + export HOME=${tempDir} \ + && cd ${tempDir} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"513952f1e0432e667a8e3afef791a2daa036911f35573c849712747f10418f3f5b8712faf75fcb87f91bfaf593622b1e1c4f38ad9fef830f4cae141357206ecd *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + echo \"pkg-oss tarball checksum verification succeeded!\"; \ + else \ + echo \"pkg-oss tarball checksum verification failed!\"; \ + exit 1; \ + fi \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && cd alpine \ + && make base \ + && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ + " \ + && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ + && apk del .build-deps \ + && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ + ;; \ + esac \ +# remove checksum deps + && apk del .checksum-deps \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ +# Bring in gettext so we can get `envsubst`, then throw +# the rest away. To do this, we need to install `gettext` +# then move `envsubst` out of the way so `gettext` can +# be deleted completely, then move `envsubst` back. + && apk add --no-cache --virtual .gettext gettext \ + && mv /usr/bin/envsubst /tmp/ \ + \ + && runDeps="$( \ + scanelf --needed --nobanner /tmp/envsubst \ + | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ + | sort -u \ + | xargs -r apk info --installed \ + | sort -u \ + )" \ + && apk add --no-cache $runDeps \ + && apk del .gettext \ + && mv /tmp/envsubst /usr/local/bin/ \ +# Bring in tzdata so users could set the timezones through the environment +# variables + && apk add --no-cache tzdata \ +# forward request and error logs to docker log collector + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ +# create a docker-entrypoint.d directory + && mkdir /docker-entrypoint.d + +COPY docker-entrypoint.sh / +COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 20-envsubst-on-templates.sh /docker-entrypoint.d +COPY 30-tune-worker-processes.sh /docker-entrypoint.d +ENTRYPOINT ["/docker-entrypoint.sh"] + +EXPOSE 80 + +STOPSIGNAL SIGQUIT + +CMD ["nginx", "-g", "daemon off;"] diff --git a/mainline/alpine-slim/docker-entrypoint.sh b/mainline/alpine-slim/docker-entrypoint.sh new file mode 100755 index 00000000..72d5cd94 --- /dev/null +++ b/mainline/alpine-slim/docker-entrypoint.sh @@ -0,0 +1,38 @@ +#!/bin/sh +# vim:sw=4:ts=4:et + +set -e + +if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + exec 3>&1 +else + exec 3>/dev/null +fi + +if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then + echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + + echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do + case "$f" in + *.sh) + if [ -x "$f" ]; then + echo >&3 "$0: Launching $f"; + "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; + *) echo >&3 "$0: Ignoring $f";; + esac + done + + echo >&3 "$0: Configuration complete; ready for start up" + else + echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + fi +fi + +exec "$@" diff --git a/stable/alpine-slim/10-listen-on-ipv6-by-default.sh b/stable/alpine-slim/10-listen-on-ipv6-by-default.sh new file mode 100755 index 00000000..9585152b --- /dev/null +++ b/stable/alpine-slim/10-listen-on-ipv6-by-default.sh @@ -0,0 +1,61 @@ +#!/bin/sh +# vim:sw=4:ts=4:et + +set -e + +ME=$(basename $0) +DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" + +# check if we have ipv6 available +if [ ! -f "/proc/net/if_inet6" ]; then + echo >&3 "$ME: info: ipv6 not available" + exit 0 +fi + +if [ ! -f "/$DEFAULT_CONF_FILE" ]; then + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + exit 0 +fi + +# check if the file can be modified, e.g. not on a r/o filesystem +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } + +# check if the file is already modified, e.g. on a container restart +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } + +if [ -f "/etc/os-release" ]; then + . /etc/os-release +else + echo >&3 "$ME: info: can not guess the operating system" + exit 0 +fi + +echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" + +case "$ID" in + "debian") + CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + exit 0 + } + ;; + "alpine") + CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + exit 0 + } + ;; + *) + echo >&3 "$ME: info: Unsupported distribution" + exit 0 + ;; +esac + +# enable ipv6 on default.conf listen sockets +sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE + +echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" + +exit 0 diff --git a/stable/alpine-slim/20-envsubst-on-templates.sh b/stable/alpine-slim/20-envsubst-on-templates.sh new file mode 100755 index 00000000..4f330295 --- /dev/null +++ b/stable/alpine-slim/20-envsubst-on-templates.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +set -e + +ME=$(basename $0) + +auto_envsubst() { + local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" + local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" + local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + + local template defined_envs relative_path output_path subdir + defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + [ -d "$template_dir" ] || return 0 + if [ ! -w "$output_dir" ]; then + echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + return 0 + fi + find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do + relative_path="${template#$template_dir/}" + output_path="$output_dir/${relative_path%$suffix}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$output_dir/$subdir" + echo >&3 "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done +} + +auto_envsubst + +exit 0 diff --git a/stable/alpine-slim/30-tune-worker-processes.sh b/stable/alpine-slim/30-tune-worker-processes.sh new file mode 100755 index 00000000..56505871 --- /dev/null +++ b/stable/alpine-slim/30-tune-worker-processes.sh @@ -0,0 +1,188 @@ +#!/bin/sh +# vim:sw=2:ts=2:sts=2:et + +set -eu + +LC_ALL=C +ME=$( basename "$0" ) +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 + +touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } + +ceildiv() { + num=$1 + div=$2 + echo $(( (num + div - 1) / div )) +} + +get_cpuset() { + cpusetroot=$1 + cpusetfile=$2 + ncpu=0 + [ -f "$cpusetroot/$cpusetfile" ] || return 1 + for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do + case "$token" in + *-*) + count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) + ncpu=$(( ncpu+count )) + ;; + *) + ncpu=$(( ncpu+1 )) + ;; + esac + done + echo "$ncpu" +} + +get_quota() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 + [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 + cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) + cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) + [ "$cfs_quota" = "-1" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return 1 + echo "$ncpu" +} + +get_quota_v2() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.max" ] || return 1 + cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) + cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) + [ "$cfs_quota" = "max" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return 1 + echo "$ncpu" +} + +get_cgroup_v1_path() { + needle=$1 + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 + + while IFS= read -r line; do + case "$needle" in + "cpuset") + case "$line" in + *cpuset*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break + ;; + esac + ;; + "cpu") + case "$line" in + *cpuset*) + ;; + *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break + ;; + esac + esac + done << __EOF__ +$( grep -F -- '- cgroup ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + controller=$( echo "$line" | cut -d: -f 2 ) + case "$needle" in + "cpuset") + case "$controller" in + cpuset) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + break + ;; + esac + ;; + "cpu") + case "$controller" in + cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + break + ;; + esac + ;; + esac +done << __EOF__ +$( grep -F -- 'cpu' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +get_cgroup_v2_path() { + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 + + while IFS= read -r line; do + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + done << __EOF__ +$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + mountpoint=$( echo "$line" | cut -d: -f 3 ) +done << __EOF__ +$( grep -F -- '0::' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "") + return 1 + ;; + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +ncpu_online=$( getconf _NPROCESSORS_ONLN ) +ncpu_cpuset= +ncpu_quota= +ncpu_cpuset_v2= +ncpu_quota_v2= + +cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online +cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online + +ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ + "$ncpu_online" \ + "$ncpu_cpuset" \ + "$ncpu_quota" \ + "$ncpu_cpuset_v2" \ + "$ncpu_quota_v2" \ + | sort -n \ + | head -n 1 ) + +sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile new file mode 100644 index 00000000..8f548539 --- /dev/null +++ b/stable/alpine-slim/Dockerfile @@ -0,0 +1,121 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# +FROM alpine:3.16 + +LABEL maintainer="NGINX Docker Maintainers " + +ENV NGINX_VERSION 1.22.0 +ENV PKG_RELEASE 1 + +RUN set -x \ +# create nginx user/group first, to be consistent throughout docker variants + && addgroup -g 101 -S nginx \ + && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \ + && apkArch="$(cat /etc/apk/arch)" \ + && nginxPackages=" \ + nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ + " \ +# install prerequisites for public key and pkg-oss checks + && apk add --no-cache --virtual .checksum-deps \ + openssl \ + && case "$apkArch" in \ + x86_64|aarch64) \ +# arches officially built by upstream + set -x \ + && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ + && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + echo "key verification succeeded!"; \ + mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ + else \ + echo "key verification failed!"; \ + exit 1; \ + fi \ + && apk add -X "https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published packaging sources + set -x \ + && tempDir="$(mktemp -d)" \ + && chown nobody:nobody $tempDir \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre2-dev \ + zlib-dev \ + linux-headers \ + bash \ + alpine-sdk \ + findutils \ + && su nobody -s /bin/sh -c " \ + export HOME=${tempDir} \ + && cd ${tempDir} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/725.tar.gz \ + && PKGOSSCHECKSUM=\"a6c56bb7e98be77337affe349e1316a71ddad7a732dc3b34294a794b3e740d68385022f0de72d08c090156f194580a92dcb8b5e2aa1c9c29b5a8484a6431e9b3 *725.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 725.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + echo \"pkg-oss tarball checksum verification succeeded!\"; \ + else \ + echo \"pkg-oss tarball checksum verification failed!\"; \ + exit 1; \ + fi \ + && tar xzvf 725.tar.gz \ + && cd pkg-oss-725 \ + && cd alpine \ + && make base \ + && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ + " \ + && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ + && apk del .build-deps \ + && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ + ;; \ + esac \ +# remove checksum deps + && apk del .checksum-deps \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ +# Bring in gettext so we can get `envsubst`, then throw +# the rest away. To do this, we need to install `gettext` +# then move `envsubst` out of the way so `gettext` can +# be deleted completely, then move `envsubst` back. + && apk add --no-cache --virtual .gettext gettext \ + && mv /usr/bin/envsubst /tmp/ \ + \ + && runDeps="$( \ + scanelf --needed --nobanner /tmp/envsubst \ + | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ + | sort -u \ + | xargs -r apk info --installed \ + | sort -u \ + )" \ + && apk add --no-cache $runDeps \ + && apk del .gettext \ + && mv /tmp/envsubst /usr/local/bin/ \ +# Bring in tzdata so users could set the timezones through the environment +# variables + && apk add --no-cache tzdata \ +# forward request and error logs to docker log collector + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ +# create a docker-entrypoint.d directory + && mkdir /docker-entrypoint.d + +COPY docker-entrypoint.sh / +COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 20-envsubst-on-templates.sh /docker-entrypoint.d +COPY 30-tune-worker-processes.sh /docker-entrypoint.d +ENTRYPOINT ["/docker-entrypoint.sh"] + +EXPOSE 80 + +STOPSIGNAL SIGQUIT + +CMD ["nginx", "-g", "daemon off;"] diff --git a/stable/alpine-slim/docker-entrypoint.sh b/stable/alpine-slim/docker-entrypoint.sh new file mode 100755 index 00000000..72d5cd94 --- /dev/null +++ b/stable/alpine-slim/docker-entrypoint.sh @@ -0,0 +1,38 @@ +#!/bin/sh +# vim:sw=4:ts=4:et + +set -e + +if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + exec 3>&1 +else + exec 3>/dev/null +fi + +if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then + echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + + echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do + case "$f" in + *.sh) + if [ -x "$f" ]; then + echo >&3 "$0: Launching $f"; + "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; + *) echo >&3 "$0: Ignoring $f";; + esac + done + + echo >&3 "$0: Configuration complete; ready for start up" + else + echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + fi +fi + +exec "$@" diff --git a/update.sh b/update.sh index f1bb316c..ddb783eb 100755 --- a/update.sh +++ b/update.sh @@ -82,16 +82,26 @@ get_packages() { esac echo -n ' \\\n' - for p in nginx nginx-module-xslt nginx-module-geoip nginx-module-image-filter $perl; do - echo -n ' '"$p"'=${NGINX_VERSION}-'"$r"'${PKG_RELEASE} \\\n' - done - for p in nginx-module-njs; do - echo -n ' '"$p"'=${NGINX_VERSION}'"$sep"'${NJS_VERSION}-'"$r"'${PKG_RELEASE} \\' - done + case "$distro" in + *-slim) + for p in nginx; do + echo -n ' '"$p"'=${NGINX_VERSION}-'"$r"'${PKG_RELEASE} \\' + done + ;; + *) + for p in nginx nginx-module-xslt nginx-module-geoip nginx-module-image-filter $perl; do + echo -n ' '"$p"'=${NGINX_VERSION}-'"$r"'${PKG_RELEASE} \\\n' + done + for p in nginx-module-njs; do + echo -n ' '"$p"'=${NGINX_VERSION}'"$sep"'${NJS_VERSION}-'"$r"'${PKG_RELEASE} \\' + done + ;; + esac } get_packagerepo() { local distro="${1%-perl}" + distro="${distro%-slim}" shift local branch="$1" shift @@ -125,7 +135,7 @@ __EOF__ for branch in "${branches[@]}"; do for variant in \ - alpine{,-perl} \ + alpine{,-perl,-slim} \ debian{,-perl}; do echo "$branch: $variant" dir="$branch/$variant" From 667512852e35b485cc557412e58648cf70a77759 Mon Sep 17 00:00:00 2001 From: JuniorJPDJ Date: Wed, 20 Jul 2022 01:23:20 +0200 Subject: [PATCH 231/377] Source entrypoint files with .envsh extension This allows reusing variables declared between entrypoint scripts --- entrypoint/docker-entrypoint.sh | 9 +++++++++ mainline/alpine-perl/docker-entrypoint.sh | 9 +++++++++ mainline/alpine-slim/docker-entrypoint.sh | 9 +++++++++ mainline/alpine/docker-entrypoint.sh | 9 +++++++++ mainline/debian-perl/docker-entrypoint.sh | 9 +++++++++ mainline/debian/docker-entrypoint.sh | 9 +++++++++ stable/alpine-perl/docker-entrypoint.sh | 9 +++++++++ stable/alpine-slim/docker-entrypoint.sh | 9 +++++++++ stable/alpine/docker-entrypoint.sh | 9 +++++++++ stable/debian-perl/docker-entrypoint.sh | 9 +++++++++ stable/debian/docker-entrypoint.sh | 9 +++++++++ 11 files changed, 99 insertions(+) diff --git a/entrypoint/docker-entrypoint.sh b/entrypoint/docker-entrypoint.sh index 72d5cd94..b8b99e14 100755 --- a/entrypoint/docker-entrypoint.sh +++ b/entrypoint/docker-entrypoint.sh @@ -16,6 +16,15 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in + *.envsh) + if [ -x "$f" ]; then + echo >&3 "$0: Sourcing $f"; + source "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; *.sh) if [ -x "$f" ]; then echo >&3 "$0: Launching $f"; diff --git a/mainline/alpine-perl/docker-entrypoint.sh b/mainline/alpine-perl/docker-entrypoint.sh index 72d5cd94..b8b99e14 100755 --- a/mainline/alpine-perl/docker-entrypoint.sh +++ b/mainline/alpine-perl/docker-entrypoint.sh @@ -16,6 +16,15 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in + *.envsh) + if [ -x "$f" ]; then + echo >&3 "$0: Sourcing $f"; + source "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; *.sh) if [ -x "$f" ]; then echo >&3 "$0: Launching $f"; diff --git a/mainline/alpine-slim/docker-entrypoint.sh b/mainline/alpine-slim/docker-entrypoint.sh index 72d5cd94..b8b99e14 100755 --- a/mainline/alpine-slim/docker-entrypoint.sh +++ b/mainline/alpine-slim/docker-entrypoint.sh @@ -16,6 +16,15 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in + *.envsh) + if [ -x "$f" ]; then + echo >&3 "$0: Sourcing $f"; + source "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; *.sh) if [ -x "$f" ]; then echo >&3 "$0: Launching $f"; diff --git a/mainline/alpine/docker-entrypoint.sh b/mainline/alpine/docker-entrypoint.sh index 72d5cd94..b8b99e14 100755 --- a/mainline/alpine/docker-entrypoint.sh +++ b/mainline/alpine/docker-entrypoint.sh @@ -16,6 +16,15 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in + *.envsh) + if [ -x "$f" ]; then + echo >&3 "$0: Sourcing $f"; + source "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; *.sh) if [ -x "$f" ]; then echo >&3 "$0: Launching $f"; diff --git a/mainline/debian-perl/docker-entrypoint.sh b/mainline/debian-perl/docker-entrypoint.sh index 72d5cd94..b8b99e14 100755 --- a/mainline/debian-perl/docker-entrypoint.sh +++ b/mainline/debian-perl/docker-entrypoint.sh @@ -16,6 +16,15 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in + *.envsh) + if [ -x "$f" ]; then + echo >&3 "$0: Sourcing $f"; + source "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; *.sh) if [ -x "$f" ]; then echo >&3 "$0: Launching $f"; diff --git a/mainline/debian/docker-entrypoint.sh b/mainline/debian/docker-entrypoint.sh index 72d5cd94..b8b99e14 100755 --- a/mainline/debian/docker-entrypoint.sh +++ b/mainline/debian/docker-entrypoint.sh @@ -16,6 +16,15 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in + *.envsh) + if [ -x "$f" ]; then + echo >&3 "$0: Sourcing $f"; + source "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; *.sh) if [ -x "$f" ]; then echo >&3 "$0: Launching $f"; diff --git a/stable/alpine-perl/docker-entrypoint.sh b/stable/alpine-perl/docker-entrypoint.sh index 72d5cd94..b8b99e14 100755 --- a/stable/alpine-perl/docker-entrypoint.sh +++ b/stable/alpine-perl/docker-entrypoint.sh @@ -16,6 +16,15 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in + *.envsh) + if [ -x "$f" ]; then + echo >&3 "$0: Sourcing $f"; + source "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; *.sh) if [ -x "$f" ]; then echo >&3 "$0: Launching $f"; diff --git a/stable/alpine-slim/docker-entrypoint.sh b/stable/alpine-slim/docker-entrypoint.sh index 72d5cd94..b8b99e14 100755 --- a/stable/alpine-slim/docker-entrypoint.sh +++ b/stable/alpine-slim/docker-entrypoint.sh @@ -16,6 +16,15 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in + *.envsh) + if [ -x "$f" ]; then + echo >&3 "$0: Sourcing $f"; + source "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; *.sh) if [ -x "$f" ]; then echo >&3 "$0: Launching $f"; diff --git a/stable/alpine/docker-entrypoint.sh b/stable/alpine/docker-entrypoint.sh index 72d5cd94..b8b99e14 100755 --- a/stable/alpine/docker-entrypoint.sh +++ b/stable/alpine/docker-entrypoint.sh @@ -16,6 +16,15 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in + *.envsh) + if [ -x "$f" ]; then + echo >&3 "$0: Sourcing $f"; + source "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; *.sh) if [ -x "$f" ]; then echo >&3 "$0: Launching $f"; diff --git a/stable/debian-perl/docker-entrypoint.sh b/stable/debian-perl/docker-entrypoint.sh index 72d5cd94..b8b99e14 100755 --- a/stable/debian-perl/docker-entrypoint.sh +++ b/stable/debian-perl/docker-entrypoint.sh @@ -16,6 +16,15 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in + *.envsh) + if [ -x "$f" ]; then + echo >&3 "$0: Sourcing $f"; + source "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; *.sh) if [ -x "$f" ]; then echo >&3 "$0: Launching $f"; diff --git a/stable/debian/docker-entrypoint.sh b/stable/debian/docker-entrypoint.sh index 72d5cd94..b8b99e14 100755 --- a/stable/debian/docker-entrypoint.sh +++ b/stable/debian/docker-entrypoint.sh @@ -16,6 +16,15 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in + *.envsh) + if [ -x "$f" ]; then + echo >&3 "$0: Sourcing $f"; + source "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; *.sh) if [ -x "$f" ]; then echo >&3 "$0: Launching $f"; From 6b94ddac1c42eab917f4060a8a1de673779e87d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Sj=C3=B6lund?= Date: Sun, 11 Sep 2022 07:49:13 +0200 Subject: [PATCH 232/377] docker-entrypoint: don't close fd 3. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The file descriptor 3 in the container might be an activated socket that was inherited from systemd via Podman and should therefore not be closed. Fixes #702. Signed-off-by: Erik Sjölund --- entrypoint/10-listen-on-ipv6-by-default.sh | 26 ++++++++++++-------- entrypoint/20-envsubst-on-templates.sh | 10 ++++++-- entrypoint/docker-entrypoint.sh | 28 +++++++++++----------- 3 files changed, 38 insertions(+), 26 deletions(-) diff --git a/entrypoint/10-listen-on-ipv6-by-default.sh b/entrypoint/10-listen-on-ipv6-by-default.sh index 9585152b..b2655860 100755 --- a/entrypoint/10-listen-on-ipv6-by-default.sh +++ b/entrypoint/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/entrypoint/20-envsubst-on-templates.sh b/entrypoint/20-envsubst-on-templates.sh index 4f330295..1a2560a4 100755 --- a/entrypoint/20-envsubst-on-templates.sh +++ b/entrypoint/20-envsubst-on-templates.sh @@ -4,6 +4,12 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" @@ -13,7 +19,7 @@ auto_envsubst() { defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/entrypoint/docker-entrypoint.sh b/entrypoint/docker-entrypoint.sh index b8b99e14..34fef79b 100755 --- a/entrypoint/docker-entrypoint.sh +++ b/entrypoint/docker-entrypoint.sh @@ -3,44 +3,44 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.envsh) if [ -x "$f" ]; then - echo >&3 "$0: Sourcing $f"; + entrypoint_log "$0: Sourcing $f"; source "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi From 4680ae8cb5a0dfc561699c9ed3dc5c93091b9e36 Mon Sep 17 00:00:00 2001 From: Konstantin Demin Date: Sat, 10 Sep 2022 00:47:58 +0300 Subject: [PATCH 233/377] 30-tune-worker-processes.sh: cgroups2 workaround cgroups2 may be set in weird way: <<< $ podman run --rm --network=host debian:stable-slim sh -c 'grep cgroup /proc/self/mountinfo ; echo ; cat /proc/self/cgroup' 754 752 0:27 /../../../../../.. /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - cgroup2 cgroup2 rw,nsdelegate,memory_recursiveprot 0::/ >>> add workaround for that case Signed-off-by: Konstantin Demin --- entrypoint/30-tune-worker-processes.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint/30-tune-worker-processes.sh b/entrypoint/30-tune-worker-processes.sh index 56505871..9aa42e98 100755 --- a/entrypoint/30-tune-worker-processes.sh +++ b/entrypoint/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac From 0d38d4931427fea915b2db39c1212db369278d5c Mon Sep 17 00:00:00 2001 From: Alex Sheplyakov Date: Tue, 13 Sep 2022 16:22:03 +0400 Subject: [PATCH 234/377] Better ENV variables handling. In case when env contain variables with newlines, the variables substitution script fails, trying to use non-existent variables. See https://github.com/nginxinc/docker-nginx/pull/560 for more details. Co-authored-by: Tianon Gravi --- entrypoint/20-envsubst-on-templates.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint/20-envsubst-on-templates.sh b/entrypoint/20-envsubst-on-templates.sh index 1a2560a4..8ca5b7e6 100755 --- a/entrypoint/20-envsubst-on-templates.sh +++ b/entrypoint/20-envsubst-on-templates.sh @@ -16,7 +16,7 @@ auto_envsubst() { local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" From ed42652f987141da65bab235b86a165b2c506cf5 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 13 Sep 2022 16:32:24 +0400 Subject: [PATCH 235/377] Updated entrypoints changed with the recent commits. --- .../10-listen-on-ipv6-by-default.sh | 26 ++++++++++------- .../alpine-perl/20-envsubst-on-templates.sh | 12 ++++++-- .../alpine-perl/30-tune-worker-processes.sh | 2 +- mainline/alpine-perl/docker-entrypoint.sh | 28 +++++++++---------- .../10-listen-on-ipv6-by-default.sh | 26 ++++++++++------- .../alpine-slim/20-envsubst-on-templates.sh | 12 ++++++-- .../alpine-slim/30-tune-worker-processes.sh | 2 +- mainline/alpine-slim/docker-entrypoint.sh | 28 +++++++++---------- .../alpine/10-listen-on-ipv6-by-default.sh | 26 ++++++++++------- mainline/alpine/20-envsubst-on-templates.sh | 12 ++++++-- mainline/alpine/30-tune-worker-processes.sh | 2 +- mainline/alpine/docker-entrypoint.sh | 28 +++++++++---------- .../10-listen-on-ipv6-by-default.sh | 26 ++++++++++------- .../debian-perl/20-envsubst-on-templates.sh | 12 ++++++-- .../debian-perl/30-tune-worker-processes.sh | 2 +- mainline/debian-perl/docker-entrypoint.sh | 28 +++++++++---------- .../debian/10-listen-on-ipv6-by-default.sh | 26 ++++++++++------- mainline/debian/20-envsubst-on-templates.sh | 12 ++++++-- mainline/debian/30-tune-worker-processes.sh | 2 +- mainline/debian/docker-entrypoint.sh | 28 +++++++++---------- .../10-listen-on-ipv6-by-default.sh | 26 ++++++++++------- .../alpine-perl/20-envsubst-on-templates.sh | 12 ++++++-- .../alpine-perl/30-tune-worker-processes.sh | 2 +- stable/alpine-perl/docker-entrypoint.sh | 28 +++++++++---------- .../10-listen-on-ipv6-by-default.sh | 26 ++++++++++------- .../alpine-slim/20-envsubst-on-templates.sh | 12 ++++++-- .../alpine-slim/30-tune-worker-processes.sh | 2 +- stable/alpine-slim/docker-entrypoint.sh | 28 +++++++++---------- stable/alpine/10-listen-on-ipv6-by-default.sh | 26 ++++++++++------- stable/alpine/20-envsubst-on-templates.sh | 12 ++++++-- stable/alpine/30-tune-worker-processes.sh | 2 +- stable/alpine/docker-entrypoint.sh | 28 +++++++++---------- .../10-listen-on-ipv6-by-default.sh | 26 ++++++++++------- .../debian-perl/20-envsubst-on-templates.sh | 12 ++++++-- .../debian-perl/30-tune-worker-processes.sh | 2 +- stable/debian-perl/docker-entrypoint.sh | 28 +++++++++---------- stable/debian/10-listen-on-ipv6-by-default.sh | 26 ++++++++++------- stable/debian/20-envsubst-on-templates.sh | 12 ++++++-- stable/debian/30-tune-worker-processes.sh | 2 +- stable/debian/docker-entrypoint.sh | 28 +++++++++---------- 40 files changed, 400 insertions(+), 280 deletions(-) diff --git a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh index 9585152b..b2655860 100755 --- a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/mainline/alpine-perl/20-envsubst-on-templates.sh b/mainline/alpine-perl/20-envsubst-on-templates.sh index 4f330295..8ca5b7e6 100755 --- a/mainline/alpine-perl/20-envsubst-on-templates.sh +++ b/mainline/alpine-perl/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/mainline/alpine-perl/30-tune-worker-processes.sh b/mainline/alpine-perl/30-tune-worker-processes.sh index 56505871..9aa42e98 100755 --- a/mainline/alpine-perl/30-tune-worker-processes.sh +++ b/mainline/alpine-perl/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/mainline/alpine-perl/docker-entrypoint.sh b/mainline/alpine-perl/docker-entrypoint.sh index b8b99e14..34fef79b 100755 --- a/mainline/alpine-perl/docker-entrypoint.sh +++ b/mainline/alpine-perl/docker-entrypoint.sh @@ -3,44 +3,44 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.envsh) if [ -x "$f" ]; then - echo >&3 "$0: Sourcing $f"; + entrypoint_log "$0: Sourcing $f"; source "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh b/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh index 9585152b..b2655860 100755 --- a/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/mainline/alpine-slim/20-envsubst-on-templates.sh b/mainline/alpine-slim/20-envsubst-on-templates.sh index 4f330295..8ca5b7e6 100755 --- a/mainline/alpine-slim/20-envsubst-on-templates.sh +++ b/mainline/alpine-slim/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/mainline/alpine-slim/30-tune-worker-processes.sh b/mainline/alpine-slim/30-tune-worker-processes.sh index 56505871..9aa42e98 100755 --- a/mainline/alpine-slim/30-tune-worker-processes.sh +++ b/mainline/alpine-slim/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/mainline/alpine-slim/docker-entrypoint.sh b/mainline/alpine-slim/docker-entrypoint.sh index b8b99e14..34fef79b 100755 --- a/mainline/alpine-slim/docker-entrypoint.sh +++ b/mainline/alpine-slim/docker-entrypoint.sh @@ -3,44 +3,44 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.envsh) if [ -x "$f" ]; then - echo >&3 "$0: Sourcing $f"; + entrypoint_log "$0: Sourcing $f"; source "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/mainline/alpine/10-listen-on-ipv6-by-default.sh b/mainline/alpine/10-listen-on-ipv6-by-default.sh index 9585152b..b2655860 100755 --- a/mainline/alpine/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/mainline/alpine/20-envsubst-on-templates.sh b/mainline/alpine/20-envsubst-on-templates.sh index 4f330295..8ca5b7e6 100755 --- a/mainline/alpine/20-envsubst-on-templates.sh +++ b/mainline/alpine/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/mainline/alpine/30-tune-worker-processes.sh b/mainline/alpine/30-tune-worker-processes.sh index 56505871..9aa42e98 100755 --- a/mainline/alpine/30-tune-worker-processes.sh +++ b/mainline/alpine/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/mainline/alpine/docker-entrypoint.sh b/mainline/alpine/docker-entrypoint.sh index b8b99e14..34fef79b 100755 --- a/mainline/alpine/docker-entrypoint.sh +++ b/mainline/alpine/docker-entrypoint.sh @@ -3,44 +3,44 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.envsh) if [ -x "$f" ]; then - echo >&3 "$0: Sourcing $f"; + entrypoint_log "$0: Sourcing $f"; source "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/mainline/debian-perl/10-listen-on-ipv6-by-default.sh b/mainline/debian-perl/10-listen-on-ipv6-by-default.sh index 9585152b..b2655860 100755 --- a/mainline/debian-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/debian-perl/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/mainline/debian-perl/20-envsubst-on-templates.sh b/mainline/debian-perl/20-envsubst-on-templates.sh index 4f330295..8ca5b7e6 100755 --- a/mainline/debian-perl/20-envsubst-on-templates.sh +++ b/mainline/debian-perl/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/mainline/debian-perl/30-tune-worker-processes.sh b/mainline/debian-perl/30-tune-worker-processes.sh index 56505871..9aa42e98 100755 --- a/mainline/debian-perl/30-tune-worker-processes.sh +++ b/mainline/debian-perl/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/mainline/debian-perl/docker-entrypoint.sh b/mainline/debian-perl/docker-entrypoint.sh index b8b99e14..34fef79b 100755 --- a/mainline/debian-perl/docker-entrypoint.sh +++ b/mainline/debian-perl/docker-entrypoint.sh @@ -3,44 +3,44 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.envsh) if [ -x "$f" ]; then - echo >&3 "$0: Sourcing $f"; + entrypoint_log "$0: Sourcing $f"; source "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/mainline/debian/10-listen-on-ipv6-by-default.sh b/mainline/debian/10-listen-on-ipv6-by-default.sh index 9585152b..b2655860 100755 --- a/mainline/debian/10-listen-on-ipv6-by-default.sh +++ b/mainline/debian/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/mainline/debian/20-envsubst-on-templates.sh b/mainline/debian/20-envsubst-on-templates.sh index 4f330295..8ca5b7e6 100755 --- a/mainline/debian/20-envsubst-on-templates.sh +++ b/mainline/debian/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/mainline/debian/30-tune-worker-processes.sh b/mainline/debian/30-tune-worker-processes.sh index 56505871..9aa42e98 100755 --- a/mainline/debian/30-tune-worker-processes.sh +++ b/mainline/debian/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/mainline/debian/docker-entrypoint.sh b/mainline/debian/docker-entrypoint.sh index b8b99e14..34fef79b 100755 --- a/mainline/debian/docker-entrypoint.sh +++ b/mainline/debian/docker-entrypoint.sh @@ -3,44 +3,44 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.envsh) if [ -x "$f" ]; then - echo >&3 "$0: Sourcing $f"; + entrypoint_log "$0: Sourcing $f"; source "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh index 9585152b..b2655860 100755 --- a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/stable/alpine-perl/20-envsubst-on-templates.sh b/stable/alpine-perl/20-envsubst-on-templates.sh index 4f330295..8ca5b7e6 100755 --- a/stable/alpine-perl/20-envsubst-on-templates.sh +++ b/stable/alpine-perl/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/stable/alpine-perl/30-tune-worker-processes.sh b/stable/alpine-perl/30-tune-worker-processes.sh index 56505871..9aa42e98 100755 --- a/stable/alpine-perl/30-tune-worker-processes.sh +++ b/stable/alpine-perl/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/stable/alpine-perl/docker-entrypoint.sh b/stable/alpine-perl/docker-entrypoint.sh index b8b99e14..34fef79b 100755 --- a/stable/alpine-perl/docker-entrypoint.sh +++ b/stable/alpine-perl/docker-entrypoint.sh @@ -3,44 +3,44 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.envsh) if [ -x "$f" ]; then - echo >&3 "$0: Sourcing $f"; + entrypoint_log "$0: Sourcing $f"; source "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/stable/alpine-slim/10-listen-on-ipv6-by-default.sh b/stable/alpine-slim/10-listen-on-ipv6-by-default.sh index 9585152b..b2655860 100755 --- a/stable/alpine-slim/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine-slim/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/stable/alpine-slim/20-envsubst-on-templates.sh b/stable/alpine-slim/20-envsubst-on-templates.sh index 4f330295..8ca5b7e6 100755 --- a/stable/alpine-slim/20-envsubst-on-templates.sh +++ b/stable/alpine-slim/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/stable/alpine-slim/30-tune-worker-processes.sh b/stable/alpine-slim/30-tune-worker-processes.sh index 56505871..9aa42e98 100755 --- a/stable/alpine-slim/30-tune-worker-processes.sh +++ b/stable/alpine-slim/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/stable/alpine-slim/docker-entrypoint.sh b/stable/alpine-slim/docker-entrypoint.sh index b8b99e14..34fef79b 100755 --- a/stable/alpine-slim/docker-entrypoint.sh +++ b/stable/alpine-slim/docker-entrypoint.sh @@ -3,44 +3,44 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.envsh) if [ -x "$f" ]; then - echo >&3 "$0: Sourcing $f"; + entrypoint_log "$0: Sourcing $f"; source "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/stable/alpine/10-listen-on-ipv6-by-default.sh b/stable/alpine/10-listen-on-ipv6-by-default.sh index 9585152b..b2655860 100755 --- a/stable/alpine/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/stable/alpine/20-envsubst-on-templates.sh b/stable/alpine/20-envsubst-on-templates.sh index 4f330295..8ca5b7e6 100755 --- a/stable/alpine/20-envsubst-on-templates.sh +++ b/stable/alpine/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/stable/alpine/30-tune-worker-processes.sh b/stable/alpine/30-tune-worker-processes.sh index 56505871..9aa42e98 100755 --- a/stable/alpine/30-tune-worker-processes.sh +++ b/stable/alpine/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/stable/alpine/docker-entrypoint.sh b/stable/alpine/docker-entrypoint.sh index b8b99e14..34fef79b 100755 --- a/stable/alpine/docker-entrypoint.sh +++ b/stable/alpine/docker-entrypoint.sh @@ -3,44 +3,44 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.envsh) if [ -x "$f" ]; then - echo >&3 "$0: Sourcing $f"; + entrypoint_log "$0: Sourcing $f"; source "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/stable/debian-perl/10-listen-on-ipv6-by-default.sh b/stable/debian-perl/10-listen-on-ipv6-by-default.sh index 9585152b..b2655860 100755 --- a/stable/debian-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/debian-perl/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/stable/debian-perl/20-envsubst-on-templates.sh b/stable/debian-perl/20-envsubst-on-templates.sh index 4f330295..8ca5b7e6 100755 --- a/stable/debian-perl/20-envsubst-on-templates.sh +++ b/stable/debian-perl/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/stable/debian-perl/30-tune-worker-processes.sh b/stable/debian-perl/30-tune-worker-processes.sh index 56505871..9aa42e98 100755 --- a/stable/debian-perl/30-tune-worker-processes.sh +++ b/stable/debian-perl/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/stable/debian-perl/docker-entrypoint.sh b/stable/debian-perl/docker-entrypoint.sh index b8b99e14..34fef79b 100755 --- a/stable/debian-perl/docker-entrypoint.sh +++ b/stable/debian-perl/docker-entrypoint.sh @@ -3,44 +3,44 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.envsh) if [ -x "$f" ]; then - echo >&3 "$0: Sourcing $f"; + entrypoint_log "$0: Sourcing $f"; source "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/stable/debian/10-listen-on-ipv6-by-default.sh b/stable/debian/10-listen-on-ipv6-by-default.sh index 9585152b..b2655860 100755 --- a/stable/debian/10-listen-on-ipv6-by-default.sh +++ b/stable/debian/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/stable/debian/20-envsubst-on-templates.sh b/stable/debian/20-envsubst-on-templates.sh index 4f330295..8ca5b7e6 100755 --- a/stable/debian/20-envsubst-on-templates.sh +++ b/stable/debian/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/stable/debian/30-tune-worker-processes.sh b/stable/debian/30-tune-worker-processes.sh index 56505871..9aa42e98 100755 --- a/stable/debian/30-tune-worker-processes.sh +++ b/stable/debian/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/stable/debian/docker-entrypoint.sh b/stable/debian/docker-entrypoint.sh index b8b99e14..34fef79b 100755 --- a/stable/debian/docker-entrypoint.sh +++ b/stable/debian/docker-entrypoint.sh @@ -3,44 +3,44 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.envsh) if [ -x "$f" ]; then - echo >&3 "$0: Sourcing $f"; + entrypoint_log "$0: Sourcing $f"; source "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi From 34f8babd45eba2b3c4b001b7aac41882aae3b17a Mon Sep 17 00:00:00 2001 From: karlderkaefer Date: Thu, 15 Sep 2022 13:46:21 +0200 Subject: [PATCH 236/377] feat: add optional filter for environment variables passed to envsubst MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit closes #705 Co-authored-by: Erik Sjölund --- entrypoint/20-envsubst-on-templates.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/entrypoint/20-envsubst-on-templates.sh b/entrypoint/20-envsubst-on-templates.sh index 8ca5b7e6..fc61cdeb 100755 --- a/entrypoint/20-envsubst-on-templates.sh +++ b/entrypoint/20-envsubst-on-templates.sh @@ -14,9 +14,10 @@ auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" From 98973693a89005722832e1a9e2467211c64139f1 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 27 Sep 2022 13:35:01 +0400 Subject: [PATCH 237/377] Updated entrypoints changed with the previous commit. --- mainline/alpine-perl/20-envsubst-on-templates.sh | 3 ++- mainline/alpine-slim/20-envsubst-on-templates.sh | 3 ++- mainline/alpine/20-envsubst-on-templates.sh | 3 ++- mainline/debian-perl/20-envsubst-on-templates.sh | 3 ++- mainline/debian/20-envsubst-on-templates.sh | 3 ++- stable/alpine-perl/20-envsubst-on-templates.sh | 3 ++- stable/alpine-slim/20-envsubst-on-templates.sh | 3 ++- stable/alpine/20-envsubst-on-templates.sh | 3 ++- stable/debian-perl/20-envsubst-on-templates.sh | 3 ++- stable/debian/20-envsubst-on-templates.sh | 3 ++- 10 files changed, 20 insertions(+), 10 deletions(-) diff --git a/mainline/alpine-perl/20-envsubst-on-templates.sh b/mainline/alpine-perl/20-envsubst-on-templates.sh index 8ca5b7e6..fc61cdeb 100755 --- a/mainline/alpine-perl/20-envsubst-on-templates.sh +++ b/mainline/alpine-perl/20-envsubst-on-templates.sh @@ -14,9 +14,10 @@ auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/mainline/alpine-slim/20-envsubst-on-templates.sh b/mainline/alpine-slim/20-envsubst-on-templates.sh index 8ca5b7e6..fc61cdeb 100755 --- a/mainline/alpine-slim/20-envsubst-on-templates.sh +++ b/mainline/alpine-slim/20-envsubst-on-templates.sh @@ -14,9 +14,10 @@ auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/mainline/alpine/20-envsubst-on-templates.sh b/mainline/alpine/20-envsubst-on-templates.sh index 8ca5b7e6..fc61cdeb 100755 --- a/mainline/alpine/20-envsubst-on-templates.sh +++ b/mainline/alpine/20-envsubst-on-templates.sh @@ -14,9 +14,10 @@ auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/mainline/debian-perl/20-envsubst-on-templates.sh b/mainline/debian-perl/20-envsubst-on-templates.sh index 8ca5b7e6..fc61cdeb 100755 --- a/mainline/debian-perl/20-envsubst-on-templates.sh +++ b/mainline/debian-perl/20-envsubst-on-templates.sh @@ -14,9 +14,10 @@ auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/mainline/debian/20-envsubst-on-templates.sh b/mainline/debian/20-envsubst-on-templates.sh index 8ca5b7e6..fc61cdeb 100755 --- a/mainline/debian/20-envsubst-on-templates.sh +++ b/mainline/debian/20-envsubst-on-templates.sh @@ -14,9 +14,10 @@ auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/stable/alpine-perl/20-envsubst-on-templates.sh b/stable/alpine-perl/20-envsubst-on-templates.sh index 8ca5b7e6..fc61cdeb 100755 --- a/stable/alpine-perl/20-envsubst-on-templates.sh +++ b/stable/alpine-perl/20-envsubst-on-templates.sh @@ -14,9 +14,10 @@ auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/stable/alpine-slim/20-envsubst-on-templates.sh b/stable/alpine-slim/20-envsubst-on-templates.sh index 8ca5b7e6..fc61cdeb 100755 --- a/stable/alpine-slim/20-envsubst-on-templates.sh +++ b/stable/alpine-slim/20-envsubst-on-templates.sh @@ -14,9 +14,10 @@ auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/stable/alpine/20-envsubst-on-templates.sh b/stable/alpine/20-envsubst-on-templates.sh index 8ca5b7e6..fc61cdeb 100755 --- a/stable/alpine/20-envsubst-on-templates.sh +++ b/stable/alpine/20-envsubst-on-templates.sh @@ -14,9 +14,10 @@ auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/stable/debian-perl/20-envsubst-on-templates.sh b/stable/debian-perl/20-envsubst-on-templates.sh index 8ca5b7e6..fc61cdeb 100755 --- a/stable/debian-perl/20-envsubst-on-templates.sh +++ b/stable/debian-perl/20-envsubst-on-templates.sh @@ -14,9 +14,10 @@ auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/stable/debian/20-envsubst-on-templates.sh b/stable/debian/20-envsubst-on-templates.sh index 8ca5b7e6..fc61cdeb 100755 --- a/stable/debian/20-envsubst-on-templates.sh +++ b/stable/debian/20-envsubst-on-templates.sh @@ -14,9 +14,10 @@ auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" From cc7ca22aee900542c05594d7a2b18623d84c7d12 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 27 Sep 2022 14:59:48 +0400 Subject: [PATCH 238/377] docker-entrypoint.sh: Use a portable source command. --- entrypoint/docker-entrypoint.sh | 2 +- mainline/alpine-perl/docker-entrypoint.sh | 2 +- mainline/alpine-slim/docker-entrypoint.sh | 2 +- mainline/alpine/docker-entrypoint.sh | 2 +- mainline/debian-perl/docker-entrypoint.sh | 2 +- mainline/debian/docker-entrypoint.sh | 2 +- stable/alpine-perl/docker-entrypoint.sh | 2 +- stable/alpine-slim/docker-entrypoint.sh | 2 +- stable/alpine/docker-entrypoint.sh | 2 +- stable/debian-perl/docker-entrypoint.sh | 2 +- stable/debian/docker-entrypoint.sh | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/entrypoint/docker-entrypoint.sh b/entrypoint/docker-entrypoint.sh index 34fef79b..e201fe60 100755 --- a/entrypoint/docker-entrypoint.sh +++ b/entrypoint/docker-entrypoint.sh @@ -19,7 +19,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then *.envsh) if [ -x "$f" ]; then entrypoint_log "$0: Sourcing $f"; - source "$f" + . "$f" else # warn on shell scripts without exec bit entrypoint_log "$0: Ignoring $f, not executable"; diff --git a/mainline/alpine-perl/docker-entrypoint.sh b/mainline/alpine-perl/docker-entrypoint.sh index 34fef79b..e201fe60 100755 --- a/mainline/alpine-perl/docker-entrypoint.sh +++ b/mainline/alpine-perl/docker-entrypoint.sh @@ -19,7 +19,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then *.envsh) if [ -x "$f" ]; then entrypoint_log "$0: Sourcing $f"; - source "$f" + . "$f" else # warn on shell scripts without exec bit entrypoint_log "$0: Ignoring $f, not executable"; diff --git a/mainline/alpine-slim/docker-entrypoint.sh b/mainline/alpine-slim/docker-entrypoint.sh index 34fef79b..e201fe60 100755 --- a/mainline/alpine-slim/docker-entrypoint.sh +++ b/mainline/alpine-slim/docker-entrypoint.sh @@ -19,7 +19,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then *.envsh) if [ -x "$f" ]; then entrypoint_log "$0: Sourcing $f"; - source "$f" + . "$f" else # warn on shell scripts without exec bit entrypoint_log "$0: Ignoring $f, not executable"; diff --git a/mainline/alpine/docker-entrypoint.sh b/mainline/alpine/docker-entrypoint.sh index 34fef79b..e201fe60 100755 --- a/mainline/alpine/docker-entrypoint.sh +++ b/mainline/alpine/docker-entrypoint.sh @@ -19,7 +19,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then *.envsh) if [ -x "$f" ]; then entrypoint_log "$0: Sourcing $f"; - source "$f" + . "$f" else # warn on shell scripts without exec bit entrypoint_log "$0: Ignoring $f, not executable"; diff --git a/mainline/debian-perl/docker-entrypoint.sh b/mainline/debian-perl/docker-entrypoint.sh index 34fef79b..e201fe60 100755 --- a/mainline/debian-perl/docker-entrypoint.sh +++ b/mainline/debian-perl/docker-entrypoint.sh @@ -19,7 +19,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then *.envsh) if [ -x "$f" ]; then entrypoint_log "$0: Sourcing $f"; - source "$f" + . "$f" else # warn on shell scripts without exec bit entrypoint_log "$0: Ignoring $f, not executable"; diff --git a/mainline/debian/docker-entrypoint.sh b/mainline/debian/docker-entrypoint.sh index 34fef79b..e201fe60 100755 --- a/mainline/debian/docker-entrypoint.sh +++ b/mainline/debian/docker-entrypoint.sh @@ -19,7 +19,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then *.envsh) if [ -x "$f" ]; then entrypoint_log "$0: Sourcing $f"; - source "$f" + . "$f" else # warn on shell scripts without exec bit entrypoint_log "$0: Ignoring $f, not executable"; diff --git a/stable/alpine-perl/docker-entrypoint.sh b/stable/alpine-perl/docker-entrypoint.sh index 34fef79b..e201fe60 100755 --- a/stable/alpine-perl/docker-entrypoint.sh +++ b/stable/alpine-perl/docker-entrypoint.sh @@ -19,7 +19,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then *.envsh) if [ -x "$f" ]; then entrypoint_log "$0: Sourcing $f"; - source "$f" + . "$f" else # warn on shell scripts without exec bit entrypoint_log "$0: Ignoring $f, not executable"; diff --git a/stable/alpine-slim/docker-entrypoint.sh b/stable/alpine-slim/docker-entrypoint.sh index 34fef79b..e201fe60 100755 --- a/stable/alpine-slim/docker-entrypoint.sh +++ b/stable/alpine-slim/docker-entrypoint.sh @@ -19,7 +19,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then *.envsh) if [ -x "$f" ]; then entrypoint_log "$0: Sourcing $f"; - source "$f" + . "$f" else # warn on shell scripts without exec bit entrypoint_log "$0: Ignoring $f, not executable"; diff --git a/stable/alpine/docker-entrypoint.sh b/stable/alpine/docker-entrypoint.sh index 34fef79b..e201fe60 100755 --- a/stable/alpine/docker-entrypoint.sh +++ b/stable/alpine/docker-entrypoint.sh @@ -19,7 +19,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then *.envsh) if [ -x "$f" ]; then entrypoint_log "$0: Sourcing $f"; - source "$f" + . "$f" else # warn on shell scripts without exec bit entrypoint_log "$0: Ignoring $f, not executable"; diff --git a/stable/debian-perl/docker-entrypoint.sh b/stable/debian-perl/docker-entrypoint.sh index 34fef79b..e201fe60 100755 --- a/stable/debian-perl/docker-entrypoint.sh +++ b/stable/debian-perl/docker-entrypoint.sh @@ -19,7 +19,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then *.envsh) if [ -x "$f" ]; then entrypoint_log "$0: Sourcing $f"; - source "$f" + . "$f" else # warn on shell scripts without exec bit entrypoint_log "$0: Ignoring $f, not executable"; diff --git a/stable/debian/docker-entrypoint.sh b/stable/debian/docker-entrypoint.sh index 34fef79b..e201fe60 100755 --- a/stable/debian/docker-entrypoint.sh +++ b/stable/debian/docker-entrypoint.sh @@ -19,7 +19,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then *.envsh) if [ -x "$f" ]; then entrypoint_log "$0: Sourcing $f"; - source "$f" + . "$f" else # warn on shell scripts without exec bit entrypoint_log "$0: Ignoring $f, not executable"; From 7e0541f37699661c286ba68a67a5cee4a0ea05a9 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 28 Sep 2022 12:01:33 +0400 Subject: [PATCH 239/377] 20-envsubst-on-templates.sh: use awk to get environment. The solution with xargs reading from /proc/self/environ is too expensive, especially when there is a lot of environment variables to be checked. See https://github.com/nginxinc/docker-nginx-unprivileged/issues/107 for more details. --- entrypoint/20-envsubst-on-templates.sh | 2 +- mainline/alpine-perl/20-envsubst-on-templates.sh | 2 +- mainline/alpine-slim/20-envsubst-on-templates.sh | 2 +- mainline/alpine/20-envsubst-on-templates.sh | 2 +- mainline/debian-perl/20-envsubst-on-templates.sh | 2 +- mainline/debian/20-envsubst-on-templates.sh | 2 +- stable/alpine-perl/20-envsubst-on-templates.sh | 2 +- stable/alpine-slim/20-envsubst-on-templates.sh | 2 +- stable/alpine/20-envsubst-on-templates.sh | 2 +- stable/debian-perl/20-envsubst-on-templates.sh | 2 +- stable/debian/20-envsubst-on-templates.sh | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/entrypoint/20-envsubst-on-templates.sh b/entrypoint/20-envsubst-on-templates.sh index fc61cdeb..d0398b1e 100755 --- a/entrypoint/20-envsubst-on-templates.sh +++ b/entrypoint/20-envsubst-on-templates.sh @@ -17,7 +17,7 @@ auto_envsubst() { local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); + defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/mainline/alpine-perl/20-envsubst-on-templates.sh b/mainline/alpine-perl/20-envsubst-on-templates.sh index fc61cdeb..d0398b1e 100755 --- a/mainline/alpine-perl/20-envsubst-on-templates.sh +++ b/mainline/alpine-perl/20-envsubst-on-templates.sh @@ -17,7 +17,7 @@ auto_envsubst() { local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); + defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/mainline/alpine-slim/20-envsubst-on-templates.sh b/mainline/alpine-slim/20-envsubst-on-templates.sh index fc61cdeb..d0398b1e 100755 --- a/mainline/alpine-slim/20-envsubst-on-templates.sh +++ b/mainline/alpine-slim/20-envsubst-on-templates.sh @@ -17,7 +17,7 @@ auto_envsubst() { local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); + defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/mainline/alpine/20-envsubst-on-templates.sh b/mainline/alpine/20-envsubst-on-templates.sh index fc61cdeb..d0398b1e 100755 --- a/mainline/alpine/20-envsubst-on-templates.sh +++ b/mainline/alpine/20-envsubst-on-templates.sh @@ -17,7 +17,7 @@ auto_envsubst() { local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); + defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/mainline/debian-perl/20-envsubst-on-templates.sh b/mainline/debian-perl/20-envsubst-on-templates.sh index fc61cdeb..d0398b1e 100755 --- a/mainline/debian-perl/20-envsubst-on-templates.sh +++ b/mainline/debian-perl/20-envsubst-on-templates.sh @@ -17,7 +17,7 @@ auto_envsubst() { local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); + defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/mainline/debian/20-envsubst-on-templates.sh b/mainline/debian/20-envsubst-on-templates.sh index fc61cdeb..d0398b1e 100755 --- a/mainline/debian/20-envsubst-on-templates.sh +++ b/mainline/debian/20-envsubst-on-templates.sh @@ -17,7 +17,7 @@ auto_envsubst() { local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); + defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/stable/alpine-perl/20-envsubst-on-templates.sh b/stable/alpine-perl/20-envsubst-on-templates.sh index fc61cdeb..d0398b1e 100755 --- a/stable/alpine-perl/20-envsubst-on-templates.sh +++ b/stable/alpine-perl/20-envsubst-on-templates.sh @@ -17,7 +17,7 @@ auto_envsubst() { local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); + defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/stable/alpine-slim/20-envsubst-on-templates.sh b/stable/alpine-slim/20-envsubst-on-templates.sh index fc61cdeb..d0398b1e 100755 --- a/stable/alpine-slim/20-envsubst-on-templates.sh +++ b/stable/alpine-slim/20-envsubst-on-templates.sh @@ -17,7 +17,7 @@ auto_envsubst() { local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); + defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/stable/alpine/20-envsubst-on-templates.sh b/stable/alpine/20-envsubst-on-templates.sh index fc61cdeb..d0398b1e 100755 --- a/stable/alpine/20-envsubst-on-templates.sh +++ b/stable/alpine/20-envsubst-on-templates.sh @@ -17,7 +17,7 @@ auto_envsubst() { local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); + defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/stable/debian-perl/20-envsubst-on-templates.sh b/stable/debian-perl/20-envsubst-on-templates.sh index fc61cdeb..d0398b1e 100755 --- a/stable/debian-perl/20-envsubst-on-templates.sh +++ b/stable/debian-perl/20-envsubst-on-templates.sh @@ -17,7 +17,7 @@ auto_envsubst() { local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); + defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/stable/debian/20-envsubst-on-templates.sh b/stable/debian/20-envsubst-on-templates.sh index fc61cdeb..d0398b1e 100755 --- a/stable/debian/20-envsubst-on-templates.sh +++ b/stable/debian/20-envsubst-on-templates.sh @@ -17,7 +17,7 @@ auto_envsubst() { local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); + defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" From fef51235521d1cdf8b05d8cb1378a526d2abf421 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 19 Oct 2022 16:27:43 +0400 Subject: [PATCH 240/377] Updated NGINX to 1.22.1, 1.23.2, NJS to 0.7.7. --- mainline/alpine-perl/Dockerfile | 6 +++--- mainline/alpine-slim/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 4 ++-- stable/alpine-perl/Dockerfile | 14 +++++++------- stable/alpine-slim/Dockerfile | 12 ++++++------ stable/alpine/Dockerfile | 14 +++++++------- stable/debian-perl/Dockerfile | 4 ++-- stable/debian/Dockerfile | 4 ++-- update.sh | 14 +++++++------- 11 files changed, 43 insertions(+), 43 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index a67df4f7..0308d51d 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.1 -ENV NJS_VERSION 0.7.6 +ENV NGINX_VERSION 1.23.2 +ENV NJS_VERSION 0.7.7 ENV PKG_RELEASE 1 RUN set -x \ @@ -68,7 +68,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"513952f1e0432e667a8e3afef791a2daa036911f35573c849712747f10418f3f5b8712faf75fcb87f91bfaf593622b1e1c4f38ad9fef830f4cae141357206ecd *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"98d244d5dea3f0c49692843b1857e21dc7353e749f9ff8a526036a3beeea299e156183b6a98070ffc68a23d191e1f24c577d7ea874f8cc27ce01f4dc832658b6 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index b5cfded6..737f738a 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.1 +ENV NGINX_VERSION 1.23.2 ENV PKG_RELEASE 1 RUN set -x \ @@ -57,7 +57,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"513952f1e0432e667a8e3afef791a2daa036911f35573c849712747f10418f3f5b8712faf75fcb87f91bfaf593622b1e1c4f38ad9fef830f4cae141357206ecd *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"98d244d5dea3f0c49692843b1857e21dc7353e749f9ff8a526036a3beeea299e156183b6a98070ffc68a23d191e1f24c577d7ea874f8cc27ce01f4dc832658b6 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index d8a995bd..7aebcf88 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.1 -ENV NJS_VERSION 0.7.6 +ENV NGINX_VERSION 1.23.2 +ENV NJS_VERSION 0.7.7 ENV PKG_RELEASE 1 RUN set -x \ @@ -67,7 +67,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"513952f1e0432e667a8e3afef791a2daa036911f35573c849712747f10418f3f5b8712faf75fcb87f91bfaf593622b1e1c4f38ad9fef830f4cae141357206ecd *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"98d244d5dea3f0c49692843b1857e21dc7353e749f9ff8a526036a3beeea299e156183b6a98070ffc68a23d191e1f24c577d7ea874f8cc27ce01f4dc832658b6 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index a0a4c590..913ee5fe 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.1 -ENV NJS_VERSION 0.7.6 +ENV NGINX_VERSION 1.23.2 +ENV NJS_VERSION 0.7.7 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index dd378e7e..cd819d0d 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.1 -ENV NJS_VERSION 0.7.6 +ENV NGINX_VERSION 1.23.2 +ENV NJS_VERSION 0.7.7 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 50cac385..52ac64c9 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.22.0 -ENV NJS_VERSION 0.7.6 +ENV NGINX_VERSION 1.22.1 +ENV NJS_VERSION 0.7.7 ENV PKG_RELEASE 1 RUN set -x \ @@ -67,16 +67,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/725.tar.gz \ - && PKGOSSCHECKSUM=\"a6c56bb7e98be77337affe349e1316a71ddad7a732dc3b34294a794b3e740d68385022f0de72d08c090156f194580a92dcb8b5e2aa1c9c29b5a8484a6431e9b3 *725.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 725.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"7266f418dcc9d89a2990f504d99ec58d10febbaf078c03630d42843955cee7e50b0f90fb317360384a32473839dc42d8b329b737015ec8dd0d028f90d4d5ed25 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 725.tar.gz \ - && cd pkg-oss-725 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 8f548539..3244126b 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.22.0 +ENV NGINX_VERSION 1.22.1 ENV PKG_RELEASE 1 RUN set -x \ @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/725.tar.gz \ - && PKGOSSCHECKSUM=\"a6c56bb7e98be77337affe349e1316a71ddad7a732dc3b34294a794b3e740d68385022f0de72d08c090156f194580a92dcb8b5e2aa1c9c29b5a8484a6431e9b3 *725.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 725.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"7266f418dcc9d89a2990f504d99ec58d10febbaf078c03630d42843955cee7e50b0f90fb317360384a32473839dc42d8b329b737015ec8dd0d028f90d4d5ed25 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 725.tar.gz \ - && cd pkg-oss-725 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 4bec54dc..2e27da18 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.22.0 -ENV NJS_VERSION 0.7.6 +ENV NGINX_VERSION 1.22.1 +ENV NJS_VERSION 0.7.7 ENV PKG_RELEASE 1 RUN set -x \ @@ -66,16 +66,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/725.tar.gz \ - && PKGOSSCHECKSUM=\"a6c56bb7e98be77337affe349e1316a71ddad7a732dc3b34294a794b3e740d68385022f0de72d08c090156f194580a92dcb8b5e2aa1c9c29b5a8484a6431e9b3 *725.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 725.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"7266f418dcc9d89a2990f504d99ec58d10febbaf078c03630d42843955cee7e50b0f90fb317360384a32473839dc42d8b329b737015ec8dd0d028f90d4d5ed25 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 725.tar.gz \ - && cd pkg-oss-725 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index fac18e55..c72c9283 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.22.0 -ENV NJS_VERSION 0.7.6 +ENV NGINX_VERSION 1.22.1 +ENV NJS_VERSION 0.7.7 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 48258bac..da4872d3 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.22.0 -ENV NJS_VERSION 0.7.6 +ENV NGINX_VERSION 1.22.1 +ENV NJS_VERSION 0.7.7 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/update.sh b/update.sh index ddb783eb..7cad3896 100755 --- a/update.sh +++ b/update.sh @@ -12,14 +12,14 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.23.1' - [stable]='1.22.0' + [mainline]='1.23.2' + [stable]='1.22.1' ) # Current njs versions declare -A njs=( - [mainline]='0.7.6' - [stable]='0.7.6' + [mainline]='0.7.7' + [stable]='0.7.7' ) # Current package patchlevel version @@ -45,15 +45,15 @@ declare -A alpine=( # Remember to update pkgosschecksum when changing this. declare -A rev=( [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' - [stable]='725' + [stable]='${NGINX_VERSION}-${PKG_RELEASE}' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='513952f1e0432e667a8e3afef791a2daa036911f35573c849712747f10418f3f5b8712faf75fcb87f91bfaf593622b1e1c4f38ad9fef830f4cae141357206ecd' - [stable]='a6c56bb7e98be77337affe349e1316a71ddad7a732dc3b34294a794b3e740d68385022f0de72d08c090156f194580a92dcb8b5e2aa1c9c29b5a8484a6431e9b3' + [mainline]='98d244d5dea3f0c49692843b1857e21dc7353e749f9ff8a526036a3beeea299e156183b6a98070ffc68a23d191e1f24c577d7ea874f8cc27ce01f4dc832658b6' + [stable]='7266f418dcc9d89a2990f504d99ec58d10febbaf078c03630d42843955cee7e50b0f90fb317360384a32473839dc42d8b329b737015ec8dd0d028f90d4d5ed25' ) get_packages() { From 2f944f859fd98b1f8ac3d7903beb93c60439ac42 Mon Sep 17 00:00:00 2001 From: Jesper Noordsij Date: Wed, 23 Nov 2022 11:42:51 +0100 Subject: [PATCH 241/377] Update mainline to Alpine 3.17 --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine-slim/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- update.sh | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 0308d51d..7564b462 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.16 +FROM alpine:3.17 LABEL maintainer="NGINX Docker Maintainers " diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 737f738a..315f55f3 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.16 +FROM alpine:3.17 LABEL maintainer="NGINX Docker Maintainers " diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 7aebcf88..b81c2e29 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.16 +FROM alpine:3.17 LABEL maintainer="NGINX Docker Maintainers " diff --git a/update.sh b/update.sh index 7cad3896..d76dc8c4 100755 --- a/update.sh +++ b/update.sh @@ -35,7 +35,7 @@ declare -A debian=( ) declare -A alpine=( - [mainline]='3.16' + [mainline]='3.17' [stable]='3.16' ) From 456bf337ceb922a207651aa7c6077a316c3e368c Mon Sep 17 00:00:00 2001 From: Jesper Noordsij Date: Wed, 23 Nov 2022 13:05:47 +0100 Subject: [PATCH 242/377] Update stable to Alpine 3.17 --- stable/alpine-perl/Dockerfile | 2 +- stable/alpine-slim/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- update.sh | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 52ac64c9..b7118ba7 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.16 +FROM alpine:3.17 LABEL maintainer="NGINX Docker Maintainers " diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 3244126b..e90b9598 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.16 +FROM alpine:3.17 LABEL maintainer="NGINX Docker Maintainers " diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 2e27da18..86520fef 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.16 +FROM alpine:3.17 LABEL maintainer="NGINX Docker Maintainers " diff --git a/update.sh b/update.sh index d76dc8c4..3d5dfbc1 100755 --- a/update.sh +++ b/update.sh @@ -36,7 +36,7 @@ declare -A debian=( declare -A alpine=( [mainline]='3.17' - [stable]='3.16' + [stable]='3.17' ) # When we bump njs version in a stable release we don't move the tag in the From b87bbb86650368c31152bec7cf5f0207d7f3ce9b Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 4 Nov 2022 18:01:28 +0400 Subject: [PATCH 243/377] Based alpine and alpine-perl variants off slim one. --- Dockerfile-alpine.template | 48 ++------------------------------------ update.sh | 10 ++++++-- 2 files changed, 10 insertions(+), 48 deletions(-) diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 909323d8..e81503d7 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -1,15 +1,8 @@ -FROM alpine:%%ALPINE_VERSION%% +FROM nginx:%%NGINX_VERSION%%-alpine-slim -LABEL maintainer="NGINX Docker Maintainers " - -ENV NGINX_VERSION %%NGINX_VERSION%% ENV NJS_VERSION %%NJS_VERSION%% -ENV PKG_RELEASE %%PKG_RELEASE%% RUN set -x \ -# create nginx user/group first, to be consistent throughout docker variants - && addgroup -g 101 -S nginx \ - && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages="%%PACKAGES%% " \ @@ -82,42 +75,5 @@ RUN set -x \ && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ -# Bring in gettext so we can get `envsubst`, then throw -# the rest away. To do this, we need to install `gettext` -# then move `envsubst` out of the way so `gettext` can -# be deleted completely, then move `envsubst` back. - && apk add --no-cache --virtual .gettext gettext \ - && mv /usr/bin/envsubst /tmp/ \ - \ - && runDeps="$( \ - scanelf --needed --nobanner /tmp/envsubst \ - | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ - | sort -u \ - | xargs -r apk info --installed \ - | sort -u \ - )" \ - && apk add --no-cache $runDeps \ - && apk del .gettext \ - && mv /tmp/envsubst /usr/local/bin/ \ -# Bring in tzdata so users could set the timezones through the environment -# variables - && apk add --no-cache tzdata \ # Bring in curl and ca-certificates to make registering on DNS SD easier - && apk add --no-cache curl ca-certificates \ -# forward request and error logs to docker log collector - && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log \ -# create a docker-entrypoint.d directory - && mkdir /docker-entrypoint.d - -COPY docker-entrypoint.sh / -COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d -COPY 20-envsubst-on-templates.sh /docker-entrypoint.d -COPY 30-tune-worker-processes.sh /docker-entrypoint.d -ENTRYPOINT ["/docker-entrypoint.sh"] - -EXPOSE 80 - -STOPSIGNAL SIGQUIT - -CMD ["nginx", "-g", "daemon off;"] + && apk add --no-cache curl ca-certificates diff --git a/update.sh b/update.sh index 3d5dfbc1..c25de8ac 100755 --- a/update.sh +++ b/update.sh @@ -137,7 +137,7 @@ for branch in "${branches[@]}"; do for variant in \ alpine{,-perl,-slim} \ debian{,-perl}; do - echo "$branch: $variant" + echo "$branch: $variant dockerfiles" dir="$branch/$variant" variant="$(basename "$variant")" @@ -172,7 +172,13 @@ for branch in "${branches[@]}"; do -e 's,%%PKGOSSCHECKSUM%%,'"$pkgosschecksumver"',' \ "$dir/Dockerfile" - cp -a entrypoint/*.sh "$dir/" + done + for variant in \ + alpine-slim \ + debian{,-perl}; do \ + echo "$branch: $variant entrypoint scripts" + dir="$branch/$variant" + cp -a entrypoint/*.sh "$dir/" done done From 436c6e35a71d108669a43f0d2ee43c409cb62cf8 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 4 Nov 2022 19:15:25 +0400 Subject: [PATCH 244/377] Based perl variants off default ones. --- Dockerfile-alpine-perl.template | 71 ++++++++++++++++++++++++++++++ Dockerfile-alpine-slim.template | 2 +- Dockerfile-alpine.template | 3 +- Dockerfile-debian-perl.template | 78 +++++++++++++++++++++++++++++++++ Dockerfile-debian.template | 4 +- update.sh | 27 +++++++++++- 6 files changed, 178 insertions(+), 7 deletions(-) create mode 100644 Dockerfile-alpine-perl.template create mode 100644 Dockerfile-debian-perl.template diff --git a/Dockerfile-alpine-perl.template b/Dockerfile-alpine-perl.template new file mode 100644 index 00000000..f3a3c85f --- /dev/null +++ b/Dockerfile-alpine-perl.template @@ -0,0 +1,71 @@ +FROM nginx:%%NGINX_VERSION%%-alpine + +RUN set -x \ + && apkArch="$(cat /etc/apk/arch)" \ + && nginxPackages="%%PACKAGES%% + " \ +# install prerequisites for public key and pkg-oss checks + && apk add --no-cache --virtual .checksum-deps \ + openssl \ + && case "$apkArch" in \ + x86_64|aarch64) \ +# arches officially built by upstream + set -x \ + && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ + && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + echo "key verification succeeded!"; \ + mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ + else \ + echo "key verification failed!"; \ + exit 1; \ + fi \ + && apk add -X "%%PACKAGEREPO%%v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published packaging sources + set -x \ + && tempDir="$(mktemp -d)" \ + && chown nobody:nobody $tempDir \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre2-dev \ + zlib-dev \ + linux-headers \ + perl-dev \ + bash \ + alpine-sdk \ + findutils \ + && su nobody -s /bin/sh -c " \ + export HOME=${tempDir} \ + && cd ${tempDir} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/%%REVISION%%.tar.gz \ + && PKGOSSCHECKSUM=\"%%PKGOSSCHECKSUM%% *%%REVISION%%.tar.gz\" \ + && if [ \"\$(openssl sha512 -r %%REVISION%%.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + echo \"pkg-oss tarball checksum verification succeeded!\"; \ + else \ + echo \"pkg-oss tarball checksum verification failed!\"; \ + exit 1; \ + fi \ + && tar xzvf %%REVISION%%.tar.gz \ + && cd pkg-oss-%%REVISION%% \ + && cd alpine \ + && make %%BUILDTARGET%% \ + && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ + " \ + && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ + && apk del .build-deps \ + && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ + ;; \ + esac \ +# remove checksum deps + && apk del .checksum-deps \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template index b394d05e..5a60ba84 100644 --- a/Dockerfile-alpine-slim.template +++ b/Dockerfile-alpine-slim.template @@ -61,7 +61,7 @@ RUN set -x \ && tar xzvf %%REVISION%%.tar.gz \ && cd pkg-oss-%%REVISION%% \ && cd alpine \ - && make base \ + && make %%BUILDTARGET%% \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index e81503d7..82f0f56c 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -41,7 +41,6 @@ RUN set -x \ libxslt-dev \ gd-dev \ geoip-dev \ - perl-dev \ libedit-dev \ bash \ alpine-sdk \ @@ -60,7 +59,7 @@ RUN set -x \ && tar xzvf %%REVISION%%.tar.gz \ && cd pkg-oss-%%REVISION%% \ && cd alpine \ - && make all \ + && make %%BUILDTARGET%% \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ diff --git a/Dockerfile-debian-perl.template b/Dockerfile-debian-perl.template new file mode 100644 index 00000000..39e3b989 --- /dev/null +++ b/Dockerfile-debian-perl.template @@ -0,0 +1,78 @@ +FROM nginx:%%NGINX_VERSION%% + +RUN set -x \ + && apt-get update \ + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ + && \ + NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + found=''; \ + for server in \ + hkp://keyserver.ubuntu.com:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ + apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ + && dpkgArch="$(dpkg --print-architecture)" \ + && nginxPackages="%%PACKAGES%% + " \ + && case "$dpkgArch" in \ + amd64|arm64) \ +# arches officialy built by upstream + echo "deb %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ + && apt-get update \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published source packages + echo "deb-src %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ + \ +# new directory for storing sources and .deb files + && tempDir="$(mktemp -d)" \ + && chmod 777 "$tempDir" \ +# (777 to ensure APT's "_apt" user can access it too) + \ +# save list of currently-installed packages so build dependencies can be cleanly removed later + && savedAptMark="$(apt-mark showmanual)" \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + && apt-get update \ + && apt-get build-dep -y %%BUILDTARGET%% \ + && ( \ + cd "$tempDir" \ + && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile %%BUILDTARGET%% \ + ) \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + && apt-mark showmanual | xargs apt-mark auto > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + && ls -lAFh "$tempDir" \ + && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ + && grep '^Package: ' "$tempDir/Packages" \ + && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + && apt-get -o Acquire::GzipIndexes=false update \ + ;; \ + esac \ + \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + $nginxPackages \ + gettext-base \ + curl \ + && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then \ + apt-get purge -y --auto-remove \ + && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 8c7bf16f..eaffeabe 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -48,11 +48,11 @@ RUN set -x \ \ # build .deb files from upstream's source packages (which are verified by apt-get) && apt-get update \ - && apt-get build-dep -y $nginxPackages \ + && apt-get build-dep -y %%BUILDTARGET%% \ && ( \ cd "$tempDir" \ && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile $nginxPackages \ + apt-get source --compile %%BUILDTARGET%% \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ diff --git a/update.sh b/update.sh index c25de8ac..5b245169 100755 --- a/update.sh +++ b/update.sh @@ -123,6 +123,27 @@ get_packagever() { echo ${pkg[$branch]}${suffix} } +get_buildtarget() { + local distro="$1" + case "$distro" in + alpine-slim) + echo base + ;; + alpine-perl) + echo module-perl + ;; + alpine) + echo module-geoip module-image-filter module-njs module-xslt + ;; + debian) + echo "\$nginxPackages" + ;; + debian-perl) + echo "nginx-module-perl=\${NGINX_VERSION}-\${PKG_RELEASE}" + ;; + esac +} + generated_warning() { cat <<__EOF__ # @@ -143,7 +164,7 @@ for branch in "${branches[@]}"; do [ -d "$dir" ] || continue - template="Dockerfile-${variant%-perl}.template" + template="Dockerfile-${variant}.template" { generated_warning cat "$template" @@ -159,6 +180,7 @@ for branch in "${branches[@]}"; do packagerepo=$(get_packagerepo "$variant" "$branch") packages=$(get_packages "$variant" "$branch") packagever=$(get_packagever "$variant" "$branch") + buildtarget=$(get_buildtarget "$variant") sed -i.bak \ -e 's,%%ALPINE_VERSION%%,'"$alpinever"',' \ @@ -170,13 +192,14 @@ for branch in "${branches[@]}"; do -e 's,%%PACKAGEREPO%%,'"$packagerepo"',' \ -e 's,%%REVISION%%,'"$revver"',' \ -e 's,%%PKGOSSCHECKSUM%%,'"$pkgosschecksumver"',' \ + -e 's,%%BUILDTARGET%%,'"$buildtarget"',' \ "$dir/Dockerfile" done for variant in \ alpine-slim \ - debian{,-perl}; do \ + debian; do \ echo "$branch: $variant entrypoint scripts" dir="$branch/$variant" cp -a entrypoint/*.sh "$dir/" From 914af51cd9d1bb37deb6e49ee5070280d9f3f103 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 4 Nov 2022 19:22:04 +0400 Subject: [PATCH 245/377] Regenerated after last commits. --- .../10-listen-on-ipv6-by-default.sh | 67 ------- .../alpine-perl/20-envsubst-on-templates.sh | 39 ---- .../alpine-perl/30-tune-worker-processes.sh | 188 ------------------ mainline/alpine-perl/Dockerfile | 58 +----- mainline/alpine-perl/docker-entrypoint.sh | 47 ----- .../alpine/10-listen-on-ipv6-by-default.sh | 67 ------- mainline/alpine/20-envsubst-on-templates.sh | 39 ---- mainline/alpine/30-tune-worker-processes.sh | 188 ------------------ mainline/alpine/Dockerfile | 51 +---- mainline/alpine/docker-entrypoint.sh | 47 ----- .../10-listen-on-ipv6-by-default.sh | 67 ------- .../debian-perl/20-envsubst-on-templates.sh | 39 ---- .../debian-perl/30-tune-worker-processes.sh | 188 ------------------ mainline/debian-perl/Dockerfile | 34 +--- mainline/debian-perl/docker-entrypoint.sh | 47 ----- .../10-listen-on-ipv6-by-default.sh | 67 ------- .../alpine-perl/20-envsubst-on-templates.sh | 39 ---- .../alpine-perl/30-tune-worker-processes.sh | 188 ------------------ stable/alpine-perl/Dockerfile | 58 +----- stable/alpine-perl/docker-entrypoint.sh | 47 ----- stable/alpine/10-listen-on-ipv6-by-default.sh | 67 ------- stable/alpine/20-envsubst-on-templates.sh | 39 ---- stable/alpine/30-tune-worker-processes.sh | 188 ------------------ stable/alpine/Dockerfile | 51 +---- stable/alpine/docker-entrypoint.sh | 47 ----- .../10-listen-on-ipv6-by-default.sh | 67 ------- .../debian-perl/20-envsubst-on-templates.sh | 39 ---- .../debian-perl/30-tune-worker-processes.sh | 188 ------------------ stable/debian-perl/Dockerfile | 34 +--- stable/debian-perl/docker-entrypoint.sh | 47 ----- 30 files changed, 20 insertions(+), 2312 deletions(-) delete mode 100755 mainline/alpine-perl/10-listen-on-ipv6-by-default.sh delete mode 100755 mainline/alpine-perl/20-envsubst-on-templates.sh delete mode 100755 mainline/alpine-perl/30-tune-worker-processes.sh delete mode 100755 mainline/alpine-perl/docker-entrypoint.sh delete mode 100755 mainline/alpine/10-listen-on-ipv6-by-default.sh delete mode 100755 mainline/alpine/20-envsubst-on-templates.sh delete mode 100755 mainline/alpine/30-tune-worker-processes.sh delete mode 100755 mainline/alpine/docker-entrypoint.sh delete mode 100755 mainline/debian-perl/10-listen-on-ipv6-by-default.sh delete mode 100755 mainline/debian-perl/20-envsubst-on-templates.sh delete mode 100755 mainline/debian-perl/30-tune-worker-processes.sh delete mode 100755 mainline/debian-perl/docker-entrypoint.sh delete mode 100755 stable/alpine-perl/10-listen-on-ipv6-by-default.sh delete mode 100755 stable/alpine-perl/20-envsubst-on-templates.sh delete mode 100755 stable/alpine-perl/30-tune-worker-processes.sh delete mode 100755 stable/alpine-perl/docker-entrypoint.sh delete mode 100755 stable/alpine/10-listen-on-ipv6-by-default.sh delete mode 100755 stable/alpine/20-envsubst-on-templates.sh delete mode 100755 stable/alpine/30-tune-worker-processes.sh delete mode 100755 stable/alpine/docker-entrypoint.sh delete mode 100755 stable/debian-perl/10-listen-on-ipv6-by-default.sh delete mode 100755 stable/debian-perl/20-envsubst-on-templates.sh delete mode 100755 stable/debian-perl/30-tune-worker-processes.sh delete mode 100755 stable/debian-perl/docker-entrypoint.sh diff --git a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh deleted file mode 100755 index b2655860..00000000 --- a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/sh -# vim:sw=4:ts=4:et - -set -e - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -ME=$(basename $0) -DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" - -# check if we have ipv6 available -if [ ! -f "/proc/net/if_inet6" ]; then - entrypoint_log "$ME: info: ipv6 not available" - exit 0 -fi - -if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" - exit 0 -fi - -# check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } - -# check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } - -if [ -f "/etc/os-release" ]; then - . /etc/os-release -else - entrypoint_log "$ME: info: can not guess the operating system" - exit 0 -fi - -entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" - -case "$ID" in - "debian") - CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - "alpine") - CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - *) - entrypoint_log "$ME: info: Unsupported distribution" - exit 0 - ;; -esac - -# enable ipv6 on default.conf listen sockets -sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE - -entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" - -exit 0 diff --git a/mainline/alpine-perl/20-envsubst-on-templates.sh b/mainline/alpine-perl/20-envsubst-on-templates.sh deleted file mode 100755 index d0398b1e..00000000 --- a/mainline/alpine-perl/20-envsubst-on-templates.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh - -set -e - -ME=$(basename $0) - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -auto_envsubst() { - local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" - local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" - local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" - local filter="${NGINX_ENVSUBST_FILTER:-}" - - local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) - [ -d "$template_dir" ] || return 0 - if [ ! -w "$output_dir" ]; then - entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" - return 0 - fi - find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$output_dir/${relative_path%$suffix}" - subdir=$(dirname "$relative_path") - # create a subdirectory where the template file exists - mkdir -p "$output_dir/$subdir" - entrypoint_log "$ME: Running envsubst on $template to $output_path" - envsubst "$defined_envs" < "$template" > "$output_path" - done -} - -auto_envsubst - -exit 0 diff --git a/mainline/alpine-perl/30-tune-worker-processes.sh b/mainline/alpine-perl/30-tune-worker-processes.sh deleted file mode 100755 index 9aa42e98..00000000 --- a/mainline/alpine-perl/30-tune-worker-processes.sh +++ /dev/null @@ -1,188 +0,0 @@ -#!/bin/sh -# vim:sw=2:ts=2:sts=2:et - -set -eu - -LC_ALL=C -ME=$( basename "$0" ) -PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - -[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 - -touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } - -ceildiv() { - num=$1 - div=$2 - echo $(( (num + div - 1) / div )) -} - -get_cpuset() { - cpusetroot=$1 - cpusetfile=$2 - ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return 1 - for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do - case "$token" in - *-*) - count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) - ncpu=$(( ncpu+count )) - ;; - *) - ncpu=$(( ncpu+1 )) - ;; - esac - done - echo "$ncpu" -} - -get_quota() { - cpuroot=$1 - ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 - [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 - cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) - cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" -} - -get_quota_v2() { - cpuroot=$1 - ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return 1 - cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) - cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" -} - -get_cgroup_v1_path() { - needle=$1 - found= - foundroot= - mountpoint= - - [ -r "/proc/self/mountinfo" ] || return 1 - [ -r "/proc/self/cgroup" ] || return 1 - - while IFS= read -r line; do - case "$needle" in - "cpuset") - case "$line" in - *cpuset*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac - ;; - "cpu") - case "$line" in - *cpuset*) - ;; - *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac - esac - done << __EOF__ -$( grep -F -- '- cgroup ' /proc/self/mountinfo ) -__EOF__ - - while IFS= read -r line; do - controller=$( echo "$line" | cut -d: -f 2 ) - case "$needle" in - "cpuset") - case "$controller" in - cpuset) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac - ;; - "cpu") - case "$controller" in - cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac - ;; - esac -done << __EOF__ -$( grep -F -- 'cpu' /proc/self/cgroup ) -__EOF__ - - case "${found%% *}" in - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint") - foundroot="${found##* }" - ;; - esac - echo "$foundroot" -} - -get_cgroup_v2_path() { - found= - foundroot= - mountpoint= - - [ -r "/proc/self/mountinfo" ] || return 1 - [ -r "/proc/self/cgroup" ] || return 1 - - while IFS= read -r line; do - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - done << __EOF__ -$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) -__EOF__ - - while IFS= read -r line; do - mountpoint=$( echo "$line" | cut -d: -f 3 ) -done << __EOF__ -$( grep -F -- '0::' /proc/self/cgroup ) -__EOF__ - - case "${found%% *}" in - "") - return 1 - ;; - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint" | /../*) - foundroot="${found##* }" - ;; - esac - echo "$foundroot" -} - -ncpu_online=$( getconf _NPROCESSORS_ONLN ) -ncpu_cpuset= -ncpu_quota= -ncpu_cpuset_v2= -ncpu_quota_v2= - -cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online -cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online - -ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ - "$ncpu_online" \ - "$ncpu_cpuset" \ - "$ncpu_quota" \ - "$ncpu_cpuset_v2" \ - "$ncpu_quota_v2" \ - | sort -n \ - | head -n 1 ) - -sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 7564b462..d0e13e4a 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,18 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.17 - -LABEL maintainer="NGINX Docker Maintainers " - -ENV NGINX_VERSION 1.23.2 -ENV NJS_VERSION 0.7.7 -ENV PKG_RELEASE 1 +FROM nginx:1.23.2-alpine RUN set -x \ -# create nginx user/group first, to be consistent throughout docker variants - && addgroup -g 101 -S nginx \ - && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ @@ -56,11 +47,7 @@ RUN set -x \ pcre2-dev \ zlib-dev \ linux-headers \ - libxslt-dev \ - gd-dev \ - geoip-dev \ perl-dev \ - libedit-dev \ bash \ alpine-sdk \ findutils \ @@ -78,7 +65,7 @@ RUN set -x \ && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ - && make all \ + && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ @@ -92,43 +79,4 @@ RUN set -x \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ -# Bring in gettext so we can get `envsubst`, then throw -# the rest away. To do this, we need to install `gettext` -# then move `envsubst` out of the way so `gettext` can -# be deleted completely, then move `envsubst` back. - && apk add --no-cache --virtual .gettext gettext \ - && mv /usr/bin/envsubst /tmp/ \ - \ - && runDeps="$( \ - scanelf --needed --nobanner /tmp/envsubst \ - | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ - | sort -u \ - | xargs -r apk info --installed \ - | sort -u \ - )" \ - && apk add --no-cache $runDeps \ - && apk del .gettext \ - && mv /tmp/envsubst /usr/local/bin/ \ -# Bring in tzdata so users could set the timezones through the environment -# variables - && apk add --no-cache tzdata \ -# Bring in curl and ca-certificates to make registering on DNS SD easier - && apk add --no-cache curl ca-certificates \ -# forward request and error logs to docker log collector - && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log \ -# create a docker-entrypoint.d directory - && mkdir /docker-entrypoint.d - -COPY docker-entrypoint.sh / -COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d -COPY 20-envsubst-on-templates.sh /docker-entrypoint.d -COPY 30-tune-worker-processes.sh /docker-entrypoint.d -ENTRYPOINT ["/docker-entrypoint.sh"] - -EXPOSE 80 - -STOPSIGNAL SIGQUIT - -CMD ["nginx", "-g", "daemon off;"] + && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi diff --git a/mainline/alpine-perl/docker-entrypoint.sh b/mainline/alpine-perl/docker-entrypoint.sh deleted file mode 100755 index e201fe60..00000000 --- a/mainline/alpine-perl/docker-entrypoint.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/sh -# vim:sw=4:ts=4:et - -set -e - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then - if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - - entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do - case "$f" in - *.envsh) - if [ -x "$f" ]; then - entrypoint_log "$0: Sourcing $f"; - . "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *.sh) - if [ -x "$f" ]; then - entrypoint_log "$0: Launching $f"; - "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *) entrypoint_log "$0: Ignoring $f";; - esac - done - - entrypoint_log "$0: Configuration complete; ready for start up" - else - entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" - fi -fi - -exec "$@" diff --git a/mainline/alpine/10-listen-on-ipv6-by-default.sh b/mainline/alpine/10-listen-on-ipv6-by-default.sh deleted file mode 100755 index b2655860..00000000 --- a/mainline/alpine/10-listen-on-ipv6-by-default.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/sh -# vim:sw=4:ts=4:et - -set -e - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -ME=$(basename $0) -DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" - -# check if we have ipv6 available -if [ ! -f "/proc/net/if_inet6" ]; then - entrypoint_log "$ME: info: ipv6 not available" - exit 0 -fi - -if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" - exit 0 -fi - -# check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } - -# check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } - -if [ -f "/etc/os-release" ]; then - . /etc/os-release -else - entrypoint_log "$ME: info: can not guess the operating system" - exit 0 -fi - -entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" - -case "$ID" in - "debian") - CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - "alpine") - CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - *) - entrypoint_log "$ME: info: Unsupported distribution" - exit 0 - ;; -esac - -# enable ipv6 on default.conf listen sockets -sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE - -entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" - -exit 0 diff --git a/mainline/alpine/20-envsubst-on-templates.sh b/mainline/alpine/20-envsubst-on-templates.sh deleted file mode 100755 index d0398b1e..00000000 --- a/mainline/alpine/20-envsubst-on-templates.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh - -set -e - -ME=$(basename $0) - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -auto_envsubst() { - local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" - local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" - local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" - local filter="${NGINX_ENVSUBST_FILTER:-}" - - local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) - [ -d "$template_dir" ] || return 0 - if [ ! -w "$output_dir" ]; then - entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" - return 0 - fi - find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$output_dir/${relative_path%$suffix}" - subdir=$(dirname "$relative_path") - # create a subdirectory where the template file exists - mkdir -p "$output_dir/$subdir" - entrypoint_log "$ME: Running envsubst on $template to $output_path" - envsubst "$defined_envs" < "$template" > "$output_path" - done -} - -auto_envsubst - -exit 0 diff --git a/mainline/alpine/30-tune-worker-processes.sh b/mainline/alpine/30-tune-worker-processes.sh deleted file mode 100755 index 9aa42e98..00000000 --- a/mainline/alpine/30-tune-worker-processes.sh +++ /dev/null @@ -1,188 +0,0 @@ -#!/bin/sh -# vim:sw=2:ts=2:sts=2:et - -set -eu - -LC_ALL=C -ME=$( basename "$0" ) -PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - -[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 - -touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } - -ceildiv() { - num=$1 - div=$2 - echo $(( (num + div - 1) / div )) -} - -get_cpuset() { - cpusetroot=$1 - cpusetfile=$2 - ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return 1 - for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do - case "$token" in - *-*) - count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) - ncpu=$(( ncpu+count )) - ;; - *) - ncpu=$(( ncpu+1 )) - ;; - esac - done - echo "$ncpu" -} - -get_quota() { - cpuroot=$1 - ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 - [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 - cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) - cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" -} - -get_quota_v2() { - cpuroot=$1 - ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return 1 - cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) - cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" -} - -get_cgroup_v1_path() { - needle=$1 - found= - foundroot= - mountpoint= - - [ -r "/proc/self/mountinfo" ] || return 1 - [ -r "/proc/self/cgroup" ] || return 1 - - while IFS= read -r line; do - case "$needle" in - "cpuset") - case "$line" in - *cpuset*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac - ;; - "cpu") - case "$line" in - *cpuset*) - ;; - *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac - esac - done << __EOF__ -$( grep -F -- '- cgroup ' /proc/self/mountinfo ) -__EOF__ - - while IFS= read -r line; do - controller=$( echo "$line" | cut -d: -f 2 ) - case "$needle" in - "cpuset") - case "$controller" in - cpuset) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac - ;; - "cpu") - case "$controller" in - cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac - ;; - esac -done << __EOF__ -$( grep -F -- 'cpu' /proc/self/cgroup ) -__EOF__ - - case "${found%% *}" in - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint") - foundroot="${found##* }" - ;; - esac - echo "$foundroot" -} - -get_cgroup_v2_path() { - found= - foundroot= - mountpoint= - - [ -r "/proc/self/mountinfo" ] || return 1 - [ -r "/proc/self/cgroup" ] || return 1 - - while IFS= read -r line; do - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - done << __EOF__ -$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) -__EOF__ - - while IFS= read -r line; do - mountpoint=$( echo "$line" | cut -d: -f 3 ) -done << __EOF__ -$( grep -F -- '0::' /proc/self/cgroup ) -__EOF__ - - case "${found%% *}" in - "") - return 1 - ;; - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint" | /../*) - foundroot="${found##* }" - ;; - esac - echo "$foundroot" -} - -ncpu_online=$( getconf _NPROCESSORS_ONLN ) -ncpu_cpuset= -ncpu_quota= -ncpu_cpuset_v2= -ncpu_quota_v2= - -cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online -cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online - -ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ - "$ncpu_online" \ - "$ncpu_cpuset" \ - "$ncpu_quota" \ - "$ncpu_cpuset_v2" \ - "$ncpu_quota_v2" \ - | sort -n \ - | head -n 1 ) - -sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index b81c2e29..c6550eb0 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,18 +3,11 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.17 +FROM nginx:1.23.2-alpine-slim -LABEL maintainer="NGINX Docker Maintainers " - -ENV NGINX_VERSION 1.23.2 ENV NJS_VERSION 0.7.7 -ENV PKG_RELEASE 1 RUN set -x \ -# create nginx user/group first, to be consistent throughout docker variants - && addgroup -g 101 -S nginx \ - && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ @@ -58,7 +51,6 @@ RUN set -x \ libxslt-dev \ gd-dev \ geoip-dev \ - perl-dev \ libedit-dev \ bash \ alpine-sdk \ @@ -77,7 +69,7 @@ RUN set -x \ && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ - && make all \ + && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ @@ -92,42 +84,5 @@ RUN set -x \ && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ -# Bring in gettext so we can get `envsubst`, then throw -# the rest away. To do this, we need to install `gettext` -# then move `envsubst` out of the way so `gettext` can -# be deleted completely, then move `envsubst` back. - && apk add --no-cache --virtual .gettext gettext \ - && mv /usr/bin/envsubst /tmp/ \ - \ - && runDeps="$( \ - scanelf --needed --nobanner /tmp/envsubst \ - | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ - | sort -u \ - | xargs -r apk info --installed \ - | sort -u \ - )" \ - && apk add --no-cache $runDeps \ - && apk del .gettext \ - && mv /tmp/envsubst /usr/local/bin/ \ -# Bring in tzdata so users could set the timezones through the environment -# variables - && apk add --no-cache tzdata \ # Bring in curl and ca-certificates to make registering on DNS SD easier - && apk add --no-cache curl ca-certificates \ -# forward request and error logs to docker log collector - && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log \ -# create a docker-entrypoint.d directory - && mkdir /docker-entrypoint.d - -COPY docker-entrypoint.sh / -COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d -COPY 20-envsubst-on-templates.sh /docker-entrypoint.d -COPY 30-tune-worker-processes.sh /docker-entrypoint.d -ENTRYPOINT ["/docker-entrypoint.sh"] - -EXPOSE 80 - -STOPSIGNAL SIGQUIT - -CMD ["nginx", "-g", "daemon off;"] + && apk add --no-cache curl ca-certificates diff --git a/mainline/alpine/docker-entrypoint.sh b/mainline/alpine/docker-entrypoint.sh deleted file mode 100755 index e201fe60..00000000 --- a/mainline/alpine/docker-entrypoint.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/sh -# vim:sw=4:ts=4:et - -set -e - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then - if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - - entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do - case "$f" in - *.envsh) - if [ -x "$f" ]; then - entrypoint_log "$0: Sourcing $f"; - . "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *.sh) - if [ -x "$f" ]; then - entrypoint_log "$0: Launching $f"; - "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *) entrypoint_log "$0: Ignoring $f";; - esac - done - - entrypoint_log "$0: Configuration complete; ready for start up" - else - entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" - fi -fi - -exec "$@" diff --git a/mainline/debian-perl/10-listen-on-ipv6-by-default.sh b/mainline/debian-perl/10-listen-on-ipv6-by-default.sh deleted file mode 100755 index b2655860..00000000 --- a/mainline/debian-perl/10-listen-on-ipv6-by-default.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/sh -# vim:sw=4:ts=4:et - -set -e - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -ME=$(basename $0) -DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" - -# check if we have ipv6 available -if [ ! -f "/proc/net/if_inet6" ]; then - entrypoint_log "$ME: info: ipv6 not available" - exit 0 -fi - -if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" - exit 0 -fi - -# check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } - -# check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } - -if [ -f "/etc/os-release" ]; then - . /etc/os-release -else - entrypoint_log "$ME: info: can not guess the operating system" - exit 0 -fi - -entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" - -case "$ID" in - "debian") - CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - "alpine") - CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - *) - entrypoint_log "$ME: info: Unsupported distribution" - exit 0 - ;; -esac - -# enable ipv6 on default.conf listen sockets -sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE - -entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" - -exit 0 diff --git a/mainline/debian-perl/20-envsubst-on-templates.sh b/mainline/debian-perl/20-envsubst-on-templates.sh deleted file mode 100755 index d0398b1e..00000000 --- a/mainline/debian-perl/20-envsubst-on-templates.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh - -set -e - -ME=$(basename $0) - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -auto_envsubst() { - local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" - local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" - local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" - local filter="${NGINX_ENVSUBST_FILTER:-}" - - local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) - [ -d "$template_dir" ] || return 0 - if [ ! -w "$output_dir" ]; then - entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" - return 0 - fi - find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$output_dir/${relative_path%$suffix}" - subdir=$(dirname "$relative_path") - # create a subdirectory where the template file exists - mkdir -p "$output_dir/$subdir" - entrypoint_log "$ME: Running envsubst on $template to $output_path" - envsubst "$defined_envs" < "$template" > "$output_path" - done -} - -auto_envsubst - -exit 0 diff --git a/mainline/debian-perl/30-tune-worker-processes.sh b/mainline/debian-perl/30-tune-worker-processes.sh deleted file mode 100755 index 9aa42e98..00000000 --- a/mainline/debian-perl/30-tune-worker-processes.sh +++ /dev/null @@ -1,188 +0,0 @@ -#!/bin/sh -# vim:sw=2:ts=2:sts=2:et - -set -eu - -LC_ALL=C -ME=$( basename "$0" ) -PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - -[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 - -touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } - -ceildiv() { - num=$1 - div=$2 - echo $(( (num + div - 1) / div )) -} - -get_cpuset() { - cpusetroot=$1 - cpusetfile=$2 - ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return 1 - for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do - case "$token" in - *-*) - count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) - ncpu=$(( ncpu+count )) - ;; - *) - ncpu=$(( ncpu+1 )) - ;; - esac - done - echo "$ncpu" -} - -get_quota() { - cpuroot=$1 - ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 - [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 - cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) - cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" -} - -get_quota_v2() { - cpuroot=$1 - ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return 1 - cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) - cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" -} - -get_cgroup_v1_path() { - needle=$1 - found= - foundroot= - mountpoint= - - [ -r "/proc/self/mountinfo" ] || return 1 - [ -r "/proc/self/cgroup" ] || return 1 - - while IFS= read -r line; do - case "$needle" in - "cpuset") - case "$line" in - *cpuset*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac - ;; - "cpu") - case "$line" in - *cpuset*) - ;; - *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac - esac - done << __EOF__ -$( grep -F -- '- cgroup ' /proc/self/mountinfo ) -__EOF__ - - while IFS= read -r line; do - controller=$( echo "$line" | cut -d: -f 2 ) - case "$needle" in - "cpuset") - case "$controller" in - cpuset) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac - ;; - "cpu") - case "$controller" in - cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac - ;; - esac -done << __EOF__ -$( grep -F -- 'cpu' /proc/self/cgroup ) -__EOF__ - - case "${found%% *}" in - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint") - foundroot="${found##* }" - ;; - esac - echo "$foundroot" -} - -get_cgroup_v2_path() { - found= - foundroot= - mountpoint= - - [ -r "/proc/self/mountinfo" ] || return 1 - [ -r "/proc/self/cgroup" ] || return 1 - - while IFS= read -r line; do - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - done << __EOF__ -$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) -__EOF__ - - while IFS= read -r line; do - mountpoint=$( echo "$line" | cut -d: -f 3 ) -done << __EOF__ -$( grep -F -- '0::' /proc/self/cgroup ) -__EOF__ - - case "${found%% *}" in - "") - return 1 - ;; - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint" | /../*) - foundroot="${found##* }" - ;; - esac - echo "$foundroot" -} - -ncpu_online=$( getconf _NPROCESSORS_ONLN ) -ncpu_cpuset= -ncpu_quota= -ncpu_cpuset_v2= -ncpu_quota_v2= - -cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online -cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online - -ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ - "$ncpu_online" \ - "$ncpu_cpuset" \ - "$ncpu_quota" \ - "$ncpu_cpuset_v2" \ - "$ncpu_quota_v2" \ - | sort -n \ - | head -n 1 ) - -sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 913ee5fe..92896b77 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,18 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM debian:bullseye-slim - -LABEL maintainer="NGINX Docker Maintainers " - -ENV NGINX_VERSION 1.23.2 -ENV NJS_VERSION 0.7.7 -ENV PKG_RELEASE 1~bullseye +FROM nginx:1.23.2 RUN set -x \ -# create nginx user/group first, to be consistent throughout docker variants - && addgroup --system --gid 101 nginx \ - && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ @@ -59,11 +50,11 @@ RUN set -x \ \ # build .deb files from upstream's source packages (which are verified by apt-get) && apt-get update \ - && apt-get build-dep -y $nginxPackages \ + && apt-get build-dep -y nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ && ( \ cd "$tempDir" \ && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile $nginxPackages \ + apt-get source --compile nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ @@ -95,21 +86,4 @@ RUN set -x \ && if [ -n "$tempDir" ]; then \ apt-get purge -y --auto-remove \ && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi \ -# forward request and error logs to docker log collector - && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log \ -# create a docker-entrypoint.d directory - && mkdir /docker-entrypoint.d - -COPY docker-entrypoint.sh / -COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d -COPY 20-envsubst-on-templates.sh /docker-entrypoint.d -COPY 30-tune-worker-processes.sh /docker-entrypoint.d -ENTRYPOINT ["/docker-entrypoint.sh"] - -EXPOSE 80 - -STOPSIGNAL SIGQUIT - -CMD ["nginx", "-g", "daemon off;"] + fi diff --git a/mainline/debian-perl/docker-entrypoint.sh b/mainline/debian-perl/docker-entrypoint.sh deleted file mode 100755 index e201fe60..00000000 --- a/mainline/debian-perl/docker-entrypoint.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/sh -# vim:sw=4:ts=4:et - -set -e - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then - if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - - entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do - case "$f" in - *.envsh) - if [ -x "$f" ]; then - entrypoint_log "$0: Sourcing $f"; - . "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *.sh) - if [ -x "$f" ]; then - entrypoint_log "$0: Launching $f"; - "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *) entrypoint_log "$0: Ignoring $f";; - esac - done - - entrypoint_log "$0: Configuration complete; ready for start up" - else - entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" - fi -fi - -exec "$@" diff --git a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh deleted file mode 100755 index b2655860..00000000 --- a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/sh -# vim:sw=4:ts=4:et - -set -e - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -ME=$(basename $0) -DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" - -# check if we have ipv6 available -if [ ! -f "/proc/net/if_inet6" ]; then - entrypoint_log "$ME: info: ipv6 not available" - exit 0 -fi - -if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" - exit 0 -fi - -# check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } - -# check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } - -if [ -f "/etc/os-release" ]; then - . /etc/os-release -else - entrypoint_log "$ME: info: can not guess the operating system" - exit 0 -fi - -entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" - -case "$ID" in - "debian") - CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - "alpine") - CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - *) - entrypoint_log "$ME: info: Unsupported distribution" - exit 0 - ;; -esac - -# enable ipv6 on default.conf listen sockets -sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE - -entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" - -exit 0 diff --git a/stable/alpine-perl/20-envsubst-on-templates.sh b/stable/alpine-perl/20-envsubst-on-templates.sh deleted file mode 100755 index d0398b1e..00000000 --- a/stable/alpine-perl/20-envsubst-on-templates.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh - -set -e - -ME=$(basename $0) - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -auto_envsubst() { - local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" - local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" - local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" - local filter="${NGINX_ENVSUBST_FILTER:-}" - - local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) - [ -d "$template_dir" ] || return 0 - if [ ! -w "$output_dir" ]; then - entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" - return 0 - fi - find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$output_dir/${relative_path%$suffix}" - subdir=$(dirname "$relative_path") - # create a subdirectory where the template file exists - mkdir -p "$output_dir/$subdir" - entrypoint_log "$ME: Running envsubst on $template to $output_path" - envsubst "$defined_envs" < "$template" > "$output_path" - done -} - -auto_envsubst - -exit 0 diff --git a/stable/alpine-perl/30-tune-worker-processes.sh b/stable/alpine-perl/30-tune-worker-processes.sh deleted file mode 100755 index 9aa42e98..00000000 --- a/stable/alpine-perl/30-tune-worker-processes.sh +++ /dev/null @@ -1,188 +0,0 @@ -#!/bin/sh -# vim:sw=2:ts=2:sts=2:et - -set -eu - -LC_ALL=C -ME=$( basename "$0" ) -PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - -[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 - -touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } - -ceildiv() { - num=$1 - div=$2 - echo $(( (num + div - 1) / div )) -} - -get_cpuset() { - cpusetroot=$1 - cpusetfile=$2 - ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return 1 - for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do - case "$token" in - *-*) - count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) - ncpu=$(( ncpu+count )) - ;; - *) - ncpu=$(( ncpu+1 )) - ;; - esac - done - echo "$ncpu" -} - -get_quota() { - cpuroot=$1 - ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 - [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 - cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) - cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" -} - -get_quota_v2() { - cpuroot=$1 - ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return 1 - cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) - cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" -} - -get_cgroup_v1_path() { - needle=$1 - found= - foundroot= - mountpoint= - - [ -r "/proc/self/mountinfo" ] || return 1 - [ -r "/proc/self/cgroup" ] || return 1 - - while IFS= read -r line; do - case "$needle" in - "cpuset") - case "$line" in - *cpuset*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac - ;; - "cpu") - case "$line" in - *cpuset*) - ;; - *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac - esac - done << __EOF__ -$( grep -F -- '- cgroup ' /proc/self/mountinfo ) -__EOF__ - - while IFS= read -r line; do - controller=$( echo "$line" | cut -d: -f 2 ) - case "$needle" in - "cpuset") - case "$controller" in - cpuset) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac - ;; - "cpu") - case "$controller" in - cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac - ;; - esac -done << __EOF__ -$( grep -F -- 'cpu' /proc/self/cgroup ) -__EOF__ - - case "${found%% *}" in - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint") - foundroot="${found##* }" - ;; - esac - echo "$foundroot" -} - -get_cgroup_v2_path() { - found= - foundroot= - mountpoint= - - [ -r "/proc/self/mountinfo" ] || return 1 - [ -r "/proc/self/cgroup" ] || return 1 - - while IFS= read -r line; do - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - done << __EOF__ -$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) -__EOF__ - - while IFS= read -r line; do - mountpoint=$( echo "$line" | cut -d: -f 3 ) -done << __EOF__ -$( grep -F -- '0::' /proc/self/cgroup ) -__EOF__ - - case "${found%% *}" in - "") - return 1 - ;; - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint" | /../*) - foundroot="${found##* }" - ;; - esac - echo "$foundroot" -} - -ncpu_online=$( getconf _NPROCESSORS_ONLN ) -ncpu_cpuset= -ncpu_quota= -ncpu_cpuset_v2= -ncpu_quota_v2= - -cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online -cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online - -ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ - "$ncpu_online" \ - "$ncpu_cpuset" \ - "$ncpu_quota" \ - "$ncpu_cpuset_v2" \ - "$ncpu_quota_v2" \ - | sort -n \ - | head -n 1 ) - -sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index b7118ba7..b1320e9e 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,18 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.17 - -LABEL maintainer="NGINX Docker Maintainers " - -ENV NGINX_VERSION 1.22.1 -ENV NJS_VERSION 0.7.7 -ENV PKG_RELEASE 1 +FROM nginx:1.22.1-alpine RUN set -x \ -# create nginx user/group first, to be consistent throughout docker variants - && addgroup -g 101 -S nginx \ - && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ @@ -56,11 +47,7 @@ RUN set -x \ pcre2-dev \ zlib-dev \ linux-headers \ - libxslt-dev \ - gd-dev \ - geoip-dev \ perl-dev \ - libedit-dev \ bash \ alpine-sdk \ findutils \ @@ -78,7 +65,7 @@ RUN set -x \ && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ - && make all \ + && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ @@ -92,43 +79,4 @@ RUN set -x \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ -# Bring in gettext so we can get `envsubst`, then throw -# the rest away. To do this, we need to install `gettext` -# then move `envsubst` out of the way so `gettext` can -# be deleted completely, then move `envsubst` back. - && apk add --no-cache --virtual .gettext gettext \ - && mv /usr/bin/envsubst /tmp/ \ - \ - && runDeps="$( \ - scanelf --needed --nobanner /tmp/envsubst \ - | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ - | sort -u \ - | xargs -r apk info --installed \ - | sort -u \ - )" \ - && apk add --no-cache $runDeps \ - && apk del .gettext \ - && mv /tmp/envsubst /usr/local/bin/ \ -# Bring in tzdata so users could set the timezones through the environment -# variables - && apk add --no-cache tzdata \ -# Bring in curl and ca-certificates to make registering on DNS SD easier - && apk add --no-cache curl ca-certificates \ -# forward request and error logs to docker log collector - && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log \ -# create a docker-entrypoint.d directory - && mkdir /docker-entrypoint.d - -COPY docker-entrypoint.sh / -COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d -COPY 20-envsubst-on-templates.sh /docker-entrypoint.d -COPY 30-tune-worker-processes.sh /docker-entrypoint.d -ENTRYPOINT ["/docker-entrypoint.sh"] - -EXPOSE 80 - -STOPSIGNAL SIGQUIT - -CMD ["nginx", "-g", "daemon off;"] + && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi diff --git a/stable/alpine-perl/docker-entrypoint.sh b/stable/alpine-perl/docker-entrypoint.sh deleted file mode 100755 index e201fe60..00000000 --- a/stable/alpine-perl/docker-entrypoint.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/sh -# vim:sw=4:ts=4:et - -set -e - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then - if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - - entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do - case "$f" in - *.envsh) - if [ -x "$f" ]; then - entrypoint_log "$0: Sourcing $f"; - . "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *.sh) - if [ -x "$f" ]; then - entrypoint_log "$0: Launching $f"; - "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *) entrypoint_log "$0: Ignoring $f";; - esac - done - - entrypoint_log "$0: Configuration complete; ready for start up" - else - entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" - fi -fi - -exec "$@" diff --git a/stable/alpine/10-listen-on-ipv6-by-default.sh b/stable/alpine/10-listen-on-ipv6-by-default.sh deleted file mode 100755 index b2655860..00000000 --- a/stable/alpine/10-listen-on-ipv6-by-default.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/sh -# vim:sw=4:ts=4:et - -set -e - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -ME=$(basename $0) -DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" - -# check if we have ipv6 available -if [ ! -f "/proc/net/if_inet6" ]; then - entrypoint_log "$ME: info: ipv6 not available" - exit 0 -fi - -if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" - exit 0 -fi - -# check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } - -# check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } - -if [ -f "/etc/os-release" ]; then - . /etc/os-release -else - entrypoint_log "$ME: info: can not guess the operating system" - exit 0 -fi - -entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" - -case "$ID" in - "debian") - CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - "alpine") - CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - *) - entrypoint_log "$ME: info: Unsupported distribution" - exit 0 - ;; -esac - -# enable ipv6 on default.conf listen sockets -sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE - -entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" - -exit 0 diff --git a/stable/alpine/20-envsubst-on-templates.sh b/stable/alpine/20-envsubst-on-templates.sh deleted file mode 100755 index d0398b1e..00000000 --- a/stable/alpine/20-envsubst-on-templates.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh - -set -e - -ME=$(basename $0) - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -auto_envsubst() { - local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" - local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" - local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" - local filter="${NGINX_ENVSUBST_FILTER:-}" - - local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) - [ -d "$template_dir" ] || return 0 - if [ ! -w "$output_dir" ]; then - entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" - return 0 - fi - find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$output_dir/${relative_path%$suffix}" - subdir=$(dirname "$relative_path") - # create a subdirectory where the template file exists - mkdir -p "$output_dir/$subdir" - entrypoint_log "$ME: Running envsubst on $template to $output_path" - envsubst "$defined_envs" < "$template" > "$output_path" - done -} - -auto_envsubst - -exit 0 diff --git a/stable/alpine/30-tune-worker-processes.sh b/stable/alpine/30-tune-worker-processes.sh deleted file mode 100755 index 9aa42e98..00000000 --- a/stable/alpine/30-tune-worker-processes.sh +++ /dev/null @@ -1,188 +0,0 @@ -#!/bin/sh -# vim:sw=2:ts=2:sts=2:et - -set -eu - -LC_ALL=C -ME=$( basename "$0" ) -PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - -[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 - -touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } - -ceildiv() { - num=$1 - div=$2 - echo $(( (num + div - 1) / div )) -} - -get_cpuset() { - cpusetroot=$1 - cpusetfile=$2 - ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return 1 - for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do - case "$token" in - *-*) - count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) - ncpu=$(( ncpu+count )) - ;; - *) - ncpu=$(( ncpu+1 )) - ;; - esac - done - echo "$ncpu" -} - -get_quota() { - cpuroot=$1 - ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 - [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 - cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) - cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" -} - -get_quota_v2() { - cpuroot=$1 - ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return 1 - cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) - cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" -} - -get_cgroup_v1_path() { - needle=$1 - found= - foundroot= - mountpoint= - - [ -r "/proc/self/mountinfo" ] || return 1 - [ -r "/proc/self/cgroup" ] || return 1 - - while IFS= read -r line; do - case "$needle" in - "cpuset") - case "$line" in - *cpuset*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac - ;; - "cpu") - case "$line" in - *cpuset*) - ;; - *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac - esac - done << __EOF__ -$( grep -F -- '- cgroup ' /proc/self/mountinfo ) -__EOF__ - - while IFS= read -r line; do - controller=$( echo "$line" | cut -d: -f 2 ) - case "$needle" in - "cpuset") - case "$controller" in - cpuset) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac - ;; - "cpu") - case "$controller" in - cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac - ;; - esac -done << __EOF__ -$( grep -F -- 'cpu' /proc/self/cgroup ) -__EOF__ - - case "${found%% *}" in - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint") - foundroot="${found##* }" - ;; - esac - echo "$foundroot" -} - -get_cgroup_v2_path() { - found= - foundroot= - mountpoint= - - [ -r "/proc/self/mountinfo" ] || return 1 - [ -r "/proc/self/cgroup" ] || return 1 - - while IFS= read -r line; do - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - done << __EOF__ -$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) -__EOF__ - - while IFS= read -r line; do - mountpoint=$( echo "$line" | cut -d: -f 3 ) -done << __EOF__ -$( grep -F -- '0::' /proc/self/cgroup ) -__EOF__ - - case "${found%% *}" in - "") - return 1 - ;; - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint" | /../*) - foundroot="${found##* }" - ;; - esac - echo "$foundroot" -} - -ncpu_online=$( getconf _NPROCESSORS_ONLN ) -ncpu_cpuset= -ncpu_quota= -ncpu_cpuset_v2= -ncpu_quota_v2= - -cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online -cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online - -ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ - "$ncpu_online" \ - "$ncpu_cpuset" \ - "$ncpu_quota" \ - "$ncpu_cpuset_v2" \ - "$ncpu_quota_v2" \ - | sort -n \ - | head -n 1 ) - -sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 86520fef..23d87fcb 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,18 +3,11 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.17 +FROM nginx:1.22.1-alpine-slim -LABEL maintainer="NGINX Docker Maintainers " - -ENV NGINX_VERSION 1.22.1 ENV NJS_VERSION 0.7.7 -ENV PKG_RELEASE 1 RUN set -x \ -# create nginx user/group first, to be consistent throughout docker variants - && addgroup -g 101 -S nginx \ - && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ @@ -58,7 +51,6 @@ RUN set -x \ libxslt-dev \ gd-dev \ geoip-dev \ - perl-dev \ libedit-dev \ bash \ alpine-sdk \ @@ -77,7 +69,7 @@ RUN set -x \ && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ - && make all \ + && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ @@ -92,42 +84,5 @@ RUN set -x \ && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ -# Bring in gettext so we can get `envsubst`, then throw -# the rest away. To do this, we need to install `gettext` -# then move `envsubst` out of the way so `gettext` can -# be deleted completely, then move `envsubst` back. - && apk add --no-cache --virtual .gettext gettext \ - && mv /usr/bin/envsubst /tmp/ \ - \ - && runDeps="$( \ - scanelf --needed --nobanner /tmp/envsubst \ - | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ - | sort -u \ - | xargs -r apk info --installed \ - | sort -u \ - )" \ - && apk add --no-cache $runDeps \ - && apk del .gettext \ - && mv /tmp/envsubst /usr/local/bin/ \ -# Bring in tzdata so users could set the timezones through the environment -# variables - && apk add --no-cache tzdata \ # Bring in curl and ca-certificates to make registering on DNS SD easier - && apk add --no-cache curl ca-certificates \ -# forward request and error logs to docker log collector - && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log \ -# create a docker-entrypoint.d directory - && mkdir /docker-entrypoint.d - -COPY docker-entrypoint.sh / -COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d -COPY 20-envsubst-on-templates.sh /docker-entrypoint.d -COPY 30-tune-worker-processes.sh /docker-entrypoint.d -ENTRYPOINT ["/docker-entrypoint.sh"] - -EXPOSE 80 - -STOPSIGNAL SIGQUIT - -CMD ["nginx", "-g", "daemon off;"] + && apk add --no-cache curl ca-certificates diff --git a/stable/alpine/docker-entrypoint.sh b/stable/alpine/docker-entrypoint.sh deleted file mode 100755 index e201fe60..00000000 --- a/stable/alpine/docker-entrypoint.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/sh -# vim:sw=4:ts=4:et - -set -e - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then - if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - - entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do - case "$f" in - *.envsh) - if [ -x "$f" ]; then - entrypoint_log "$0: Sourcing $f"; - . "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *.sh) - if [ -x "$f" ]; then - entrypoint_log "$0: Launching $f"; - "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *) entrypoint_log "$0: Ignoring $f";; - esac - done - - entrypoint_log "$0: Configuration complete; ready for start up" - else - entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" - fi -fi - -exec "$@" diff --git a/stable/debian-perl/10-listen-on-ipv6-by-default.sh b/stable/debian-perl/10-listen-on-ipv6-by-default.sh deleted file mode 100755 index b2655860..00000000 --- a/stable/debian-perl/10-listen-on-ipv6-by-default.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/sh -# vim:sw=4:ts=4:et - -set -e - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -ME=$(basename $0) -DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" - -# check if we have ipv6 available -if [ ! -f "/proc/net/if_inet6" ]; then - entrypoint_log "$ME: info: ipv6 not available" - exit 0 -fi - -if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" - exit 0 -fi - -# check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } - -# check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } - -if [ -f "/etc/os-release" ]; then - . /etc/os-release -else - entrypoint_log "$ME: info: can not guess the operating system" - exit 0 -fi - -entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" - -case "$ID" in - "debian") - CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - "alpine") - CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - *) - entrypoint_log "$ME: info: Unsupported distribution" - exit 0 - ;; -esac - -# enable ipv6 on default.conf listen sockets -sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE - -entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" - -exit 0 diff --git a/stable/debian-perl/20-envsubst-on-templates.sh b/stable/debian-perl/20-envsubst-on-templates.sh deleted file mode 100755 index d0398b1e..00000000 --- a/stable/debian-perl/20-envsubst-on-templates.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh - -set -e - -ME=$(basename $0) - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -auto_envsubst() { - local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" - local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" - local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" - local filter="${NGINX_ENVSUBST_FILTER:-}" - - local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) - [ -d "$template_dir" ] || return 0 - if [ ! -w "$output_dir" ]; then - entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" - return 0 - fi - find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$output_dir/${relative_path%$suffix}" - subdir=$(dirname "$relative_path") - # create a subdirectory where the template file exists - mkdir -p "$output_dir/$subdir" - entrypoint_log "$ME: Running envsubst on $template to $output_path" - envsubst "$defined_envs" < "$template" > "$output_path" - done -} - -auto_envsubst - -exit 0 diff --git a/stable/debian-perl/30-tune-worker-processes.sh b/stable/debian-perl/30-tune-worker-processes.sh deleted file mode 100755 index 9aa42e98..00000000 --- a/stable/debian-perl/30-tune-worker-processes.sh +++ /dev/null @@ -1,188 +0,0 @@ -#!/bin/sh -# vim:sw=2:ts=2:sts=2:et - -set -eu - -LC_ALL=C -ME=$( basename "$0" ) -PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - -[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 - -touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } - -ceildiv() { - num=$1 - div=$2 - echo $(( (num + div - 1) / div )) -} - -get_cpuset() { - cpusetroot=$1 - cpusetfile=$2 - ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return 1 - for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do - case "$token" in - *-*) - count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) - ncpu=$(( ncpu+count )) - ;; - *) - ncpu=$(( ncpu+1 )) - ;; - esac - done - echo "$ncpu" -} - -get_quota() { - cpuroot=$1 - ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 - [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 - cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) - cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" -} - -get_quota_v2() { - cpuroot=$1 - ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return 1 - cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) - cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" -} - -get_cgroup_v1_path() { - needle=$1 - found= - foundroot= - mountpoint= - - [ -r "/proc/self/mountinfo" ] || return 1 - [ -r "/proc/self/cgroup" ] || return 1 - - while IFS= read -r line; do - case "$needle" in - "cpuset") - case "$line" in - *cpuset*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac - ;; - "cpu") - case "$line" in - *cpuset*) - ;; - *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac - esac - done << __EOF__ -$( grep -F -- '- cgroup ' /proc/self/mountinfo ) -__EOF__ - - while IFS= read -r line; do - controller=$( echo "$line" | cut -d: -f 2 ) - case "$needle" in - "cpuset") - case "$controller" in - cpuset) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac - ;; - "cpu") - case "$controller" in - cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac - ;; - esac -done << __EOF__ -$( grep -F -- 'cpu' /proc/self/cgroup ) -__EOF__ - - case "${found%% *}" in - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint") - foundroot="${found##* }" - ;; - esac - echo "$foundroot" -} - -get_cgroup_v2_path() { - found= - foundroot= - mountpoint= - - [ -r "/proc/self/mountinfo" ] || return 1 - [ -r "/proc/self/cgroup" ] || return 1 - - while IFS= read -r line; do - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - done << __EOF__ -$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) -__EOF__ - - while IFS= read -r line; do - mountpoint=$( echo "$line" | cut -d: -f 3 ) -done << __EOF__ -$( grep -F -- '0::' /proc/self/cgroup ) -__EOF__ - - case "${found%% *}" in - "") - return 1 - ;; - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint" | /../*) - foundroot="${found##* }" - ;; - esac - echo "$foundroot" -} - -ncpu_online=$( getconf _NPROCESSORS_ONLN ) -ncpu_cpuset= -ncpu_quota= -ncpu_cpuset_v2= -ncpu_quota_v2= - -cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online -cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online - -ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ - "$ncpu_online" \ - "$ncpu_cpuset" \ - "$ncpu_quota" \ - "$ncpu_cpuset_v2" \ - "$ncpu_quota_v2" \ - | sort -n \ - | head -n 1 ) - -sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index c72c9283..2a72881a 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -3,18 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM debian:bullseye-slim - -LABEL maintainer="NGINX Docker Maintainers " - -ENV NGINX_VERSION 1.22.1 -ENV NJS_VERSION 0.7.7 -ENV PKG_RELEASE 1~bullseye +FROM nginx:1.22.1 RUN set -x \ -# create nginx user/group first, to be consistent throughout docker variants - && addgroup --system --gid 101 nginx \ - && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ @@ -59,11 +50,11 @@ RUN set -x \ \ # build .deb files from upstream's source packages (which are verified by apt-get) && apt-get update \ - && apt-get build-dep -y $nginxPackages \ + && apt-get build-dep -y nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ && ( \ cd "$tempDir" \ && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile $nginxPackages \ + apt-get source --compile nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ @@ -95,21 +86,4 @@ RUN set -x \ && if [ -n "$tempDir" ]; then \ apt-get purge -y --auto-remove \ && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi \ -# forward request and error logs to docker log collector - && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log \ -# create a docker-entrypoint.d directory - && mkdir /docker-entrypoint.d - -COPY docker-entrypoint.sh / -COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d -COPY 20-envsubst-on-templates.sh /docker-entrypoint.d -COPY 30-tune-worker-processes.sh /docker-entrypoint.d -ENTRYPOINT ["/docker-entrypoint.sh"] - -EXPOSE 80 - -STOPSIGNAL SIGQUIT - -CMD ["nginx", "-g", "daemon off;"] + fi diff --git a/stable/debian-perl/docker-entrypoint.sh b/stable/debian-perl/docker-entrypoint.sh deleted file mode 100755 index e201fe60..00000000 --- a/stable/debian-perl/docker-entrypoint.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/sh -# vim:sw=4:ts=4:et - -set -e - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then - if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - - entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do - case "$f" in - *.envsh) - if [ -x "$f" ]; then - entrypoint_log "$0: Sourcing $f"; - . "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *.sh) - if [ -x "$f" ]; then - entrypoint_log "$0: Launching $f"; - "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *) entrypoint_log "$0: Ignoring $f";; - esac - done - - entrypoint_log "$0: Configuration complete; ready for start up" - else - entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" - fi -fi - -exec "$@" From f27368329ff9f02b9973bc3a23d7a643e2485d7d Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 30 Nov 2022 13:59:54 +0400 Subject: [PATCH 246/377] Fixed Alpine signing key checksum check. On newer openssl (version 3), the output format for rsa command slightly changed, leading to a different checksum. The fix is to take a checksum for the whole file instead. Closes https://github.com/nginxinc/docker-nginx/issues/721 --- Dockerfile-alpine-perl.template | 4 ++-- Dockerfile-alpine-slim.template | 4 ++-- Dockerfile-alpine.template | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Dockerfile-alpine-perl.template b/Dockerfile-alpine-perl.template index f3a3c85f..a1aaac54 100644 --- a/Dockerfile-alpine-perl.template +++ b/Dockerfile-alpine-perl.template @@ -11,9 +11,9 @@ RUN set -x \ x86_64|aarch64) \ # arches officially built by upstream set -x \ - && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ echo "key verification succeeded!"; \ mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ else \ diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template index 5a60ba84..57b9be42 100644 --- a/Dockerfile-alpine-slim.template +++ b/Dockerfile-alpine-slim.template @@ -19,9 +19,9 @@ RUN set -x \ x86_64|aarch64) \ # arches officially built by upstream set -x \ - && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ echo "key verification succeeded!"; \ mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ else \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 82f0f56c..8c464dfd 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -13,9 +13,9 @@ RUN set -x \ x86_64|aarch64) \ # arches officially built by upstream set -x \ - && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ echo "key verification succeeded!"; \ mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ else \ From ce8322287b7def616fd077ea21c9c045c50ac461 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 30 Nov 2022 14:04:06 +0400 Subject: [PATCH 247/377] Updated njs to 0.7.9. --- update.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/update.sh b/update.sh index 5b245169..533c9683 100755 --- a/update.sh +++ b/update.sh @@ -18,8 +18,8 @@ declare -A nginx=( # Current njs versions declare -A njs=( - [mainline]='0.7.7' - [stable]='0.7.7' + [mainline]='0.7.9' + [stable]='0.7.9' ) # Current package patchlevel version @@ -44,16 +44,16 @@ declare -A alpine=( # when building alpine packages on architectures not supported by nginx.org # Remember to update pkgosschecksum when changing this. declare -A rev=( - [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' - [stable]='${NGINX_VERSION}-${PKG_RELEASE}' + [mainline]='756' + [stable]='757' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='98d244d5dea3f0c49692843b1857e21dc7353e749f9ff8a526036a3beeea299e156183b6a98070ffc68a23d191e1f24c577d7ea874f8cc27ce01f4dc832658b6' - [stable]='7266f418dcc9d89a2990f504d99ec58d10febbaf078c03630d42843955cee7e50b0f90fb317360384a32473839dc42d8b329b737015ec8dd0d028f90d4d5ed25' + [mainline]='5e79f9be4f8ba037fa8138fe50a8fc9e41a0192c1d8c9b2cc58b5c5f5eb3ac66b4807083d25ca21363f07075320a7566eb3e4d3317aa01d3b3e23b20943c411f' + [stable]='32a039e8d3cc54404a8ad4a31981e76a49632f1ebec2f45bb309689d6ba2f82e3e8aea8abf582b49931636ea53271b48a7e2f2ef8ebe35b167b3fe18b8b99852' ) get_packages() { From 4785a604aa40e0b0a69047a61e28781a2b0c2069 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 30 Nov 2022 14:05:04 +0400 Subject: [PATCH 248/377] Regenerated after last commits. --- mainline/alpine-perl/Dockerfile | 14 +++++++------- mainline/alpine-slim/Dockerfile | 14 +++++++------- mainline/alpine/Dockerfile | 16 ++++++++-------- mainline/debian/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 14 +++++++------- stable/alpine-slim/Dockerfile | 14 +++++++------- stable/alpine/Dockerfile | 16 ++++++++-------- stable/debian/Dockerfile | 2 +- 8 files changed, 46 insertions(+), 46 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index d0e13e4a..69b6dab8 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -22,9 +22,9 @@ RUN set -x \ x86_64|aarch64) \ # arches officially built by upstream set -x \ - && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ echo "key verification succeeded!"; \ mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ else \ @@ -54,16 +54,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"98d244d5dea3f0c49692843b1857e21dc7353e749f9ff8a526036a3beeea299e156183b6a98070ffc68a23d191e1f24c577d7ea874f8cc27ce01f4dc832658b6 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/756.tar.gz \ + && PKGOSSCHECKSUM=\"5e79f9be4f8ba037fa8138fe50a8fc9e41a0192c1d8c9b2cc58b5c5f5eb3ac66b4807083d25ca21363f07075320a7566eb3e4d3317aa01d3b3e23b20943c411f *756.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 756.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 756.tar.gz \ + && cd pkg-oss-756 \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 315f55f3..961af746 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -25,9 +25,9 @@ RUN set -x \ x86_64|aarch64) \ # arches officially built by upstream set -x \ - && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ echo "key verification succeeded!"; \ mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ else \ @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"98d244d5dea3f0c49692843b1857e21dc7353e749f9ff8a526036a3beeea299e156183b6a98070ffc68a23d191e1f24c577d7ea874f8cc27ce01f4dc832658b6 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/756.tar.gz \ + && PKGOSSCHECKSUM=\"5e79f9be4f8ba037fa8138fe50a8fc9e41a0192c1d8c9b2cc58b5c5f5eb3ac66b4807083d25ca21363f07075320a7566eb3e4d3317aa01d3b3e23b20943c411f *756.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 756.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 756.tar.gz \ + && cd pkg-oss-756 \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index c6550eb0..6749393b 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -5,7 +5,7 @@ # FROM nginx:1.23.2-alpine-slim -ENV NJS_VERSION 0.7.7 +ENV NJS_VERSION 0.7.9 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -23,9 +23,9 @@ RUN set -x \ x86_64|aarch64) \ # arches officially built by upstream set -x \ - && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ echo "key verification succeeded!"; \ mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ else \ @@ -58,16 +58,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"98d244d5dea3f0c49692843b1857e21dc7353e749f9ff8a526036a3beeea299e156183b6a98070ffc68a23d191e1f24c577d7ea874f8cc27ce01f4dc832658b6 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/756.tar.gz \ + && PKGOSSCHECKSUM=\"5e79f9be4f8ba037fa8138fe50a8fc9e41a0192c1d8c9b2cc58b5c5f5eb3ac66b4807083d25ca21363f07075320a7566eb3e4d3317aa01d3b3e23b20943c411f *756.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 756.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 756.tar.gz \ + && cd pkg-oss-756 \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index cd819d0d..22d4dc2c 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.23.2 -ENV NJS_VERSION 0.7.7 +ENV NJS_VERSION 0.7.9 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index b1320e9e..b681d57c 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -22,9 +22,9 @@ RUN set -x \ x86_64|aarch64) \ # arches officially built by upstream set -x \ - && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ echo "key verification succeeded!"; \ mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ else \ @@ -54,16 +54,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"7266f418dcc9d89a2990f504d99ec58d10febbaf078c03630d42843955cee7e50b0f90fb317360384a32473839dc42d8b329b737015ec8dd0d028f90d4d5ed25 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/757.tar.gz \ + && PKGOSSCHECKSUM=\"32a039e8d3cc54404a8ad4a31981e76a49632f1ebec2f45bb309689d6ba2f82e3e8aea8abf582b49931636ea53271b48a7e2f2ef8ebe35b167b3fe18b8b99852 *757.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 757.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 757.tar.gz \ + && cd pkg-oss-757 \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index e90b9598..ba490558 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -25,9 +25,9 @@ RUN set -x \ x86_64|aarch64) \ # arches officially built by upstream set -x \ - && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ echo "key verification succeeded!"; \ mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ else \ @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"7266f418dcc9d89a2990f504d99ec58d10febbaf078c03630d42843955cee7e50b0f90fb317360384a32473839dc42d8b329b737015ec8dd0d028f90d4d5ed25 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/757.tar.gz \ + && PKGOSSCHECKSUM=\"32a039e8d3cc54404a8ad4a31981e76a49632f1ebec2f45bb309689d6ba2f82e3e8aea8abf582b49931636ea53271b48a7e2f2ef8ebe35b167b3fe18b8b99852 *757.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 757.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 757.tar.gz \ + && cd pkg-oss-757 \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 23d87fcb..f7bf3881 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -5,7 +5,7 @@ # FROM nginx:1.22.1-alpine-slim -ENV NJS_VERSION 0.7.7 +ENV NJS_VERSION 0.7.9 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -23,9 +23,9 @@ RUN set -x \ x86_64|aarch64) \ # arches officially built by upstream set -x \ - && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ echo "key verification succeeded!"; \ mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ else \ @@ -58,16 +58,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"7266f418dcc9d89a2990f504d99ec58d10febbaf078c03630d42843955cee7e50b0f90fb317360384a32473839dc42d8b329b737015ec8dd0d028f90d4d5ed25 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/757.tar.gz \ + && PKGOSSCHECKSUM=\"32a039e8d3cc54404a8ad4a31981e76a49632f1ebec2f45bb309689d6ba2f82e3e8aea8abf582b49931636ea53271b48a7e2f2ef8ebe35b167b3fe18b8b99852 *757.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 757.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 757.tar.gz \ + && cd pkg-oss-757 \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index da4872d3..f40ef272 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.22.1 -ENV NJS_VERSION 0.7.7 +ENV NJS_VERSION 0.7.9 ENV PKG_RELEASE 1~bullseye RUN set -x \ From 564ae3cd9783719b91a210023f40e8a213766a3e Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 13 Dec 2022 11:55:37 -0800 Subject: [PATCH 249/377] generate-stackbrew-library.sh: build alpine-slim on all arches. --- generate-stackbrew-library.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 9bc067d2..e15b128e 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -107,7 +107,7 @@ for version in "${versions[@]}"; do echo cat <<-EOE Tags: $(join ', ' "${variantAliases[@]}") - Architectures: arm64v8, amd64 + Architectures: arm64v8, arm32v6, arm32v7, ppc64le, s390x, i386, amd64 GitCommit: $commit Directory: $version/$variant EOE From 5ce65c3efd395ee2d82d32670f233140e92dba99 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 13 Dec 2022 12:05:04 -0800 Subject: [PATCH 250/377] Updated mainline NGINX to 1.23.3. --- mainline/alpine-perl/Dockerfile | 12 ++++++------ mainline/alpine-slim/Dockerfile | 12 ++++++------ mainline/alpine/Dockerfile | 12 ++++++------ mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 2 +- update.sh | 6 +++--- 6 files changed, 23 insertions(+), 23 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 69b6dab8..4cc786d5 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.23.2-alpine +FROM nginx:1.23.3-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -54,16 +54,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/756.tar.gz \ - && PKGOSSCHECKSUM=\"5e79f9be4f8ba037fa8138fe50a8fc9e41a0192c1d8c9b2cc58b5c5f5eb3ac66b4807083d25ca21363f07075320a7566eb3e4d3317aa01d3b3e23b20943c411f *756.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 756.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"52a80f6c3b3914462f8a0b2fbadea950bcd79c1bd528386aff4c28d5a80c6920d783575a061a47b60fea800eef66bf5a0178a137ea51c37277fe9c2779715990 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 756.tar.gz \ - && cd pkg-oss-756 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 961af746..89ad6412 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.17 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.2 +ENV NGINX_VERSION 1.23.3 ENV PKG_RELEASE 1 RUN set -x \ @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/756.tar.gz \ - && PKGOSSCHECKSUM=\"5e79f9be4f8ba037fa8138fe50a8fc9e41a0192c1d8c9b2cc58b5c5f5eb3ac66b4807083d25ca21363f07075320a7566eb3e4d3317aa01d3b3e23b20943c411f *756.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 756.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"52a80f6c3b3914462f8a0b2fbadea950bcd79c1bd528386aff4c28d5a80c6920d783575a061a47b60fea800eef66bf5a0178a137ea51c37277fe9c2779715990 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 756.tar.gz \ - && cd pkg-oss-756 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 6749393b..68eacfd4 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.23.2-alpine-slim +FROM nginx:1.23.3-alpine-slim ENV NJS_VERSION 0.7.9 @@ -58,16 +58,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/756.tar.gz \ - && PKGOSSCHECKSUM=\"5e79f9be4f8ba037fa8138fe50a8fc9e41a0192c1d8c9b2cc58b5c5f5eb3ac66b4807083d25ca21363f07075320a7566eb3e4d3317aa01d3b3e23b20943c411f *756.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 756.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"52a80f6c3b3914462f8a0b2fbadea950bcd79c1bd528386aff4c28d5a80c6920d783575a061a47b60fea800eef66bf5a0178a137ea51c37277fe9c2779715990 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 756.tar.gz \ - && cd pkg-oss-756 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 92896b77..0f671d71 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.23.2 +FROM nginx:1.23.3 RUN set -x \ && apt-get update \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 22d4dc2c..01bcfd27 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,7 +7,7 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.2 +ENV NGINX_VERSION 1.23.3 ENV NJS_VERSION 0.7.9 ENV PKG_RELEASE 1~bullseye diff --git a/update.sh b/update.sh index 533c9683..662ff7f7 100755 --- a/update.sh +++ b/update.sh @@ -12,7 +12,7 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.23.2' + [mainline]='1.23.3' [stable]='1.22.1' ) @@ -44,7 +44,7 @@ declare -A alpine=( # when building alpine packages on architectures not supported by nginx.org # Remember to update pkgosschecksum when changing this. declare -A rev=( - [mainline]='756' + [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' [stable]='757' ) @@ -52,7 +52,7 @@ declare -A rev=( # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='5e79f9be4f8ba037fa8138fe50a8fc9e41a0192c1d8c9b2cc58b5c5f5eb3ac66b4807083d25ca21363f07075320a7566eb3e4d3317aa01d3b3e23b20943c411f' + [mainline]='52a80f6c3b3914462f8a0b2fbadea950bcd79c1bd528386aff4c28d5a80c6920d783575a061a47b60fea800eef66bf5a0178a137ea51c37277fe9c2779715990' [stable]='32a039e8d3cc54404a8ad4a31981e76a49632f1ebec2f45bb309689d6ba2f82e3e8aea8abf582b49931636ea53271b48a7e2f2ef8ebe35b167b3fe18b8b99852' ) From 38e2690b304b8dca4848f3e70a1fc95837f61510 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 9 Jan 2023 11:46:43 -0800 Subject: [PATCH 251/377] Debian-based dockerfiles: don't depend on deprecated apt-key. Fixes #739 --- Dockerfile-debian-perl.template | 10 +++++++--- Dockerfile-debian.template | 10 +++++++--- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/Dockerfile-debian-perl.template b/Dockerfile-debian-perl.template index 39e3b989..38b65598 100644 --- a/Dockerfile-debian-perl.template +++ b/Dockerfile-debian-perl.template @@ -5,15 +5,19 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + export GNUPGHOME="$(mktemp -d)"; \ found=''; \ for server in \ hkp://keyserver.ubuntu.com:80 \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ + rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages="%%PACKAGES%% @@ -21,13 +25,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index eaffeabe..b4f3bd94 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -14,15 +14,19 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + export GNUPGHOME="$(mktemp -d)"; \ found=''; \ for server in \ hkp://keyserver.ubuntu.com:80 \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ + rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages="%%PACKAGES%% @@ -30,13 +34,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ From 761fffeba0d867d6e80d38998073e0eaa456bb02 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 9 Jan 2023 11:55:09 -0800 Subject: [PATCH 252/377] Regenerated after last commit. --- mainline/debian-perl/Dockerfile | 10 +++++++--- mainline/debian/Dockerfile | 10 +++++++--- stable/debian-perl/Dockerfile | 10 +++++++--- stable/debian/Dockerfile | 10 +++++++--- 4 files changed, 28 insertions(+), 12 deletions(-) diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 0f671d71..fc304418 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -10,15 +10,19 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + export GNUPGHOME="$(mktemp -d)"; \ found=''; \ for server in \ hkp://keyserver.ubuntu.com:80 \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ + rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ @@ -32,13 +36,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 01bcfd27..e3e3f844 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -19,15 +19,19 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + export GNUPGHOME="$(mktemp -d)"; \ found=''; \ for server in \ hkp://keyserver.ubuntu.com:80 \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ + rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ @@ -40,13 +44,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 2a72881a..55d2b8ba 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -10,15 +10,19 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + export GNUPGHOME="$(mktemp -d)"; \ found=''; \ for server in \ hkp://keyserver.ubuntu.com:80 \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ + rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ @@ -32,13 +36,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index f40ef272..2bbeffd9 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -19,15 +19,19 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + export GNUPGHOME="$(mktemp -d)"; \ found=''; \ for server in \ hkp://keyserver.ubuntu.com:80 \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ + rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ @@ -40,13 +44,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ From 1bacdf4820c8b558e79b8cebb3e6f29c7fc77c17 Mon Sep 17 00:00:00 2001 From: Dave McAllister Date: Wed, 1 Mar 2023 11:43:31 -0800 Subject: [PATCH 253/377] adds the Code of Conduct file This adds the NGINX Code of Conduct file to the repo, as it is one of the recognized community guides by GitHub --- CODE_OF_CONDUCT.md | 74 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 CODE_OF_CONDUCT.md diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 00000000..aea287f6 --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,74 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as +contributors and maintainers pledge to making participation in our project and +our community a harassment-free experience for everyone, regardless of age, body +size, disability, ethnicity, sex characteristics, gender identity and expression, +level of experience, education, socio-economic status, nationality, personal +appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behavior that contributes to creating a positive environment +include: + +- Using welcoming and inclusive language +- Being respectful of differing viewpoints and experiences +- Gracefully accepting constructive criticism +- Focusing on what is best for the community +- Showing empathy towards other community members + +Examples of unacceptable behavior by participants include: + +- The use of sexualized language or imagery and unwelcome sexual attention or + advances +- Trolling, insulting/derogatory comments, and personal or political attacks +- Public or private harassment +- Publishing others' private information, such as a physical or electronic + address, without explicit permission +- Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable +behavior and are expected to take appropriate and fair corrective action in +response to any instances of unacceptable behavior. + +Project maintainers have the right and responsibility to remove, edit, or +reject comments, commits, code, wiki edits, issues, and other contributions +that are not aligned to this Code of Conduct, or to ban temporarily or +permanently any contributor for other behaviors that they deem inappropriate, +threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces +when an individual is representing the project or its community. Examples of +representing a project or community include using an official project e-mail +address, posting via an official social media account, or acting as an appointed +representative at an online or offline event. Representation of a project may be +further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported by contacting the moderation team at nginx-oss-community@f5.com. All +complaints will be reviewed and investigated and will result in a response that +is deemed necessary and appropriate to the circumstances. The project team is +obligated to maintain confidentiality with regard to the reporter of an incident. +Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good +faith may face temporary or permanent repercussions as determined by other +members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org), version 1.4, +available at + +For answers to common questions about this code of conduct, see + From beac75efbd331ef54c5409c410fbb4832ba09a3d Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 14 Feb 2023 17:55:40 -0800 Subject: [PATCH 254/377] Added distribution versions to generated tags. Refs https://github.com/nginxinc/docker-nginx/issues/649 --- generate-stackbrew-library.sh | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index e15b128e..d5b71cb2 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -60,9 +60,13 @@ for version in "${versions[@]}"; do fi versionAliases+=( ${aliases[$version]:-} ) + debianVersion="$(git show "$commit":"$version/$base/Dockerfile" | awk -F"[-:]" '$1 == "FROM debian" { print $2; exit }')" + debianAliases=( ${versionAliases[@]/%/-$debianVersion} ) + debianAliases=( "${debianAliases[@]//latest-/}" ) + echo cat <<-EOE - Tags: $(join ', ' "${versionAliases[@]}") + Tags: $(join ', ' "${versionAliases[@]}"), $(join ', ' "${debianAliases[@]}") Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x GitCommit: $commit Directory: $version/$base @@ -72,6 +76,7 @@ for version in "${versions[@]}"; do commit="$(dirCommit "$version/$variant")" variantAliases=( "${versionAliases[@]/%/-perl}" ) + variantAliases+=( "${versionAliases[@]/%/-${variant/debian/$debianVersion}}" ) variantAliases=( "${variantAliases[@]//latest-/}" ) echo @@ -83,10 +88,13 @@ for version in "${versions[@]}"; do EOE done + alpineVersion="$(git show "$commit":"$version/alpine-slim/Dockerfile" | awk -F: '$1 == "FROM alpine" { print $2; exit }')" + for variant in alpine alpine-perl; do commit="$(dirCommit "$version/$variant")" variantAliases=( "${versionAliases[@]/%/-$variant}" ) + variantAliases+=( "${versionAliases[@]/%/-${variant/alpine/alpine$alpineVersion}}" ) variantAliases=( "${variantAliases[@]//latest-/}" ) echo @@ -102,6 +110,7 @@ for version in "${versions[@]}"; do commit="$(dirCommit "$version/$variant")" variantAliases=( "${versionAliases[@]/%/-$variant}" ) + variantAliases+=( "${versionAliases[@]/%/-${variant/alpine/alpine$alpineVersion}}" ) variantAliases=( "${variantAliases[@]//latest-/}" ) echo From 73a5acae6945b75b433cafd0c9318e4378e72cbb Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 28 Mar 2023 12:14:25 -0700 Subject: [PATCH 255/377] Updated mainline nginx to 1.23.4. --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 4 ++-- update.sh | 6 +++--- 6 files changed, 13 insertions(+), 13 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 4cc786d5..134f4455 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.23.3-alpine +FROM nginx:1.23.4-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -55,7 +55,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"52a80f6c3b3914462f8a0b2fbadea950bcd79c1bd528386aff4c28d5a80c6920d783575a061a47b60fea800eef66bf5a0178a137ea51c37277fe9c2779715990 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"8f3f6c1ddd984c0c7320d3bea25eee42749db6d69c251223cf91d69b8d80b703ab39eb94fcf731399a7693ebd8dd37d1b3232ea1184ca98e5ca0ba6165e1a05c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 89ad6412..f35e861c 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.17 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.3 +ENV NGINX_VERSION 1.23.4 ENV PKG_RELEASE 1 RUN set -x \ @@ -57,7 +57,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"52a80f6c3b3914462f8a0b2fbadea950bcd79c1bd528386aff4c28d5a80c6920d783575a061a47b60fea800eef66bf5a0178a137ea51c37277fe9c2779715990 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"8f3f6c1ddd984c0c7320d3bea25eee42749db6d69c251223cf91d69b8d80b703ab39eb94fcf731399a7693ebd8dd37d1b3232ea1184ca98e5ca0ba6165e1a05c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 68eacfd4..bb064be5 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.23.3-alpine-slim +FROM nginx:1.23.4-alpine-slim -ENV NJS_VERSION 0.7.9 +ENV NJS_VERSION 0.7.11 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"52a80f6c3b3914462f8a0b2fbadea950bcd79c1bd528386aff4c28d5a80c6920d783575a061a47b60fea800eef66bf5a0178a137ea51c37277fe9c2779715990 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"8f3f6c1ddd984c0c7320d3bea25eee42749db6d69c251223cf91d69b8d80b703ab39eb94fcf731399a7693ebd8dd37d1b3232ea1184ca98e5ca0ba6165e1a05c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index fc304418..44ac453d 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.23.3 +FROM nginx:1.23.4 RUN set -x \ && apt-get update \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index e3e3f844..31b13877 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.3 -ENV NJS_VERSION 0.7.9 +ENV NGINX_VERSION 1.23.4 +ENV NJS_VERSION 0.7.11 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/update.sh b/update.sh index 662ff7f7..4c059b96 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.23.3' + [mainline]='1.23.4' [stable]='1.22.1' ) # Current njs versions declare -A njs=( - [mainline]='0.7.9' + [mainline]='0.7.11' [stable]='0.7.9' ) @@ -52,7 +52,7 @@ declare -A rev=( # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='52a80f6c3b3914462f8a0b2fbadea950bcd79c1bd528386aff4c28d5a80c6920d783575a061a47b60fea800eef66bf5a0178a137ea51c37277fe9c2779715990' + [mainline]='8f3f6c1ddd984c0c7320d3bea25eee42749db6d69c251223cf91d69b8d80b703ab39eb94fcf731399a7693ebd8dd37d1b3232ea1184ca98e5ca0ba6165e1a05c' [stable]='32a039e8d3cc54404a8ad4a31981e76a49632f1ebec2f45bb309689d6ba2f82e3e8aea8abf582b49931636ea53271b48a7e2f2ef8ebe35b167b3fe18b8b99852' ) From 7f1ef355dea083761951da16ab02ea2c37addbdd Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 28 Mar 2023 12:34:13 -0700 Subject: [PATCH 256/377] Updated njs for stable to 0.7.11. --- stable/alpine-perl/Dockerfile | 10 +++++----- stable/alpine-slim/Dockerfile | 10 +++++----- stable/alpine/Dockerfile | 12 ++++++------ stable/debian/Dockerfile | 2 +- update.sh | 6 +++--- 5 files changed, 20 insertions(+), 20 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index b681d57c..d929754c 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -54,16 +54,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/757.tar.gz \ - && PKGOSSCHECKSUM=\"32a039e8d3cc54404a8ad4a31981e76a49632f1ebec2f45bb309689d6ba2f82e3e8aea8abf582b49931636ea53271b48a7e2f2ef8ebe35b167b3fe18b8b99852 *757.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 757.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/811.tar.gz \ + && PKGOSSCHECKSUM=\"c979fbdcc429d146f7fce922b0cc3f47dfbfbec5685af82395c59e21216dce47ef13fc26d610f1faabc0cb3a4ee58b42000c511bf77277f0898f5de55c868dcc *811.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 811.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 757.tar.gz \ - && cd pkg-oss-757 \ + && tar xzvf 811.tar.gz \ + && cd pkg-oss-811 \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index ba490558..221f28b3 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/757.tar.gz \ - && PKGOSSCHECKSUM=\"32a039e8d3cc54404a8ad4a31981e76a49632f1ebec2f45bb309689d6ba2f82e3e8aea8abf582b49931636ea53271b48a7e2f2ef8ebe35b167b3fe18b8b99852 *757.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 757.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/811.tar.gz \ + && PKGOSSCHECKSUM=\"c979fbdcc429d146f7fce922b0cc3f47dfbfbec5685af82395c59e21216dce47ef13fc26d610f1faabc0cb3a4ee58b42000c511bf77277f0898f5de55c868dcc *811.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 811.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 757.tar.gz \ - && cd pkg-oss-757 \ + && tar xzvf 811.tar.gz \ + && cd pkg-oss-811 \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index f7bf3881..a5b7d644 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -5,7 +5,7 @@ # FROM nginx:1.22.1-alpine-slim -ENV NJS_VERSION 0.7.9 +ENV NJS_VERSION 0.7.11 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -58,16 +58,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/757.tar.gz \ - && PKGOSSCHECKSUM=\"32a039e8d3cc54404a8ad4a31981e76a49632f1ebec2f45bb309689d6ba2f82e3e8aea8abf582b49931636ea53271b48a7e2f2ef8ebe35b167b3fe18b8b99852 *757.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 757.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/811.tar.gz \ + && PKGOSSCHECKSUM=\"c979fbdcc429d146f7fce922b0cc3f47dfbfbec5685af82395c59e21216dce47ef13fc26d610f1faabc0cb3a4ee58b42000c511bf77277f0898f5de55c868dcc *811.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 811.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 757.tar.gz \ - && cd pkg-oss-757 \ + && tar xzvf 811.tar.gz \ + && cd pkg-oss-811 \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 2bbeffd9..db048dd6 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.22.1 -ENV NJS_VERSION 0.7.9 +ENV NJS_VERSION 0.7.11 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/update.sh b/update.sh index 4c059b96..42152377 100755 --- a/update.sh +++ b/update.sh @@ -19,7 +19,7 @@ declare -A nginx=( # Current njs versions declare -A njs=( [mainline]='0.7.11' - [stable]='0.7.9' + [stable]='0.7.11' ) # Current package patchlevel version @@ -45,7 +45,7 @@ declare -A alpine=( # Remember to update pkgosschecksum when changing this. declare -A rev=( [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' - [stable]='757' + [stable]='811' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code @@ -53,7 +53,7 @@ declare -A rev=( # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( [mainline]='8f3f6c1ddd984c0c7320d3bea25eee42749db6d69c251223cf91d69b8d80b703ab39eb94fcf731399a7693ebd8dd37d1b3232ea1184ca98e5ca0ba6165e1a05c' - [stable]='32a039e8d3cc54404a8ad4a31981e76a49632f1ebec2f45bb309689d6ba2f82e3e8aea8abf582b49931636ea53271b48a7e2f2ef8ebe35b167b3fe18b8b99852' + [stable]='c979fbdcc429d146f7fce922b0cc3f47dfbfbec5685af82395c59e21216dce47ef13fc26d610f1faabc0cb3a4ee58b42000c511bf77277f0898f5de55c868dcc' ) get_packages() { From 1a8d87b69760693a8e33cd8a9e0c2e5f0e8b0e3c Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 11 Apr 2023 12:57:07 -0700 Subject: [PATCH 257/377] Updated stable nginx to 1.24.0. --- generate-stackbrew-library.sh | 2 +- stable/alpine-perl/Dockerfile | 12 ++++++------ stable/alpine-slim/Dockerfile | 12 ++++++------ stable/alpine/Dockerfile | 14 +++++++------- stable/debian-perl/Dockerfile | 2 +- stable/debian/Dockerfile | 4 ++-- sync-awsecr.sh | 2 +- update.sh | 8 ++++---- 8 files changed, 28 insertions(+), 28 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index d5b71cb2..cb25d013 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -4,7 +4,7 @@ set -eu declare -A aliases aliases=( [mainline]='1 1.23 latest' - [stable]='1.22' + [stable]='1.24' ) self="$(basename "$BASH_SOURCE")" diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index d929754c..15cc834a 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.22.1-alpine +FROM nginx:1.24.0-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -54,16 +54,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/811.tar.gz \ - && PKGOSSCHECKSUM=\"c979fbdcc429d146f7fce922b0cc3f47dfbfbec5685af82395c59e21216dce47ef13fc26d610f1faabc0cb3a4ee58b42000c511bf77277f0898f5de55c868dcc *811.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 811.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"dc47dbaeb1c0874b264d34ddfec40e7d2b814e7db48d144e12d5991c743ef5fcf780ecbab72324e562dd84bb9c0e4dd71d14850b20ceaf470c46f8fe7510275b *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 811.tar.gz \ - && cd pkg-oss-811 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 221f28b3..0f8c0b29 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.17 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.22.1 +ENV NGINX_VERSION 1.24.0 ENV PKG_RELEASE 1 RUN set -x \ @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/811.tar.gz \ - && PKGOSSCHECKSUM=\"c979fbdcc429d146f7fce922b0cc3f47dfbfbec5685af82395c59e21216dce47ef13fc26d610f1faabc0cb3a4ee58b42000c511bf77277f0898f5de55c868dcc *811.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 811.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"dc47dbaeb1c0874b264d34ddfec40e7d2b814e7db48d144e12d5991c743ef5fcf780ecbab72324e562dd84bb9c0e4dd71d14850b20ceaf470c46f8fe7510275b *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 811.tar.gz \ - && cd pkg-oss-811 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index a5b7d644..a5842e10 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.22.1-alpine-slim +FROM nginx:1.24.0-alpine-slim -ENV NJS_VERSION 0.7.11 +ENV NJS_VERSION 0.7.12 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -58,16 +58,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/811.tar.gz \ - && PKGOSSCHECKSUM=\"c979fbdcc429d146f7fce922b0cc3f47dfbfbec5685af82395c59e21216dce47ef13fc26d610f1faabc0cb3a4ee58b42000c511bf77277f0898f5de55c868dcc *811.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 811.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"dc47dbaeb1c0874b264d34ddfec40e7d2b814e7db48d144e12d5991c743ef5fcf780ecbab72324e562dd84bb9c0e4dd71d14850b20ceaf470c46f8fe7510275b *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 811.tar.gz \ - && cd pkg-oss-811 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 55d2b8ba..e485478c 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.22.1 +FROM nginx:1.24.0 RUN set -x \ && apt-get update \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index db048dd6..be3ec607 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.22.1 -ENV NJS_VERSION 0.7.11 +ENV NGINX_VERSION 1.24.0 +ENV NJS_VERSION 0.7.12 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/sync-awsecr.sh b/sync-awsecr.sh index 3e10a9ba..015dd630 100755 --- a/sync-awsecr.sh +++ b/sync-awsecr.sh @@ -7,7 +7,7 @@ registry="public.ecr.aws/z9d2n7e1" declare -A aliases aliases=( [mainline]='1 1.23 latest' - [stable]='1.22' + [stable]='1.24' ) architectures=( amd64 arm64v8 ) diff --git a/update.sh b/update.sh index 42152377..e545c72b 100755 --- a/update.sh +++ b/update.sh @@ -13,13 +13,13 @@ declare branches=( # Remember to update pkgosschecksum when changing this. declare -A nginx=( [mainline]='1.23.4' - [stable]='1.22.1' + [stable]='1.24.0' ) # Current njs versions declare -A njs=( [mainline]='0.7.11' - [stable]='0.7.11' + [stable]='0.7.12' ) # Current package patchlevel version @@ -45,7 +45,7 @@ declare -A alpine=( # Remember to update pkgosschecksum when changing this. declare -A rev=( [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' - [stable]='811' + [stable]='${NGINX_VERSION}-${PKG_RELEASE}' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code @@ -53,7 +53,7 @@ declare -A rev=( # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( [mainline]='8f3f6c1ddd984c0c7320d3bea25eee42749db6d69c251223cf91d69b8d80b703ab39eb94fcf731399a7693ebd8dd37d1b3232ea1184ca98e5ca0ba6165e1a05c' - [stable]='c979fbdcc429d146f7fce922b0cc3f47dfbfbec5685af82395c59e21216dce47ef13fc26d610f1faabc0cb3a4ee58b42000c511bf77277f0898f5de55c868dcc' + [stable]='dc47dbaeb1c0874b264d34ddfec40e7d2b814e7db48d144e12d5991c743ef5fcf780ecbab72324e562dd84bb9c0e4dd71d14850b20ceaf470c46f8fe7510275b' ) get_packages() { From b053826f5ddc6cccd43ada260c8077744319363d Mon Sep 17 00:00:00 2001 From: Iain Henderson Date: Thu, 18 May 2023 07:08:35 -0400 Subject: [PATCH 258/377] 20-envsubst-on-templates.sh: added stream templating. Fixes: https://github.com/nginxinc/docker-nginx/pull/782 --- entrypoint/20-envsubst-on-templates.sh | 39 ++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/entrypoint/20-envsubst-on-templates.sh b/entrypoint/20-envsubst-on-templates.sh index d0398b1e..f3fb9fcb 100755 --- a/entrypoint/20-envsubst-on-templates.sh +++ b/entrypoint/20-envsubst-on-templates.sh @@ -10,10 +10,30 @@ entrypoint_log() { fi } +add_stream_block() { + local conffile="/etc/nginx/nginx.conf" + + if grep -q -E "\s*stream\s*\{" "$conffile"; then + entrypoint_log "$ME: $conffile contains a stream block; include $stream_output_dir/*.conf to enable stream templates" + else + # check if the file can be modified, e.g. not on a r/o filesystem + touch "$conffile" 2>/dev/null || { entrypoint_log "$ME: info: can not modify $conffile (read-only file system?)"; exit 0; } + entrypoint_log "$ME: Appending stream block to $conffile to include $stream_output_dir/*.conf" + cat << END >> "$conffile" +# added by "$ME" on "$(date)" +stream { + include $stream_output_dir/*.conf; +} +END + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local stream_suffix="${NGINX_ENVSUBST_STREAM_TEMPLATE_SUFFIX:-.stream-template}" + local stream_output_dir="${NGINX_ENVSUBST_STREAM_OUTPUT_DIR:-/etc/nginx/stream-conf.d}" local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir @@ -32,6 +52,25 @@ auto_envsubst() { entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done + + # Print the first file with the stream suffix, this will be false if there are none + if test -n "$(find "$template_dir" -name "*$stream_suffix" -print -quit)"; then + mkdir -p "$stream_output_dir" + if [ ! -w "$stream_output_dir" ]; then + entrypoint_log "$ME: ERROR: $template_dir exists, but $stream_output_dir is not writable" + return 0 + fi + add_stream_block + find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do + relative_path="${template#$template_dir/}" + output_path="$stream_output_dir/${relative_path%$stream_suffix}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$stream_output_dir/$subdir" + entrypoint_log "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done + fi } auto_envsubst From ee6b833b5d9d1966b85a5d318efc04cf8b1c1ba5 Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Tue, 23 May 2023 15:13:44 -0700 Subject: [PATCH 259/377] Bump NGINX mainline to 1.25.0, NJS to 0.7.12 --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine-slim/Dockerfile | 2 +- mainline/alpine/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 4 ++-- update.sh | 4 ++-- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 134f4455..9a97a76f 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.23.4-alpine +FROM nginx:1.25.0-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index f35e861c..cfac0da7 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.17 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.4 +ENV NGINX_VERSION 1.25.0 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index bb064be5..e02bf1e8 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.23.4-alpine-slim +FROM nginx:1.25.0-alpine-slim -ENV NJS_VERSION 0.7.11 +ENV NJS_VERSION 0.7.12 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 44ac453d..fe8ab0e5 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.23.4 +FROM nginx:1.25.0 RUN set -x \ && apt-get update \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 31b13877..c3ccd5d4 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.4 -ENV NJS_VERSION 0.7.11 +ENV NGINX_VERSION 1.25.0 +ENV NJS_VERSION 0.7.12 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/update.sh b/update.sh index e545c72b..36e7cc08 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.23.4' + [mainline]='1.25.0' [stable]='1.24.0' ) # Current njs versions declare -A njs=( - [mainline]='0.7.11' + [mainline]='0.7.12' [stable]='0.7.12' ) From 123ef33694fccfefcb7db63251b21c0496537c76 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 May 2023 17:25:42 -0700 Subject: [PATCH 260/377] Updated pkgosschecksum to fetch sources for 1.25.0 builds. --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine-slim/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- update.sh | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 9a97a76f..93576b1c 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -55,7 +55,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"8f3f6c1ddd984c0c7320d3bea25eee42749db6d69c251223cf91d69b8d80b703ab39eb94fcf731399a7693ebd8dd37d1b3232ea1184ca98e5ca0ba6165e1a05c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"18bee4bd498e0b8da765e8cd2d824e1027d40fd95d55fd59339cdb5d5e0e633795f4196c76045e86027cdfc6ab05a3cc0d39b25bd0a967f1edd47910d813262a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index cfac0da7..8edcb094 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -57,7 +57,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"8f3f6c1ddd984c0c7320d3bea25eee42749db6d69c251223cf91d69b8d80b703ab39eb94fcf731399a7693ebd8dd37d1b3232ea1184ca98e5ca0ba6165e1a05c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"18bee4bd498e0b8da765e8cd2d824e1027d40fd95d55fd59339cdb5d5e0e633795f4196c76045e86027cdfc6ab05a3cc0d39b25bd0a967f1edd47910d813262a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index e02bf1e8..901442b4 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"8f3f6c1ddd984c0c7320d3bea25eee42749db6d69c251223cf91d69b8d80b703ab39eb94fcf731399a7693ebd8dd37d1b3232ea1184ca98e5ca0ba6165e1a05c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"18bee4bd498e0b8da765e8cd2d824e1027d40fd95d55fd59339cdb5d5e0e633795f4196c76045e86027cdfc6ab05a3cc0d39b25bd0a967f1edd47910d813262a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/update.sh b/update.sh index 36e7cc08..c8363f98 100755 --- a/update.sh +++ b/update.sh @@ -52,7 +52,7 @@ declare -A rev=( # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='8f3f6c1ddd984c0c7320d3bea25eee42749db6d69c251223cf91d69b8d80b703ab39eb94fcf731399a7693ebd8dd37d1b3232ea1184ca98e5ca0ba6165e1a05c' + [mainline]='18bee4bd498e0b8da765e8cd2d824e1027d40fd95d55fd59339cdb5d5e0e633795f4196c76045e86027cdfc6ab05a3cc0d39b25bd0a967f1edd47910d813262a' [stable]='dc47dbaeb1c0874b264d34ddfec40e7d2b814e7db48d144e12d5991c743ef5fcf780ecbab72324e562dd84bb9c0e4dd71d14850b20ceaf470c46f8fe7510275b' ) From 3591b5e431af710432bd4852d9ee26eb19992776 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 May 2023 17:31:05 -0700 Subject: [PATCH 261/377] Updated mainline entrypoints after b053826f5ddc6cccd43ada260c8077744319363d. --- .../alpine-slim/20-envsubst-on-templates.sh | 39 +++++++++++++++++++ mainline/debian/20-envsubst-on-templates.sh | 39 +++++++++++++++++++ 2 files changed, 78 insertions(+) diff --git a/mainline/alpine-slim/20-envsubst-on-templates.sh b/mainline/alpine-slim/20-envsubst-on-templates.sh index d0398b1e..f3fb9fcb 100755 --- a/mainline/alpine-slim/20-envsubst-on-templates.sh +++ b/mainline/alpine-slim/20-envsubst-on-templates.sh @@ -10,10 +10,30 @@ entrypoint_log() { fi } +add_stream_block() { + local conffile="/etc/nginx/nginx.conf" + + if grep -q -E "\s*stream\s*\{" "$conffile"; then + entrypoint_log "$ME: $conffile contains a stream block; include $stream_output_dir/*.conf to enable stream templates" + else + # check if the file can be modified, e.g. not on a r/o filesystem + touch "$conffile" 2>/dev/null || { entrypoint_log "$ME: info: can not modify $conffile (read-only file system?)"; exit 0; } + entrypoint_log "$ME: Appending stream block to $conffile to include $stream_output_dir/*.conf" + cat << END >> "$conffile" +# added by "$ME" on "$(date)" +stream { + include $stream_output_dir/*.conf; +} +END + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local stream_suffix="${NGINX_ENVSUBST_STREAM_TEMPLATE_SUFFIX:-.stream-template}" + local stream_output_dir="${NGINX_ENVSUBST_STREAM_OUTPUT_DIR:-/etc/nginx/stream-conf.d}" local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir @@ -32,6 +52,25 @@ auto_envsubst() { entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done + + # Print the first file with the stream suffix, this will be false if there are none + if test -n "$(find "$template_dir" -name "*$stream_suffix" -print -quit)"; then + mkdir -p "$stream_output_dir" + if [ ! -w "$stream_output_dir" ]; then + entrypoint_log "$ME: ERROR: $template_dir exists, but $stream_output_dir is not writable" + return 0 + fi + add_stream_block + find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do + relative_path="${template#$template_dir/}" + output_path="$stream_output_dir/${relative_path%$stream_suffix}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$stream_output_dir/$subdir" + entrypoint_log "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done + fi } auto_envsubst diff --git a/mainline/debian/20-envsubst-on-templates.sh b/mainline/debian/20-envsubst-on-templates.sh index d0398b1e..f3fb9fcb 100755 --- a/mainline/debian/20-envsubst-on-templates.sh +++ b/mainline/debian/20-envsubst-on-templates.sh @@ -10,10 +10,30 @@ entrypoint_log() { fi } +add_stream_block() { + local conffile="/etc/nginx/nginx.conf" + + if grep -q -E "\s*stream\s*\{" "$conffile"; then + entrypoint_log "$ME: $conffile contains a stream block; include $stream_output_dir/*.conf to enable stream templates" + else + # check if the file can be modified, e.g. not on a r/o filesystem + touch "$conffile" 2>/dev/null || { entrypoint_log "$ME: info: can not modify $conffile (read-only file system?)"; exit 0; } + entrypoint_log "$ME: Appending stream block to $conffile to include $stream_output_dir/*.conf" + cat << END >> "$conffile" +# added by "$ME" on "$(date)" +stream { + include $stream_output_dir/*.conf; +} +END + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local stream_suffix="${NGINX_ENVSUBST_STREAM_TEMPLATE_SUFFIX:-.stream-template}" + local stream_output_dir="${NGINX_ENVSUBST_STREAM_OUTPUT_DIR:-/etc/nginx/stream-conf.d}" local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir @@ -32,6 +52,25 @@ auto_envsubst() { entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done + + # Print the first file with the stream suffix, this will be false if there are none + if test -n "$(find "$template_dir" -name "*$stream_suffix" -print -quit)"; then + mkdir -p "$stream_output_dir" + if [ ! -w "$stream_output_dir" ]; then + entrypoint_log "$ME: ERROR: $template_dir exists, but $stream_output_dir is not writable" + return 0 + fi + add_stream_block + find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do + relative_path="${template#$template_dir/}" + output_path="$stream_output_dir/${relative_path%$stream_suffix}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$stream_output_dir/$subdir" + entrypoint_log "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done + fi } auto_envsubst From 0cfc9381f01c6cd455e014ad738b5bcdffe8024c Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 24 May 2023 09:45:03 -0700 Subject: [PATCH 262/377] Bumped mainline version to 1.25 in auxiliary scripts. --- generate-stackbrew-library.sh | 2 +- sync-awsecr.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index cb25d013..eba3c321 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -3,7 +3,7 @@ set -eu declare -A aliases aliases=( - [mainline]='1 1.23 latest' + [mainline]='1 1.25 latest' [stable]='1.24' ) diff --git a/sync-awsecr.sh b/sync-awsecr.sh index 015dd630..8730f1b9 100755 --- a/sync-awsecr.sh +++ b/sync-awsecr.sh @@ -6,7 +6,7 @@ registry="public.ecr.aws/z9d2n7e1" declare -A aliases aliases=( - [mainline]='1 1.23 latest' + [mainline]='1 1.25 latest' [stable]='1.24' ) From 2b0c2850785c31550087ab9010c6b7cf0890f714 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 24 May 2023 18:51:40 -0700 Subject: [PATCH 263/377] Added a local resolver entrypoint script. If enabled via NGINX_ENTRYPOINT_LOCAL_RESOLVERS variable, this script will populate NGINX_LOCAL_RESOLVERS variable that can be used in the envsubst-base templating to populate the configuration files. Fixes https://github.com/nginxinc/docker-nginx/issues/673 --- Dockerfile-alpine-slim.template | 1 + Dockerfile-debian.template | 1 + entrypoint/15-local-resolvers.envsh | 11 +++++++++++ 3 files changed, 13 insertions(+) create mode 100755 entrypoint/15-local-resolvers.envsh diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template index 57b9be42..65be8916 100644 --- a/Dockerfile-alpine-slim.template +++ b/Dockerfile-alpine-slim.template @@ -104,6 +104,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 15-local-resolvers.envsh /docker-entrypoint.d COPY 20-envsubst-on-templates.sh /docker-entrypoint.d COPY 30-tune-worker-processes.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index b4f3bd94..404094f1 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -97,6 +97,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 15-local-resolvers.envsh /docker-entrypoint.d COPY 20-envsubst-on-templates.sh /docker-entrypoint.d COPY 30-tune-worker-processes.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] diff --git a/entrypoint/15-local-resolvers.envsh b/entrypoint/15-local-resolvers.envsh new file mode 100755 index 00000000..12d92849 --- /dev/null +++ b/entrypoint/15-local-resolvers.envsh @@ -0,0 +1,11 @@ +#!/bin/sh +# vim:sw=2:ts=2:sts=2:et + +set -eu + +LC_ALL=C +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +if [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS}" ]; then + export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +fi From 9f5b41a99cd6f6da6afa615849c41b1393483106 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 26 May 2023 16:41:07 -0700 Subject: [PATCH 264/377] Added alpine-slim to sync script. --- sync-awsecr.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sync-awsecr.sh b/sync-awsecr.sh index 8730f1b9..5065c3b5 100755 --- a/sync-awsecr.sh +++ b/sync-awsecr.sh @@ -55,7 +55,7 @@ for version in "${versions[@]}"; do commit="$(dirCommit "$version/$base")" fullVersion="$(git show "$commit":"$version/$base/Dockerfile" | awk '$1 == "ENV" && $2 == "NGINX_VERSION" { print $3; exit }')" pulllist+=( "$image:$fullVersion" ) - for variant in perl alpine alpine-perl; do + for variant in perl alpine alpine-perl alpine-slim; do pulllist+=( "$image:$fullVersion-$variant" ) done done @@ -86,7 +86,7 @@ for version in "${versions[@]}"; do done done - for variant in alpine alpine-perl; do + for variant in alpine alpine-perl alpine-slim; do commit="$(dirCommit "$version/$variant")" variantAliases=( "${versionAliases[@]/%/-$variant}" ) From 526d1db8dc40e3445a2cad48a2193db9e763f349 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 30 May 2023 11:52:56 -0700 Subject: [PATCH 265/377] update.sh: copy *.envsh to target directories. --- update.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/update.sh b/update.sh index c8363f98..2dcbb20d 100755 --- a/update.sh +++ b/update.sh @@ -203,5 +203,6 @@ for branch in "${branches[@]}"; do echo "$branch: $variant entrypoint scripts" dir="$branch/$variant" cp -a entrypoint/*.sh "$dir/" + cp -a entrypoint/*.envsh "$dir/" done done From 10fa7fccfbfcaf172e2da956ba21e053020029ac Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 30 May 2023 14:01:57 -0700 Subject: [PATCH 266/377] Updated entrypoints and dockerfiles after recent commits. --- mainline/alpine-slim/15-local-resolvers.envsh | 11 ++++++ mainline/alpine-slim/Dockerfile | 1 + mainline/debian/15-local-resolvers.envsh | 11 ++++++ mainline/debian/Dockerfile | 1 + stable/alpine-slim/15-local-resolvers.envsh | 11 ++++++ .../alpine-slim/20-envsubst-on-templates.sh | 39 +++++++++++++++++++ stable/alpine-slim/Dockerfile | 1 + stable/debian/15-local-resolvers.envsh | 11 ++++++ stable/debian/20-envsubst-on-templates.sh | 39 +++++++++++++++++++ stable/debian/Dockerfile | 1 + 10 files changed, 126 insertions(+) create mode 100755 mainline/alpine-slim/15-local-resolvers.envsh create mode 100755 mainline/debian/15-local-resolvers.envsh create mode 100755 stable/alpine-slim/15-local-resolvers.envsh create mode 100755 stable/debian/15-local-resolvers.envsh diff --git a/mainline/alpine-slim/15-local-resolvers.envsh b/mainline/alpine-slim/15-local-resolvers.envsh new file mode 100755 index 00000000..12d92849 --- /dev/null +++ b/mainline/alpine-slim/15-local-resolvers.envsh @@ -0,0 +1,11 @@ +#!/bin/sh +# vim:sw=2:ts=2:sts=2:et + +set -eu + +LC_ALL=C +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +if [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS}" ]; then + export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +fi diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 8edcb094..dbc44b3e 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -110,6 +110,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 15-local-resolvers.envsh /docker-entrypoint.d COPY 20-envsubst-on-templates.sh /docker-entrypoint.d COPY 30-tune-worker-processes.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] diff --git a/mainline/debian/15-local-resolvers.envsh b/mainline/debian/15-local-resolvers.envsh new file mode 100755 index 00000000..12d92849 --- /dev/null +++ b/mainline/debian/15-local-resolvers.envsh @@ -0,0 +1,11 @@ +#!/bin/sh +# vim:sw=2:ts=2:sts=2:et + +set -eu + +LC_ALL=C +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +if [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS}" ]; then + export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +fi diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index c3ccd5d4..a4ee7e6b 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -107,6 +107,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 15-local-resolvers.envsh /docker-entrypoint.d COPY 20-envsubst-on-templates.sh /docker-entrypoint.d COPY 30-tune-worker-processes.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] diff --git a/stable/alpine-slim/15-local-resolvers.envsh b/stable/alpine-slim/15-local-resolvers.envsh new file mode 100755 index 00000000..12d92849 --- /dev/null +++ b/stable/alpine-slim/15-local-resolvers.envsh @@ -0,0 +1,11 @@ +#!/bin/sh +# vim:sw=2:ts=2:sts=2:et + +set -eu + +LC_ALL=C +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +if [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS}" ]; then + export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +fi diff --git a/stable/alpine-slim/20-envsubst-on-templates.sh b/stable/alpine-slim/20-envsubst-on-templates.sh index d0398b1e..f3fb9fcb 100755 --- a/stable/alpine-slim/20-envsubst-on-templates.sh +++ b/stable/alpine-slim/20-envsubst-on-templates.sh @@ -10,10 +10,30 @@ entrypoint_log() { fi } +add_stream_block() { + local conffile="/etc/nginx/nginx.conf" + + if grep -q -E "\s*stream\s*\{" "$conffile"; then + entrypoint_log "$ME: $conffile contains a stream block; include $stream_output_dir/*.conf to enable stream templates" + else + # check if the file can be modified, e.g. not on a r/o filesystem + touch "$conffile" 2>/dev/null || { entrypoint_log "$ME: info: can not modify $conffile (read-only file system?)"; exit 0; } + entrypoint_log "$ME: Appending stream block to $conffile to include $stream_output_dir/*.conf" + cat << END >> "$conffile" +# added by "$ME" on "$(date)" +stream { + include $stream_output_dir/*.conf; +} +END + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local stream_suffix="${NGINX_ENVSUBST_STREAM_TEMPLATE_SUFFIX:-.stream-template}" + local stream_output_dir="${NGINX_ENVSUBST_STREAM_OUTPUT_DIR:-/etc/nginx/stream-conf.d}" local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir @@ -32,6 +52,25 @@ auto_envsubst() { entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done + + # Print the first file with the stream suffix, this will be false if there are none + if test -n "$(find "$template_dir" -name "*$stream_suffix" -print -quit)"; then + mkdir -p "$stream_output_dir" + if [ ! -w "$stream_output_dir" ]; then + entrypoint_log "$ME: ERROR: $template_dir exists, but $stream_output_dir is not writable" + return 0 + fi + add_stream_block + find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do + relative_path="${template#$template_dir/}" + output_path="$stream_output_dir/${relative_path%$stream_suffix}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$stream_output_dir/$subdir" + entrypoint_log "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done + fi } auto_envsubst diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 0f8c0b29..c650e81f 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -110,6 +110,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 15-local-resolvers.envsh /docker-entrypoint.d COPY 20-envsubst-on-templates.sh /docker-entrypoint.d COPY 30-tune-worker-processes.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] diff --git a/stable/debian/15-local-resolvers.envsh b/stable/debian/15-local-resolvers.envsh new file mode 100755 index 00000000..12d92849 --- /dev/null +++ b/stable/debian/15-local-resolvers.envsh @@ -0,0 +1,11 @@ +#!/bin/sh +# vim:sw=2:ts=2:sts=2:et + +set -eu + +LC_ALL=C +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +if [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS}" ]; then + export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +fi diff --git a/stable/debian/20-envsubst-on-templates.sh b/stable/debian/20-envsubst-on-templates.sh index d0398b1e..f3fb9fcb 100755 --- a/stable/debian/20-envsubst-on-templates.sh +++ b/stable/debian/20-envsubst-on-templates.sh @@ -10,10 +10,30 @@ entrypoint_log() { fi } +add_stream_block() { + local conffile="/etc/nginx/nginx.conf" + + if grep -q -E "\s*stream\s*\{" "$conffile"; then + entrypoint_log "$ME: $conffile contains a stream block; include $stream_output_dir/*.conf to enable stream templates" + else + # check if the file can be modified, e.g. not on a r/o filesystem + touch "$conffile" 2>/dev/null || { entrypoint_log "$ME: info: can not modify $conffile (read-only file system?)"; exit 0; } + entrypoint_log "$ME: Appending stream block to $conffile to include $stream_output_dir/*.conf" + cat << END >> "$conffile" +# added by "$ME" on "$(date)" +stream { + include $stream_output_dir/*.conf; +} +END + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local stream_suffix="${NGINX_ENVSUBST_STREAM_TEMPLATE_SUFFIX:-.stream-template}" + local stream_output_dir="${NGINX_ENVSUBST_STREAM_OUTPUT_DIR:-/etc/nginx/stream-conf.d}" local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir @@ -32,6 +52,25 @@ auto_envsubst() { entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done + + # Print the first file with the stream suffix, this will be false if there are none + if test -n "$(find "$template_dir" -name "*$stream_suffix" -print -quit)"; then + mkdir -p "$stream_output_dir" + if [ ! -w "$stream_output_dir" ]; then + entrypoint_log "$ME: ERROR: $template_dir exists, but $stream_output_dir is not writable" + return 0 + fi + add_stream_block + find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do + relative_path="${template#$template_dir/}" + output_path="$stream_output_dir/${relative_path%$stream_suffix}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$stream_output_dir/$subdir" + entrypoint_log "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done + fi } auto_envsubst diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index be3ec607..0b7ec02b 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -107,6 +107,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 15-local-resolvers.envsh /docker-entrypoint.d COPY 20-envsubst-on-templates.sh /docker-entrypoint.d COPY 30-tune-worker-processes.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] From b3fc0e631e0eabfd842c04b9fae5345a9264334e Mon Sep 17 00:00:00 2001 From: J0WI Date: Fri, 2 Jun 2023 14:24:50 +0200 Subject: [PATCH 267/377] Add no-network option --- Dockerfile-alpine-perl.template | 4 ++-- Dockerfile-alpine-slim.template | 6 +++--- Dockerfile-alpine.template | 4 ++-- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 6 +++--- mainline/alpine/Dockerfile | 4 ++-- stable/alpine-perl/Dockerfile | 4 ++-- stable/alpine-slim/Dockerfile | 6 +++--- stable/alpine/Dockerfile | 4 ++-- 9 files changed, 21 insertions(+), 21 deletions(-) diff --git a/Dockerfile-alpine-perl.template b/Dockerfile-alpine-perl.template index a1aaac54..c4e06400 100644 --- a/Dockerfile-alpine-perl.template +++ b/Dockerfile-alpine-perl.template @@ -59,12 +59,12 @@ RUN set -x \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ - && apk del .build-deps \ + && apk del --no-network .build-deps \ && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ # remove checksum deps - && apk del .checksum-deps \ + && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template index 65be8916..7c8347e9 100644 --- a/Dockerfile-alpine-slim.template +++ b/Dockerfile-alpine-slim.template @@ -66,12 +66,12 @@ RUN set -x \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ - && apk del .build-deps \ + && apk del --no-network .build-deps \ && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ # remove checksum deps - && apk del .checksum-deps \ + && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ @@ -91,7 +91,7 @@ RUN set -x \ | sort -u \ )" \ && apk add --no-cache $runDeps \ - && apk del .gettext \ + && apk del --no-network .gettext \ && mv /tmp/envsubst /usr/local/bin/ \ # Bring in tzdata so users could set the timezones through the environment # variables diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 8c464dfd..ba91fe6c 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -64,12 +64,12 @@ RUN set -x \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ - && apk del .build-deps \ + && apk del --no-network .build-deps \ && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ # remove checksum deps - && apk del .checksum-deps \ + && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 93576b1c..18d3aaea 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -70,12 +70,12 @@ RUN set -x \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ - && apk del .build-deps \ + && apk del --no-network .build-deps \ && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ # remove checksum deps - && apk del .checksum-deps \ + && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index dbc44b3e..6c56ba68 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -72,12 +72,12 @@ RUN set -x \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ - && apk del .build-deps \ + && apk del --no-network .build-deps \ && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ # remove checksum deps - && apk del .checksum-deps \ + && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ @@ -97,7 +97,7 @@ RUN set -x \ | sort -u \ )" \ && apk add --no-cache $runDeps \ - && apk del .gettext \ + && apk del --no-network .gettext \ && mv /tmp/envsubst /usr/local/bin/ \ # Bring in tzdata so users could set the timezones through the environment # variables diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 901442b4..1741b7bf 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -74,12 +74,12 @@ RUN set -x \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ - && apk del .build-deps \ + && apk del --no-network .build-deps \ && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ # remove checksum deps - && apk del .checksum-deps \ + && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 15cc834a..7d1c92c0 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -70,12 +70,12 @@ RUN set -x \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ - && apk del .build-deps \ + && apk del --no-network .build-deps \ && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ # remove checksum deps - && apk del .checksum-deps \ + && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index c650e81f..464de81f 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -72,12 +72,12 @@ RUN set -x \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ - && apk del .build-deps \ + && apk del --no-network .build-deps \ && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ # remove checksum deps - && apk del .checksum-deps \ + && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ @@ -97,7 +97,7 @@ RUN set -x \ | sort -u \ )" \ && apk add --no-cache $runDeps \ - && apk del .gettext \ + && apk del --no-network .gettext \ && mv /tmp/envsubst /usr/local/bin/ \ # Bring in tzdata so users could set the timezones through the environment # variables diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index a5842e10..0c8c6969 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -74,12 +74,12 @@ RUN set -x \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ - && apk del .build-deps \ + && apk del --no-network .build-deps \ && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ # remove checksum deps - && apk del .checksum-deps \ + && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ From 1d46d905b1e75b30ebce631fe8de8a7282e0f404 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 13 Jun 2023 11:47:50 -0700 Subject: [PATCH 268/377] Updated mainline nginx to 1.25.1. --- update.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/update.sh b/update.sh index 2dcbb20d..2b5797dc 100755 --- a/update.sh +++ b/update.sh @@ -12,7 +12,7 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.25.0' + [mainline]='1.25.1' [stable]='1.24.0' ) @@ -52,7 +52,7 @@ declare -A rev=( # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='18bee4bd498e0b8da765e8cd2d824e1027d40fd95d55fd59339cdb5d5e0e633795f4196c76045e86027cdfc6ab05a3cc0d39b25bd0a967f1edd47910d813262a' + [mainline]='dd08a5c2b441817d58ffc91ade0d927a21bc9854c768391e92a005997a2961bcda64ca6a5cfce98d5394ac2787c8f4839b150f206835a8a7db944625651f9fd8' [stable]='dc47dbaeb1c0874b264d34ddfec40e7d2b814e7db48d144e12d5991c743ef5fcf780ecbab72324e562dd84bb9c0e4dd71d14850b20ceaf470c46f8fe7510275b' ) From dc87ccb2f43156de35f682e7c85d3a848f0fcace Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 13 Jun 2023 11:48:15 -0700 Subject: [PATCH 269/377] Moved mainline nginx to Debian 12 "Bookworm". --- update.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/update.sh b/update.sh index 2b5797dc..3d4feb4b 100755 --- a/update.sh +++ b/update.sh @@ -30,7 +30,7 @@ declare -A pkg=( ) declare -A debian=( - [mainline]='bullseye' + [mainline]='bookworm' [stable]='bullseye' ) From 4ac589e5161def34bb9e02324fb52ed337611f48 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 13 Jun 2023 11:56:07 -0700 Subject: [PATCH 270/377] Debian: move to groupadd/useradd. --- Dockerfile-debian.template | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 404094f1..4615a39f 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -8,8 +8,8 @@ ENV PKG_RELEASE %%PKG_RELEASE%% RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants - && addgroup --system --gid 101 nginx \ - && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ + && groupadd --system --gid 101 nginx \ + && useradd --system --gid nginx --no-create-home --home /nonexistent --comment "nginx user" --shell /bin/false --uid 101 nginx \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ From 5673d69221fa0367040d60397cc0d39ee892f4d5 Mon Sep 17 00:00:00 2001 From: Eugene Venter Date: Wed, 7 Jun 2023 14:15:32 +1200 Subject: [PATCH 271/377] fix unbound variable issue in local resolver entrypoint script --- entrypoint/15-local-resolvers.envsh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/entrypoint/15-local-resolvers.envsh b/entrypoint/15-local-resolvers.envsh index 12d92849..93062159 100755 --- a/entrypoint/15-local-resolvers.envsh +++ b/entrypoint/15-local-resolvers.envsh @@ -6,6 +6,6 @@ set -eu LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin -if [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS}" ]; then - export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) -fi +[ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 + +export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) From 7870605f4b93d86e898af291086d77ab9e6b96e3 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 13 Jun 2023 14:29:53 -0700 Subject: [PATCH 272/377] Updated entrypoints and dockerfiles after recent commits. --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/15-local-resolvers.envsh | 6 +++--- mainline/alpine-slim/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 6 +++--- mainline/debian/15-local-resolvers.envsh | 6 +++--- mainline/debian/Dockerfile | 14 +++++++------- stable/alpine-slim/15-local-resolvers.envsh | 6 +++--- stable/debian/15-local-resolvers.envsh | 6 +++--- stable/debian/Dockerfile | 4 ++-- 10 files changed, 30 insertions(+), 30 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 18d3aaea..1de479d1 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.0-alpine +FROM nginx:1.25.1-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -55,7 +55,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"18bee4bd498e0b8da765e8cd2d824e1027d40fd95d55fd59339cdb5d5e0e633795f4196c76045e86027cdfc6ab05a3cc0d39b25bd0a967f1edd47910d813262a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"dd08a5c2b441817d58ffc91ade0d927a21bc9854c768391e92a005997a2961bcda64ca6a5cfce98d5394ac2787c8f4839b150f206835a8a7db944625651f9fd8 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/15-local-resolvers.envsh b/mainline/alpine-slim/15-local-resolvers.envsh index 12d92849..93062159 100755 --- a/mainline/alpine-slim/15-local-resolvers.envsh +++ b/mainline/alpine-slim/15-local-resolvers.envsh @@ -6,6 +6,6 @@ set -eu LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin -if [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS}" ]; then - export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) -fi +[ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 + +export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 6c56ba68..fc36884d 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.17 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.25.0 +ENV NGINX_VERSION 1.25.1 ENV PKG_RELEASE 1 RUN set -x \ @@ -57,7 +57,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"18bee4bd498e0b8da765e8cd2d824e1027d40fd95d55fd59339cdb5d5e0e633795f4196c76045e86027cdfc6ab05a3cc0d39b25bd0a967f1edd47910d813262a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"dd08a5c2b441817d58ffc91ade0d927a21bc9854c768391e92a005997a2961bcda64ca6a5cfce98d5394ac2787c8f4839b150f206835a8a7db944625651f9fd8 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 1741b7bf..6f8961d6 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.0-alpine-slim +FROM nginx:1.25.1-alpine-slim ENV NJS_VERSION 0.7.12 @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"18bee4bd498e0b8da765e8cd2d824e1027d40fd95d55fd59339cdb5d5e0e633795f4196c76045e86027cdfc6ab05a3cc0d39b25bd0a967f1edd47910d813262a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"dd08a5c2b441817d58ffc91ade0d927a21bc9854c768391e92a005997a2961bcda64ca6a5cfce98d5394ac2787c8f4839b150f206835a8a7db944625651f9fd8 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index fe8ab0e5..377cadb9 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.0 +FROM nginx:1.25.1 RUN set -x \ && apt-get update \ @@ -36,13 +36,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ diff --git a/mainline/debian/15-local-resolvers.envsh b/mainline/debian/15-local-resolvers.envsh index 12d92849..93062159 100755 --- a/mainline/debian/15-local-resolvers.envsh +++ b/mainline/debian/15-local-resolvers.envsh @@ -6,6 +6,6 @@ set -eu LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin -if [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS}" ]; then - export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) -fi +[ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 + +export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index a4ee7e6b..0a169d13 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -3,18 +3,18 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM debian:bullseye-slim +FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.25.0 +ENV NGINX_VERSION 1.25.1 ENV NJS_VERSION 0.7.12 -ENV PKG_RELEASE 1~bullseye +ENV PKG_RELEASE 1~bookworm RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants - && addgroup --system --gid 101 nginx \ - && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ + && groupadd --system --gid 101 nginx \ + && useradd --system --gid nginx --no-create-home --home /nonexistent --comment "nginx user" --shell /bin/false --uid 101 nginx \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ @@ -44,13 +44,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ diff --git a/stable/alpine-slim/15-local-resolvers.envsh b/stable/alpine-slim/15-local-resolvers.envsh index 12d92849..93062159 100755 --- a/stable/alpine-slim/15-local-resolvers.envsh +++ b/stable/alpine-slim/15-local-resolvers.envsh @@ -6,6 +6,6 @@ set -eu LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin -if [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS}" ]; then - export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) -fi +[ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 + +export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) diff --git a/stable/debian/15-local-resolvers.envsh b/stable/debian/15-local-resolvers.envsh index 12d92849..93062159 100755 --- a/stable/debian/15-local-resolvers.envsh +++ b/stable/debian/15-local-resolvers.envsh @@ -6,6 +6,6 @@ set -eu LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin -if [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS}" ]; then - export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) -fi +[ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 + +export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 0b7ec02b..e4b6286b 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -13,8 +13,8 @@ ENV PKG_RELEASE 1~bullseye RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants - && addgroup --system --gid 101 nginx \ - && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ + && groupadd --system --gid 101 nginx \ + && useradd --system --gid nginx --no-create-home --home /nonexistent --comment "nginx user" --shell /bin/false --uid 101 nginx \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ From 14607f5700c82b0383dbeb29a8313f19363a1ce9 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 13 Jun 2023 16:26:21 -0700 Subject: [PATCH 273/377] Added Github CI and functional tests. --- .github/workflows/ci.yml | 49 +++++++++++++++++ .test/config.sh | 9 +++ .test/tests/ipv6/expected-std-out.txt | 2 + .test/tests/ipv6/run.sh | 52 ++++++++++++++++++ .test/tests/static/run.sh | 46 ++++++++++++++++ .test/tests/templates-resolver/run.sh | 51 +++++++++++++++++ .../templates-resolver/server.conf.template | 9 +++ .test/tests/templates/run.sh | 51 +++++++++++++++++ .test/tests/templates/server.conf.template | 7 +++ .test/tests/workers/expected-std-out.txt | 2 + .test/tests/workers/run.sh | 55 +++++++++++++++++++ .test/tests/workers/server.conf.template | 7 +++ 12 files changed, 340 insertions(+) create mode 100644 .github/workflows/ci.yml create mode 100755 .test/config.sh create mode 100644 .test/tests/ipv6/expected-std-out.txt create mode 100755 .test/tests/ipv6/run.sh create mode 100755 .test/tests/static/run.sh create mode 100755 .test/tests/templates-resolver/run.sh create mode 100644 .test/tests/templates-resolver/server.conf.template create mode 100755 .test/tests/templates/run.sh create mode 100644 .test/tests/templates/server.conf.template create mode 100644 .test/tests/workers/expected-std-out.txt create mode 100755 .test/tests/workers/run.sh create mode 100644 .test/tests/workers/server.conf.template diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 00000000..30eccf55 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,49 @@ +name: GitHub CI + +on: + pull_request: + push: + schedule: + - cron: 0 10 * * Mon + +defaults: + run: + shell: 'bash -Eeuo pipefail -x {0}' + +jobs: + + generate-jobs: + name: Generate Jobs + runs-on: ubuntu-latest + outputs: + strategy: ${{ steps.generate-jobs.outputs.strategy }} + steps: + - uses: actions/checkout@v3 + - uses: docker-library/bashbrew@v0.1.8 + - id: generate-jobs + name: Generate Jobs + run: | + strategy="$(GITHUB_REPOSITORY=nginx "$BASHBREW_SCRIPTS/github-actions/generate.sh")" + strategy="$(GITHUB_REPOSITORY=nginx "$BASHBREW_SCRIPTS/github-actions/munge-i386.sh" -c <<<"$strategy")" + echo "strategy=$strategy" >> "$GITHUB_OUTPUT" + jq . <<<"$strategy" # sanity check / debugging aid + + test: + needs: generate-jobs + strategy: ${{ fromJson(needs.generate-jobs.outputs.strategy) }} + name: ${{ matrix.name }} + runs-on: ${{ matrix.os }} + steps: + - uses: actions/checkout@v3 + - name: Prepare Environment + run: ${{ matrix.runs.prepare }} + - name: Pull Dependencies + run: ${{ matrix.runs.pull }} + - name: Build ${{ matrix.name }} + run: ${{ matrix.runs.build }} + - name: History ${{ matrix.name }} + run: ${{ matrix.runs.history }} + - name: Test ${{ matrix.name }} + run: ${{ matrix.runs.test }} + - name: '"docker images"' + run: ${{ matrix.runs.images }} diff --git a/.test/config.sh b/.test/config.sh new file mode 100755 index 00000000..6d6b74ed --- /dev/null +++ b/.test/config.sh @@ -0,0 +1,9 @@ +imageTests+=( + [nginx]=' + ipv6 + static + templates + templates-resolver + workers + ' +) diff --git a/.test/tests/ipv6/expected-std-out.txt b/.test/tests/ipv6/expected-std-out.txt new file mode 100644 index 00000000..f16a0876 --- /dev/null +++ b/.test/tests/ipv6/expected-std-out.txt @@ -0,0 +1,2 @@ +

Welcome to nginx!

+10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf diff --git a/.test/tests/ipv6/run.sh b/.test/tests/ipv6/run.sh new file mode 100755 index 00000000..0235db6b --- /dev/null +++ b/.test/tests/ipv6/run.sh @@ -0,0 +1,52 @@ +#!/bin/bash + +[ "$DEBUG" ] && set -x + +set -eo pipefail + +# check if we have ipv6 available +if [ ! -f "/proc/net/if_inet6" ]; then + exit 0 +fi + +dir="$(dirname "$(readlink -f "$BASH_SOURCE")")" + +image="$1" + +clientImage='buildpack-deps:buster-curl' +# ensure the clientImage is ready and available +if ! docker image inspect "$clientImage" &> /dev/null; then + docker pull "$clientImage" > /dev/null +fi + +cid="$(docker run -d "$image")" +trap "docker rm -vf $cid > /dev/null" EXIT + +_request() { + local method="$1" + shift + + local proto="$1" + shift + + local url="${1#/}" + shift + + if [ "$(docker inspect -f '{{.State.Running}}' "$cid" 2>/dev/null)" != 'true' ]; then + echo >&2 "$image stopped unexpectedly!" + ( set -x && docker logs "$cid" ) >&2 || true + false + fi + + docker run --rm \ + --link "$cid":nginx \ + "$clientImage" \ + curl -fsSL -X"$method" --connect-to '::nginx:' "$@" "$proto://example.com/$url" +} + +. "$HOME/oi/test/retry.sh" '[ "$(_request GET / --output /dev/null || echo $?)" != 7 ]' + +# Check that we can request / +_request GET http '/index.html' | grep '

Welcome to nginx!

' + +docker logs $cid 2>&1 | grep "Enabled listen on IPv6" diff --git a/.test/tests/static/run.sh b/.test/tests/static/run.sh new file mode 100755 index 00000000..f026bedb --- /dev/null +++ b/.test/tests/static/run.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +[ "$DEBUG" ] && set -x + +set -eo pipefail + +dir="$(dirname "$(readlink -f "$BASH_SOURCE")")" + +image="$1" + +clientImage='buildpack-deps:buster-curl' +# ensure the clientImage is ready and available +if ! docker image inspect "$clientImage" &> /dev/null; then + docker pull "$clientImage" > /dev/null +fi + +# Create an instance of the container-under-test +cid="$(docker run -d "$image")" +trap "docker rm -vf $cid > /dev/null" EXIT + +_request() { + local method="$1" + shift + + local proto="$1" + shift + + local url="${1#/}" + shift + + if [ "$(docker inspect -f '{{.State.Running}}' "$cid" 2>/dev/null)" != 'true' ]; then + echo >&2 "$image stopped unexpectedly!" + ( set -x && docker logs "$cid" ) >&2 || true + false + fi + + docker run --rm \ + --link "$cid":nginx \ + "$clientImage" \ + curl -fsSL -X"$method" --connect-to '::nginx:' "$@" "$proto://example.com/$url" +} + +. "$HOME/oi/test/retry.sh" '[ "$(_request GET / --output /dev/null || echo $?)" != 7 ]' + +# Check that we can request / +_request GET http '/index.html' | grep '

Welcome to nginx!

' diff --git a/.test/tests/templates-resolver/run.sh b/.test/tests/templates-resolver/run.sh new file mode 100755 index 00000000..041f7abd --- /dev/null +++ b/.test/tests/templates-resolver/run.sh @@ -0,0 +1,51 @@ +#!/bin/bash + +[ "$DEBUG" ] && set -x + +set -eo pipefail + +dir="$(dirname "$(readlink -f "$BASH_SOURCE")")" + +image="$1" + +clientImage='buildpack-deps:buster-curl' +# ensure the clientImage is ready and available +if ! docker image inspect "$clientImage" &> /dev/null; then + docker pull "$clientImage" > /dev/null +fi + +# Create an instance of the container-under-test +serverImage="$("$HOME/oi/test/tests/image-name.sh" librarytest/nginx-template "$image")" +"$HOME/oi/test/tests/docker-build.sh" "$dir" "$serverImage" < /dev/null" EXIT + +_request() { + local method="$1" + shift + + local proto="$1" + shift + + local url="${1#/}" + shift + + if [ "$(docker inspect -f '{{.State.Running}}' "$cid" 2>/dev/null)" != 'true' ]; then + echo >&2 "$image stopped unexpectedly!" + ( set -x && docker logs "$cid" ) >&2 || true + false + fi + + docker run --rm \ + --link "$cid":nginx \ + "$clientImage" \ + curl -fsSL -X"$method" --connect-to '::nginx:' "$@" "$proto://example.com/$url" +} + +. "$HOME/oi/test/retry.sh" '[ "$(_request GET / --output /dev/null || echo $?)" != 7 ]' + +# Check that we can request / +_request GET http '/resolver-templates' | grep 'example.com - OK' diff --git a/.test/tests/templates-resolver/server.conf.template b/.test/tests/templates-resolver/server.conf.template new file mode 100644 index 00000000..04a0c085 --- /dev/null +++ b/.test/tests/templates-resolver/server.conf.template @@ -0,0 +1,9 @@ +resolver ${NGINX_LOCAL_RESOLVERS}; + +server { + listen 80; + server_name ${NGINX_MY_SERVER_NAME}; + default_type text/plain; + location = / { return 200 'OK\n'; } + location / { return 200 "${NGINX_MY_SERVER_NAME} - OK\n"; } +} diff --git a/.test/tests/templates/run.sh b/.test/tests/templates/run.sh new file mode 100755 index 00000000..c43aa1db --- /dev/null +++ b/.test/tests/templates/run.sh @@ -0,0 +1,51 @@ +#!/bin/bash + +[ "$DEBUG" ] && set -x + +set -eo pipefail + +dir="$(dirname "$(readlink -f "$BASH_SOURCE")")" + +image="$1" + +clientImage='buildpack-deps:buster-curl' +# ensure the clientImage is ready and available +if ! docker image inspect "$clientImage" &> /dev/null; then + docker pull "$clientImage" > /dev/null +fi + +# Create an instance of the container-under-test +serverImage="$("$HOME/oi/test/tests/image-name.sh" librarytest/nginx-template "$image")" +"$HOME/oi/test/tests/docker-build.sh" "$dir" "$serverImage" < /dev/null" EXIT + +_request() { + local method="$1" + shift + + local proto="$1" + shift + + local url="${1#/}" + shift + + if [ "$(docker inspect -f '{{.State.Running}}' "$cid" 2>/dev/null)" != 'true' ]; then + echo >&2 "$image stopped unexpectedly!" + ( set -x && docker logs "$cid" ) >&2 || true + false + fi + + docker run --rm \ + --link "$cid":nginx \ + "$clientImage" \ + curl -fsSL -X"$method" --connect-to '::nginx:' "$@" "$proto://example.com/$url" +} + +. "$HOME/oi/test/retry.sh" '[ "$(_request GET / --output /dev/null || echo $?)" != 7 ]' + +# Check that we can request / +_request GET http '/templates' | grep 'example.com - OK' diff --git a/.test/tests/templates/server.conf.template b/.test/tests/templates/server.conf.template new file mode 100644 index 00000000..6b00bed6 --- /dev/null +++ b/.test/tests/templates/server.conf.template @@ -0,0 +1,7 @@ +server { + listen 80; + server_name ${NGINX_MY_SERVER_NAME}; + default_type text/plain; + location = / { return 200 'OK\n'; } + location / { return 200 "${NGINX_MY_SERVER_NAME} - OK\n"; } +} diff --git a/.test/tests/workers/expected-std-out.txt b/.test/tests/workers/expected-std-out.txt new file mode 100644 index 00000000..9f1d3ac3 --- /dev/null +++ b/.test/tests/workers/expected-std-out.txt @@ -0,0 +1,2 @@ +example.com - OK +# Commented out by 30-tune-worker-processes.sh diff --git a/.test/tests/workers/run.sh b/.test/tests/workers/run.sh new file mode 100755 index 00000000..50def70c --- /dev/null +++ b/.test/tests/workers/run.sh @@ -0,0 +1,55 @@ +#!/bin/bash + +[ "$DEBUG" ] && set -x + +set -eo pipefail + +dir="$(dirname "$(readlink -f "$BASH_SOURCE")")" + +image="$1" + +clientImage='buildpack-deps:buster-curl' +# ensure the clientImage is ready and available +if ! docker image inspect "$clientImage" &> /dev/null; then + docker pull "$clientImage" > /dev/null +fi + +# Create an instance of the container-under-test +serverImage="$("$HOME/oi/test/tests/image-name.sh" librarytest/nginx-template "$image")" +"$HOME/oi/test/tests/docker-build.sh" "$dir" "$serverImage" < /dev/null" EXIT + +_request() { + local method="$1" + shift + + local proto="$1" + shift + + local url="${1#/}" + shift + + if [ "$(docker inspect -f '{{.State.Running}}' "$cid" 2>/dev/null)" != 'true' ]; then + echo >&2 "$image stopped unexpectedly!" + ( set -x && docker logs "$cid" ) >&2 || true + false + fi + + docker run --rm \ + --link "$cid":nginx \ + "$clientImage" \ + curl -fsSL -X"$method" --connect-to '::nginx:' "$@" "$proto://example.com/$url" +} + +. "$HOME/oi/test/retry.sh" '[ "$(_request GET / --output /dev/null || echo $?)" != 7 ]' + +# Check that we can request / +_request GET http '/worker-templates' | grep 'example.com - OK' + +result="$(docker exec $cid grep "Commented out by" /etc/nginx/nginx.conf)" + +echo "$result" | cut -d\ -f 1-5 diff --git a/.test/tests/workers/server.conf.template b/.test/tests/workers/server.conf.template new file mode 100644 index 00000000..6b00bed6 --- /dev/null +++ b/.test/tests/workers/server.conf.template @@ -0,0 +1,7 @@ +server { + listen 80; + server_name ${NGINX_MY_SERVER_NAME}; + default_type text/plain; + location = / { return 200 'OK\n'; } + location / { return 200 "${NGINX_MY_SERVER_NAME} - OK\n"; } +} From 5d6be2e7a58d6ce76c7784c75c750b48af6f1f5d Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 14 Jun 2023 15:35:54 -0700 Subject: [PATCH 274/377] Updated README.md --- README.md | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 5fa769cb..e852ff4b 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,25 @@ # About this Repo -This is the Git repo of the official Docker image for [nginx](https://registry.hub.docker.com/_/nginx/). See the -Hub page for the full readme on how to use the Docker image and for information -regarding contributing and issues. +## Maintained by: [the NGINX Docker Maintainers](https://github.com/nginxinc/docker-nginx) -The full readme is generated over in [docker-library/docs](https://github.com/docker-library/docs), -specifically in [docker-library/docs/nginx](https://github.com/docker-library/docs/tree/master/nginx). +This is the Git repo of the [Docker "Official Image"](https://github.com/docker-library/official-images#what-are-official-images) for [`nginx`](https://hub.docker.com/_/nginx/). See [the Docker Hub page](https://hub.docker.com/_/nginx/) for the full readme on how to use this Docker image and for information regarding contributing and issues. + +The [full image description on Docker Hub](https://hub.docker.com/_/nginx/) is generated/maintained over in [the docker-library/docs repository](https://github.com/docker-library/docs), specifically in [the `nginx` directory](https://github.com/docker-library/docs/tree/master/nginx). The changelog for NGINX releases is available at [nginx.org changes page](https://nginx.org/en/CHANGES). + +## See a change merged here that doesn't show up on Docker Hub yet? + +For more information about the full official images change lifecycle, see [the "An image's source changed in Git, now what?" FAQ entry](https://github.com/docker-library/faq#an-images-source-changed-in-git-now-what). + +For outstanding `nginx` image PRs, check [PRs with the "library/nginx" label on the official-images repository](https://github.com/docker-library/official-images/labels/library%2Fnginx). For the current "source of truth" for [`nginx`](https://hub.docker.com/_/nginx/), see [the `library/nginx` file in the official-images repository](https://github.com/docker-library/official-images/blob/master/library/nginx). + +--- + +- [![build status badge](https://img.shields.io/github/actions/workflow/status/nginxinc/docker-nginx/ci.yml?branch=master&label=GitHub%20CI)](https://github.com/nginxinc/docker-nginx/actions?query=workflow%3A%22GitHub+CI%22+branch%3Amaster) + +| Build | Status | Badges | (per-arch) | +|:-:|:-:|:-:|:-:| +| [![amd64 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/amd64/job/nginx.svg?label=amd64)](https://doi-janky.infosiftr.net/job/multiarch/job/amd64/job/nginx/) | [![arm32v5 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v5/job/nginx.svg?label=arm32v5)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v5/job/nginx/) | [![arm32v6 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v6/job/nginx.svg?label=arm32v6)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v6/job/nginx/) | [![arm32v7 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v7/job/nginx.svg?label=arm32v7)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v7/job/nginx/) | +| [![arm64v8 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm64v8/job/nginx.svg?label=arm64v8)](https://doi-janky.infosiftr.net/job/multiarch/job/arm64v8/job/nginx/) | [![i386 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/i386/job/nginx.svg?label=i386)](https://doi-janky.infosiftr.net/job/multiarch/job/i386/job/nginx/) | [![mips64le build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/mips64le/job/nginx.svg?label=mips64le)](https://doi-janky.infosiftr.net/job/multiarch/job/mips64le/job/nginx/) | [![ppc64le build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/ppc64le/job/nginx.svg?label=ppc64le)](https://doi-janky.infosiftr.net/job/multiarch/job/ppc64le/job/nginx/) | +| [![s390x build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/s390x/job/nginx.svg?label=s390x)](https://doi-janky.infosiftr.net/job/multiarch/job/s390x/job/nginx/) | [![put-shared build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/put-shared/job/light/job/nginx.svg?label=put-shared)](https://doi-janky.infosiftr.net/job/put-shared/job/light/job/nginx/) | From 7c10a4a1c2aa479070a07e7cad70ec95ea969e54 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 16 Jun 2023 19:17:43 -0700 Subject: [PATCH 275/377] Updated Alpine to 3.18 Fixes https://github.com/nginxinc/docker-nginx/issues/792 --- mainline/alpine-slim/Dockerfile | 2 +- stable/alpine-slim/Dockerfile | 2 +- update.sh | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index fc36884d..f46d0735 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.17 +FROM alpine:3.18 LABEL maintainer="NGINX Docker Maintainers " diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 464de81f..fe63fc1b 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.17 +FROM alpine:3.18 LABEL maintainer="NGINX Docker Maintainers " diff --git a/update.sh b/update.sh index 3d4feb4b..df2d8a28 100755 --- a/update.sh +++ b/update.sh @@ -35,8 +35,8 @@ declare -A debian=( ) declare -A alpine=( - [mainline]='3.17' - [stable]='3.17' + [mainline]='3.18' + [stable]='3.18' ) # When we bump njs version in a stable release we don't move the tag in the From 3e71631e0e757f13265e0bd1d1e30e937ad49347 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 11 Jul 2023 14:26:58 -0700 Subject: [PATCH 276/377] Updated njs to 0.8.0. Closes https://github.com/nginxinc/docker-nginx/issues/809 --- mainline/alpine-perl/Dockerfile | 10 +++++----- mainline/alpine-slim/Dockerfile | 10 +++++----- mainline/alpine/Dockerfile | 12 ++++++------ mainline/debian/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 10 +++++----- stable/alpine-slim/Dockerfile | 10 +++++----- stable/alpine/Dockerfile | 12 ++++++------ stable/debian/Dockerfile | 2 +- update.sh | 12 ++++++------ 9 files changed, 40 insertions(+), 40 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 1de479d1..e392c742 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -54,16 +54,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"dd08a5c2b441817d58ffc91ade0d927a21bc9854c768391e92a005997a2961bcda64ca6a5cfce98d5394ac2787c8f4839b150f206835a8a7db944625651f9fd8 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/e0da7da2b70a.tar.gz \ + && PKGOSSCHECKSUM=\"147d7cce3f47d4dbd7bbce8da3199943e15ba64d4be44f603bd90286f8d38320ad027bfa8506a00ca84964b763c19c4ab1d504f586cfc7798518df97700ab1a3 *e0da7da2b70a.tar.gz\" \ + && if [ \"\$(openssl sha512 -r e0da7da2b70a.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf e0da7da2b70a.tar.gz \ + && cd pkg-oss-e0da7da2b70a \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index f46d0735..b9133e06 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"dd08a5c2b441817d58ffc91ade0d927a21bc9854c768391e92a005997a2961bcda64ca6a5cfce98d5394ac2787c8f4839b150f206835a8a7db944625651f9fd8 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/e0da7da2b70a.tar.gz \ + && PKGOSSCHECKSUM=\"147d7cce3f47d4dbd7bbce8da3199943e15ba64d4be44f603bd90286f8d38320ad027bfa8506a00ca84964b763c19c4ab1d504f586cfc7798518df97700ab1a3 *e0da7da2b70a.tar.gz\" \ + && if [ \"\$(openssl sha512 -r e0da7da2b70a.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf e0da7da2b70a.tar.gz \ + && cd pkg-oss-e0da7da2b70a \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 6f8961d6..f2c5c88d 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -5,7 +5,7 @@ # FROM nginx:1.25.1-alpine-slim -ENV NJS_VERSION 0.7.12 +ENV NJS_VERSION 0.8.0 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -58,16 +58,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"dd08a5c2b441817d58ffc91ade0d927a21bc9854c768391e92a005997a2961bcda64ca6a5cfce98d5394ac2787c8f4839b150f206835a8a7db944625651f9fd8 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/e0da7da2b70a.tar.gz \ + && PKGOSSCHECKSUM=\"147d7cce3f47d4dbd7bbce8da3199943e15ba64d4be44f603bd90286f8d38320ad027bfa8506a00ca84964b763c19c4ab1d504f586cfc7798518df97700ab1a3 *e0da7da2b70a.tar.gz\" \ + && if [ \"\$(openssl sha512 -r e0da7da2b70a.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf e0da7da2b70a.tar.gz \ + && cd pkg-oss-e0da7da2b70a \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 0a169d13..bc7c1943 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.25.1 -ENV NJS_VERSION 0.7.12 +ENV NJS_VERSION 0.8.0 ENV PKG_RELEASE 1~bookworm RUN set -x \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 7d1c92c0..633809b8 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -54,16 +54,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"dc47dbaeb1c0874b264d34ddfec40e7d2b814e7db48d144e12d5991c743ef5fcf780ecbab72324e562dd84bb9c0e4dd71d14850b20ceaf470c46f8fe7510275b *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/e5d85b3424bb.tar.gz \ + && PKGOSSCHECKSUM=\"4f33347bf05e7d7dd42a52b6e7af7ec21e3ed71df05a8ec16dd1228425f04e4318d88b1340370ccb6ad02cde590fc102094ddffbb1fc86d2085295a43f02f67b *e5d85b3424bb.tar.gz\" \ + && if [ \"\$(openssl sha512 -r e5d85b3424bb.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf e5d85b3424bb.tar.gz \ + && cd pkg-oss-e5d85b3424bb \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index fe63fc1b..87587756 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"dc47dbaeb1c0874b264d34ddfec40e7d2b814e7db48d144e12d5991c743ef5fcf780ecbab72324e562dd84bb9c0e4dd71d14850b20ceaf470c46f8fe7510275b *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/e5d85b3424bb.tar.gz \ + && PKGOSSCHECKSUM=\"4f33347bf05e7d7dd42a52b6e7af7ec21e3ed71df05a8ec16dd1228425f04e4318d88b1340370ccb6ad02cde590fc102094ddffbb1fc86d2085295a43f02f67b *e5d85b3424bb.tar.gz\" \ + && if [ \"\$(openssl sha512 -r e5d85b3424bb.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf e5d85b3424bb.tar.gz \ + && cd pkg-oss-e5d85b3424bb \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 0c8c6969..b703af15 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -5,7 +5,7 @@ # FROM nginx:1.24.0-alpine-slim -ENV NJS_VERSION 0.7.12 +ENV NJS_VERSION 0.8.0 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -58,16 +58,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"dc47dbaeb1c0874b264d34ddfec40e7d2b814e7db48d144e12d5991c743ef5fcf780ecbab72324e562dd84bb9c0e4dd71d14850b20ceaf470c46f8fe7510275b *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/e5d85b3424bb.tar.gz \ + && PKGOSSCHECKSUM=\"4f33347bf05e7d7dd42a52b6e7af7ec21e3ed71df05a8ec16dd1228425f04e4318d88b1340370ccb6ad02cde590fc102094ddffbb1fc86d2085295a43f02f67b *e5d85b3424bb.tar.gz\" \ + && if [ \"\$(openssl sha512 -r e5d85b3424bb.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf e5d85b3424bb.tar.gz \ + && cd pkg-oss-e5d85b3424bb \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index e4b6286b..56ae3684 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.24.0 -ENV NJS_VERSION 0.7.12 +ENV NJS_VERSION 0.8.0 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/update.sh b/update.sh index df2d8a28..269b3536 100755 --- a/update.sh +++ b/update.sh @@ -18,8 +18,8 @@ declare -A nginx=( # Current njs versions declare -A njs=( - [mainline]='0.7.12' - [stable]='0.7.12' + [mainline]='0.8.0' + [stable]='0.8.0' ) # Current package patchlevel version @@ -44,16 +44,16 @@ declare -A alpine=( # when building alpine packages on architectures not supported by nginx.org # Remember to update pkgosschecksum when changing this. declare -A rev=( - [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' - [stable]='${NGINX_VERSION}-${PKG_RELEASE}' + [mainline]='e0da7da2b70a' + [stable]='e5d85b3424bb' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='dd08a5c2b441817d58ffc91ade0d927a21bc9854c768391e92a005997a2961bcda64ca6a5cfce98d5394ac2787c8f4839b150f206835a8a7db944625651f9fd8' - [stable]='dc47dbaeb1c0874b264d34ddfec40e7d2b814e7db48d144e12d5991c743ef5fcf780ecbab72324e562dd84bb9c0e4dd71d14850b20ceaf470c46f8fe7510275b' + [mainline]='147d7cce3f47d4dbd7bbce8da3199943e15ba64d4be44f603bd90286f8d38320ad027bfa8506a00ca84964b763c19c4ab1d504f586cfc7798518df97700ab1a3' + [stable]='4f33347bf05e7d7dd42a52b6e7af7ec21e3ed71df05a8ec16dd1228425f04e4318d88b1340370ccb6ad02cde590fc102094ddffbb1fc86d2085295a43f02f67b' ) get_packages() { From 4d700b97e48ccf981cdaf865b59bb3d7a827ff7c Mon Sep 17 00:00:00 2001 From: Mathieu Rampant Date: Mon, 10 Jul 2023 07:35:42 -0400 Subject: [PATCH 277/377] Update Dockerfile to work with other version of nginx --- modules/Dockerfile.alpine | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/Dockerfile.alpine b/modules/Dockerfile.alpine index d575d5d9..771f384c 100644 --- a/modules/Dockerfile.alpine +++ b/modules/Dockerfile.alpine @@ -1,4 +1,5 @@ -FROM nginx:mainline-alpine as builder +ARG NGINX_VERSION_FROM=mainline-alpine +FROM nginx:${NGINX_VERSION_FROM}-alpine as builder ARG ENABLED_MODULES @@ -60,7 +61,7 @@ RUN set -ex \ done \ && echo "BUILT_MODULES=\"$BUILT_MODULES\"" > /tmp/packages/modules.env -FROM nginx:mainline-alpine +FROM nginx:${NGINX_VERSION_FROM}-alpine COPY --from=builder /tmp/packages /tmp/packages RUN set -ex \ && . /tmp/packages/modules.env \ From 46a0d48398525c5478680583ec558d09e5b9d6ca Mon Sep 17 00:00:00 2001 From: Mathieu Rampant Date: Mon, 10 Jul 2023 07:33:41 -0400 Subject: [PATCH 278/377] Update Dockerfile to work with other version of nginx --- modules/Dockerfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/Dockerfile b/modules/Dockerfile index 1cce673d..44eae4c9 100644 --- a/modules/Dockerfile +++ b/modules/Dockerfile @@ -1,4 +1,5 @@ -FROM nginx:mainline as builder +ARG NGINX_VERSION_FROM=mainline +FROM nginx:${NGINX_VERSION_FROM} as builder ARG ENABLED_MODULES @@ -68,7 +69,7 @@ RUN set -ex \ done \ && echo "BUILT_MODULES=\"$BUILT_MODULES\"" > /tmp/packages/modules.env -FROM nginx:mainline +FROM nginx:${NGINX_VERSION_FROM} COPY --from=builder /tmp/packages /tmp/packages RUN set -ex \ && apt update \ From c300144f441708492e414d5ab91692ca13c9dde2 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 13 Jul 2023 16:46:47 -0700 Subject: [PATCH 279/377] modules: use NGINX_FROM_IMAGE to specify which image to start with. --- modules/Dockerfile | 6 +++--- modules/Dockerfile.alpine | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/Dockerfile b/modules/Dockerfile index 44eae4c9..79b58f4d 100644 --- a/modules/Dockerfile +++ b/modules/Dockerfile @@ -1,5 +1,5 @@ -ARG NGINX_VERSION_FROM=mainline -FROM nginx:${NGINX_VERSION_FROM} as builder +ARG NGINX_FROM_IMAGE=nginx:mainline +FROM ${NGINX_FROM_IMAGE} as builder ARG ENABLED_MODULES @@ -69,7 +69,7 @@ RUN set -ex \ done \ && echo "BUILT_MODULES=\"$BUILT_MODULES\"" > /tmp/packages/modules.env -FROM nginx:${NGINX_VERSION_FROM} +FROM ${NGINX_FROM_IMAGE} COPY --from=builder /tmp/packages /tmp/packages RUN set -ex \ && apt update \ diff --git a/modules/Dockerfile.alpine b/modules/Dockerfile.alpine index 771f384c..347c6a65 100644 --- a/modules/Dockerfile.alpine +++ b/modules/Dockerfile.alpine @@ -1,5 +1,5 @@ -ARG NGINX_VERSION_FROM=mainline-alpine -FROM nginx:${NGINX_VERSION_FROM}-alpine as builder +ARG NGINX_FROM_IMAGE=nginx:mainline-alpine +FROM ${NGINX_FROM_IMAGE} as builder ARG ENABLED_MODULES @@ -61,7 +61,7 @@ RUN set -ex \ done \ && echo "BUILT_MODULES=\"$BUILT_MODULES\"" > /tmp/packages/modules.env -FROM nginx:${NGINX_VERSION_FROM}-alpine +FROM ${NGINX_FROM_IMAGE} COPY --from=builder /tmp/packages /tmp/packages RUN set -ex \ && . /tmp/packages/modules.env \ From 00edc58f4843edd06680d9a9f7e258ca3dbe0366 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 13 Jul 2023 16:47:27 -0700 Subject: [PATCH 280/377] CI: Added a test for modules builds. --- .test/config.sh | 1 + .test/tests/modules/nginx.conf.sme | 34 ++++++++++++++ .test/tests/modules/run.sh | 71 ++++++++++++++++++++++++++++++ 3 files changed, 106 insertions(+) create mode 100644 .test/tests/modules/nginx.conf.sme create mode 100755 .test/tests/modules/run.sh diff --git a/.test/config.sh b/.test/config.sh index 6d6b74ed..87e466a6 100755 --- a/.test/config.sh +++ b/.test/config.sh @@ -5,5 +5,6 @@ imageTests+=( templates templates-resolver workers + modules ' ) diff --git a/.test/tests/modules/nginx.conf.sme b/.test/tests/modules/nginx.conf.sme new file mode 100644 index 00000000..dab10145 --- /dev/null +++ b/.test/tests/modules/nginx.conf.sme @@ -0,0 +1,34 @@ +user nginx; +worker_processes auto; + +load_module modules/ndk_http_module.so; +load_module modules/ngx_http_echo_module.so; +load_module modules/ngx_http_set_misc_module.so; + +error_log /var/log/nginx/error.log notice; +pid /var/run/nginx.pid; + +events { + worker_connections 1024; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + server { + listen 80 default_server; + location /hello { + set $raw "hello"; + set_sha1 $digest $raw; + + echo $digest; + } + } +} diff --git a/.test/tests/modules/run.sh b/.test/tests/modules/run.sh new file mode 100755 index 00000000..9dbe4c3d --- /dev/null +++ b/.test/tests/modules/run.sh @@ -0,0 +1,71 @@ +#!/bin/bash + +set -eo pipefail + +dir="$(dirname "$(readlink -f "$BASH_SOURCE")")" + +echo $dir + +image="$1" + +case "$image" in + *-perl) + ;; + *) + echo >&2 "skipping non-leaf image: $image" + exit + ;; +esac + +dockerfile="Dockerfile" +case "$image" in + *alpine*) + dockerfile="$dockerfile.alpine" + ;; +esac + +clientImage='buildpack-deps:buster-curl' +# ensure the clientImage is ready and available +if ! docker image inspect "$clientImage" &> /dev/null; then + docker pull "$clientImage" > /dev/null +fi + +# Create an instance of the container-under-test +modulesImage="$("$HOME/oi/test/tests/image-name.sh" librarytest/nginx-template "$image")" +DOCKER_BUILDKIT=0 docker build --build-arg NGINX_FROM_IMAGE="$image" --build-arg ENABLED_MODULES="ndk set-misc echo" -t "$modulesImage" -f "modules/$dockerfile" "$GITHUB_WORKSPACE/modules" + +serverImage="${modulesImage}-sme" +"$HOME/oi/test/tests/docker-build.sh" "$dir" "$serverImage" < /dev/null" EXIT + +_request() { + local method="$1" + shift + + local proto="$1" + shift + + local url="${1#/}" + shift + + if [ "$(docker inspect -f '{{.State.Running}}' "$cid" 2>/dev/null)" != 'true' ]; then + echo >&2 "$image stopped unexpectedly!" + ( set -x && docker logs "$cid" ) >&2 || true + false + fi + + docker run --rm \ + --link "$cid":nginx \ + "$clientImage" \ + curl -fsSL -X"$method" --connect-to '::nginx:' "$@" "$proto://example.com/$url" +} + +. "$HOME/oi/test/retry.sh" '[ "$(_request GET / --output /dev/null || echo $?)" != 7 ]' + +# Check that we can request / +_request GET http '/hello' | grep 'aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d' From 22e65b3df3acef8ba2bb517191f2e495782dbbeb Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 13 Jul 2023 16:31:12 -0700 Subject: [PATCH 281/377] Documented a way to redefined base modules image. --- modules/README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/README.md b/modules/README.md index d5091a0c..ccca21d8 100644 --- a/modules/README.md +++ b/modules/README.md @@ -13,7 +13,10 @@ $ docker build --build-arg ENABLED_MODULES="ndk lua" -t my-nginx-with-lua . This command will attempt to build an image called `my-nginx-with-lua` based on official nginx docker hub image with two modules: `ndk` and `lua`. By default, a Debian-based image will be used. If you wish to use Alpine -instead, add `-f Dockerfile.alpine` to the command line. +instead, add `-f Dockerfile.alpine` to the command line. By default, mainline +images are used as a base, but it's possible to specify a different image by +providing `NGINX_FROM_IMAGE` build argument, e.g. `--build-arg +NGINX_FROM_IMAGE=nginx:stable`. The build script will look for module build definition files on filesystem directory under the same name as the module (and resulting package) and if From a4d9a5c94867f845db761672b9c422f46e0090ef Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 13 Jul 2023 16:37:14 -0700 Subject: [PATCH 282/377] Updated the modules versions. --- modules/README.md | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/modules/README.md b/modules/README.md index ccca21d8..b2f3965d 100644 --- a/modules/README.md +++ b/modules/README.md @@ -33,25 +33,25 @@ are available from `pkg-oss` repository: ``` /pkg-oss $ LC_ALL=C make -C debian list-all-modules make: Entering directory '/pkg-oss/debian' -auth-spnego 1.1.0-1 -brotli 1.0.0-1 -encrypted-session 0.08-1 -fips-check 0.1-1 -geoip 1.21.0-1 -geoip2 3.3-1 -headers-more 0.33-1 -image-filter 1.21.0-1 -lua 0.10.19-1 -modsecurity 1.0.1-2 -ndk 0.3.1-1 -njs 0.5.3-1 -opentracing 0.14.0-1 -passenger 6.0.8-1 -perl 1.21.0-1 -rtmp 1.2.1-1 -set-misc 0.32-1 -subs-filter 0.6.4-1 -xslt 1.21.0-1 +auth-spnego 1.1.1-1 +brotli 1.0.0-1 +encrypted-session 0.09-1 +fips-check 0.1-1 +geoip 1.25.1-1 +geoip2 3.4-1 +headers-more 0.34-1 +image-filter 1.25.1-1 +lua 0.10.25-1 +modsecurity 1.0.3-3 +ndk 0.3.2-1 +njs 0.8.0-1 +opentracing 0.29.0-1 +passenger 6.0.18-1 +perl 1.25.1-1 +rtmp 1.2.2-1 +set-misc 0.33-1 +subs-filter 0.6.4-1 +xslt 1.25.1-1 make: Leaving directory '/pkg-oss/debian' ``` From 2879b26c7dedf1d958b1894a5c1b1dec3c026369 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Wed, 2 Aug 2023 23:20:17 +0200 Subject: [PATCH 283/377] fix: address Alpine bug and shell linter warnings * Replace `-n` with `-f` in Alpine Linux conditional check * Ensure shell variables are properly quoted * Set variable before exporting to ensure it properly fails (if it fails) * Replace obsolete `-o` conditional check with `||` --- Dockerfile-alpine-perl.template | 6 +++--- Dockerfile-alpine-slim.template | 6 +++--- Dockerfile-alpine.template | 6 +++--- entrypoint/10-listen-on-ipv6-by-default.sh | 2 +- entrypoint/15-local-resolvers.envsh | 3 ++- entrypoint/20-envsubst-on-templates.sh | 10 +++++----- entrypoint/30-tune-worker-processes.sh | 2 +- entrypoint/docker-entrypoint.sh | 2 +- mainline/alpine-perl/Dockerfile | 6 +++--- mainline/alpine-slim/10-listen-on-ipv6-by-default.sh | 2 +- mainline/alpine-slim/15-local-resolvers.envsh | 3 ++- mainline/alpine-slim/20-envsubst-on-templates.sh | 10 +++++----- mainline/alpine-slim/30-tune-worker-processes.sh | 2 +- mainline/alpine-slim/Dockerfile | 6 +++--- mainline/alpine-slim/docker-entrypoint.sh | 2 +- mainline/alpine/Dockerfile | 6 +++--- mainline/debian/10-listen-on-ipv6-by-default.sh | 2 +- mainline/debian/15-local-resolvers.envsh | 3 ++- mainline/debian/20-envsubst-on-templates.sh | 10 +++++----- mainline/debian/30-tune-worker-processes.sh | 2 +- mainline/debian/docker-entrypoint.sh | 2 +- stable/alpine-perl/Dockerfile | 6 +++--- stable/alpine-slim/10-listen-on-ipv6-by-default.sh | 2 +- stable/alpine-slim/15-local-resolvers.envsh | 3 ++- stable/alpine-slim/20-envsubst-on-templates.sh | 10 +++++----- stable/alpine-slim/30-tune-worker-processes.sh | 2 +- stable/alpine-slim/Dockerfile | 6 +++--- stable/alpine-slim/docker-entrypoint.sh | 2 +- stable/alpine/Dockerfile | 6 +++--- stable/debian/10-listen-on-ipv6-by-default.sh | 2 +- stable/debian/15-local-resolvers.envsh | 3 ++- stable/debian/20-envsubst-on-templates.sh | 10 +++++----- stable/debian/30-tune-worker-processes.sh | 2 +- stable/debian/docker-entrypoint.sh | 2 +- 34 files changed, 77 insertions(+), 72 deletions(-) diff --git a/Dockerfile-alpine-perl.template b/Dockerfile-alpine-perl.template index c4e06400..c8c56ae8 100644 --- a/Dockerfile-alpine-perl.template +++ b/Dockerfile-alpine-perl.template @@ -66,6 +66,6 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi + && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template index 7c8347e9..4a88c230 100644 --- a/Dockerfile-alpine-slim.template +++ b/Dockerfile-alpine-slim.template @@ -73,9 +73,9 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ + && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in gettext so we can get `envsubst`, then throw # the rest away. To do this, we need to install `gettext` # then move `envsubst` out of the way so `gettext` can diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index ba91fe6c..9bff5ab8 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -71,8 +71,8 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ + && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in curl and ca-certificates to make registering on DNS SD easier && apk add --no-cache curl ca-certificates diff --git a/entrypoint/10-listen-on-ipv6-by-default.sh b/entrypoint/10-listen-on-ipv6-by-default.sh index b2655860..b90bf0c9 100755 --- a/entrypoint/10-listen-on-ipv6-by-default.sh +++ b/entrypoint/10-listen-on-ipv6-by-default.sh @@ -9,7 +9,7 @@ entrypoint_log() { fi } -ME=$(basename $0) +ME=$(basename "$0") DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available diff --git a/entrypoint/15-local-resolvers.envsh b/entrypoint/15-local-resolvers.envsh index 93062159..da963525 100755 --- a/entrypoint/15-local-resolvers.envsh +++ b/entrypoint/15-local-resolvers.envsh @@ -8,4 +8,5 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 -export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +export NGINX_LOCAL_RESOLVERS diff --git a/entrypoint/20-envsubst-on-templates.sh b/entrypoint/20-envsubst-on-templates.sh index f3fb9fcb..3804165c 100755 --- a/entrypoint/20-envsubst-on-templates.sh +++ b/entrypoint/20-envsubst-on-templates.sh @@ -2,7 +2,7 @@ set -e -ME=$(basename $0) +ME=$(basename "$0") entrypoint_log() { if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then @@ -44,8 +44,8 @@ auto_envsubst() { return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$output_dir/${relative_path%$suffix}" + relative_path="${template#"$template_dir/"}" + output_path="$output_dir/${relative_path%"$suffix"}" subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" @@ -62,8 +62,8 @@ auto_envsubst() { fi add_stream_block find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$stream_output_dir/${relative_path%$stream_suffix}" + relative_path="${template#"$template_dir/"}" + output_path="$stream_output_dir/${relative_path%"$stream_suffix"}" subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$stream_output_dir/$subdir" diff --git a/entrypoint/30-tune-worker-processes.sh b/entrypoint/30-tune-worker-processes.sh index 9aa42e98..defb994f 100755 --- a/entrypoint/30-tune-worker-processes.sh +++ b/entrypoint/30-tune-worker-processes.sh @@ -4,7 +4,7 @@ set -eu LC_ALL=C -ME=$( basename "$0" ) +ME=$(basename "$0") PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 diff --git a/entrypoint/docker-entrypoint.sh b/entrypoint/docker-entrypoint.sh index e201fe60..8ea04f21 100755 --- a/entrypoint/docker-entrypoint.sh +++ b/entrypoint/docker-entrypoint.sh @@ -9,7 +9,7 @@ entrypoint_log() { fi } -if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then +if [ "$1" = "nginx" ] || [ "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index e392c742..6119fbd0 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -77,6 +77,6 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi + && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi diff --git a/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh b/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh index b2655860..b90bf0c9 100755 --- a/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh @@ -9,7 +9,7 @@ entrypoint_log() { fi } -ME=$(basename $0) +ME=$(basename "$0") DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available diff --git a/mainline/alpine-slim/15-local-resolvers.envsh b/mainline/alpine-slim/15-local-resolvers.envsh index 93062159..da963525 100755 --- a/mainline/alpine-slim/15-local-resolvers.envsh +++ b/mainline/alpine-slim/15-local-resolvers.envsh @@ -8,4 +8,5 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 -export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +export NGINX_LOCAL_RESOLVERS diff --git a/mainline/alpine-slim/20-envsubst-on-templates.sh b/mainline/alpine-slim/20-envsubst-on-templates.sh index f3fb9fcb..3804165c 100755 --- a/mainline/alpine-slim/20-envsubst-on-templates.sh +++ b/mainline/alpine-slim/20-envsubst-on-templates.sh @@ -2,7 +2,7 @@ set -e -ME=$(basename $0) +ME=$(basename "$0") entrypoint_log() { if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then @@ -44,8 +44,8 @@ auto_envsubst() { return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$output_dir/${relative_path%$suffix}" + relative_path="${template#"$template_dir/"}" + output_path="$output_dir/${relative_path%"$suffix"}" subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" @@ -62,8 +62,8 @@ auto_envsubst() { fi add_stream_block find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$stream_output_dir/${relative_path%$stream_suffix}" + relative_path="${template#"$template_dir/"}" + output_path="$stream_output_dir/${relative_path%"$stream_suffix"}" subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$stream_output_dir/$subdir" diff --git a/mainline/alpine-slim/30-tune-worker-processes.sh b/mainline/alpine-slim/30-tune-worker-processes.sh index 9aa42e98..defb994f 100755 --- a/mainline/alpine-slim/30-tune-worker-processes.sh +++ b/mainline/alpine-slim/30-tune-worker-processes.sh @@ -4,7 +4,7 @@ set -eu LC_ALL=C -ME=$( basename "$0" ) +ME=$(basename "$0") PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index b9133e06..9de2c8c7 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -79,9 +79,9 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ + && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in gettext so we can get `envsubst`, then throw # the rest away. To do this, we need to install `gettext` # then move `envsubst` out of the way so `gettext` can diff --git a/mainline/alpine-slim/docker-entrypoint.sh b/mainline/alpine-slim/docker-entrypoint.sh index e201fe60..8ea04f21 100755 --- a/mainline/alpine-slim/docker-entrypoint.sh +++ b/mainline/alpine-slim/docker-entrypoint.sh @@ -9,7 +9,7 @@ entrypoint_log() { fi } -if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then +if [ "$1" = "nginx" ] || [ "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index f2c5c88d..58282e3e 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -81,8 +81,8 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ + && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in curl and ca-certificates to make registering on DNS SD easier && apk add --no-cache curl ca-certificates diff --git a/mainline/debian/10-listen-on-ipv6-by-default.sh b/mainline/debian/10-listen-on-ipv6-by-default.sh index b2655860..b90bf0c9 100755 --- a/mainline/debian/10-listen-on-ipv6-by-default.sh +++ b/mainline/debian/10-listen-on-ipv6-by-default.sh @@ -9,7 +9,7 @@ entrypoint_log() { fi } -ME=$(basename $0) +ME=$(basename "$0") DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available diff --git a/mainline/debian/15-local-resolvers.envsh b/mainline/debian/15-local-resolvers.envsh index 93062159..da963525 100755 --- a/mainline/debian/15-local-resolvers.envsh +++ b/mainline/debian/15-local-resolvers.envsh @@ -8,4 +8,5 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 -export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +export NGINX_LOCAL_RESOLVERS diff --git a/mainline/debian/20-envsubst-on-templates.sh b/mainline/debian/20-envsubst-on-templates.sh index f3fb9fcb..3804165c 100755 --- a/mainline/debian/20-envsubst-on-templates.sh +++ b/mainline/debian/20-envsubst-on-templates.sh @@ -2,7 +2,7 @@ set -e -ME=$(basename $0) +ME=$(basename "$0") entrypoint_log() { if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then @@ -44,8 +44,8 @@ auto_envsubst() { return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$output_dir/${relative_path%$suffix}" + relative_path="${template#"$template_dir/"}" + output_path="$output_dir/${relative_path%"$suffix"}" subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" @@ -62,8 +62,8 @@ auto_envsubst() { fi add_stream_block find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$stream_output_dir/${relative_path%$stream_suffix}" + relative_path="${template#"$template_dir/"}" + output_path="$stream_output_dir/${relative_path%"$stream_suffix"}" subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$stream_output_dir/$subdir" diff --git a/mainline/debian/30-tune-worker-processes.sh b/mainline/debian/30-tune-worker-processes.sh index 9aa42e98..defb994f 100755 --- a/mainline/debian/30-tune-worker-processes.sh +++ b/mainline/debian/30-tune-worker-processes.sh @@ -4,7 +4,7 @@ set -eu LC_ALL=C -ME=$( basename "$0" ) +ME=$(basename "$0") PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 diff --git a/mainline/debian/docker-entrypoint.sh b/mainline/debian/docker-entrypoint.sh index e201fe60..8ea04f21 100755 --- a/mainline/debian/docker-entrypoint.sh +++ b/mainline/debian/docker-entrypoint.sh @@ -9,7 +9,7 @@ entrypoint_log() { fi } -if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then +if [ "$1" = "nginx" ] || [ "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 633809b8..5e5b3af1 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -77,6 +77,6 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi + && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi diff --git a/stable/alpine-slim/10-listen-on-ipv6-by-default.sh b/stable/alpine-slim/10-listen-on-ipv6-by-default.sh index b2655860..b90bf0c9 100755 --- a/stable/alpine-slim/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine-slim/10-listen-on-ipv6-by-default.sh @@ -9,7 +9,7 @@ entrypoint_log() { fi } -ME=$(basename $0) +ME=$(basename "$0") DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available diff --git a/stable/alpine-slim/15-local-resolvers.envsh b/stable/alpine-slim/15-local-resolvers.envsh index 93062159..da963525 100755 --- a/stable/alpine-slim/15-local-resolvers.envsh +++ b/stable/alpine-slim/15-local-resolvers.envsh @@ -8,4 +8,5 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 -export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +export NGINX_LOCAL_RESOLVERS diff --git a/stable/alpine-slim/20-envsubst-on-templates.sh b/stable/alpine-slim/20-envsubst-on-templates.sh index f3fb9fcb..3804165c 100755 --- a/stable/alpine-slim/20-envsubst-on-templates.sh +++ b/stable/alpine-slim/20-envsubst-on-templates.sh @@ -2,7 +2,7 @@ set -e -ME=$(basename $0) +ME=$(basename "$0") entrypoint_log() { if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then @@ -44,8 +44,8 @@ auto_envsubst() { return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$output_dir/${relative_path%$suffix}" + relative_path="${template#"$template_dir/"}" + output_path="$output_dir/${relative_path%"$suffix"}" subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" @@ -62,8 +62,8 @@ auto_envsubst() { fi add_stream_block find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$stream_output_dir/${relative_path%$stream_suffix}" + relative_path="${template#"$template_dir/"}" + output_path="$stream_output_dir/${relative_path%"$stream_suffix"}" subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$stream_output_dir/$subdir" diff --git a/stable/alpine-slim/30-tune-worker-processes.sh b/stable/alpine-slim/30-tune-worker-processes.sh index 9aa42e98..defb994f 100755 --- a/stable/alpine-slim/30-tune-worker-processes.sh +++ b/stable/alpine-slim/30-tune-worker-processes.sh @@ -4,7 +4,7 @@ set -eu LC_ALL=C -ME=$( basename "$0" ) +ME=$(basename "$0") PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 87587756..1826029e 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -79,9 +79,9 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ + && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in gettext so we can get `envsubst`, then throw # the rest away. To do this, we need to install `gettext` # then move `envsubst` out of the way so `gettext` can diff --git a/stable/alpine-slim/docker-entrypoint.sh b/stable/alpine-slim/docker-entrypoint.sh index e201fe60..8ea04f21 100755 --- a/stable/alpine-slim/docker-entrypoint.sh +++ b/stable/alpine-slim/docker-entrypoint.sh @@ -9,7 +9,7 @@ entrypoint_log() { fi } -if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then +if [ "$1" = "nginx" ] || [ "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index b703af15..629e1755 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -81,8 +81,8 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ + && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in curl and ca-certificates to make registering on DNS SD easier && apk add --no-cache curl ca-certificates diff --git a/stable/debian/10-listen-on-ipv6-by-default.sh b/stable/debian/10-listen-on-ipv6-by-default.sh index b2655860..b90bf0c9 100755 --- a/stable/debian/10-listen-on-ipv6-by-default.sh +++ b/stable/debian/10-listen-on-ipv6-by-default.sh @@ -9,7 +9,7 @@ entrypoint_log() { fi } -ME=$(basename $0) +ME=$(basename "$0") DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available diff --git a/stable/debian/15-local-resolvers.envsh b/stable/debian/15-local-resolvers.envsh index 93062159..da963525 100755 --- a/stable/debian/15-local-resolvers.envsh +++ b/stable/debian/15-local-resolvers.envsh @@ -8,4 +8,5 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 -export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +export NGINX_LOCAL_RESOLVERS diff --git a/stable/debian/20-envsubst-on-templates.sh b/stable/debian/20-envsubst-on-templates.sh index f3fb9fcb..3804165c 100755 --- a/stable/debian/20-envsubst-on-templates.sh +++ b/stable/debian/20-envsubst-on-templates.sh @@ -2,7 +2,7 @@ set -e -ME=$(basename $0) +ME=$(basename "$0") entrypoint_log() { if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then @@ -44,8 +44,8 @@ auto_envsubst() { return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$output_dir/${relative_path%$suffix}" + relative_path="${template#"$template_dir/"}" + output_path="$output_dir/${relative_path%"$suffix"}" subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" @@ -62,8 +62,8 @@ auto_envsubst() { fi add_stream_block find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$stream_output_dir/${relative_path%$stream_suffix}" + relative_path="${template#"$template_dir/"}" + output_path="$stream_output_dir/${relative_path%"$stream_suffix"}" subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$stream_output_dir/$subdir" diff --git a/stable/debian/30-tune-worker-processes.sh b/stable/debian/30-tune-worker-processes.sh index 9aa42e98..defb994f 100755 --- a/stable/debian/30-tune-worker-processes.sh +++ b/stable/debian/30-tune-worker-processes.sh @@ -4,7 +4,7 @@ set -eu LC_ALL=C -ME=$( basename "$0" ) +ME=$(basename "$0") PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 diff --git a/stable/debian/docker-entrypoint.sh b/stable/debian/docker-entrypoint.sh index e201fe60..8ea04f21 100755 --- a/stable/debian/docker-entrypoint.sh +++ b/stable/debian/docker-entrypoint.sh @@ -9,7 +9,7 @@ entrypoint_log() { fi } -if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then +if [ "$1" = "nginx" ] || [ "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" From 3aac9b12463cf031037f7e21b3857f9a4bec3f28 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Mon, 24 Jul 2023 23:11:17 +0200 Subject: [PATCH 284/377] docs: Add community related docs docs: address PR feedback Move README section uptop Replace project with repo name where appropriate --- .github/ISSUE_TEMPLATE/bug_report.md | 33 ++++++++++++++ .github/ISSUE_TEMPLATE/feature_request.md | 23 ++++++++++ .github/pull_request_template.md | 12 +++++ CODE_OF_CONDUCT.md | 2 +- CONTRIBUTING.md | 53 +++++++++++++++++++++++ LICENSE | 2 +- README.md | 15 ++++++- SECURITY.md | 14 ++++++ SUPPORT.md | 37 ++++++++++++++++ 9 files changed, 188 insertions(+), 3 deletions(-) create mode 100644 .github/ISSUE_TEMPLATE/bug_report.md create mode 100644 .github/ISSUE_TEMPLATE/feature_request.md create mode 100644 .github/pull_request_template.md create mode 100644 CONTRIBUTING.md create mode 100644 SECURITY.md create mode 100644 SUPPORT.md diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 00000000..6c7471a3 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,33 @@ +--- +name: Bug report +about: Create a report to help us improve +title: "" +labels: "" +assignees: "" +--- + +### Describe the bug + +A clear and concise description of what the bug is. + +### To reproduce + +Steps to reproduce the behavior: + +1. Deploy the NGINX Docker image using ... +2. View output/logs/configuration on ... +3. See error + +### Expected behavior + +A clear and concise description of what you expected to happen. + +### Your environment + +- Version/release of Docker and method of installation (e.g. Docker Desktop / Docker Server) +- Version/tag of the NGINX Docker image (e.g. `nginx:alpine`) +- Target deployment platform (e.g. OpenShift / Kubernetes / Docker Compose / etc...) + +### Additional context + +Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 00000000..e2242abb --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,23 @@ +--- +name: Feature request +about: Suggest an idea for this project +title: "" +labels: "" +assignees: "" +--- + +### Is your feature request related to a problem? Please describe + +A clear and concise description of what the problem is. Ex. I'm always frustrated when ... + +### Describe the solution you'd like + +A clear and concise description of what you want to happen. + +### Describe alternatives you've considered + +A clear and concise description of any alternative solutions or features you've considered. + +### Additional context + +Add any other context or screenshots about the feature request here. diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 00000000..e869fe51 --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,12 @@ +### Proposed changes + +Describe the use case and detail of the change. If this PR addresses an issue on GitHub, make sure to include a link to that issue using one of the [supported keywords](https://docs.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue) here in this description (not in the title of the PR). + +### Checklist + +Before creating a PR, run through this checklist and mark each as complete: +- [ ] I have read the [`CONTRIBUTING`](https://github.com/nginxinc/docker-nginx/blob/master/CONTRIBUTING.md) document +- [ ] I have run `./update.sh` and ensured all entrypoint/Dockerfile template changes have been applied to the relevant image entrypoint scripts & Dockerfiles +- [ ] If applicable, I have added tests that prove my fix is effective or that my feature works +- [ ] If applicable, I have checked that any relevant tests pass after adding my changes +- [ ] I have updated any relevant documentation diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index aea287f6..78354a27 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -55,7 +55,7 @@ further defined and clarified by project maintainers. ## Enforcement Instances of abusive, harassing, or otherwise unacceptable behavior may be -reported by contacting the moderation team at nginx-oss-community@f5.com. All +reported by contacting the moderation team at . All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 00000000..b4b86358 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,53 @@ +# Contributing Guidelines + +The following is a set of guidelines for contributing to the Docker NGINX image. We really appreciate that you are considering contributing! + +#### Table Of Contents + +[Getting Started](#getting-started) + +[Contributing](#contributing) + +[Code Guidelines](#code-guidelines) + +[Code of Conduct](https://github.com/nginxinc/docker-nginx/blob/master/CODE_OF_CONDUCT.md) + +## Getting Started + +Follow our [how to use this image guide](https://hub.docker.com/_/nginx/) to get the Docker NGINX image up and running. + +## Contributing + +### Report a Bug + +To report a bug, open an issue on GitHub with the label `bug` using the available bug report issue template. Please ensure the bug has not already been reported. **If the bug is a potential security vulnerability, please report it using our [security policy](https://github.com/nginxinc/docker-nginx/blob/master/SECURITY.md).** + +### Suggest a Feature or Enhancement + +To suggest a feature or enhancement, please create an issue on GitHub with the label `enhancement` using the available [feature request template](https://github.com/nginxinc/docker-nginx/blob/master/.github/feature_request_template.md). Please ensure the feature or enhancement has not already been suggested. + +### Open a Pull Request + +- Fork the repo, create a branch, implement your changes, add any relevant tests, submit a PR when your changes are **tested** and ready for review. +- Fill in [our pull request template](https://github.com/nginxinc/docker-nginx/blob/master/.github/pull_request_template.md). + +Note: if you'd like to implement a new feature, please consider creating a [feature request issue](https://github.com/nginxinc/docker-nginx/blob/master/.github/feature_request_template.md) first to start a discussion about the feature. + +## Code Guidelines + +### Git Guidelines + +- Keep a clean, concise and meaningful git commit history on your branch (within reason), rebasing locally and squashing before submitting a PR. +- If possible and/or relevant, use the [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) format when writing a commit message, so that changelogs can be automatically generated +- Follow the guidelines of writing a good commit message as described here and summarised in the next few points: + - In the subject line, use the present tense ("Add feature" not "Added feature"). + - In the subject line, use the imperative mood ("Move cursor to..." not "Moves cursor to..."). + - Limit the subject line to 72 characters or less. + - Reference issues and pull requests liberally after the subject line. + - Add more detailed description in the body of the git message (`git commit -a` to give you more space and time in your text editor to write a good message instead of `git commit -am`). + +### Docker Guidelines + +- Update any entrypoint scripts via the the scripts contained in the `/entrypoint` directory. +- Update any Dockerfiles via the Dockerfile templates in the root directory (e.g. `Dockerfile-alpine.template`). +- Run the `./update.sh` script to apply all entrypoint/Dockerfile template changes to the relevant image entrypoints & Dockerfiles. diff --git a/LICENSE b/LICENSE index bc1d673f..f5af4aac 100644 --- a/LICENSE +++ b/LICENSE @@ -1,4 +1,4 @@ -Copyright (C) 2011-2016 Nginx, Inc. +Copyright (C) 2011-2023 F5, Inc. All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/README.md b/README.md index e852ff4b..24d8e79c 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,6 @@ +[![Project Status: Active – The project has reached a stable, usable state and is being actively developed.](https://www.repostatus.org/badges/latest/active.svg)](https://www.repostatus.org/#active) +[![Community Support](https://badgen.net/badge/support/community/cyan?icon=awesome)](https://github.com/nginxinc/docker-nginx/blob/master/SUPPORT.md) + # About this Repo ## Maintained by: [the NGINX Docker Maintainers](https://github.com/nginxinc/docker-nginx) @@ -14,9 +17,19 @@ For more information about the full official images change lifecycle, see [the " For outstanding `nginx` image PRs, check [PRs with the "library/nginx" label on the official-images repository](https://github.com/docker-library/official-images/labels/library%2Fnginx). For the current "source of truth" for [`nginx`](https://hub.docker.com/_/nginx/), see [the `library/nginx` file in the official-images repository](https://github.com/docker-library/official-images/blob/master/library/nginx). +## Contributing + +Please see the [contributing guide](https://github.com/nginxinc/docker-nginx/blob/master/CONTRIBUTING.md) for guidelines on how to best contribute to this project. + +## License + +[BSD 2-Clause](https://github.com/nginxinc/docker-nginx/blob/master/LICENSE) + +© [F5, Inc.](https://www.f5.com/) 2023 + --- -- [![build status badge](https://img.shields.io/github/actions/workflow/status/nginxinc/docker-nginx/ci.yml?branch=master&label=GitHub%20CI)](https://github.com/nginxinc/docker-nginx/actions?query=workflow%3A%22GitHub+CI%22+branch%3Amaster) +- [![build status badge](https://img.shields.io/github/actions/workflow/status/nginxinc/docker-nginx/ci.yml?branch=master&label=GitHub%20CI)](https://github.com/nginxinc/docker-nginx/actions?query=workflow%3A%22GitHub+CI%22+branch%3Amaster) | Build | Status | Badges | (per-arch) | |:-:|:-:|:-:|:-:| diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..47a42e26 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,14 @@ +# Security Policy + +## Latest Versions + +We advise users to run or update to the most recent release of the NGINX Docker image. Older versions of the NGINX Docker image may not have all enhancements and/or bug fixes applied to them. + +## Reporting a Vulnerability + +The F5 Security Incident Response Team (F5 SIRT) has an email alias that makes it easy to report potential security vulnerabilities. + +- If you’re an F5 customer with an active support contract, please contact [F5 Technical Support](https://www.f5.com/services/support). +- If you aren’t an F5 customer, please report any potential or current instances of security vulnerabilities with any F5 product to the F5 Security Incident Response Team at . + +For more information visit [https://www.f5.com/services/support/report-a-vulnerability](https://www.f5.com/services/support/report-a-vulnerability) diff --git a/SUPPORT.md b/SUPPORT.md new file mode 100644 index 00000000..2a6b505d --- /dev/null +++ b/SUPPORT.md @@ -0,0 +1,37 @@ +# Support + +## Ask a Question + +We use GitHub for tracking bugs and feature requests related to all the Docker NGINX images (including all variants and container registries). + +Don't know how something in this project works? Curious if this project can achieve your desired functionality? Please open an issue on GitHub with the label `question`. + +## NGINX Specific Questions and/or Issues + +This isn't the right place to get support for NGINX specific questions, but the following resources are available below. Thanks for your understanding! + +### Community Slack + +We have a community [Slack](https://nginxcommunity.slack.com/)! + +If you are not a member, click [here](https://community.nginx.org/joinslack) to sign up (and let us know if the link does not seem to be working!) + +Once you join, check out the `#beginner-questions` and `nginx-users` channels :) + +### Documentation + +For a comprehensive list of all NGINX directives, check out . + +For a comprehensive list of admin and deployment guides for all NGINX products, check out . + +### Mailing List + +Want to get in touch with the NGINX development team directly? Try using the relevant mailing list found at ! + +## Contributing + +Please see the [contributing guide](https://github.com/nginxinc/docker-nginx/blob/master/CONTRIBUTING.md) for guidelines on how to best contribute to this project. + +## Commercial Support + +Commercial support for this project may be available. Please get in touch with [NGINX sales](https://www.nginx.com/contact-sales/) or check your contract details for more info! From 321a13a966eeff945196ddd31a629dad2aa85eda Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 15 Aug 2023 13:21:12 -0700 Subject: [PATCH 285/377] Updated mainline nginx to 1.25.2. --- mainline/alpine-perl/Dockerfile | 12 ++++++------ mainline/alpine-slim/Dockerfile | 12 ++++++------ mainline/alpine/Dockerfile | 12 ++++++------ mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 2 +- update.sh | 6 +++--- 6 files changed, 23 insertions(+), 23 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 6119fbd0..ee22c72f 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.1-alpine +FROM nginx:1.25.2-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -54,16 +54,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/e0da7da2b70a.tar.gz \ - && PKGOSSCHECKSUM=\"147d7cce3f47d4dbd7bbce8da3199943e15ba64d4be44f603bd90286f8d38320ad027bfa8506a00ca84964b763c19c4ab1d504f586cfc7798518df97700ab1a3 *e0da7da2b70a.tar.gz\" \ - && if [ \"\$(openssl sha512 -r e0da7da2b70a.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"64d3f504b246df1997d8442b12303944d2f51e09b35443b23da479af7790b9f84cf2ddf8ba108bdd712f92466f9a8e107b865a488f0898b87d39059f9f7ff56c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf e0da7da2b70a.tar.gz \ - && cd pkg-oss-e0da7da2b70a \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 9de2c8c7..d1ff2e01 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.18 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.25.1 +ENV NGINX_VERSION 1.25.2 ENV PKG_RELEASE 1 RUN set -x \ @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/e0da7da2b70a.tar.gz \ - && PKGOSSCHECKSUM=\"147d7cce3f47d4dbd7bbce8da3199943e15ba64d4be44f603bd90286f8d38320ad027bfa8506a00ca84964b763c19c4ab1d504f586cfc7798518df97700ab1a3 *e0da7da2b70a.tar.gz\" \ - && if [ \"\$(openssl sha512 -r e0da7da2b70a.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"64d3f504b246df1997d8442b12303944d2f51e09b35443b23da479af7790b9f84cf2ddf8ba108bdd712f92466f9a8e107b865a488f0898b87d39059f9f7ff56c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf e0da7da2b70a.tar.gz \ - && cd pkg-oss-e0da7da2b70a \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 58282e3e..834bd72e 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.1-alpine-slim +FROM nginx:1.25.2-alpine-slim ENV NJS_VERSION 0.8.0 @@ -58,16 +58,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/e0da7da2b70a.tar.gz \ - && PKGOSSCHECKSUM=\"147d7cce3f47d4dbd7bbce8da3199943e15ba64d4be44f603bd90286f8d38320ad027bfa8506a00ca84964b763c19c4ab1d504f586cfc7798518df97700ab1a3 *e0da7da2b70a.tar.gz\" \ - && if [ \"\$(openssl sha512 -r e0da7da2b70a.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"64d3f504b246df1997d8442b12303944d2f51e09b35443b23da479af7790b9f84cf2ddf8ba108bdd712f92466f9a8e107b865a488f0898b87d39059f9f7ff56c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf e0da7da2b70a.tar.gz \ - && cd pkg-oss-e0da7da2b70a \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 377cadb9..c557638f 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.1 +FROM nginx:1.25.2 RUN set -x \ && apt-get update \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index bc7c1943..bc172dec 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,7 +7,7 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.25.1 +ENV NGINX_VERSION 1.25.2 ENV NJS_VERSION 0.8.0 ENV PKG_RELEASE 1~bookworm diff --git a/update.sh b/update.sh index 269b3536..31d9a37c 100755 --- a/update.sh +++ b/update.sh @@ -12,7 +12,7 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.25.1' + [mainline]='1.25.2' [stable]='1.24.0' ) @@ -44,7 +44,7 @@ declare -A alpine=( # when building alpine packages on architectures not supported by nginx.org # Remember to update pkgosschecksum when changing this. declare -A rev=( - [mainline]='e0da7da2b70a' + [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' [stable]='e5d85b3424bb' ) @@ -52,7 +52,7 @@ declare -A rev=( # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='147d7cce3f47d4dbd7bbce8da3199943e15ba64d4be44f603bd90286f8d38320ad027bfa8506a00ca84964b763c19c4ab1d504f586cfc7798518df97700ab1a3' + [mainline]='64d3f504b246df1997d8442b12303944d2f51e09b35443b23da479af7790b9f84cf2ddf8ba108bdd712f92466f9a8e107b865a488f0898b87d39059f9f7ff56c' [stable]='4f33347bf05e7d7dd42a52b6e7af7ec21e3ed71df05a8ec16dd1228425f04e4318d88b1340370ccb6ad02cde590fc102094ddffbb1fc86d2085295a43f02f67b' ) From 4b0d808b8f320df132c154a974ebe46e9e5f5ffe Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 28 Aug 2023 12:56:43 -0700 Subject: [PATCH 286/377] Alpine: check if length of $tempDir is non-zero. Fixes #835. --- Dockerfile-alpine-perl.template | 2 +- Dockerfile-alpine-slim.template | 2 +- Dockerfile-alpine.template | 2 +- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine-slim/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 2 +- stable/alpine-slim/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/Dockerfile-alpine-perl.template b/Dockerfile-alpine-perl.template index c8c56ae8..d892f81b 100644 --- a/Dockerfile-alpine-perl.template +++ b/Dockerfile-alpine-perl.template @@ -66,6 +66,6 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template index 4a88c230..a5078971 100644 --- a/Dockerfile-alpine-slim.template +++ b/Dockerfile-alpine-slim.template @@ -73,7 +73,7 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in gettext so we can get `envsubst`, then throw diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 9bff5ab8..148d4ff2 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -71,7 +71,7 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in curl and ca-certificates to make registering on DNS SD easier diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index ee22c72f..a69383c3 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -77,6 +77,6 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index d1ff2e01..f1615308 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -79,7 +79,7 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in gettext so we can get `envsubst`, then throw diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 834bd72e..fc821534 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -81,7 +81,7 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in curl and ca-certificates to make registering on DNS SD easier diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 5e5b3af1..a70cca17 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -77,6 +77,6 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 1826029e..8d59f1bb 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -79,7 +79,7 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in gettext so we can get `envsubst`, then throw diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 629e1755..fbe85c5c 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -81,7 +81,7 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in curl and ca-certificates to make registering on DNS SD easier From 4bf0763f4977fff7e9648add59e0540088f3ca9f Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 24 Oct 2023 15:20:22 -0700 Subject: [PATCH 287/377] Updated mainline nginx to 1.25.3 and njs to 0.8.2. --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 4 ++-- update.sh | 6 +++--- 6 files changed, 13 insertions(+), 13 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index a69383c3..f2ecca4a 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.2-alpine +FROM nginx:1.25.3-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -55,7 +55,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"64d3f504b246df1997d8442b12303944d2f51e09b35443b23da479af7790b9f84cf2ddf8ba108bdd712f92466f9a8e107b865a488f0898b87d39059f9f7ff56c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"00b217979265cc9d66c991c9c89427558936dbaa568d175ca45780589171d94f1866217be09a83438d95494cf38baaa6788320f6d8d23f2fb29c03117391ff88 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index f1615308..d36ab160 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.18 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.25.2 +ENV NGINX_VERSION 1.25.3 ENV PKG_RELEASE 1 RUN set -x \ @@ -57,7 +57,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"64d3f504b246df1997d8442b12303944d2f51e09b35443b23da479af7790b9f84cf2ddf8ba108bdd712f92466f9a8e107b865a488f0898b87d39059f9f7ff56c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"00b217979265cc9d66c991c9c89427558936dbaa568d175ca45780589171d94f1866217be09a83438d95494cf38baaa6788320f6d8d23f2fb29c03117391ff88 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index fc821534..5dd4739d 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.2-alpine-slim +FROM nginx:1.25.3-alpine-slim -ENV NJS_VERSION 0.8.0 +ENV NJS_VERSION 0.8.2 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"64d3f504b246df1997d8442b12303944d2f51e09b35443b23da479af7790b9f84cf2ddf8ba108bdd712f92466f9a8e107b865a488f0898b87d39059f9f7ff56c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"00b217979265cc9d66c991c9c89427558936dbaa568d175ca45780589171d94f1866217be09a83438d95494cf38baaa6788320f6d8d23f2fb29c03117391ff88 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index c557638f..bbf88b06 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.2 +FROM nginx:1.25.3 RUN set -x \ && apt-get update \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index bc172dec..6bf4fdfc 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.25.2 -ENV NJS_VERSION 0.8.0 +ENV NGINX_VERSION 1.25.3 +ENV NJS_VERSION 0.8.2 ENV PKG_RELEASE 1~bookworm RUN set -x \ diff --git a/update.sh b/update.sh index 31d9a37c..9f9d0d13 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.25.2' + [mainline]='1.25.3' [stable]='1.24.0' ) # Current njs versions declare -A njs=( - [mainline]='0.8.0' + [mainline]='0.8.2' [stable]='0.8.0' ) @@ -52,7 +52,7 @@ declare -A rev=( # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='64d3f504b246df1997d8442b12303944d2f51e09b35443b23da479af7790b9f84cf2ddf8ba108bdd712f92466f9a8e107b865a488f0898b87d39059f9f7ff56c' + [mainline]='00b217979265cc9d66c991c9c89427558936dbaa568d175ca45780589171d94f1866217be09a83438d95494cf38baaa6788320f6d8d23f2fb29c03117391ff88' [stable]='4f33347bf05e7d7dd42a52b6e7af7ec21e3ed71df05a8ec16dd1228425f04e4318d88b1340370ccb6ad02cde590fc102094ddffbb1fc86d2085295a43f02f67b' ) From 6cb33076be05c335be33b1d52cfb677533a303f1 Mon Sep 17 00:00:00 2001 From: Jesper Noordsij <45041769+jnoordsij@users.noreply.github.com> Date: Mon, 8 Jan 2024 19:00:18 +0100 Subject: [PATCH 288/377] Replace COPY with bind mount in Alpine modules example --- modules/Dockerfile.alpine | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/modules/Dockerfile.alpine b/modules/Dockerfile.alpine index 347c6a65..230eb462 100644 --- a/modules/Dockerfile.alpine +++ b/modules/Dockerfile.alpine @@ -62,10 +62,9 @@ RUN set -ex \ && echo "BUILT_MODULES=\"$BUILT_MODULES\"" > /tmp/packages/modules.env FROM ${NGINX_FROM_IMAGE} -COPY --from=builder /tmp/packages /tmp/packages -RUN set -ex \ +RUN --mount=type=bind,target=/tmp/packages/,source=/tmp/packages/,from=builder \ + set -ex \ && . /tmp/packages/modules.env \ && for module in $BUILT_MODULES; do \ apk add --no-cache --allow-untrusted /tmp/packages/nginx-module-${module}-${NGINX_VERSION}*.apk; \ - done \ - && rm -rf /tmp/packages + done From 7399d225a285628b679e40f4c2bd9efee76a2359 Mon Sep 17 00:00:00 2001 From: Jesper Noordsij <45041769+jnoordsij@users.noreply.github.com> Date: Mon, 8 Jan 2024 19:03:36 +0100 Subject: [PATCH 289/377] Replace COPY with bind mount in default modules example --- modules/Dockerfile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/modules/Dockerfile b/modules/Dockerfile index 79b58f4d..8a261abf 100644 --- a/modules/Dockerfile +++ b/modules/Dockerfile @@ -70,12 +70,11 @@ RUN set -ex \ && echo "BUILT_MODULES=\"$BUILT_MODULES\"" > /tmp/packages/modules.env FROM ${NGINX_FROM_IMAGE} -COPY --from=builder /tmp/packages /tmp/packages -RUN set -ex \ +RUN --mount=type=bind,target=/tmp/packages/,source=/tmp/packages/,from=builder \ + set -ex \ && apt update \ && . /tmp/packages/modules.env \ && for module in $BUILT_MODULES; do \ apt install --no-install-suggests --no-install-recommends -y /tmp/packages/nginx-module-${module}_${NGINX_VERSION}*.deb; \ done \ - && rm -rf /tmp/packages \ && rm -rf /var/lib/apt/lists/ From 5b37ab090f1c8269d252dfb479865955cbe50bce Mon Sep 17 00:00:00 2001 From: Jesper Noordsij Date: Tue, 9 Jan 2024 09:48:27 +0100 Subject: [PATCH 290/377] Use Docker BuildKit for modules test buils --- .test/tests/modules/run.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.test/tests/modules/run.sh b/.test/tests/modules/run.sh index 9dbe4c3d..257cdd55 100755 --- a/.test/tests/modules/run.sh +++ b/.test/tests/modules/run.sh @@ -32,7 +32,7 @@ fi # Create an instance of the container-under-test modulesImage="$("$HOME/oi/test/tests/image-name.sh" librarytest/nginx-template "$image")" -DOCKER_BUILDKIT=0 docker build --build-arg NGINX_FROM_IMAGE="$image" --build-arg ENABLED_MODULES="ndk set-misc echo" -t "$modulesImage" -f "modules/$dockerfile" "$GITHUB_WORKSPACE/modules" +docker build --build-arg NGINX_FROM_IMAGE="$image" --build-arg ENABLED_MODULES="ndk set-misc echo" -t "$modulesImage" -f "modules/$dockerfile" "$GITHUB_WORKSPACE/modules" serverImage="${modulesImage}-sme" "$HOME/oi/test/tests/docker-build.sh" "$dir" "$serverImage" < Date: Tue, 9 Jan 2024 09:48:43 +0100 Subject: [PATCH 291/377] Add requirement of BuildKit to modules README --- modules/README.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/modules/README.md b/modules/README.md index b2f3965d..887eaa58 100644 --- a/modules/README.md +++ b/modules/README.md @@ -5,6 +5,17 @@ your own instuctions following a simple filesystem layout/syntax using `build_module.sh` helper script, or falling back to package sources from [pkg-oss](https://hg.nginx.org/pkg-oss). +## Requirements + +To use the Dockerfiles provided here, +[Docker BuildKit](https://docs.docker.com/build/buildkit/) is required. +This is enabled by default as of version 23.0; for earlier versions this can be +enabled by setting the environment variable `DOCKER_BUILDKIT` to `1`. + +If you can not or do not want to use BuildKit, you can use a previous version +of these files, see for example +https://github.com/nginxinc/docker-nginx/tree/4bf0763f4977fff7e9648add59e0540088f3ca9f/modules. + ## Usage ``` From 77dafa64e30a024c7bae7a37bb0741fefc0762cf Mon Sep 17 00:00:00 2001 From: Christian Loos Date: Fri, 13 Jan 2023 17:17:57 +0100 Subject: [PATCH 292/377] use apt-get instead of apt in modules/Dockerfile Do not use apt as it is meant to be an end-user tool. --- modules/Dockerfile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/Dockerfile b/modules/Dockerfile index 8a261abf..f9aba1da 100644 --- a/modules/Dockerfile +++ b/modules/Dockerfile @@ -12,8 +12,8 @@ RUN set -ex \ COPY ./ /modules/ RUN set -ex \ - && apt update \ - && apt install -y --no-install-suggests --no-install-recommends \ + && apt-get update \ + && apt-get install -y --no-install-suggests --no-install-recommends \ patch make wget mercurial devscripts debhelper dpkg-dev \ quilt lsb-release build-essential libxml2-utils xsltproc \ equivs git g++ libparse-recdescent-perl \ @@ -42,7 +42,7 @@ RUN set -ex \ # some modules require build dependencies if [ -f /modules/$module/build-deps ]; then \ echo "Installing $module build dependencies"; \ - apt update && apt install -y --no-install-suggests --no-install-recommends $(cat /modules/$module/build-deps | xargs); \ + apt-get update && apt-get install -y --no-install-suggests --no-install-recommends $(cat /modules/$module/build-deps | xargs); \ fi; \ # if a module has a build dependency that is not in a distro, provide a # shell script to fetch/build/install those @@ -72,9 +72,9 @@ RUN set -ex \ FROM ${NGINX_FROM_IMAGE} RUN --mount=type=bind,target=/tmp/packages/,source=/tmp/packages/,from=builder \ set -ex \ - && apt update \ + && apt-get update \ && . /tmp/packages/modules.env \ && for module in $BUILT_MODULES; do \ - apt install --no-install-suggests --no-install-recommends -y /tmp/packages/nginx-module-${module}_${NGINX_VERSION}*.deb; \ + apt-get install --no-install-suggests --no-install-recommends -y /tmp/packages/nginx-module-${module}_${NGINX_VERSION}*.deb; \ done \ && rm -rf /var/lib/apt/lists/ From 5b7624a8f98af507d6d1da2ad7b01806305524ae Mon Sep 17 00:00:00 2001 From: Christian Loos Date: Fri, 13 Jan 2023 17:27:21 +0100 Subject: [PATCH 293/377] use "-o pipefail" for RUN commands in modules Dockerfiles see: https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#using-pipes https://github.com/hadolint/hadolint/wiki/DL4006 --- modules/Dockerfile | 11 +++++------ modules/Dockerfile.alpine | 11 +++++------ 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/modules/Dockerfile b/modules/Dockerfile index f9aba1da..e9dea75b 100644 --- a/modules/Dockerfile +++ b/modules/Dockerfile @@ -3,16 +3,16 @@ FROM ${NGINX_FROM_IMAGE} as builder ARG ENABLED_MODULES -RUN set -ex \ - && if [ "$ENABLED_MODULES" = "" ]; then \ +SHELL ["/bin/bash", "-exo", "pipefail", "-c"] + +RUN if [ "$ENABLED_MODULES" = "" ]; then \ echo "No additional modules enabled, exiting"; \ exit 1; \ fi COPY ./ /modules/ -RUN set -ex \ - && apt-get update \ +RUN apt-get update \ && apt-get install -y --no-install-suggests --no-install-recommends \ patch make wget mercurial devscripts debhelper dpkg-dev \ quilt lsb-release build-essential libxml2-utils xsltproc \ @@ -71,8 +71,7 @@ RUN set -ex \ FROM ${NGINX_FROM_IMAGE} RUN --mount=type=bind,target=/tmp/packages/,source=/tmp/packages/,from=builder \ - set -ex \ - && apt-get update \ + apt-get update \ && . /tmp/packages/modules.env \ && for module in $BUILT_MODULES; do \ apt-get install --no-install-suggests --no-install-recommends -y /tmp/packages/nginx-module-${module}_${NGINX_VERSION}*.deb; \ diff --git a/modules/Dockerfile.alpine b/modules/Dockerfile.alpine index 230eb462..4b6b0910 100644 --- a/modules/Dockerfile.alpine +++ b/modules/Dockerfile.alpine @@ -3,16 +3,16 @@ FROM ${NGINX_FROM_IMAGE} as builder ARG ENABLED_MODULES -RUN set -ex \ - && if [ "$ENABLED_MODULES" = "" ]; then \ +SHELL ["/bin/ash", "-exo", "pipefail", "-c"] + +RUN if [ "$ENABLED_MODULES" = "" ]; then \ echo "No additional modules enabled, exiting"; \ exit 1; \ fi COPY ./ /modules/ -RUN set -ex \ - && apk update \ +RUN apk update \ && apk add linux-headers openssl-dev pcre2-dev zlib-dev openssl abuild \ musl-dev libxslt libxml2-utils make mercurial gcc unzip git \ xz g++ coreutils \ @@ -63,8 +63,7 @@ RUN set -ex \ FROM ${NGINX_FROM_IMAGE} RUN --mount=type=bind,target=/tmp/packages/,source=/tmp/packages/,from=builder \ - set -ex \ - && . /tmp/packages/modules.env \ + . /tmp/packages/modules.env \ && for module in $BUILT_MODULES; do \ apk add --no-cache --allow-untrusted /tmp/packages/nginx-module-${module}-${NGINX_VERSION}*.apk; \ done From 75d5e98b637f193781676bf5ea7c7704273b4355 Mon Sep 17 00:00:00 2001 From: Ambrose Chua Date: Thu, 4 Jan 2024 11:29:55 +0800 Subject: [PATCH 294/377] Add IPv6 support for local-resolvers substitution script --- entrypoint/15-local-resolvers.envsh | 2 +- mainline/alpine-slim/15-local-resolvers.envsh | 2 +- mainline/debian/15-local-resolvers.envsh | 2 +- stable/alpine-slim/15-local-resolvers.envsh | 2 +- stable/debian/15-local-resolvers.envsh | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/entrypoint/15-local-resolvers.envsh b/entrypoint/15-local-resolvers.envsh index da963525..450a999f 100755 --- a/entrypoint/15-local-resolvers.envsh +++ b/entrypoint/15-local-resolvers.envsh @@ -8,5 +8,5 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 -NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {if ($2 ~ ":") {print "["$2"]"} else {print $2}}' /etc/resolv.conf) export NGINX_LOCAL_RESOLVERS diff --git a/mainline/alpine-slim/15-local-resolvers.envsh b/mainline/alpine-slim/15-local-resolvers.envsh index da963525..450a999f 100755 --- a/mainline/alpine-slim/15-local-resolvers.envsh +++ b/mainline/alpine-slim/15-local-resolvers.envsh @@ -8,5 +8,5 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 -NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {if ($2 ~ ":") {print "["$2"]"} else {print $2}}' /etc/resolv.conf) export NGINX_LOCAL_RESOLVERS diff --git a/mainline/debian/15-local-resolvers.envsh b/mainline/debian/15-local-resolvers.envsh index da963525..450a999f 100755 --- a/mainline/debian/15-local-resolvers.envsh +++ b/mainline/debian/15-local-resolvers.envsh @@ -8,5 +8,5 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 -NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {if ($2 ~ ":") {print "["$2"]"} else {print $2}}' /etc/resolv.conf) export NGINX_LOCAL_RESOLVERS diff --git a/stable/alpine-slim/15-local-resolvers.envsh b/stable/alpine-slim/15-local-resolvers.envsh index da963525..450a999f 100755 --- a/stable/alpine-slim/15-local-resolvers.envsh +++ b/stable/alpine-slim/15-local-resolvers.envsh @@ -8,5 +8,5 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 -NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {if ($2 ~ ":") {print "["$2"]"} else {print $2}}' /etc/resolv.conf) export NGINX_LOCAL_RESOLVERS diff --git a/stable/debian/15-local-resolvers.envsh b/stable/debian/15-local-resolvers.envsh index da963525..450a999f 100755 --- a/stable/debian/15-local-resolvers.envsh +++ b/stable/debian/15-local-resolvers.envsh @@ -8,5 +8,5 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 -NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {if ($2 ~ ":") {print "["$2"]"} else {print $2}}' /etc/resolv.conf) export NGINX_LOCAL_RESOLVERS From 418a6ea01041c873c01c1c43ce34663866251e1d Mon Sep 17 00:00:00 2001 From: Ambrose Chua Date: Thu, 4 Jan 2024 11:56:19 +0800 Subject: [PATCH 295/377] Add tests --- .test/tests/templates-resolver-ipv6/run.sh | 60 +++++++++++++++++++ .../server.conf.template | 9 +++ 2 files changed, 69 insertions(+) create mode 100755 .test/tests/templates-resolver-ipv6/run.sh create mode 100644 .test/tests/templates-resolver-ipv6/server.conf.template diff --git a/.test/tests/templates-resolver-ipv6/run.sh b/.test/tests/templates-resolver-ipv6/run.sh new file mode 100755 index 00000000..8ebbabf9 --- /dev/null +++ b/.test/tests/templates-resolver-ipv6/run.sh @@ -0,0 +1,60 @@ +#!/bin/bash + +[ "$DEBUG" ] && set -x + +set -eo pipefail + +# check if we have ipv6 available +if [ ! -f "/proc/net/if_inet6" ]; then + exit 0 +fi + +dir="$(dirname "$(readlink -f "$BASH_SOURCE")")" + +image="$1" + +clientImage='buildpack-deps:buster-curl' +# ensure the clientImage is ready and available +if ! docker image inspect "$clientImage" &> /dev/null; then + docker pull "$clientImage" > /dev/null +fi + +# Create a new Docker network +nid="$(docker network create --ipv6 --subnet fd0c:7e57::/64 nginx-test-ipv6-network)" +trap "docker network rm -f $nid > /dev/null" EXIT + +# Create an instance of the container-under-test +serverImage="$("$HOME/oi/test/tests/image-name.sh" librarytest/nginx-template "$image")" +"$HOME/oi/test/tests/docker-build.sh" "$dir" "$serverImage" < /dev/null" EXIT + +_request() { + local method="$1" + shift + + local proto="$1" + shift + + local url="${1#/}" + shift + + if [ "$(docker inspect -f '{{.State.Running}}' "$cid" 2>/dev/null)" != 'true' ]; then + echo >&2 "$image stopped unexpectedly!" + ( set -x && docker logs "$cid" ) >&2 || true + false + fi + + docker run --rm \ + --link "$cid":nginx \ + "$clientImage" \ + curl -fsSL -X"$method" --connect-to '::nginx:' "$@" "$proto://example.com/$url" +} + +. "$HOME/oi/test/retry.sh" '[ "$(_request GET / --output /dev/null || echo $?)" != 7 ]' + +# Check that we can request / +_request GET http '/resolver-templates' | grep 'example.com - OK' diff --git a/.test/tests/templates-resolver-ipv6/server.conf.template b/.test/tests/templates-resolver-ipv6/server.conf.template new file mode 100644 index 00000000..04a0c085 --- /dev/null +++ b/.test/tests/templates-resolver-ipv6/server.conf.template @@ -0,0 +1,9 @@ +resolver ${NGINX_LOCAL_RESOLVERS}; + +server { + listen 80; + server_name ${NGINX_MY_SERVER_NAME}; + default_type text/plain; + location = / { return 200 'OK\n'; } + location / { return 200 "${NGINX_MY_SERVER_NAME} - OK\n"; } +} From a06a1689fcb98f8d84979e4fc41dfce298206b73 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 6 Feb 2024 13:51:00 -0800 Subject: [PATCH 296/377] CI: added templates-resolver-ipv6 to the test runs. --- .test/config.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/.test/config.sh b/.test/config.sh index 87e466a6..e371f404 100755 --- a/.test/config.sh +++ b/.test/config.sh @@ -4,6 +4,7 @@ imageTests+=( static templates templates-resolver + templates-resolver-ipv6 workers modules ' From e230e12e34036a35af1393060be1f03159be76d5 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 6 Feb 2024 14:00:30 -0800 Subject: [PATCH 297/377] CI: fixed templates-resolver-ipv6 tests. --- .../expected-std-out.txt | 2 ++ .test/tests/templates-resolver-ipv6/run.sh | 29 ++++++++++++++++--- .../server.conf.template | 1 + 3 files changed, 28 insertions(+), 4 deletions(-) create mode 100644 .test/tests/templates-resolver-ipv6/expected-std-out.txt diff --git a/.test/tests/templates-resolver-ipv6/expected-std-out.txt b/.test/tests/templates-resolver-ipv6/expected-std-out.txt new file mode 100644 index 00000000..5309ac82 --- /dev/null +++ b/.test/tests/templates-resolver-ipv6/expected-std-out.txt @@ -0,0 +1,2 @@ +example.com - OK +ipv6 nameserver(s) present diff --git a/.test/tests/templates-resolver-ipv6/run.sh b/.test/tests/templates-resolver-ipv6/run.sh index 8ebbabf9..a7bc3332 100755 --- a/.test/tests/templates-resolver-ipv6/run.sh +++ b/.test/tests/templates-resolver-ipv6/run.sh @@ -21,7 +21,10 @@ fi # Create a new Docker network nid="$(docker network create --ipv6 --subnet fd0c:7e57::/64 nginx-test-ipv6-network)" -trap "docker network rm -f $nid > /dev/null" EXIT + +_network_exit_handler() { + docker network rm -f $nid > /dev/null +} # Create an instance of the container-under-test serverImage="$("$HOME/oi/test/tests/image-name.sh" librarytest/nginx-template "$image")" @@ -30,7 +33,14 @@ FROM $image COPY dir/server.conf.template /etc/nginx/templates/server.conf.template EOD cid="$(docker run -d --network $nid -e NGINX_ENTRYPOINT_LOCAL_RESOLVERS=true -e NGINX_MY_SERVER_NAME=example.com "$serverImage")" -trap "docker rm -vf $cid > /dev/null" EXIT + +_container_exit_handler() { + docker rm -vf $cid > /dev/null +} +_exit_handler() { _container_exit_handler; _network_exit_handler; } +trap "_exit_handler" EXIT + +ipv6cid="$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.GlobalIPv6Address}}{{end}}' $cid)" _request() { local method="$1" @@ -49,12 +59,23 @@ _request() { fi docker run --rm \ - --link "$cid":nginx \ + --network "$nid" \ "$clientImage" \ - curl -fsSL -X"$method" --connect-to '::nginx:' "$@" "$proto://example.com/$url" + curl -fsSL -X"$method" --connect-to "::[$ipv6cid]:" "$@" "$proto://example.com/$url" } . "$HOME/oi/test/retry.sh" '[ "$(_request GET / --output /dev/null || echo $?)" != 7 ]' # Check that we can request / _request GET http '/resolver-templates' | grep 'example.com - OK' + +result="$(docker exec $cid grep resolver /etc/nginx/conf.d/server.conf)" + +case "$result" in + resolver*\[*\]*) + echo "ipv6 nameserver(s) present" + ;; + *) + echo "no ipv6 nameserver(s) present" + ;; +esac diff --git a/.test/tests/templates-resolver-ipv6/server.conf.template b/.test/tests/templates-resolver-ipv6/server.conf.template index 04a0c085..70835560 100644 --- a/.test/tests/templates-resolver-ipv6/server.conf.template +++ b/.test/tests/templates-resolver-ipv6/server.conf.template @@ -2,6 +2,7 @@ resolver ${NGINX_LOCAL_RESOLVERS}; server { listen 80; + listen [::]:80; server_name ${NGINX_MY_SERVER_NAME}; default_type text/plain; location = / { return 200 'OK\n'; } From 1f227619c1f1baa0bed8bed844ea614437ff14fb Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 14 Feb 2024 10:12:27 -0800 Subject: [PATCH 298/377] Updated mainline nginx to 1.25.4 and njs to 0.8.3. --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 4 ++-- update.sh | 6 +++--- 6 files changed, 13 insertions(+), 13 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index f2ecca4a..b500d17f 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.3-alpine +FROM nginx:1.25.4-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -55,7 +55,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"00b217979265cc9d66c991c9c89427558936dbaa568d175ca45780589171d94f1866217be09a83438d95494cf38baaa6788320f6d8d23f2fb29c03117391ff88 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"79bf214256bf55700c776a87abfc3cf542323a267d879e89110aa44b551d12f6df7d56676a68f255ebbb54275185980d1fa37075f000d98e0ecac28db9e89fe3 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index d36ab160..2cdb70e1 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.18 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.25.3 +ENV NGINX_VERSION 1.25.4 ENV PKG_RELEASE 1 RUN set -x \ @@ -57,7 +57,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"00b217979265cc9d66c991c9c89427558936dbaa568d175ca45780589171d94f1866217be09a83438d95494cf38baaa6788320f6d8d23f2fb29c03117391ff88 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"79bf214256bf55700c776a87abfc3cf542323a267d879e89110aa44b551d12f6df7d56676a68f255ebbb54275185980d1fa37075f000d98e0ecac28db9e89fe3 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 5dd4739d..b3ee8c0a 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.3-alpine-slim +FROM nginx:1.25.4-alpine-slim -ENV NJS_VERSION 0.8.2 +ENV NJS_VERSION 0.8.3 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"00b217979265cc9d66c991c9c89427558936dbaa568d175ca45780589171d94f1866217be09a83438d95494cf38baaa6788320f6d8d23f2fb29c03117391ff88 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"79bf214256bf55700c776a87abfc3cf542323a267d879e89110aa44b551d12f6df7d56676a68f255ebbb54275185980d1fa37075f000d98e0ecac28db9e89fe3 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index bbf88b06..28d8d826 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.3 +FROM nginx:1.25.4 RUN set -x \ && apt-get update \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 6bf4fdfc..48b78ba4 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.25.3 -ENV NJS_VERSION 0.8.2 +ENV NGINX_VERSION 1.25.4 +ENV NJS_VERSION 0.8.3 ENV PKG_RELEASE 1~bookworm RUN set -x \ diff --git a/update.sh b/update.sh index 9f9d0d13..cb562666 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.25.3' + [mainline]='1.25.4' [stable]='1.24.0' ) # Current njs versions declare -A njs=( - [mainline]='0.8.2' + [mainline]='0.8.3' [stable]='0.8.0' ) @@ -52,7 +52,7 @@ declare -A rev=( # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='00b217979265cc9d66c991c9c89427558936dbaa568d175ca45780589171d94f1866217be09a83438d95494cf38baaa6788320f6d8d23f2fb29c03117391ff88' + [mainline]='79bf214256bf55700c776a87abfc3cf542323a267d879e89110aa44b551d12f6df7d56676a68f255ebbb54275185980d1fa37075f000d98e0ecac28db9e89fe3' [stable]='4f33347bf05e7d7dd42a52b6e7af7ec21e3ed71df05a8ec16dd1228425f04e4318d88b1340370ccb6ad02cde590fc102094ddffbb1fc86d2085295a43f02f67b' ) From e16114680b7ba115ffe4fe44be0b5b0bb14fba93 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 7 Mar 2024 20:51:38 -0800 Subject: [PATCH 299/377] Specify architecture to pull in the sync script. --- sync-awsecr.sh | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/sync-awsecr.sh b/sync-awsecr.sh index 5065c3b5..31705448 100755 --- a/sync-awsecr.sh +++ b/sync-awsecr.sh @@ -108,8 +108,16 @@ echo "export DOCKER_CLI_EXPERIMENTAL=enabled" echo echo "# pulling stuff" for arch in ${architectures[@]}; do + case $arch in + arm64v8) + parch="aarch64" + ;; + *) + parch=$arch + ;; + esac for tag in ${pulllist[@]}; do - echo "docker pull $arch/$tag"; + echo "docker pull --platform linux/$parch $arch/$tag"; done done From 67270a20ffca47f954593b540136974bc831a61c Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 7 Mar 2024 21:12:16 -0800 Subject: [PATCH 300/377] Specify distribution versions tags in sync script. This mostly synchronises it with generate-stackbrew-library.sh script. --- sync-awsecr.sh | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/sync-awsecr.sh b/sync-awsecr.sh index 31705448..e35d1807 100755 --- a/sync-awsecr.sh +++ b/sync-awsecr.sh @@ -71,12 +71,17 @@ for version in "${versions[@]}"; do fi versionAliases+=( ${aliases[$version]:-} ) - for tag in ${versionAliases[@]:1}; do + debianVersion="$(git show "$commit":"$version/$base/Dockerfile" | awk -F"[-:]" '$1 == "FROM debian" { print $2; exit }')" + debianAliases=( ${versionAliases[@]/%/-$debianVersion} ) + debianAliases=( "${debianAliases[@]//latest-/}" ) + + for tag in ${versionAliases[@]:1} ${debianAliases[@]:1}; do taglist["$image:$tag"]="$image:$fullVersion" done for variant in debian-perl; do variantAliases=( "${versionAliases[@]/%/-perl}" ) + variantAliases+=( "${versionAliases[@]/%/-${variant/debian/$debianVersion}}" ) variantAliases=( "${variantAliases[@]//latest-/}" ) for tag in ${variantAliases[@]}; do @@ -86,10 +91,13 @@ for version in "${versions[@]}"; do done done + alpineVersion="$(git show "$commit":"$version/alpine-slim/Dockerfile" | awk -F: '$1 == "FROM alpine" { print $2; exit }')" + for variant in alpine alpine-perl alpine-slim; do commit="$(dirCommit "$version/$variant")" variantAliases=( "${versionAliases[@]/%/-$variant}" ) + variantAliases+=( "${versionAliases[@]/%/-${variant/alpine/alpine$alpineVersion}}" ) variantAliases=( "${variantAliases[@]//latest-/}" ) for tag in ${variantAliases[@]}; do From 6f3d62b782254d12694260d1d92162111c73af6d Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 7 Mar 2024 21:13:03 -0800 Subject: [PATCH 301/377] generate-stackbrew-library.sh: simplify. alpine-slim is built on all architectures and is not different to other alpine versions, so no reason to have a separate section for it anymore. --- generate-stackbrew-library.sh | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index eba3c321..a7709d58 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -90,23 +90,7 @@ for version in "${versions[@]}"; do alpineVersion="$(git show "$commit":"$version/alpine-slim/Dockerfile" | awk -F: '$1 == "FROM alpine" { print $2; exit }')" - for variant in alpine alpine-perl; do - commit="$(dirCommit "$version/$variant")" - - variantAliases=( "${versionAliases[@]/%/-$variant}" ) - variantAliases+=( "${versionAliases[@]/%/-${variant/alpine/alpine$alpineVersion}}" ) - variantAliases=( "${variantAliases[@]//latest-/}" ) - - echo - cat <<-EOE - Tags: $(join ', ' "${variantAliases[@]}") - Architectures: arm64v8, arm32v6, arm32v7, ppc64le, s390x, i386, amd64 - GitCommit: $commit - Directory: $version/$variant - EOE - done - - for variant in alpine-slim; do + for variant in alpine alpine-perl alpine-slim; do commit="$(dirCommit "$version/$variant")" variantAliases=( "${versionAliases[@]/%/-$variant}" ) From 9cb278860bdcea48abc0bc770a29ead3fc9a1fe6 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 12 Dec 2023 14:03:09 -0800 Subject: [PATCH 302/377] Added an otel module image variant. The variant provides an image built with a recently opensourced opentelemetry module developed by F5/NGINX [1]. I've decided to make a separate variant based on the main image instead of extending it because the module build-depends on a fairly large chunk of C++ code from multiple projects, which takes around 10 minutes to compile and link on an 8-core amd64 machine. This is why it's currently limited to amd64 and arm64v8, which nginx.org provides builds for. Users can build them on less popular architectures as the instructions are still provided in the dockerfiles. Also, it's currently only available for the "mainline" branch, with "stable" to follow in the future. [1] https://nginx.org/en/docs/ngx_otel_module.html [2] https://nginx.org/en/linux_packages.html#dynmodules --- Dockerfile-alpine-otel.template | 76 ++++++++++++++++++++++++++ Dockerfile-debian-otel.template | 84 +++++++++++++++++++++++++++++ generate-stackbrew-library.sh | 39 ++++++++++++++ mainline/alpine-otel/Dockerfile | 87 ++++++++++++++++++++++++++++++ mainline/debian-otel/Dockerfile | 95 +++++++++++++++++++++++++++++++++ update.sh | 44 ++++++++++++--- 6 files changed, 419 insertions(+), 6 deletions(-) create mode 100644 Dockerfile-alpine-otel.template create mode 100644 Dockerfile-debian-otel.template create mode 100644 mainline/alpine-otel/Dockerfile create mode 100644 mainline/debian-otel/Dockerfile diff --git a/Dockerfile-alpine-otel.template b/Dockerfile-alpine-otel.template new file mode 100644 index 00000000..743c532c --- /dev/null +++ b/Dockerfile-alpine-otel.template @@ -0,0 +1,76 @@ +FROM nginx:%%NGINX_VERSION%%-alpine + +ENV OTEL_VERSION %%OTEL_VERSION%% + +RUN set -x \ + && apkArch="$(cat /etc/apk/arch)" \ + && nginxPackages="%%PACKAGES%% + " \ +# install prerequisites for public key and pkg-oss checks + && apk add --no-cache --virtual .checksum-deps \ + openssl \ + && case "$apkArch" in \ + x86_64|aarch64) \ +# arches officially built by upstream + set -x \ + && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ + && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ + && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ + echo "key verification succeeded!"; \ + mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ + else \ + echo "key verification failed!"; \ + exit 1; \ + fi \ + && apk add -X "%%PACKAGEREPO%%v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published packaging sources + set -x \ + && tempDir="$(mktemp -d)" \ + && chown nobody:nobody $tempDir \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre2-dev \ + zlib-dev \ + linux-headers \ + cmake \ + bash \ + alpine-sdk \ + findutils \ + xz \ + re2-dev \ + c-ares-dev \ + && su nobody -s /bin/sh -c " \ + export HOME=${tempDir} \ + && cd ${tempDir} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/%%REVISION%%.tar.gz \ + && PKGOSSCHECKSUM=\"%%PKGOSSCHECKSUM%% *%%REVISION%%.tar.gz\" \ + && if [ \"\$(openssl sha512 -r %%REVISION%%.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + echo \"pkg-oss tarball checksum verification succeeded!\"; \ + else \ + echo \"pkg-oss tarball checksum verification failed!\"; \ + exit 1; \ + fi \ + && tar xzvf %%REVISION%%.tar.gz \ + && cd pkg-oss-%%REVISION%% \ + && cd alpine \ + && make %%BUILDTARGET%% \ + && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ + " \ + && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ + && apk del --no-network .build-deps \ + && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ + ;; \ + esac \ +# remove checksum deps + && apk del --no-network .checksum-deps \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi diff --git a/Dockerfile-debian-otel.template b/Dockerfile-debian-otel.template new file mode 100644 index 00000000..2cc519b7 --- /dev/null +++ b/Dockerfile-debian-otel.template @@ -0,0 +1,84 @@ +FROM nginx:%%NGINX_VERSION%% + +ENV OTEL_VERSION %%OTEL_VERSION%% + +RUN set -x \ + && apt-get update \ + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ + && \ + NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + export GNUPGHOME="$(mktemp -d)"; \ + found=''; \ + for server in \ + hkp://keyserver.ubuntu.com:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ + gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ + rm -rf "$GNUPGHOME"; \ + apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ + && dpkgArch="$(dpkg --print-architecture)" \ + && nginxPackages="%%PACKAGES%% + " \ + && case "$dpkgArch" in \ + amd64|arm64) \ +# arches officialy built by upstream + echo "deb [signed-by=$NGINX_GPGKEY_PATH] %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ + && apt-get update \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published source packages + echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ + \ +# new directory for storing sources and .deb files + && tempDir="$(mktemp -d)" \ + && chmod 777 "$tempDir" \ +# (777 to ensure APT's "_apt" user can access it too) + \ +# save list of currently-installed packages so build dependencies can be cleanly removed later + && savedAptMark="$(apt-mark showmanual)" \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + && apt-get update \ + && apt-get build-dep -y %%BUILDTARGET%% \ + && ( \ + cd "$tempDir" \ + && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile %%BUILDTARGET%% \ + ) \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + && apt-mark showmanual | xargs apt-mark auto > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + && ls -lAFh "$tempDir" \ + && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ + && grep '^Package: ' "$tempDir/Packages" \ + && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + && apt-get -o Acquire::GzipIndexes=false update \ + ;; \ + esac \ + \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + $nginxPackages \ + gettext-base \ + curl \ + && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then \ + apt-get purge -y --auto-remove \ + && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index a7709d58..0990cc61 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -50,6 +50,12 @@ join() { } for version in "${versions[@]}"; do + debian_otel= + alpine_otel= + if [ "$version" = "mainline" ]; then + debian_otel="debian-otel" + alpine_otel="alpine-otel" + fi commit="$(dirCommit "$version/$base")" fullVersion="$(git show "$commit":"$version/$base/Dockerfile" | awk '$1 == "ENV" && $2 == "NGINX_VERSION" { print $3; exit }')" @@ -88,6 +94,23 @@ for version in "${versions[@]}"; do EOE done + for variant in $debian_otel; do + commit="$(dirCommit "$version/$variant")" + + variantAliases=( "${versionAliases[@]/%/-otel}" ) + variantAliases+=( "${versionAliases[@]/%/-${variant/debian/$debianVersion}}" ) + variantAliases=( "${variantAliases[@]//latest-/}" ) + + echo + cat <<-EOE + Tags: $(join ', ' "${variantAliases[@]}") + Architectures: amd64, arm64v8 + GitCommit: $commit + Directory: $version/$variant + EOE + done + + alpineVersion="$(git show "$commit":"$version/alpine-slim/Dockerfile" | awk -F: '$1 == "FROM alpine" { print $2; exit }')" for variant in alpine alpine-perl alpine-slim; do @@ -106,4 +129,20 @@ for version in "${versions[@]}"; do EOE done + for variant in $alpine_otel; do + commit="$(dirCommit "$version/$variant")" + + variantAliases=( "${versionAliases[@]/%/-$variant}" ) + variantAliases+=( "${versionAliases[@]/%/-${variant/alpine/alpine$alpineVersion}}" ) + variantAliases=( "${variantAliases[@]//latest-/}" ) + + echo + cat <<-EOE + Tags: $(join ', ' "${variantAliases[@]}") + Architectures: amd64, arm64v8 + GitCommit: $commit + Directory: $version/$variant + EOE + done + done diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile new file mode 100644 index 00000000..714113c9 --- /dev/null +++ b/mainline/alpine-otel/Dockerfile @@ -0,0 +1,87 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# +FROM nginx:1.25.4-alpine + +ENV OTEL_VERSION 0.1.0 + +RUN set -x \ + && apkArch="$(cat /etc/apk/arch)" \ + && nginxPackages=" \ + nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ + nginx-module-otel=${NGINX_VERSION}.${OTEL_VERSION}-r${PKG_RELEASE} \ + " \ +# install prerequisites for public key and pkg-oss checks + && apk add --no-cache --virtual .checksum-deps \ + openssl \ + && case "$apkArch" in \ + x86_64|aarch64) \ +# arches officially built by upstream + set -x \ + && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ + && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ + && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ + echo "key verification succeeded!"; \ + mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ + else \ + echo "key verification failed!"; \ + exit 1; \ + fi \ + && apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published packaging sources + set -x \ + && tempDir="$(mktemp -d)" \ + && chown nobody:nobody $tempDir \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre2-dev \ + zlib-dev \ + linux-headers \ + cmake \ + bash \ + alpine-sdk \ + findutils \ + xz \ + re2-dev \ + c-ares-dev \ + && su nobody -s /bin/sh -c " \ + export HOME=${tempDir} \ + && cd ${tempDir} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"79bf214256bf55700c776a87abfc3cf542323a267d879e89110aa44b551d12f6df7d56676a68f255ebbb54275185980d1fa37075f000d98e0ecac28db9e89fe3 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + echo \"pkg-oss tarball checksum verification succeeded!\"; \ + else \ + echo \"pkg-oss tarball checksum verification failed!\"; \ + exit 1; \ + fi \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && cd alpine \ + && make module-otel \ + && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ + " \ + && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ + && apk del --no-network .build-deps \ + && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ + ;; \ + esac \ +# remove checksum deps + && apk del --no-network .checksum-deps \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile new file mode 100644 index 00000000..8fbf2a30 --- /dev/null +++ b/mainline/debian-otel/Dockerfile @@ -0,0 +1,95 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# +FROM nginx:1.25.4 + +ENV OTEL_VERSION 0.1.0 + +RUN set -x \ + && apt-get update \ + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ + && \ + NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + export GNUPGHOME="$(mktemp -d)"; \ + found=''; \ + for server in \ + hkp://keyserver.ubuntu.com:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ + gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ + rm -rf "$GNUPGHOME"; \ + apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ + && dpkgArch="$(dpkg --print-architecture)" \ + && nginxPackages=" \ + nginx=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ + nginx-module-otel=${NGINX_VERSION}+${OTEL_VERSION}-${PKG_RELEASE} \ + " \ + && case "$dpkgArch" in \ + amd64|arm64) \ +# arches officialy built by upstream + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ + && apt-get update \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published source packages + echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ + \ +# new directory for storing sources and .deb files + && tempDir="$(mktemp -d)" \ + && chmod 777 "$tempDir" \ +# (777 to ensure APT's "_apt" user can access it too) + \ +# save list of currently-installed packages so build dependencies can be cleanly removed later + && savedAptMark="$(apt-mark showmanual)" \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + && apt-get update \ + && apt-get build-dep -y nginx-module-otel \ + && ( \ + cd "$tempDir" \ + && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile nginx-module-otel \ + ) \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + && apt-mark showmanual | xargs apt-mark auto > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + && ls -lAFh "$tempDir" \ + && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ + && grep '^Package: ' "$tempDir/Packages" \ + && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + && apt-get -o Acquire::GzipIndexes=false update \ + ;; \ + esac \ + \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + $nginxPackages \ + gettext-base \ + curl \ + && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then \ + apt-get purge -y --auto-remove \ + && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi diff --git a/update.sh b/update.sh index cb562666..40449e1e 100755 --- a/update.sh +++ b/update.sh @@ -22,6 +22,12 @@ declare -A njs=( [stable]='0.8.0' ) +# Current otel versions +declare -A otel=( + [mainline]='0.1.0' + [stable]='0.1.0' +) + # Current package patchlevel version # Remember to update pkgosschecksum when changing this. declare -A pkg=( @@ -61,6 +67,8 @@ get_packages() { shift local branch="$1" shift + local bn="" + local otel= local perl= local r= local sep= @@ -81,6 +89,13 @@ get_packages() { ;; esac + case "$distro:$branch" in + *-otel:mainline) + otel="nginx-module-otel" + bn="\n" + ;; + esac + echo -n ' \\\n' case "$distro" in *-slim) @@ -93,16 +108,21 @@ get_packages() { echo -n ' '"$p"'=${NGINX_VERSION}-'"$r"'${PKG_RELEASE} \\\n' done for p in nginx-module-njs; do - echo -n ' '"$p"'=${NGINX_VERSION}'"$sep"'${NJS_VERSION}-'"$r"'${PKG_RELEASE} \\' + echo -n ' '"$p"'=${NGINX_VERSION}'"$sep"'${NJS_VERSION}-'"$r"'${PKG_RELEASE} \\'"$bn" + done + for p in $otel; do + echo -n ' '"$p"'=${NGINX_VERSION}'"$sep"'${OTEL_VERSION}-'"$r"'${PKG_RELEASE} \\' done ;; esac } get_packagerepo() { - local distro="${1%-perl}" - distro="${distro%-slim}" + local distro="$1" shift + distro="${distro%-perl}" + distro="${distro%-otel}" + distro="${distro%-slim}" local branch="$1" shift @@ -112,8 +132,11 @@ get_packagerepo() { } get_packagever() { - local distro="${1%-perl}" + local distro="$1" shift + distro="${distro%-perl}" + distro="${distro%-otel}" + distro="${distro%-slim}" local branch="$1" shift local suffix= @@ -125,6 +148,7 @@ get_packagever() { get_buildtarget() { local distro="$1" + shift case "$distro" in alpine-slim) echo base @@ -132,6 +156,9 @@ get_buildtarget() { alpine-perl) echo module-perl ;; + alpine-otel) + echo module-otel + ;; alpine) echo module-geoip module-image-filter module-njs module-xslt ;; @@ -141,6 +168,9 @@ get_buildtarget() { debian-perl) echo "nginx-module-perl=\${NGINX_VERSION}-\${PKG_RELEASE}" ;; + debian-otel) + echo "nginx-module-otel" + ;; esac } @@ -156,8 +186,8 @@ __EOF__ for branch in "${branches[@]}"; do for variant in \ - alpine{,-perl,-slim} \ - debian{,-perl}; do + alpine{,-perl,-otel,-slim} \ + debian{,-perl,-otel}; do echo "$branch: $variant dockerfiles" dir="$branch/$variant" variant="$(basename "$variant")" @@ -174,6 +204,7 @@ for branch in "${branches[@]}"; do alpinever="${alpine[$branch]}" nginxver="${nginx[$branch]}" njsver="${njs[${branch}]}" + otelver="${otel[${branch}]}" revver="${rev[${branch}]}" pkgosschecksumver="${pkgosschecksum[${branch}]}" @@ -187,6 +218,7 @@ for branch in "${branches[@]}"; do -e 's,%%DEBIAN_VERSION%%,'"$debianver"',' \ -e 's,%%NGINX_VERSION%%,'"$nginxver"',' \ -e 's,%%NJS_VERSION%%,'"$njsver"',' \ + -e 's,%%OTEL_VERSION%%,'"$otelver"',' \ -e 's,%%PKG_RELEASE%%,'"$packagever"',' \ -e 's,%%PACKAGES%%,'"$packages"',' \ -e 's,%%PACKAGEREPO%%,'"$packagerepo"',' \ From 29d5001c15e7a2c7b34402c35254cc55199f8cc8 Mon Sep 17 00:00:00 2001 From: oxpa Date: Tue, 16 Apr 2024 18:12:08 +0100 Subject: [PATCH 303/377] Updated mainline to 1.25.5. --- mainline/alpine-otel/Dockerfile | 4 ++-- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 6 +++--- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-otel/Dockerfile | 2 +- mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 4 ++-- update.sh | 8 ++++---- 8 files changed, 18 insertions(+), 18 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index 714113c9..f7460dcb 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.4-alpine +FROM nginx:1.25.5-alpine ENV OTEL_VERSION 0.1.0 @@ -60,7 +60,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"79bf214256bf55700c776a87abfc3cf542323a267d879e89110aa44b551d12f6df7d56676a68f255ebbb54275185980d1fa37075f000d98e0ecac28db9e89fe3 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"74000f32ab250be492a8ae4d408cd63a4c422f4f0af84689973a2844fceeb8a3e7e12b04d7c6dac0f993d7102d920a5f60e6f49be23ce4093f48a8eb1ae36ce5 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index b500d17f..5ded6192 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.4-alpine +FROM nginx:1.25.5-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -55,7 +55,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"79bf214256bf55700c776a87abfc3cf542323a267d879e89110aa44b551d12f6df7d56676a68f255ebbb54275185980d1fa37075f000d98e0ecac28db9e89fe3 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"74000f32ab250be492a8ae4d408cd63a4c422f4f0af84689973a2844fceeb8a3e7e12b04d7c6dac0f993d7102d920a5f60e6f49be23ce4093f48a8eb1ae36ce5 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 2cdb70e1..d867eb42 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -3,11 +3,11 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.18 +FROM alpine:3.19 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.25.4 +ENV NGINX_VERSION 1.25.5 ENV PKG_RELEASE 1 RUN set -x \ @@ -57,7 +57,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"79bf214256bf55700c776a87abfc3cf542323a267d879e89110aa44b551d12f6df7d56676a68f255ebbb54275185980d1fa37075f000d98e0ecac28db9e89fe3 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"74000f32ab250be492a8ae4d408cd63a4c422f4f0af84689973a2844fceeb8a3e7e12b04d7c6dac0f993d7102d920a5f60e6f49be23ce4093f48a8eb1ae36ce5 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index b3ee8c0a..fba7100e 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.4-alpine-slim +FROM nginx:1.25.5-alpine-slim -ENV NJS_VERSION 0.8.3 +ENV NJS_VERSION 0.8.4 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"79bf214256bf55700c776a87abfc3cf542323a267d879e89110aa44b551d12f6df7d56676a68f255ebbb54275185980d1fa37075f000d98e0ecac28db9e89fe3 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"74000f32ab250be492a8ae4d408cd63a4c422f4f0af84689973a2844fceeb8a3e7e12b04d7c6dac0f993d7102d920a5f60e6f49be23ce4093f48a8eb1ae36ce5 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 8fbf2a30..d093409e 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.4 +FROM nginx:1.25.5 ENV OTEL_VERSION 0.1.0 diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 28d8d826..23726678 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.4 +FROM nginx:1.25.5 RUN set -x \ && apt-get update \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 48b78ba4..22ad7980 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.25.4 -ENV NJS_VERSION 0.8.3 +ENV NGINX_VERSION 1.25.5 +ENV NJS_VERSION 0.8.4 ENV PKG_RELEASE 1~bookworm RUN set -x \ diff --git a/update.sh b/update.sh index 40449e1e..cc712379 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.25.4' + [mainline]='1.25.5' [stable]='1.24.0' ) # Current njs versions declare -A njs=( - [mainline]='0.8.3' + [mainline]='0.8.4' [stable]='0.8.0' ) @@ -41,7 +41,7 @@ declare -A debian=( ) declare -A alpine=( - [mainline]='3.18' + [mainline]='3.19' [stable]='3.18' ) @@ -58,7 +58,7 @@ declare -A rev=( # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='79bf214256bf55700c776a87abfc3cf542323a267d879e89110aa44b551d12f6df7d56676a68f255ebbb54275185980d1fa37075f000d98e0ecac28db9e89fe3' + [mainline]='74000f32ab250be492a8ae4d408cd63a4c422f4f0af84689973a2844fceeb8a3e7e12b04d7c6dac0f993d7102d920a5f60e6f49be23ce4093f48a8eb1ae36ce5' [stable]='4f33347bf05e7d7dd42a52b6e7af7ec21e3ed71df05a8ec16dd1228425f04e4318d88b1340370ccb6ad02cde590fc102094ddffbb1fc86d2085295a43f02f67b' ) From 308c492bfaec8ffb73eb7508395165b92113fe47 Mon Sep 17 00:00:00 2001 From: Jesper Noordsij Date: Thu, 7 Dec 2023 11:18:15 +0100 Subject: [PATCH 304/377] Update mainline to Alpine 3.19 --- stable/alpine-slim/Dockerfile | 2 +- update.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 8d59f1bb..90d0cf28 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.18 +FROM alpine:3.19 LABEL maintainer="NGINX Docker Maintainers " diff --git a/update.sh b/update.sh index cc712379..cd9ade25 100755 --- a/update.sh +++ b/update.sh @@ -42,7 +42,7 @@ declare -A debian=( declare -A alpine=( [mainline]='3.19' - [stable]='3.18' + [stable]='3.19' ) # When we bump njs version in a stable release we don't move the tag in the From b7a32965681b02a7d0e18425333328df4cd48652 Mon Sep 17 00:00:00 2001 From: Orgad Shaneh Date: Thu, 21 Mar 2024 12:33:30 +0200 Subject: [PATCH 305/377] Keep repo key registered in alpine, and simplify Dockerfiles In debian image, the key is not deleted. This can also be used in user images to install packages directly. --- Dockerfile-alpine-otel.template | 15 ++------------- Dockerfile-alpine-perl.template | 15 ++------------- Dockerfile-alpine-slim.template | 1 - Dockerfile-alpine.template | 13 +------------ Dockerfile-debian-otel.template | 21 ++------------------- Dockerfile-debian-perl.template | 21 ++------------------- mainline/alpine-otel/Dockerfile | 15 ++------------- mainline/alpine-perl/Dockerfile | 15 ++------------- mainline/alpine-slim/Dockerfile | 1 - mainline/alpine/Dockerfile | 13 +------------ mainline/debian-otel/Dockerfile | 21 ++------------------- mainline/debian-perl/Dockerfile | 21 ++------------------- stable/alpine-perl/Dockerfile | 15 ++------------- stable/alpine-slim/Dockerfile | 1 - stable/alpine/Dockerfile | 13 +------------ stable/debian-perl/Dockerfile | 21 ++------------------- 16 files changed, 23 insertions(+), 199 deletions(-) diff --git a/Dockerfile-alpine-otel.template b/Dockerfile-alpine-otel.template index 743c532c..7090e4fd 100644 --- a/Dockerfile-alpine-otel.template +++ b/Dockerfile-alpine-otel.template @@ -12,17 +12,7 @@ RUN set -x \ && case "$apkArch" in \ x86_64|aarch64) \ # arches officially built by upstream - set -x \ - && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ - && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ - echo "key verification succeeded!"; \ - mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ - else \ - echo "key verification failed!"; \ - exit 1; \ - fi \ - && apk add -X "%%PACKAGEREPO%%v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + apk add -X "%%PACKAGEREPO%%v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for @@ -72,5 +62,4 @@ RUN set -x \ && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi diff --git a/Dockerfile-alpine-perl.template b/Dockerfile-alpine-perl.template index d892f81b..9c87b72c 100644 --- a/Dockerfile-alpine-perl.template +++ b/Dockerfile-alpine-perl.template @@ -10,17 +10,7 @@ RUN set -x \ && case "$apkArch" in \ x86_64|aarch64) \ # arches officially built by upstream - set -x \ - && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ - && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ - echo "key verification succeeded!"; \ - mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ - else \ - echo "key verification failed!"; \ - exit 1; \ - fi \ - && apk add -X "%%PACKAGEREPO%%v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + apk add -X "%%PACKAGEREPO%%v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for @@ -67,5 +57,4 @@ RUN set -x \ && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template index a5078971..e6809e87 100644 --- a/Dockerfile-alpine-slim.template +++ b/Dockerfile-alpine-slim.template @@ -75,7 +75,6 @@ RUN set -x \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in gettext so we can get `envsubst`, then throw # the rest away. To do this, we need to install `gettext` # then move `envsubst` out of the way so `gettext` can diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 148d4ff2..f64222bb 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -12,17 +12,7 @@ RUN set -x \ && case "$apkArch" in \ x86_64|aarch64) \ # arches officially built by upstream - set -x \ - && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ - && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ - echo "key verification succeeded!"; \ - mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ - else \ - echo "key verification failed!"; \ - exit 1; \ - fi \ - && apk add -X "%%PACKAGEREPO%%v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + apk add -X "%%PACKAGEREPO%%v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for @@ -73,6 +63,5 @@ RUN set -x \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in curl and ca-certificates to make registering on DNS SD easier && apk add --no-cache curl ca-certificates diff --git a/Dockerfile-debian-otel.template b/Dockerfile-debian-otel.template index 2cc519b7..dff7acc0 100644 --- a/Dockerfile-debian-otel.template +++ b/Dockerfile-debian-otel.template @@ -2,26 +2,9 @@ FROM nginx:%%NGINX_VERSION%% ENV OTEL_VERSION %%OTEL_VERSION%% -RUN set -x \ - && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ - && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ +RUN set -x; \ NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ - export GNUPGHOME="$(mktemp -d)"; \ - found=''; \ - for server in \ - hkp://keyserver.ubuntu.com:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ - rm -rf "$GNUPGHOME"; \ - apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ - && dpkgArch="$(dpkg --print-architecture)" \ + dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages="%%PACKAGES%% " \ && case "$dpkgArch" in \ diff --git a/Dockerfile-debian-perl.template b/Dockerfile-debian-perl.template index 38b65598..43099656 100644 --- a/Dockerfile-debian-perl.template +++ b/Dockerfile-debian-perl.template @@ -1,25 +1,8 @@ FROM nginx:%%NGINX_VERSION%% -RUN set -x \ - && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ - && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ +RUN set -x; \ NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ - export GNUPGHOME="$(mktemp -d)"; \ - found=''; \ - for server in \ - hkp://keyserver.ubuntu.com:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ - rm -rf "$GNUPGHOME"; \ - apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ - && dpkgArch="$(dpkg --print-architecture)" \ + dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages="%%PACKAGES%% " \ && case "$dpkgArch" in \ diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index f7460dcb..b42f7959 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -23,17 +23,7 @@ RUN set -x \ && case "$apkArch" in \ x86_64|aarch64) \ # arches officially built by upstream - set -x \ - && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ - && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ - echo "key verification succeeded!"; \ - mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ - else \ - echo "key verification failed!"; \ - exit 1; \ - fi \ - && apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for @@ -83,5 +73,4 @@ RUN set -x \ && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 5ded6192..d108211a 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -21,17 +21,7 @@ RUN set -x \ && case "$apkArch" in \ x86_64|aarch64) \ # arches officially built by upstream - set -x \ - && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ - && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ - echo "key verification succeeded!"; \ - mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ - else \ - echo "key verification failed!"; \ - exit 1; \ - fi \ - && apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for @@ -78,5 +68,4 @@ RUN set -x \ && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index d867eb42..8c2a221d 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -81,7 +81,6 @@ RUN set -x \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in gettext so we can get `envsubst`, then throw # the rest away. To do this, we need to install `gettext` # then move `envsubst` out of the way so `gettext` can diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index fba7100e..a90a2c52 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -22,17 +22,7 @@ RUN set -x \ && case "$apkArch" in \ x86_64|aarch64) \ # arches officially built by upstream - set -x \ - && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ - && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ - echo "key verification succeeded!"; \ - mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ - else \ - echo "key verification failed!"; \ - exit 1; \ - fi \ - && apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for @@ -83,6 +73,5 @@ RUN set -x \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in curl and ca-certificates to make registering on DNS SD easier && apk add --no-cache curl ca-certificates diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index d093409e..a9f21192 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -7,26 +7,9 @@ FROM nginx:1.25.5 ENV OTEL_VERSION 0.1.0 -RUN set -x \ - && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ - && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ +RUN set -x; \ NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ - export GNUPGHOME="$(mktemp -d)"; \ - found=''; \ - for server in \ - hkp://keyserver.ubuntu.com:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ - rm -rf "$GNUPGHOME"; \ - apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ - && dpkgArch="$(dpkg --print-architecture)" \ + dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 23726678..8e3c9959 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -5,26 +5,9 @@ # FROM nginx:1.25.5 -RUN set -x \ - && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ - && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ +RUN set -x; \ NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ - export GNUPGHOME="$(mktemp -d)"; \ - found=''; \ - for server in \ - hkp://keyserver.ubuntu.com:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ - rm -rf "$GNUPGHOME"; \ - apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ - && dpkgArch="$(dpkg --print-architecture)" \ + dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index a70cca17..3515f3a9 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -21,17 +21,7 @@ RUN set -x \ && case "$apkArch" in \ x86_64|aarch64) \ # arches officially built by upstream - set -x \ - && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ - && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ - echo "key verification succeeded!"; \ - mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ - else \ - echo "key verification failed!"; \ - exit 1; \ - fi \ - && apk add -X "https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + apk add -X "https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for @@ -78,5 +68,4 @@ RUN set -x \ && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 90d0cf28..6bdfc433 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -81,7 +81,6 @@ RUN set -x \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in gettext so we can get `envsubst`, then throw # the rest away. To do this, we need to install `gettext` # then move `envsubst` out of the way so `gettext` can diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index fbe85c5c..2025ea0e 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -22,17 +22,7 @@ RUN set -x \ && case "$apkArch" in \ x86_64|aarch64) \ # arches officially built by upstream - set -x \ - && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ - && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ - echo "key verification succeeded!"; \ - mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ - else \ - echo "key verification failed!"; \ - exit 1; \ - fi \ - && apk add -X "https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + apk add -X "https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for @@ -83,6 +73,5 @@ RUN set -x \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in curl and ca-certificates to make registering on DNS SD easier && apk add --no-cache curl ca-certificates diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index e485478c..0e35589b 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -5,26 +5,9 @@ # FROM nginx:1.24.0 -RUN set -x \ - && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ - && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ +RUN set -x; \ NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ - export GNUPGHOME="$(mktemp -d)"; \ - found=''; \ - for server in \ - hkp://keyserver.ubuntu.com:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ - rm -rf "$GNUPGHOME"; \ - apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ - && dpkgArch="$(dpkg --print-architecture)" \ + dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ From ed439d2266cee6304339d50c5fe33d8f87f6eb37 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Apr 2024 12:59:29 -0700 Subject: [PATCH 306/377] Updated stable nginx to 1.26.0 and moved to bookworm. This also adds otel module to stable images. --- stable/alpine-otel/Dockerfile | 87 ++++++++++++++++++++++++++++++++ stable/alpine-perl/Dockerfile | 12 ++--- stable/alpine-slim/Dockerfile | 12 ++--- stable/alpine/Dockerfile | 14 +++--- stable/debian-otel/Dockerfile | 95 +++++++++++++++++++++++++++++++++++ stable/debian-perl/Dockerfile | 6 +-- stable/debian/Dockerfile | 12 ++--- update.sh | 15 +++--- 8 files changed, 216 insertions(+), 37 deletions(-) create mode 100644 stable/alpine-otel/Dockerfile create mode 100644 stable/debian-otel/Dockerfile diff --git a/stable/alpine-otel/Dockerfile b/stable/alpine-otel/Dockerfile new file mode 100644 index 00000000..af9951c1 --- /dev/null +++ b/stable/alpine-otel/Dockerfile @@ -0,0 +1,87 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# +FROM nginx:1.26.0-alpine + +ENV OTEL_VERSION 0.1.0 + +RUN set -x \ + && apkArch="$(cat /etc/apk/arch)" \ + && nginxPackages=" \ + nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ + nginx-module-otel=${NGINX_VERSION}.${OTEL_VERSION}-r${PKG_RELEASE} \ + " \ +# install prerequisites for public key and pkg-oss checks + && apk add --no-cache --virtual .checksum-deps \ + openssl \ + && case "$apkArch" in \ + x86_64|aarch64) \ +# arches officially built by upstream + set -x \ + && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ + && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ + && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ + echo "key verification succeeded!"; \ + mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ + else \ + echo "key verification failed!"; \ + exit 1; \ + fi \ + && apk add -X "https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published packaging sources + set -x \ + && tempDir="$(mktemp -d)" \ + && chown nobody:nobody $tempDir \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre2-dev \ + zlib-dev \ + linux-headers \ + cmake \ + bash \ + alpine-sdk \ + findutils \ + xz \ + re2-dev \ + c-ares-dev \ + && su nobody -s /bin/sh -c " \ + export HOME=${tempDir} \ + && cd ${tempDir} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"f0ee7cef9a6e4aa1923177eb2782577ce61837c22c59bd0c3bd027a0a4dc3a3cdc4a16e95480a075bdee32ae59c0c6385dfadb971f93931fea84976c4a21fceb *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + echo \"pkg-oss tarball checksum verification succeeded!\"; \ + else \ + echo \"pkg-oss tarball checksum verification failed!\"; \ + exit 1; \ + fi \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && cd alpine \ + && make module-otel \ + && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ + " \ + && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ + && apk del --no-network .build-deps \ + && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ + ;; \ + esac \ +# remove checksum deps + && apk del --no-network .checksum-deps \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 3515f3a9..4c4989c2 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.24.0-alpine +FROM nginx:1.26.0-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -44,16 +44,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/e5d85b3424bb.tar.gz \ - && PKGOSSCHECKSUM=\"4f33347bf05e7d7dd42a52b6e7af7ec21e3ed71df05a8ec16dd1228425f04e4318d88b1340370ccb6ad02cde590fc102094ddffbb1fc86d2085295a43f02f67b *e5d85b3424bb.tar.gz\" \ - && if [ \"\$(openssl sha512 -r e5d85b3424bb.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"f0ee7cef9a6e4aa1923177eb2782577ce61837c22c59bd0c3bd027a0a4dc3a3cdc4a16e95480a075bdee32ae59c0c6385dfadb971f93931fea84976c4a21fceb *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf e5d85b3424bb.tar.gz \ - && cd pkg-oss-e5d85b3424bb \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 6bdfc433..de34e10a 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.19 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.24.0 +ENV NGINX_VERSION 1.26.0 ENV PKG_RELEASE 1 RUN set -x \ @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/e5d85b3424bb.tar.gz \ - && PKGOSSCHECKSUM=\"4f33347bf05e7d7dd42a52b6e7af7ec21e3ed71df05a8ec16dd1228425f04e4318d88b1340370ccb6ad02cde590fc102094ddffbb1fc86d2085295a43f02f67b *e5d85b3424bb.tar.gz\" \ - && if [ \"\$(openssl sha512 -r e5d85b3424bb.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"f0ee7cef9a6e4aa1923177eb2782577ce61837c22c59bd0c3bd027a0a4dc3a3cdc4a16e95480a075bdee32ae59c0c6385dfadb971f93931fea84976c4a21fceb *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf e5d85b3424bb.tar.gz \ - && cd pkg-oss-e5d85b3424bb \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 2025ea0e..1a664de8 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.24.0-alpine-slim +FROM nginx:1.26.0-alpine-slim -ENV NJS_VERSION 0.8.0 +ENV NJS_VERSION 0.8.4 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -48,16 +48,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/e5d85b3424bb.tar.gz \ - && PKGOSSCHECKSUM=\"4f33347bf05e7d7dd42a52b6e7af7ec21e3ed71df05a8ec16dd1228425f04e4318d88b1340370ccb6ad02cde590fc102094ddffbb1fc86d2085295a43f02f67b *e5d85b3424bb.tar.gz\" \ - && if [ \"\$(openssl sha512 -r e5d85b3424bb.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"f0ee7cef9a6e4aa1923177eb2782577ce61837c22c59bd0c3bd027a0a4dc3a3cdc4a16e95480a075bdee32ae59c0c6385dfadb971f93931fea84976c4a21fceb *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf e5d85b3424bb.tar.gz \ - && cd pkg-oss-e5d85b3424bb \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian-otel/Dockerfile b/stable/debian-otel/Dockerfile new file mode 100644 index 00000000..62a7f273 --- /dev/null +++ b/stable/debian-otel/Dockerfile @@ -0,0 +1,95 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# +FROM nginx:1.26.0 + +ENV OTEL_VERSION 0.1.0 + +RUN set -x \ + && apt-get update \ + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ + && \ + NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + export GNUPGHOME="$(mktemp -d)"; \ + found=''; \ + for server in \ + hkp://keyserver.ubuntu.com:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ + gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ + rm -rf "$GNUPGHOME"; \ + apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ + && dpkgArch="$(dpkg --print-architecture)" \ + && nginxPackages=" \ + nginx=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ + nginx-module-otel=${NGINX_VERSION}+${OTEL_VERSION}-${PKG_RELEASE} \ + " \ + && case "$dpkgArch" in \ + amd64|arm64) \ +# arches officialy built by upstream + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ + && apt-get update \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published source packages + echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ + \ +# new directory for storing sources and .deb files + && tempDir="$(mktemp -d)" \ + && chmod 777 "$tempDir" \ +# (777 to ensure APT's "_apt" user can access it too) + \ +# save list of currently-installed packages so build dependencies can be cleanly removed later + && savedAptMark="$(apt-mark showmanual)" \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + && apt-get update \ + && apt-get build-dep -y nginx-module-otel \ + && ( \ + cd "$tempDir" \ + && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile nginx-module-otel \ + ) \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + && apt-mark showmanual | xargs apt-mark auto > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + && ls -lAFh "$tempDir" \ + && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ + && grep '^Package: ' "$tempDir/Packages" \ + && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + && apt-get -o Acquire::GzipIndexes=false update \ + ;; \ + esac \ + \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + $nginxPackages \ + gettext-base \ + curl \ + && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then \ + apt-get purge -y --auto-remove \ + && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 0e35589b..c7e0fdd6 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.24.0 +FROM nginx:1.26.0 RUN set -x; \ NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ @@ -19,13 +19,13 @@ RUN set -x; \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 56ae3684..b19556df 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -3,13 +3,13 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM debian:bullseye-slim +FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.24.0 -ENV NJS_VERSION 0.8.0 -ENV PKG_RELEASE 1~bullseye +ENV NGINX_VERSION 1.26.0 +ENV NJS_VERSION 0.8.4 +ENV PKG_RELEASE 1~bookworm RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -44,13 +44,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ diff --git a/update.sh b/update.sh index cd9ade25..70dd71f4 100755 --- a/update.sh +++ b/update.sh @@ -13,13 +13,13 @@ declare branches=( # Remember to update pkgosschecksum when changing this. declare -A nginx=( [mainline]='1.25.5' - [stable]='1.24.0' + [stable]='1.26.0' ) # Current njs versions declare -A njs=( [mainline]='0.8.4' - [stable]='0.8.0' + [stable]='0.8.4' ) # Current otel versions @@ -37,7 +37,7 @@ declare -A pkg=( declare -A debian=( [mainline]='bookworm' - [stable]='bullseye' + [stable]='bookworm' ) declare -A alpine=( @@ -51,7 +51,7 @@ declare -A alpine=( # Remember to update pkgosschecksum when changing this. declare -A rev=( [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' - [stable]='e5d85b3424bb' + [stable]='${NGINX_VERSION}-${PKG_RELEASE}' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code @@ -59,7 +59,7 @@ declare -A rev=( # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( [mainline]='74000f32ab250be492a8ae4d408cd63a4c422f4f0af84689973a2844fceeb8a3e7e12b04d7c6dac0f993d7102d920a5f60e6f49be23ce4093f48a8eb1ae36ce5' - [stable]='4f33347bf05e7d7dd42a52b6e7af7ec21e3ed71df05a8ec16dd1228425f04e4318d88b1340370ccb6ad02cde590fc102094ddffbb1fc86d2085295a43f02f67b' + [stable]='f0ee7cef9a6e4aa1923177eb2782577ce61837c22c59bd0c3bd027a0a4dc3a3cdc4a16e95480a075bdee32ae59c0c6385dfadb971f93931fea84976c4a21fceb' ) get_packages() { @@ -87,10 +87,7 @@ get_packages() { *-perl) perl="nginx-module-perl" ;; - esac - - case "$distro:$branch" in - *-otel:mainline) + *-otel) otel="nginx-module-otel" bn="\n" ;; From 435f9c2a06cf2d5fd65767d2f0696b9c988b814b Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Apr 2024 13:04:31 -0700 Subject: [PATCH 307/377] generate-stackbrew-library: moved stable to 1.26 With that, added otel tags for stable, too. --- generate-stackbrew-library.sh | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 0990cc61..aadcf07e 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -4,7 +4,7 @@ set -eu declare -A aliases aliases=( [mainline]='1 1.25 latest' - [stable]='1.24' + [stable]='1.26' ) self="$(basename "$BASH_SOURCE")" @@ -50,12 +50,8 @@ join() { } for version in "${versions[@]}"; do - debian_otel= - alpine_otel= - if [ "$version" = "mainline" ]; then - debian_otel="debian-otel" - alpine_otel="alpine-otel" - fi + debian_otel="debian-otel" + alpine_otel="alpine-otel" commit="$(dirCommit "$version/$base")" fullVersion="$(git show "$commit":"$version/$base/Dockerfile" | awk '$1 == "ENV" && $2 == "NGINX_VERSION" { print $3; exit }')" From 56cb1dd64cb83e8f54f4c95a526e526f65703ce9 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Apr 2024 13:05:23 -0700 Subject: [PATCH 308/377] sync-awsecr: moved stable to 1.26. --- sync-awsecr.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sync-awsecr.sh b/sync-awsecr.sh index e35d1807..c9ea9634 100755 --- a/sync-awsecr.sh +++ b/sync-awsecr.sh @@ -7,7 +7,7 @@ registry="public.ecr.aws/z9d2n7e1" declare -A aliases aliases=( [mainline]='1 1.25 latest' - [stable]='1.24' + [stable]='1.26' ) architectures=( amd64 arm64v8 ) From 3fb7e2e6266d5652dabe275dbfd50bdb3418361e Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Apr 2024 13:12:40 -0700 Subject: [PATCH 309/377] Introduce NJS_RELEASE to hold the version for njs package release. This is currently needed for mainline versions to pick up an update njs release (0.8.4-2). --- Dockerfile-alpine.template | 1 + Dockerfile-debian.template | 1 + mainline/alpine-otel/Dockerfile | 12 ++++++------ mainline/alpine-perl/Dockerfile | 12 ++++++------ mainline/alpine-slim/Dockerfile | 10 +++++----- mainline/alpine/Dockerfile | 13 +++++++------ mainline/debian-otel/Dockerfile | 2 +- mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 3 ++- stable/alpine-otel/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 3 ++- stable/debian-otel/Dockerfile | 2 +- stable/debian-perl/Dockerfile | 2 +- stable/debian/Dockerfile | 3 ++- update.sh | 21 ++++++++++++++++----- 16 files changed, 54 insertions(+), 37 deletions(-) diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index f64222bb..8c9d490d 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -1,6 +1,7 @@ FROM nginx:%%NGINX_VERSION%%-alpine-slim ENV NJS_VERSION %%NJS_VERSION%% +ENV NJS_RELEASE %%NJS_RELEASE%% RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 4615a39f..49b298c2 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -4,6 +4,7 @@ LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION %%NGINX_VERSION%% ENV NJS_VERSION %%NJS_VERSION%% +ENV NJS_RELEASE %%NJS_RELEASE%% ENV PKG_RELEASE %%PKG_RELEASE%% RUN set -x \ diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index b42f7959..25b3b95b 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -14,7 +14,7 @@ RUN set -x \ nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ nginx-module-otel=${NGINX_VERSION}.${OTEL_VERSION}-r${PKG_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks @@ -49,16 +49,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"74000f32ab250be492a8ae4d408cd63a4c422f4f0af84689973a2844fceeb8a3e7e12b04d7c6dac0f993d7102d920a5f60e6f49be23ce4093f48a8eb1ae36ce5 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/93ac6e194ad0.tar.gz \ + && PKGOSSCHECKSUM=\"d56d10fbc6a1774e0a000b4322c5f847f8dfdcc3035b21cfd2a4a417ecce46939f39ff39ab865689b60cf6486c3da132aa5a88fa56edaad13d90715affe2daf0 *93ac6e194ad0.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 93ac6e194ad0.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 93ac6e194ad0.tar.gz \ + && cd pkg-oss-93ac6e194ad0 \ && cd alpine \ && make module-otel \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index d108211a..bf4296b1 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -13,7 +13,7 @@ RUN set -x \ nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-perl=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks && apk add --no-cache --virtual .checksum-deps \ @@ -44,16 +44,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"74000f32ab250be492a8ae4d408cd63a4c422f4f0af84689973a2844fceeb8a3e7e12b04d7c6dac0f993d7102d920a5f60e6f49be23ce4093f48a8eb1ae36ce5 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/93ac6e194ad0.tar.gz \ + && PKGOSSCHECKSUM=\"d56d10fbc6a1774e0a000b4322c5f847f8dfdcc3035b21cfd2a4a417ecce46939f39ff39ab865689b60cf6486c3da132aa5a88fa56edaad13d90715affe2daf0 *93ac6e194ad0.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 93ac6e194ad0.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 93ac6e194ad0.tar.gz \ + && cd pkg-oss-93ac6e194ad0 \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 8c2a221d..e164320f 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"74000f32ab250be492a8ae4d408cd63a4c422f4f0af84689973a2844fceeb8a3e7e12b04d7c6dac0f993d7102d920a5f60e6f49be23ce4093f48a8eb1ae36ce5 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/93ac6e194ad0.tar.gz \ + && PKGOSSCHECKSUM=\"d56d10fbc6a1774e0a000b4322c5f847f8dfdcc3035b21cfd2a4a417ecce46939f39ff39ab865689b60cf6486c3da132aa5a88fa56edaad13d90715affe2daf0 *93ac6e194ad0.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 93ac6e194ad0.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 93ac6e194ad0.tar.gz \ + && cd pkg-oss-93ac6e194ad0 \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index a90a2c52..3f3f6cd1 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -6,6 +6,7 @@ FROM nginx:1.25.5-alpine-slim ENV NJS_VERSION 0.8.4 +ENV NJS_RELEASE 2 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -14,7 +15,7 @@ RUN set -x \ nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks && apk add --no-cache --virtual .checksum-deps \ @@ -48,16 +49,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"74000f32ab250be492a8ae4d408cd63a4c422f4f0af84689973a2844fceeb8a3e7e12b04d7c6dac0f993d7102d920a5f60e6f49be23ce4093f48a8eb1ae36ce5 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/93ac6e194ad0.tar.gz \ + && PKGOSSCHECKSUM=\"d56d10fbc6a1774e0a000b4322c5f847f8dfdcc3035b21cfd2a4a417ecce46939f39ff39ab865689b60cf6486c3da132aa5a88fa56edaad13d90715affe2daf0 *93ac6e194ad0.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 93ac6e194ad0.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 93ac6e194ad0.tar.gz \ + && cd pkg-oss-93ac6e194ad0 \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index a9f21192..96f3a702 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -15,7 +15,7 @@ RUN set -x; \ nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ nginx-module-otel=${NGINX_VERSION}+${OTEL_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 8e3c9959..cc01d476 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -14,7 +14,7 @@ RUN set -x; \ nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ " \ && case "$dpkgArch" in \ amd64|arm64) \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 22ad7980..76bce0bc 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -9,6 +9,7 @@ LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.25.5 ENV NJS_VERSION 0.8.4 +ENV NJS_RELEASE 2~bookworm ENV PKG_RELEASE 1~bookworm RUN set -x \ @@ -39,7 +40,7 @@ RUN set -x \ nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ " \ && case "$dpkgArch" in \ amd64|arm64) \ diff --git a/stable/alpine-otel/Dockerfile b/stable/alpine-otel/Dockerfile index af9951c1..a1ead88a 100644 --- a/stable/alpine-otel/Dockerfile +++ b/stable/alpine-otel/Dockerfile @@ -14,7 +14,7 @@ RUN set -x \ nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ nginx-module-otel=${NGINX_VERSION}.${OTEL_VERSION}-r${PKG_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 4c4989c2..9a941e0a 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -13,7 +13,7 @@ RUN set -x \ nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-perl=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks && apk add --no-cache --virtual .checksum-deps \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 1a664de8..132b71d6 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -6,6 +6,7 @@ FROM nginx:1.26.0-alpine-slim ENV NJS_VERSION 0.8.4 +ENV NJS_RELEASE 1 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -14,7 +15,7 @@ RUN set -x \ nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks && apk add --no-cache --virtual .checksum-deps \ diff --git a/stable/debian-otel/Dockerfile b/stable/debian-otel/Dockerfile index 62a7f273..d9697693 100644 --- a/stable/debian-otel/Dockerfile +++ b/stable/debian-otel/Dockerfile @@ -32,7 +32,7 @@ RUN set -x \ nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ nginx-module-otel=${NGINX_VERSION}+${OTEL_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index c7e0fdd6..0c8edc13 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -14,7 +14,7 @@ RUN set -x; \ nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ " \ && case "$dpkgArch" in \ amd64|arm64) \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index b19556df..3b1c1438 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -9,6 +9,7 @@ LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.26.0 ENV NJS_VERSION 0.8.4 +ENV NJS_RELEASE 1~bookworm ENV PKG_RELEASE 1~bookworm RUN set -x \ @@ -39,7 +40,7 @@ RUN set -x \ nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ " \ && case "$dpkgArch" in \ amd64|arm64) \ diff --git a/update.sh b/update.sh index 70dd71f4..1249f91a 100755 --- a/update.sh +++ b/update.sh @@ -22,6 +22,13 @@ declare -A njs=( [stable]='0.8.4' ) +# Current njs patchlevel version +# Remember to update pkgosschecksum when changing this. +declare -A njspkg=( + [mainline]='2' + [stable]='1' +) + # Current otel versions declare -A otel=( [mainline]='0.1.0' @@ -50,7 +57,7 @@ declare -A alpine=( # when building alpine packages on architectures not supported by nginx.org # Remember to update pkgosschecksum when changing this. declare -A rev=( - [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' + [mainline]='93ac6e194ad0' [stable]='${NGINX_VERSION}-${PKG_RELEASE}' ) @@ -58,7 +65,7 @@ declare -A rev=( # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='74000f32ab250be492a8ae4d408cd63a4c422f4f0af84689973a2844fceeb8a3e7e12b04d7c6dac0f993d7102d920a5f60e6f49be23ce4093f48a8eb1ae36ce5' + [mainline]='d56d10fbc6a1774e0a000b4322c5f847f8dfdcc3035b21cfd2a4a417ecce46939f39ff39ab865689b60cf6486c3da132aa5a88fa56edaad13d90715affe2daf0' [stable]='f0ee7cef9a6e4aa1923177eb2782577ce61837c22c59bd0c3bd027a0a4dc3a3cdc4a16e95480a075bdee32ae59c0c6385dfadb971f93931fea84976c4a21fceb' ) @@ -105,7 +112,7 @@ get_packages() { echo -n ' '"$p"'=${NGINX_VERSION}-'"$r"'${PKG_RELEASE} \\\n' done for p in nginx-module-njs; do - echo -n ' '"$p"'=${NGINX_VERSION}'"$sep"'${NJS_VERSION}-'"$r"'${PKG_RELEASE} \\'"$bn" + echo -n ' '"$p"'=${NGINX_VERSION}'"$sep"'${NJS_VERSION}-'"$r"'${NJS_RELEASE} \\'"$bn" done for p in $otel; do echo -n ' '"$p"'=${NGINX_VERSION}'"$sep"'${OTEL_VERSION}-'"$r"'${PKG_RELEASE} \\' @@ -136,11 +143,13 @@ get_packagever() { distro="${distro%-slim}" local branch="$1" shift + local package="$1" + shift local suffix= [ "${distro}" = "debian" ] && suffix="~${debianver}" - echo ${pkg[$branch]}${suffix} + [ "${package}" = "njs" ] && echo ${njspkg[$branch]}${suffix} || echo ${pkg[$branch]}${suffix} } get_buildtarget() { @@ -207,7 +216,8 @@ for branch in "${branches[@]}"; do packagerepo=$(get_packagerepo "$variant" "$branch") packages=$(get_packages "$variant" "$branch") - packagever=$(get_packagever "$variant" "$branch") + packagever=$(get_packagever "$variant" "$branch" "any") + njspkgver=$(get_packagever "$variant" "$branch" "njs") buildtarget=$(get_buildtarget "$variant") sed -i.bak \ @@ -215,6 +225,7 @@ for branch in "${branches[@]}"; do -e 's,%%DEBIAN_VERSION%%,'"$debianver"',' \ -e 's,%%NGINX_VERSION%%,'"$nginxver"',' \ -e 's,%%NJS_VERSION%%,'"$njsver"',' \ + -e 's,%%NJS_RELEASE%%,'"$njspkgver"',' \ -e 's,%%OTEL_VERSION%%,'"$otelver"',' \ -e 's,%%PKG_RELEASE%%,'"$packagever"',' \ -e 's,%%PACKAGES%%,'"$packages"',' \ From 33588b16913fe91d3a201043b73f3366d15fcce1 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Apr 2024 13:34:32 -0700 Subject: [PATCH 310/377] Updated remaining Dockerfiles after b7a32965681. --- stable/alpine-otel/Dockerfile | 15 ++------------- stable/debian-otel/Dockerfile | 21 ++------------------- 2 files changed, 4 insertions(+), 32 deletions(-) diff --git a/stable/alpine-otel/Dockerfile b/stable/alpine-otel/Dockerfile index a1ead88a..060bd73c 100644 --- a/stable/alpine-otel/Dockerfile +++ b/stable/alpine-otel/Dockerfile @@ -23,17 +23,7 @@ RUN set -x \ && case "$apkArch" in \ x86_64|aarch64) \ # arches officially built by upstream - set -x \ - && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ - && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ - echo "key verification succeeded!"; \ - mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ - else \ - echo "key verification failed!"; \ - exit 1; \ - fi \ - && apk add -X "https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + apk add -X "https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for @@ -83,5 +73,4 @@ RUN set -x \ && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi diff --git a/stable/debian-otel/Dockerfile b/stable/debian-otel/Dockerfile index d9697693..dbe9f4bb 100644 --- a/stable/debian-otel/Dockerfile +++ b/stable/debian-otel/Dockerfile @@ -7,26 +7,9 @@ FROM nginx:1.26.0 ENV OTEL_VERSION 0.1.0 -RUN set -x \ - && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ - && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ +RUN set -x; \ NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ - export GNUPGHOME="$(mktemp -d)"; \ - found=''; \ - for server in \ - hkp://keyserver.ubuntu.com:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ - rm -rf "$GNUPGHOME"; \ - apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ - && dpkgArch="$(dpkg --print-architecture)" \ + dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ From 23bcf128302c8731b1d50e03da63cda31d69ba5f Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Apr 2024 13:36:59 -0700 Subject: [PATCH 311/377] Debian: updated GPG keys dir. Closes: https://github.com/nginxinc/docker-nginx/pull/821 --- Dockerfile-debian.template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 49b298c2..4fe841a6 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -15,7 +15,7 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ - NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ export GNUPGHOME="$(mktemp -d)"; \ found=''; \ for server in \ From 66c0f94b4c764b1a531528e8c242ad94497011f6 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Apr 2024 14:37:04 -0700 Subject: [PATCH 312/377] Updated dockerfiles after 23bcf128302 --- mainline/debian/Dockerfile | 2 +- stable/debian/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 76bce0bc..f0bec38f 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -20,7 +20,7 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ - NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ export GNUPGHOME="$(mktemp -d)"; \ found=''; \ for server in \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 3b1c1438..4a06824e 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -20,7 +20,7 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ - NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ export GNUPGHOME="$(mktemp -d)"; \ found=''; \ for server in \ From 5bf2e65ab9eaa029613e18fc5dfab04693511ed6 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Apr 2024 14:44:57 -0700 Subject: [PATCH 313/377] Updated GPG key dirs in templates missed in 23bcf128302 --- Dockerfile-debian-otel.template | 2 +- Dockerfile-debian-perl.template | 2 +- mainline/debian-otel/Dockerfile | 2 +- mainline/debian-perl/Dockerfile | 2 +- stable/debian-otel/Dockerfile | 2 +- stable/debian-perl/Dockerfile | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Dockerfile-debian-otel.template b/Dockerfile-debian-otel.template index dff7acc0..b1a8a8e2 100644 --- a/Dockerfile-debian-otel.template +++ b/Dockerfile-debian-otel.template @@ -3,7 +3,7 @@ FROM nginx:%%NGINX_VERSION%% ENV OTEL_VERSION %%OTEL_VERSION%% RUN set -x; \ - NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages="%%PACKAGES%% " \ diff --git a/Dockerfile-debian-perl.template b/Dockerfile-debian-perl.template index 43099656..03e801f5 100644 --- a/Dockerfile-debian-perl.template +++ b/Dockerfile-debian-perl.template @@ -1,7 +1,7 @@ FROM nginx:%%NGINX_VERSION%% RUN set -x; \ - NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages="%%PACKAGES%% " \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 96f3a702..51f8c54e 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -8,7 +8,7 @@ FROM nginx:1.25.5 ENV OTEL_VERSION 0.1.0 RUN set -x; \ - NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index cc01d476..4bdba1e6 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -6,7 +6,7 @@ FROM nginx:1.25.5 RUN set -x; \ - NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ diff --git a/stable/debian-otel/Dockerfile b/stable/debian-otel/Dockerfile index dbe9f4bb..2a2ca729 100644 --- a/stable/debian-otel/Dockerfile +++ b/stable/debian-otel/Dockerfile @@ -8,7 +8,7 @@ FROM nginx:1.26.0 ENV OTEL_VERSION 0.1.0 RUN set -x; \ - NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 0c8edc13..ee08af92 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -6,7 +6,7 @@ FROM nginx:1.26.0 RUN set -x; \ - NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ From 3142ac341053ce45b6c5065734084e7e0154a1f2 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 30 Apr 2024 16:26:48 -0700 Subject: [PATCH 314/377] Updated the modules list and versions. (Modsecurity is no longer built & shipped in pkg-oss). --- modules/README.md | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/modules/README.md b/modules/README.md index 887eaa58..e1ff4ba7 100644 --- a/modules/README.md +++ b/modules/README.md @@ -43,27 +43,25 @@ are available from `pkg-oss` repository: ``` /pkg-oss $ LC_ALL=C make -C debian list-all-modules -make: Entering directory '/pkg-oss/debian' auth-spnego 1.1.1-1 brotli 1.0.0-1 encrypted-session 0.09-1 fips-check 0.1-1 -geoip 1.25.1-1 +geoip 1.25.5-1 geoip2 3.4-1 -headers-more 0.34-1 -image-filter 1.25.1-1 -lua 0.10.25-1 -modsecurity 1.0.3-3 -ndk 0.3.2-1 -njs 0.8.0-1 -opentracing 0.29.0-1 -passenger 6.0.18-1 -perl 1.25.1-1 +headers-more 0.35-1 +image-filter 1.25.5-1 +lua 0.10.26-1 +ndk 0.3.3-1 +njs 0.8.4-2 +opentracing 0.33.0-1 +otel 0.1.0-1 +passenger 6.0.19-1 +perl 1.25.5-1 rtmp 1.2.2-1 set-misc 0.33-1 subs-filter 0.6.4-1 -xslt 1.25.1-1 -make: Leaving directory '/pkg-oss/debian' +xslt 1.25.5-1 ``` If you still want to provide your own instructions for a specific module, From 9abe4ae472b3332665fad9b12ee146dc242e775c Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 3 May 2024 12:48:45 -0700 Subject: [PATCH 315/377] Bump njs releases to hopefully fix builds on arm32v5 --- mainline/alpine-otel/Dockerfile | 10 +++++----- mainline/alpine-perl/Dockerfile | 10 +++++----- mainline/alpine-slim/Dockerfile | 10 +++++----- mainline/alpine/Dockerfile | 12 ++++++------ mainline/debian/Dockerfile | 2 +- stable/alpine-otel/Dockerfile | 10 +++++----- stable/alpine-perl/Dockerfile | 10 +++++----- stable/alpine-slim/Dockerfile | 10 +++++----- stable/alpine/Dockerfile | 12 ++++++------ stable/debian/Dockerfile | 2 +- update.sh | 12 ++++++------ 11 files changed, 50 insertions(+), 50 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index 25b3b95b..7e08f87a 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -49,16 +49,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/93ac6e194ad0.tar.gz \ - && PKGOSSCHECKSUM=\"d56d10fbc6a1774e0a000b4322c5f847f8dfdcc3035b21cfd2a4a417ecce46939f39ff39ab865689b60cf6486c3da132aa5a88fa56edaad13d90715affe2daf0 *93ac6e194ad0.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 93ac6e194ad0.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/27357d6c5453.tar.gz \ + && PKGOSSCHECKSUM=\"a80fc5706ad8e98597478b9e041f658375d53d22f7c8004dd16354067a3d48eb4ef234830b697ddf5c45ec57b837237cc11317bcaaa5133ccbe71bce15d969b0 *27357d6c5453.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 27357d6c5453.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 93ac6e194ad0.tar.gz \ - && cd pkg-oss-93ac6e194ad0 \ + && tar xzvf 27357d6c5453.tar.gz \ + && cd pkg-oss-27357d6c5453 \ && cd alpine \ && make module-otel \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index bf4296b1..2c583aad 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -44,16 +44,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/93ac6e194ad0.tar.gz \ - && PKGOSSCHECKSUM=\"d56d10fbc6a1774e0a000b4322c5f847f8dfdcc3035b21cfd2a4a417ecce46939f39ff39ab865689b60cf6486c3da132aa5a88fa56edaad13d90715affe2daf0 *93ac6e194ad0.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 93ac6e194ad0.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/27357d6c5453.tar.gz \ + && PKGOSSCHECKSUM=\"a80fc5706ad8e98597478b9e041f658375d53d22f7c8004dd16354067a3d48eb4ef234830b697ddf5c45ec57b837237cc11317bcaaa5133ccbe71bce15d969b0 *27357d6c5453.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 27357d6c5453.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 93ac6e194ad0.tar.gz \ - && cd pkg-oss-93ac6e194ad0 \ + && tar xzvf 27357d6c5453.tar.gz \ + && cd pkg-oss-27357d6c5453 \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index e164320f..c1bde59c 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/93ac6e194ad0.tar.gz \ - && PKGOSSCHECKSUM=\"d56d10fbc6a1774e0a000b4322c5f847f8dfdcc3035b21cfd2a4a417ecce46939f39ff39ab865689b60cf6486c3da132aa5a88fa56edaad13d90715affe2daf0 *93ac6e194ad0.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 93ac6e194ad0.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/27357d6c5453.tar.gz \ + && PKGOSSCHECKSUM=\"a80fc5706ad8e98597478b9e041f658375d53d22f7c8004dd16354067a3d48eb4ef234830b697ddf5c45ec57b837237cc11317bcaaa5133ccbe71bce15d969b0 *27357d6c5453.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 27357d6c5453.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 93ac6e194ad0.tar.gz \ - && cd pkg-oss-93ac6e194ad0 \ + && tar xzvf 27357d6c5453.tar.gz \ + && cd pkg-oss-27357d6c5453 \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 3f3f6cd1..a1a04700 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -6,7 +6,7 @@ FROM nginx:1.25.5-alpine-slim ENV NJS_VERSION 0.8.4 -ENV NJS_RELEASE 2 +ENV NJS_RELEASE 3 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -49,16 +49,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/93ac6e194ad0.tar.gz \ - && PKGOSSCHECKSUM=\"d56d10fbc6a1774e0a000b4322c5f847f8dfdcc3035b21cfd2a4a417ecce46939f39ff39ab865689b60cf6486c3da132aa5a88fa56edaad13d90715affe2daf0 *93ac6e194ad0.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 93ac6e194ad0.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/27357d6c5453.tar.gz \ + && PKGOSSCHECKSUM=\"a80fc5706ad8e98597478b9e041f658375d53d22f7c8004dd16354067a3d48eb4ef234830b697ddf5c45ec57b837237cc11317bcaaa5133ccbe71bce15d969b0 *27357d6c5453.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 27357d6c5453.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 93ac6e194ad0.tar.gz \ - && cd pkg-oss-93ac6e194ad0 \ + && tar xzvf 27357d6c5453.tar.gz \ + && cd pkg-oss-27357d6c5453 \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index f0bec38f..c2048199 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -9,7 +9,7 @@ LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.25.5 ENV NJS_VERSION 0.8.4 -ENV NJS_RELEASE 2~bookworm +ENV NJS_RELEASE 3~bookworm ENV PKG_RELEASE 1~bookworm RUN set -x \ diff --git a/stable/alpine-otel/Dockerfile b/stable/alpine-otel/Dockerfile index 060bd73c..66923ea1 100644 --- a/stable/alpine-otel/Dockerfile +++ b/stable/alpine-otel/Dockerfile @@ -49,16 +49,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"f0ee7cef9a6e4aa1923177eb2782577ce61837c22c59bd0c3bd027a0a4dc3a3cdc4a16e95480a075bdee32ae59c0c6385dfadb971f93931fea84976c4a21fceb *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/73d6839714a2.tar.gz \ + && PKGOSSCHECKSUM=\"95d513d058493d60cba5a6bb328dc3c3e75ea115cf248a64bd921159e11c6fc87d33c7f058562c584fe440a219b931d53fd66bd4c596244b54287b62979834db *73d6839714a2.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 73d6839714a2.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 73d6839714a2.tar.gz \ + && cd pkg-oss-73d6839714a2 \ && cd alpine \ && make module-otel \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 9a941e0a..9cdf5d0f 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -44,16 +44,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"f0ee7cef9a6e4aa1923177eb2782577ce61837c22c59bd0c3bd027a0a4dc3a3cdc4a16e95480a075bdee32ae59c0c6385dfadb971f93931fea84976c4a21fceb *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/73d6839714a2.tar.gz \ + && PKGOSSCHECKSUM=\"95d513d058493d60cba5a6bb328dc3c3e75ea115cf248a64bd921159e11c6fc87d33c7f058562c584fe440a219b931d53fd66bd4c596244b54287b62979834db *73d6839714a2.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 73d6839714a2.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 73d6839714a2.tar.gz \ + && cd pkg-oss-73d6839714a2 \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index de34e10a..59e0e309 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"f0ee7cef9a6e4aa1923177eb2782577ce61837c22c59bd0c3bd027a0a4dc3a3cdc4a16e95480a075bdee32ae59c0c6385dfadb971f93931fea84976c4a21fceb *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/73d6839714a2.tar.gz \ + && PKGOSSCHECKSUM=\"95d513d058493d60cba5a6bb328dc3c3e75ea115cf248a64bd921159e11c6fc87d33c7f058562c584fe440a219b931d53fd66bd4c596244b54287b62979834db *73d6839714a2.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 73d6839714a2.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 73d6839714a2.tar.gz \ + && cd pkg-oss-73d6839714a2 \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 132b71d6..d7f1f0c5 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -6,7 +6,7 @@ FROM nginx:1.26.0-alpine-slim ENV NJS_VERSION 0.8.4 -ENV NJS_RELEASE 1 +ENV NJS_RELEASE 2 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -49,16 +49,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"f0ee7cef9a6e4aa1923177eb2782577ce61837c22c59bd0c3bd027a0a4dc3a3cdc4a16e95480a075bdee32ae59c0c6385dfadb971f93931fea84976c4a21fceb *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/73d6839714a2.tar.gz \ + && PKGOSSCHECKSUM=\"95d513d058493d60cba5a6bb328dc3c3e75ea115cf248a64bd921159e11c6fc87d33c7f058562c584fe440a219b931d53fd66bd4c596244b54287b62979834db *73d6839714a2.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 73d6839714a2.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 73d6839714a2.tar.gz \ + && cd pkg-oss-73d6839714a2 \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 4a06824e..853e3e60 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -9,7 +9,7 @@ LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.26.0 ENV NJS_VERSION 0.8.4 -ENV NJS_RELEASE 1~bookworm +ENV NJS_RELEASE 2~bookworm ENV PKG_RELEASE 1~bookworm RUN set -x \ diff --git a/update.sh b/update.sh index 1249f91a..1327b708 100755 --- a/update.sh +++ b/update.sh @@ -25,8 +25,8 @@ declare -A njs=( # Current njs patchlevel version # Remember to update pkgosschecksum when changing this. declare -A njspkg=( - [mainline]='2' - [stable]='1' + [mainline]='3' + [stable]='2' ) # Current otel versions @@ -57,16 +57,16 @@ declare -A alpine=( # when building alpine packages on architectures not supported by nginx.org # Remember to update pkgosschecksum when changing this. declare -A rev=( - [mainline]='93ac6e194ad0' - [stable]='${NGINX_VERSION}-${PKG_RELEASE}' + [mainline]='27357d6c5453' + [stable]='73d6839714a2' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='d56d10fbc6a1774e0a000b4322c5f847f8dfdcc3035b21cfd2a4a417ecce46939f39ff39ab865689b60cf6486c3da132aa5a88fa56edaad13d90715affe2daf0' - [stable]='f0ee7cef9a6e4aa1923177eb2782577ce61837c22c59bd0c3bd027a0a4dc3a3cdc4a16e95480a075bdee32ae59c0c6385dfadb971f93931fea84976c4a21fceb' + [mainline]='a80fc5706ad8e98597478b9e041f658375d53d22f7c8004dd16354067a3d48eb4ef234830b697ddf5c45ec57b837237cc11317bcaaa5133ccbe71bce15d969b0' + [stable]='95d513d058493d60cba5a6bb328dc3c3e75ea115cf248a64bd921159e11c6fc87d33c7f058562c584fe440a219b931d53fd66bd4c596244b54287b62979834db' ) get_packages() { From b5e83108e52bfb4aeea4cb533285e58792a2bd40 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 29 May 2024 15:12:21 -0700 Subject: [PATCH 316/377] Updated nginx versions to 1.26.1 and 1.27.0 --- generate-stackbrew-library.sh | 2 +- sync-awsecr.sh | 2 +- update.sh | 18 +++++++++--------- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index aadcf07e..fc42760c 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -3,7 +3,7 @@ set -eu declare -A aliases aliases=( - [mainline]='1 1.25 latest' + [mainline]='1 1.27 latest' [stable]='1.26' ) diff --git a/sync-awsecr.sh b/sync-awsecr.sh index c9ea9634..0e7cfffa 100755 --- a/sync-awsecr.sh +++ b/sync-awsecr.sh @@ -6,7 +6,7 @@ registry="public.ecr.aws/z9d2n7e1" declare -A aliases aliases=( - [mainline]='1 1.25 latest' + [mainline]='1 1.27 latest' [stable]='1.26' ) diff --git a/update.sh b/update.sh index 1327b708..bbd5ebea 100755 --- a/update.sh +++ b/update.sh @@ -12,8 +12,8 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.25.5' - [stable]='1.26.0' + [mainline]='1.27.0' + [stable]='1.26.1' ) # Current njs versions @@ -25,7 +25,7 @@ declare -A njs=( # Current njs patchlevel version # Remember to update pkgosschecksum when changing this. declare -A njspkg=( - [mainline]='3' + [mainline]='2' [stable]='2' ) @@ -38,8 +38,8 @@ declare -A otel=( # Current package patchlevel version # Remember to update pkgosschecksum when changing this. declare -A pkg=( - [mainline]=1 - [stable]=1 + [mainline]=2 + [stable]=2 ) declare -A debian=( @@ -57,16 +57,16 @@ declare -A alpine=( # when building alpine packages on architectures not supported by nginx.org # Remember to update pkgosschecksum when changing this. declare -A rev=( - [mainline]='27357d6c5453' - [stable]='73d6839714a2' + [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' + [stable]='${NGINX_VERSION}-${PKG_RELEASE}' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='a80fc5706ad8e98597478b9e041f658375d53d22f7c8004dd16354067a3d48eb4ef234830b697ddf5c45ec57b837237cc11317bcaaa5133ccbe71bce15d969b0' - [stable]='95d513d058493d60cba5a6bb328dc3c3e75ea115cf248a64bd921159e11c6fc87d33c7f058562c584fe440a219b931d53fd66bd4c596244b54287b62979834db' + [mainline]='cd3333f4dfa4a873f6df73dfe24e047adc092d779aefb46577b6307ff0d0125543508694a80158b2bfc891167ad763b0d08287829df9924d4c22f50d063e76c0' + [stable]='0db2bf5f86e7c31f23d0e3e7699a5d8a4d9d9b0dc2f98d3e3a31e004df20206270debf6502e4481892e8b64d55fba73fcc8d74c3e0ddfcd2d3f85a17fa02a25e' ) get_packages() { From 3180cdbec313dc4a9f6dd1109ae66adaf98f11fb Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 29 May 2024 15:13:35 -0700 Subject: [PATCH 317/377] Regenerated after last commits --- mainline/alpine-otel/Dockerfile | 12 ++++++------ mainline/alpine-perl/Dockerfile | 12 ++++++------ mainline/alpine-slim/Dockerfile | 14 +++++++------- mainline/alpine/Dockerfile | 14 +++++++------- mainline/debian-otel/Dockerfile | 2 +- mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 6 +++--- stable/alpine-otel/Dockerfile | 12 ++++++------ stable/alpine-perl/Dockerfile | 12 ++++++------ stable/alpine-slim/Dockerfile | 14 +++++++------- stable/alpine/Dockerfile | 12 ++++++------ stable/debian-otel/Dockerfile | 2 +- stable/debian-perl/Dockerfile | 2 +- stable/debian/Dockerfile | 4 ++-- 14 files changed, 60 insertions(+), 60 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index 7e08f87a..f5dcf080 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.5-alpine +FROM nginx:1.27.0-alpine ENV OTEL_VERSION 0.1.0 @@ -49,16 +49,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/27357d6c5453.tar.gz \ - && PKGOSSCHECKSUM=\"a80fc5706ad8e98597478b9e041f658375d53d22f7c8004dd16354067a3d48eb4ef234830b697ddf5c45ec57b837237cc11317bcaaa5133ccbe71bce15d969b0 *27357d6c5453.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 27357d6c5453.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"cd3333f4dfa4a873f6df73dfe24e047adc092d779aefb46577b6307ff0d0125543508694a80158b2bfc891167ad763b0d08287829df9924d4c22f50d063e76c0 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 27357d6c5453.tar.gz \ - && cd pkg-oss-27357d6c5453 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-otel \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 2c583aad..7c509215 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.5-alpine +FROM nginx:1.27.0-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -44,16 +44,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/27357d6c5453.tar.gz \ - && PKGOSSCHECKSUM=\"a80fc5706ad8e98597478b9e041f658375d53d22f7c8004dd16354067a3d48eb4ef234830b697ddf5c45ec57b837237cc11317bcaaa5133ccbe71bce15d969b0 *27357d6c5453.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 27357d6c5453.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"cd3333f4dfa4a873f6df73dfe24e047adc092d779aefb46577b6307ff0d0125543508694a80158b2bfc891167ad763b0d08287829df9924d4c22f50d063e76c0 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 27357d6c5453.tar.gz \ - && cd pkg-oss-27357d6c5453 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index c1bde59c..370879bb 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.19 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.25.5 -ENV PKG_RELEASE 1 +ENV NGINX_VERSION 1.27.0 +ENV PKG_RELEASE 2 RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/27357d6c5453.tar.gz \ - && PKGOSSCHECKSUM=\"a80fc5706ad8e98597478b9e041f658375d53d22f7c8004dd16354067a3d48eb4ef234830b697ddf5c45ec57b837237cc11317bcaaa5133ccbe71bce15d969b0 *27357d6c5453.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 27357d6c5453.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"cd3333f4dfa4a873f6df73dfe24e047adc092d779aefb46577b6307ff0d0125543508694a80158b2bfc891167ad763b0d08287829df9924d4c22f50d063e76c0 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 27357d6c5453.tar.gz \ - && cd pkg-oss-27357d6c5453 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index a1a04700..6437da3e 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,10 +3,10 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.5-alpine-slim +FROM nginx:1.27.0-alpine-slim ENV NJS_VERSION 0.8.4 -ENV NJS_RELEASE 3 +ENV NJS_RELEASE 2 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -49,16 +49,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/27357d6c5453.tar.gz \ - && PKGOSSCHECKSUM=\"a80fc5706ad8e98597478b9e041f658375d53d22f7c8004dd16354067a3d48eb4ef234830b697ddf5c45ec57b837237cc11317bcaaa5133ccbe71bce15d969b0 *27357d6c5453.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 27357d6c5453.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"cd3333f4dfa4a873f6df73dfe24e047adc092d779aefb46577b6307ff0d0125543508694a80158b2bfc891167ad763b0d08287829df9924d4c22f50d063e76c0 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 27357d6c5453.tar.gz \ - && cd pkg-oss-27357d6c5453 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 51f8c54e..9fe3620a 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.5 +FROM nginx:1.27.0 ENV OTEL_VERSION 0.1.0 diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 4bdba1e6..b2fcb2e5 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.5 +FROM nginx:1.27.0 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index c2048199..0087d457 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,10 +7,10 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.25.5 +ENV NGINX_VERSION 1.27.0 ENV NJS_VERSION 0.8.4 -ENV NJS_RELEASE 3~bookworm -ENV PKG_RELEASE 1~bookworm +ENV NJS_RELEASE 2~bookworm +ENV PKG_RELEASE 2~bookworm RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants diff --git a/stable/alpine-otel/Dockerfile b/stable/alpine-otel/Dockerfile index 66923ea1..b60ade03 100644 --- a/stable/alpine-otel/Dockerfile +++ b/stable/alpine-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.0-alpine +FROM nginx:1.26.1-alpine ENV OTEL_VERSION 0.1.0 @@ -49,16 +49,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/73d6839714a2.tar.gz \ - && PKGOSSCHECKSUM=\"95d513d058493d60cba5a6bb328dc3c3e75ea115cf248a64bd921159e11c6fc87d33c7f058562c584fe440a219b931d53fd66bd4c596244b54287b62979834db *73d6839714a2.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 73d6839714a2.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"0db2bf5f86e7c31f23d0e3e7699a5d8a4d9d9b0dc2f98d3e3a31e004df20206270debf6502e4481892e8b64d55fba73fcc8d74c3e0ddfcd2d3f85a17fa02a25e *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 73d6839714a2.tar.gz \ - && cd pkg-oss-73d6839714a2 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-otel \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 9cdf5d0f..355d191a 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.0-alpine +FROM nginx:1.26.1-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -44,16 +44,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/73d6839714a2.tar.gz \ - && PKGOSSCHECKSUM=\"95d513d058493d60cba5a6bb328dc3c3e75ea115cf248a64bd921159e11c6fc87d33c7f058562c584fe440a219b931d53fd66bd4c596244b54287b62979834db *73d6839714a2.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 73d6839714a2.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"0db2bf5f86e7c31f23d0e3e7699a5d8a4d9d9b0dc2f98d3e3a31e004df20206270debf6502e4481892e8b64d55fba73fcc8d74c3e0ddfcd2d3f85a17fa02a25e *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 73d6839714a2.tar.gz \ - && cd pkg-oss-73d6839714a2 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 59e0e309..452317de 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.19 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.26.0 -ENV PKG_RELEASE 1 +ENV NGINX_VERSION 1.26.1 +ENV PKG_RELEASE 2 RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/73d6839714a2.tar.gz \ - && PKGOSSCHECKSUM=\"95d513d058493d60cba5a6bb328dc3c3e75ea115cf248a64bd921159e11c6fc87d33c7f058562c584fe440a219b931d53fd66bd4c596244b54287b62979834db *73d6839714a2.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 73d6839714a2.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"0db2bf5f86e7c31f23d0e3e7699a5d8a4d9d9b0dc2f98d3e3a31e004df20206270debf6502e4481892e8b64d55fba73fcc8d74c3e0ddfcd2d3f85a17fa02a25e *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 73d6839714a2.tar.gz \ - && cd pkg-oss-73d6839714a2 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index d7f1f0c5..2fffeaba 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.0-alpine-slim +FROM nginx:1.26.1-alpine-slim ENV NJS_VERSION 0.8.4 ENV NJS_RELEASE 2 @@ -49,16 +49,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/73d6839714a2.tar.gz \ - && PKGOSSCHECKSUM=\"95d513d058493d60cba5a6bb328dc3c3e75ea115cf248a64bd921159e11c6fc87d33c7f058562c584fe440a219b931d53fd66bd4c596244b54287b62979834db *73d6839714a2.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 73d6839714a2.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"0db2bf5f86e7c31f23d0e3e7699a5d8a4d9d9b0dc2f98d3e3a31e004df20206270debf6502e4481892e8b64d55fba73fcc8d74c3e0ddfcd2d3f85a17fa02a25e *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 73d6839714a2.tar.gz \ - && cd pkg-oss-73d6839714a2 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian-otel/Dockerfile b/stable/debian-otel/Dockerfile index 2a2ca729..764b994a 100644 --- a/stable/debian-otel/Dockerfile +++ b/stable/debian-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.0 +FROM nginx:1.26.1 ENV OTEL_VERSION 0.1.0 diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index ee08af92..adfd57f8 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.0 +FROM nginx:1.26.1 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 853e3e60..9c782b27 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -7,10 +7,10 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.26.0 +ENV NGINX_VERSION 1.26.1 ENV NJS_VERSION 0.8.4 ENV NJS_RELEASE 2~bookworm -ENV PKG_RELEASE 1~bookworm +ENV PKG_RELEASE 2~bookworm RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants From 94a27ac42d45670d941a55334d89e80760f7cc8e Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 20 Jun 2024 15:57:12 -0700 Subject: [PATCH 318/377] Fixed failure to build packages from source on recent Alpine versions apk index no longer accepts untrusted keys since 2.14.2 --- Dockerfile-alpine-otel.template | 2 +- Dockerfile-alpine-perl.template | 2 +- Dockerfile-alpine-slim.template | 2 +- Dockerfile-alpine.template | 2 +- mainline/alpine-otel/Dockerfile | 2 +- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine-slim/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- stable/alpine-otel/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 2 +- stable/alpine-slim/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- 12 files changed, 12 insertions(+), 12 deletions(-) diff --git a/Dockerfile-alpine-otel.template b/Dockerfile-alpine-otel.template index 7090e4fd..027e99ae 100644 --- a/Dockerfile-alpine-otel.template +++ b/Dockerfile-alpine-otel.template @@ -50,7 +50,7 @@ RUN set -x \ && cd pkg-oss-%%REVISION%% \ && cd alpine \ && make %%BUILDTARGET%% \ - && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ diff --git a/Dockerfile-alpine-perl.template b/Dockerfile-alpine-perl.template index 9c87b72c..660e4b7b 100644 --- a/Dockerfile-alpine-perl.template +++ b/Dockerfile-alpine-perl.template @@ -45,7 +45,7 @@ RUN set -x \ && cd pkg-oss-%%REVISION%% \ && cd alpine \ && make %%BUILDTARGET%% \ - && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template index e6809e87..128cc0e1 100644 --- a/Dockerfile-alpine-slim.template +++ b/Dockerfile-alpine-slim.template @@ -62,7 +62,7 @@ RUN set -x \ && cd pkg-oss-%%REVISION%% \ && cd alpine \ && make %%BUILDTARGET%% \ - && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 8c9d490d..cce7c7b8 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -51,7 +51,7 @@ RUN set -x \ && cd pkg-oss-%%REVISION%% \ && cd alpine \ && make %%BUILDTARGET%% \ - && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index f5dcf080..784dd98b 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -61,7 +61,7 @@ RUN set -x \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-otel \ - && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 7c509215..55e9c5fb 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -56,7 +56,7 @@ RUN set -x \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-perl \ - && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 370879bb..202eed78 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -68,7 +68,7 @@ RUN set -x \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make base \ - && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 6437da3e..d1c39656 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -61,7 +61,7 @@ RUN set -x \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ - && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ diff --git a/stable/alpine-otel/Dockerfile b/stable/alpine-otel/Dockerfile index b60ade03..6fd59d88 100644 --- a/stable/alpine-otel/Dockerfile +++ b/stable/alpine-otel/Dockerfile @@ -61,7 +61,7 @@ RUN set -x \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-otel \ - && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 355d191a..f017a96e 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -56,7 +56,7 @@ RUN set -x \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-perl \ - && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 452317de..458724c7 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -68,7 +68,7 @@ RUN set -x \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make base \ - && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 2fffeaba..317e11c1 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -61,7 +61,7 @@ RUN set -x \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ - && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ From 1717492fe0135a8f4c2b88b9db2128724412869a Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 20 Jun 2024 16:54:59 -0700 Subject: [PATCH 319/377] Tests: temporarily remove ipv6 check It seems github actions runners are having issues with ipv6 since lateset updates to Docker 26. Let them sort the issues out first, and then we can revert this change. --- .../templates-resolver-ipv6/expected-std-out.txt | 1 - .test/tests/templates-resolver-ipv6/run.sh | 11 ----------- 2 files changed, 12 deletions(-) diff --git a/.test/tests/templates-resolver-ipv6/expected-std-out.txt b/.test/tests/templates-resolver-ipv6/expected-std-out.txt index 5309ac82..38bfee85 100644 --- a/.test/tests/templates-resolver-ipv6/expected-std-out.txt +++ b/.test/tests/templates-resolver-ipv6/expected-std-out.txt @@ -1,2 +1 @@ example.com - OK -ipv6 nameserver(s) present diff --git a/.test/tests/templates-resolver-ipv6/run.sh b/.test/tests/templates-resolver-ipv6/run.sh index a7bc3332..88476d65 100755 --- a/.test/tests/templates-resolver-ipv6/run.sh +++ b/.test/tests/templates-resolver-ipv6/run.sh @@ -68,14 +68,3 @@ _request() { # Check that we can request / _request GET http '/resolver-templates' | grep 'example.com - OK' - -result="$(docker exec $cid grep resolver /etc/nginx/conf.d/server.conf)" - -case "$result" in - resolver*\[*\]*) - echo "ipv6 nameserver(s) present" - ;; - *) - echo "no ipv6 nameserver(s) present" - ;; -esac From a6f7d140744f8b15ff4314b8718b3f022efc7f43 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 20 Jun 2024 17:49:20 -0700 Subject: [PATCH 320/377] Updated GPG keys used to sign packages Prebuilt binaries from nginx.org are to be signed with different keys moving forward. This change introduces two new 4096-bit RSA keys (aptly named "signing key 2" and "signing key 3") that will be used for that process. The keys can be fetched from nginx.org, too: $ curl -s https://nginx.org/keys/nginx_signing.key | gpg --show-keys - pub rsa4096 2024-05-29 [SC] 8540A6F18833A80E9C1653A42FD21310B49F6B46 uid nginx signing key pub rsa2048 2011-08-19 [SC] [expires: 2027-05-24] 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 uid nginx signing key pub rsa4096 2024-05-29 [SC] 9E9BE90EACBCDE69FE9B204CBCDCD8A38D88A2B3 uid nginx signing key As a nice side-effect, this allows us to re-fetch the older 2048-bit RSA key. It expired on Jun 14 2024, but was extended to be valid for another three years) still used to sign current packages. Unfortunately the key with the extended validity period was uploaded to the keyservers a bit too late to be picked up by current image builds, resulting in somewhat unexpected breakages for downstream images. --- Dockerfile-debian.template | 6 ++++-- mainline/debian/Dockerfile | 6 ++++-- stable/debian/Dockerfile | 6 ++++-- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 4fe841a6..cccf6ea7 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -14,10 +14,11 @@ RUN set -x \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + NGINX_GPGKEYS="573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 8540A6F18833A80E9C1653A42FD21310B49F6B46 9E9BE90EACBCDE69FE9B204CBCDCD8A38D88A2B3"; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ export GNUPGHOME="$(mktemp -d)"; \ found=''; \ + for NGINX_GPGKEY in $NGINX_GPGKEYS; do \ for server in \ hkp://keyserver.ubuntu.com:80 \ pgp.mit.edu \ @@ -26,7 +27,8 @@ RUN set -x \ gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ + done; \ + gpg1 --export "$NGINX_GPGKEYS" > "$NGINX_GPGKEY_PATH" ; \ rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 0087d457..1795d6b0 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -19,10 +19,11 @@ RUN set -x \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + NGINX_GPGKEYS="573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 8540A6F18833A80E9C1653A42FD21310B49F6B46 9E9BE90EACBCDE69FE9B204CBCDCD8A38D88A2B3"; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ export GNUPGHOME="$(mktemp -d)"; \ found=''; \ + for NGINX_GPGKEY in $NGINX_GPGKEYS; do \ for server in \ hkp://keyserver.ubuntu.com:80 \ pgp.mit.edu \ @@ -31,7 +32,8 @@ RUN set -x \ gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ + done; \ + gpg1 --export "$NGINX_GPGKEYS" > "$NGINX_GPGKEY_PATH" ; \ rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 9c782b27..dfdc5428 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -19,10 +19,11 @@ RUN set -x \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + NGINX_GPGKEYS="573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 8540A6F18833A80E9C1653A42FD21310B49F6B46 9E9BE90EACBCDE69FE9B204CBCDCD8A38D88A2B3"; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ export GNUPGHOME="$(mktemp -d)"; \ found=''; \ + for NGINX_GPGKEY in $NGINX_GPGKEYS; do \ for server in \ hkp://keyserver.ubuntu.com:80 \ pgp.mit.edu \ @@ -31,7 +32,8 @@ RUN set -x \ gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ + done; \ + gpg1 --export "$NGINX_GPGKEYS" > "$NGINX_GPGKEY_PATH" ; \ rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ From 0eef6515e5b1da1e1f06cb71edbaa73769054cec Mon Sep 17 00:00:00 2001 From: Your Name Date: Wed, 14 Aug 2024 20:35:37 +0000 Subject: [PATCH 321/377] Updated nginx versions to current While at it, introduced specific env variables for built-in dynamic modules versions, as they can differ from the main nginx binary packages. --- Dockerfile-alpine-slim.template | 5 ++-- Dockerfile-debian.template | 1 + update.sh | 46 ++++++++++++++++++++++++--------- 3 files changed, 38 insertions(+), 14 deletions(-) diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template index 128cc0e1..6c6f92f2 100644 --- a/Dockerfile-alpine-slim.template +++ b/Dockerfile-alpine-slim.template @@ -2,8 +2,9 @@ FROM alpine:%%ALPINE_VERSION%% LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION %%NGINX_VERSION%% -ENV PKG_RELEASE %%PKG_RELEASE%% +ENV NGINX_VERSION %%NGINX_VERSION%% +ENV PKG_RELEASE %%PKG_RELEASE%% +ENV DYNPKG_RELEASE %%DYNPKG_RELEASE%% RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index cccf6ea7..efef6e54 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -6,6 +6,7 @@ ENV NGINX_VERSION %%NGINX_VERSION%% ENV NJS_VERSION %%NJS_VERSION%% ENV NJS_RELEASE %%NJS_RELEASE%% ENV PKG_RELEASE %%PKG_RELEASE%% +ENV DYNPKG_RELEASE %%DYNPKG_RELEASE%% RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants diff --git a/update.sh b/update.sh index bbd5ebea..a075b075 100755 --- a/update.sh +++ b/update.sh @@ -12,21 +12,21 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.27.0' - [stable]='1.26.1' + [mainline]='1.27.1' + [stable]='1.26.2' ) # Current njs versions declare -A njs=( - [mainline]='0.8.4' - [stable]='0.8.4' + [mainline]='0.8.5' + [stable]='0.8.5' ) # Current njs patchlevel version # Remember to update pkgosschecksum when changing this. declare -A njspkg=( - [mainline]='2' - [stable]='2' + [mainline]='1' + [stable]='1' ) # Current otel versions @@ -35,9 +35,16 @@ declare -A otel=( [stable]='0.1.0' ) -# Current package patchlevel version +# Current nginx package patchlevel version # Remember to update pkgosschecksum when changing this. declare -A pkg=( + [mainline]=1 + [stable]=1 +) + +# Current built-in dynamic modules package patchlevel version +# Remember to update pkgosschecksum when changing this +declare -A dynpkg=( [mainline]=2 [stable]=2 ) @@ -65,8 +72,8 @@ declare -A rev=( # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='cd3333f4dfa4a873f6df73dfe24e047adc092d779aefb46577b6307ff0d0125543508694a80158b2bfc891167ad763b0d08287829df9924d4c22f50d063e76c0' - [stable]='0db2bf5f86e7c31f23d0e3e7699a5d8a4d9d9b0dc2f98d3e3a31e004df20206270debf6502e4481892e8b64d55fba73fcc8d74c3e0ddfcd2d3f85a17fa02a25e' + [mainline]='b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907' + [stable]='825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a' ) get_packages() { @@ -108,9 +115,12 @@ get_packages() { done ;; *) - for p in nginx nginx-module-xslt nginx-module-geoip nginx-module-image-filter $perl; do + for p in nginx; do echo -n ' '"$p"'=${NGINX_VERSION}-'"$r"'${PKG_RELEASE} \\\n' done + for p in nginx-module-xslt nginx-module-geoip nginx-module-image-filter $perl; do + echo -n ' '"$p"'=${NGINX_VERSION}-'"$r"'${DYNPKG_RELEASE} \\\n' + done for p in nginx-module-njs; do echo -n ' '"$p"'=${NGINX_VERSION}'"$sep"'${NJS_VERSION}-'"$r"'${NJS_RELEASE} \\'"$bn" done @@ -149,7 +159,17 @@ get_packagever() { [ "${distro}" = "debian" ] && suffix="~${debianver}" - [ "${package}" = "njs" ] && echo ${njspkg[$branch]}${suffix} || echo ${pkg[$branch]}${suffix} + case "${package}" in + "njs") + echo ${njspkg[$branch]}${suffix} + ;; + "dyn") + echo ${dynpkg[$branch]}${suffix} + ;; + *) + echo ${pkg[$branch]}${suffix} + ;; + esac } get_buildtarget() { @@ -172,7 +192,7 @@ get_buildtarget() { echo "\$nginxPackages" ;; debian-perl) - echo "nginx-module-perl=\${NGINX_VERSION}-\${PKG_RELEASE}" + echo "nginx-module-perl=\${NGINX_VERSION}-\${DYNPKG_RELEASE}" ;; debian-otel) echo "nginx-module-otel" @@ -218,11 +238,13 @@ for branch in "${branches[@]}"; do packages=$(get_packages "$variant" "$branch") packagever=$(get_packagever "$variant" "$branch" "any") njspkgver=$(get_packagever "$variant" "$branch" "njs") + dynpkgver=$(get_packagever "$variant" "$branch" "dyn") buildtarget=$(get_buildtarget "$variant") sed -i.bak \ -e 's,%%ALPINE_VERSION%%,'"$alpinever"',' \ -e 's,%%DEBIAN_VERSION%%,'"$debianver"',' \ + -e 's,%%DYNPKG_RELEASE%%,'"$dynpkgver"',' \ -e 's,%%NGINX_VERSION%%,'"$nginxver"',' \ -e 's,%%NJS_VERSION%%,'"$njsver"',' \ -e 's,%%NJS_RELEASE%%,'"$njspkgver"',' \ From e78cf70ce7b73a0c9ea734c9cf8aaaa283c1cc5a Mon Sep 17 00:00:00 2001 From: Your Name Date: Wed, 14 Aug 2024 20:36:50 +0000 Subject: [PATCH 322/377] Run update.sh to pick up changes after previous commit. --- mainline/alpine-otel/Dockerfile | 10 +++++----- mainline/alpine-perl/Dockerfile | 12 ++++++------ mainline/alpine-slim/Dockerfile | 7 ++++--- mainline/alpine/Dockerfile | 14 +++++++------- mainline/debian-otel/Dockerfile | 8 ++++---- mainline/debian-perl/Dockerfile | 14 +++++++------- mainline/debian/Dockerfile | 15 ++++++++------- stable/alpine-otel/Dockerfile | 10 +++++----- stable/alpine-perl/Dockerfile | 12 ++++++------ stable/alpine-slim/Dockerfile | 7 ++++--- stable/alpine/Dockerfile | 14 +++++++------- stable/debian-otel/Dockerfile | 8 ++++---- stable/debian-perl/Dockerfile | 14 +++++++------- stable/debian/Dockerfile | 15 ++++++++------- 14 files changed, 82 insertions(+), 78 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index 784dd98b..a3e926b0 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.0-alpine +FROM nginx:1.27.1-alpine ENV OTEL_VERSION 0.1.0 @@ -11,9 +11,9 @@ RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ nginx-module-otel=${NGINX_VERSION}.${OTEL_VERSION}-r${PKG_RELEASE} \ " \ @@ -50,7 +50,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"cd3333f4dfa4a873f6df73dfe24e047adc092d779aefb46577b6307ff0d0125543508694a80158b2bfc891167ad763b0d08287829df9924d4c22f50d063e76c0 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 55e9c5fb..e5162beb 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,16 +3,16 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.0-alpine +FROM nginx:1.27.1-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-perl=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-perl=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks @@ -45,7 +45,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"cd3333f4dfa4a873f6df73dfe24e047adc092d779aefb46577b6307ff0d0125543508694a80158b2bfc891167ad763b0d08287829df9924d4c22f50d063e76c0 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 202eed78..9d1c1709 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,8 +7,9 @@ FROM alpine:3.19 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.27.0 -ENV PKG_RELEASE 2 +ENV NGINX_VERSION 1.27.1 +ENV PKG_RELEASE 1 +ENV DYNPKG_RELEASE 2 RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -57,7 +58,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"cd3333f4dfa4a873f6df73dfe24e047adc092d779aefb46577b6307ff0d0125543508694a80158b2bfc891167ad763b0d08287829df9924d4c22f50d063e76c0 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index d1c39656..b6b9120a 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,18 +3,18 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.0-alpine-slim +FROM nginx:1.27.1-alpine-slim -ENV NJS_VERSION 0.8.4 -ENV NJS_RELEASE 2 +ENV NJS_VERSION 0.8.5 +ENV NJS_RELEASE 1 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks @@ -50,7 +50,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"cd3333f4dfa4a873f6df73dfe24e047adc092d779aefb46577b6307ff0d0125543508694a80158b2bfc891167ad763b0d08287829df9924d4c22f50d063e76c0 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 9fe3620a..58a5cd99 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.0 +FROM nginx:1.27.1 ENV OTEL_VERSION 0.1.0 @@ -12,9 +12,9 @@ RUN set -x; \ dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ nginx-module-otel=${NGINX_VERSION}+${OTEL_VERSION}-${PKG_RELEASE} \ " \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index b2fcb2e5..e3a51fb7 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,17 +3,17 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.0 +FROM nginx:1.27.1 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ " \ && case "$dpkgArch" in \ @@ -37,11 +37,11 @@ RUN set -x; \ \ # build .deb files from upstream's source packages (which are verified by apt-get) && apt-get update \ - && apt-get build-dep -y nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ + && apt-get build-dep -y nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \ && ( \ cd "$tempDir" \ && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ + apt-get source --compile nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 1795d6b0..40a9838d 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,10 +7,11 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.27.0 -ENV NJS_VERSION 0.8.4 -ENV NJS_RELEASE 2~bookworm -ENV PKG_RELEASE 2~bookworm +ENV NGINX_VERSION 1.27.1 +ENV NJS_VERSION 0.8.5 +ENV NJS_RELEASE 1~bookworm +ENV PKG_RELEASE 1~bookworm +ENV DYNPKG_RELEASE 2~bookworm RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -39,9 +40,9 @@ RUN set -x \ && dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ " \ && case "$dpkgArch" in \ diff --git a/stable/alpine-otel/Dockerfile b/stable/alpine-otel/Dockerfile index 6fd59d88..29ec4cd7 100644 --- a/stable/alpine-otel/Dockerfile +++ b/stable/alpine-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.1-alpine +FROM nginx:1.26.2-alpine ENV OTEL_VERSION 0.1.0 @@ -11,9 +11,9 @@ RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ nginx-module-otel=${NGINX_VERSION}.${OTEL_VERSION}-r${PKG_RELEASE} \ " \ @@ -50,7 +50,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"0db2bf5f86e7c31f23d0e3e7699a5d8a4d9d9b0dc2f98d3e3a31e004df20206270debf6502e4481892e8b64d55fba73fcc8d74c3e0ddfcd2d3f85a17fa02a25e *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index f017a96e..099d1c14 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,16 +3,16 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.1-alpine +FROM nginx:1.26.2-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-perl=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-perl=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks @@ -45,7 +45,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"0db2bf5f86e7c31f23d0e3e7699a5d8a4d9d9b0dc2f98d3e3a31e004df20206270debf6502e4481892e8b64d55fba73fcc8d74c3e0ddfcd2d3f85a17fa02a25e *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 458724c7..c26a8a06 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -7,8 +7,9 @@ FROM alpine:3.19 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.26.1 -ENV PKG_RELEASE 2 +ENV NGINX_VERSION 1.26.2 +ENV PKG_RELEASE 1 +ENV DYNPKG_RELEASE 2 RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -57,7 +58,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"0db2bf5f86e7c31f23d0e3e7699a5d8a4d9d9b0dc2f98d3e3a31e004df20206270debf6502e4481892e8b64d55fba73fcc8d74c3e0ddfcd2d3f85a17fa02a25e *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 317e11c1..adbef674 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,18 +3,18 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.1-alpine-slim +FROM nginx:1.26.2-alpine-slim -ENV NJS_VERSION 0.8.4 -ENV NJS_RELEASE 2 +ENV NJS_VERSION 0.8.5 +ENV NJS_RELEASE 1 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks @@ -50,7 +50,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"0db2bf5f86e7c31f23d0e3e7699a5d8a4d9d9b0dc2f98d3e3a31e004df20206270debf6502e4481892e8b64d55fba73fcc8d74c3e0ddfcd2d3f85a17fa02a25e *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/debian-otel/Dockerfile b/stable/debian-otel/Dockerfile index 764b994a..1bc68961 100644 --- a/stable/debian-otel/Dockerfile +++ b/stable/debian-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.1 +FROM nginx:1.26.2 ENV OTEL_VERSION 0.1.0 @@ -12,9 +12,9 @@ RUN set -x; \ dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ nginx-module-otel=${NGINX_VERSION}+${OTEL_VERSION}-${PKG_RELEASE} \ " \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index adfd57f8..17b0f103 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -3,17 +3,17 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.1 +FROM nginx:1.26.2 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ " \ && case "$dpkgArch" in \ @@ -37,11 +37,11 @@ RUN set -x; \ \ # build .deb files from upstream's source packages (which are verified by apt-get) && apt-get update \ - && apt-get build-dep -y nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ + && apt-get build-dep -y nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \ && ( \ cd "$tempDir" \ && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ + apt-get source --compile nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index dfdc5428..e623e414 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -7,10 +7,11 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.26.1 -ENV NJS_VERSION 0.8.4 -ENV NJS_RELEASE 2~bookworm -ENV PKG_RELEASE 2~bookworm +ENV NGINX_VERSION 1.26.2 +ENV NJS_VERSION 0.8.5 +ENV NJS_RELEASE 1~bookworm +ENV PKG_RELEASE 1~bookworm +ENV DYNPKG_RELEASE 2~bookworm RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -39,9 +40,9 @@ RUN set -x \ && dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ " \ && case "$dpkgArch" in \ From ab376cce6d325132adb02b6d2a248b9ad1cd9fe1 Mon Sep 17 00:00:00 2001 From: Jesper Noordsij Date: Wed, 22 May 2024 14:49:13 +0200 Subject: [PATCH 323/377] Update mainline to Alpine 3.20 --- mainline/alpine-slim/Dockerfile | 2 +- update.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 9d1c1709..44fb1f35 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.19 +FROM alpine:3.20 LABEL maintainer="NGINX Docker Maintainers " diff --git a/update.sh b/update.sh index a075b075..d5ebc2ce 100755 --- a/update.sh +++ b/update.sh @@ -55,7 +55,7 @@ declare -A debian=( ) declare -A alpine=( - [mainline]='3.19' + [mainline]='3.20' [stable]='3.19' ) From 239684923b2c652b0767540d180de7f7e84bd9fa Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 14 Aug 2024 14:47:12 -0700 Subject: [PATCH 324/377] Alpine: install curl on architectures we build from source. --- Dockerfile-alpine-otel.template | 1 + Dockerfile-alpine-perl.template | 1 + Dockerfile-alpine-slim.template | 1 + Dockerfile-alpine.template | 1 + mainline/alpine-otel/Dockerfile | 1 + mainline/alpine-perl/Dockerfile | 1 + mainline/alpine-slim/Dockerfile | 1 + mainline/alpine/Dockerfile | 1 + stable/alpine-otel/Dockerfile | 1 + stable/alpine-perl/Dockerfile | 1 + stable/alpine-slim/Dockerfile | 1 + stable/alpine/Dockerfile | 1 + 12 files changed, 12 insertions(+) diff --git a/Dockerfile-alpine-otel.template b/Dockerfile-alpine-otel.template index 027e99ae..f122273e 100644 --- a/Dockerfile-alpine-otel.template +++ b/Dockerfile-alpine-otel.template @@ -32,6 +32,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ + curl \ xz \ re2-dev \ c-ares-dev \ diff --git a/Dockerfile-alpine-perl.template b/Dockerfile-alpine-perl.template index 660e4b7b..2726d46e 100644 --- a/Dockerfile-alpine-perl.template +++ b/Dockerfile-alpine-perl.template @@ -30,6 +30,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ + curl \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template index 6c6f92f2..b60e641e 100644 --- a/Dockerfile-alpine-slim.template +++ b/Dockerfile-alpine-slim.template @@ -48,6 +48,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ + curl \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index cce7c7b8..437eb7e0 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -36,6 +36,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ + curl \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index a3e926b0..320fb074 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -43,6 +43,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ + curl \ xz \ re2-dev \ c-ares-dev \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index e5162beb..dc7219fd 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -41,6 +41,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ + curl \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 44fb1f35..a9318094 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -54,6 +54,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ + curl \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index b6b9120a..1bb5b530 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -46,6 +46,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ + curl \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ diff --git a/stable/alpine-otel/Dockerfile b/stable/alpine-otel/Dockerfile index 29ec4cd7..dbb4501e 100644 --- a/stable/alpine-otel/Dockerfile +++ b/stable/alpine-otel/Dockerfile @@ -43,6 +43,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ + curl \ xz \ re2-dev \ c-ares-dev \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 099d1c14..077ff3e9 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -41,6 +41,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ + curl \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index c26a8a06..0350ad86 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -54,6 +54,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ + curl \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index adbef674..603b7548 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -46,6 +46,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ + curl \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ From 1c99bf1406f95d5fbddb4c9f246e67ad07f79642 Mon Sep 17 00:00:00 2001 From: Jesper Noordsij Date: Wed, 29 May 2024 17:09:10 +0200 Subject: [PATCH 325/377] Update stable to Alpine 3.20 --- stable/alpine-slim/Dockerfile | 2 +- update.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 0350ad86..d1d3d8a6 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.19 +FROM alpine:3.20 LABEL maintainer="NGINX Docker Maintainers " diff --git a/update.sh b/update.sh index d5ebc2ce..9a7d6b9b 100755 --- a/update.sh +++ b/update.sh @@ -56,7 +56,7 @@ declare -A debian=( declare -A alpine=( [mainline]='3.20' - [stable]='3.19' + [stable]='3.20' ) # When we bump njs version in a stable release we don't move the tag in the From 8f11e7e2ce61b3bb1283432d03883497a0cab554 Mon Sep 17 00:00:00 2001 From: Jesper Noordsij Date: Thu, 15 Aug 2024 08:47:32 +0200 Subject: [PATCH 326/377] Use Alpine-related commit for detecting version in generate-stackbrew-library.sh --- generate-stackbrew-library.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index fc42760c..3a21d641 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -107,6 +107,7 @@ for version in "${versions[@]}"; do done + commit="$(dirCommit "$version/alpine-slim")" alpineVersion="$(git show "$commit":"$version/alpine-slim/Dockerfile" | awk -F: '$1 == "FROM alpine" { print $2; exit }')" for variant in alpine alpine-perl alpine-slim; do From d92a4f0d19747b43fd4dfe598c0bb9c854033c5e Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 15 Aug 2024 15:29:01 -0700 Subject: [PATCH 327/377] Use Alpine-related commit for detecting version in sync-awsecr.sh --- sync-awsecr.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/sync-awsecr.sh b/sync-awsecr.sh index 0e7cfffa..547c83ff 100755 --- a/sync-awsecr.sh +++ b/sync-awsecr.sh @@ -91,6 +91,7 @@ for version in "${versions[@]}"; do done done + commit="$(dirCommit "$version/alpine-slim")" alpineVersion="$(git show "$commit":"$version/alpine-slim/Dockerfile" | awk -F: '$1 == "FROM alpine" { print $2; exit }')" for variant in alpine alpine-perl alpine-slim; do From 8b08a26142fc4539ca8eaa6bdff8c463294eed88 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 16 Aug 2024 12:47:47 -0700 Subject: [PATCH 328/377] 15-local-resolvers: strip trailing whitespace Trailing whitespaces break configs that use quotation marks around vars. See https://github.com/nginxinc/docker-nginx-unprivileged/issues/234 --- entrypoint/15-local-resolvers.envsh | 3 +++ mainline/alpine-slim/15-local-resolvers.envsh | 3 +++ mainline/debian/15-local-resolvers.envsh | 3 +++ stable/alpine-slim/15-local-resolvers.envsh | 3 +++ stable/debian/15-local-resolvers.envsh | 3 +++ 5 files changed, 15 insertions(+) diff --git a/entrypoint/15-local-resolvers.envsh b/entrypoint/15-local-resolvers.envsh index 450a999f..e830ddac 100755 --- a/entrypoint/15-local-resolvers.envsh +++ b/entrypoint/15-local-resolvers.envsh @@ -9,4 +9,7 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {if ($2 ~ ":") {print "["$2"]"} else {print $2}}' /etc/resolv.conf) + +NGINX_LOCAL_RESOLVERS="${NGINX_LOCAL_RESOLVERS% }" + export NGINX_LOCAL_RESOLVERS diff --git a/mainline/alpine-slim/15-local-resolvers.envsh b/mainline/alpine-slim/15-local-resolvers.envsh index 450a999f..e830ddac 100755 --- a/mainline/alpine-slim/15-local-resolvers.envsh +++ b/mainline/alpine-slim/15-local-resolvers.envsh @@ -9,4 +9,7 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {if ($2 ~ ":") {print "["$2"]"} else {print $2}}' /etc/resolv.conf) + +NGINX_LOCAL_RESOLVERS="${NGINX_LOCAL_RESOLVERS% }" + export NGINX_LOCAL_RESOLVERS diff --git a/mainline/debian/15-local-resolvers.envsh b/mainline/debian/15-local-resolvers.envsh index 450a999f..e830ddac 100755 --- a/mainline/debian/15-local-resolvers.envsh +++ b/mainline/debian/15-local-resolvers.envsh @@ -9,4 +9,7 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {if ($2 ~ ":") {print "["$2"]"} else {print $2}}' /etc/resolv.conf) + +NGINX_LOCAL_RESOLVERS="${NGINX_LOCAL_RESOLVERS% }" + export NGINX_LOCAL_RESOLVERS diff --git a/stable/alpine-slim/15-local-resolvers.envsh b/stable/alpine-slim/15-local-resolvers.envsh index 450a999f..e830ddac 100755 --- a/stable/alpine-slim/15-local-resolvers.envsh +++ b/stable/alpine-slim/15-local-resolvers.envsh @@ -9,4 +9,7 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {if ($2 ~ ":") {print "["$2"]"} else {print $2}}' /etc/resolv.conf) + +NGINX_LOCAL_RESOLVERS="${NGINX_LOCAL_RESOLVERS% }" + export NGINX_LOCAL_RESOLVERS diff --git a/stable/debian/15-local-resolvers.envsh b/stable/debian/15-local-resolvers.envsh index 450a999f..e830ddac 100755 --- a/stable/debian/15-local-resolvers.envsh +++ b/stable/debian/15-local-resolvers.envsh @@ -9,4 +9,7 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {if ($2 ~ ":") {print "["$2"]"} else {print $2}}' /etc/resolv.conf) + +NGINX_LOCAL_RESOLVERS="${NGINX_LOCAL_RESOLVERS% }" + export NGINX_LOCAL_RESOLVERS From 479f90adc64a726d76890b0604b5116b8d7fe7f5 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 16 Aug 2024 17:46:09 -0700 Subject: [PATCH 329/377] modules/Dockerfile.alpine: install curl Not all alpine-based images have curl that's needed to fetch the sources of modules built. --- modules/Dockerfile.alpine | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Dockerfile.alpine b/modules/Dockerfile.alpine index 4b6b0910..f6d39c0d 100644 --- a/modules/Dockerfile.alpine +++ b/modules/Dockerfile.alpine @@ -15,7 +15,7 @@ COPY ./ /modules/ RUN apk update \ && apk add linux-headers openssl-dev pcre2-dev zlib-dev openssl abuild \ musl-dev libxslt libxml2-utils make mercurial gcc unzip git \ - xz g++ coreutils \ + xz g++ coreutils curl \ # allow abuild as a root user \ && printf "#!/bin/sh\\nSETFATTR=true /usr/bin/abuild -F \"\$@\"\\n" > /usr/local/bin/abuild \ && chmod +x /usr/local/bin/abuild \ From f0fc31f0f73d59cc46e16fae973065a6aea63c15 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 16 Aug 2024 23:15:16 +0000 Subject: [PATCH 330/377] Use packaging sources to build packages on non-mainstream architectures. --- Dockerfile-debian-otel.template | 38 ++++++++++++++++++++++++++------- Dockerfile-debian-perl.template | 38 ++++++++++++++++++++++++++------- Dockerfile-debian.template | 38 ++++++++++++++++++++++++++------- mainline/debian-otel/Dockerfile | 38 ++++++++++++++++++++++++++------- mainline/debian-perl/Dockerfile | 38 ++++++++++++++++++++++++++------- mainline/debian/Dockerfile | 38 ++++++++++++++++++++++++++------- stable/debian-otel/Dockerfile | 38 ++++++++++++++++++++++++++------- stable/debian-perl/Dockerfile | 38 ++++++++++++++++++++++++++------- stable/debian/Dockerfile | 38 ++++++++++++++++++++++++++------- update.sh | 16 +++++--------- 10 files changed, 275 insertions(+), 83 deletions(-) diff --git a/Dockerfile-debian-otel.template b/Dockerfile-debian-otel.template index b1a8a8e2..50f09032 100644 --- a/Dockerfile-debian-otel.template +++ b/Dockerfile-debian-otel.template @@ -15,24 +15,46 @@ RUN set -x; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for -# let's build binaries from the published source packages - echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ - \ +# let's build binaries from the published packaging sources # new directory for storing sources and .deb files - && tempDir="$(mktemp -d)" \ + tempDir="$(mktemp -d)" \ && chmod 777 "$tempDir" \ # (777 to ensure APT's "_apt" user can access it too) \ # save list of currently-installed packages so build dependencies can be cleanly removed later && savedAptMark="$(apt-mark showmanual)" \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# build .deb files from upstream's packaging sources && apt-get update \ - && apt-get build-dep -y %%BUILDTARGET%% \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + curl \ + devscripts \ + equivs \ + git \ + libxml2-utils \ + lsb-release \ + xsltproc \ && ( \ cd "$tempDir" \ - && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile %%BUILDTARGET%% \ + && REVISION="%%REVISION%%" \ + && REVISION=${REVISION%~*} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="%%PKGOSSCHECKSUM%% *${REVISION}.tar.gz" \ + && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ + echo "pkg-oss tarball checksum verification succeeded!"; \ + else \ + echo "pkg-oss tarball checksum verification failed!"; \ + exit 1; \ + fi \ + && tar xzvf ${REVISION}.tar.gz \ + && cd pkg-oss-${REVISION} \ + && cd debian \ + && for target in %%BUILDTARGET%%; do \ + make rules-$target; \ + mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \ + debuild-$target/nginx-$NGINX_VERSION/debian/control; \ + done \ + && make %%BUILDTARGET%% \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ diff --git a/Dockerfile-debian-perl.template b/Dockerfile-debian-perl.template index 03e801f5..d26452c3 100644 --- a/Dockerfile-debian-perl.template +++ b/Dockerfile-debian-perl.template @@ -13,24 +13,46 @@ RUN set -x; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for -# let's build binaries from the published source packages - echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ - \ +# let's build binaries from the published packaging sources # new directory for storing sources and .deb files - && tempDir="$(mktemp -d)" \ + tempDir="$(mktemp -d)" \ && chmod 777 "$tempDir" \ # (777 to ensure APT's "_apt" user can access it too) \ # save list of currently-installed packages so build dependencies can be cleanly removed later && savedAptMark="$(apt-mark showmanual)" \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# build .deb files from upstream's packaging sources && apt-get update \ - && apt-get build-dep -y %%BUILDTARGET%% \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + curl \ + devscripts \ + equivs \ + git \ + libxml2-utils \ + lsb-release \ + xsltproc \ && ( \ cd "$tempDir" \ - && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile %%BUILDTARGET%% \ + && REVISION="%%REVISION%%" \ + && REVISION=${REVISION%~*} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="%%PKGOSSCHECKSUM%% *${REVISION}.tar.gz" \ + && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ + echo "pkg-oss tarball checksum verification succeeded!"; \ + else \ + echo "pkg-oss tarball checksum verification failed!"; \ + exit 1; \ + fi \ + && tar xzvf ${REVISION}.tar.gz \ + && cd pkg-oss-${REVISION} \ + && cd debian \ + && for target in %%BUILDTARGET%%; do \ + make rules-$target; \ + mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \ + debuild-$target/nginx-$NGINX_VERSION/debian/control; \ + done \ + && make %%BUILDTARGET%% \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index efef6e54..9dabd67c 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -43,24 +43,46 @@ RUN set -x \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for -# let's build binaries from the published source packages - echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ - \ +# let's build binaries from the published packaging sources # new directory for storing sources and .deb files - && tempDir="$(mktemp -d)" \ + tempDir="$(mktemp -d)" \ && chmod 777 "$tempDir" \ # (777 to ensure APT's "_apt" user can access it too) \ # save list of currently-installed packages so build dependencies can be cleanly removed later && savedAptMark="$(apt-mark showmanual)" \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# build .deb files from upstream's packaging sources && apt-get update \ - && apt-get build-dep -y %%BUILDTARGET%% \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + curl \ + devscripts \ + equivs \ + git \ + libxml2-utils \ + lsb-release \ + xsltproc \ && ( \ cd "$tempDir" \ - && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile %%BUILDTARGET%% \ + && REVISION="%%REVISION%%" \ + && REVISION=${REVISION%~*} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="%%PKGOSSCHECKSUM%% *${REVISION}.tar.gz" \ + && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ + echo "pkg-oss tarball checksum verification succeeded!"; \ + else \ + echo "pkg-oss tarball checksum verification failed!"; \ + exit 1; \ + fi \ + && tar xzvf ${REVISION}.tar.gz \ + && cd pkg-oss-${REVISION} \ + && cd debian \ + && for target in %%BUILDTARGET%%; do \ + make rules-$target; \ + mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \ + debuild-$target/nginx-$NGINX_VERSION/debian/control; \ + done \ + && make %%BUILDTARGET%% \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 58a5cd99..1bb07c13 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -26,24 +26,46 @@ RUN set -x; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for -# let's build binaries from the published source packages - echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ - \ +# let's build binaries from the published packaging sources # new directory for storing sources and .deb files - && tempDir="$(mktemp -d)" \ + tempDir="$(mktemp -d)" \ && chmod 777 "$tempDir" \ # (777 to ensure APT's "_apt" user can access it too) \ # save list of currently-installed packages so build dependencies can be cleanly removed later && savedAptMark="$(apt-mark showmanual)" \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# build .deb files from upstream's packaging sources && apt-get update \ - && apt-get build-dep -y nginx-module-otel \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + curl \ + devscripts \ + equivs \ + git \ + libxml2-utils \ + lsb-release \ + xsltproc \ && ( \ cd "$tempDir" \ - && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile nginx-module-otel \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION=${REVISION%~*} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${REVISION}.tar.gz" \ + && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ + echo "pkg-oss tarball checksum verification succeeded!"; \ + else \ + echo "pkg-oss tarball checksum verification failed!"; \ + exit 1; \ + fi \ + && tar xzvf ${REVISION}.tar.gz \ + && cd pkg-oss-${REVISION} \ + && cd debian \ + && for target in module-otel; do \ + make rules-$target; \ + mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \ + debuild-$target/nginx-$NGINX_VERSION/debian/control; \ + done \ + && make module-otel \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index e3a51fb7..3c6682a8 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -24,24 +24,46 @@ RUN set -x; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for -# let's build binaries from the published source packages - echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ - \ +# let's build binaries from the published packaging sources # new directory for storing sources and .deb files - && tempDir="$(mktemp -d)" \ + tempDir="$(mktemp -d)" \ && chmod 777 "$tempDir" \ # (777 to ensure APT's "_apt" user can access it too) \ # save list of currently-installed packages so build dependencies can be cleanly removed later && savedAptMark="$(apt-mark showmanual)" \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# build .deb files from upstream's packaging sources && apt-get update \ - && apt-get build-dep -y nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + curl \ + devscripts \ + equivs \ + git \ + libxml2-utils \ + lsb-release \ + xsltproc \ && ( \ cd "$tempDir" \ - && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION=${REVISION%~*} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${REVISION}.tar.gz" \ + && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ + echo "pkg-oss tarball checksum verification succeeded!"; \ + else \ + echo "pkg-oss tarball checksum verification failed!"; \ + exit 1; \ + fi \ + && tar xzvf ${REVISION}.tar.gz \ + && cd pkg-oss-${REVISION} \ + && cd debian \ + && for target in module-perl; do \ + make rules-$target; \ + mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \ + debuild-$target/nginx-$NGINX_VERSION/debian/control; \ + done \ + && make module-perl \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 40a9838d..5cbec01a 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -53,24 +53,46 @@ RUN set -x \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for -# let's build binaries from the published source packages - echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ - \ +# let's build binaries from the published packaging sources # new directory for storing sources and .deb files - && tempDir="$(mktemp -d)" \ + tempDir="$(mktemp -d)" \ && chmod 777 "$tempDir" \ # (777 to ensure APT's "_apt" user can access it too) \ # save list of currently-installed packages so build dependencies can be cleanly removed later && savedAptMark="$(apt-mark showmanual)" \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# build .deb files from upstream's packaging sources && apt-get update \ - && apt-get build-dep -y $nginxPackages \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + curl \ + devscripts \ + equivs \ + git \ + libxml2-utils \ + lsb-release \ + xsltproc \ && ( \ cd "$tempDir" \ - && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile $nginxPackages \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION=${REVISION%~*} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${REVISION}.tar.gz" \ + && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ + echo "pkg-oss tarball checksum verification succeeded!"; \ + else \ + echo "pkg-oss tarball checksum verification failed!"; \ + exit 1; \ + fi \ + && tar xzvf ${REVISION}.tar.gz \ + && cd pkg-oss-${REVISION} \ + && cd debian \ + && for target in base module-geoip module-image-filter module-njs module-xslt; do \ + make rules-$target; \ + mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \ + debuild-$target/nginx-$NGINX_VERSION/debian/control; \ + done \ + && make base module-geoip module-image-filter module-njs module-xslt \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ diff --git a/stable/debian-otel/Dockerfile b/stable/debian-otel/Dockerfile index 1bc68961..f0c48907 100644 --- a/stable/debian-otel/Dockerfile +++ b/stable/debian-otel/Dockerfile @@ -26,24 +26,46 @@ RUN set -x; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for -# let's build binaries from the published source packages - echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ - \ +# let's build binaries from the published packaging sources # new directory for storing sources and .deb files - && tempDir="$(mktemp -d)" \ + tempDir="$(mktemp -d)" \ && chmod 777 "$tempDir" \ # (777 to ensure APT's "_apt" user can access it too) \ # save list of currently-installed packages so build dependencies can be cleanly removed later && savedAptMark="$(apt-mark showmanual)" \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# build .deb files from upstream's packaging sources && apt-get update \ - && apt-get build-dep -y nginx-module-otel \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + curl \ + devscripts \ + equivs \ + git \ + libxml2-utils \ + lsb-release \ + xsltproc \ && ( \ cd "$tempDir" \ - && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile nginx-module-otel \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION=${REVISION%~*} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${REVISION}.tar.gz" \ + && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ + echo "pkg-oss tarball checksum verification succeeded!"; \ + else \ + echo "pkg-oss tarball checksum verification failed!"; \ + exit 1; \ + fi \ + && tar xzvf ${REVISION}.tar.gz \ + && cd pkg-oss-${REVISION} \ + && cd debian \ + && for target in module-otel; do \ + make rules-$target; \ + mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \ + debuild-$target/nginx-$NGINX_VERSION/debian/control; \ + done \ + && make module-otel \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 17b0f103..394c9822 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -24,24 +24,46 @@ RUN set -x; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for -# let's build binaries from the published source packages - echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ - \ +# let's build binaries from the published packaging sources # new directory for storing sources and .deb files - && tempDir="$(mktemp -d)" \ + tempDir="$(mktemp -d)" \ && chmod 777 "$tempDir" \ # (777 to ensure APT's "_apt" user can access it too) \ # save list of currently-installed packages so build dependencies can be cleanly removed later && savedAptMark="$(apt-mark showmanual)" \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# build .deb files from upstream's packaging sources && apt-get update \ - && apt-get build-dep -y nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + curl \ + devscripts \ + equivs \ + git \ + libxml2-utils \ + lsb-release \ + xsltproc \ && ( \ cd "$tempDir" \ - && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION=${REVISION%~*} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${REVISION}.tar.gz" \ + && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ + echo "pkg-oss tarball checksum verification succeeded!"; \ + else \ + echo "pkg-oss tarball checksum verification failed!"; \ + exit 1; \ + fi \ + && tar xzvf ${REVISION}.tar.gz \ + && cd pkg-oss-${REVISION} \ + && cd debian \ + && for target in module-perl; do \ + make rules-$target; \ + mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \ + debuild-$target/nginx-$NGINX_VERSION/debian/control; \ + done \ + && make module-perl \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index e623e414..c5a23953 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -53,24 +53,46 @@ RUN set -x \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for -# let's build binaries from the published source packages - echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ - \ +# let's build binaries from the published packaging sources # new directory for storing sources and .deb files - && tempDir="$(mktemp -d)" \ + tempDir="$(mktemp -d)" \ && chmod 777 "$tempDir" \ # (777 to ensure APT's "_apt" user can access it too) \ # save list of currently-installed packages so build dependencies can be cleanly removed later && savedAptMark="$(apt-mark showmanual)" \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# build .deb files from upstream's packaging sources && apt-get update \ - && apt-get build-dep -y $nginxPackages \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + curl \ + devscripts \ + equivs \ + git \ + libxml2-utils \ + lsb-release \ + xsltproc \ && ( \ cd "$tempDir" \ - && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile $nginxPackages \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION=${REVISION%~*} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${REVISION}.tar.gz" \ + && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ + echo "pkg-oss tarball checksum verification succeeded!"; \ + else \ + echo "pkg-oss tarball checksum verification failed!"; \ + exit 1; \ + fi \ + && tar xzvf ${REVISION}.tar.gz \ + && cd pkg-oss-${REVISION} \ + && cd debian \ + && for target in base module-geoip module-image-filter module-njs module-xslt; do \ + make rules-$target; \ + mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \ + debuild-$target/nginx-$NGINX_VERSION/debian/control; \ + done \ + && make base module-geoip module-image-filter module-njs module-xslt \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ diff --git a/update.sh b/update.sh index 9a7d6b9b..84218c2d 100755 --- a/update.sh +++ b/update.sh @@ -179,23 +179,17 @@ get_buildtarget() { alpine-slim) echo base ;; - alpine-perl) - echo module-perl - ;; - alpine-otel) - echo module-otel - ;; alpine) echo module-geoip module-image-filter module-njs module-xslt ;; debian) - echo "\$nginxPackages" + echo base module-geoip module-image-filter module-njs module-xslt ;; - debian-perl) - echo "nginx-module-perl=\${NGINX_VERSION}-\${DYNPKG_RELEASE}" + *-perl) + echo module-perl ;; - debian-otel) - echo "nginx-module-otel" + *-otel) + echo module-otel ;; esac } From 829c3fbedaad7d3d64b0b56a6c3948ac10e81bb3 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 4 Sep 2024 01:22:39 +0000 Subject: [PATCH 331/377] modules: pkg-oss moved to GitHub. --- modules/Dockerfile | 6 +++--- modules/Dockerfile.alpine | 2 +- modules/README.md | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/Dockerfile b/modules/Dockerfile index e9dea75b..61573c17 100644 --- a/modules/Dockerfile +++ b/modules/Dockerfile @@ -14,11 +14,11 @@ COPY ./ /modules/ RUN apt-get update \ && apt-get install -y --no-install-suggests --no-install-recommends \ - patch make wget mercurial devscripts debhelper dpkg-dev \ + patch make wget git devscripts debhelper dpkg-dev \ quilt lsb-release build-essential libxml2-utils xsltproc \ equivs git g++ libparse-recdescent-perl \ && XSLSCRIPT_SHA512="f7194c5198daeab9b3b0c3aebf006922c7df1d345d454bd8474489ff2eb6b4bf8e2ffe442489a45d1aab80da6ecebe0097759a1e12cc26b5f0613d05b7c09ffa *stdin" \ - && wget -O /tmp/xslscript.pl https://hg.nginx.org/xslscript/raw-file/01dc9ba12e1b/xslscript.pl \ + && wget -O /tmp/xslscript.pl https://raw.githubusercontent.com/nginx/xslscript/9204424259c343ca08a18a78915f40f28025e093/xslscript.pl \ && if [ "$(cat /tmp/xslscript.pl | openssl sha512 -r)" = "$XSLSCRIPT_SHA512" ]; then \ echo "XSLScript checksum verification succeeded!"; \ chmod +x /tmp/xslscript.pl; \ @@ -27,7 +27,7 @@ RUN apt-get update \ echo "XSLScript checksum verification failed!"; \ exit 1; \ fi \ - && hg clone -r ${NGINX_VERSION}-${PKG_RELEASE%%~*} https://hg.nginx.org/pkg-oss/ \ + && git clone -b ${NGINX_VERSION}-${PKG_RELEASE%%~*} https://github.com/nginx/pkg-oss/ \ && cd pkg-oss \ && mkdir /tmp/packages \ && for module in $ENABLED_MODULES; do \ diff --git a/modules/Dockerfile.alpine b/modules/Dockerfile.alpine index f6d39c0d..9b305fff 100644 --- a/modules/Dockerfile.alpine +++ b/modules/Dockerfile.alpine @@ -19,7 +19,7 @@ RUN apk update \ # allow abuild as a root user \ && printf "#!/bin/sh\\nSETFATTR=true /usr/bin/abuild -F \"\$@\"\\n" > /usr/local/bin/abuild \ && chmod +x /usr/local/bin/abuild \ - && hg clone -r ${NGINX_VERSION}-${PKG_RELEASE} https://hg.nginx.org/pkg-oss/ \ + && git clone -b ${NGINX_VERSION}-${PKG_RELEASE} https://github.com/nginx/pkg-oss/ \ && cd pkg-oss \ && mkdir /tmp/packages \ && for module in $ENABLED_MODULES; do \ diff --git a/modules/README.md b/modules/README.md index e1ff4ba7..624b97cc 100644 --- a/modules/README.md +++ b/modules/README.md @@ -3,7 +3,7 @@ It's possible to extend a mainline image with third-party modules either from your own instuctions following a simple filesystem layout/syntax using `build_module.sh` helper script, or falling back to package sources from -[pkg-oss](https://hg.nginx.org/pkg-oss). +[pkg-oss](https://github.com/nginx/pkg-oss). ## Requirements @@ -101,7 +101,7 @@ reproduce with a vanilla image first. ### docker-compose with pre-packaged modules If desired modules are already packaged in -[pkg-oss](https://hg.nginx.org/pkg-oss/) - e.g. `debian/Makefile.module-*` +[pkg-oss](https://github.com/nginx/pkg-oss/) - e.g. `debian/Makefile.module-*` exists for a given module, you can use this example. 1. Create a directory for your project: From d8e917637c776fef865b0740a752980f26162877 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 4 Sep 2024 01:33:55 +0000 Subject: [PATCH 332/377] pkg-oss moved to GitHub. --- Dockerfile-alpine-otel.template | 2 +- Dockerfile-alpine-perl.template | 2 +- Dockerfile-alpine-slim.template | 2 +- Dockerfile-alpine.template | 2 +- Dockerfile-debian-otel.template | 2 +- Dockerfile-debian-perl.template | 2 +- Dockerfile-debian.template | 2 +- mainline/alpine-otel/Dockerfile | 4 ++-- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/debian-otel/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 4 ++-- stable/alpine-otel/Dockerfile | 4 ++-- stable/alpine-perl/Dockerfile | 4 ++-- stable/alpine-slim/Dockerfile | 4 ++-- stable/alpine/Dockerfile | 4 ++-- stable/debian-otel/Dockerfile | 4 ++-- stable/debian-perl/Dockerfile | 4 ++-- stable/debian/Dockerfile | 4 ++-- update.sh | 4 ++-- 22 files changed, 37 insertions(+), 37 deletions(-) diff --git a/Dockerfile-alpine-otel.template b/Dockerfile-alpine-otel.template index f122273e..7b4bc8f6 100644 --- a/Dockerfile-alpine-otel.template +++ b/Dockerfile-alpine-otel.template @@ -39,7 +39,7 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/%%REVISION%%.tar.gz \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/%%REVISION%%.tar.gz \ && PKGOSSCHECKSUM=\"%%PKGOSSCHECKSUM%% *%%REVISION%%.tar.gz\" \ && if [ \"\$(openssl sha512 -r %%REVISION%%.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ diff --git a/Dockerfile-alpine-perl.template b/Dockerfile-alpine-perl.template index 2726d46e..6fc37dea 100644 --- a/Dockerfile-alpine-perl.template +++ b/Dockerfile-alpine-perl.template @@ -34,7 +34,7 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/%%REVISION%%.tar.gz \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/%%REVISION%%.tar.gz \ && PKGOSSCHECKSUM=\"%%PKGOSSCHECKSUM%% *%%REVISION%%.tar.gz\" \ && if [ \"\$(openssl sha512 -r %%REVISION%%.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template index b60e641e..896b9a5c 100644 --- a/Dockerfile-alpine-slim.template +++ b/Dockerfile-alpine-slim.template @@ -52,7 +52,7 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/%%REVISION%%.tar.gz \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/%%REVISION%%.tar.gz \ && PKGOSSCHECKSUM=\"%%PKGOSSCHECKSUM%% *%%REVISION%%.tar.gz\" \ && if [ \"\$(openssl sha512 -r %%REVISION%%.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 437eb7e0..bc77dfd6 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -40,7 +40,7 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/%%REVISION%%.tar.gz \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/%%REVISION%%.tar.gz \ && PKGOSSCHECKSUM=\"%%PKGOSSCHECKSUM%% *%%REVISION%%.tar.gz\" \ && if [ \"\$(openssl sha512 -r %%REVISION%%.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ diff --git a/Dockerfile-debian-otel.template b/Dockerfile-debian-otel.template index 50f09032..709836c1 100644 --- a/Dockerfile-debian-otel.template +++ b/Dockerfile-debian-otel.template @@ -38,7 +38,7 @@ RUN set -x; \ cd "$tempDir" \ && REVISION="%%REVISION%%" \ && REVISION=${REVISION%~*} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ && PKGOSSCHECKSUM="%%PKGOSSCHECKSUM%% *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ diff --git a/Dockerfile-debian-perl.template b/Dockerfile-debian-perl.template index d26452c3..84cf99f6 100644 --- a/Dockerfile-debian-perl.template +++ b/Dockerfile-debian-perl.template @@ -36,7 +36,7 @@ RUN set -x; \ cd "$tempDir" \ && REVISION="%%REVISION%%" \ && REVISION=${REVISION%~*} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ && PKGOSSCHECKSUM="%%PKGOSSCHECKSUM%% *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 9dabd67c..9138f4c9 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -66,7 +66,7 @@ RUN set -x \ cd "$tempDir" \ && REVISION="%%REVISION%%" \ && REVISION=${REVISION%~*} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ && PKGOSSCHECKSUM="%%PKGOSSCHECKSUM%% *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index 320fb074..16113601 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -50,8 +50,8 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index dc7219fd..7c798b88 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -45,8 +45,8 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index a9318094..67b58c11 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -58,8 +58,8 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 1bb5b530..a30b5b38 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -50,8 +50,8 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 1bb07c13..076c4679 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -49,8 +49,8 @@ RUN set -x; \ cd "$tempDir" \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${REVISION}.tar.gz" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 3c6682a8..c1cc3a37 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -47,8 +47,8 @@ RUN set -x; \ cd "$tempDir" \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${REVISION}.tar.gz" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 5cbec01a..e39e378d 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -76,8 +76,8 @@ RUN set -x \ cd "$tempDir" \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${REVISION}.tar.gz" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/alpine-otel/Dockerfile b/stable/alpine-otel/Dockerfile index dbb4501e..c8928e3c 100644 --- a/stable/alpine-otel/Dockerfile +++ b/stable/alpine-otel/Dockerfile @@ -50,8 +50,8 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 077ff3e9..8c4068fe 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -45,8 +45,8 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index d1d3d8a6..ce62fc81 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -58,8 +58,8 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 603b7548..ed53f9a8 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -50,8 +50,8 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/debian-otel/Dockerfile b/stable/debian-otel/Dockerfile index f0c48907..c2ae60e9 100644 --- a/stable/debian-otel/Dockerfile +++ b/stable/debian-otel/Dockerfile @@ -49,8 +49,8 @@ RUN set -x; \ cd "$tempDir" \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${REVISION}.tar.gz" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 394c9822..c14fdd50 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -47,8 +47,8 @@ RUN set -x; \ cd "$tempDir" \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${REVISION}.tar.gz" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index c5a23953..593ca813 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -76,8 +76,8 @@ RUN set -x \ cd "$tempDir" \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${REVISION}.tar.gz" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/update.sh b/update.sh index 84218c2d..ce510b4b 100755 --- a/update.sh +++ b/update.sh @@ -72,8 +72,8 @@ declare -A rev=( # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907' - [stable]='825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a' + [mainline]='e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443' + [stable]='b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764' ) get_packages() { From d3ac5b0b9dd316db5797e13789b5b8c3e8fa9ff6 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 4 Sep 2024 01:35:10 +0000 Subject: [PATCH 333/377] update.sh: minor wording changes to accomodate for latest changes. --- update.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/update.sh b/update.sh index ce510b4b..0773e470 100755 --- a/update.sh +++ b/update.sh @@ -60,8 +60,8 @@ declare -A alpine=( ) # When we bump njs version in a stable release we don't move the tag in the -# mercurial repo. This setting allows us to specify a revision to check out -# when building alpine packages on architectures not supported by nginx.org +# pkg-oss repo. This setting allows us to specify a revision to check out +# when building packages on architectures not supported by nginx.org # Remember to update pkgosschecksum when changing this. declare -A rev=( [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' @@ -70,7 +70,7 @@ declare -A rev=( # Holds SHA512 checksum for the pkg-oss tarball produced by source code # revision/tag in the previous block -# Used in alpine builds for architectures not packaged by nginx.org +# Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( [mainline]='e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443' [stable]='b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764' From 6a4c0cb4ac7e53bbbe473df71b61a5bf9f95252f Mon Sep 17 00:00:00 2001 From: oxpa Date: Wed, 2 Oct 2024 18:47:05 +0100 Subject: [PATCH 334/377] Updated mainline to 1.27.2. --- mainline/alpine-otel/Dockerfile | 4 ++-- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 6 +++--- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-otel/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 8 ++++---- update.sh | 8 ++++---- 8 files changed, 22 insertions(+), 22 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index 16113601..d396fa25 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.1-alpine +FROM nginx:1.27.2-alpine ENV OTEL_VERSION 0.1.0 @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 7c798b88..db4489c7 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.1-alpine +FROM nginx:1.27.2-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -46,7 +46,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 67b58c11..1491b23b 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,9 +7,9 @@ FROM alpine:3.20 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.27.1 +ENV NGINX_VERSION 1.27.2 ENV PKG_RELEASE 1 -ENV DYNPKG_RELEASE 2 +ENV DYNPKG_RELEASE 1 RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index a30b5b38..246edd81 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.1-alpine-slim +FROM nginx:1.27.2-alpine-slim -ENV NJS_VERSION 0.8.5 +ENV NJS_VERSION 0.8.6 ENV NJS_RELEASE 1 RUN set -x \ @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 076c4679..9cc28f63 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.1 +FROM nginx:1.27.2 ENV OTEL_VERSION 0.1.0 @@ -50,7 +50,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index c1cc3a37..ef4bcf3d 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.1 +FROM nginx:1.27.2 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -48,7 +48,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index e39e378d..2e9d964b 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,11 +7,11 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.27.1 -ENV NJS_VERSION 0.8.5 +ENV NGINX_VERSION 1.27.2 +ENV NJS_VERSION 0.8.6 ENV NJS_RELEASE 1~bookworm ENV PKG_RELEASE 1~bookworm -ENV DYNPKG_RELEASE 2~bookworm +ENV DYNPKG_RELEASE 1~bookworm RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -77,7 +77,7 @@ RUN set -x \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/update.sh b/update.sh index 0773e470..02cc9c6d 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.27.1' + [mainline]='1.27.2' [stable]='1.26.2' ) # Current njs versions declare -A njs=( - [mainline]='0.8.5' + [mainline]='0.8.6' [stable]='0.8.5' ) @@ -45,7 +45,7 @@ declare -A pkg=( # Current built-in dynamic modules package patchlevel version # Remember to update pkgosschecksum when changing this declare -A dynpkg=( - [mainline]=2 + [mainline]=1 [stable]=2 ) @@ -72,7 +72,7 @@ declare -A rev=( # revision/tag in the previous block # Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443' + [mainline]='6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c' [stable]='b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764' ) From d21b4f2d90a1abb712a610678872e804267f4815 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 26 Nov 2024 10:14:45 -0800 Subject: [PATCH 335/377] Updated mainline nginx to 1.27.3. While at it, bump njs to 0.8.7. --- mainline/alpine-otel/Dockerfile | 4 ++-- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-otel/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 6 +++--- update.sh | 6 +++--- 8 files changed, 19 insertions(+), 19 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index d396fa25..cace990c 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.2-alpine +FROM nginx:1.27.3-alpine ENV OTEL_VERSION 0.1.0 @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index db4489c7..8526345d 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.2-alpine +FROM nginx:1.27.3-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -46,7 +46,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 1491b23b..11a27aa3 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.20 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.27.2 +ENV NGINX_VERSION 1.27.3 ENV PKG_RELEASE 1 ENV DYNPKG_RELEASE 1 @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 246edd81..f9640564 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.2-alpine-slim +FROM nginx:1.27.3-alpine-slim -ENV NJS_VERSION 0.8.6 +ENV NJS_VERSION 0.8.7 ENV NJS_RELEASE 1 RUN set -x \ @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 9cc28f63..f10a0026 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.2 +FROM nginx:1.27.3 ENV OTEL_VERSION 0.1.0 @@ -50,7 +50,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index ef4bcf3d..25d52460 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.2 +FROM nginx:1.27.3 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -48,7 +48,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 2e9d964b..70155d49 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.27.2 -ENV NJS_VERSION 0.8.6 +ENV NGINX_VERSION 1.27.3 +ENV NJS_VERSION 0.8.7 ENV NJS_RELEASE 1~bookworm ENV PKG_RELEASE 1~bookworm ENV DYNPKG_RELEASE 1~bookworm @@ -77,7 +77,7 @@ RUN set -x \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/update.sh b/update.sh index 02cc9c6d..8eebd74e 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.27.2' + [mainline]='1.27.3' [stable]='1.26.2' ) # Current njs versions declare -A njs=( - [mainline]='0.8.6' + [mainline]='0.8.7' [stable]='0.8.5' ) @@ -72,7 +72,7 @@ declare -A rev=( # revision/tag in the previous block # Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c' + [mainline]='5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960' [stable]='b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764' ) From 9bef259b010ed747bc3352dd2aaad8cdf66d4444 Mon Sep 17 00:00:00 2001 From: Meng Zhuo Date: Thu, 15 Aug 2024 09:51:22 +0800 Subject: [PATCH 336/377] Add riscv64 support --- generate-stackbrew-library.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 3a21d641..bfb45a8a 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -120,7 +120,7 @@ for version in "${versions[@]}"; do echo cat <<-EOE Tags: $(join ', ' "${variantAliases[@]}") - Architectures: arm64v8, arm32v6, arm32v7, ppc64le, s390x, i386, amd64 + Architectures: arm64v8, arm32v6, arm32v7, ppc64le, s390x, i386, amd64, riscv64 GitCommit: $commit Directory: $version/$variant EOE From da92b328a0eef8258ed02bb23689f9bf8409ceca Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 10 Dec 2024 17:58:52 -0800 Subject: [PATCH 337/377] Added a CI job to sync images to AWS ECR Public. --- .github/workflows/sync.yml | 44 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 .github/workflows/sync.yml diff --git a/.github/workflows/sync.yml b/.github/workflows/sync.yml new file mode 100644 index 00000000..99dc9860 --- /dev/null +++ b/.github/workflows/sync.yml @@ -0,0 +1,44 @@ +name: Sync DockerHub with AWS ECR + +on: + workflow_dispatch: + schedule: + - cron: 23 20 * * * + +defaults: + run: + shell: 'bash -Eeuo pipefail -x {0}' + +jobs: + sync-awsecr: + name: Sync Docker Hub to AWS ECR Public + runs-on: ubuntu-24.04 + permissions: + id-token: write + contents: read + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + with: + role-to-assume: ${{ secrets.AWS_ROLE_PUBLIC_ECR }} + aws-region: us-east-1 + + - name: Login to Amazon ECR Public + id: login-ecr-public + uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1 + with: + registry-type: public + + - name: Login to Docker Hub + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Build, tag, and push docker image to Amazon ECR Public + run: | + ./sync-awsecr.sh > sync-real.sh + chmod +x sync-real.sh + ./sync-real.sh From 767c5b46e0e6e27f3af88da2b5d31c84c17dee59 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 16 Dec 2024 13:39:06 -0800 Subject: [PATCH 338/377] CI: bump docker-library/bashbrew to contemporary version --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 30eccf55..37d7a621 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,7 +19,7 @@ jobs: strategy: ${{ steps.generate-jobs.outputs.strategy }} steps: - uses: actions/checkout@v3 - - uses: docker-library/bashbrew@v0.1.8 + - uses: docker-library/bashbrew@v0.1.12 - id: generate-jobs name: Generate Jobs run: | From 135307daa356d74185053a2d9d99c85854d84f34 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 27 Dec 2024 09:25:21 -0800 Subject: [PATCH 339/377] Updated njs to 0.8.8 --- update.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/update.sh b/update.sh index 8eebd74e..bf01741f 100755 --- a/update.sh +++ b/update.sh @@ -18,8 +18,8 @@ declare -A nginx=( # Current njs versions declare -A njs=( - [mainline]='0.8.7' - [stable]='0.8.5' + [mainline]='0.8.8' + [stable]='0.8.8' ) # Current njs patchlevel version @@ -64,16 +64,16 @@ declare -A alpine=( # when building packages on architectures not supported by nginx.org # Remember to update pkgosschecksum when changing this. declare -A rev=( - [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' - [stable]='${NGINX_VERSION}-${PKG_RELEASE}' + [mainline]='0286c5190d972a49bffc9bf247885dd510ce8181' + [stable]='f43e929dc7a6111ef5d9ecb281a75749f7934261' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code # revision/tag in the previous block # Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960' - [stable]='b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764' + [mainline]='1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535' + [stable]='315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6' ) get_packages() { From f227279d7b5c8ae8f99d29ed61f0da4c9ac0a404 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 27 Dec 2024 09:26:59 -0800 Subject: [PATCH 340/377] Updated dockerfiles after the last commit --- mainline/alpine-otel/Dockerfile | 10 +++++----- mainline/alpine-perl/Dockerfile | 10 +++++----- mainline/alpine-slim/Dockerfile | 10 +++++----- mainline/alpine/Dockerfile | 12 ++++++------ mainline/debian-otel/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 6 +++--- stable/alpine-otel/Dockerfile | 10 +++++----- stable/alpine-perl/Dockerfile | 10 +++++----- stable/alpine-slim/Dockerfile | 10 +++++----- stable/alpine/Dockerfile | 12 ++++++------ stable/debian-otel/Dockerfile | 4 ++-- stable/debian-perl/Dockerfile | 4 ++-- stable/debian/Dockerfile | 6 +++--- 14 files changed, 56 insertions(+), 56 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index cace990c..27238791 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -50,16 +50,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ + && PKGOSSCHECKSUM=\"1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ + && cd pkg-oss-0286c5190d972a49bffc9bf247885dd510ce8181 \ && cd alpine \ && make module-otel \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 8526345d..6f02b3cc 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -45,16 +45,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ + && PKGOSSCHECKSUM=\"1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ + && cd pkg-oss-0286c5190d972a49bffc9bf247885dd510ce8181 \ && cd alpine \ && make module-perl \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 11a27aa3..58e01411 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -58,16 +58,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ + && PKGOSSCHECKSUM=\"1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ + && cd pkg-oss-0286c5190d972a49bffc9bf247885dd510ce8181 \ && cd alpine \ && make base \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index f9640564..6c82f99a 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -5,7 +5,7 @@ # FROM nginx:1.27.3-alpine-slim -ENV NJS_VERSION 0.8.7 +ENV NJS_VERSION 0.8.8 ENV NJS_RELEASE 1 RUN set -x \ @@ -50,16 +50,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ + && PKGOSSCHECKSUM=\"1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ + && cd pkg-oss-0286c5190d972a49bffc9bf247885dd510ce8181 \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index f10a0026..30b6c041 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -47,10 +47,10 @@ RUN set -x; \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION="0286c5190d972a49bffc9bf247885dd510ce8181" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 25d52460..d11af157 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -45,10 +45,10 @@ RUN set -x; \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION="0286c5190d972a49bffc9bf247885dd510ce8181" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 70155d49..c25a780d 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.27.3 -ENV NJS_VERSION 0.8.7 +ENV NJS_VERSION 0.8.8 ENV NJS_RELEASE 1~bookworm ENV PKG_RELEASE 1~bookworm ENV DYNPKG_RELEASE 1~bookworm @@ -74,10 +74,10 @@ RUN set -x \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION="0286c5190d972a49bffc9bf247885dd510ce8181" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/alpine-otel/Dockerfile b/stable/alpine-otel/Dockerfile index c8928e3c..ccfa9139 100644 --- a/stable/alpine-otel/Dockerfile +++ b/stable/alpine-otel/Dockerfile @@ -50,16 +50,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ + && PKGOSSCHECKSUM=\"315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz\" \ + && if [ \"\$(openssl sha512 -r f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ + && cd pkg-oss-f43e929dc7a6111ef5d9ecb281a75749f7934261 \ && cd alpine \ && make module-otel \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 8c4068fe..f64de368 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -45,16 +45,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ + && PKGOSSCHECKSUM=\"315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz\" \ + && if [ \"\$(openssl sha512 -r f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ + && cd pkg-oss-f43e929dc7a6111ef5d9ecb281a75749f7934261 \ && cd alpine \ && make module-perl \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index ce62fc81..949cd4c1 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -58,16 +58,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ + && PKGOSSCHECKSUM=\"315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz\" \ + && if [ \"\$(openssl sha512 -r f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ + && cd pkg-oss-f43e929dc7a6111ef5d9ecb281a75749f7934261 \ && cd alpine \ && make base \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index ed53f9a8..9a638a5d 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -5,7 +5,7 @@ # FROM nginx:1.26.2-alpine-slim -ENV NJS_VERSION 0.8.5 +ENV NJS_VERSION 0.8.8 ENV NJS_RELEASE 1 RUN set -x \ @@ -50,16 +50,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ + && PKGOSSCHECKSUM=\"315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz\" \ + && if [ \"\$(openssl sha512 -r f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ + && cd pkg-oss-f43e929dc7a6111ef5d9ecb281a75749f7934261 \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian-otel/Dockerfile b/stable/debian-otel/Dockerfile index c2ae60e9..22565126 100644 --- a/stable/debian-otel/Dockerfile +++ b/stable/debian-otel/Dockerfile @@ -47,10 +47,10 @@ RUN set -x; \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION="f43e929dc7a6111ef5d9ecb281a75749f7934261" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index c14fdd50..a8d61162 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -45,10 +45,10 @@ RUN set -x; \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION="f43e929dc7a6111ef5d9ecb281a75749f7934261" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 593ca813..416d8338 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.26.2 -ENV NJS_VERSION 0.8.5 +ENV NJS_VERSION 0.8.8 ENV NJS_RELEASE 1~bookworm ENV PKG_RELEASE 1~bookworm ENV DYNPKG_RELEASE 2~bookworm @@ -74,10 +74,10 @@ RUN set -x \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION="f43e929dc7a6111ef5d9ecb281a75749f7934261" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ From 150370563fcce53e834194ce154f4035ee52d7bf Mon Sep 17 00:00:00 2001 From: Jesper Noordsij Date: Thu, 5 Dec 2024 14:21:48 +0100 Subject: [PATCH 341/377] Update mainline to Alpine 3.21 --- mainline/alpine-slim/Dockerfile | 2 +- update.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 58e01411..c9a2e62e 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.20 +FROM alpine:3.21 LABEL maintainer="NGINX Docker Maintainers " diff --git a/update.sh b/update.sh index bf01741f..e2563dbf 100755 --- a/update.sh +++ b/update.sh @@ -55,7 +55,7 @@ declare -A debian=( ) declare -A alpine=( - [mainline]='3.20' + [mainline]='3.21' [stable]='3.20' ) From 6b055c471a6619d4c81671e682a6d6affe0cf9c0 Mon Sep 17 00:00:00 2001 From: Wesley Pyburn <10319195+TCNOco@users.noreply.github.com> Date: Sun, 22 Dec 2024 02:01:03 +0200 Subject: [PATCH 342/377] Fix FromAsCasing Docker complains about FROM ${NGINX_FROM_IMAGE} as builder because `'as' and 'FROM' keywords' casing do not match` [info](https://docs.docker.com/reference/build-checks/from-as-casing/). Super simple fix. Absolutely a minor fix, but it's one less warning. --- modules/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Dockerfile b/modules/Dockerfile index 61573c17..2e77a040 100644 --- a/modules/Dockerfile +++ b/modules/Dockerfile @@ -1,5 +1,5 @@ ARG NGINX_FROM_IMAGE=nginx:mainline -FROM ${NGINX_FROM_IMAGE} as builder +FROM ${NGINX_FROM_IMAGE} AS builder ARG ENABLED_MODULES From 36e3b8eb3ae82085348d36857c7086ec0954b68a Mon Sep 17 00:00:00 2001 From: Wesley Pyburn <10319195+TCNOco@users.noreply.github.com> Date: Sun, 22 Dec 2024 02:04:39 +0200 Subject: [PATCH 343/377] Another FromAsCasing fix --- modules/Dockerfile.alpine | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Dockerfile.alpine b/modules/Dockerfile.alpine index 9b305fff..0ea49f5c 100644 --- a/modules/Dockerfile.alpine +++ b/modules/Dockerfile.alpine @@ -1,5 +1,5 @@ ARG NGINX_FROM_IMAGE=nginx:mainline-alpine -FROM ${NGINX_FROM_IMAGE} as builder +FROM ${NGINX_FROM_IMAGE} AS builder ARG ENABLED_MODULES From 86a61eb483d3c7288562d21933db6ad8e0748d17 Mon Sep 17 00:00:00 2001 From: pengcheng Date: Tue, 7 Jan 2025 16:29:41 +0800 Subject: [PATCH 344/377] rm mercurial cause it's replaced by git --- modules/Dockerfile.alpine | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Dockerfile.alpine b/modules/Dockerfile.alpine index 0ea49f5c..2cdb2936 100644 --- a/modules/Dockerfile.alpine +++ b/modules/Dockerfile.alpine @@ -14,7 +14,7 @@ COPY ./ /modules/ RUN apk update \ && apk add linux-headers openssl-dev pcre2-dev zlib-dev openssl abuild \ - musl-dev libxslt libxml2-utils make mercurial gcc unzip git \ + musl-dev libxslt libxml2-utils make gcc unzip git \ xz g++ coreutils curl \ # allow abuild as a root user \ && printf "#!/bin/sh\\nSETFATTR=true /usr/bin/abuild -F \"\$@\"\\n" > /usr/local/bin/abuild \ From a91845d5b0a05066001354a442974530e23a7ef1 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 5 Feb 2025 11:02:08 -0800 Subject: [PATCH 345/377] Updated NGINX to 1.26.3 and 1.27.4. While at it, bump njs and otel that are now shipped with those releases. --- Dockerfile-alpine-otel.template | 4 ++-- update.sh | 20 ++++++++++---------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/Dockerfile-alpine-otel.template b/Dockerfile-alpine-otel.template index 7b4bc8f6..b870b954 100644 --- a/Dockerfile-alpine-otel.template +++ b/Dockerfile-alpine-otel.template @@ -34,8 +34,8 @@ RUN set -x \ findutils \ curl \ xz \ - re2-dev \ - c-ares-dev \ + protobuf-dev \ + grpc-dev \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ diff --git a/update.sh b/update.sh index e2563dbf..8f79de6a 100755 --- a/update.sh +++ b/update.sh @@ -12,14 +12,14 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.27.3' - [stable]='1.26.2' + [mainline]='1.27.4' + [stable]='1.26.3' ) # Current njs versions declare -A njs=( - [mainline]='0.8.8' - [stable]='0.8.8' + [mainline]='0.8.9' + [stable]='0.8.9' ) # Current njs patchlevel version @@ -31,8 +31,8 @@ declare -A njspkg=( # Current otel versions declare -A otel=( - [mainline]='0.1.0' - [stable]='0.1.0' + [mainline]='0.1.1' + [stable]='0.1.1' ) # Current nginx package patchlevel version @@ -64,16 +64,16 @@ declare -A alpine=( # when building packages on architectures not supported by nginx.org # Remember to update pkgosschecksum when changing this. declare -A rev=( - [mainline]='0286c5190d972a49bffc9bf247885dd510ce8181' - [stable]='f43e929dc7a6111ef5d9ecb281a75749f7934261' + [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' + [stable]='${NGINX_VERSION}-${PKG_RELEASE}' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code # revision/tag in the previous block # Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535' - [stable]='315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6' + [mainline]='973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845' + [stable]='3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea' ) get_packages() { From cffeb933620093bc0c08c0b28c3d5cbaec79d729 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 5 Feb 2025 11:02:54 -0800 Subject: [PATCH 346/377] Updated dockerfiles after the last commits. --- mainline/alpine-otel/Dockerfile | 18 +++++++++--------- mainline/alpine-perl/Dockerfile | 12 ++++++------ mainline/alpine-slim/Dockerfile | 12 ++++++------ mainline/alpine/Dockerfile | 14 +++++++------- mainline/debian-otel/Dockerfile | 8 ++++---- mainline/debian-perl/Dockerfile | 6 +++--- mainline/debian/Dockerfile | 8 ++++---- stable/alpine-otel/Dockerfile | 18 +++++++++--------- stable/alpine-perl/Dockerfile | 12 ++++++------ stable/alpine-slim/Dockerfile | 12 ++++++------ stable/alpine/Dockerfile | 14 +++++++------- stable/debian-otel/Dockerfile | 8 ++++---- stable/debian-perl/Dockerfile | 6 +++--- stable/debian/Dockerfile | 8 ++++---- 14 files changed, 78 insertions(+), 78 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index 27238791..b7e897a8 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.3-alpine +FROM nginx:1.27.4-alpine -ENV OTEL_VERSION 0.1.0 +ENV OTEL_VERSION 0.1.1 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -45,21 +45,21 @@ RUN set -x \ findutils \ curl \ xz \ - re2-dev \ - c-ares-dev \ + protobuf-dev \ + grpc-dev \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ - && PKGOSSCHECKSUM=\"1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ - && cd pkg-oss-0286c5190d972a49bffc9bf247885dd510ce8181 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-otel \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 6f02b3cc..16bc601f 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.3-alpine +FROM nginx:1.27.4-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -45,16 +45,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ - && PKGOSSCHECKSUM=\"1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ - && cd pkg-oss-0286c5190d972a49bffc9bf247885dd510ce8181 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-perl \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index c9a2e62e..caab8e19 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.21 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.27.3 +ENV NGINX_VERSION 1.27.4 ENV PKG_RELEASE 1 ENV DYNPKG_RELEASE 1 @@ -58,16 +58,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ - && PKGOSSCHECKSUM=\"1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ - && cd pkg-oss-0286c5190d972a49bffc9bf247885dd510ce8181 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make base \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 6c82f99a..03a8fd94 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.3-alpine-slim +FROM nginx:1.27.4-alpine-slim -ENV NJS_VERSION 0.8.8 +ENV NJS_VERSION 0.8.9 ENV NJS_RELEASE 1 RUN set -x \ @@ -50,16 +50,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ - && PKGOSSCHECKSUM=\"1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ - && cd pkg-oss-0286c5190d972a49bffc9bf247885dd510ce8181 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 30b6c041..7119d905 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.3 +FROM nginx:1.27.4 -ENV OTEL_VERSION 0.1.0 +ENV OTEL_VERSION 0.1.1 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -47,10 +47,10 @@ RUN set -x; \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="0286c5190d972a49bffc9bf247885dd510ce8181" \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index d11af157..662381c6 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.3 +FROM nginx:1.27.4 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -45,10 +45,10 @@ RUN set -x; \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="0286c5190d972a49bffc9bf247885dd510ce8181" \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index c25a780d..d71d7192 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.27.3 -ENV NJS_VERSION 0.8.8 +ENV NGINX_VERSION 1.27.4 +ENV NJS_VERSION 0.8.9 ENV NJS_RELEASE 1~bookworm ENV PKG_RELEASE 1~bookworm ENV DYNPKG_RELEASE 1~bookworm @@ -74,10 +74,10 @@ RUN set -x \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="0286c5190d972a49bffc9bf247885dd510ce8181" \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/alpine-otel/Dockerfile b/stable/alpine-otel/Dockerfile index ccfa9139..cb6cd3bd 100644 --- a/stable/alpine-otel/Dockerfile +++ b/stable/alpine-otel/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.2-alpine +FROM nginx:1.26.3-alpine -ENV OTEL_VERSION 0.1.0 +ENV OTEL_VERSION 0.1.1 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -45,21 +45,21 @@ RUN set -x \ findutils \ curl \ xz \ - re2-dev \ - c-ares-dev \ + protobuf-dev \ + grpc-dev \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ - && PKGOSSCHECKSUM=\"315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz\" \ - && if [ \"\$(openssl sha512 -r f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ - && cd pkg-oss-f43e929dc7a6111ef5d9ecb281a75749f7934261 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-otel \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index f64de368..133c8a6e 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.2-alpine +FROM nginx:1.26.3-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -45,16 +45,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ - && PKGOSSCHECKSUM=\"315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz\" \ - && if [ \"\$(openssl sha512 -r f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ - && cd pkg-oss-f43e929dc7a6111ef5d9ecb281a75749f7934261 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-perl \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 949cd4c1..d125af5f 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.20 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.26.2 +ENV NGINX_VERSION 1.26.3 ENV PKG_RELEASE 1 ENV DYNPKG_RELEASE 2 @@ -58,16 +58,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ - && PKGOSSCHECKSUM=\"315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz\" \ - && if [ \"\$(openssl sha512 -r f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ - && cd pkg-oss-f43e929dc7a6111ef5d9ecb281a75749f7934261 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make base \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 9a638a5d..ec1007e4 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.2-alpine-slim +FROM nginx:1.26.3-alpine-slim -ENV NJS_VERSION 0.8.8 +ENV NJS_VERSION 0.8.9 ENV NJS_RELEASE 1 RUN set -x \ @@ -50,16 +50,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ - && PKGOSSCHECKSUM=\"315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz\" \ - && if [ \"\$(openssl sha512 -r f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ - && cd pkg-oss-f43e929dc7a6111ef5d9ecb281a75749f7934261 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian-otel/Dockerfile b/stable/debian-otel/Dockerfile index 22565126..c39b0ee7 100644 --- a/stable/debian-otel/Dockerfile +++ b/stable/debian-otel/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.2 +FROM nginx:1.26.3 -ENV OTEL_VERSION 0.1.0 +ENV OTEL_VERSION 0.1.1 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -47,10 +47,10 @@ RUN set -x; \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="f43e929dc7a6111ef5d9ecb281a75749f7934261" \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index a8d61162..18ca094e 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.2 +FROM nginx:1.26.3 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -45,10 +45,10 @@ RUN set -x; \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="f43e929dc7a6111ef5d9ecb281a75749f7934261" \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 416d8338..509a1f76 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.26.2 -ENV NJS_VERSION 0.8.8 +ENV NGINX_VERSION 1.26.3 +ENV NJS_VERSION 0.8.9 ENV NJS_RELEASE 1~bookworm ENV PKG_RELEASE 1~bookworm ENV DYNPKG_RELEASE 2~bookworm @@ -74,10 +74,10 @@ RUN set -x \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="f43e929dc7a6111ef5d9ecb281a75749f7934261" \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ From b430becb8f0f6b8d69e68cc73a82ea2873c38639 Mon Sep 17 00:00:00 2001 From: Daniel Edgar Date: Fri, 14 Feb 2025 07:19:46 -0500 Subject: [PATCH 347/377] fix: typo --- modules/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/README.md b/modules/README.md index 624b97cc..cde57ecc 100644 --- a/modules/README.md +++ b/modules/README.md @@ -1,7 +1,7 @@ # Adding third-party modules to nginx official image It's possible to extend a mainline image with third-party modules either from -your own instuctions following a simple filesystem layout/syntax using +your own instructions following a simple filesystem layout/syntax using `build_module.sh` helper script, or falling back to package sources from [pkg-oss](https://github.com/nginx/pkg-oss). From 66df4d84e7217fcb23a28f66598af31d849c04ab Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 18 Mar 2025 10:49:15 -0700 Subject: [PATCH 348/377] Change the org following the repo transfer to nginx namespace. --- .github/pull_request_template.md | 2 +- CONTRIBUTING.md | 10 +++++----- README.md | 10 +++++----- SUPPORT.md | 2 +- generate-stackbrew-library.sh | 6 +++--- modules/README.md | 6 +++--- 6 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index e869fe51..a0811a77 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -5,7 +5,7 @@ Describe the use case and detail of the change. If this PR addresses an issue on ### Checklist Before creating a PR, run through this checklist and mark each as complete: -- [ ] I have read the [`CONTRIBUTING`](https://github.com/nginxinc/docker-nginx/blob/master/CONTRIBUTING.md) document +- [ ] I have read the [`CONTRIBUTING`](https://github.com/nginx/docker-nginx/blob/master/CONTRIBUTING.md) document - [ ] I have run `./update.sh` and ensured all entrypoint/Dockerfile template changes have been applied to the relevant image entrypoint scripts & Dockerfiles - [ ] If applicable, I have added tests that prove my fix is effective or that my feature works - [ ] If applicable, I have checked that any relevant tests pass after adding my changes diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index b4b86358..7d157147 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -10,7 +10,7 @@ The following is a set of guidelines for contributing to the Docker NGINX image. [Code Guidelines](#code-guidelines) -[Code of Conduct](https://github.com/nginxinc/docker-nginx/blob/master/CODE_OF_CONDUCT.md) +[Code of Conduct](https://github.com/nginx/docker-nginx/blob/master/CODE_OF_CONDUCT.md) ## Getting Started @@ -20,18 +20,18 @@ Follow our [how to use this image guide](https://hub.docker.com/_/nginx/) to get ### Report a Bug -To report a bug, open an issue on GitHub with the label `bug` using the available bug report issue template. Please ensure the bug has not already been reported. **If the bug is a potential security vulnerability, please report it using our [security policy](https://github.com/nginxinc/docker-nginx/blob/master/SECURITY.md).** +To report a bug, open an issue on GitHub with the label `bug` using the available bug report issue template. Please ensure the bug has not already been reported. **If the bug is a potential security vulnerability, please report it using our [security policy](https://github.com/nginx/docker-nginx/blob/master/SECURITY.md).** ### Suggest a Feature or Enhancement -To suggest a feature or enhancement, please create an issue on GitHub with the label `enhancement` using the available [feature request template](https://github.com/nginxinc/docker-nginx/blob/master/.github/feature_request_template.md). Please ensure the feature or enhancement has not already been suggested. +To suggest a feature or enhancement, please create an issue on GitHub with the label `enhancement` using the available [feature request template](https://github.com/nginx/docker-nginx/blob/master/.github/feature_request_template.md). Please ensure the feature or enhancement has not already been suggested. ### Open a Pull Request - Fork the repo, create a branch, implement your changes, add any relevant tests, submit a PR when your changes are **tested** and ready for review. -- Fill in [our pull request template](https://github.com/nginxinc/docker-nginx/blob/master/.github/pull_request_template.md). +- Fill in [our pull request template](https://github.com/nginx/docker-nginx/blob/master/.github/pull_request_template.md). -Note: if you'd like to implement a new feature, please consider creating a [feature request issue](https://github.com/nginxinc/docker-nginx/blob/master/.github/feature_request_template.md) first to start a discussion about the feature. +Note: if you'd like to implement a new feature, please consider creating a [feature request issue](https://github.com/nginx/docker-nginx/blob/master/.github/feature_request_template.md) first to start a discussion about the feature. ## Code Guidelines diff --git a/README.md b/README.md index 24d8e79c..ec659fa0 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,9 @@ [![Project Status: Active – The project has reached a stable, usable state and is being actively developed.](https://www.repostatus.org/badges/latest/active.svg)](https://www.repostatus.org/#active) -[![Community Support](https://badgen.net/badge/support/community/cyan?icon=awesome)](https://github.com/nginxinc/docker-nginx/blob/master/SUPPORT.md) +[![Community Support](https://badgen.net/badge/support/community/cyan?icon=awesome)](https://github.com/nginx/docker-nginx/blob/master/SUPPORT.md) # About this Repo -## Maintained by: [the NGINX Docker Maintainers](https://github.com/nginxinc/docker-nginx) +## Maintained by: [the NGINX Docker Maintainers](https://github.com/nginx/docker-nginx) This is the Git repo of the [Docker "Official Image"](https://github.com/docker-library/official-images#what-are-official-images) for [`nginx`](https://hub.docker.com/_/nginx/). See [the Docker Hub page](https://hub.docker.com/_/nginx/) for the full readme on how to use this Docker image and for information regarding contributing and issues. @@ -19,17 +19,17 @@ For outstanding `nginx` image PRs, check [PRs with the "library/nginx" label on ## Contributing -Please see the [contributing guide](https://github.com/nginxinc/docker-nginx/blob/master/CONTRIBUTING.md) for guidelines on how to best contribute to this project. +Please see the [contributing guide](https://github.com/nginx/docker-nginx/blob/master/CONTRIBUTING.md) for guidelines on how to best contribute to this project. ## License -[BSD 2-Clause](https://github.com/nginxinc/docker-nginx/blob/master/LICENSE) +[BSD 2-Clause](https://github.com/nginx/docker-nginx/blob/master/LICENSE) © [F5, Inc.](https://www.f5.com/) 2023 --- -- [![build status badge](https://img.shields.io/github/actions/workflow/status/nginxinc/docker-nginx/ci.yml?branch=master&label=GitHub%20CI)](https://github.com/nginxinc/docker-nginx/actions?query=workflow%3A%22GitHub+CI%22+branch%3Amaster) +- [![build status badge](https://img.shields.io/github/actions/workflow/status/nginx/docker-nginx/ci.yml?branch=master&label=GitHub%20CI)](https://github.com/nginx/docker-nginx/actions?query=workflow%3A%22GitHub+CI%22+branch%3Amaster) | Build | Status | Badges | (per-arch) | |:-:|:-:|:-:|:-:| diff --git a/SUPPORT.md b/SUPPORT.md index 2a6b505d..7813793d 100644 --- a/SUPPORT.md +++ b/SUPPORT.md @@ -30,7 +30,7 @@ Want to get in touch with the NGINX development team directly? Try using the rel ## Contributing -Please see the [contributing guide](https://github.com/nginxinc/docker-nginx/blob/master/CONTRIBUTING.md) for guidelines on how to best contribute to this project. +Please see the [contributing guide](https://github.com/nginx/docker-nginx/blob/master/CONTRIBUTING.md) for guidelines on how to best contribute to this project. ## Commercial Support diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index bfb45a8a..5f1025dd 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -36,10 +36,10 @@ dirCommit() { } cat <<-EOH -# this file is generated via https://github.com/nginxinc/docker-nginx/blob/$(fileCommit "$self")/$self +# this file is generated via https://github.com/nginx/docker-nginx/blob/$(fileCommit "$self")/$self -Maintainers: NGINX Docker Maintainers (@nginxinc) -GitRepo: https://github.com/nginxinc/docker-nginx.git +Maintainers: NGINX Docker Maintainers (@nginx) +GitRepo: https://github.com/nginx/docker-nginx.git EOH # prints "$2$1$3$1...$N" diff --git a/modules/README.md b/modules/README.md index cde57ecc..0704a05b 100644 --- a/modules/README.md +++ b/modules/README.md @@ -14,7 +14,7 @@ enabled by setting the environment variable `DOCKER_BUILDKIT` to `1`. If you can not or do not want to use BuildKit, you can use a previous version of these files, see for example -https://github.com/nginxinc/docker-nginx/tree/4bf0763f4977fff7e9648add59e0540088f3ca9f/modules. +https://github.com/nginx/docker-nginx/tree/4bf0763f4977fff7e9648add59e0540088f3ca9f/modules. ## Usage @@ -115,7 +115,7 @@ cd myapp ``` mkdir my-nginx -curl -o my-nginx/Dockerfile https://raw.githubusercontent.com/nginxinc/docker-nginx/master/modules/Dockerfile +curl -o my-nginx/Dockerfile https://raw.githubusercontent.com/nginx/docker-nginx/master/modules/Dockerfile ``` 3. Create a `docker-compose.yml` file: @@ -157,7 +157,7 @@ cd myapp-cache ``` mkdir my-nginx -curl -o my-nginx/Dockerfile https://raw.githubusercontent.com/nginxinc/docker-nginx/master/modules/Dockerfile +curl -o my-nginx/Dockerfile https://raw.githubusercontent.com/nginx/docker-nginx/master/modules/Dockerfile mkdir my-nginx/cachepurge echo "https://github.com/FRiCKLE/ngx_cache_purge/archive/2.3.tar.gz" > my-nginx/cachepurge/source ``` From b2ba208bfb9f4c1e4ac1612c00eb71bc0e489fc4 Mon Sep 17 00:00:00 2001 From: Gnought <1684105+gnought@users.noreply.github.com> Date: Thu, 20 Mar 2025 02:10:30 +0800 Subject: [PATCH 349/377] chore: bump echo-nginx-module from 0.62 to 0.63 --- modules/echo/source | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/echo/source b/modules/echo/source index 3a6ad274..78cb376e 100644 --- a/modules/echo/source +++ b/modules/echo/source @@ -1 +1 @@ -https://github.com/openresty/echo-nginx-module/archive/v0.62.tar.gz +https://github.com/openresty/echo-nginx-module/archive/v0.63.tar.gz From ddfb6ba94c63bd68767c1c8c03829a8776e30559 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Tue, 18 Mar 2025 22:45:02 +0100 Subject: [PATCH 350/377] feat: Add F5 CLA workflow --- .github/workflows/f5_cla.yml | 42 ++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 .github/workflows/f5_cla.yml diff --git a/.github/workflows/f5_cla.yml b/.github/workflows/f5_cla.yml new file mode 100644 index 00000000..58e81171 --- /dev/null +++ b/.github/workflows/f5_cla.yml @@ -0,0 +1,42 @@ +--- +name: F5 CLA +on: + issue_comment: + types: [created] + pull_request_target: + types: [opened, closed, synchronize] +permissions: read-all +jobs: + f5-cla: + name: F5 CLA + runs-on: ubuntu-24.04 + permissions: + actions: write + pull-requests: write + statuses: write + steps: + - name: Run F5 Contributor License Agreement (CLA) assistant + if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have hereby read the F5 CLA and agree to its terms') || github.event_name == 'pull_request_target' + uses: contributor-assistant/github-action@ca4a40a7d1004f18d9960b404b97e5f30a505a08 # v2.6.1 + with: + # Any pull request targeting the following branch will trigger a CLA check. + # NOTE: You might need to edit this value to 'main'. + branch: master + # Path to the CLA document. + path-to-document: https://github.com/f5/f5-cla/blob/main/docs/f5_cla.md + # Custom CLA messages. + custom-notsigned-prcomment: '🎉 Thank you for your contribution! It appears you have not yet signed the [F5 Contributor License Agreement (CLA)](https://github.com/f5/f5-cla/blob/main/docs/f5_cla.md), which is required for your changes to be incorporated into an F5 Open Source Software (OSS) project. Please kindly read the [F5 CLA](https://github.com/f5/f5-cla/blob/main/docs/f5_cla.md) and reply on a new comment with the following text to agree:' + custom-pr-sign-comment: 'I have hereby read the F5 CLA and agree to its terms' + custom-allsigned-prcomment: '✅ All required contributors have signed the F5 CLA for this PR. Thank you!' + # Remote repository storing CLA signatures. + remote-organization-name: f5 + remote-repository-name: f5-cla-data + path-to-signatures: signatures/signatures.json + # Comma separated list of usernames for maintainers or any other individuals who should not be prompted for a CLA. + # NOTE: You will want to edit the usernames to suit your project needs. + allowlist: bot* + # Do not lock PRs after a merge. + lock-pullrequest-aftermerge: false + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + PERSONAL_ACCESS_TOKEN: ${{ secrets.F5_CLA_TOKEN }} From 4527783ec600ac482bc0b9a5ce29ec5c63c3e0a2 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Tue, 18 Mar 2025 22:44:30 +0100 Subject: [PATCH 351/377] docs: Update community files --- .github/CODEOWNERS | 6 ++ .github/ISSUE_TEMPLATE/bug_report.md | 33 ------- .github/ISSUE_TEMPLATE/bug_report.yml | 62 ++++++++++++ .github/ISSUE_TEMPLATE/config.yml | 12 +++ .github/ISSUE_TEMPLATE/feature_request.md | 23 ----- .github/ISSUE_TEMPLATE/feature_request.yml | 41 ++++++++ .github/pull_request_template.md | 8 +- CODE_OF_CONDUCT.md | 104 +++++++++++---------- CONTRIBUTING.md | 29 +++--- README.md | 9 +- SECURITY.md | 8 +- SUPPORT.md | 22 ++--- 12 files changed, 217 insertions(+), 140 deletions(-) create mode 100644 .github/CODEOWNERS delete mode 100644 .github/ISSUE_TEMPLATE/bug_report.md create mode 100644 .github/ISSUE_TEMPLATE/bug_report.yml create mode 100644 .github/ISSUE_TEMPLATE/config.yml delete mode 100644 .github/ISSUE_TEMPLATE/feature_request.md create mode 100644 .github/ISSUE_TEMPLATE/feature_request.yml diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 00000000..26eed7d8 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,6 @@ +##################### +# Main global owner # +##################### + +* @thresheek + diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md deleted file mode 100644 index 6c7471a3..00000000 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ /dev/null @@ -1,33 +0,0 @@ ---- -name: Bug report -about: Create a report to help us improve -title: "" -labels: "" -assignees: "" ---- - -### Describe the bug - -A clear and concise description of what the bug is. - -### To reproduce - -Steps to reproduce the behavior: - -1. Deploy the NGINX Docker image using ... -2. View output/logs/configuration on ... -3. See error - -### Expected behavior - -A clear and concise description of what you expected to happen. - -### Your environment - -- Version/release of Docker and method of installation (e.g. Docker Desktop / Docker Server) -- Version/tag of the NGINX Docker image (e.g. `nginx:alpine`) -- Target deployment platform (e.g. OpenShift / Kubernetes / Docker Compose / etc...) - -### Additional context - -Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml new file mode 100644 index 00000000..aa0fb9e1 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -0,0 +1,62 @@ +--- +name: 🐛 Bug report +description: Create a report to help us improve +labels: bug +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to fill out this bug report! + + Before you continue filling out this report, please take a moment to check that your bug has not been [already reported on GitHub][issue search] 🙌 + + Remember to redact any sensitive information such as authentication credentials and/or license keys! + + [issue search]: ../search?q=is%3Aissue&type=issues + + - type: textarea + id: overview + attributes: + label: Bug Overview + description: A clear and concise overview of the bug. + placeholder: When I do "X" with the NGINX Docker image, "Y" happens instead of "Z". + validations: + required: true + + - type: textarea + id: behavior + attributes: + label: Expected Behavior + description: A clear and concise description of what you expected to happen. + placeholder: When I do "X" with the NGINX Docker image, I expect "Z" to happen. + validations: + required: true + + - type: textarea + id: steps + attributes: + label: Steps to Reproduce the Bug + description: Detail the series of steps required to reproduce the bug. + placeholder: When I run the Docker NGINX image using [...], the image fails with an error message. If I check the terminal outputs and/or logs, I see the following error info. + validations: + required: true + + - type: textarea + id: environment + attributes: + label: Environment Details + description: Please provide details about your environment. + value: | + - Version/release of Docker and method of installation (e.g. Docker Desktop / Docker Server) + - Version of the Docker NGINX image or specific commit: [e.g. 1.4.3/commit hash] + - Target deployment platform: [e.g. OpenShift/Kubernetes/Docker Compose/local cluster/etc...] + - Target OS: [e.g. RHEL 9/Ubuntu 24.04/etc...] + validations: + required: true + + - type: textarea + id: context + attributes: + label: Additional Context + description: Add any other context about the problem here. + placeholder: Feel free to add any other context/information/screenshots/etc... that you think might be relevant to this issue in here. diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 00000000..3f7850f7 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,12 @@ +--- +blank_issues_enabled: false +contact_links: + - name: 💬 Talk to the NGINX community! + url: https://community.nginx.org + about: A community forum for NGINX users, developers, and contributors + - name: 📝 Code of Conduct + url: https://www.contributor-covenant.org/version/2/1/code_of_conduct + about: NGINX follows the Contributor Covenant Code of Conduct to ensure a safe and inclusive community + - name: 💼 For commercial & enterprise users + url: https://www.f5.com/products/nginx + about: F5 offers a wide range of NGINX products for commercial & enterprise users diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md deleted file mode 100644 index e2242abb..00000000 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ /dev/null @@ -1,23 +0,0 @@ ---- -name: Feature request -about: Suggest an idea for this project -title: "" -labels: "" -assignees: "" ---- - -### Is your feature request related to a problem? Please describe - -A clear and concise description of what the problem is. Ex. I'm always frustrated when ... - -### Describe the solution you'd like - -A clear and concise description of what you want to happen. - -### Describe alternatives you've considered - -A clear and concise description of any alternative solutions or features you've considered. - -### Additional context - -Add any other context or screenshots about the feature request here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml new file mode 100644 index 00000000..ee20eec9 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.yml @@ -0,0 +1,41 @@ +--- +name: ✨ Feature request +description: Suggest an idea for this project +labels: enhancement +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to fill out this feature request! + + Before you continue filling out this request, please take a moment to check that your feature has not been [already requested on GitHub][issue search] 🙌 + + **Note:** If you are seeking community support or have a question, please consider starting a new thread via [GitHub discussions][discussions] or the [NGINX Community forum][forum]. + + [issue search]: ../search?q=is%3Aissue&type=issues + + [discussions]: ../discussions + [forum]: https://community.nginx.org + + - type: textarea + id: overview + attributes: + label: Feature Overview + description: A clear and concise description of what the feature request is. + placeholder: I would like the Docker NGINX image to be able to do "X". + validations: + required: true + + - type: textarea + id: alternatives + attributes: + label: Alternatives Considered + description: Detail any potential alternative solutions/workarounds you've used or considered. + placeholder: I have done/might be able to do "X" in the Docker NGINX image by doing "Y". + + - type: textarea + id: context + attributes: + label: Additional Context + description: Add any other context about the problem here. + placeholder: Feel free to add any other context/information/screenshots/etc... that you think might be relevant to this feature request here. diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index a0811a77..0dc5899c 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,12 +1,14 @@ ### Proposed changes -Describe the use case and detail of the change. If this PR addresses an issue on GitHub, make sure to include a link to that issue using one of the [supported keywords](https://docs.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue) here in this description (not in the title of the PR). +Describe the use case and detail of the change. If this PR addresses an issue on GitHub, make sure to include a link to that issue using one of the [supported keywords](https://docs.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue) in this PR's description or commit message. ### Checklist Before creating a PR, run through this checklist and mark each as complete: -- [ ] I have read the [`CONTRIBUTING`](https://github.com/nginx/docker-nginx/blob/master/CONTRIBUTING.md) document + +- [ ] I have read the [contributing guidelines](/CONTRIBUTING.md) +- [ ] I have signed the [F5 Contributor License Agreement (CLA)](https://github.com/f5/f5-cla/blob/main/docs/f5_cla.md) - [ ] I have run `./update.sh` and ensured all entrypoint/Dockerfile template changes have been applied to the relevant image entrypoint scripts & Dockerfiles - [ ] If applicable, I have added tests that prove my fix is effective or that my feature works - [ ] If applicable, I have checked that any relevant tests pass after adding my changes -- [ ] I have updated any relevant documentation +- [ ] I have updated any relevant documentation ([`README.md`](/README.md) and/or [`modules/README.md`](/modules/README.md)) diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index 78354a27..e18d3706 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -2,73 +2,77 @@ ## Our Pledge -In the interest of fostering an open and welcoming environment, we as -contributors and maintainers pledge to making participation in our project and -our community a harassment-free experience for everyone, regardless of age, body -size, disability, ethnicity, sex characteristics, gender identity and expression, -level of experience, education, socio-economic status, nationality, personal -appearance, race, religion, or sexual identity and orientation. +We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community. ## Our Standards -Examples of behavior that contributes to creating a positive environment -include: +Examples of behavior that contributes to a positive environment for our community include: -- Using welcoming and inclusive language -- Being respectful of differing viewpoints and experiences -- Gracefully accepting constructive criticism -- Focusing on what is best for the community -- Showing empathy towards other community members +- Demonstrating empathy and kindness toward other people. +- Being respectful of differing opinions, viewpoints, and experiences. +- Giving and gracefully accepting constructive feedback. +- Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience. +- Focusing on what is best not just for us as individuals, but for the overall community. -Examples of unacceptable behavior by participants include: +Examples of unacceptable behavior include: -- The use of sexualized language or imagery and unwelcome sexual attention or - advances -- Trolling, insulting/derogatory comments, and personal or political attacks -- Public or private harassment -- Publishing others' private information, such as a physical or electronic - address, without explicit permission -- Other conduct which could reasonably be considered inappropriate in a - professional setting +- The use of sexualized language or imagery, and sexual attention or advances of any kind. +- Trolling, insulting or derogatory comments, and personal or political attacks. +- Public or private harassment. +- Publishing others' private information, such as a physical or email address, without their explicit permission. +- Other conduct which could reasonably be considered inappropriate in a professional setting. -## Our Responsibilities +## Enforcement Responsibilities -Project maintainers are responsible for clarifying the standards of acceptable -behavior and are expected to take appropriate and fair corrective action in -response to any instances of unacceptable behavior. +Community leaders are responsible for clarifying and enforcing our standards of acceptable behavior and will take appropriate and fair corrective action in response to any behavior that they deem inappropriate, threatening, offensive, or harmful. -Project maintainers have the right and responsibility to remove, edit, or -reject comments, commits, code, wiki edits, issues, and other contributions -that are not aligned to this Code of Conduct, or to ban temporarily or -permanently any contributor for other behaviors that they deem inappropriate, -threatening, offensive, or harmful. +Community leaders have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, and will communicate reasons for moderation decisions when appropriate. ## Scope -This Code of Conduct applies both within project spaces and in public spaces -when an individual is representing the project or its community. Examples of -representing a project or community include using an official project e-mail -address, posting via an official social media account, or acting as an appointed -representative at an online or offline event. Representation of a project may be -further defined and clarified by project maintainers. +This Code of Conduct applies within all community spaces, and also applies when an individual is officially representing the community in public spaces. Examples of representing our community include using an official email address, posting via an official social media account, or acting as an appointed representative at an online or offline event. ## Enforcement -Instances of abusive, harassing, or otherwise unacceptable behavior may be -reported by contacting the moderation team at . All -complaints will be reviewed and investigated and will result in a response that -is deemed necessary and appropriate to the circumstances. The project team is -obligated to maintain confidentiality with regard to the reporter of an incident. -Further details of specific enforcement policies may be posted separately. +Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the community leaders responsible for enforcement at . All complaints will be reviewed and investigated promptly and fairly. + +All community leaders are obligated to respect the privacy and security of the reporter of any incident. + +## Enforcement Guidelines + +Community leaders will follow these Community Impact Guidelines in determining the consequences for any action they deem in violation of this Code of Conduct: + +### 1. Correction + +**Community Impact**: Use of inappropriate language or other behavior deemed unprofessional or unwelcome in the community. + +**Consequence**: A private, written warning from community leaders, providing clarity around the nature of the violation and an explanation of why the behavior was inappropriate. A public apology may be requested. + +### 2. Warning -Project maintainers who do not follow or enforce the Code of Conduct in good -faith may face temporary or permanent repercussions as determined by other -members of the project's leadership. +**Community Impact**: A violation through a single incident or series of actions. + +**Consequence**: A warning with consequences for continued behavior. No interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, for a specified period of time. This includes avoiding interactions in community spaces as well as external channels like social media. Violating these terms may lead to a temporary or permanent ban. + +### 3. Temporary Ban + +**Community Impact**: A serious violation of community standards, including sustained inappropriate behavior. + +**Consequence**: A temporary ban from any sort of interaction or public communication with the community for a specified period of time. No public or private interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, is allowed during this period. Violating these terms may lead to a permanent ban. + +### 4. Permanent Ban + +**Community Impact**: Demonstrating a pattern of violation of community standards, including sustained inappropriate behavior, harassment of an individual, or aggression toward or disparagement of classes of individuals. + +**Consequence**: A permanent ban from any sort of public interaction within the community. ## Attribution -This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org), version 1.4, -available at +This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org), version 2.1, available at . + +Community Impact Guidelines were inspired by +[Mozilla's code of conduct enforcement ladder](https://github.com/mozilla/inclusion). -For answers to common questions about this code of conduct, see - +For answers to common questions about this code of conduct, see the FAQ at . Translations are available at . diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 7d157147..ebdcace7 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -4,13 +4,10 @@ The following is a set of guidelines for contributing to the Docker NGINX image. #### Table Of Contents -[Getting Started](#getting-started) - -[Contributing](#contributing) - -[Code Guidelines](#code-guidelines) - -[Code of Conduct](https://github.com/nginx/docker-nginx/blob/master/CODE_OF_CONDUCT.md) +- [Getting Started](#getting-started) +- [Contributing](#contributing) +- [Code Guidelines](#code-guidelines) +- [Code of Conduct](/CODE_OF_CONDUCT.md) ## Getting Started @@ -20,18 +17,24 @@ Follow our [how to use this image guide](https://hub.docker.com/_/nginx/) to get ### Report a Bug -To report a bug, open an issue on GitHub with the label `bug` using the available bug report issue template. Please ensure the bug has not already been reported. **If the bug is a potential security vulnerability, please report it using our [security policy](https://github.com/nginx/docker-nginx/blob/master/SECURITY.md).** +To report a bug, open an issue on GitHub with the label `bug` using the available [bug report issue form](/.github/ISSUE_TEMPLATE/bug_report.yml). Please ensure the bug has not already been reported. **If the bug is a potential security vulnerability, please report it using our [security policy](/SECURITY.md).** ### Suggest a Feature or Enhancement -To suggest a feature or enhancement, please create an issue on GitHub with the label `enhancement` using the available [feature request template](https://github.com/nginx/docker-nginx/blob/master/.github/feature_request_template.md). Please ensure the feature or enhancement has not already been suggested. +To suggest a feature or enhancement, please create an issue on GitHub with the label `enhancement` using the available [feature request issue form](/.github/ISSUE_TEMPLATE/feature_request.yml). Please ensure the feature or enhancement has not already been suggested. + +### Open a Pull Request (PR) + +- Fork the repo, create a branch, implement your changes, add any relevant tests, and submit a PR when your changes are **tested** and ready for review. +- Fill in the [PR template](/.github/pull_request_template.md). + +**Note:** If you'd like to implement a new feature, please consider creating a [feature request issue](/.github/ISSUE_TEMPLATE/feature_request.yml) first to start a discussion about the feature. -### Open a Pull Request +#### F5 Contributor License Agreement (CLA) -- Fork the repo, create a branch, implement your changes, add any relevant tests, submit a PR when your changes are **tested** and ready for review. -- Fill in [our pull request template](https://github.com/nginx/docker-nginx/blob/master/.github/pull_request_template.md). +F5 requires all contributors to agree to the terms of the F5 CLA (available [here](https://github.com/f5/f5-cla/.github/blob/main/docs/f5_cla.md)) before any of their changes can be incorporated into an F5 Open Source repository (even contributions to the F5 CLA itself!). -Note: if you'd like to implement a new feature, please consider creating a [feature request issue](https://github.com/nginx/docker-nginx/blob/master/.github/feature_request_template.md) first to start a discussion about the feature. +If you have not yet agreed to the F5 CLA terms and submit a PR to this repository, a bot will prompt you to view and agree to the F5 CLA. You will have to agree to the F5 CLA terms through a comment in the PR before any of your changes can be merged. Your agreement signature will be safely stored by F5 and no longer be required in future PRs. ## Code Guidelines diff --git a/README.md b/README.md index ec659fa0..d23812ad 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,8 @@ [![Project Status: Active – The project has reached a stable, usable state and is being actively developed.](https://www.repostatus.org/badges/latest/active.svg)](https://www.repostatus.org/#active) [![Community Support](https://badgen.net/badge/support/community/cyan?icon=awesome)](https://github.com/nginx/docker-nginx/blob/master/SUPPORT.md) +[![Community Forum](https://img.shields.io/badge/community-forum-009639?logo=discourse&link=https%3A%2F%2Fcommunity.nginx.org)](https://community.nginx.org) +[![License](https://img.shields.io/badge/License-BSD_2--Clause-blue.svg)](https://opensource.org/license/bsd-2-clause) +[![Contributor Covenant](https://img.shields.io/badge/Contributor%20Covenant-2.1-4baaaa.svg)](/CODE_OF_CONDUCT.md) # About this Repo @@ -19,13 +22,13 @@ For outstanding `nginx` image PRs, check [PRs with the "library/nginx" label on ## Contributing -Please see the [contributing guide](https://github.com/nginx/docker-nginx/blob/master/CONTRIBUTING.md) for guidelines on how to best contribute to this project. +Please see the [contributing guide](/CONTRIBUTING.md) for guidelines on how to best contribute to this project. ## License -[BSD 2-Clause](https://github.com/nginx/docker-nginx/blob/master/LICENSE) +[BSD 2-Clause](/LICENSE) -© [F5, Inc.](https://www.f5.com/) 2023 +© [F5, Inc.](https://www.f5.com/) 2014-2025 --- diff --git a/SECURITY.md b/SECURITY.md index 47a42e26..bf09fe02 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -6,9 +6,9 @@ We advise users to run or update to the most recent release of the NGINX Docker ## Reporting a Vulnerability -The F5 Security Incident Response Team (F5 SIRT) has an email alias that makes it easy to report potential security vulnerabilities. +The F5 Security Incident Response Team (F5 SIRT) offers two methods to easily report potential security vulnerabilities: -- If you’re an F5 customer with an active support contract, please contact [F5 Technical Support](https://www.f5.com/services/support). -- If you aren’t an F5 customer, please report any potential or current instances of security vulnerabilities with any F5 product to the F5 Security Incident Response Team at . +- If you’re an F5 customer with an active support contract, please contact [F5 Technical Support](https://www.f5.com/support). +- If you aren’t an F5 customer, please report any potential or current instances of security vulnerabilities in any F5 product to the F5 Security Incident Response Team at . -For more information visit [https://www.f5.com/services/support/report-a-vulnerability](https://www.f5.com/services/support/report-a-vulnerability) +For more information, please read the F5 SIRT vulnerability reporting guidelines available at [https://www.f5.com/support/report-a-vulnerability](https://www.f5.com/support/report-a-vulnerability). diff --git a/SUPPORT.md b/SUPPORT.md index 7813793d..5e943408 100644 --- a/SUPPORT.md +++ b/SUPPORT.md @@ -2,27 +2,23 @@ ## Ask a Question -We use GitHub for tracking bugs and feature requests related to all the Docker NGINX images (including all variants and container registries). +We use GitHub for tracking bugs and feature requests related to this project. -Don't know how something in this project works? Curious if this project can achieve your desired functionality? Please open an issue on GitHub with the label `question`. +Don't know how something in this project works? Curious if this project can achieve your desired functionality? Please open an issue on GitHub with the label `question`. Alternatively, start a GitHub discussion! ## NGINX Specific Questions and/or Issues This isn't the right place to get support for NGINX specific questions, but the following resources are available below. Thanks for your understanding! -### Community Slack +### Community Forum -We have a community [Slack](https://nginxcommunity.slack.com/)! - -If you are not a member, click [here](https://community.nginx.org/joinslack) to sign up (and let us know if the link does not seem to be working!) - -Once you join, check out the `#beginner-questions` and `nginx-users` channels :) +We have a community [forum](https://community.nginx.org/)! If you have any questions and/or issues, try checking out the [`Troubleshooting`](https://community.nginx.org/c/troubleshooting/8) and [`How do I...?`](https://community.nginx.org/c/how-do-i/9) categories. Both fellow community members and NGINXers might be able to help you! :) ### Documentation For a comprehensive list of all NGINX directives, check out . -For a comprehensive list of admin and deployment guides for all NGINX products, check out . +For a comprehensive list of administration and deployment guides for all NGINX products, check out . ### Mailing List @@ -30,8 +26,12 @@ Want to get in touch with the NGINX development team directly? Try using the rel ## Contributing -Please see the [contributing guide](https://github.com/nginx/docker-nginx/blob/master/CONTRIBUTING.md) for guidelines on how to best contribute to this project. +Please see the [contributing guide](/CONTRIBUTING.md) for guidelines on how to best contribute to this project. ## Commercial Support -Commercial support for this project may be available. Please get in touch with [NGINX sales](https://www.nginx.com/contact-sales/) or check your contract details for more info! +Commercial support for this project may be available. Please get in touch with [NGINX sales](https://www.f5.com/products/get-f5/) or check your contract details for more information! + +## Community Support + +Community support is offered on a best effort basis through either GitHub issues/PRs/discussions or through any of our active communities. From efbe7fee6fb30be225e7ff7bc531740d08a36e3e Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Thu, 20 Mar 2025 22:59:03 +0100 Subject: [PATCH 352/377] docs: Use syseng team for codeowners --- .github/CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 26eed7d8..d8b19f81 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -2,5 +2,5 @@ # Main global owner # ##################### -* @thresheek +* @nginx/syseng From d797950017665ebf75d77ace030deb2a021702d8 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Mon, 24 Mar 2025 20:36:14 +0100 Subject: [PATCH 353/377] fix: Target correct branch within CLA workflow --- .github/workflows/f5_cla.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/f5_cla.yml b/.github/workflows/f5_cla.yml index 58e81171..43e473ea 100644 --- a/.github/workflows/f5_cla.yml +++ b/.github/workflows/f5_cla.yml @@ -19,9 +19,6 @@ jobs: if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have hereby read the F5 CLA and agree to its terms') || github.event_name == 'pull_request_target' uses: contributor-assistant/github-action@ca4a40a7d1004f18d9960b404b97e5f30a505a08 # v2.6.1 with: - # Any pull request targeting the following branch will trigger a CLA check. - # NOTE: You might need to edit this value to 'main'. - branch: master # Path to the CLA document. path-to-document: https://github.com/f5/f5-cla/blob/main/docs/f5_cla.md # Custom CLA messages. @@ -31,6 +28,8 @@ jobs: # Remote repository storing CLA signatures. remote-organization-name: f5 remote-repository-name: f5-cla-data + # Branch where CLA signatures are stored. + branch: main path-to-signatures: signatures/signatures.json # Comma separated list of usernames for maintainers or any other individuals who should not be prompted for a CLA. # NOTE: You will want to edit the usernames to suit your project needs. From 0aa20e60342a306bf1eb1449a1ae247a0cdfa91a Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 21 Mar 2025 15:12:19 -0700 Subject: [PATCH 354/377] modules/README.md: updated the current list of modules. --- modules/README.md | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/modules/README.md b/modules/README.md index 0704a05b..93620e45 100644 --- a/modules/README.md +++ b/modules/README.md @@ -43,25 +43,24 @@ are available from `pkg-oss` repository: ``` /pkg-oss $ LC_ALL=C make -C debian list-all-modules -auth-spnego 1.1.1-1 +auth-spnego 1.1.2-1 brotli 1.0.0-1 encrypted-session 0.09-1 fips-check 0.1-1 -geoip 1.25.5-1 +geoip 1.27.4-1 geoip2 3.4-1 -headers-more 0.35-1 -image-filter 1.25.5-1 -lua 0.10.26-1 +headers-more 0.37-1 +image-filter 1.27.4-1 +lua 0.10.28-1 ndk 0.3.3-1 -njs 0.8.4-2 -opentracing 0.33.0-1 -otel 0.1.0-1 -passenger 6.0.19-1 -perl 1.25.5-1 +njs 0.8.9-1 +otel 0.1.1-1 +passenger 6.0.26-1 +perl 1.27.4-1 rtmp 1.2.2-1 set-misc 0.33-1 subs-filter 0.6.4-1 -xslt 1.25.5-1 +xslt 1.27.4-1 ``` If you still want to provide your own instructions for a specific module, From 483f2828f37a017bb02684d7e3d0a64a8212640e Mon Sep 17 00:00:00 2001 From: Reuben Lifshay Date: Sat, 5 Apr 2025 20:27:32 -0700 Subject: [PATCH 355/377] chore: use gettext-envsubst alpine package instead of workaround --- Dockerfile-alpine-slim.template | 19 ++----------------- 1 file changed, 2 insertions(+), 17 deletions(-) diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template index 896b9a5c..ff076f09 100644 --- a/Dockerfile-alpine-slim.template +++ b/Dockerfile-alpine-slim.template @@ -77,23 +77,8 @@ RUN set -x \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ -# Bring in gettext so we can get `envsubst`, then throw -# the rest away. To do this, we need to install `gettext` -# then move `envsubst` out of the way so `gettext` can -# be deleted completely, then move `envsubst` back. - && apk add --no-cache --virtual .gettext gettext \ - && mv /usr/bin/envsubst /tmp/ \ - \ - && runDeps="$( \ - scanelf --needed --nobanner /tmp/envsubst \ - | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ - | sort -u \ - | xargs -r apk info --installed \ - | sort -u \ - )" \ - && apk add --no-cache $runDeps \ - && apk del --no-network .gettext \ - && mv /tmp/envsubst /usr/local/bin/ \ +# Add `envsubst` for templating environment variables + && apk add --no-cache gettext-envsubst \ # Bring in tzdata so users could set the timezones through the environment # variables && apk add --no-cache tzdata \ From bd3e501c6d800f0a541fe7c965ef905f470cd75f Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 8 Apr 2025 14:52:20 -0700 Subject: [PATCH 356/377] Updated dockerfiles after the last commit --- mainline/alpine-slim/Dockerfile | 19 ++----------------- stable/alpine-slim/Dockerfile | 19 ++----------------- 2 files changed, 4 insertions(+), 34 deletions(-) diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index caab8e19..7f4b9fa2 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -83,23 +83,8 @@ RUN set -x \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ -# Bring in gettext so we can get `envsubst`, then throw -# the rest away. To do this, we need to install `gettext` -# then move `envsubst` out of the way so `gettext` can -# be deleted completely, then move `envsubst` back. - && apk add --no-cache --virtual .gettext gettext \ - && mv /usr/bin/envsubst /tmp/ \ - \ - && runDeps="$( \ - scanelf --needed --nobanner /tmp/envsubst \ - | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ - | sort -u \ - | xargs -r apk info --installed \ - | sort -u \ - )" \ - && apk add --no-cache $runDeps \ - && apk del --no-network .gettext \ - && mv /tmp/envsubst /usr/local/bin/ \ +# Add `envsubst` for templating environment variables + && apk add --no-cache gettext-envsubst \ # Bring in tzdata so users could set the timezones through the environment # variables && apk add --no-cache tzdata \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index d125af5f..65bd5449 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -83,23 +83,8 @@ RUN set -x \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ -# Bring in gettext so we can get `envsubst`, then throw -# the rest away. To do this, we need to install `gettext` -# then move `envsubst` out of the way so `gettext` can -# be deleted completely, then move `envsubst` back. - && apk add --no-cache --virtual .gettext gettext \ - && mv /usr/bin/envsubst /tmp/ \ - \ - && runDeps="$( \ - scanelf --needed --nobanner /tmp/envsubst \ - | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ - | sort -u \ - | xargs -r apk info --installed \ - | sort -u \ - )" \ - && apk add --no-cache $runDeps \ - && apk del --no-network .gettext \ - && mv /tmp/envsubst /usr/local/bin/ \ +# Add `envsubst` for templating environment variables + && apk add --no-cache gettext-envsubst \ # Bring in tzdata so users could set the timezones through the environment # variables && apk add --no-cache tzdata \ From eaf8875a1967d24cea6ed8b37109075e39ed9e43 Mon Sep 17 00:00:00 2001 From: oxpa Date: Wed, 16 Apr 2025 15:35:16 +0100 Subject: [PATCH 357/377] Updated mainline to 1.27.5. While at it, updated njs to 0.8.10 for mainline. --- mainline/alpine-otel/Dockerfile | 4 ++-- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-otel/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 6 +++--- update.sh | 6 +++--- 8 files changed, 19 insertions(+), 19 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index b7e897a8..c0013029 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.4-alpine +FROM nginx:1.27.5-alpine ENV OTEL_VERSION 0.1.1 @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 16bc601f..43a9b54e 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.4-alpine +FROM nginx:1.27.5-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -46,7 +46,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 7f4b9fa2..bcf90752 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.21 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.27.4 +ENV NGINX_VERSION 1.27.5 ENV PKG_RELEASE 1 ENV DYNPKG_RELEASE 1 @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 03a8fd94..aafff741 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.4-alpine-slim +FROM nginx:1.27.5-alpine-slim -ENV NJS_VERSION 0.8.9 +ENV NJS_VERSION 0.8.10 ENV NJS_RELEASE 1 RUN set -x \ @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 7119d905..70151a28 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.4 +FROM nginx:1.27.5 ENV OTEL_VERSION 0.1.1 @@ -50,7 +50,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 662381c6..940ef74d 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.4 +FROM nginx:1.27.5 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -48,7 +48,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index d71d7192..f034b778 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.27.4 -ENV NJS_VERSION 0.8.9 +ENV NGINX_VERSION 1.27.5 +ENV NJS_VERSION 0.8.10 ENV NJS_RELEASE 1~bookworm ENV PKG_RELEASE 1~bookworm ENV DYNPKG_RELEASE 1~bookworm @@ -77,7 +77,7 @@ RUN set -x \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/update.sh b/update.sh index 8f79de6a..32e4a103 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.27.4' + [mainline]='1.27.5' [stable]='1.26.3' ) # Current njs versions declare -A njs=( - [mainline]='0.8.9' + [mainline]='0.8.10' [stable]='0.8.9' ) @@ -72,7 +72,7 @@ declare -A rev=( # revision/tag in the previous block # Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845' + [mainline]='c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745' [stable]='3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea' ) From 4e08af2988063a3b02420ef0040e2e13fc9d93d6 Mon Sep 17 00:00:00 2001 From: oxpa Date: Wed, 16 Apr 2025 16:01:48 +0100 Subject: [PATCH 358/377] Updated nginx otel for mainline to 0.1.2. --- mainline/alpine-otel/Dockerfile | 2 +- mainline/debian-otel/Dockerfile | 2 +- update.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index c0013029..d7b73e6e 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -5,7 +5,7 @@ # FROM nginx:1.27.5-alpine -ENV OTEL_VERSION 0.1.1 +ENV OTEL_VERSION 0.1.2 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 70151a28..199614ff 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -5,7 +5,7 @@ # FROM nginx:1.27.5 -ENV OTEL_VERSION 0.1.1 +ENV OTEL_VERSION 0.1.2 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ diff --git a/update.sh b/update.sh index 32e4a103..08744e96 100755 --- a/update.sh +++ b/update.sh @@ -31,7 +31,7 @@ declare -A njspkg=( # Current otel versions declare -A otel=( - [mainline]='0.1.1' + [mainline]='0.1.2' [stable]='0.1.1' ) From fb92d1121ab8f58830155d34aeb607f2375829dc Mon Sep 17 00:00:00 2001 From: Jesper Noordsij Date: Thu, 5 Dec 2024 14:23:22 +0100 Subject: [PATCH 359/377] Update stable to Alpine 3.21 --- stable/alpine-slim/Dockerfile | 2 +- update.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 65bd5449..af03749c 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.20 +FROM alpine:3.21 LABEL maintainer="NGINX Docker Maintainers " diff --git a/update.sh b/update.sh index 08744e96..7df556d6 100755 --- a/update.sh +++ b/update.sh @@ -56,7 +56,7 @@ declare -A debian=( declare -A alpine=( [mainline]='3.21' - [stable]='3.20' + [stable]='3.21' ) # When we bump njs version in a stable release we don't move the tag in the From 025c52f4168ed96e503e165741b0ba39ca80bd76 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 22 Apr 2025 13:51:29 -0700 Subject: [PATCH 360/377] Bump stable to 1.28.0. While at it, bump njs and otel to contemporary versions as well. --- generate-stackbrew-library.sh | 2 +- sync-awsecr.sh | 2 +- update.sh | 10 +++++----- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 5f1025dd..8776c686 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -4,7 +4,7 @@ set -eu declare -A aliases aliases=( [mainline]='1 1.27 latest' - [stable]='1.26' + [stable]='1.28' ) self="$(basename "$BASH_SOURCE")" diff --git a/sync-awsecr.sh b/sync-awsecr.sh index 547c83ff..af1ed2bc 100755 --- a/sync-awsecr.sh +++ b/sync-awsecr.sh @@ -7,7 +7,7 @@ registry="public.ecr.aws/z9d2n7e1" declare -A aliases aliases=( [mainline]='1 1.27 latest' - [stable]='1.26' + [stable]='1.28' ) architectures=( amd64 arm64v8 ) diff --git a/update.sh b/update.sh index 7df556d6..dfe7935a 100755 --- a/update.sh +++ b/update.sh @@ -13,13 +13,13 @@ declare branches=( # Remember to update pkgosschecksum when changing this. declare -A nginx=( [mainline]='1.27.5' - [stable]='1.26.3' + [stable]='1.28.0' ) # Current njs versions declare -A njs=( [mainline]='0.8.10' - [stable]='0.8.9' + [stable]='0.8.10' ) # Current njs patchlevel version @@ -32,7 +32,7 @@ declare -A njspkg=( # Current otel versions declare -A otel=( [mainline]='0.1.2' - [stable]='0.1.1' + [stable]='0.1.2' ) # Current nginx package patchlevel version @@ -46,7 +46,7 @@ declare -A pkg=( # Remember to update pkgosschecksum when changing this declare -A dynpkg=( [mainline]=1 - [stable]=2 + [stable]=1 ) declare -A debian=( @@ -73,7 +73,7 @@ declare -A rev=( # Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( [mainline]='c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745' - [stable]='3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea' + [stable]='517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4' ) get_packages() { From 7f1d49f6f222f7e588a9066fd53a0ce43c3466a5 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 23 Apr 2025 10:06:56 -0700 Subject: [PATCH 361/377] Regenerated stable dockerfiles after the last commits. --- stable/alpine-otel/Dockerfile | 6 +++--- stable/alpine-perl/Dockerfile | 4 ++-- stable/alpine-slim/Dockerfile | 6 +++--- stable/alpine/Dockerfile | 6 +++--- stable/debian-otel/Dockerfile | 6 +++--- stable/debian-perl/Dockerfile | 4 ++-- stable/debian/Dockerfile | 8 ++++---- 7 files changed, 20 insertions(+), 20 deletions(-) diff --git a/stable/alpine-otel/Dockerfile b/stable/alpine-otel/Dockerfile index cb6cd3bd..7ca1a94b 100644 --- a/stable/alpine-otel/Dockerfile +++ b/stable/alpine-otel/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.3-alpine +FROM nginx:1.28.0-alpine -ENV OTEL_VERSION 0.1.1 +ENV OTEL_VERSION 0.1.2 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 133c8a6e..9676d8bc 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.3-alpine +FROM nginx:1.28.0-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -46,7 +46,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index af03749c..29bf5ba2 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -7,9 +7,9 @@ FROM alpine:3.21 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.26.3 +ENV NGINX_VERSION 1.28.0 ENV PKG_RELEASE 1 -ENV DYNPKG_RELEASE 2 +ENV DYNPKG_RELEASE 1 RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index ec1007e4..fb0c900a 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.3-alpine-slim +FROM nginx:1.28.0-alpine-slim -ENV NJS_VERSION 0.8.9 +ENV NJS_VERSION 0.8.10 ENV NJS_RELEASE 1 RUN set -x \ @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/debian-otel/Dockerfile b/stable/debian-otel/Dockerfile index c39b0ee7..e4129a43 100644 --- a/stable/debian-otel/Dockerfile +++ b/stable/debian-otel/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.3 +FROM nginx:1.28.0 -ENV OTEL_VERSION 0.1.1 +ENV OTEL_VERSION 0.1.2 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -50,7 +50,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 18ca094e..bda0e1b8 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.3 +FROM nginx:1.28.0 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -48,7 +48,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 509a1f76..d0b7cf62 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -7,11 +7,11 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.26.3 -ENV NJS_VERSION 0.8.9 +ENV NGINX_VERSION 1.28.0 +ENV NJS_VERSION 0.8.10 ENV NJS_RELEASE 1~bookworm ENV PKG_RELEASE 1~bookworm -ENV DYNPKG_RELEASE 2~bookworm +ENV DYNPKG_RELEASE 1~bookworm RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -77,7 +77,7 @@ RUN set -x \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ From 1b87dc1ab18a1b15fe89d946f37987e2ec5793c9 Mon Sep 17 00:00:00 2001 From: Jesper Noordsij Date: Mon, 2 Jun 2025 14:28:35 +0200 Subject: [PATCH 362/377] Update mainline to Alpine 3.22 --- mainline/alpine-slim/Dockerfile | 2 +- update.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index bcf90752..b7258283 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.21 +FROM alpine:3.22 LABEL maintainer="NGINX Docker Maintainers " diff --git a/update.sh b/update.sh index dfe7935a..ede32ea2 100755 --- a/update.sh +++ b/update.sh @@ -55,7 +55,7 @@ declare -A debian=( ) declare -A alpine=( - [mainline]='3.21' + [mainline]='3.22' [stable]='3.21' ) From 6a0bb106841e86fb043b4cbfb526135c7a7f0c72 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 24 Jun 2025 12:11:04 -0700 Subject: [PATCH 363/377] Updated nginx mainline to 1.29.0 and njs to 0.9.0. --- update.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/update.sh b/update.sh index ede32ea2..e85d193f 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.27.5' + [mainline]='1.29.0' [stable]='1.28.0' ) # Current njs versions declare -A njs=( - [mainline]='0.8.10' + [mainline]='0.9.0' [stable]='0.8.10' ) @@ -72,7 +72,7 @@ declare -A rev=( # revision/tag in the previous block # Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745' + [mainline]='400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1' [stable]='517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4' ) From 7895505c41013f66d3841cd2613b436229c1fe0e Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 24 Jun 2025 12:11:24 -0700 Subject: [PATCH 364/377] Regenerated dockerfiles after the last commit. --- mainline/alpine-otel/Dockerfile | 4 ++-- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-otel/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 6 +++--- 7 files changed, 16 insertions(+), 16 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index d7b73e6e..87c8559b 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.5-alpine +FROM nginx:1.29.0-alpine ENV OTEL_VERSION 0.1.2 @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 43a9b54e..5bbd2d7c 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.5-alpine +FROM nginx:1.29.0-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -46,7 +46,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index b7258283..f9fd0dd6 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.22 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.27.5 +ENV NGINX_VERSION 1.29.0 ENV PKG_RELEASE 1 ENV DYNPKG_RELEASE 1 @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index aafff741..d5296027 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.5-alpine-slim +FROM nginx:1.29.0-alpine-slim -ENV NJS_VERSION 0.8.10 +ENV NJS_VERSION 0.9.0 ENV NJS_RELEASE 1 RUN set -x \ @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 199614ff..4b551fc4 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.5 +FROM nginx:1.29.0 ENV OTEL_VERSION 0.1.2 @@ -50,7 +50,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 940ef74d..37d0b871 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.5 +FROM nginx:1.29.0 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -48,7 +48,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index f034b778..9e9f0ce4 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.27.5 -ENV NJS_VERSION 0.8.10 +ENV NGINX_VERSION 1.29.0 +ENV NJS_VERSION 0.9.0 ENV NJS_RELEASE 1~bookworm ENV PKG_RELEASE 1~bookworm ENV DYNPKG_RELEASE 1~bookworm @@ -77,7 +77,7 @@ RUN set -x \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ From c3dcb125c9534ed5e76ebba48171b26411b8e478 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 24 Jun 2025 13:53:53 -0700 Subject: [PATCH 365/377] Bump versions in auxiliary scripts. --- generate-stackbrew-library.sh | 2 +- sync-awsecr.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 8776c686..021332fa 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -3,7 +3,7 @@ set -eu declare -A aliases aliases=( - [mainline]='1 1.27 latest' + [mainline]='1 1.29 latest' [stable]='1.28' ) diff --git a/sync-awsecr.sh b/sync-awsecr.sh index af1ed2bc..599a33a1 100755 --- a/sync-awsecr.sh +++ b/sync-awsecr.sh @@ -6,7 +6,7 @@ registry="public.ecr.aws/z9d2n7e1" declare -A aliases aliases=( - [mainline]='1 1.27 latest' + [mainline]='1 1.29 latest' [stable]='1.28' ) From 0b49b8b12fd214b633114ac16d2dfd65d45ff160 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 14 Jul 2025 14:36:10 -0700 Subject: [PATCH 366/377] Pass GPG key ids as separate arguments when exporting. This makes sure all keys are exported to a keyring archive, as opposed to only the first key. --- Dockerfile-debian.template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 9138f4c9..644e0de0 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -29,7 +29,7 @@ RUN set -x \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ done; \ - gpg1 --export "$NGINX_GPGKEYS" > "$NGINX_GPGKEY_PATH" ; \ + gpg1 --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \ rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ From b2faad22d5d15d966e46922033681639b2a6d6fa Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 14 Jul 2025 14:42:25 -0700 Subject: [PATCH 367/377] Regenerated dockerfiles after the last commit. --- mainline/debian/Dockerfile | 2 +- stable/debian/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 9e9f0ce4..84b47aef 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -34,7 +34,7 @@ RUN set -x \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ done; \ - gpg1 --export "$NGINX_GPGKEYS" > "$NGINX_GPGKEY_PATH" ; \ + gpg1 --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \ rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index d0b7cf62..447f10ec 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -34,7 +34,7 @@ RUN set -x \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ done; \ - gpg1 --export "$NGINX_GPGKEYS" > "$NGINX_GPGKEY_PATH" ; \ + gpg1 --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \ rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ From 8852665dbc86d516617450cf6117786a93f37bea Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 14 Jul 2025 18:04:28 -0700 Subject: [PATCH 368/377] gpg: use --batch for all invocations. Suggested-by: https://github.com/docker-library/official-images/pull/19467#issuecomment-3071271603 --- Dockerfile-debian.template | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 644e0de0..57abba1a 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -25,11 +25,11 @@ RUN set -x \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + gpg1 --batch --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ done; \ - gpg1 --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \ + gpg1 --batch --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \ rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ From 95de31b3a72d30853977968822f866727074662a Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 6 Aug 2025 16:12:22 -0700 Subject: [PATCH 369/377] Fixed a typo in 10-listen-on-ipv6-by-default.sh. --- entrypoint/10-listen-on-ipv6-by-default.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint/10-listen-on-ipv6-by-default.sh b/entrypoint/10-listen-on-ipv6-by-default.sh index b90bf0c9..61a901de 100755 --- a/entrypoint/10-listen-on-ipv6-by-default.sh +++ b/entrypoint/10-listen-on-ipv6-by-default.sh @@ -27,7 +27,7 @@ fi touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::\]:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release From 9b549fdf936778810dbe95a4813899c60444ef1c Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 6 Aug 2025 16:21:14 -0700 Subject: [PATCH 370/377] Regenerated dockerfiles after last commits. --- mainline/alpine-slim/10-listen-on-ipv6-by-default.sh | 2 +- mainline/debian/10-listen-on-ipv6-by-default.sh | 2 +- mainline/debian/Dockerfile | 4 ++-- stable/alpine-slim/10-listen-on-ipv6-by-default.sh | 2 +- stable/debian/10-listen-on-ipv6-by-default.sh | 2 +- stable/debian/Dockerfile | 4 ++-- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh b/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh index b90bf0c9..61a901de 100755 --- a/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh @@ -27,7 +27,7 @@ fi touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::\]:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release diff --git a/mainline/debian/10-listen-on-ipv6-by-default.sh b/mainline/debian/10-listen-on-ipv6-by-default.sh index b90bf0c9..61a901de 100755 --- a/mainline/debian/10-listen-on-ipv6-by-default.sh +++ b/mainline/debian/10-listen-on-ipv6-by-default.sh @@ -27,7 +27,7 @@ fi touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::\]:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 84b47aef..69b5fcf0 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -30,11 +30,11 @@ RUN set -x \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + gpg1 --batch --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ done; \ - gpg1 --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \ + gpg1 --batch --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \ rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ diff --git a/stable/alpine-slim/10-listen-on-ipv6-by-default.sh b/stable/alpine-slim/10-listen-on-ipv6-by-default.sh index b90bf0c9..61a901de 100755 --- a/stable/alpine-slim/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine-slim/10-listen-on-ipv6-by-default.sh @@ -27,7 +27,7 @@ fi touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::\]:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release diff --git a/stable/debian/10-listen-on-ipv6-by-default.sh b/stable/debian/10-listen-on-ipv6-by-default.sh index b90bf0c9..61a901de 100755 --- a/stable/debian/10-listen-on-ipv6-by-default.sh +++ b/stable/debian/10-listen-on-ipv6-by-default.sh @@ -27,7 +27,7 @@ fi touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::\]:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 447f10ec..99f34952 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -30,11 +30,11 @@ RUN set -x \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + gpg1 --batch --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ done; \ - gpg1 --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \ + gpg1 --batch --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \ rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ From 5a4ad48c733b365d69a4d1c9946a9d8480469c7f Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 13 Aug 2025 09:03:44 -0700 Subject: [PATCH 371/377] Updated nginx mainline to 1.29.1 and njs to 0.9.1. --- mainline/alpine-otel/Dockerfile | 4 ++-- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-otel/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 6 +++--- update.sh | 6 +++--- 8 files changed, 19 insertions(+), 19 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index 87c8559b..ae0cd5ea 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.0-alpine +FROM nginx:1.29.1-alpine ENV OTEL_VERSION 0.1.2 @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 5bbd2d7c..83bee112 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.0-alpine +FROM nginx:1.29.1-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -46,7 +46,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index f9fd0dd6..2edb0776 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.22 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.29.0 +ENV NGINX_VERSION 1.29.1 ENV PKG_RELEASE 1 ENV DYNPKG_RELEASE 1 @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index d5296027..6c7ad1f7 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.0-alpine-slim +FROM nginx:1.29.1-alpine-slim -ENV NJS_VERSION 0.9.0 +ENV NJS_VERSION 0.9.1 ENV NJS_RELEASE 1 RUN set -x \ @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 4b551fc4..6bdb7325 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.0 +FROM nginx:1.29.1 ENV OTEL_VERSION 0.1.2 @@ -50,7 +50,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 37d0b871..8e0e79ac 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.0 +FROM nginx:1.29.1 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -48,7 +48,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 69b5fcf0..3d08fc15 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.29.0 -ENV NJS_VERSION 0.9.0 +ENV NGINX_VERSION 1.29.1 +ENV NJS_VERSION 0.9.1 ENV NJS_RELEASE 1~bookworm ENV PKG_RELEASE 1~bookworm ENV DYNPKG_RELEASE 1~bookworm @@ -77,7 +77,7 @@ RUN set -x \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/update.sh b/update.sh index e85d193f..65e54101 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.29.0' + [mainline]='1.29.1' [stable]='1.28.0' ) # Current njs versions declare -A njs=( - [mainline]='0.9.0' + [mainline]='0.9.1' [stable]='0.8.10' ) @@ -72,7 +72,7 @@ declare -A rev=( # revision/tag in the previous block # Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1' + [mainline]='43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4' [stable]='517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4' ) From 3cabe641e7f111919a661430d77cf4c70a3a2794 Mon Sep 17 00:00:00 2001 From: Jesper Noordsij Date: Wed, 13 Aug 2025 09:29:26 +0200 Subject: [PATCH 372/377] Update mainline to Debian trixie --- mainline/debian-otel/Dockerfile | 2 +- mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 10 +++++----- update.sh | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 6bdb7325..41eb50f5 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -21,7 +21,7 @@ RUN set -x; \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ trixie nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 8e0e79ac..71a03461 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -19,7 +19,7 @@ RUN set -x; \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ trixie nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 3d08fc15..ecc07412 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -3,15 +3,15 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM debian:bookworm-slim +FROM debian:trixie-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.29.1 ENV NJS_VERSION 0.9.1 -ENV NJS_RELEASE 1~bookworm -ENV PKG_RELEASE 1~bookworm -ENV DYNPKG_RELEASE 1~bookworm +ENV NJS_RELEASE 1~trixie +ENV PKG_RELEASE 1~trixie +ENV DYNPKG_RELEASE 1~trixie RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -48,7 +48,7 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ trixie nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ diff --git a/update.sh b/update.sh index 65e54101..0b8af179 100755 --- a/update.sh +++ b/update.sh @@ -50,7 +50,7 @@ declare -A dynpkg=( ) declare -A debian=( - [mainline]='bookworm' + [mainline]='trixie' [stable]='bookworm' ) From 78438bffee73f0badc243eea35909cede2d3afd7 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 7 Oct 2025 12:47:41 -0700 Subject: [PATCH 373/377] Updated mainline nginx to 1.29.2 and njs to 0.9.3. --- update.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/update.sh b/update.sh index 0b8af179..ca949189 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.29.1' + [mainline]='1.29.2' [stable]='1.28.0' ) # Current njs versions declare -A njs=( - [mainline]='0.9.1' + [mainline]='0.9.3' [stable]='0.8.10' ) @@ -72,7 +72,7 @@ declare -A rev=( # revision/tag in the previous block # Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4' + [mainline]='633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700' [stable]='517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4' ) From c3785f2653008f9354c3d29a54d8c5459c53fa60 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 7 Oct 2025 12:48:18 -0700 Subject: [PATCH 374/377] Regenerated Dockerfiles after the last commit. --- mainline/alpine-otel/Dockerfile | 4 ++-- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-otel/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 6 +++--- 7 files changed, 16 insertions(+), 16 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index ae0cd5ea..52b98949 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.1-alpine +FROM nginx:1.29.2-alpine ENV OTEL_VERSION 0.1.2 @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 83bee112..b16c406f 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.1-alpine +FROM nginx:1.29.2-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -46,7 +46,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 2edb0776..d09211ee 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.22 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.29.1 +ENV NGINX_VERSION 1.29.2 ENV PKG_RELEASE 1 ENV DYNPKG_RELEASE 1 @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 6c7ad1f7..5d9aae8f 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.1-alpine-slim +FROM nginx:1.29.2-alpine-slim -ENV NJS_VERSION 0.9.1 +ENV NJS_VERSION 0.9.3 ENV NJS_RELEASE 1 RUN set -x \ @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 41eb50f5..075e43f5 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.1 +FROM nginx:1.29.2 ENV OTEL_VERSION 0.1.2 @@ -50,7 +50,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 71a03461..258db626 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.1 +FROM nginx:1.29.2 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -48,7 +48,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index ecc07412..b2eea0ea 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:trixie-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.29.1 -ENV NJS_VERSION 0.9.1 +ENV NGINX_VERSION 1.29.2 +ENV NJS_VERSION 0.9.3 ENV NJS_RELEASE 1~trixie ENV PKG_RELEASE 1~trixie ENV DYNPKG_RELEASE 1~trixie @@ -77,7 +77,7 @@ RUN set -x \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ From b75b089789daa4ce5510d6cb246147cb1eb8922d Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 7 Oct 2025 14:15:47 -0700 Subject: [PATCH 375/377] library: allow redefining architectures to build Debian-based images for. mainline is now based on trixie, which removes mips64le and adds riscv64. stable is currently kept as-is. --- generate-stackbrew-library.sh | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 021332fa..13a18cfe 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -13,6 +13,12 @@ base=debian versions=( mainline stable ) +declare -A debian_architectures +debian_architectures=( + [mainline]='amd64, arm32v5, arm32v7, arm64v8, i386, ppc64le, riscv64, s390x' + [stable]='amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x' +) + # get the most recent commit which modified any of "$@" fileCommit() { git log -1 --format='format:%H' HEAD -- "$@" @@ -69,7 +75,7 @@ for version in "${versions[@]}"; do echo cat <<-EOE Tags: $(join ', ' "${versionAliases[@]}"), $(join ', ' "${debianAliases[@]}") - Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x + Architectures: ${debian_architectures[$version]} GitCommit: $commit Directory: $version/$base EOE @@ -84,7 +90,7 @@ for version in "${versions[@]}"; do echo cat <<-EOE Tags: $(join ', ' "${variantAliases[@]}") - Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x + Architectures: ${debian_architectures[$version]} GitCommit: $commit Directory: $version/$variant EOE From 1a3dfcb82c76fa8d292d42188cc71866e657a005 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 28 Oct 2025 11:52:47 -0700 Subject: [PATCH 376/377] Update mainline nginx to 1.29.3 and njs to 0.9.4 --- update.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/update.sh b/update.sh index ca949189..50f9d2a1 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.29.2' + [mainline]='1.29.3' [stable]='1.28.0' ) # Current njs versions declare -A njs=( - [mainline]='0.9.3' + [mainline]='0.9.4' [stable]='0.8.10' ) @@ -72,7 +72,7 @@ declare -A rev=( # revision/tag in the previous block # Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700' + [mainline]='249858446828ace0c81ea3e057135aa368f3dab83430cf867bb9fc32598948f29c4bd50908491da704536af1106aa87553f6a76cc126c6833dc9b14dd00564b8' [stable]='517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4' ) From e4d5453581d9d3618f77c4aeccf2e6171a1cd6ff Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 28 Oct 2025 11:53:09 -0700 Subject: [PATCH 377/377] Regenerated Dockerfiles after the last commit --- mainline/alpine-otel/Dockerfile | 4 ++-- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-otel/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 6 +++--- 7 files changed, 16 insertions(+), 16 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index 52b98949..495c61e1 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.2-alpine +FROM nginx:1.29.3-alpine ENV OTEL_VERSION 0.1.2 @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"249858446828ace0c81ea3e057135aa368f3dab83430cf867bb9fc32598948f29c4bd50908491da704536af1106aa87553f6a76cc126c6833dc9b14dd00564b8 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index b16c406f..837daac1 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.2-alpine +FROM nginx:1.29.3-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -46,7 +46,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"249858446828ace0c81ea3e057135aa368f3dab83430cf867bb9fc32598948f29c4bd50908491da704536af1106aa87553f6a76cc126c6833dc9b14dd00564b8 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index d09211ee..9fe90d6f 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.22 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.29.2 +ENV NGINX_VERSION 1.29.3 ENV PKG_RELEASE 1 ENV DYNPKG_RELEASE 1 @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"249858446828ace0c81ea3e057135aa368f3dab83430cf867bb9fc32598948f29c4bd50908491da704536af1106aa87553f6a76cc126c6833dc9b14dd00564b8 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 5d9aae8f..ff89c3b2 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.2-alpine-slim +FROM nginx:1.29.3-alpine-slim -ENV NJS_VERSION 0.9.3 +ENV NJS_VERSION 0.9.4 ENV NJS_RELEASE 1 RUN set -x \ @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"249858446828ace0c81ea3e057135aa368f3dab83430cf867bb9fc32598948f29c4bd50908491da704536af1106aa87553f6a76cc126c6833dc9b14dd00564b8 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 075e43f5..da68ae7c 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.2 +FROM nginx:1.29.3 ENV OTEL_VERSION 0.1.2 @@ -50,7 +50,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="249858446828ace0c81ea3e057135aa368f3dab83430cf867bb9fc32598948f29c4bd50908491da704536af1106aa87553f6a76cc126c6833dc9b14dd00564b8 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 258db626..ef0ad258 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.2 +FROM nginx:1.29.3 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -48,7 +48,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="249858446828ace0c81ea3e057135aa368f3dab83430cf867bb9fc32598948f29c4bd50908491da704536af1106aa87553f6a76cc126c6833dc9b14dd00564b8 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index b2eea0ea..27b4e131 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:trixie-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.29.2 -ENV NJS_VERSION 0.9.3 +ENV NGINX_VERSION 1.29.3 +ENV NJS_VERSION 0.9.4 ENV NJS_RELEASE 1~trixie ENV PKG_RELEASE 1~trixie ENV DYNPKG_RELEASE 1~trixie @@ -77,7 +77,7 @@ RUN set -x \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="249858446828ace0c81ea3e057135aa368f3dab83430cf867bb9fc32598948f29c4bd50908491da704536af1106aa87553f6a76cc126c6833dc9b14dd00564b8 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \