From 3b108b59619655e3bd4597a059f544afa374b7fb Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 28 Aug 2018 19:34:10 +0300 Subject: [PATCH 001/306] Updated mainline nginx to 1.15.3 and njs to 0.2.3. --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index efeebbf6e..f201b0c21 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.7 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.2 +ENV NGINX_VERSION 1.15.3 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index c1b42a5ce..2afc41fdf 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.7 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.2 +ENV NGINX_VERSION 1.15.3 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index 7c34189d3..31528e9fa 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.2-1~stretch -ENV NJS_VERSION 1.15.2.0.2.2-1~stretch +ENV NGINX_VERSION 1.15.3-1~stretch +ENV NJS_VERSION 1.15.3.0.2.3-1~stretch RUN set -x \ && apt-get update \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index a7b5ce892..2aa0975c1 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.2-1~stretch -ENV NJS_VERSION 1.15.2.0.2.2-1~stretch +ENV NGINX_VERSION 1.15.3-1~stretch +ENV NJS_VERSION 1.15.3.0.2.3-1~stretch RUN set -x \ && apt-get update \ From f3fc4d5753f0ebb9107738183b9c5cea1bf3f618 Mon Sep 17 00:00:00 2001 From: Clemens Buchacher Date: Fri, 14 Sep 2018 09:08:32 +0200 Subject: [PATCH 002/306] downgrade to gnupg1 The build sometimes fails to remove the `S.gpg-agent.extra` unix domain socket when it deletes the temporary GNUPGHOME directory after running gpg commands. rm: can't remove '/tmp/tmp.hBDCKF/S.gpg-agent.extra': No such file or directory The previous gpg --recv-keys command starts the gpg-agent. The gpg-agent connects to the following sockets and does not terminate on its own. / # netstat -x -a -p Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node PID/Program name Path unix 2 [ ACC ] STREAM LISTENING 8627378 17/dirmngr /root/.gnupg/S.dirmngr unix 2 [ ACC ] STREAM LISTENING 8625135 21/gpg-agent /root/.gnupg/S.gpg-agent unix 2 [ ACC ] STREAM LISTENING 8625136 21/gpg-agent /root/.gnupg/S.gpg-agent.extra unix 2 [ ACC ] STREAM LISTENING 8625137 21/gpg-agent /root/.gnupg/S.gpg-agent.browser unix 2 [ ACC ] STREAM LISTENING 8625138 21/gpg-agent /root/.gnupg/S.gpg-agent.ssh If one of the sockets is removed, then the agent terminates and removes the other sockets as well. This causes a race condition between `rm -rf $GNUPGHOME` and gpg-agent. If gpg-agent manages to remove the sockets first, then `rm` fails while trying to remove the same socket. Move to gnupg1 in alpine just like we do for stretch. Gnupg version 1 does not launch a GPG agent. It is not possible to disable gpg-agent in gnupg version 2. (cherry picked from commit 684e1c634b56694633402c34e73b0cbc500b8d0e) Signed-off-by: Konstantin Pavlov --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index f201b0c21..30997c4f7 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -62,7 +62,7 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ zlib-dev \ linux-headers \ curl \ - gnupg \ + gnupg1 \ libxslt-dev \ gd-dev \ geoip-dev \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 2afc41fdf..a3dcbbd17 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -61,7 +61,7 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ zlib-dev \ linux-headers \ curl \ - gnupg \ + gnupg1 \ libxslt-dev \ gd-dev \ geoip-dev \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index f5a2d0148..efa664e1d 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -62,7 +62,7 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ zlib-dev \ linux-headers \ curl \ - gnupg \ + gnupg1 \ libxslt-dev \ gd-dev \ geoip-dev \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 83de70601..9dc45b6de 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -61,7 +61,7 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ zlib-dev \ linux-headers \ curl \ - gnupg \ + gnupg1 \ libxslt-dev \ gd-dev \ geoip-dev \ From 866b071f099f96898563f9a003c2dbb03bb90339 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 25 Sep 2018 19:18:17 +0300 Subject: [PATCH 003/306] Updated mainline nginx to 1.15.4 and njs to 0.2.4. --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 30997c4f7..0f5e43f8b 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.7 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.3 +ENV NGINX_VERSION 1.15.4 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index a3dcbbd17..41bf64ac0 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.7 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.3 +ENV NGINX_VERSION 1.15.4 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index 31528e9fa..cc0f9f84a 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.3-1~stretch -ENV NJS_VERSION 1.15.3.0.2.3-1~stretch +ENV NGINX_VERSION 1.15.4-1~stretch +ENV NJS_VERSION 1.15.4.0.2.4-1~stretch RUN set -x \ && apt-get update \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index 2aa0975c1..667932628 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.3-1~stretch -ENV NJS_VERSION 1.15.3.0.2.3-1~stretch +ENV NGINX_VERSION 1.15.4-1~stretch +ENV NJS_VERSION 1.15.4.0.2.4-1~stretch RUN set -x \ && apt-get update \ From 3c446adddf7b04e877d5c5191b151c794c74bb58 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 25 Sep 2018 19:19:07 +0300 Subject: [PATCH 004/306] Update Alpine to 3.8. --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 0f5e43f8b..f739e899b 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.7 +FROM alpine:3.8 LABEL maintainer="NGINX Docker Maintainers " diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 41bf64ac0..42450325a 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.7 +FROM alpine:3.8 LABEL maintainer="NGINX Docker Maintainers " diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index efa664e1d..647d98916 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.7 +FROM alpine:3.8 LABEL maintainer="NGINX Docker Maintainers " diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 9dc45b6de..579707f2b 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.7 +FROM alpine:3.8 LABEL maintainer="NGINX Docker Maintainers " From a22b9f46fe3a586b02d974f64441a4c07215dc5d Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 2 Oct 2018 19:17:50 +0300 Subject: [PATCH 005/306] Updated mainline nginx to 1.15.5. --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index f739e899b..2ee0e5af7 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.8 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.4 +ENV NGINX_VERSION 1.15.5 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 42450325a..112b81d23 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.8 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.4 +ENV NGINX_VERSION 1.15.5 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index cc0f9f84a..b51915cb8 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.4-1~stretch -ENV NJS_VERSION 1.15.4.0.2.4-1~stretch +ENV NGINX_VERSION 1.15.5-1~stretch +ENV NJS_VERSION 1.15.5.0.2.4-1~stretch RUN set -x \ && apt-get update \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index 667932628..f21be866f 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.4-1~stretch -ENV NJS_VERSION 1.15.4.0.2.4-1~stretch +ENV NGINX_VERSION 1.15.5-1~stretch +ENV NJS_VERSION 1.15.5.0.2.4-1~stretch RUN set -x \ && apt-get update \ From f4d30145c60c433966df96f618d78513fee9d322 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 6 Nov 2018 18:37:40 +0300 Subject: [PATCH 006/306] Updated mainline nginx to 1.15.6, stable to 1.14.1 and njs to 0.2.5. --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- stable/stretch-perl/Dockerfile | 4 ++-- stable/stretch/Dockerfile | 4 ++-- 8 files changed, 12 insertions(+), 12 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 2ee0e5af7..8ee952881 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.8 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.5 +ENV NGINX_VERSION 1.15.6 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 112b81d23..6082f1392 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.8 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.5 +ENV NGINX_VERSION 1.15.6 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index b51915cb8..df976345f 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.5-1~stretch -ENV NJS_VERSION 1.15.5.0.2.4-1~stretch +ENV NGINX_VERSION 1.15.6-1~stretch +ENV NJS_VERSION 1.15.6.0.2.5-1~stretch RUN set -x \ && apt-get update \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index f21be866f..dfe575ec1 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.5-1~stretch -ENV NJS_VERSION 1.15.5.0.2.4-1~stretch +ENV NGINX_VERSION 1.15.6-1~stretch +ENV NJS_VERSION 1.15.6.0.2.5-1~stretch RUN set -x \ && apt-get update \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 647d98916..cdbfb6e5d 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.8 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.14.0 +ENV NGINX_VERSION 1.14.1 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 579707f2b..488980b33 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.8 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.14.0 +ENV NGINX_VERSION 1.14.1 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/stable/stretch-perl/Dockerfile b/stable/stretch-perl/Dockerfile index 2e262ece1..7895437d2 100644 --- a/stable/stretch-perl/Dockerfile +++ b/stable/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.14.0-1~stretch -ENV NJS_VERSION 1.14.0.0.2.0-1~stretch +ENV NGINX_VERSION 1.14.1-1~stretch +ENV NJS_VERSION 1.14.1.0.2.5-1~stretch RUN set -x \ && apt-get update \ diff --git a/stable/stretch/Dockerfile b/stable/stretch/Dockerfile index a436cf47d..3a0ceb3bf 100644 --- a/stable/stretch/Dockerfile +++ b/stable/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.14.0-1~stretch -ENV NJS_VERSION 1.14.0.0.2.0-1~stretch +ENV NGINX_VERSION 1.14.1-1~stretch +ENV NJS_VERSION 1.14.1.0.2.5-1~stretch RUN set -x \ && apt-get update \ From 1fe92b86a3c3a6482c54a0858d1fcb22e591279f Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 27 Nov 2018 19:20:17 +0300 Subject: [PATCH 007/306] Updated mainline nginx to 1.15.7 and njs to 0.2.6. --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 8ee952881..e2e73e519 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.8 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.6 +ENV NGINX_VERSION 1.15.7 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 6082f1392..614ef3de4 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.8 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.6 +ENV NGINX_VERSION 1.15.7 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index df976345f..edc26c056 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.6-1~stretch -ENV NJS_VERSION 1.15.6.0.2.5-1~stretch +ENV NGINX_VERSION 1.15.7-1~stretch +ENV NJS_VERSION 1.15.7.0.2.6-1~stretch RUN set -x \ && apt-get update \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index dfe575ec1..4be26e81a 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.6-1~stretch -ENV NJS_VERSION 1.15.6.0.2.5-1~stretch +ENV NGINX_VERSION 1.15.7-1~stretch +ENV NJS_VERSION 1.15.7.0.2.6-1~stretch RUN set -x \ && apt-get update \ From b71469ab815f580ba0ad658a32e91c86f8565ed4 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 5 Dec 2018 13:02:50 +0300 Subject: [PATCH 008/306] Updated stable nginx to 1.14.2 and njs to 0.2.6. --- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- stable/stretch-perl/Dockerfile | 4 ++-- stable/stretch/Dockerfile | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index cdbfb6e5d..17cf6e0aa 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.8 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.14.1 +ENV NGINX_VERSION 1.14.2 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 488980b33..5945a4a7e 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.8 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.14.1 +ENV NGINX_VERSION 1.14.2 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/stable/stretch-perl/Dockerfile b/stable/stretch-perl/Dockerfile index 7895437d2..05cf56976 100644 --- a/stable/stretch-perl/Dockerfile +++ b/stable/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.14.1-1~stretch -ENV NJS_VERSION 1.14.1.0.2.5-1~stretch +ENV NGINX_VERSION 1.14.2-1~stretch +ENV NJS_VERSION 1.14.2.0.2.6-1~stretch RUN set -x \ && apt-get update \ diff --git a/stable/stretch/Dockerfile b/stable/stretch/Dockerfile index 3a0ceb3bf..097b04b9d 100644 --- a/stable/stretch/Dockerfile +++ b/stable/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.14.1-1~stretch -ENV NJS_VERSION 1.14.1.0.2.5-1~stretch +ENV NGINX_VERSION 1.14.2-1~stretch +ENV NJS_VERSION 1.14.2.0.2.6-1~stretch RUN set -x \ && apt-get update \ From baa050df601b5e798431a9db458e16f53b1031f6 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 25 Dec 2018 20:47:18 +0300 Subject: [PATCH 009/306] Updated mainline nginx to 1.15.8 and njs to 0.2.7. --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index e2e73e519..58c62c0f1 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.8 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.7 +ENV NGINX_VERSION 1.15.8 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 614ef3de4..771d5b0c6 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.8 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.7 +ENV NGINX_VERSION 1.15.8 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index edc26c056..156f343f7 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.7-1~stretch -ENV NJS_VERSION 1.15.7.0.2.6-1~stretch +ENV NGINX_VERSION 1.15.8-1~stretch +ENV NJS_VERSION 1.15.8.0.2.7-1~stretch RUN set -x \ && apt-get update \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index 4be26e81a..09e2d842d 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.7-1~stretch -ENV NJS_VERSION 1.15.7.0.2.6-1~stretch +ENV NGINX_VERSION 1.15.8-1~stretch +ENV NJS_VERSION 1.15.8.0.2.7-1~stretch RUN set -x \ && apt-get update \ From 2364fdc54af554d28ef95b7be381677d10987986 Mon Sep 17 00:00:00 2001 From: J0WI Date: Wed, 30 Jan 2019 00:49:37 +0100 Subject: [PATCH 010/306] Update to Alpine 3.9 (cherry picked from commit 420928130ec092ae5ccef16863813604b1b1eb37) Signed-off-by: Konstantin Pavlov --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 58c62c0f1..1e675dff3 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.8 +FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 771d5b0c6..4b008278c 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.8 +FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 17cf6e0aa..c952e56c5 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.8 +FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 5945a4a7e..7a7ded45b 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.8 +FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " From 7890fc2342613e6669ad83ceead9c81136d2cc0a Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 27 Feb 2019 13:45:42 +0300 Subject: [PATCH 011/306] Updated mainline nginx to 1.15.9 and njs to 0.2.8 --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 1e675dff3..4c299989c 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.8 +ENV NGINX_VERSION 1.15.9 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 4b008278c..ea42632a1 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.8 +ENV NGINX_VERSION 1.15.9 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index 156f343f7..a5f77e77a 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.8-1~stretch -ENV NJS_VERSION 1.15.8.0.2.7-1~stretch +ENV NGINX_VERSION 1.15.9-1~stretch +ENV NJS_VERSION 1.15.9.0.2.8-1~stretch RUN set -x \ && apt-get update \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index 09e2d842d..1fbd3f821 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.8-1~stretch -ENV NJS_VERSION 1.15.8.0.2.7-1~stretch +ENV NGINX_VERSION 1.15.9-1~stretch +ENV NJS_VERSION 1.15.9.0.2.8-1~stretch RUN set -x \ && apt-get update \ From 97b65112180e0c7764465aa47a974fc7af3c99ae Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 26 Mar 2019 18:57:47 +0300 Subject: [PATCH 012/306] Updated mainline nginx to 1.15.10 and njs to 0.3.0 --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 4c299989c..b57cdebe4 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.9 +ENV NGINX_VERSION 1.15.10 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index ea42632a1..cb254b510 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.9 +ENV NGINX_VERSION 1.15.10 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index a5f77e77a..de02aceb6 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.9-1~stretch -ENV NJS_VERSION 1.15.9.0.2.8-1~stretch +ENV NGINX_VERSION 1.15.10-1~stretch +ENV NJS_VERSION 1.15.10.0.3.0-1~stretch RUN set -x \ && apt-get update \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index 1fbd3f821..01b69df95 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.9-1~stretch -ENV NJS_VERSION 1.15.9.0.2.8-1~stretch +ENV NGINX_VERSION 1.15.10-1~stretch +ENV NJS_VERSION 1.15.10.0.3.0-1~stretch RUN set -x \ && apt-get update \ From 7d7c67f2eaa6b2b32c718ba9d93f152870513c7c Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 9 Apr 2019 17:54:11 +0300 Subject: [PATCH 013/306] Updated mainline nginx to 1.15.11 --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index b57cdebe4..5c1731dd6 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.10 +ENV NGINX_VERSION 1.15.11 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index cb254b510..956b00043 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.10 +ENV NGINX_VERSION 1.15.11 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index de02aceb6..5fca7ddd3 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.10-1~stretch -ENV NJS_VERSION 1.15.10.0.3.0-1~stretch +ENV NGINX_VERSION 1.15.11-1~stretch +ENV NJS_VERSION 1.15.11.0.3.0-1~stretch RUN set -x \ && apt-get update \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index 01b69df95..b7002d8bc 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.10-1~stretch -ENV NJS_VERSION 1.15.10.0.3.0-1~stretch +ENV NGINX_VERSION 1.15.11-1~stretch +ENV NJS_VERSION 1.15.11.0.3.0-1~stretch RUN set -x \ && apt-get update \ From e5123eea0d29c8d13df17d782f15679458ff899e Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 16 Apr 2019 19:25:41 +0300 Subject: [PATCH 014/306] Updated mainline nginx to 1.15.12 and njs to 0.3.1 --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 5c1731dd6..24b56bf35 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.11 +ENV NGINX_VERSION 1.15.12 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 956b00043..7b9f3a3e4 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.11 +ENV NGINX_VERSION 1.15.12 RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ && CONFIG="\ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index 5fca7ddd3..072708811 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.11-1~stretch -ENV NJS_VERSION 1.15.11.0.3.0-1~stretch +ENV NGINX_VERSION 1.15.12-1~stretch +ENV NJS_VERSION 1.15.12.0.3.1-1~stretch RUN set -x \ && apt-get update \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index b7002d8bc..9c54b75e5 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.11-1~stretch -ENV NJS_VERSION 1.15.11.0.3.0-1~stretch +ENV NGINX_VERSION 1.15.12-1~stretch +ENV NJS_VERSION 1.15.12.0.3.1-1~stretch RUN set -x \ && apt-get update \ From 0501f0b73fd7fbfb139d1e98a7fd3b63426b16a1 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 11 Mar 2019 17:46:56 +0300 Subject: [PATCH 015/306] alpine: use nginx.org-provided packages. For the architectures unavailable on nginx.org, build from the official packaging sources. Also adds njs. --- mainline/alpine-perl/Dockerfile | 242 +++++++++----------- mainline/alpine-perl/nginx.conf | 32 --- mainline/alpine-perl/nginx.vh.default.conf | 45 ---- mainline/alpine/Dockerfile | 236 +++++++++----------- mainline/alpine/nginx.conf | 32 --- mainline/alpine/nginx.vh.default.conf | 45 ---- stable/alpine-perl/Dockerfile | 244 +++++++++------------ stable/alpine-perl/nginx.conf | 32 --- stable/alpine-perl/nginx.vh.default.conf | 45 ---- stable/alpine/Dockerfile | 238 +++++++++----------- stable/alpine/nginx.conf | 32 --- stable/alpine/nginx.vh.default.conf | 45 ---- 12 files changed, 414 insertions(+), 854 deletions(-) delete mode 100644 mainline/alpine-perl/nginx.conf delete mode 100644 mainline/alpine-perl/nginx.vh.default.conf delete mode 100644 mainline/alpine/nginx.conf delete mode 100644 mainline/alpine/nginx.vh.default.conf delete mode 100644 stable/alpine-perl/nginx.conf delete mode 100644 stable/alpine-perl/nginx.vh.default.conf delete mode 100644 stable/alpine/nginx.conf delete mode 100644 stable/alpine/nginx.vh.default.conf diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 24b56bf35..3d577de35 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,146 +3,110 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.15.12 +ENV NJS_VERSION 1.15.12.0.3.1 +ENV PKG_RELEASE 1 -RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ - && CONFIG="\ - --prefix=/etc/nginx \ - --sbin-path=/usr/sbin/nginx \ - --modules-path=/usr/lib/nginx/modules \ - --conf-path=/etc/nginx/nginx.conf \ - --error-log-path=/var/log/nginx/error.log \ - --http-log-path=/var/log/nginx/access.log \ - --pid-path=/var/run/nginx.pid \ - --lock-path=/var/run/nginx.lock \ - --http-client-body-temp-path=/var/cache/nginx/client_temp \ - --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ - --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ - --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ - --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ - --user=nginx \ - --group=nginx \ - --with-http_ssl_module \ - --with-http_realip_module \ - --with-http_addition_module \ - --with-http_sub_module \ - --with-http_dav_module \ - --with-http_flv_module \ - --with-http_mp4_module \ - --with-http_gunzip_module \ - --with-http_gzip_static_module \ - --with-http_random_index_module \ - --with-http_secure_link_module \ - --with-http_stub_status_module \ - --with-http_auth_request_module \ - --with-http_xslt_module=dynamic \ - --with-http_image_filter_module=dynamic \ - --with-http_geoip_module=dynamic \ - --with-http_perl_module=dynamic \ - --with-threads \ - --with-stream \ - --with-stream_ssl_module \ - --with-stream_ssl_preread_module \ - --with-stream_realip_module \ - --with-stream_geoip_module=dynamic \ - --with-http_slice_module \ - --with-mail \ - --with-mail_ssl_module \ - --with-compat \ - --with-file-aio \ - --with-http_v2_module \ - " \ - && addgroup -S nginx \ - && adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \ - && apk add --no-cache --virtual .build-deps \ - gcc \ - libc-dev \ - make \ - openssl-dev \ - pcre-dev \ - zlib-dev \ - linux-headers \ - curl \ - gnupg1 \ - libxslt-dev \ - gd-dev \ - geoip-dev \ - perl-dev \ - && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ - && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ - && export GNUPGHOME="$(mktemp -d)" \ - && found=''; \ - for server in \ - ha.pool.sks-keyservers.net \ - hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $GPG_KEYS from $server"; \ - gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \ - gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \ - && rm -rf "$GNUPGHOME" nginx.tar.gz.asc \ - && mkdir -p /usr/src \ - && tar -zxC /usr/src -f nginx.tar.gz \ - && rm nginx.tar.gz \ - && cd /usr/src/nginx-$NGINX_VERSION \ - && ./configure $CONFIG --with-debug \ - && make -j$(getconf _NPROCESSORS_ONLN) \ - && mv objs/nginx objs/nginx-debug \ - && mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \ - && mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \ - && mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \ - && mv objs/ngx_http_perl_module.so objs/ngx_http_perl_module-debug.so \ - && mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so \ - && ./configure $CONFIG \ - && make -j$(getconf _NPROCESSORS_ONLN) \ - && make install \ - && rm -rf /etc/nginx/html/ \ - && mkdir /etc/nginx/conf.d/ \ - && mkdir -p /usr/share/nginx/html/ \ - && install -m644 html/index.html /usr/share/nginx/html/ \ - && install -m644 html/50x.html /usr/share/nginx/html/ \ - && install -m755 objs/nginx-debug /usr/sbin/nginx-debug \ - && install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so \ - && install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \ - && install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so \ - && install -m755 objs/ngx_http_perl_module-debug.so /usr/lib/nginx/modules/ngx_http_perl_module-debug.so \ - && install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so \ - && ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \ - && strip /usr/sbin/nginx* \ - && strip /usr/lib/nginx/modules/*.so \ - && rm -rf /usr/src/nginx-$NGINX_VERSION \ - \ - # Bring in gettext so we can get `envsubst`, then throw - # the rest away. To do this, we need to install `gettext` - # then move `envsubst` out of the way so `gettext` can - # be deleted completely, then move `envsubst` back. - && apk add --no-cache --virtual .gettext gettext \ - && mv /usr/bin/envsubst /tmp/ \ - \ - && runDeps="$( \ - scanelf --needed --nobanner /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \ - | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ - | sort -u \ - | xargs -r apk info --installed \ - | sort -u \ - )" \ - && apk add --no-cache --virtual .nginx-rundeps $runDeps \ - && apk del .build-deps \ - && apk del .gettext \ - && mv /tmp/envsubst /usr/local/bin/ \ - \ - # Bring in tzdata so users could set the timezones through the environment - # variables - && apk add --no-cache tzdata \ - \ - # forward request and error logs to docker log collector - && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log - -COPY nginx.conf /etc/nginx/nginx.conf -COPY nginx.vh.default.conf /etc/nginx/conf.d/default.conf +RUN set -x \ + && apkArch="$(cat /etc/apk/arch)" \ + && nginxPackages=" \ + nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-perl=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NJS_VERSION}-r${PKG_RELEASE} \ + " \ + && case "$apkArch" in \ + x86_64) \ +# arches officially built by upstream + set -x \ + && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && apk add --no-cache --virtual .cert-deps \ + openssl curl ca-certificates \ + && curl -o /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ + && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + echo "key verification succeeded!"; \ + mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ + else \ + echo "key verification failed!"; \ + exit 1; \ + fi \ + && printf "%s%s%s\n" \ + "http://nginx.org/packages/mainline/alpine/v" \ + `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \ + "/main" \ + | tee -a /etc/apk/repositories \ + && apk del .cert-deps \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published packaging sources + set -x \ + && tempDir="$(mktemp -d)" \ + && chown nobody:nobody $tempDir \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre-dev \ + zlib-dev \ + linux-headers \ + libxslt-dev \ + gd-dev \ + geoip-dev \ + perl-dev \ + libedit-dev \ + mercurial \ + bash \ + alpine-sdk \ + findutils \ + && su - nobody -s /bin/sh -c " \ + export HOME=${tempDir} \ + && cd ${tempDir} \ + && hg clone https://hg.nginx.org/pkg-oss \ + && cd pkg-oss \ + && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ + && cd alpine \ + && make all \ + && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ + " \ + && echo "${tempDir}/packages/alpine/" >> /etc/apk/repositories \ + && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ + && apk del .build-deps \ + ;; \ + esac \ + && apk add --no-cache $nginxPackages \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ +# remove the last line with the packages repos in the repositories file + && sed -i '$ d' /etc/apk/repositories \ +# Bring in gettext so we can get `envsubst`, then throw +# the rest away. To do this, we need to install `gettext` +# then move `envsubst` out of the way so `gettext` can +# be deleted completely, then move `envsubst` back. + && apk add --no-cache --virtual .gettext gettext \ + && mv /usr/bin/envsubst /tmp/ \ + \ + && runDeps="$( \ + scanelf --needed --nobanner /tmp/envsubst \ + | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ + | sort -u \ + | xargs -r apk info --installed \ + | sort -u \ + )" \ + && apk add --no-cache $runDeps \ + && apk del .gettext \ + && mv /tmp/envsubst /usr/local/bin/ \ +# Bring in tzdata so users could set the timezones through the environment +# variables + && apk add --no-cache tzdata \ +# forward request and error logs to docker log collector + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log EXPOSE 80 diff --git a/mainline/alpine-perl/nginx.conf b/mainline/alpine-perl/nginx.conf deleted file mode 100644 index e4bad8dbc..000000000 --- a/mainline/alpine-perl/nginx.conf +++ /dev/null @@ -1,32 +0,0 @@ - -user nginx; -worker_processes 1; - -error_log /var/log/nginx/error.log warn; -pid /var/run/nginx.pid; - - -events { - worker_connections 1024; -} - - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - #gzip on; - - include /etc/nginx/conf.d/*.conf; -} diff --git a/mainline/alpine-perl/nginx.vh.default.conf b/mainline/alpine-perl/nginx.vh.default.conf deleted file mode 100644 index 299c622a7..000000000 --- a/mainline/alpine-perl/nginx.vh.default.conf +++ /dev/null @@ -1,45 +0,0 @@ -server { - listen 80; - server_name localhost; - - #charset koi8-r; - #access_log /var/log/nginx/host.access.log main; - - location / { - root /usr/share/nginx/html; - index index.html index.htm; - } - - #error_page 404 /404.html; - - # redirect server error pages to the static page /50x.html - # - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } - - # proxy the PHP scripts to Apache listening on 127.0.0.1:80 - # - #location ~ \.php$ { - # proxy_pass http://127.0.0.1; - #} - - # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 - # - #location ~ \.php$ { - # root html; - # fastcgi_pass 127.0.0.1:9000; - # fastcgi_index index.php; - # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; - # include fastcgi_params; - #} - - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - # - #location ~ /\.ht { - # deny all; - #} -} - diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 7b9f3a3e4..bee9f5d8b 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,141 +3,109 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.15.12 +ENV NJS_VERSION 1.15.12.0.3.1 +ENV PKG_RELEASE 1 -RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ - && CONFIG="\ - --prefix=/etc/nginx \ - --sbin-path=/usr/sbin/nginx \ - --modules-path=/usr/lib/nginx/modules \ - --conf-path=/etc/nginx/nginx.conf \ - --error-log-path=/var/log/nginx/error.log \ - --http-log-path=/var/log/nginx/access.log \ - --pid-path=/var/run/nginx.pid \ - --lock-path=/var/run/nginx.lock \ - --http-client-body-temp-path=/var/cache/nginx/client_temp \ - --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ - --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ - --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ - --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ - --user=nginx \ - --group=nginx \ - --with-http_ssl_module \ - --with-http_realip_module \ - --with-http_addition_module \ - --with-http_sub_module \ - --with-http_dav_module \ - --with-http_flv_module \ - --with-http_mp4_module \ - --with-http_gunzip_module \ - --with-http_gzip_static_module \ - --with-http_random_index_module \ - --with-http_secure_link_module \ - --with-http_stub_status_module \ - --with-http_auth_request_module \ - --with-http_xslt_module=dynamic \ - --with-http_image_filter_module=dynamic \ - --with-http_geoip_module=dynamic \ - --with-threads \ - --with-stream \ - --with-stream_ssl_module \ - --with-stream_ssl_preread_module \ - --with-stream_realip_module \ - --with-stream_geoip_module=dynamic \ - --with-http_slice_module \ - --with-mail \ - --with-mail_ssl_module \ - --with-compat \ - --with-file-aio \ - --with-http_v2_module \ - " \ - && addgroup -S nginx \ - && adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \ - && apk add --no-cache --virtual .build-deps \ - gcc \ - libc-dev \ - make \ - openssl-dev \ - pcre-dev \ - zlib-dev \ - linux-headers \ - curl \ - gnupg1 \ - libxslt-dev \ - gd-dev \ - geoip-dev \ - && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ - && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ - && export GNUPGHOME="$(mktemp -d)" \ - && found=''; \ - for server in \ - ha.pool.sks-keyservers.net \ - hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $GPG_KEYS from $server"; \ - gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \ - gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \ - && rm -rf "$GNUPGHOME" nginx.tar.gz.asc \ - && mkdir -p /usr/src \ - && tar -zxC /usr/src -f nginx.tar.gz \ - && rm nginx.tar.gz \ - && cd /usr/src/nginx-$NGINX_VERSION \ - && ./configure $CONFIG --with-debug \ - && make -j$(getconf _NPROCESSORS_ONLN) \ - && mv objs/nginx objs/nginx-debug \ - && mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \ - && mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \ - && mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \ - && mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so \ - && ./configure $CONFIG \ - && make -j$(getconf _NPROCESSORS_ONLN) \ - && make install \ - && rm -rf /etc/nginx/html/ \ - && mkdir /etc/nginx/conf.d/ \ - && mkdir -p /usr/share/nginx/html/ \ - && install -m644 html/index.html /usr/share/nginx/html/ \ - && install -m644 html/50x.html /usr/share/nginx/html/ \ - && install -m755 objs/nginx-debug /usr/sbin/nginx-debug \ - && install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so \ - && install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \ - && install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so \ - && install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so \ - && ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \ - && strip /usr/sbin/nginx* \ - && strip /usr/lib/nginx/modules/*.so \ - && rm -rf /usr/src/nginx-$NGINX_VERSION \ - \ - # Bring in gettext so we can get `envsubst`, then throw - # the rest away. To do this, we need to install `gettext` - # then move `envsubst` out of the way so `gettext` can - # be deleted completely, then move `envsubst` back. - && apk add --no-cache --virtual .gettext gettext \ - && mv /usr/bin/envsubst /tmp/ \ - \ - && runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )" \ - && apk add --no-cache --virtual .nginx-rundeps $runDeps \ - && apk del .build-deps \ - && apk del .gettext \ - && mv /tmp/envsubst /usr/local/bin/ \ - \ - # Bring in tzdata so users could set the timezones through the environment - # variables - && apk add --no-cache tzdata \ - \ - # forward request and error logs to docker log collector - && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log - -COPY nginx.conf /etc/nginx/nginx.conf -COPY nginx.vh.default.conf /etc/nginx/conf.d/default.conf +RUN set -x \ + && apkArch="$(cat /etc/apk/arch)" \ + && nginxPackages=" \ + nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NJS_VERSION}-r${PKG_RELEASE} \ + " \ + && case "$apkArch" in \ + x86_64) \ +# arches officially built by upstream + set -x \ + && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && apk add --no-cache --virtual .cert-deps \ + openssl curl ca-certificates \ + && curl -o /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ + && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + echo "key verification succeeded!"; \ + mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ + else \ + echo "key verification failed!"; \ + exit 1; \ + fi \ + && printf "%s%s%s\n" \ + "http://nginx.org/packages/mainline/alpine/v" \ + `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \ + "/main" \ + | tee -a /etc/apk/repositories \ + && apk del .cert-deps \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published packaging sources + set -x \ + && tempDir="$(mktemp -d)" \ + && chown nobody:nobody $tempDir \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre-dev \ + zlib-dev \ + linux-headers \ + libxslt-dev \ + gd-dev \ + geoip-dev \ + perl-dev \ + libedit-dev \ + mercurial \ + bash \ + alpine-sdk \ + findutils \ + && su - nobody -s /bin/sh -c " \ + export HOME=${tempDir} \ + && cd ${tempDir} \ + && hg clone https://hg.nginx.org/pkg-oss \ + && cd pkg-oss \ + && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ + && cd alpine \ + && make all \ + && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ + " \ + && echo "${tempDir}/packages/alpine/" >> /etc/apk/repositories \ + && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ + && apk del .build-deps \ + ;; \ + esac \ + && apk add --no-cache $nginxPackages \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ +# remove the last line with the packages repos in the repositories file + && sed -i '$ d' /etc/apk/repositories \ +# Bring in gettext so we can get `envsubst`, then throw +# the rest away. To do this, we need to install `gettext` +# then move `envsubst` out of the way so `gettext` can +# be deleted completely, then move `envsubst` back. + && apk add --no-cache --virtual .gettext gettext \ + && mv /usr/bin/envsubst /tmp/ \ + \ + && runDeps="$( \ + scanelf --needed --nobanner /tmp/envsubst \ + | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ + | sort -u \ + | xargs -r apk info --installed \ + | sort -u \ + )" \ + && apk add --no-cache $runDeps \ + && apk del .gettext \ + && mv /tmp/envsubst /usr/local/bin/ \ +# Bring in tzdata so users could set the timezones through the environment +# variables + && apk add --no-cache tzdata \ +# forward request and error logs to docker log collector + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log EXPOSE 80 diff --git a/mainline/alpine/nginx.conf b/mainline/alpine/nginx.conf deleted file mode 100644 index e4bad8dbc..000000000 --- a/mainline/alpine/nginx.conf +++ /dev/null @@ -1,32 +0,0 @@ - -user nginx; -worker_processes 1; - -error_log /var/log/nginx/error.log warn; -pid /var/run/nginx.pid; - - -events { - worker_connections 1024; -} - - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - #gzip on; - - include /etc/nginx/conf.d/*.conf; -} diff --git a/mainline/alpine/nginx.vh.default.conf b/mainline/alpine/nginx.vh.default.conf deleted file mode 100644 index 299c622a7..000000000 --- a/mainline/alpine/nginx.vh.default.conf +++ /dev/null @@ -1,45 +0,0 @@ -server { - listen 80; - server_name localhost; - - #charset koi8-r; - #access_log /var/log/nginx/host.access.log main; - - location / { - root /usr/share/nginx/html; - index index.html index.htm; - } - - #error_page 404 /404.html; - - # redirect server error pages to the static page /50x.html - # - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } - - # proxy the PHP scripts to Apache listening on 127.0.0.1:80 - # - #location ~ \.php$ { - # proxy_pass http://127.0.0.1; - #} - - # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 - # - #location ~ \.php$ { - # root html; - # fastcgi_pass 127.0.0.1:9000; - # fastcgi_index index.php; - # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; - # include fastcgi_params; - #} - - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - # - #location ~ /\.ht { - # deny all; - #} -} - diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index c952e56c5..6a3ec93c1 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,146 +3,112 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.14.2 +ENV NJS_VERSION 1.14.2.0.2.7 +ENV PKG_RELEASE 1 -RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ - && CONFIG="\ - --prefix=/etc/nginx \ - --sbin-path=/usr/sbin/nginx \ - --modules-path=/usr/lib/nginx/modules \ - --conf-path=/etc/nginx/nginx.conf \ - --error-log-path=/var/log/nginx/error.log \ - --http-log-path=/var/log/nginx/access.log \ - --pid-path=/var/run/nginx.pid \ - --lock-path=/var/run/nginx.lock \ - --http-client-body-temp-path=/var/cache/nginx/client_temp \ - --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ - --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ - --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ - --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ - --user=nginx \ - --group=nginx \ - --with-http_ssl_module \ - --with-http_realip_module \ - --with-http_addition_module \ - --with-http_sub_module \ - --with-http_dav_module \ - --with-http_flv_module \ - --with-http_mp4_module \ - --with-http_gunzip_module \ - --with-http_gzip_static_module \ - --with-http_random_index_module \ - --with-http_secure_link_module \ - --with-http_stub_status_module \ - --with-http_auth_request_module \ - --with-http_xslt_module=dynamic \ - --with-http_image_filter_module=dynamic \ - --with-http_geoip_module=dynamic \ - --with-http_perl_module=dynamic \ - --with-threads \ - --with-stream \ - --with-stream_ssl_module \ - --with-stream_ssl_preread_module \ - --with-stream_realip_module \ - --with-stream_geoip_module=dynamic \ - --with-http_slice_module \ - --with-mail \ - --with-mail_ssl_module \ - --with-compat \ - --with-file-aio \ - --with-http_v2_module \ - " \ - && addgroup -S nginx \ - && adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \ - && apk add --no-cache --virtual .build-deps \ - gcc \ - libc-dev \ - make \ - openssl-dev \ - pcre-dev \ - zlib-dev \ - linux-headers \ - curl \ - gnupg1 \ - libxslt-dev \ - gd-dev \ - geoip-dev \ - perl-dev \ - && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ - && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ - && export GNUPGHOME="$(mktemp -d)" \ - && found=''; \ - for server in \ - ha.pool.sks-keyservers.net \ - hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $GPG_KEYS from $server"; \ - gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \ - gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \ - && rm -rf "$GNUPGHOME" nginx.tar.gz.asc \ - && mkdir -p /usr/src \ - && tar -zxC /usr/src -f nginx.tar.gz \ - && rm nginx.tar.gz \ - && cd /usr/src/nginx-$NGINX_VERSION \ - && ./configure $CONFIG --with-debug \ - && make -j$(getconf _NPROCESSORS_ONLN) \ - && mv objs/nginx objs/nginx-debug \ - && mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \ - && mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \ - && mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \ - && mv objs/ngx_http_perl_module.so objs/ngx_http_perl_module-debug.so \ - && mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so \ - && ./configure $CONFIG \ - && make -j$(getconf _NPROCESSORS_ONLN) \ - && make install \ - && rm -rf /etc/nginx/html/ \ - && mkdir /etc/nginx/conf.d/ \ - && mkdir -p /usr/share/nginx/html/ \ - && install -m644 html/index.html /usr/share/nginx/html/ \ - && install -m644 html/50x.html /usr/share/nginx/html/ \ - && install -m755 objs/nginx-debug /usr/sbin/nginx-debug \ - && install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so \ - && install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \ - && install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so \ - && install -m755 objs/ngx_http_perl_module-debug.so /usr/lib/nginx/modules/ngx_http_perl_module-debug.so \ - && install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so \ - && ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \ - && strip /usr/sbin/nginx* \ - && strip /usr/lib/nginx/modules/*.so \ - && rm -rf /usr/src/nginx-$NGINX_VERSION \ - \ - # Bring in gettext so we can get `envsubst`, then throw - # the rest away. To do this, we need to install `gettext` - # then move `envsubst` out of the way so `gettext` can - # be deleted completely, then move `envsubst` back. - && apk add --no-cache --virtual .gettext gettext \ - && mv /usr/bin/envsubst /tmp/ \ - \ - && runDeps="$( \ - scanelf --needed --nobanner /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \ - | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ - | sort -u \ - | xargs -r apk info --installed \ - | sort -u \ - )" \ - && apk add --no-cache --virtual .nginx-rundeps $runDeps \ - && apk del .build-deps \ - && apk del .gettext \ - && mv /tmp/envsubst /usr/local/bin/ \ - \ - # Bring in tzdata so users could set the timezones through the environment - # variables - && apk add --no-cache tzdata \ - \ - # forward request and error logs to docker log collector - && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log - -COPY nginx.conf /etc/nginx/nginx.conf -COPY nginx.vh.default.conf /etc/nginx/conf.d/default.conf +RUN set -x \ + && apkArch="$(cat /etc/apk/arch)" \ + && nginxPackages=" \ + nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-perl=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NJS_VERSION}-r${PKG_RELEASE} \ + " \ + && case "$apkArch" in \ + x86_64) \ +# arches officially built by upstream + set -x \ + && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && apk add --no-cache --virtual .cert-deps \ + openssl curl ca-certificates \ + && curl -o /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ + && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + echo "key verification succeeded!"; \ + mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ + else \ + echo "key verification failed!"; \ + exit 1; \ + fi \ + && printf "%s%s%s\n" \ + "http://nginx.org/packages/alpine/v" \ + `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \ + "/main" \ + | tee -a /etc/apk/repositories \ + && apk del .cert-deps \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published packaging sources + set -x \ + && tempDir="$(mktemp -d)" \ + && chown nobody:nobody $tempDir \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre-dev \ + zlib-dev \ + linux-headers \ + libxslt-dev \ + gd-dev \ + geoip-dev \ + perl-dev \ + libedit-dev \ + mercurial \ + bash \ + alpine-sdk \ + findutils \ + && su - nobody -s /bin/sh -c " \ + export HOME=${tempDir} \ + && cd ${tempDir} \ + && hg clone https://hg.nginx.org/pkg-oss \ + && cd pkg-oss \ +# fixme: needs to check out a tag on the next 1.14 release + && hg up stable-1.14 \ + && echo hg up ${NGINX_VERSION}-${PKG_RELEASE} \ + && cd alpine \ + && make all \ + && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ + " \ + && echo "${tempDir}/packages/alpine/" >> /etc/apk/repositories \ + && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ + && apk del .build-deps \ + ;; \ + esac \ + && apk add --no-cache $nginxPackages \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ +# remove the last line with the packages repos in the repositories file + && sed -i '$ d' /etc/apk/repositories \ +# Bring in gettext so we can get `envsubst`, then throw +# the rest away. To do this, we need to install `gettext` +# then move `envsubst` out of the way so `gettext` can +# be deleted completely, then move `envsubst` back. + && apk add --no-cache --virtual .gettext gettext \ + && mv /usr/bin/envsubst /tmp/ \ + \ + && runDeps="$( \ + scanelf --needed --nobanner /tmp/envsubst \ + | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ + | sort -u \ + | xargs -r apk info --installed \ + | sort -u \ + )" \ + && apk add --no-cache $runDeps \ + && apk del .gettext \ + && mv /tmp/envsubst /usr/local/bin/ \ +# Bring in tzdata so users could set the timezones through the environment +# variables + && apk add --no-cache tzdata \ +# forward request and error logs to docker log collector + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log EXPOSE 80 diff --git a/stable/alpine-perl/nginx.conf b/stable/alpine-perl/nginx.conf deleted file mode 100644 index e4bad8dbc..000000000 --- a/stable/alpine-perl/nginx.conf +++ /dev/null @@ -1,32 +0,0 @@ - -user nginx; -worker_processes 1; - -error_log /var/log/nginx/error.log warn; -pid /var/run/nginx.pid; - - -events { - worker_connections 1024; -} - - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - #gzip on; - - include /etc/nginx/conf.d/*.conf; -} diff --git a/stable/alpine-perl/nginx.vh.default.conf b/stable/alpine-perl/nginx.vh.default.conf deleted file mode 100644 index 299c622a7..000000000 --- a/stable/alpine-perl/nginx.vh.default.conf +++ /dev/null @@ -1,45 +0,0 @@ -server { - listen 80; - server_name localhost; - - #charset koi8-r; - #access_log /var/log/nginx/host.access.log main; - - location / { - root /usr/share/nginx/html; - index index.html index.htm; - } - - #error_page 404 /404.html; - - # redirect server error pages to the static page /50x.html - # - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } - - # proxy the PHP scripts to Apache listening on 127.0.0.1:80 - # - #location ~ \.php$ { - # proxy_pass http://127.0.0.1; - #} - - # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 - # - #location ~ \.php$ { - # root html; - # fastcgi_pass 127.0.0.1:9000; - # fastcgi_index index.php; - # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; - # include fastcgi_params; - #} - - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - # - #location ~ /\.ht { - # deny all; - #} -} - diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 7a7ded45b..4c760c6e5 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,141 +3,111 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.14.2 +ENV NJS_VERSION 1.14.2.0.2.7 +ENV PKG_RELEASE 1 -RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ - && CONFIG="\ - --prefix=/etc/nginx \ - --sbin-path=/usr/sbin/nginx \ - --modules-path=/usr/lib/nginx/modules \ - --conf-path=/etc/nginx/nginx.conf \ - --error-log-path=/var/log/nginx/error.log \ - --http-log-path=/var/log/nginx/access.log \ - --pid-path=/var/run/nginx.pid \ - --lock-path=/var/run/nginx.lock \ - --http-client-body-temp-path=/var/cache/nginx/client_temp \ - --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ - --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ - --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ - --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ - --user=nginx \ - --group=nginx \ - --with-http_ssl_module \ - --with-http_realip_module \ - --with-http_addition_module \ - --with-http_sub_module \ - --with-http_dav_module \ - --with-http_flv_module \ - --with-http_mp4_module \ - --with-http_gunzip_module \ - --with-http_gzip_static_module \ - --with-http_random_index_module \ - --with-http_secure_link_module \ - --with-http_stub_status_module \ - --with-http_auth_request_module \ - --with-http_xslt_module=dynamic \ - --with-http_image_filter_module=dynamic \ - --with-http_geoip_module=dynamic \ - --with-threads \ - --with-stream \ - --with-stream_ssl_module \ - --with-stream_ssl_preread_module \ - --with-stream_realip_module \ - --with-stream_geoip_module=dynamic \ - --with-http_slice_module \ - --with-mail \ - --with-mail_ssl_module \ - --with-compat \ - --with-file-aio \ - --with-http_v2_module \ - " \ - && addgroup -S nginx \ - && adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \ - && apk add --no-cache --virtual .build-deps \ - gcc \ - libc-dev \ - make \ - openssl-dev \ - pcre-dev \ - zlib-dev \ - linux-headers \ - curl \ - gnupg1 \ - libxslt-dev \ - gd-dev \ - geoip-dev \ - && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ - && curl -fSL https://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ - && export GNUPGHOME="$(mktemp -d)" \ - && found=''; \ - for server in \ - ha.pool.sks-keyservers.net \ - hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $GPG_KEYS from $server"; \ - gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \ - gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \ - && rm -rf "$GNUPGHOME" nginx.tar.gz.asc \ - && mkdir -p /usr/src \ - && tar -zxC /usr/src -f nginx.tar.gz \ - && rm nginx.tar.gz \ - && cd /usr/src/nginx-$NGINX_VERSION \ - && ./configure $CONFIG --with-debug \ - && make -j$(getconf _NPROCESSORS_ONLN) \ - && mv objs/nginx objs/nginx-debug \ - && mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \ - && mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \ - && mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \ - && mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so \ - && ./configure $CONFIG \ - && make -j$(getconf _NPROCESSORS_ONLN) \ - && make install \ - && rm -rf /etc/nginx/html/ \ - && mkdir /etc/nginx/conf.d/ \ - && mkdir -p /usr/share/nginx/html/ \ - && install -m644 html/index.html /usr/share/nginx/html/ \ - && install -m644 html/50x.html /usr/share/nginx/html/ \ - && install -m755 objs/nginx-debug /usr/sbin/nginx-debug \ - && install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so \ - && install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \ - && install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so \ - && install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so \ - && ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \ - && strip /usr/sbin/nginx* \ - && strip /usr/lib/nginx/modules/*.so \ - && rm -rf /usr/src/nginx-$NGINX_VERSION \ - \ - # Bring in gettext so we can get `envsubst`, then throw - # the rest away. To do this, we need to install `gettext` - # then move `envsubst` out of the way so `gettext` can - # be deleted completely, then move `envsubst` back. - && apk add --no-cache --virtual .gettext gettext \ - && mv /usr/bin/envsubst /tmp/ \ - \ - && runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )" \ - && apk add --no-cache --virtual .nginx-rundeps $runDeps \ - && apk del .build-deps \ - && apk del .gettext \ - && mv /tmp/envsubst /usr/local/bin/ \ - \ - # Bring in tzdata so users could set the timezones through the environment - # variables - && apk add --no-cache tzdata \ - \ - # forward request and error logs to docker log collector - && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log - -COPY nginx.conf /etc/nginx/nginx.conf -COPY nginx.vh.default.conf /etc/nginx/conf.d/default.conf +RUN set -x \ + && apkArch="$(cat /etc/apk/arch)" \ + && nginxPackages=" \ + nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NJS_VERSION}-r${PKG_RELEASE} \ + " \ + && case "$apkArch" in \ + x86_64) \ +# arches officially built by upstream + set -x \ + && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && apk add --no-cache --virtual .cert-deps \ + openssl curl ca-certificates \ + && curl -o /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ + && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + echo "key verification succeeded!"; \ + mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ + else \ + echo "key verification failed!"; \ + exit 1; \ + fi \ + && printf "%s%s%s\n" \ + "http://nginx.org/packages/alpine/v" \ + `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \ + "/main" \ + | tee -a /etc/apk/repositories \ + && apk del .cert-deps \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published packaging sources + set -x \ + && tempDir="$(mktemp -d)" \ + && chown nobody:nobody $tempDir \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre-dev \ + zlib-dev \ + linux-headers \ + libxslt-dev \ + gd-dev \ + geoip-dev \ + perl-dev \ + libedit-dev \ + mercurial \ + bash \ + alpine-sdk \ + findutils \ + && su - nobody -s /bin/sh -c " \ + export HOME=${tempDir} \ + && cd ${tempDir} \ + && hg clone https://hg.nginx.org/pkg-oss \ + && cd pkg-oss \ +# fixme: needs to check out a tag on the next 1.14 release + && hg up stable-1.14 \ + && echo hg up ${NGINX_VERSION}-${PKG_RELEASE} \ + && cd alpine \ + && make all \ + && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ + " \ + && echo "${tempDir}/packages/alpine/" >> /etc/apk/repositories \ + && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ + && apk del .build-deps \ + ;; \ + esac \ + && apk add --no-cache $nginxPackages \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ +# remove the last line with the packages repos in the repositories file + && sed -i '$ d' /etc/apk/repositories \ +# Bring in gettext so we can get `envsubst`, then throw +# the rest away. To do this, we need to install `gettext` +# then move `envsubst` out of the way so `gettext` can +# be deleted completely, then move `envsubst` back. + && apk add --no-cache --virtual .gettext gettext \ + && mv /usr/bin/envsubst /tmp/ \ + \ + && runDeps="$( \ + scanelf --needed --nobanner /tmp/envsubst \ + | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ + | sort -u \ + | xargs -r apk info --installed \ + | sort -u \ + )" \ + && apk add --no-cache $runDeps \ + && apk del .gettext \ + && mv /tmp/envsubst /usr/local/bin/ \ +# Bring in tzdata so users could set the timezones through the environment +# variables + && apk add --no-cache tzdata \ +# forward request and error logs to docker log collector + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log EXPOSE 80 diff --git a/stable/alpine/nginx.conf b/stable/alpine/nginx.conf deleted file mode 100644 index e4bad8dbc..000000000 --- a/stable/alpine/nginx.conf +++ /dev/null @@ -1,32 +0,0 @@ - -user nginx; -worker_processes 1; - -error_log /var/log/nginx/error.log warn; -pid /var/run/nginx.pid; - - -events { - worker_connections 1024; -} - - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - #gzip on; - - include /etc/nginx/conf.d/*.conf; -} diff --git a/stable/alpine/nginx.vh.default.conf b/stable/alpine/nginx.vh.default.conf deleted file mode 100644 index 299c622a7..000000000 --- a/stable/alpine/nginx.vh.default.conf +++ /dev/null @@ -1,45 +0,0 @@ -server { - listen 80; - server_name localhost; - - #charset koi8-r; - #access_log /var/log/nginx/host.access.log main; - - location / { - root /usr/share/nginx/html; - index index.html index.htm; - } - - #error_page 404 /404.html; - - # redirect server error pages to the static page /50x.html - # - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } - - # proxy the PHP scripts to Apache listening on 127.0.0.1:80 - # - #location ~ \.php$ { - # proxy_pass http://127.0.0.1; - #} - - # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 - # - #location ~ \.php$ { - # root html; - # fastcgi_pass 127.0.0.1:9000; - # fastcgi_index index.php; - # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; - # include fastcgi_params; - #} - - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - # - #location ~ /\.ht { - # deny all; - #} -} - From 42b9a87db35929dec0f9c329486f16d6f6254d55 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Apr 2019 15:45:08 +0300 Subject: [PATCH 016/306] mainline: get rid of duplication in variables versions --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/stretch-perl/Dockerfile | 19 ++++++++++--------- mainline/stretch/Dockerfile | 15 ++++++++------- 4 files changed, 22 insertions(+), 20 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 3d577de35..257a7ef2c 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.15.12 -ENV NJS_VERSION 1.15.12.0.3.1 +ENV NJS_VERSION 0.3.1 ENV PKG_RELEASE 1 RUN set -x \ @@ -14,7 +14,7 @@ RUN set -x \ nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-perl=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-njs=${NJS_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ " \ && case "$apkArch" in \ x86_64) \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index bee9f5d8b..503ef8757 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.15.12 -ENV NJS_VERSION 1.15.12.0.3.1 +ENV NJS_VERSION 0.3.1 ENV PKG_RELEASE 1 RUN set -x \ @@ -13,7 +13,7 @@ RUN set -x \ nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-njs=${NJS_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ " \ && case "$apkArch" in \ x86_64) \ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index 072708811..14664705b 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,9 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.12-1~stretch -ENV NJS_VERSION 1.15.12.0.3.1-1~stretch +ENV NGINX_VERSION 1.15.12 +ENV NJS_VERSION 0.3.1 +ENV PKG_RELEASE 1~stretch RUN set -x \ && apt-get update \ @@ -23,13 +24,13 @@ RUN set -x \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ - && nginxPackages=" \ - nginx=${NGINX_VERSION} \ - nginx-module-xslt=${NGINX_VERSION} \ - nginx-module-geoip=${NGINX_VERSION} \ - nginx-module-image-filter=${NGINX_VERSION} \ - nginx-module-perl=${NGINX_VERSION} \ - nginx-module-njs=${NJS_VERSION} \ + && nginxPackages=" \ + nginx=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ amd64|i386) \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index 9c54b75e5..45f8c6ea6 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,9 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.12-1~stretch -ENV NJS_VERSION 1.15.12.0.3.1-1~stretch +ENV NGINX_VERSION 1.15.12 +ENV NJS_VERSION 0.3.1 +ENV PKG_RELEASE 1~stretch RUN set -x \ && apt-get update \ @@ -24,11 +25,11 @@ RUN set -x \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ - nginx=${NGINX_VERSION} \ - nginx-module-xslt=${NGINX_VERSION} \ - nginx-module-geoip=${NGINX_VERSION} \ - nginx-module-image-filter=${NGINX_VERSION} \ - nginx-module-njs=${NJS_VERSION} \ + nginx=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ amd64|i386) \ From 9a052e07b2c283df9960375ee40be50c5c462a7e Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Apr 2019 15:49:02 +0300 Subject: [PATCH 017/306] Updated stable nginx to 1.16.0 While at it, merge mainline versioning changes. --- stable/alpine-perl/Dockerfile | 10 ++++------ stable/alpine/Dockerfile | 10 ++++------ stable/stretch-perl/Dockerfile | 19 ++++++++++--------- stable/stretch/Dockerfile | 15 ++++++++------- 4 files changed, 26 insertions(+), 28 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 6a3ec93c1..556ff7415 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.14.2 -ENV NJS_VERSION 1.14.2.0.2.7 +ENV NGINX_VERSION 1.16.0 +ENV NJS_VERSION 0.3.1 ENV PKG_RELEASE 1 RUN set -x \ @@ -14,7 +14,7 @@ RUN set -x \ nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-perl=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-njs=${NJS_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ " \ && case "$apkArch" in \ x86_64) \ @@ -66,9 +66,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ -# fixme: needs to check out a tag on the next 1.14 release - && hg up stable-1.14 \ - && echo hg up ${NGINX_VERSION}-${PKG_RELEASE} \ + && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 4c760c6e5..00a6b2919 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.14.2 -ENV NJS_VERSION 1.14.2.0.2.7 +ENV NGINX_VERSION 1.16.0 +ENV NJS_VERSION 0.3.1 ENV PKG_RELEASE 1 RUN set -x \ @@ -13,7 +13,7 @@ RUN set -x \ nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-njs=${NJS_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ " \ && case "$apkArch" in \ x86_64) \ @@ -65,9 +65,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ -# fixme: needs to check out a tag on the next 1.14 release - && hg up stable-1.14 \ - && echo hg up ${NGINX_VERSION}-${PKG_RELEASE} \ + && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/stretch-perl/Dockerfile b/stable/stretch-perl/Dockerfile index 05cf56976..a43184bc5 100644 --- a/stable/stretch-perl/Dockerfile +++ b/stable/stretch-perl/Dockerfile @@ -2,8 +2,9 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.14.2-1~stretch -ENV NJS_VERSION 1.14.2.0.2.6-1~stretch +ENV NGINX_VERSION 1.16.0 +ENV NJS_VERSION 0.3.1 +ENV PKG_RELEASE 1~stretch RUN set -x \ && apt-get update \ @@ -23,13 +24,13 @@ RUN set -x \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ - && nginxPackages=" \ - nginx=${NGINX_VERSION} \ - nginx-module-xslt=${NGINX_VERSION} \ - nginx-module-geoip=${NGINX_VERSION} \ - nginx-module-image-filter=${NGINX_VERSION} \ - nginx-module-perl=${NGINX_VERSION} \ - nginx-module-njs=${NJS_VERSION} \ + && nginxPackages=" \ + nginx=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ amd64|i386) \ diff --git a/stable/stretch/Dockerfile b/stable/stretch/Dockerfile index 097b04b9d..c358e608b 100644 --- a/stable/stretch/Dockerfile +++ b/stable/stretch/Dockerfile @@ -2,8 +2,9 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.14.2-1~stretch -ENV NJS_VERSION 1.14.2.0.2.6-1~stretch +ENV NGINX_VERSION 1.16.0 +ENV NJS_VERSION 0.3.1 +ENV PKG_RELEASE 1~stretch RUN set -x \ && apt-get update \ @@ -24,11 +25,11 @@ RUN set -x \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ - nginx=${NGINX_VERSION} \ - nginx-module-xslt=${NGINX_VERSION} \ - nginx-module-geoip=${NGINX_VERSION} \ - nginx-module-image-filter=${NGINX_VERSION} \ - nginx-module-njs=${NJS_VERSION} \ + nginx=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ amd64|i386) \ From 61973ac9c0c7fecdaa251b5ef7568f81486a0e8a Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Apr 2019 18:56:55 +0300 Subject: [PATCH 018/306] Updated generate-stackbrew-library.sh --- generate-stackbrew-library.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 4d70a4285..22587c2f9 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -3,8 +3,8 @@ set -eu declare -A aliases aliases=( - [mainline]='1 1.15 latest' - [stable]='1.14' + [mainline]='1 1.17 latest' + [stable]='1.16' ) self="$(basename "$BASH_SOURCE")" From 6f41f97b39b1a3d658f25329e7206324a1e883b5 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Apr 2019 19:04:52 +0300 Subject: [PATCH 019/306] Updated generate-stackbrew-library.sh to use new versioning scheme --- generate-stackbrew-library.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 22587c2f9..3f3a98869 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -54,7 +54,6 @@ for version in "${versions[@]}"; do commit="$(dirCommit "$version/$base")" fullVersion="$(git show "$commit":"$version/$base/Dockerfile" | awk '$1 == "ENV" && $2 == "NGINX_VERSION" { print $3; exit }')" - fullVersion="${fullVersion%[.-]*}" versionAliases=( $fullVersion ) if [ "$version" != "$fullVersion" ]; then From 9674d1078009f49ee2d3d4d168a2a1eb9b86e638 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 21 May 2019 19:42:16 +0300 Subject: [PATCH 020/306] Updated mainline nginx to 1.17.0 and njs to 0.3.2 Fixes: #331, #317. --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 257a7ef2c..96279e973 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.12 -ENV NJS_VERSION 0.3.1 +ENV NGINX_VERSION 1.17.0 +ENV NJS_VERSION 0.3.2 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 503ef8757..c5724bc72 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.12 -ENV NJS_VERSION 0.3.1 +ENV NGINX_VERSION 1.17.0 +ENV NJS_VERSION 0.3.2 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index 14664705b..7526870d8 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.12 -ENV NJS_VERSION 0.3.1 +ENV NGINX_VERSION 1.17.0 +ENV NJS_VERSION 0.3.2 ENV PKG_RELEASE 1~stretch RUN set -x \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index 45f8c6ea6..16efe8448 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.15.12 -ENV NJS_VERSION 0.3.1 +ENV NGINX_VERSION 1.17.0 +ENV NJS_VERSION 0.3.2 ENV PKG_RELEASE 1~stretch RUN set -x \ From c308ce3f7b9f94de299b3f19b86524d35253493f Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 21 May 2019 19:42:34 +0300 Subject: [PATCH 021/306] Updated njs for stable images to 0.3.2 --- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- stable/stretch-perl/Dockerfile | 2 +- stable/stretch/Dockerfile | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 556ff7415..21744f514 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.16.0 -ENV NJS_VERSION 0.3.1 +ENV NJS_VERSION 0.3.2 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 00a6b2919..3e3230453 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.16.0 -ENV NJS_VERSION 0.3.1 +ENV NJS_VERSION 0.3.2 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/stable/stretch-perl/Dockerfile b/stable/stretch-perl/Dockerfile index a43184bc5..372c7f7e6 100644 --- a/stable/stretch-perl/Dockerfile +++ b/stable/stretch-perl/Dockerfile @@ -3,7 +3,7 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.16.0 -ENV NJS_VERSION 0.3.1 +ENV NJS_VERSION 0.3.2 ENV PKG_RELEASE 1~stretch RUN set -x \ diff --git a/stable/stretch/Dockerfile b/stable/stretch/Dockerfile index c358e608b..0b75d7309 100644 --- a/stable/stretch/Dockerfile +++ b/stable/stretch/Dockerfile @@ -3,7 +3,7 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.16.0 -ENV NJS_VERSION 0.3.1 +ENV NJS_VERSION 0.3.2 ENV PKG_RELEASE 1~stretch RUN set -x \ From b749353968a57ebd9da17e12d23f1a5fb62f9de9 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 4 Jun 2019 14:27:46 +0300 Subject: [PATCH 022/306] Made the UID/GID consistent throughout the variants. 101 was chosen as UID/GID for both supported platforms since that's the first unused pair. This also looks forward compatible at least for now with Debian Buster and Alpine 3.10 as from the :edge tag of the time writing this message. Fixes: #218. --- mainline/alpine-perl/Dockerfile | 3 +++ mainline/alpine/Dockerfile | 3 +++ mainline/stretch-perl/Dockerfile | 3 +++ mainline/stretch/Dockerfile | 3 +++ stable/alpine-perl/Dockerfile | 3 +++ stable/alpine/Dockerfile | 3 +++ stable/stretch-perl/Dockerfile | 3 +++ stable/stretch/Dockerfile | 3 +++ 8 files changed, 24 insertions(+) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 96279e973..cbb6e96c3 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -7,6 +7,9 @@ ENV NJS_VERSION 0.3.2 ENV PKG_RELEASE 1 RUN set -x \ +# create nginx user/group first, to be consistent throughout docker variants + && addgroup -g 101 -S nginx \ + && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index c5724bc72..17822daf1 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -7,6 +7,9 @@ ENV NJS_VERSION 0.3.2 ENV PKG_RELEASE 1 RUN set -x \ +# create nginx user/group first, to be consistent throughout docker variants + && addgroup -g 101 -S nginx \ + && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index 7526870d8..54d9941f7 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -7,6 +7,9 @@ ENV NJS_VERSION 0.3.2 ENV PKG_RELEASE 1~stretch RUN set -x \ +# create nginx user/group first, to be consistent throughout docker variants + && addgroup --system --gid 101 nginx \ + && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ && \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index 16efe8448..11ab89759 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -7,6 +7,9 @@ ENV NJS_VERSION 0.3.2 ENV PKG_RELEASE 1~stretch RUN set -x \ +# create nginx user/group first, to be consistent throughout docker variants + && addgroup --system --gid 101 nginx \ + && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ && \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 21744f514..255e8d75b 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -7,6 +7,9 @@ ENV NJS_VERSION 0.3.2 ENV PKG_RELEASE 1 RUN set -x \ +# create nginx user/group first, to be consistent throughout docker variants + && addgroup -g 101 -S nginx \ + && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 3e3230453..1e88ebd23 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -7,6 +7,9 @@ ENV NJS_VERSION 0.3.2 ENV PKG_RELEASE 1 RUN set -x \ +# create nginx user/group first, to be consistent throughout docker variants + && addgroup -g 101 -S nginx \ + && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ diff --git a/stable/stretch-perl/Dockerfile b/stable/stretch-perl/Dockerfile index 372c7f7e6..d82f6225b 100644 --- a/stable/stretch-perl/Dockerfile +++ b/stable/stretch-perl/Dockerfile @@ -7,6 +7,9 @@ ENV NJS_VERSION 0.3.2 ENV PKG_RELEASE 1~stretch RUN set -x \ +# create nginx user/group first, to be consistent throughout docker variants + && addgroup --system --gid 101 nginx \ + && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ && \ diff --git a/stable/stretch/Dockerfile b/stable/stretch/Dockerfile index 0b75d7309..85816f3f7 100644 --- a/stable/stretch/Dockerfile +++ b/stable/stretch/Dockerfile @@ -7,6 +7,9 @@ ENV NJS_VERSION 0.3.2 ENV PKG_RELEASE 1~stretch RUN set -x \ +# create nginx user/group first, to be consistent throughout docker variants + && addgroup --system --gid 101 nginx \ + && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ && \ From 0e47be34c3fcdc15078e51d6b0bcc4abd81f1383 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Thu, 6 Jun 2019 16:13:55 +0200 Subject: [PATCH 023/306] Remove dash from su command Fixes #327 --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index cbb6e96c3..d9c7ca106 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -64,7 +64,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ - && su - nobody -s /bin/sh -c " \ + && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 17822daf1..78d5b0a82 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -63,7 +63,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ - && su - nobody -s /bin/sh -c " \ + && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 255e8d75b..17d1384ba 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -64,7 +64,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ - && su - nobody -s /bin/sh -c " \ + && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 1e88ebd23..266ffb022 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -63,7 +63,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ - && su - nobody -s /bin/sh -c " \ + && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ From c10dfd0d6df13b33f498eb49d499df26fb0c440b Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Thu, 6 Jun 2019 16:33:15 +0200 Subject: [PATCH 024/306] Change tabs to spaces And other minor formatting fixes Signed-off-by: Konstantin Pavlov --- mainline/alpine-perl/Dockerfile | 14 ++-- mainline/alpine/Dockerfile | 14 ++-- mainline/stretch-perl/Dockerfile | 120 ++++++++++++++-------------- mainline/stretch/Dockerfile | 132 +++++++++++++++---------------- stable/alpine-perl/Dockerfile | 14 ++-- stable/alpine/Dockerfile | 14 ++-- stable/stretch-perl/Dockerfile | 120 ++++++++++++++-------------- stable/stretch/Dockerfile | 132 +++++++++++++++---------------- 8 files changed, 280 insertions(+), 280 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index d9c7ca106..359991a27 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -4,7 +4,7 @@ LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.17.0 ENV NJS_VERSION 0.3.2 -ENV PKG_RELEASE 1 +ENV PKG_RELEASE 1 RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -28,12 +28,12 @@ RUN set -x \ openssl curl ca-certificates \ && curl -o /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ - echo "key verification succeeded!"; \ - mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ - else \ - echo "key verification failed!"; \ - exit 1; \ - fi \ + echo "key verification succeeded!"; \ + mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ + else \ + echo "key verification failed!"; \ + exit 1; \ + fi \ && printf "%s%s%s\n" \ "http://nginx.org/packages/mainline/alpine/v" \ `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 78d5b0a82..e0fbb8287 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -4,7 +4,7 @@ LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.17.0 ENV NJS_VERSION 0.3.2 -ENV PKG_RELEASE 1 +ENV PKG_RELEASE 1 RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -27,12 +27,12 @@ RUN set -x \ openssl curl ca-certificates \ && curl -o /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ - echo "key verification succeeded!"; \ - mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ - else \ - echo "key verification failed!"; \ - exit 1; \ - fi \ + echo "key verification succeeded!"; \ + mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ + else \ + echo "key verification failed!"; \ + exit 1; \ + fi \ && printf "%s%s%s\n" \ "http://nginx.org/packages/mainline/alpine/v" \ `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index 54d9941f7..01ddc4bf0 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -10,23 +10,23 @@ RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants && addgroup --system --gid 101 nginx \ && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ - && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ - && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ - found=''; \ - for server in \ - ha.pool.sks-keyservers.net \ - hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ - && dpkgArch="$(dpkg --print-architecture)" \ + && apt-get update \ + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ + && \ + NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + found=''; \ + for server in \ + ha.pool.sks-keyservers.net \ + hkp://keyserver.ubuntu.com:80 \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ + apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ + && dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ @@ -34,68 +34,68 @@ RUN set -x \ nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-${PKG_RELEASE} \ - " \ - && case "$dpkgArch" in \ - amd64|i386) \ + " \ + && case "$dpkgArch" in \ + amd64|i386) \ # arches officialy built by upstream - echo "deb https://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ - && apt-get update \ - ;; \ - *) \ + echo "deb https://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ + && apt-get update \ + ;; \ + *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ - \ + echo "deb-src https://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ + \ # new directory for storing sources and .deb files - && tempDir="$(mktemp -d)" \ - && chmod 777 "$tempDir" \ + && tempDir="$(mktemp -d)" \ + && chmod 777 "$tempDir" \ # (777 to ensure APT's "_apt" user can access it too) - \ + \ # save list of currently-installed packages so build dependencies can be cleanly removed later - && savedAptMark="$(apt-mark showmanual)" \ - \ + && savedAptMark="$(apt-mark showmanual)" \ + \ # build .deb files from upstream's source packages (which are verified by apt-get) - && apt-get update \ - && apt-get build-dep -y $nginxPackages \ - && ( \ - cd "$tempDir" \ - && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile $nginxPackages \ - ) \ + && apt-get update \ + && apt-get build-dep -y $nginxPackages \ + && ( \ + cd "$tempDir" \ + && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile $nginxPackages \ + ) \ # we don't remove APT lists here because they get re-downloaded and removed later - \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies # (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - && apt-mark showmanual | xargs apt-mark auto > /dev/null \ - && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ - \ + && apt-mark showmanual | xargs apt-mark auto > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ + \ # create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - && ls -lAFh "$tempDir" \ - && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ - && grep '^Package: ' "$tempDir/Packages" \ - && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ + && ls -lAFh "$tempDir" \ + && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ + && grep '^Package: ' "$tempDir/Packages" \ + && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ # work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") # Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) # ... # E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - && apt-get -o Acquire::GzipIndexes=false update \ - ;; \ - esac \ - \ - && apt-get install --no-install-recommends --no-install-suggests -y \ - $nginxPackages \ - gettext-base \ - && apt-get remove --purge --auto-remove -y apt-transport-https ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ - \ + && apt-get -o Acquire::GzipIndexes=false update \ + ;; \ + esac \ + \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + $nginxPackages \ + gettext-base \ + && apt-get remove --purge --auto-remove -y apt-transport-https ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then \ - apt-get purge -y --auto-remove \ - && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi + && if [ -n "$tempDir" ]; then \ + apt-get purge -y --auto-remove \ + && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi # forward request and error logs to docker log collector RUN ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log + && ln -sf /dev/stderr /var/log/nginx/error.log EXPOSE 80 diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index 11ab89759..12a3130ad 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -10,91 +10,91 @@ RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants && addgroup --system --gid 101 nginx \ && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ - && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ - && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ - found=''; \ - for server in \ - ha.pool.sks-keyservers.net \ - hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ - && dpkgArch="$(dpkg --print-architecture)" \ - && nginxPackages=" \ - nginx=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-${PKG_RELEASE} \ - " \ - && case "$dpkgArch" in \ - amd64|i386) \ + && apt-get update \ + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ + && \ + NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + found=''; \ + for server in \ + ha.pool.sks-keyservers.net \ + hkp://keyserver.ubuntu.com:80 \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ + apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ + && dpkgArch="$(dpkg --print-architecture)" \ + && nginxPackages=" \ + nginx=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-${PKG_RELEASE} \ + " \ + && case "$dpkgArch" in \ + amd64|i386) \ # arches officialy built by upstream - echo "deb https://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ - && apt-get update \ - ;; \ - *) \ + echo "deb https://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ + && apt-get update \ + ;; \ + *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ - \ + echo "deb-src https://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ + \ # new directory for storing sources and .deb files - && tempDir="$(mktemp -d)" \ - && chmod 777 "$tempDir" \ + && tempDir="$(mktemp -d)" \ + && chmod 777 "$tempDir" \ # (777 to ensure APT's "_apt" user can access it too) - \ + \ # save list of currently-installed packages so build dependencies can be cleanly removed later - && savedAptMark="$(apt-mark showmanual)" \ - \ + && savedAptMark="$(apt-mark showmanual)" \ + \ # build .deb files from upstream's source packages (which are verified by apt-get) - && apt-get update \ - && apt-get build-dep -y $nginxPackages \ - && ( \ - cd "$tempDir" \ - && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile $nginxPackages \ - ) \ + && apt-get update \ + && apt-get build-dep -y $nginxPackages \ + && ( \ + cd "$tempDir" \ + && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile $nginxPackages \ + ) \ # we don't remove APT lists here because they get re-downloaded and removed later - \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies # (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - && apt-mark showmanual | xargs apt-mark auto > /dev/null \ - && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ - \ + && apt-mark showmanual | xargs apt-mark auto > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ + \ # create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - && ls -lAFh "$tempDir" \ - && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ - && grep '^Package: ' "$tempDir/Packages" \ - && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ + && ls -lAFh "$tempDir" \ + && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ + && grep '^Package: ' "$tempDir/Packages" \ + && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ # work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") # Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) # ... # E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - && apt-get -o Acquire::GzipIndexes=false update \ - ;; \ - esac \ - \ - && apt-get install --no-install-recommends --no-install-suggests -y \ - $nginxPackages \ - gettext-base \ - && apt-get remove --purge --auto-remove -y apt-transport-https ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ - \ + && apt-get -o Acquire::GzipIndexes=false update \ + ;; \ + esac \ + \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + $nginxPackages \ + gettext-base \ + && apt-get remove --purge --auto-remove -y apt-transport-https ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then \ - apt-get purge -y --auto-remove \ - && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi + && if [ -n "$tempDir" ]; then \ + apt-get purge -y --auto-remove \ + && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi # forward request and error logs to docker log collector RUN ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log + && ln -sf /dev/stderr /var/log/nginx/error.log EXPOSE 80 diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 17d1384ba..b5a54f4e2 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -4,7 +4,7 @@ LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.16.0 ENV NJS_VERSION 0.3.2 -ENV PKG_RELEASE 1 +ENV PKG_RELEASE 1 RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -28,12 +28,12 @@ RUN set -x \ openssl curl ca-certificates \ && curl -o /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ - echo "key verification succeeded!"; \ - mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ - else \ - echo "key verification failed!"; \ - exit 1; \ - fi \ + echo "key verification succeeded!"; \ + mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ + else \ + echo "key verification failed!"; \ + exit 1; \ + fi \ && printf "%s%s%s\n" \ "http://nginx.org/packages/alpine/v" \ `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 266ffb022..b51ada35b 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -4,7 +4,7 @@ LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.16.0 ENV NJS_VERSION 0.3.2 -ENV PKG_RELEASE 1 +ENV PKG_RELEASE 1 RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -27,12 +27,12 @@ RUN set -x \ openssl curl ca-certificates \ && curl -o /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ - echo "key verification succeeded!"; \ - mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ - else \ - echo "key verification failed!"; \ - exit 1; \ - fi \ + echo "key verification succeeded!"; \ + mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ + else \ + echo "key verification failed!"; \ + exit 1; \ + fi \ && printf "%s%s%s\n" \ "http://nginx.org/packages/alpine/v" \ `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \ diff --git a/stable/stretch-perl/Dockerfile b/stable/stretch-perl/Dockerfile index d82f6225b..9f038d285 100644 --- a/stable/stretch-perl/Dockerfile +++ b/stable/stretch-perl/Dockerfile @@ -10,23 +10,23 @@ RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants && addgroup --system --gid 101 nginx \ && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ - && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ - && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ - found=''; \ - for server in \ - ha.pool.sks-keyservers.net \ - hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ - && dpkgArch="$(dpkg --print-architecture)" \ + && apt-get update \ + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ + && \ + NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + found=''; \ + for server in \ + ha.pool.sks-keyservers.net \ + hkp://keyserver.ubuntu.com:80 \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ + apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ + && dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ @@ -34,68 +34,68 @@ RUN set -x \ nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-${PKG_RELEASE} \ - " \ - && case "$dpkgArch" in \ - amd64|i386) \ + " \ + && case "$dpkgArch" in \ + amd64|i386) \ # arches officialy built by upstream - echo "deb https://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ - && apt-get update \ - ;; \ - *) \ + echo "deb https://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ + && apt-get update \ + ;; \ + *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ - \ + echo "deb-src https://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ + \ # new directory for storing sources and .deb files - && tempDir="$(mktemp -d)" \ - && chmod 777 "$tempDir" \ + && tempDir="$(mktemp -d)" \ + && chmod 777 "$tempDir" \ # (777 to ensure APT's "_apt" user can access it too) - \ + \ # save list of currently-installed packages so build dependencies can be cleanly removed later - && savedAptMark="$(apt-mark showmanual)" \ - \ + && savedAptMark="$(apt-mark showmanual)" \ + \ # build .deb files from upstream's source packages (which are verified by apt-get) - && apt-get update \ - && apt-get build-dep -y $nginxPackages \ - && ( \ - cd "$tempDir" \ - && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile $nginxPackages \ - ) \ + && apt-get update \ + && apt-get build-dep -y $nginxPackages \ + && ( \ + cd "$tempDir" \ + && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile $nginxPackages \ + ) \ # we don't remove APT lists here because they get re-downloaded and removed later - \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies # (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - && apt-mark showmanual | xargs apt-mark auto > /dev/null \ - && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ - \ + && apt-mark showmanual | xargs apt-mark auto > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ + \ # create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - && ls -lAFh "$tempDir" \ - && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ - && grep '^Package: ' "$tempDir/Packages" \ - && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ + && ls -lAFh "$tempDir" \ + && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ + && grep '^Package: ' "$tempDir/Packages" \ + && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ # work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") # Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) # ... # E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - && apt-get -o Acquire::GzipIndexes=false update \ - ;; \ - esac \ - \ - && apt-get install --no-install-recommends --no-install-suggests -y \ - $nginxPackages \ - gettext-base \ - && apt-get remove --purge --auto-remove -y apt-transport-https ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ - \ + && apt-get -o Acquire::GzipIndexes=false update \ + ;; \ + esac \ + \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + $nginxPackages \ + gettext-base \ + && apt-get remove --purge --auto-remove -y apt-transport-https ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then \ - apt-get purge -y --auto-remove \ - && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi + && if [ -n "$tempDir" ]; then \ + apt-get purge -y --auto-remove \ + && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi # forward request and error logs to docker log collector RUN ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log + && ln -sf /dev/stderr /var/log/nginx/error.log EXPOSE 80 diff --git a/stable/stretch/Dockerfile b/stable/stretch/Dockerfile index 85816f3f7..f7dc48c5a 100644 --- a/stable/stretch/Dockerfile +++ b/stable/stretch/Dockerfile @@ -10,91 +10,91 @@ RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants && addgroup --system --gid 101 nginx \ && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ - && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ - && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ - found=''; \ - for server in \ - ha.pool.sks-keyservers.net \ - hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ - && dpkgArch="$(dpkg --print-architecture)" \ - && nginxPackages=" \ - nginx=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-${PKG_RELEASE} \ - " \ - && case "$dpkgArch" in \ - amd64|i386) \ + && apt-get update \ + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ + && \ + NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + found=''; \ + for server in \ + ha.pool.sks-keyservers.net \ + hkp://keyserver.ubuntu.com:80 \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ + apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ + && dpkgArch="$(dpkg --print-architecture)" \ + && nginxPackages=" \ + nginx=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-${PKG_RELEASE} \ + " \ + && case "$dpkgArch" in \ + amd64|i386) \ # arches officialy built by upstream - echo "deb https://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ - && apt-get update \ - ;; \ - *) \ + echo "deb https://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ + && apt-get update \ + ;; \ + *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ - \ + echo "deb-src https://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ + \ # new directory for storing sources and .deb files - && tempDir="$(mktemp -d)" \ - && chmod 777 "$tempDir" \ + && tempDir="$(mktemp -d)" \ + && chmod 777 "$tempDir" \ # (777 to ensure APT's "_apt" user can access it too) - \ + \ # save list of currently-installed packages so build dependencies can be cleanly removed later - && savedAptMark="$(apt-mark showmanual)" \ - \ + && savedAptMark="$(apt-mark showmanual)" \ + \ # build .deb files from upstream's source packages (which are verified by apt-get) - && apt-get update \ - && apt-get build-dep -y $nginxPackages \ - && ( \ - cd "$tempDir" \ - && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile $nginxPackages \ - ) \ + && apt-get update \ + && apt-get build-dep -y $nginxPackages \ + && ( \ + cd "$tempDir" \ + && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile $nginxPackages \ + ) \ # we don't remove APT lists here because they get re-downloaded and removed later - \ + \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies # (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) - && apt-mark showmanual | xargs apt-mark auto > /dev/null \ - && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ - \ + && apt-mark showmanual | xargs apt-mark auto > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ + \ # create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) - && ls -lAFh "$tempDir" \ - && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ - && grep '^Package: ' "$tempDir/Packages" \ - && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ + && ls -lAFh "$tempDir" \ + && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ + && grep '^Package: ' "$tempDir/Packages" \ + && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ # work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") # Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) # ... # E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) - && apt-get -o Acquire::GzipIndexes=false update \ - ;; \ - esac \ - \ - && apt-get install --no-install-recommends --no-install-suggests -y \ - $nginxPackages \ - gettext-base \ - && apt-get remove --purge --auto-remove -y apt-transport-https ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ - \ + && apt-get -o Acquire::GzipIndexes=false update \ + ;; \ + esac \ + \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + $nginxPackages \ + gettext-base \ + && apt-get remove --purge --auto-remove -y apt-transport-https ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then \ - apt-get purge -y --auto-remove \ - && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi + && if [ -n "$tempDir" ]; then \ + apt-get purge -y --auto-remove \ + && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi # forward request and error logs to docker log collector RUN ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log + && ln -sf /dev/stderr /var/log/nginx/error.log EXPOSE 80 From 1ebbaf6c2f94fb4f60917220d1fae9482fb65e81 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 7 Jun 2019 14:46:29 +0300 Subject: [PATCH 025/306] stable alpine: ping to revision 417 of http://hg.nginx.org/pkg-oss. This makes stable images buildable until the next version bump. --- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index b5a54f4e2..57b521d05 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -69,7 +69,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ + && hg up -r 417 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index b51ada35b..1dcb7636a 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -68,7 +68,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ + && hg up -r 417 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ From 011ca42d34576e884610e8842b5dfb28f175fc7c Mon Sep 17 00:00:00 2001 From: J0WI Date: Thu, 20 Jun 2019 14:38:31 +0200 Subject: [PATCH 026/306] Fetch Alpine package over https --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 359991a27..0984a7de1 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -35,7 +35,7 @@ RUN set -x \ exit 1; \ fi \ && printf "%s%s%s\n" \ - "http://nginx.org/packages/mainline/alpine/v" \ + "https://nginx.org/packages/mainline/alpine/v" \ `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \ "/main" \ | tee -a /etc/apk/repositories \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index e0fbb8287..d021c4bc8 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -34,7 +34,7 @@ RUN set -x \ exit 1; \ fi \ && printf "%s%s%s\n" \ - "http://nginx.org/packages/mainline/alpine/v" \ + "https://nginx.org/packages/mainline/alpine/v" \ `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \ "/main" \ | tee -a /etc/apk/repositories \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 57b521d05..1a10857c4 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -35,7 +35,7 @@ RUN set -x \ exit 1; \ fi \ && printf "%s%s%s\n" \ - "http://nginx.org/packages/alpine/v" \ + "https://nginx.org/packages/alpine/v" \ `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \ "/main" \ | tee -a /etc/apk/repositories \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 1dcb7636a..2c5e2d978 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -34,7 +34,7 @@ RUN set -x \ exit 1; \ fi \ && printf "%s%s%s\n" \ - "http://nginx.org/packages/alpine/v" \ + "https://nginx.org/packages/alpine/v" \ `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \ "/main" \ | tee -a /etc/apk/repositories \ From 17c4abd5f5fb7d1edebeab36e0f5ac40f23f6b9b Mon Sep 17 00:00:00 2001 From: Nick Porter Date: Sat, 29 Jun 2019 23:15:20 -0400 Subject: [PATCH 027/306] Fix typo in README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f0d253c27..7adf25f3d 100644 --- a/README.md +++ b/README.md @@ -5,5 +5,5 @@ Hub page for the full readme on how to use the Docker image and for information regarding contributing and issues. The full readme is generated over in [docker-library/docs](https://github.com/docker-library/docs), -specificially in [docker-library/docs/nginx](https://github.com/docker-library/docs/tree/master/nginx). +specifically in [docker-library/docs/nginx](https://github.com/docker-library/docs/tree/master/nginx). From 976f38e04cce6a70625b24189fda405907d9cebf Mon Sep 17 00:00:00 2001 From: J0WI Date: Tue, 25 Jun 2019 01:38:30 +0200 Subject: [PATCH 028/306] Remove curl dependency from Alpine varaint --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- stable/alpine-perl/Dockerfile | 4 ++-- stable/alpine/Dockerfile | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 0984a7de1..eff71f424 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -25,8 +25,8 @@ RUN set -x \ set -x \ && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ && apk add --no-cache --virtual .cert-deps \ - openssl curl ca-certificates \ - && curl -o /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ + openssl \ + && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ echo "key verification succeeded!"; \ mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index d021c4bc8..da123df9e 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -24,8 +24,8 @@ RUN set -x \ set -x \ && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ && apk add --no-cache --virtual .cert-deps \ - openssl curl ca-certificates \ - && curl -o /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ + openssl \ + && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ echo "key verification succeeded!"; \ mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 1a10857c4..420072f60 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -25,8 +25,8 @@ RUN set -x \ set -x \ && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ && apk add --no-cache --virtual .cert-deps \ - openssl curl ca-certificates \ - && curl -o /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ + openssl \ + && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ echo "key verification succeeded!"; \ mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 2c5e2d978..a483653ce 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -24,8 +24,8 @@ RUN set -x \ set -x \ && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ && apk add --no-cache --virtual .cert-deps \ - openssl curl ca-certificates \ - && curl -o /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ + openssl \ + && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ echo "key verification succeeded!"; \ mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ From f9fbfcbcb24cb1fd6d207d33e9345d3e6dbb8ff2 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 1 Jul 2019 15:46:11 +0300 Subject: [PATCH 029/306] Updated nginx to 1.17.1 and njs to 0.3.3 Fixes #343 --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/stretch-perl/Dockerfile | 4 ++-- mainline/stretch/Dockerfile | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index eff71f424..ef35167c2 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.0 -ENV NJS_VERSION 0.3.2 +ENV NGINX_VERSION 1.17.1 +ENV NJS_VERSION 0.3.3 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index da123df9e..f23a275e0 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.9 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.0 -ENV NJS_VERSION 0.3.2 +ENV NGINX_VERSION 1.17.1 +ENV NJS_VERSION 0.3.3 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/stretch-perl/Dockerfile b/mainline/stretch-perl/Dockerfile index 01ddc4bf0..1e2fee6f1 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/stretch-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.0 -ENV NJS_VERSION 0.3.2 +ENV NGINX_VERSION 1.17.1 +ENV NJS_VERSION 0.3.3 ENV PKG_RELEASE 1~stretch RUN set -x \ diff --git a/mainline/stretch/Dockerfile b/mainline/stretch/Dockerfile index 12a3130ad..caec21c10 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/stretch/Dockerfile @@ -2,8 +2,8 @@ FROM debian:stretch-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.0 -ENV NJS_VERSION 0.3.2 +ENV NGINX_VERSION 1.17.1 +ENV NJS_VERSION 0.3.3 ENV PKG_RELEASE 1~stretch RUN set -x \ From 5abbd4a936e9ebd0bd116511c0dcd5ca27b9f4ad Mon Sep 17 00:00:00 2001 From: J0WI Date: Thu, 20 Jun 2019 14:39:27 +0200 Subject: [PATCH 030/306] Update Alpine to 3.10 Signed-off-by: Konstantin Pavlov --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index ef35167c2..92e09573d 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.9 +FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index f23a275e0..312bd350a 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.9 +FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 420072f60..794c446cf 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.9 +FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index a483653ce..49a567ef2 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.9 +FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " From 7956a3fed9b57f4796881c99ec23c03c05945d43 Mon Sep 17 00:00:00 2001 From: J0WI Date: Wed, 10 Jul 2019 16:42:11 +0200 Subject: [PATCH 031/306] Upgrade to Debian Buster Signed-off-by: Konstantin Pavlov --- generate-stackbrew-library.sh | 4 ++-- mainline/{stretch-perl => buster-perl}/Dockerfile | 12 ++++++------ mainline/{stretch => buster}/Dockerfile | 12 ++++++------ stable/{stretch-perl => buster-perl}/Dockerfile | 12 ++++++------ stable/{stretch => buster}/Dockerfile | 12 ++++++------ 5 files changed, 26 insertions(+), 26 deletions(-) rename mainline/{stretch-perl => buster-perl}/Dockerfile (92%) rename mainline/{stretch => buster}/Dockerfile (92%) rename stable/{stretch-perl => buster-perl}/Dockerfile (90%) rename stable/{stretch => buster}/Dockerfile (90%) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 3f3a98869..4464e4665 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -9,7 +9,7 @@ aliases=( self="$(basename "$BASH_SOURCE")" cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" -base=stretch +base=buster versions=( */ ) versions=( "${versions[@]%/}" ) @@ -69,7 +69,7 @@ for version in "${versions[@]}"; do Directory: $version/$base EOE - for variant in stretch-perl; do + for variant in buster-perl; do commit="$(dirCommit "$version/$variant")" variantAliases=( "${versionAliases[@]/%/-perl}" ) diff --git a/mainline/stretch-perl/Dockerfile b/mainline/buster-perl/Dockerfile similarity index 92% rename from mainline/stretch-perl/Dockerfile rename to mainline/buster-perl/Dockerfile index 1e2fee6f1..a1ad85a8b 100644 --- a/mainline/stretch-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -1,17 +1,17 @@ -FROM debian:stretch-slim +FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.17.1 ENV NJS_VERSION 0.3.3 -ENV PKG_RELEASE 1~stretch +ENV PKG_RELEASE 1~buster RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants && addgroup --system --gid 101 nginx \ && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ found=''; \ @@ -38,13 +38,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|i386) \ # arches officialy built by upstream - echo "deb https://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb https://nginx.org/packages/mainline/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src https://nginx.org/packages/mainline/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ @@ -85,7 +85,7 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y \ $nginxPackages \ gettext-base \ - && apt-get remove --purge --auto-remove -y apt-transport-https ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + && apt-get remove --purge --auto-remove -y ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then \ diff --git a/mainline/stretch/Dockerfile b/mainline/buster/Dockerfile similarity index 92% rename from mainline/stretch/Dockerfile rename to mainline/buster/Dockerfile index caec21c10..046ed052e 100644 --- a/mainline/stretch/Dockerfile +++ b/mainline/buster/Dockerfile @@ -1,17 +1,17 @@ -FROM debian:stretch-slim +FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.17.1 ENV NJS_VERSION 0.3.3 -ENV PKG_RELEASE 1~stretch +ENV PKG_RELEASE 1~buster RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants && addgroup --system --gid 101 nginx \ && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ found=''; \ @@ -37,13 +37,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|i386) \ # arches officialy built by upstream - echo "deb https://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb https://nginx.org/packages/mainline/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src https://nginx.org/packages/mainline/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ @@ -84,7 +84,7 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y \ $nginxPackages \ gettext-base \ - && apt-get remove --purge --auto-remove -y apt-transport-https ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + && apt-get remove --purge --auto-remove -y ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then \ diff --git a/stable/stretch-perl/Dockerfile b/stable/buster-perl/Dockerfile similarity index 90% rename from stable/stretch-perl/Dockerfile rename to stable/buster-perl/Dockerfile index 9f038d285..2657f64a3 100644 --- a/stable/stretch-perl/Dockerfile +++ b/stable/buster-perl/Dockerfile @@ -1,17 +1,17 @@ -FROM debian:stretch-slim +FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.16.0 ENV NJS_VERSION 0.3.2 -ENV PKG_RELEASE 1~stretch +ENV PKG_RELEASE 1~buster RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants && addgroup --system --gid 101 nginx \ && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ found=''; \ @@ -38,13 +38,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|i386) \ # arches officialy built by upstream - echo "deb https://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb https://nginx.org/packages/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src https://nginx.org/packages/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ @@ -85,7 +85,7 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y \ $nginxPackages \ gettext-base \ - && apt-get remove --purge --auto-remove -y apt-transport-https ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + && apt-get remove --purge --auto-remove -y ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then \ diff --git a/stable/stretch/Dockerfile b/stable/buster/Dockerfile similarity index 90% rename from stable/stretch/Dockerfile rename to stable/buster/Dockerfile index f7dc48c5a..05d593ecc 100644 --- a/stable/stretch/Dockerfile +++ b/stable/buster/Dockerfile @@ -1,17 +1,17 @@ -FROM debian:stretch-slim +FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.16.0 ENV NJS_VERSION 0.3.2 -ENV PKG_RELEASE 1~stretch +ENV PKG_RELEASE 1~buster RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants && addgroup --system --gid 101 nginx \ && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ found=''; \ @@ -37,13 +37,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|i386) \ # arches officialy built by upstream - echo "deb https://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb https://nginx.org/packages/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src https://nginx.org/packages/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ @@ -84,7 +84,7 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y \ $nginxPackages \ gettext-base \ - && apt-get remove --purge --auto-remove -y apt-transport-https ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + && apt-get remove --purge --auto-remove -y ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then \ From c817e28dd68b6daa33265a8cb527b1c4cd723b59 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Jul 2019 16:33:30 +0300 Subject: [PATCH 032/306] Updated mainline nginx to 1.17.2 --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/buster-perl/Dockerfile | 2 +- mainline/buster/Dockerfile | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 92e09573d..d376c2cad 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.1 +ENV NGINX_VERSION 1.17.2 ENV NJS_VERSION 0.3.3 ENV PKG_RELEASE 1 diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 312bd350a..c910f580a 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.1 +ENV NGINX_VERSION 1.17.2 ENV NJS_VERSION 0.3.3 ENV PKG_RELEASE 1 diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index a1ad85a8b..7c0836064 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -2,7 +2,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.1 +ENV NGINX_VERSION 1.17.2 ENV NJS_VERSION 0.3.3 ENV PKG_RELEASE 1~buster diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index 046ed052e..480b7a3ba 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -2,7 +2,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.1 +ENV NGINX_VERSION 1.17.2 ENV NJS_VERSION 0.3.3 ENV PKG_RELEASE 1~buster From 952de68bda48815a1fc9137b51633a6ea053251c Mon Sep 17 00:00:00 2001 From: Andrei Belov Date: Thu, 15 Aug 2019 12:03:42 +0300 Subject: [PATCH 033/306] Updated nginx to 1.17.3 and njs to 0.3.4 --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/buster-perl/Dockerfile | 4 ++-- mainline/buster/Dockerfile | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index d376c2cad..17f534161 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.2 -ENV NJS_VERSION 0.3.3 +ENV NGINX_VERSION 1.17.3 +ENV NJS_VERSION 0.3.4 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index c910f580a..4ab425538 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.2 -ENV NJS_VERSION 0.3.3 +ENV NGINX_VERSION 1.17.3 +ENV NJS_VERSION 0.3.4 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index 7c0836064..97b100c48 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.2 -ENV NJS_VERSION 0.3.3 +ENV NGINX_VERSION 1.17.3 +ENV NJS_VERSION 0.3.4 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index 480b7a3ba..d4137f048 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.2 -ENV NJS_VERSION 0.3.3 +ENV NGINX_VERSION 1.17.3 +ENV NJS_VERSION 0.3.4 ENV PKG_RELEASE 1~buster RUN set -x \ From f5a5bc9926f0bdcd45073ee7d80f73a5656fabe9 Mon Sep 17 00:00:00 2001 From: Benjamin Dos Santos Date: Thu, 15 Aug 2019 11:09:20 +0200 Subject: [PATCH 034/306] Updated stable nginx to 1.16.1 and njs to 0.3.4 --- stable/alpine-perl/Dockerfile | 4 ++-- stable/alpine/Dockerfile | 4 ++-- stable/buster-perl/Dockerfile | 4 ++-- stable/buster/Dockerfile | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 794c446cf..4d18a32cd 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.16.0 -ENV NJS_VERSION 0.3.2 +ENV NGINX_VERSION 1.16.1 +ENV NJS_VERSION 0.3.4 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 49a567ef2..116c25fe3 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.16.0 -ENV NJS_VERSION 0.3.2 +ENV NGINX_VERSION 1.16.1 +ENV NJS_VERSION 0.3.4 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/stable/buster-perl/Dockerfile b/stable/buster-perl/Dockerfile index 2657f64a3..60ccaeec9 100644 --- a/stable/buster-perl/Dockerfile +++ b/stable/buster-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.16.0 -ENV NJS_VERSION 0.3.2 +ENV NGINX_VERSION 1.16.1 +ENV NJS_VERSION 0.3.4 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/stable/buster/Dockerfile b/stable/buster/Dockerfile index 05d593ecc..ac2d790fc 100644 --- a/stable/buster/Dockerfile +++ b/stable/buster/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.16.0 -ENV NJS_VERSION 0.3.2 +ENV NGINX_VERSION 1.16.1 +ENV NJS_VERSION 0.3.4 ENV PKG_RELEASE 1~buster RUN set -x \ From e3bbc1131a683dabf868268e62b9d3fbd250191b Mon Sep 17 00:00:00 2001 From: Andrei Belov Date: Thu, 15 Aug 2019 22:12:21 +0300 Subject: [PATCH 035/306] Updated njs to 0.3.5 --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/buster-perl/Dockerfile | 2 +- mainline/buster/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- stable/buster-perl/Dockerfile | 2 +- stable/buster/Dockerfile | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 17f534161..3451a3ab6 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.17.3 -ENV NJS_VERSION 0.3.4 +ENV NJS_VERSION 0.3.5 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 4ab425538..60c8fbe2b 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.17.3 -ENV NJS_VERSION 0.3.4 +ENV NJS_VERSION 0.3.5 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index 97b100c48..8c827f2f4 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -3,7 +3,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.17.3 -ENV NJS_VERSION 0.3.4 +ENV NJS_VERSION 0.3.5 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index d4137f048..b86929726 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -3,7 +3,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.17.3 -ENV NJS_VERSION 0.3.4 +ENV NJS_VERSION 0.3.5 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 4d18a32cd..f4f228c62 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.16.1 -ENV NJS_VERSION 0.3.4 +ENV NJS_VERSION 0.3.5 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 116c25fe3..ee26e5410 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.16.1 -ENV NJS_VERSION 0.3.4 +ENV NJS_VERSION 0.3.5 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/stable/buster-perl/Dockerfile b/stable/buster-perl/Dockerfile index 60ccaeec9..ea60a4974 100644 --- a/stable/buster-perl/Dockerfile +++ b/stable/buster-perl/Dockerfile @@ -3,7 +3,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.16.1 -ENV NJS_VERSION 0.3.4 +ENV NJS_VERSION 0.3.5 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/stable/buster/Dockerfile b/stable/buster/Dockerfile index ac2d790fc..84d269ce5 100644 --- a/stable/buster/Dockerfile +++ b/stable/buster/Dockerfile @@ -3,7 +3,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.16.1 -ENV NJS_VERSION 0.3.4 +ENV NJS_VERSION 0.3.5 ENV PKG_RELEASE 1~buster RUN set -x \ From 0ad6faa0790f423fb239f2b8800dc339d763869a Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 27 Aug 2019 13:17:27 +0300 Subject: [PATCH 036/306] alpine: bump pkg-oss revision to fetch njs 0.3.5 sources --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 3451a3ab6..0739c2801 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -69,7 +69,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ + && hg up -r 428 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 60c8fbe2b..524248889 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -68,7 +68,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ + && hg up -r 428 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index f4f228c62..0251a44e7 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -69,7 +69,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up -r 417 \ + && hg up -r 429 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index ee26e5410..0bbe66680 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -68,7 +68,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up -r 417 \ + && hg up -r 429 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ From 23a990403d6dbe102bf2c72ab2f6a239e940e3c3 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 24 Sep 2019 19:33:38 +0300 Subject: [PATCH 037/306] Updated mainline nginx to 1.17.4 --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/buster-perl/Dockerfile | 2 +- mainline/buster/Dockerfile | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 0739c2801..f274a3091 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.3 +ENV NGINX_VERSION 1.17.4 ENV NJS_VERSION 0.3.5 ENV PKG_RELEASE 1 @@ -69,7 +69,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up -r 428 \ + && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 524248889..d2fbdfecd 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.3 +ENV NGINX_VERSION 1.17.4 ENV NJS_VERSION 0.3.5 ENV PKG_RELEASE 1 @@ -68,7 +68,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up -r 428 \ + && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index 8c827f2f4..a25851a28 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -2,7 +2,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.3 +ENV NGINX_VERSION 1.17.4 ENV NJS_VERSION 0.3.5 ENV PKG_RELEASE 1~buster diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index b86929726..8bb1cdaec 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -2,7 +2,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.3 +ENV NGINX_VERSION 1.17.4 ENV NJS_VERSION 0.3.5 ENV PKG_RELEASE 1~buster From fe97d699daae7e04f916771ac520f7cf25ab2b27 Mon Sep 17 00:00:00 2001 From: Andrei Belov Date: Tue, 22 Oct 2019 19:28:56 +0300 Subject: [PATCH 038/306] Updated nginx to 1.17.5 and njs to 0.3.6 --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/buster-perl/Dockerfile | 4 ++-- mainline/buster/Dockerfile | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index f274a3091..5f25c7111 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.4 -ENV NJS_VERSION 0.3.5 +ENV NGINX_VERSION 1.17.5 +ENV NJS_VERSION 0.3.6 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index d2fbdfecd..9db13acb9 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.4 -ENV NJS_VERSION 0.3.5 +ENV NGINX_VERSION 1.17.5 +ENV NJS_VERSION 0.3.6 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index a25851a28..e7c11edc2 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.4 -ENV NJS_VERSION 0.3.5 +ENV NGINX_VERSION 1.17.5 +ENV NJS_VERSION 0.3.6 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index 8bb1cdaec..01601cd21 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.4 -ENV NJS_VERSION 0.3.5 +ENV NGINX_VERSION 1.17.5 +ENV NJS_VERSION 0.3.6 ENV PKG_RELEASE 1~buster RUN set -x \ From 7413661f772413ce02456db044d246c811a734be Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 13 Nov 2019 18:25:56 +0300 Subject: [PATCH 039/306] alpine: forced installing nginx packages from our repos That fixes clashes between alpine linux own repositories and our repos when they have the same versions available. --- mainline/alpine-perl/Dockerfile | 11 ++--------- mainline/alpine/Dockerfile | 11 ++--------- stable/alpine-perl/Dockerfile | 11 ++--------- stable/alpine/Dockerfile | 11 ++--------- 4 files changed, 8 insertions(+), 36 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 5f25c7111..7a2253ac2 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -34,12 +34,8 @@ RUN set -x \ echo "key verification failed!"; \ exit 1; \ fi \ - && printf "%s%s%s\n" \ - "https://nginx.org/packages/mainline/alpine/v" \ - `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \ - "/main" \ - | tee -a /etc/apk/repositories \ && apk del .cert-deps \ + && apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for @@ -75,18 +71,15 @@ RUN set -x \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ - && echo "${tempDir}/packages/alpine/" >> /etc/apk/repositories \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ && apk del .build-deps \ + && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ - && apk add --no-cache $nginxPackages \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ -# remove the last line with the packages repos in the repositories file - && sed -i '$ d' /etc/apk/repositories \ # Bring in gettext so we can get `envsubst`, then throw # the rest away. To do this, we need to install `gettext` # then move `envsubst` out of the way so `gettext` can diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 9db13acb9..d5917e148 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -33,12 +33,8 @@ RUN set -x \ echo "key verification failed!"; \ exit 1; \ fi \ - && printf "%s%s%s\n" \ - "https://nginx.org/packages/mainline/alpine/v" \ - `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \ - "/main" \ - | tee -a /etc/apk/repositories \ && apk del .cert-deps \ + && apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for @@ -74,18 +70,15 @@ RUN set -x \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ - && echo "${tempDir}/packages/alpine/" >> /etc/apk/repositories \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ && apk del .build-deps \ + && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ - && apk add --no-cache $nginxPackages \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ -# remove the last line with the packages repos in the repositories file - && sed -i '$ d' /etc/apk/repositories \ # Bring in gettext so we can get `envsubst`, then throw # the rest away. To do this, we need to install `gettext` # then move `envsubst` out of the way so `gettext` can diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 0251a44e7..c47a16b5f 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -34,12 +34,8 @@ RUN set -x \ echo "key verification failed!"; \ exit 1; \ fi \ - && printf "%s%s%s\n" \ - "https://nginx.org/packages/alpine/v" \ - `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \ - "/main" \ - | tee -a /etc/apk/repositories \ && apk del .cert-deps \ + && apk add -X "https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for @@ -75,18 +71,15 @@ RUN set -x \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ - && echo "${tempDir}/packages/alpine/" >> /etc/apk/repositories \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ && apk del .build-deps \ + && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ - && apk add --no-cache $nginxPackages \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ -# remove the last line with the packages repos in the repositories file - && sed -i '$ d' /etc/apk/repositories \ # Bring in gettext so we can get `envsubst`, then throw # the rest away. To do this, we need to install `gettext` # then move `envsubst` out of the way so `gettext` can diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 0bbe66680..38378c49d 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -33,12 +33,8 @@ RUN set -x \ echo "key verification failed!"; \ exit 1; \ fi \ - && printf "%s%s%s\n" \ - "https://nginx.org/packages/alpine/v" \ - `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \ - "/main" \ - | tee -a /etc/apk/repositories \ && apk del .cert-deps \ + && apk add -X "https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for @@ -74,18 +70,15 @@ RUN set -x \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ - && echo "${tempDir}/packages/alpine/" >> /etc/apk/repositories \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ && apk del .build-deps \ + && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ - && apk add --no-cache $nginxPackages \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ -# remove the last line with the packages repos in the repositories file - && sed -i '$ d' /etc/apk/repositories \ # Bring in gettext so we can get `envsubst`, then throw # the rest away. To do this, we need to install `gettext` # then move `envsubst` out of the way so `gettext` can From a973c221f6cedede4dab3ab36d18240c4d3e3d74 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 19 Nov 2019 19:20:45 +0300 Subject: [PATCH 040/306] Updated nginx to 1.17.6 and njs to 0.3.7 --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/buster-perl/Dockerfile | 4 ++-- mainline/buster/Dockerfile | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 7a2253ac2..f21b85658 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.5 -ENV NJS_VERSION 0.3.6 +ENV NGINX_VERSION 1.17.6 +ENV NJS_VERSION 0.3.7 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index d5917e148..1ca4bd468 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.5 -ENV NJS_VERSION 0.3.6 +ENV NGINX_VERSION 1.17.6 +ENV NJS_VERSION 0.3.7 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index e7c11edc2..467dd49c7 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.5 -ENV NJS_VERSION 0.3.6 +ENV NGINX_VERSION 1.17.6 +ENV NJS_VERSION 0.3.7 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index 01601cd21..f039a6375 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.5 -ENV NJS_VERSION 0.3.6 +ENV NGINX_VERSION 1.17.6 +ENV NJS_VERSION 0.3.7 ENV PKG_RELEASE 1~buster RUN set -x \ From 0f2f33169297d7571d733f3a9122e3486704c859 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 9 Jan 2020 13:00:19 +0300 Subject: [PATCH 041/306] Updated mainline nginx to 1.17.7 --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/buster-perl/Dockerfile | 2 +- mainline/buster/Dockerfile | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index f21b85658..48ffe0e51 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.6 +ENV NGINX_VERSION 1.17.7 ENV NJS_VERSION 0.3.7 ENV PKG_RELEASE 1 diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 1ca4bd468..8b204230d 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.6 +ENV NGINX_VERSION 1.17.7 ENV NJS_VERSION 0.3.7 ENV PKG_RELEASE 1 diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index 467dd49c7..9dbcd3ae0 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -2,7 +2,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.6 +ENV NGINX_VERSION 1.17.7 ENV NJS_VERSION 0.3.7 ENV PKG_RELEASE 1~buster diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index f039a6375..8bd9c0cbd 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -2,7 +2,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.6 +ENV NGINX_VERSION 1.17.7 ENV NJS_VERSION 0.3.7 ENV PKG_RELEASE 1~buster From 5971de30c487356d5d2a2e1a79e02b2612f9a72f Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 21 Jan 2020 18:29:20 +0300 Subject: [PATCH 042/306] Updated nginx to 1.17.8 and njs to 0.3.8 --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/buster-perl/Dockerfile | 4 ++-- mainline/buster/Dockerfile | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 48ffe0e51..95dd1510e 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.7 -ENV NJS_VERSION 0.3.7 +ENV NGINX_VERSION 1.17.8 +ENV NJS_VERSION 0.3.8 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 8b204230d..ce06ecadc 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.7 -ENV NJS_VERSION 0.3.7 +ENV NGINX_VERSION 1.17.8 +ENV NJS_VERSION 0.3.8 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index 9dbcd3ae0..182876f01 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.7 -ENV NJS_VERSION 0.3.7 +ENV NGINX_VERSION 1.17.8 +ENV NJS_VERSION 0.3.8 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index 8bd9c0cbd..00d36742e 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.7 -ENV NJS_VERSION 0.3.7 +ENV NGINX_VERSION 1.17.8 +ENV NJS_VERSION 0.3.8 ENV PKG_RELEASE 1~buster RUN set -x \ From f7738edec51adb47470a96ad120cd63975a9d3d0 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 21 Jan 2020 19:56:39 +0300 Subject: [PATCH 043/306] Updated njs to 0.3.8 in stable nginx --- stable/alpine-perl/Dockerfile | 4 ++-- stable/alpine/Dockerfile | 4 ++-- stable/buster-perl/Dockerfile | 2 +- stable/buster/Dockerfile | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index c47a16b5f..e03821580 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.16.1 -ENV NJS_VERSION 0.3.5 +ENV NJS_VERSION 0.3.8 ENV PKG_RELEASE 1 RUN set -x \ @@ -65,7 +65,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up -r 429 \ + && hg up -r 450 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 38378c49d..a7f8cdf4f 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.16.1 -ENV NJS_VERSION 0.3.5 +ENV NJS_VERSION 0.3.8 ENV PKG_RELEASE 1 RUN set -x \ @@ -64,7 +64,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up -r 429 \ + && hg up -r 450 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/buster-perl/Dockerfile b/stable/buster-perl/Dockerfile index ea60a4974..0c092ee02 100644 --- a/stable/buster-perl/Dockerfile +++ b/stable/buster-perl/Dockerfile @@ -3,7 +3,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.16.1 -ENV NJS_VERSION 0.3.5 +ENV NJS_VERSION 0.3.8 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/stable/buster/Dockerfile b/stable/buster/Dockerfile index 84d269ce5..f958d44b8 100644 --- a/stable/buster/Dockerfile +++ b/stable/buster/Dockerfile @@ -3,7 +3,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.16.1 -ENV NJS_VERSION 0.3.5 +ENV NJS_VERSION 0.3.8 ENV PKG_RELEASE 1~buster RUN set -x \ From 5c15613519a26c6adc244c24f814a95c786cfbc3 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 4 Mar 2020 16:11:44 +0300 Subject: [PATCH 044/306] Updated nginx to 1.17.9 and njs to 0.3.9 --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/buster-perl/Dockerfile | 4 ++-- mainline/buster/Dockerfile | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 95dd1510e..dd90e4b30 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.8 -ENV NJS_VERSION 0.3.8 +ENV NGINX_VERSION 1.17.9 +ENV NJS_VERSION 0.3.9 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index ce06ecadc..e5d32ece3 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.10 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.8 -ENV NJS_VERSION 0.3.8 +ENV NGINX_VERSION 1.17.9 +ENV NJS_VERSION 0.3.9 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index 182876f01..612def6ca 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.8 -ENV NJS_VERSION 0.3.8 +ENV NGINX_VERSION 1.17.9 +ENV NJS_VERSION 0.3.9 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index 00d36742e..ef322cb6b 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.8 -ENV NJS_VERSION 0.3.8 +ENV NGINX_VERSION 1.17.9 +ENV NJS_VERSION 0.3.9 ENV PKG_RELEASE 1~buster RUN set -x \ From 594ce7a8bc26c85af88495ac94d5cd0096b306f7 Mon Sep 17 00:00:00 2001 From: J0WI Date: Tue, 14 Apr 2020 20:44:35 +0200 Subject: [PATCH 045/306] Update nginx to 1.17.10 and Alpine to 3.11 --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/buster-perl/Dockerfile | 2 +- mainline/buster/Dockerfile | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index dd90e4b30..7e9748414 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -1,8 +1,8 @@ -FROM alpine:3.10 +FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.9 +ENV NGINX_VERSION 1.17.10 ENV NJS_VERSION 0.3.9 ENV PKG_RELEASE 1 diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index e5d32ece3..244525783 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -1,8 +1,8 @@ -FROM alpine:3.10 +FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.9 +ENV NGINX_VERSION 1.17.10 ENV NJS_VERSION 0.3.9 ENV PKG_RELEASE 1 diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index 612def6ca..9b4e04876 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -2,7 +2,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.9 +ENV NGINX_VERSION 1.17.10 ENV NJS_VERSION 0.3.9 ENV PKG_RELEASE 1~buster diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index ef322cb6b..23e8a816c 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -2,7 +2,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.9 +ENV NGINX_VERSION 1.17.10 ENV NJS_VERSION 0.3.9 ENV PKG_RELEASE 1~buster From cab4f85211cef6e0672d4a44c783b09ae518b5ef Mon Sep 17 00:00:00 2001 From: chotow Date: Wed, 22 Apr 2020 17:44:52 +0800 Subject: [PATCH 046/306] Updated stable nginx to 1.18.0 --- stable/alpine-perl/Dockerfile | 8 ++++---- stable/alpine/Dockerfile | 8 ++++---- stable/buster-perl/Dockerfile | 4 ++-- stable/buster/Dockerfile | 4 ++-- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index e03821580..ed451a03c 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -1,9 +1,9 @@ -FROM alpine:3.10 +FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.16.1 -ENV NJS_VERSION 0.3.8 +ENV NGINX_VERSION 1.18.0 +ENV NJS_VERSION 0.3.9 ENV PKG_RELEASE 1 RUN set -x \ @@ -65,7 +65,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up -r 450 \ + && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index a7f8cdf4f..ef1088e84 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -1,9 +1,9 @@ -FROM alpine:3.10 +FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.16.1 -ENV NJS_VERSION 0.3.8 +ENV NGINX_VERSION 1.18.0 +ENV NJS_VERSION 0.3.9 ENV PKG_RELEASE 1 RUN set -x \ @@ -64,7 +64,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up -r 450 \ + && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/buster-perl/Dockerfile b/stable/buster-perl/Dockerfile index 0c092ee02..a477b1c7a 100644 --- a/stable/buster-perl/Dockerfile +++ b/stable/buster-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.16.1 -ENV NJS_VERSION 0.3.8 +ENV NGINX_VERSION 1.18.0 +ENV NJS_VERSION 0.3.9 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/stable/buster/Dockerfile b/stable/buster/Dockerfile index f958d44b8..9f289bf49 100644 --- a/stable/buster/Dockerfile +++ b/stable/buster/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.16.1 -ENV NJS_VERSION 0.3.8 +ENV NGINX_VERSION 1.18.0 +ENV NJS_VERSION 0.3.9 ENV PKG_RELEASE 1~buster RUN set -x \ From b6120b10418b3f892cd5d141467419eb6fd6c3a0 Mon Sep 17 00:00:00 2001 From: chotow Date: Wed, 22 Apr 2020 17:46:51 +0800 Subject: [PATCH 047/306] Updated generate-stackbrew-library.sh --- generate-stackbrew-library.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 4464e4665..1f5062444 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -3,8 +3,8 @@ set -eu declare -A aliases aliases=( - [mainline]='1 1.17 latest' - [stable]='1.16' + [mainline]='1 1.19 latest' + [stable]='1.18' ) self="$(basename "$BASH_SOURCE")" From abef566d0a619721144d59f7a8dd482669250276 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 21 Apr 2020 16:19:59 +0300 Subject: [PATCH 048/306] Listen on ipv6 by default Fixes #394. --- mainline/alpine-perl/Dockerfile | 5 ++++- mainline/alpine/Dockerfile | 5 ++++- mainline/buster-perl/Dockerfile | 4 ++++ mainline/buster/Dockerfile | 4 ++++ stable/alpine-perl/Dockerfile | 5 ++++- stable/alpine/Dockerfile | 5 ++++- stable/buster-perl/Dockerfile | 4 ++++ stable/buster/Dockerfile | 4 ++++ 8 files changed, 32 insertions(+), 4 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 7e9748414..64ecd48fd 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -102,7 +102,10 @@ RUN set -x \ && apk add --no-cache tzdata \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log + && ln -sf /dev/stderr /var/log/nginx/error.log \ +# make default server listen on ipv6 + && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ + /etc/nginx/conf.d/default.conf EXPOSE 80 diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 244525783..d7ec4c40c 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -101,7 +101,10 @@ RUN set -x \ && apk add --no-cache tzdata \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log + && ln -sf /dev/stderr /var/log/nginx/error.log \ +# make default server listen on ipv6 + && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ + /etc/nginx/conf.d/default.conf EXPOSE 80 diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index 9b4e04876..af72698b3 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -97,6 +97,10 @@ RUN set -x \ RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log +# make default server listen on ipv6 +RUN sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ + /etc/nginx/conf.d/default.conf + EXPOSE 80 STOPSIGNAL SIGTERM diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index 23e8a816c..339431819 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -96,6 +96,10 @@ RUN set -x \ RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log +# make default server listen on ipv6 +RUN sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ + /etc/nginx/conf.d/default.conf + EXPOSE 80 STOPSIGNAL SIGTERM diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index ed451a03c..213f33f8a 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -102,7 +102,10 @@ RUN set -x \ && apk add --no-cache tzdata \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log + && ln -sf /dev/stderr /var/log/nginx/error.log \ +# make default server listen on ipv6 + && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ + /etc/nginx/conf.d/default.conf EXPOSE 80 diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index ef1088e84..debe3ac70 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -101,7 +101,10 @@ RUN set -x \ && apk add --no-cache tzdata \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log + && ln -sf /dev/stderr /var/log/nginx/error.log \ +# make default server listen on ipv6 + && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ + /etc/nginx/conf.d/default.conf EXPOSE 80 diff --git a/stable/buster-perl/Dockerfile b/stable/buster-perl/Dockerfile index a477b1c7a..72c0c92f1 100644 --- a/stable/buster-perl/Dockerfile +++ b/stable/buster-perl/Dockerfile @@ -97,6 +97,10 @@ RUN set -x \ RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log +# make default server listen on ipv6 +RUN sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ + /etc/nginx/conf.d/default.conf + EXPOSE 80 STOPSIGNAL SIGTERM diff --git a/stable/buster/Dockerfile b/stable/buster/Dockerfile index 9f289bf49..8049d482e 100644 --- a/stable/buster/Dockerfile +++ b/stable/buster/Dockerfile @@ -96,6 +96,10 @@ RUN set -x \ RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log +# make default server listen on ipv6 +RUN sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ + /etc/nginx/conf.d/default.conf + EXPOSE 80 STOPSIGNAL SIGTERM From 87f9340ea4b85b6ffada26d40e8a7ca99ef74a03 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 21 Apr 2020 16:37:37 +0300 Subject: [PATCH 049/306] Provide curl inside images to simplify service discovery registration Fixes #378. --- mainline/alpine-perl/Dockerfile | 2 ++ mainline/alpine/Dockerfile | 2 ++ mainline/buster-perl/Dockerfile | 3 ++- mainline/buster/Dockerfile | 3 ++- stable/alpine-perl/Dockerfile | 2 ++ stable/alpine/Dockerfile | 2 ++ stable/buster-perl/Dockerfile | 3 ++- stable/buster/Dockerfile | 3 ++- 8 files changed, 16 insertions(+), 4 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 64ecd48fd..1d46a0c59 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -100,6 +100,8 @@ RUN set -x \ # Bring in tzdata so users could set the timezones through the environment # variables && apk add --no-cache tzdata \ +# Bring in curl and ca-certificates to make registering on DNS SD easier + && apk add --no-cache curl ca-certificates \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index d7ec4c40c..5d3bea962 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -99,6 +99,8 @@ RUN set -x \ # Bring in tzdata so users could set the timezones through the environment # variables && apk add --no-cache tzdata \ +# Bring in curl and ca-certificates to make registering on DNS SD easier + && apk add --no-cache curl ca-certificates \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log \ diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index af72698b3..eabb7223c 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -85,7 +85,8 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y \ $nginxPackages \ gettext-base \ - && apt-get remove --purge --auto-remove -y ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + curl \ + && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then \ diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index 339431819..4c2cc9a7a 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -84,7 +84,8 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y \ $nginxPackages \ gettext-base \ - && apt-get remove --purge --auto-remove -y ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + curl \ + && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 213f33f8a..e094aca89 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -100,6 +100,8 @@ RUN set -x \ # Bring in tzdata so users could set the timezones through the environment # variables && apk add --no-cache tzdata \ +# Bring in curl and ca-certificates to make registering on DNS SD easier + && apk add --no-cache curl ca-certificates \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index debe3ac70..517fc6461 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -99,6 +99,8 @@ RUN set -x \ # Bring in tzdata so users could set the timezones through the environment # variables && apk add --no-cache tzdata \ +# Bring in curl and ca-certificates to make registering on DNS SD easier + && apk add --no-cache curl ca-certificates \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log \ diff --git a/stable/buster-perl/Dockerfile b/stable/buster-perl/Dockerfile index 72c0c92f1..890a455d1 100644 --- a/stable/buster-perl/Dockerfile +++ b/stable/buster-perl/Dockerfile @@ -85,7 +85,8 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y \ $nginxPackages \ gettext-base \ - && apt-get remove --purge --auto-remove -y ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + curl \ + && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then \ diff --git a/stable/buster/Dockerfile b/stable/buster/Dockerfile index 8049d482e..d14be0270 100644 --- a/stable/buster/Dockerfile +++ b/stable/buster/Dockerfile @@ -84,7 +84,8 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y \ $nginxPackages \ gettext-base \ - && apt-get remove --purge --auto-remove -y ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + curl \ + && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then \ From 70e44865208627c5ada57242b46920205603c096 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 23 Apr 2020 17:32:05 +0300 Subject: [PATCH 050/306] Updated njs to 0.4.0 --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/buster-perl/Dockerfile | 2 +- mainline/buster/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 4 ++-- stable/alpine/Dockerfile | 4 ++-- stable/buster-perl/Dockerfile | 2 +- stable/buster/Dockerfile | 2 +- 8 files changed, 10 insertions(+), 10 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 1d46a0c59..d14ebc4b2 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.17.10 -ENV NJS_VERSION 0.3.9 +ENV NJS_VERSION 0.4.0 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 5d3bea962..6b8391862 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.17.10 -ENV NJS_VERSION 0.3.9 +ENV NJS_VERSION 0.4.0 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index eabb7223c..456baaa96 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -3,7 +3,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.17.10 -ENV NJS_VERSION 0.3.9 +ENV NJS_VERSION 0.4.0 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index 4c2cc9a7a..da207926e 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -3,7 +3,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.17.10 -ENV NJS_VERSION 0.3.9 +ENV NJS_VERSION 0.4.0 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index e094aca89..8aa45d0c3 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.18.0 -ENV NJS_VERSION 0.3.9 +ENV NJS_VERSION 0.4.0 ENV PKG_RELEASE 1 RUN set -x \ @@ -65,7 +65,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ + && hg up -r 474 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 517fc6461..fedb169cd 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.18.0 -ENV NJS_VERSION 0.3.9 +ENV NJS_VERSION 0.4.0 ENV PKG_RELEASE 1 RUN set -x \ @@ -64,7 +64,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ + && hg up -r 474 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/buster-perl/Dockerfile b/stable/buster-perl/Dockerfile index 890a455d1..f313a7bc4 100644 --- a/stable/buster-perl/Dockerfile +++ b/stable/buster-perl/Dockerfile @@ -3,7 +3,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.18.0 -ENV NJS_VERSION 0.3.9 +ENV NJS_VERSION 0.4.0 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/stable/buster/Dockerfile b/stable/buster/Dockerfile index d14be0270..22085bc51 100644 --- a/stable/buster/Dockerfile +++ b/stable/buster/Dockerfile @@ -3,7 +3,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.18.0 -ENV NJS_VERSION 0.3.9 +ENV NJS_VERSION 0.4.0 ENV PKG_RELEASE 1~buster RUN set -x \ From 8ec60b8d3132eb78a2c9ec120490095142f9bcab Mon Sep 17 00:00:00 2001 From: J0WI Date: Thu, 30 Apr 2020 22:42:57 +0200 Subject: [PATCH 051/306] Update supported architectures (fix #405) Added: - arm32v7 for Alpine - arm32v5 and mips64le for Debian --- generate-stackbrew-library.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 1f5062444..13e252de2 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -64,7 +64,7 @@ for version in "${versions[@]}"; do echo cat <<-EOE Tags: $(join ', ' "${versionAliases[@]}") - Architectures: amd64, arm32v7, arm64v8, i386, ppc64le, s390x + Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x GitCommit: $commit Directory: $version/$base EOE @@ -78,7 +78,7 @@ for version in "${versions[@]}"; do echo cat <<-EOE Tags: $(join ', ' "${variantAliases[@]}") - Architectures: amd64, arm32v7, arm64v8, i386, ppc64le, s390x + Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x GitCommit: $commit Directory: $version/$variant EOE @@ -93,7 +93,7 @@ for version in "${versions[@]}"; do echo cat <<-EOE Tags: $(join ', ' "${variantAliases[@]}") - Architectures: amd64, arm32v6, arm64v8, i386, ppc64le, s390x + Architectures: arm64v8, arm32v6, arm32v7, ppc64le, s390x, i386, amd64 GitCommit: $commit Directory: $version/$variant EOE From 1acd7f697e11482edfdb0b3779f39aa3d0529cd0 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 26 May 2020 00:37:55 +0300 Subject: [PATCH 052/306] Reduced the number of layers in debian-based images --- mainline/buster-perl/Dockerfile | 10 ++++------ mainline/buster/Dockerfile | 10 ++++------ stable/buster-perl/Dockerfile | 10 ++++------ stable/buster/Dockerfile | 10 ++++------ 4 files changed, 16 insertions(+), 24 deletions(-) diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index 456baaa96..294f86ecf 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -92,14 +92,12 @@ RUN set -x \ && if [ -n "$tempDir" ]; then \ apt-get purge -y --auto-remove \ && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi - + fi \ # forward request and error logs to docker log collector -RUN ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log - + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ # make default server listen on ipv6 -RUN sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ + && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ /etc/nginx/conf.d/default.conf EXPOSE 80 diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index da207926e..704217161 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -91,14 +91,12 @@ RUN set -x \ && if [ -n "$tempDir" ]; then \ apt-get purge -y --auto-remove \ && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi - + fi \ # forward request and error logs to docker log collector -RUN ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log - + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ # make default server listen on ipv6 -RUN sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ + && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ /etc/nginx/conf.d/default.conf EXPOSE 80 diff --git a/stable/buster-perl/Dockerfile b/stable/buster-perl/Dockerfile index f313a7bc4..2cc01e506 100644 --- a/stable/buster-perl/Dockerfile +++ b/stable/buster-perl/Dockerfile @@ -92,14 +92,12 @@ RUN set -x \ && if [ -n "$tempDir" ]; then \ apt-get purge -y --auto-remove \ && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi - + fi \ # forward request and error logs to docker log collector -RUN ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log - + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ # make default server listen on ipv6 -RUN sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ + && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ /etc/nginx/conf.d/default.conf EXPOSE 80 diff --git a/stable/buster/Dockerfile b/stable/buster/Dockerfile index 22085bc51..cce6f7d05 100644 --- a/stable/buster/Dockerfile +++ b/stable/buster/Dockerfile @@ -91,14 +91,12 @@ RUN set -x \ && if [ -n "$tempDir" ]; then \ apt-get purge -y --auto-remove \ && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi - + fi \ # forward request and error logs to docker log collector -RUN ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log - + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ # make default server listen on ipv6 -RUN sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ + && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ /etc/nginx/conf.d/default.conf EXPOSE 80 From e36b4f57b77618787caae825a72b93f8f40a8f74 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 26 May 2020 16:19:14 +0300 Subject: [PATCH 053/306] Introduced entrypoint This allows to launch configuration scripts on the start of container. --- mainline/alpine-perl/Dockerfile | 7 ++++- mainline/alpine-perl/docker-entrypoint.sh | 31 +++++++++++++++++++++++ mainline/alpine/Dockerfile | 7 ++++- mainline/alpine/docker-entrypoint.sh | 31 +++++++++++++++++++++++ mainline/buster-perl/Dockerfile | 7 ++++- mainline/buster-perl/docker-entrypoint.sh | 31 +++++++++++++++++++++++ mainline/buster/Dockerfile | 7 ++++- mainline/buster/docker-entrypoint.sh | 31 +++++++++++++++++++++++ stable/alpine-perl/Dockerfile | 7 ++++- stable/alpine-perl/docker-entrypoint.sh | 31 +++++++++++++++++++++++ stable/alpine/Dockerfile | 7 ++++- stable/alpine/docker-entrypoint.sh | 31 +++++++++++++++++++++++ stable/buster-perl/Dockerfile | 7 ++++- stable/buster-perl/docker-entrypoint.sh | 31 +++++++++++++++++++++++ stable/buster/Dockerfile | 7 ++++- stable/buster/docker-entrypoint.sh | 31 +++++++++++++++++++++++ 16 files changed, 296 insertions(+), 8 deletions(-) create mode 100755 mainline/alpine-perl/docker-entrypoint.sh create mode 100755 mainline/alpine/docker-entrypoint.sh create mode 100755 mainline/buster-perl/docker-entrypoint.sh create mode 100755 mainline/buster/docker-entrypoint.sh create mode 100755 stable/alpine-perl/docker-entrypoint.sh create mode 100755 stable/alpine/docker-entrypoint.sh create mode 100755 stable/buster-perl/docker-entrypoint.sh create mode 100755 stable/buster/docker-entrypoint.sh diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index d14ebc4b2..3fef8fbee 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -107,7 +107,12 @@ RUN set -x \ && ln -sf /dev/stderr /var/log/nginx/error.log \ # make default server listen on ipv6 && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ - /etc/nginx/conf.d/default.conf + /etc/nginx/conf.d/default.conf \ +# create a docker-entrypoint.d directory + && mkdir /docker-entrypoint.d + +COPY docker-entrypoint.sh / +ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/mainline/alpine-perl/docker-entrypoint.sh b/mainline/alpine-perl/docker-entrypoint.sh new file mode 100755 index 000000000..3836402be --- /dev/null +++ b/mainline/alpine-perl/docker-entrypoint.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env sh +# vim:sw=4:ts=4:et + +set -e + +if [ "$1" = "nginx" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -print -quit 2>/dev/null | /bin/grep -q .; then + echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform an initial configuration" + + echo "$0: Looking for shell scripts in /docker-entrypoint.d/" + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -executable | sort -n); do + echo "$0: Launching $f"; + "$f" + done + + # warn on shell scripts without exec bit + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -not -executable); do + echo "$0: Ignoring $f, not executable"; + done + # warn on filetypes we don't know what to do with + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -not -name "*.sh"); do + echo "$0: Ignoring $f"; + done + + echo "$0: Initial configuration complete; ready for start up" + else + echo "$0: /docker-entrypoint.d/ is empty, skipping initial configuration" + fi +fi + +exec "$@" diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 6b8391862..619fc4e90 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -106,7 +106,12 @@ RUN set -x \ && ln -sf /dev/stderr /var/log/nginx/error.log \ # make default server listen on ipv6 && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ - /etc/nginx/conf.d/default.conf + /etc/nginx/conf.d/default.conf \ +# create a docker-entrypoint.d directory + && mkdir /docker-entrypoint.d + +COPY docker-entrypoint.sh / +ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/mainline/alpine/docker-entrypoint.sh b/mainline/alpine/docker-entrypoint.sh new file mode 100755 index 000000000..3836402be --- /dev/null +++ b/mainline/alpine/docker-entrypoint.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env sh +# vim:sw=4:ts=4:et + +set -e + +if [ "$1" = "nginx" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -print -quit 2>/dev/null | /bin/grep -q .; then + echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform an initial configuration" + + echo "$0: Looking for shell scripts in /docker-entrypoint.d/" + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -executable | sort -n); do + echo "$0: Launching $f"; + "$f" + done + + # warn on shell scripts without exec bit + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -not -executable); do + echo "$0: Ignoring $f, not executable"; + done + # warn on filetypes we don't know what to do with + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -not -name "*.sh"); do + echo "$0: Ignoring $f"; + done + + echo "$0: Initial configuration complete; ready for start up" + else + echo "$0: /docker-entrypoint.d/ is empty, skipping initial configuration" + fi +fi + +exec "$@" diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index 294f86ecf..26ac40ddb 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -98,7 +98,12 @@ RUN set -x \ && ln -sf /dev/stderr /var/log/nginx/error.log \ # make default server listen on ipv6 && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ - /etc/nginx/conf.d/default.conf + /etc/nginx/conf.d/default.conf \ +# create a docker-entrypoint.d directory + && mkdir /docker-entrypoint.d + +COPY docker-entrypoint.sh / +ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/mainline/buster-perl/docker-entrypoint.sh b/mainline/buster-perl/docker-entrypoint.sh new file mode 100755 index 000000000..3836402be --- /dev/null +++ b/mainline/buster-perl/docker-entrypoint.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env sh +# vim:sw=4:ts=4:et + +set -e + +if [ "$1" = "nginx" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -print -quit 2>/dev/null | /bin/grep -q .; then + echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform an initial configuration" + + echo "$0: Looking for shell scripts in /docker-entrypoint.d/" + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -executable | sort -n); do + echo "$0: Launching $f"; + "$f" + done + + # warn on shell scripts without exec bit + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -not -executable); do + echo "$0: Ignoring $f, not executable"; + done + # warn on filetypes we don't know what to do with + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -not -name "*.sh"); do + echo "$0: Ignoring $f"; + done + + echo "$0: Initial configuration complete; ready for start up" + else + echo "$0: /docker-entrypoint.d/ is empty, skipping initial configuration" + fi +fi + +exec "$@" diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index 704217161..392e05265 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -97,7 +97,12 @@ RUN set -x \ && ln -sf /dev/stderr /var/log/nginx/error.log \ # make default server listen on ipv6 && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ - /etc/nginx/conf.d/default.conf + /etc/nginx/conf.d/default.conf \ +# create a docker-entrypoint.d directory + && mkdir /docker-entrypoint.d + +COPY docker-entrypoint.sh / +ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/mainline/buster/docker-entrypoint.sh b/mainline/buster/docker-entrypoint.sh new file mode 100755 index 000000000..3836402be --- /dev/null +++ b/mainline/buster/docker-entrypoint.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env sh +# vim:sw=4:ts=4:et + +set -e + +if [ "$1" = "nginx" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -print -quit 2>/dev/null | /bin/grep -q .; then + echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform an initial configuration" + + echo "$0: Looking for shell scripts in /docker-entrypoint.d/" + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -executable | sort -n); do + echo "$0: Launching $f"; + "$f" + done + + # warn on shell scripts without exec bit + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -not -executable); do + echo "$0: Ignoring $f, not executable"; + done + # warn on filetypes we don't know what to do with + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -not -name "*.sh"); do + echo "$0: Ignoring $f"; + done + + echo "$0: Initial configuration complete; ready for start up" + else + echo "$0: /docker-entrypoint.d/ is empty, skipping initial configuration" + fi +fi + +exec "$@" diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 8aa45d0c3..d470dadab 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -107,7 +107,12 @@ RUN set -x \ && ln -sf /dev/stderr /var/log/nginx/error.log \ # make default server listen on ipv6 && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ - /etc/nginx/conf.d/default.conf + /etc/nginx/conf.d/default.conf \ +# create a docker-entrypoint.d directory + && mkdir /docker-entrypoint.d + +COPY docker-entrypoint.sh / +ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/stable/alpine-perl/docker-entrypoint.sh b/stable/alpine-perl/docker-entrypoint.sh new file mode 100755 index 000000000..3836402be --- /dev/null +++ b/stable/alpine-perl/docker-entrypoint.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env sh +# vim:sw=4:ts=4:et + +set -e + +if [ "$1" = "nginx" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -print -quit 2>/dev/null | /bin/grep -q .; then + echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform an initial configuration" + + echo "$0: Looking for shell scripts in /docker-entrypoint.d/" + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -executable | sort -n); do + echo "$0: Launching $f"; + "$f" + done + + # warn on shell scripts without exec bit + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -not -executable); do + echo "$0: Ignoring $f, not executable"; + done + # warn on filetypes we don't know what to do with + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -not -name "*.sh"); do + echo "$0: Ignoring $f"; + done + + echo "$0: Initial configuration complete; ready for start up" + else + echo "$0: /docker-entrypoint.d/ is empty, skipping initial configuration" + fi +fi + +exec "$@" diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index fedb169cd..32c6746d5 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -106,7 +106,12 @@ RUN set -x \ && ln -sf /dev/stderr /var/log/nginx/error.log \ # make default server listen on ipv6 && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ - /etc/nginx/conf.d/default.conf + /etc/nginx/conf.d/default.conf \ +# create a docker-entrypoint.d directory + && mkdir /docker-entrypoint.d + +COPY docker-entrypoint.sh / +ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/stable/alpine/docker-entrypoint.sh b/stable/alpine/docker-entrypoint.sh new file mode 100755 index 000000000..3836402be --- /dev/null +++ b/stable/alpine/docker-entrypoint.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env sh +# vim:sw=4:ts=4:et + +set -e + +if [ "$1" = "nginx" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -print -quit 2>/dev/null | /bin/grep -q .; then + echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform an initial configuration" + + echo "$0: Looking for shell scripts in /docker-entrypoint.d/" + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -executable | sort -n); do + echo "$0: Launching $f"; + "$f" + done + + # warn on shell scripts without exec bit + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -not -executable); do + echo "$0: Ignoring $f, not executable"; + done + # warn on filetypes we don't know what to do with + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -not -name "*.sh"); do + echo "$0: Ignoring $f"; + done + + echo "$0: Initial configuration complete; ready for start up" + else + echo "$0: /docker-entrypoint.d/ is empty, skipping initial configuration" + fi +fi + +exec "$@" diff --git a/stable/buster-perl/Dockerfile b/stable/buster-perl/Dockerfile index 2cc01e506..59bcfb0f1 100644 --- a/stable/buster-perl/Dockerfile +++ b/stable/buster-perl/Dockerfile @@ -98,7 +98,12 @@ RUN set -x \ && ln -sf /dev/stderr /var/log/nginx/error.log \ # make default server listen on ipv6 && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ - /etc/nginx/conf.d/default.conf + /etc/nginx/conf.d/default.conf \ +# create a docker-entrypoint.d directory + && mkdir /docker-entrypoint.d + +COPY docker-entrypoint.sh / +ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/stable/buster-perl/docker-entrypoint.sh b/stable/buster-perl/docker-entrypoint.sh new file mode 100755 index 000000000..3836402be --- /dev/null +++ b/stable/buster-perl/docker-entrypoint.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env sh +# vim:sw=4:ts=4:et + +set -e + +if [ "$1" = "nginx" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -print -quit 2>/dev/null | /bin/grep -q .; then + echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform an initial configuration" + + echo "$0: Looking for shell scripts in /docker-entrypoint.d/" + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -executable | sort -n); do + echo "$0: Launching $f"; + "$f" + done + + # warn on shell scripts without exec bit + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -not -executable); do + echo "$0: Ignoring $f, not executable"; + done + # warn on filetypes we don't know what to do with + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -not -name "*.sh"); do + echo "$0: Ignoring $f"; + done + + echo "$0: Initial configuration complete; ready for start up" + else + echo "$0: /docker-entrypoint.d/ is empty, skipping initial configuration" + fi +fi + +exec "$@" diff --git a/stable/buster/Dockerfile b/stable/buster/Dockerfile index cce6f7d05..3b9067951 100644 --- a/stable/buster/Dockerfile +++ b/stable/buster/Dockerfile @@ -97,7 +97,12 @@ RUN set -x \ && ln -sf /dev/stderr /var/log/nginx/error.log \ # make default server listen on ipv6 && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ - /etc/nginx/conf.d/default.conf + /etc/nginx/conf.d/default.conf \ +# create a docker-entrypoint.d directory + && mkdir /docker-entrypoint.d + +COPY docker-entrypoint.sh / +ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/stable/buster/docker-entrypoint.sh b/stable/buster/docker-entrypoint.sh new file mode 100755 index 000000000..3836402be --- /dev/null +++ b/stable/buster/docker-entrypoint.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env sh +# vim:sw=4:ts=4:et + +set -e + +if [ "$1" = "nginx" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -print -quit 2>/dev/null | /bin/grep -q .; then + echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform an initial configuration" + + echo "$0: Looking for shell scripts in /docker-entrypoint.d/" + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -executable | sort -n); do + echo "$0: Launching $f"; + "$f" + done + + # warn on shell scripts without exec bit + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -not -executable); do + echo "$0: Ignoring $f, not executable"; + done + # warn on filetypes we don't know what to do with + for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -not -name "*.sh"); do + echo "$0: Ignoring $f"; + done + + echo "$0: Initial configuration complete; ready for start up" + else + echo "$0: /docker-entrypoint.d/ is empty, skipping initial configuration" + fi +fi + +exec "$@" From 47f11ab83f79a6c445c5c5c14dbad5b577a01019 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 26 May 2020 16:29:45 +0300 Subject: [PATCH 054/306] Enable ipv6 listens on the containers where ipv6 is detected This aims to fix #394. IPv6 will not be enabled if /proc/net/if_inet6 is not available inside a container or a default.conf differs from the one installed by the package manager. Those who modify default.conf are considered savvy enough to enable ipv6 via custom configuration. --- .../10-listen-on-ipv6-by-default.sh | 60 +++++++++++++++++++ mainline/alpine-perl/Dockerfile | 4 +- .../alpine/10-listen-on-ipv6-by-default.sh | 60 +++++++++++++++++++ mainline/alpine/Dockerfile | 4 +- .../10-listen-on-ipv6-by-default.sh | 60 +++++++++++++++++++ mainline/buster-perl/Dockerfile | 4 +- .../buster/10-listen-on-ipv6-by-default.sh | 60 +++++++++++++++++++ mainline/buster/Dockerfile | 4 +- .../10-listen-on-ipv6-by-default.sh | 60 +++++++++++++++++++ stable/alpine-perl/Dockerfile | 4 +- stable/alpine/10-listen-on-ipv6-by-default.sh | 60 +++++++++++++++++++ stable/alpine/Dockerfile | 4 +- .../10-listen-on-ipv6-by-default.sh | 60 +++++++++++++++++++ stable/buster-perl/Dockerfile | 4 +- stable/buster/10-listen-on-ipv6-by-default.sh | 60 +++++++++++++++++++ stable/buster/Dockerfile | 4 +- 16 files changed, 488 insertions(+), 24 deletions(-) create mode 100755 mainline/alpine-perl/10-listen-on-ipv6-by-default.sh create mode 100755 mainline/alpine/10-listen-on-ipv6-by-default.sh create mode 100755 mainline/buster-perl/10-listen-on-ipv6-by-default.sh create mode 100755 mainline/buster/10-listen-on-ipv6-by-default.sh create mode 100755 stable/alpine-perl/10-listen-on-ipv6-by-default.sh create mode 100755 stable/alpine/10-listen-on-ipv6-by-default.sh create mode 100755 stable/buster-perl/10-listen-on-ipv6-by-default.sh create mode 100755 stable/buster/10-listen-on-ipv6-by-default.sh diff --git a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh new file mode 100755 index 000000000..4c52245b9 --- /dev/null +++ b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -0,0 +1,60 @@ +#!/bin/sh +# vim:sw=4:ts=4:et + +set -e + +ME=$(basename $0) +DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" + +# check if we have ipv6 available +if [ -f "/proc/net/if_inet6" ]; then + continue +else + echo "$ME: ipv6 not available, exiting" 1>&2 + exit 0 +fi + + +if [ -f "/$DEFAULT_CONF_FILE" ]; then + continue +else + echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 + exit 0 +fi + +if [ -f "/etc/os-release" ]; then + . /etc/os-release +else + echo "$ME: can not guess the operating system, exiting" 1>&2 + exit 0 +fi + +echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" + +case "$ID" in + "debian") + CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 + exit 0 + } + ;; + "alpine") + CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { + echo "$ME: /$DEFAULT_CONF_FILE differs from the packages version, exiting" 1>&2 + exit 0 + } + ;; + *) + echo "$ME: Unsupported distribution, exiting" 1>&2 + exit 0 + ;; +esac + +# enable ipv6 on default.conf listen sockets +sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE + +echo "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" + +exit 0 diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 3fef8fbee..3ac6f4318 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -105,13 +105,11 @@ RUN set -x \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log \ -# make default server listen on ipv6 - && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ - /etc/nginx/conf.d/default.conf \ # create a docker-entrypoint.d directory && mkdir /docker-entrypoint.d COPY docker-entrypoint.sh / +COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/mainline/alpine/10-listen-on-ipv6-by-default.sh b/mainline/alpine/10-listen-on-ipv6-by-default.sh new file mode 100755 index 000000000..4c52245b9 --- /dev/null +++ b/mainline/alpine/10-listen-on-ipv6-by-default.sh @@ -0,0 +1,60 @@ +#!/bin/sh +# vim:sw=4:ts=4:et + +set -e + +ME=$(basename $0) +DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" + +# check if we have ipv6 available +if [ -f "/proc/net/if_inet6" ]; then + continue +else + echo "$ME: ipv6 not available, exiting" 1>&2 + exit 0 +fi + + +if [ -f "/$DEFAULT_CONF_FILE" ]; then + continue +else + echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 + exit 0 +fi + +if [ -f "/etc/os-release" ]; then + . /etc/os-release +else + echo "$ME: can not guess the operating system, exiting" 1>&2 + exit 0 +fi + +echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" + +case "$ID" in + "debian") + CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 + exit 0 + } + ;; + "alpine") + CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { + echo "$ME: /$DEFAULT_CONF_FILE differs from the packages version, exiting" 1>&2 + exit 0 + } + ;; + *) + echo "$ME: Unsupported distribution, exiting" 1>&2 + exit 0 + ;; +esac + +# enable ipv6 on default.conf listen sockets +sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE + +echo "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" + +exit 0 diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 619fc4e90..afc8a8f19 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -104,13 +104,11 @@ RUN set -x \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log \ -# make default server listen on ipv6 - && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ - /etc/nginx/conf.d/default.conf \ # create a docker-entrypoint.d directory && mkdir /docker-entrypoint.d COPY docker-entrypoint.sh / +COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/mainline/buster-perl/10-listen-on-ipv6-by-default.sh b/mainline/buster-perl/10-listen-on-ipv6-by-default.sh new file mode 100755 index 000000000..4c52245b9 --- /dev/null +++ b/mainline/buster-perl/10-listen-on-ipv6-by-default.sh @@ -0,0 +1,60 @@ +#!/bin/sh +# vim:sw=4:ts=4:et + +set -e + +ME=$(basename $0) +DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" + +# check if we have ipv6 available +if [ -f "/proc/net/if_inet6" ]; then + continue +else + echo "$ME: ipv6 not available, exiting" 1>&2 + exit 0 +fi + + +if [ -f "/$DEFAULT_CONF_FILE" ]; then + continue +else + echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 + exit 0 +fi + +if [ -f "/etc/os-release" ]; then + . /etc/os-release +else + echo "$ME: can not guess the operating system, exiting" 1>&2 + exit 0 +fi + +echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" + +case "$ID" in + "debian") + CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 + exit 0 + } + ;; + "alpine") + CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { + echo "$ME: /$DEFAULT_CONF_FILE differs from the packages version, exiting" 1>&2 + exit 0 + } + ;; + *) + echo "$ME: Unsupported distribution, exiting" 1>&2 + exit 0 + ;; +esac + +# enable ipv6 on default.conf listen sockets +sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE + +echo "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" + +exit 0 diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index 26ac40ddb..8bf66cfb7 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -96,13 +96,11 @@ RUN set -x \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log \ -# make default server listen on ipv6 - && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ - /etc/nginx/conf.d/default.conf \ # create a docker-entrypoint.d directory && mkdir /docker-entrypoint.d COPY docker-entrypoint.sh / +COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/mainline/buster/10-listen-on-ipv6-by-default.sh b/mainline/buster/10-listen-on-ipv6-by-default.sh new file mode 100755 index 000000000..4c52245b9 --- /dev/null +++ b/mainline/buster/10-listen-on-ipv6-by-default.sh @@ -0,0 +1,60 @@ +#!/bin/sh +# vim:sw=4:ts=4:et + +set -e + +ME=$(basename $0) +DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" + +# check if we have ipv6 available +if [ -f "/proc/net/if_inet6" ]; then + continue +else + echo "$ME: ipv6 not available, exiting" 1>&2 + exit 0 +fi + + +if [ -f "/$DEFAULT_CONF_FILE" ]; then + continue +else + echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 + exit 0 +fi + +if [ -f "/etc/os-release" ]; then + . /etc/os-release +else + echo "$ME: can not guess the operating system, exiting" 1>&2 + exit 0 +fi + +echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" + +case "$ID" in + "debian") + CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 + exit 0 + } + ;; + "alpine") + CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { + echo "$ME: /$DEFAULT_CONF_FILE differs from the packages version, exiting" 1>&2 + exit 0 + } + ;; + *) + echo "$ME: Unsupported distribution, exiting" 1>&2 + exit 0 + ;; +esac + +# enable ipv6 on default.conf listen sockets +sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE + +echo "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" + +exit 0 diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index 392e05265..4529d063e 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -95,13 +95,11 @@ RUN set -x \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log \ -# make default server listen on ipv6 - && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ - /etc/nginx/conf.d/default.conf \ # create a docker-entrypoint.d directory && mkdir /docker-entrypoint.d COPY docker-entrypoint.sh / +COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh new file mode 100755 index 000000000..4c52245b9 --- /dev/null +++ b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -0,0 +1,60 @@ +#!/bin/sh +# vim:sw=4:ts=4:et + +set -e + +ME=$(basename $0) +DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" + +# check if we have ipv6 available +if [ -f "/proc/net/if_inet6" ]; then + continue +else + echo "$ME: ipv6 not available, exiting" 1>&2 + exit 0 +fi + + +if [ -f "/$DEFAULT_CONF_FILE" ]; then + continue +else + echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 + exit 0 +fi + +if [ -f "/etc/os-release" ]; then + . /etc/os-release +else + echo "$ME: can not guess the operating system, exiting" 1>&2 + exit 0 +fi + +echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" + +case "$ID" in + "debian") + CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 + exit 0 + } + ;; + "alpine") + CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { + echo "$ME: /$DEFAULT_CONF_FILE differs from the packages version, exiting" 1>&2 + exit 0 + } + ;; + *) + echo "$ME: Unsupported distribution, exiting" 1>&2 + exit 0 + ;; +esac + +# enable ipv6 on default.conf listen sockets +sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE + +echo "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" + +exit 0 diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index d470dadab..f2556fbb4 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -105,13 +105,11 @@ RUN set -x \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log \ -# make default server listen on ipv6 - && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ - /etc/nginx/conf.d/default.conf \ # create a docker-entrypoint.d directory && mkdir /docker-entrypoint.d COPY docker-entrypoint.sh / +COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/stable/alpine/10-listen-on-ipv6-by-default.sh b/stable/alpine/10-listen-on-ipv6-by-default.sh new file mode 100755 index 000000000..4c52245b9 --- /dev/null +++ b/stable/alpine/10-listen-on-ipv6-by-default.sh @@ -0,0 +1,60 @@ +#!/bin/sh +# vim:sw=4:ts=4:et + +set -e + +ME=$(basename $0) +DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" + +# check if we have ipv6 available +if [ -f "/proc/net/if_inet6" ]; then + continue +else + echo "$ME: ipv6 not available, exiting" 1>&2 + exit 0 +fi + + +if [ -f "/$DEFAULT_CONF_FILE" ]; then + continue +else + echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 + exit 0 +fi + +if [ -f "/etc/os-release" ]; then + . /etc/os-release +else + echo "$ME: can not guess the operating system, exiting" 1>&2 + exit 0 +fi + +echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" + +case "$ID" in + "debian") + CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 + exit 0 + } + ;; + "alpine") + CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { + echo "$ME: /$DEFAULT_CONF_FILE differs from the packages version, exiting" 1>&2 + exit 0 + } + ;; + *) + echo "$ME: Unsupported distribution, exiting" 1>&2 + exit 0 + ;; +esac + +# enable ipv6 on default.conf listen sockets +sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE + +echo "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" + +exit 0 diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 32c6746d5..462670470 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -104,13 +104,11 @@ RUN set -x \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log \ -# make default server listen on ipv6 - && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ - /etc/nginx/conf.d/default.conf \ # create a docker-entrypoint.d directory && mkdir /docker-entrypoint.d COPY docker-entrypoint.sh / +COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/stable/buster-perl/10-listen-on-ipv6-by-default.sh b/stable/buster-perl/10-listen-on-ipv6-by-default.sh new file mode 100755 index 000000000..4c52245b9 --- /dev/null +++ b/stable/buster-perl/10-listen-on-ipv6-by-default.sh @@ -0,0 +1,60 @@ +#!/bin/sh +# vim:sw=4:ts=4:et + +set -e + +ME=$(basename $0) +DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" + +# check if we have ipv6 available +if [ -f "/proc/net/if_inet6" ]; then + continue +else + echo "$ME: ipv6 not available, exiting" 1>&2 + exit 0 +fi + + +if [ -f "/$DEFAULT_CONF_FILE" ]; then + continue +else + echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 + exit 0 +fi + +if [ -f "/etc/os-release" ]; then + . /etc/os-release +else + echo "$ME: can not guess the operating system, exiting" 1>&2 + exit 0 +fi + +echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" + +case "$ID" in + "debian") + CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 + exit 0 + } + ;; + "alpine") + CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { + echo "$ME: /$DEFAULT_CONF_FILE differs from the packages version, exiting" 1>&2 + exit 0 + } + ;; + *) + echo "$ME: Unsupported distribution, exiting" 1>&2 + exit 0 + ;; +esac + +# enable ipv6 on default.conf listen sockets +sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE + +echo "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" + +exit 0 diff --git a/stable/buster-perl/Dockerfile b/stable/buster-perl/Dockerfile index 59bcfb0f1..5212e28e0 100644 --- a/stable/buster-perl/Dockerfile +++ b/stable/buster-perl/Dockerfile @@ -96,13 +96,11 @@ RUN set -x \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log \ -# make default server listen on ipv6 - && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ - /etc/nginx/conf.d/default.conf \ # create a docker-entrypoint.d directory && mkdir /docker-entrypoint.d COPY docker-entrypoint.sh / +COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/stable/buster/10-listen-on-ipv6-by-default.sh b/stable/buster/10-listen-on-ipv6-by-default.sh new file mode 100755 index 000000000..4c52245b9 --- /dev/null +++ b/stable/buster/10-listen-on-ipv6-by-default.sh @@ -0,0 +1,60 @@ +#!/bin/sh +# vim:sw=4:ts=4:et + +set -e + +ME=$(basename $0) +DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" + +# check if we have ipv6 available +if [ -f "/proc/net/if_inet6" ]; then + continue +else + echo "$ME: ipv6 not available, exiting" 1>&2 + exit 0 +fi + + +if [ -f "/$DEFAULT_CONF_FILE" ]; then + continue +else + echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 + exit 0 +fi + +if [ -f "/etc/os-release" ]; then + . /etc/os-release +else + echo "$ME: can not guess the operating system, exiting" 1>&2 + exit 0 +fi + +echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" + +case "$ID" in + "debian") + CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 + exit 0 + } + ;; + "alpine") + CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { + echo "$ME: /$DEFAULT_CONF_FILE differs from the packages version, exiting" 1>&2 + exit 0 + } + ;; + *) + echo "$ME: Unsupported distribution, exiting" 1>&2 + exit 0 + ;; +esac + +# enable ipv6 on default.conf listen sockets +sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE + +echo "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" + +exit 0 diff --git a/stable/buster/Dockerfile b/stable/buster/Dockerfile index 3b9067951..3050aa882 100644 --- a/stable/buster/Dockerfile +++ b/stable/buster/Dockerfile @@ -95,13 +95,11 @@ RUN set -x \ # forward request and error logs to docker log collector && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log \ -# make default server listen on ipv6 - && sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' \ - /etc/nginx/conf.d/default.conf \ # create a docker-entrypoint.d directory && mkdir /docker-entrypoint.d COPY docker-entrypoint.sh / +COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 From cd98e75ce640e77633cd79035e41c9a122897fdf Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 26 May 2020 16:38:20 +0300 Subject: [PATCH 055/306] Run envsubst on container start to make templating easier This entrypoint script will look for files in /etc/nginx/templates/ with a ".conf.template" suffix, run them through envsubst replacing defined environment variables, and output to /etc/nginx/conf.d/ preserving file name sans .template. Fixes #232. --- .../alpine-perl/20-envsubst-on-templates.sh | 32 +++++++++++++++++++ mainline/alpine-perl/Dockerfile | 1 + mainline/alpine/20-envsubst-on-templates.sh | 32 +++++++++++++++++++ mainline/alpine/Dockerfile | 1 + .../buster-perl/20-envsubst-on-templates.sh | 32 +++++++++++++++++++ mainline/buster-perl/Dockerfile | 1 + mainline/buster/20-envsubst-on-templates.sh | 32 +++++++++++++++++++ mainline/buster/Dockerfile | 1 + .../alpine-perl/20-envsubst-on-templates.sh | 32 +++++++++++++++++++ stable/alpine-perl/Dockerfile | 1 + stable/alpine/20-envsubst-on-templates.sh | 32 +++++++++++++++++++ stable/alpine/Dockerfile | 1 + .../buster-perl/20-envsubst-on-templates.sh | 32 +++++++++++++++++++ stable/buster-perl/Dockerfile | 1 + stable/buster/20-envsubst-on-templates.sh | 32 +++++++++++++++++++ stable/buster/Dockerfile | 1 + 16 files changed, 264 insertions(+) create mode 100755 mainline/alpine-perl/20-envsubst-on-templates.sh create mode 100755 mainline/alpine/20-envsubst-on-templates.sh create mode 100755 mainline/buster-perl/20-envsubst-on-templates.sh create mode 100755 mainline/buster/20-envsubst-on-templates.sh create mode 100755 stable/alpine-perl/20-envsubst-on-templates.sh create mode 100755 stable/alpine/20-envsubst-on-templates.sh create mode 100755 stable/buster-perl/20-envsubst-on-templates.sh create mode 100755 stable/buster/20-envsubst-on-templates.sh diff --git a/mainline/alpine-perl/20-envsubst-on-templates.sh b/mainline/alpine-perl/20-envsubst-on-templates.sh new file mode 100755 index 000000000..b2b6e1230 --- /dev/null +++ b/mainline/alpine-perl/20-envsubst-on-templates.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +set -e + +ME=$(basename $0) + +auto_envsubst() { + local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" + local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" + local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + + local template defined_envs relative_path output_path subdir + defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + [ -d "$template_dir" ] || return 0 + if [ ! -w "$output_dir" ]; then + echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 + return 0 + fi + for template in $(find "$template_dir" -follow -name "*$suffix"); do + relative_path="${template#$template_dir/}" + output_path="$output_dir/${relative_path%$suffix}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$output_dir/$subdir" + echo "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done +} + +auto_envsubst + +exit 0 diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 3ac6f4318..3202a0527 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -110,6 +110,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 20-envsubst-on-templates.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/mainline/alpine/20-envsubst-on-templates.sh b/mainline/alpine/20-envsubst-on-templates.sh new file mode 100755 index 000000000..b2b6e1230 --- /dev/null +++ b/mainline/alpine/20-envsubst-on-templates.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +set -e + +ME=$(basename $0) + +auto_envsubst() { + local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" + local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" + local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + + local template defined_envs relative_path output_path subdir + defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + [ -d "$template_dir" ] || return 0 + if [ ! -w "$output_dir" ]; then + echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 + return 0 + fi + for template in $(find "$template_dir" -follow -name "*$suffix"); do + relative_path="${template#$template_dir/}" + output_path="$output_dir/${relative_path%$suffix}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$output_dir/$subdir" + echo "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done +} + +auto_envsubst + +exit 0 diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index afc8a8f19..e660c4c03 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -109,6 +109,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 20-envsubst-on-templates.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/mainline/buster-perl/20-envsubst-on-templates.sh b/mainline/buster-perl/20-envsubst-on-templates.sh new file mode 100755 index 000000000..b2b6e1230 --- /dev/null +++ b/mainline/buster-perl/20-envsubst-on-templates.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +set -e + +ME=$(basename $0) + +auto_envsubst() { + local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" + local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" + local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + + local template defined_envs relative_path output_path subdir + defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + [ -d "$template_dir" ] || return 0 + if [ ! -w "$output_dir" ]; then + echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 + return 0 + fi + for template in $(find "$template_dir" -follow -name "*$suffix"); do + relative_path="${template#$template_dir/}" + output_path="$output_dir/${relative_path%$suffix}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$output_dir/$subdir" + echo "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done +} + +auto_envsubst + +exit 0 diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index 8bf66cfb7..e7ce87396 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -101,6 +101,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 20-envsubst-on-templates.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/mainline/buster/20-envsubst-on-templates.sh b/mainline/buster/20-envsubst-on-templates.sh new file mode 100755 index 000000000..b2b6e1230 --- /dev/null +++ b/mainline/buster/20-envsubst-on-templates.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +set -e + +ME=$(basename $0) + +auto_envsubst() { + local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" + local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" + local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + + local template defined_envs relative_path output_path subdir + defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + [ -d "$template_dir" ] || return 0 + if [ ! -w "$output_dir" ]; then + echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 + return 0 + fi + for template in $(find "$template_dir" -follow -name "*$suffix"); do + relative_path="${template#$template_dir/}" + output_path="$output_dir/${relative_path%$suffix}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$output_dir/$subdir" + echo "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done +} + +auto_envsubst + +exit 0 diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index 4529d063e..856f3fd03 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -100,6 +100,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 20-envsubst-on-templates.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/stable/alpine-perl/20-envsubst-on-templates.sh b/stable/alpine-perl/20-envsubst-on-templates.sh new file mode 100755 index 000000000..b2b6e1230 --- /dev/null +++ b/stable/alpine-perl/20-envsubst-on-templates.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +set -e + +ME=$(basename $0) + +auto_envsubst() { + local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" + local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" + local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + + local template defined_envs relative_path output_path subdir + defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + [ -d "$template_dir" ] || return 0 + if [ ! -w "$output_dir" ]; then + echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 + return 0 + fi + for template in $(find "$template_dir" -follow -name "*$suffix"); do + relative_path="${template#$template_dir/}" + output_path="$output_dir/${relative_path%$suffix}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$output_dir/$subdir" + echo "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done +} + +auto_envsubst + +exit 0 diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index f2556fbb4..c4e7d17e5 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -110,6 +110,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 20-envsubst-on-templates.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/stable/alpine/20-envsubst-on-templates.sh b/stable/alpine/20-envsubst-on-templates.sh new file mode 100755 index 000000000..b2b6e1230 --- /dev/null +++ b/stable/alpine/20-envsubst-on-templates.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +set -e + +ME=$(basename $0) + +auto_envsubst() { + local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" + local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" + local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + + local template defined_envs relative_path output_path subdir + defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + [ -d "$template_dir" ] || return 0 + if [ ! -w "$output_dir" ]; then + echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 + return 0 + fi + for template in $(find "$template_dir" -follow -name "*$suffix"); do + relative_path="${template#$template_dir/}" + output_path="$output_dir/${relative_path%$suffix}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$output_dir/$subdir" + echo "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done +} + +auto_envsubst + +exit 0 diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 462670470..09e6b6185 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -109,6 +109,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 20-envsubst-on-templates.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/stable/buster-perl/20-envsubst-on-templates.sh b/stable/buster-perl/20-envsubst-on-templates.sh new file mode 100755 index 000000000..b2b6e1230 --- /dev/null +++ b/stable/buster-perl/20-envsubst-on-templates.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +set -e + +ME=$(basename $0) + +auto_envsubst() { + local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" + local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" + local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + + local template defined_envs relative_path output_path subdir + defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + [ -d "$template_dir" ] || return 0 + if [ ! -w "$output_dir" ]; then + echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 + return 0 + fi + for template in $(find "$template_dir" -follow -name "*$suffix"); do + relative_path="${template#$template_dir/}" + output_path="$output_dir/${relative_path%$suffix}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$output_dir/$subdir" + echo "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done +} + +auto_envsubst + +exit 0 diff --git a/stable/buster-perl/Dockerfile b/stable/buster-perl/Dockerfile index 5212e28e0..bb582472f 100644 --- a/stable/buster-perl/Dockerfile +++ b/stable/buster-perl/Dockerfile @@ -101,6 +101,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 20-envsubst-on-templates.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/stable/buster/20-envsubst-on-templates.sh b/stable/buster/20-envsubst-on-templates.sh new file mode 100755 index 000000000..b2b6e1230 --- /dev/null +++ b/stable/buster/20-envsubst-on-templates.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +set -e + +ME=$(basename $0) + +auto_envsubst() { + local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" + local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" + local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + + local template defined_envs relative_path output_path subdir + defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + [ -d "$template_dir" ] || return 0 + if [ ! -w "$output_dir" ]; then + echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 + return 0 + fi + for template in $(find "$template_dir" -follow -name "*$suffix"); do + relative_path="${template#$template_dir/}" + output_path="$output_dir/${relative_path%$suffix}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$output_dir/$subdir" + echo "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done +} + +auto_envsubst + +exit 0 diff --git a/stable/buster/Dockerfile b/stable/buster/Dockerfile index 3050aa882..6c98f2f7f 100644 --- a/stable/buster/Dockerfile +++ b/stable/buster/Dockerfile @@ -100,6 +100,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 20-envsubst-on-templates.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 From 6c7dde575cecad8d6f8ec486ca9d4b76358e643e Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 26 May 2020 19:22:41 +0300 Subject: [PATCH 056/306] Updated mainline nginx to 1.19.0 and njs to 0.4.1 --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/buster-perl/Dockerfile | 4 ++-- mainline/buster/Dockerfile | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 3202a0527..ab3628746 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.10 -ENV NJS_VERSION 0.4.0 +ENV NGINX_VERSION 1.19.0 +ENV NJS_VERSION 0.4.1 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index e660c4c03..b33795b7f 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.10 -ENV NJS_VERSION 0.4.0 +ENV NGINX_VERSION 1.19.0 +ENV NJS_VERSION 0.4.1 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index e7ce87396..f4a99ce4e 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.10 -ENV NJS_VERSION 0.4.0 +ENV NGINX_VERSION 1.19.0 +ENV NJS_VERSION 0.4.1 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index 856f3fd03..88784152b 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.17.10 -ENV NJS_VERSION 0.4.0 +ENV NGINX_VERSION 1.19.0 +ENV NJS_VERSION 0.4.1 ENV PKG_RELEASE 1~buster RUN set -x \ From 41e6b2c686dc811e82aaca7db79dd0813432083b Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 28 May 2020 14:49:00 +0300 Subject: [PATCH 057/306] ipv6-listen: deal with edge cases and fixes - remove undefined behaviour from the if statements - exit early if a file already has an ipv6 listen - fixed md5sum check --- .../alpine-perl/10-listen-on-ipv6-by-default.sh | 14 ++++++-------- mainline/alpine/10-listen-on-ipv6-by-default.sh | 14 ++++++-------- .../buster-perl/10-listen-on-ipv6-by-default.sh | 14 ++++++-------- mainline/buster/10-listen-on-ipv6-by-default.sh | 14 ++++++-------- stable/alpine-perl/10-listen-on-ipv6-by-default.sh | 14 ++++++-------- stable/alpine/10-listen-on-ipv6-by-default.sh | 14 ++++++-------- stable/buster-perl/10-listen-on-ipv6-by-default.sh | 14 ++++++-------- stable/buster/10-listen-on-ipv6-by-default.sh | 14 ++++++-------- 8 files changed, 48 insertions(+), 64 deletions(-) diff --git a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh index 4c52245b9..0ee48721c 100755 --- a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -7,21 +7,19 @@ ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available -if [ -f "/proc/net/if_inet6" ]; then - continue -else +if [ ! -f "/proc/net/if_inet6" ]; then echo "$ME: ipv6 not available, exiting" 1>&2 exit 0 fi - -if [ -f "/$DEFAULT_CONF_FILE" ]; then - continue -else +if [ ! -f "/$DEFAULT_CONF_FILE" ]; then echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 exit 0 fi +# check if the file is already modified, e.g. on a container restart +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } + if [ -f "/etc/os-release" ]; then . /etc/os-release else @@ -34,7 +32,7 @@ echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 exit 0 } diff --git a/mainline/alpine/10-listen-on-ipv6-by-default.sh b/mainline/alpine/10-listen-on-ipv6-by-default.sh index 4c52245b9..0ee48721c 100755 --- a/mainline/alpine/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine/10-listen-on-ipv6-by-default.sh @@ -7,21 +7,19 @@ ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available -if [ -f "/proc/net/if_inet6" ]; then - continue -else +if [ ! -f "/proc/net/if_inet6" ]; then echo "$ME: ipv6 not available, exiting" 1>&2 exit 0 fi - -if [ -f "/$DEFAULT_CONF_FILE" ]; then - continue -else +if [ ! -f "/$DEFAULT_CONF_FILE" ]; then echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 exit 0 fi +# check if the file is already modified, e.g. on a container restart +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } + if [ -f "/etc/os-release" ]; then . /etc/os-release else @@ -34,7 +32,7 @@ echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 exit 0 } diff --git a/mainline/buster-perl/10-listen-on-ipv6-by-default.sh b/mainline/buster-perl/10-listen-on-ipv6-by-default.sh index 4c52245b9..0ee48721c 100755 --- a/mainline/buster-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/buster-perl/10-listen-on-ipv6-by-default.sh @@ -7,21 +7,19 @@ ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available -if [ -f "/proc/net/if_inet6" ]; then - continue -else +if [ ! -f "/proc/net/if_inet6" ]; then echo "$ME: ipv6 not available, exiting" 1>&2 exit 0 fi - -if [ -f "/$DEFAULT_CONF_FILE" ]; then - continue -else +if [ ! -f "/$DEFAULT_CONF_FILE" ]; then echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 exit 0 fi +# check if the file is already modified, e.g. on a container restart +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } + if [ -f "/etc/os-release" ]; then . /etc/os-release else @@ -34,7 +32,7 @@ echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 exit 0 } diff --git a/mainline/buster/10-listen-on-ipv6-by-default.sh b/mainline/buster/10-listen-on-ipv6-by-default.sh index 4c52245b9..0ee48721c 100755 --- a/mainline/buster/10-listen-on-ipv6-by-default.sh +++ b/mainline/buster/10-listen-on-ipv6-by-default.sh @@ -7,21 +7,19 @@ ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available -if [ -f "/proc/net/if_inet6" ]; then - continue -else +if [ ! -f "/proc/net/if_inet6" ]; then echo "$ME: ipv6 not available, exiting" 1>&2 exit 0 fi - -if [ -f "/$DEFAULT_CONF_FILE" ]; then - continue -else +if [ ! -f "/$DEFAULT_CONF_FILE" ]; then echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 exit 0 fi +# check if the file is already modified, e.g. on a container restart +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } + if [ -f "/etc/os-release" ]; then . /etc/os-release else @@ -34,7 +32,7 @@ echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 exit 0 } diff --git a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh index 4c52245b9..0ee48721c 100755 --- a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -7,21 +7,19 @@ ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available -if [ -f "/proc/net/if_inet6" ]; then - continue -else +if [ ! -f "/proc/net/if_inet6" ]; then echo "$ME: ipv6 not available, exiting" 1>&2 exit 0 fi - -if [ -f "/$DEFAULT_CONF_FILE" ]; then - continue -else +if [ ! -f "/$DEFAULT_CONF_FILE" ]; then echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 exit 0 fi +# check if the file is already modified, e.g. on a container restart +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } + if [ -f "/etc/os-release" ]; then . /etc/os-release else @@ -34,7 +32,7 @@ echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 exit 0 } diff --git a/stable/alpine/10-listen-on-ipv6-by-default.sh b/stable/alpine/10-listen-on-ipv6-by-default.sh index 4c52245b9..0ee48721c 100755 --- a/stable/alpine/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine/10-listen-on-ipv6-by-default.sh @@ -7,21 +7,19 @@ ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available -if [ -f "/proc/net/if_inet6" ]; then - continue -else +if [ ! -f "/proc/net/if_inet6" ]; then echo "$ME: ipv6 not available, exiting" 1>&2 exit 0 fi - -if [ -f "/$DEFAULT_CONF_FILE" ]; then - continue -else +if [ ! -f "/$DEFAULT_CONF_FILE" ]; then echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 exit 0 fi +# check if the file is already modified, e.g. on a container restart +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } + if [ -f "/etc/os-release" ]; then . /etc/os-release else @@ -34,7 +32,7 @@ echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 exit 0 } diff --git a/stable/buster-perl/10-listen-on-ipv6-by-default.sh b/stable/buster-perl/10-listen-on-ipv6-by-default.sh index 4c52245b9..0ee48721c 100755 --- a/stable/buster-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/buster-perl/10-listen-on-ipv6-by-default.sh @@ -7,21 +7,19 @@ ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available -if [ -f "/proc/net/if_inet6" ]; then - continue -else +if [ ! -f "/proc/net/if_inet6" ]; then echo "$ME: ipv6 not available, exiting" 1>&2 exit 0 fi - -if [ -f "/$DEFAULT_CONF_FILE" ]; then - continue -else +if [ ! -f "/$DEFAULT_CONF_FILE" ]; then echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 exit 0 fi +# check if the file is already modified, e.g. on a container restart +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } + if [ -f "/etc/os-release" ]; then . /etc/os-release else @@ -34,7 +32,7 @@ echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 exit 0 } diff --git a/stable/buster/10-listen-on-ipv6-by-default.sh b/stable/buster/10-listen-on-ipv6-by-default.sh index 4c52245b9..0ee48721c 100755 --- a/stable/buster/10-listen-on-ipv6-by-default.sh +++ b/stable/buster/10-listen-on-ipv6-by-default.sh @@ -7,21 +7,19 @@ ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available -if [ -f "/proc/net/if_inet6" ]; then - continue -else +if [ ! -f "/proc/net/if_inet6" ]; then echo "$ME: ipv6 not available, exiting" 1>&2 exit 0 fi - -if [ -f "/$DEFAULT_CONF_FILE" ]; then - continue -else +if [ ! -f "/$DEFAULT_CONF_FILE" ]; then echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 exit 0 fi +# check if the file is already modified, e.g. on a container restart +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } + if [ -f "/etc/os-release" ]; then . /etc/os-release else @@ -34,7 +32,7 @@ echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 exit 0 } From 383bbaa29ff990a0583466c152805ab79966f102 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 29 May 2020 18:07:39 +0300 Subject: [PATCH 058/306] 20-env-subst: guard against whitespaces in file/folder names Additionally, ignore folders that could match suffixes. --- mainline/alpine-perl/20-envsubst-on-templates.sh | 2 +- mainline/alpine/20-envsubst-on-templates.sh | 2 +- mainline/buster-perl/20-envsubst-on-templates.sh | 2 +- mainline/buster/20-envsubst-on-templates.sh | 2 +- stable/alpine-perl/20-envsubst-on-templates.sh | 2 +- stable/alpine/20-envsubst-on-templates.sh | 2 +- stable/buster-perl/20-envsubst-on-templates.sh | 2 +- stable/buster/20-envsubst-on-templates.sh | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-perl/20-envsubst-on-templates.sh b/mainline/alpine-perl/20-envsubst-on-templates.sh index b2b6e1230..4d202a6fc 100755 --- a/mainline/alpine-perl/20-envsubst-on-templates.sh +++ b/mainline/alpine-perl/20-envsubst-on-templates.sh @@ -16,7 +16,7 @@ auto_envsubst() { echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 return 0 fi - for template in $(find "$template_dir" -follow -name "*$suffix"); do + find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do relative_path="${template#$template_dir/}" output_path="$output_dir/${relative_path%$suffix}" subdir=$(dirname "$relative_path") diff --git a/mainline/alpine/20-envsubst-on-templates.sh b/mainline/alpine/20-envsubst-on-templates.sh index b2b6e1230..4d202a6fc 100755 --- a/mainline/alpine/20-envsubst-on-templates.sh +++ b/mainline/alpine/20-envsubst-on-templates.sh @@ -16,7 +16,7 @@ auto_envsubst() { echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 return 0 fi - for template in $(find "$template_dir" -follow -name "*$suffix"); do + find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do relative_path="${template#$template_dir/}" output_path="$output_dir/${relative_path%$suffix}" subdir=$(dirname "$relative_path") diff --git a/mainline/buster-perl/20-envsubst-on-templates.sh b/mainline/buster-perl/20-envsubst-on-templates.sh index b2b6e1230..4d202a6fc 100755 --- a/mainline/buster-perl/20-envsubst-on-templates.sh +++ b/mainline/buster-perl/20-envsubst-on-templates.sh @@ -16,7 +16,7 @@ auto_envsubst() { echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 return 0 fi - for template in $(find "$template_dir" -follow -name "*$suffix"); do + find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do relative_path="${template#$template_dir/}" output_path="$output_dir/${relative_path%$suffix}" subdir=$(dirname "$relative_path") diff --git a/mainline/buster/20-envsubst-on-templates.sh b/mainline/buster/20-envsubst-on-templates.sh index b2b6e1230..4d202a6fc 100755 --- a/mainline/buster/20-envsubst-on-templates.sh +++ b/mainline/buster/20-envsubst-on-templates.sh @@ -16,7 +16,7 @@ auto_envsubst() { echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 return 0 fi - for template in $(find "$template_dir" -follow -name "*$suffix"); do + find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do relative_path="${template#$template_dir/}" output_path="$output_dir/${relative_path%$suffix}" subdir=$(dirname "$relative_path") diff --git a/stable/alpine-perl/20-envsubst-on-templates.sh b/stable/alpine-perl/20-envsubst-on-templates.sh index b2b6e1230..4d202a6fc 100755 --- a/stable/alpine-perl/20-envsubst-on-templates.sh +++ b/stable/alpine-perl/20-envsubst-on-templates.sh @@ -16,7 +16,7 @@ auto_envsubst() { echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 return 0 fi - for template in $(find "$template_dir" -follow -name "*$suffix"); do + find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do relative_path="${template#$template_dir/}" output_path="$output_dir/${relative_path%$suffix}" subdir=$(dirname "$relative_path") diff --git a/stable/alpine/20-envsubst-on-templates.sh b/stable/alpine/20-envsubst-on-templates.sh index b2b6e1230..4d202a6fc 100755 --- a/stable/alpine/20-envsubst-on-templates.sh +++ b/stable/alpine/20-envsubst-on-templates.sh @@ -16,7 +16,7 @@ auto_envsubst() { echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 return 0 fi - for template in $(find "$template_dir" -follow -name "*$suffix"); do + find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do relative_path="${template#$template_dir/}" output_path="$output_dir/${relative_path%$suffix}" subdir=$(dirname "$relative_path") diff --git a/stable/buster-perl/20-envsubst-on-templates.sh b/stable/buster-perl/20-envsubst-on-templates.sh index b2b6e1230..4d202a6fc 100755 --- a/stable/buster-perl/20-envsubst-on-templates.sh +++ b/stable/buster-perl/20-envsubst-on-templates.sh @@ -16,7 +16,7 @@ auto_envsubst() { echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 return 0 fi - for template in $(find "$template_dir" -follow -name "*$suffix"); do + find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do relative_path="${template#$template_dir/}" output_path="$output_dir/${relative_path%$suffix}" subdir=$(dirname "$relative_path") diff --git a/stable/buster/20-envsubst-on-templates.sh b/stable/buster/20-envsubst-on-templates.sh index b2b6e1230..4d202a6fc 100755 --- a/stable/buster/20-envsubst-on-templates.sh +++ b/stable/buster/20-envsubst-on-templates.sh @@ -16,7 +16,7 @@ auto_envsubst() { echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 return 0 fi - for template in $(find "$template_dir" -follow -name "*$suffix"); do + find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do relative_path="${template#$template_dir/}" output_path="$output_dir/${relative_path%$suffix}" subdir=$(dirname "$relative_path") From 0b607f324d208664f37f7c1136ada6b249ddcd9b Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 1 Jun 2020 12:31:24 +0300 Subject: [PATCH 059/306] docker-entrypoint: multiple changes - allow to run with nginx-debug cmd - prevent running if /docker-entrypoint.d was replaced with unreadable or empty dir - don't run find multiple times --- mainline/alpine-perl/docker-entrypoint.sh | 35 ++++++++++++----------- mainline/alpine/docker-entrypoint.sh | 35 ++++++++++++----------- mainline/buster-perl/docker-entrypoint.sh | 35 ++++++++++++----------- mainline/buster/docker-entrypoint.sh | 35 ++++++++++++----------- stable/alpine-perl/docker-entrypoint.sh | 35 ++++++++++++----------- stable/alpine/docker-entrypoint.sh | 35 ++++++++++++----------- stable/buster-perl/docker-entrypoint.sh | 35 ++++++++++++----------- stable/buster/docker-entrypoint.sh | 35 ++++++++++++----------- 8 files changed, 144 insertions(+), 136 deletions(-) diff --git a/mainline/alpine-perl/docker-entrypoint.sh b/mainline/alpine-perl/docker-entrypoint.sh index 3836402be..6d7ee8c9e 100755 --- a/mainline/alpine-perl/docker-entrypoint.sh +++ b/mainline/alpine-perl/docker-entrypoint.sh @@ -3,28 +3,29 @@ set -e -if [ "$1" = "nginx" ]; then - if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -print -quit 2>/dev/null | /bin/grep -q .; then - echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform an initial configuration" +if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then + echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" echo "$0: Looking for shell scripts in /docker-entrypoint.d/" - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -executable | sort -n); do - echo "$0: Launching $f"; - "$f" + find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do + case "$f" in + *.sh) + if [ -x "$f" ]; then + echo "$0: Launching $f"; + "$f" + else + # warn on shell scripts without exec bit + echo "$0: Ignoring $f, not executable"; + fi + ;; + *) echo "$0: Ignoring $f";; + esac done - # warn on shell scripts without exec bit - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -not -executable); do - echo "$0: Ignoring $f, not executable"; - done - # warn on filetypes we don't know what to do with - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -not -name "*.sh"); do - echo "$0: Ignoring $f"; - done - - echo "$0: Initial configuration complete; ready for start up" + echo "$0: Configuration complete; ready for start up" else - echo "$0: /docker-entrypoint.d/ is empty, skipping initial configuration" + echo "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/mainline/alpine/docker-entrypoint.sh b/mainline/alpine/docker-entrypoint.sh index 3836402be..6d7ee8c9e 100755 --- a/mainline/alpine/docker-entrypoint.sh +++ b/mainline/alpine/docker-entrypoint.sh @@ -3,28 +3,29 @@ set -e -if [ "$1" = "nginx" ]; then - if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -print -quit 2>/dev/null | /bin/grep -q .; then - echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform an initial configuration" +if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then + echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" echo "$0: Looking for shell scripts in /docker-entrypoint.d/" - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -executable | sort -n); do - echo "$0: Launching $f"; - "$f" + find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do + case "$f" in + *.sh) + if [ -x "$f" ]; then + echo "$0: Launching $f"; + "$f" + else + # warn on shell scripts without exec bit + echo "$0: Ignoring $f, not executable"; + fi + ;; + *) echo "$0: Ignoring $f";; + esac done - # warn on shell scripts without exec bit - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -not -executable); do - echo "$0: Ignoring $f, not executable"; - done - # warn on filetypes we don't know what to do with - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -not -name "*.sh"); do - echo "$0: Ignoring $f"; - done - - echo "$0: Initial configuration complete; ready for start up" + echo "$0: Configuration complete; ready for start up" else - echo "$0: /docker-entrypoint.d/ is empty, skipping initial configuration" + echo "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/mainline/buster-perl/docker-entrypoint.sh b/mainline/buster-perl/docker-entrypoint.sh index 3836402be..6d7ee8c9e 100755 --- a/mainline/buster-perl/docker-entrypoint.sh +++ b/mainline/buster-perl/docker-entrypoint.sh @@ -3,28 +3,29 @@ set -e -if [ "$1" = "nginx" ]; then - if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -print -quit 2>/dev/null | /bin/grep -q .; then - echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform an initial configuration" +if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then + echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" echo "$0: Looking for shell scripts in /docker-entrypoint.d/" - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -executable | sort -n); do - echo "$0: Launching $f"; - "$f" + find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do + case "$f" in + *.sh) + if [ -x "$f" ]; then + echo "$0: Launching $f"; + "$f" + else + # warn on shell scripts without exec bit + echo "$0: Ignoring $f, not executable"; + fi + ;; + *) echo "$0: Ignoring $f";; + esac done - # warn on shell scripts without exec bit - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -not -executable); do - echo "$0: Ignoring $f, not executable"; - done - # warn on filetypes we don't know what to do with - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -not -name "*.sh"); do - echo "$0: Ignoring $f"; - done - - echo "$0: Initial configuration complete; ready for start up" + echo "$0: Configuration complete; ready for start up" else - echo "$0: /docker-entrypoint.d/ is empty, skipping initial configuration" + echo "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/mainline/buster/docker-entrypoint.sh b/mainline/buster/docker-entrypoint.sh index 3836402be..6d7ee8c9e 100755 --- a/mainline/buster/docker-entrypoint.sh +++ b/mainline/buster/docker-entrypoint.sh @@ -3,28 +3,29 @@ set -e -if [ "$1" = "nginx" ]; then - if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -print -quit 2>/dev/null | /bin/grep -q .; then - echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform an initial configuration" +if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then + echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" echo "$0: Looking for shell scripts in /docker-entrypoint.d/" - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -executable | sort -n); do - echo "$0: Launching $f"; - "$f" + find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do + case "$f" in + *.sh) + if [ -x "$f" ]; then + echo "$0: Launching $f"; + "$f" + else + # warn on shell scripts without exec bit + echo "$0: Ignoring $f, not executable"; + fi + ;; + *) echo "$0: Ignoring $f";; + esac done - # warn on shell scripts without exec bit - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -not -executable); do - echo "$0: Ignoring $f, not executable"; - done - # warn on filetypes we don't know what to do with - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -not -name "*.sh"); do - echo "$0: Ignoring $f"; - done - - echo "$0: Initial configuration complete; ready for start up" + echo "$0: Configuration complete; ready for start up" else - echo "$0: /docker-entrypoint.d/ is empty, skipping initial configuration" + echo "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/stable/alpine-perl/docker-entrypoint.sh b/stable/alpine-perl/docker-entrypoint.sh index 3836402be..6d7ee8c9e 100755 --- a/stable/alpine-perl/docker-entrypoint.sh +++ b/stable/alpine-perl/docker-entrypoint.sh @@ -3,28 +3,29 @@ set -e -if [ "$1" = "nginx" ]; then - if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -print -quit 2>/dev/null | /bin/grep -q .; then - echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform an initial configuration" +if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then + echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" echo "$0: Looking for shell scripts in /docker-entrypoint.d/" - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -executable | sort -n); do - echo "$0: Launching $f"; - "$f" + find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do + case "$f" in + *.sh) + if [ -x "$f" ]; then + echo "$0: Launching $f"; + "$f" + else + # warn on shell scripts without exec bit + echo "$0: Ignoring $f, not executable"; + fi + ;; + *) echo "$0: Ignoring $f";; + esac done - # warn on shell scripts without exec bit - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -not -executable); do - echo "$0: Ignoring $f, not executable"; - done - # warn on filetypes we don't know what to do with - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -not -name "*.sh"); do - echo "$0: Ignoring $f"; - done - - echo "$0: Initial configuration complete; ready for start up" + echo "$0: Configuration complete; ready for start up" else - echo "$0: /docker-entrypoint.d/ is empty, skipping initial configuration" + echo "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/stable/alpine/docker-entrypoint.sh b/stable/alpine/docker-entrypoint.sh index 3836402be..6d7ee8c9e 100755 --- a/stable/alpine/docker-entrypoint.sh +++ b/stable/alpine/docker-entrypoint.sh @@ -3,28 +3,29 @@ set -e -if [ "$1" = "nginx" ]; then - if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -print -quit 2>/dev/null | /bin/grep -q .; then - echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform an initial configuration" +if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then + echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" echo "$0: Looking for shell scripts in /docker-entrypoint.d/" - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -executable | sort -n); do - echo "$0: Launching $f"; - "$f" + find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do + case "$f" in + *.sh) + if [ -x "$f" ]; then + echo "$0: Launching $f"; + "$f" + else + # warn on shell scripts without exec bit + echo "$0: Ignoring $f, not executable"; + fi + ;; + *) echo "$0: Ignoring $f";; + esac done - # warn on shell scripts without exec bit - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -not -executable); do - echo "$0: Ignoring $f, not executable"; - done - # warn on filetypes we don't know what to do with - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -not -name "*.sh"); do - echo "$0: Ignoring $f"; - done - - echo "$0: Initial configuration complete; ready for start up" + echo "$0: Configuration complete; ready for start up" else - echo "$0: /docker-entrypoint.d/ is empty, skipping initial configuration" + echo "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/stable/buster-perl/docker-entrypoint.sh b/stable/buster-perl/docker-entrypoint.sh index 3836402be..6d7ee8c9e 100755 --- a/stable/buster-perl/docker-entrypoint.sh +++ b/stable/buster-perl/docker-entrypoint.sh @@ -3,28 +3,29 @@ set -e -if [ "$1" = "nginx" ]; then - if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -print -quit 2>/dev/null | /bin/grep -q .; then - echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform an initial configuration" +if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then + echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" echo "$0: Looking for shell scripts in /docker-entrypoint.d/" - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -executable | sort -n); do - echo "$0: Launching $f"; - "$f" + find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do + case "$f" in + *.sh) + if [ -x "$f" ]; then + echo "$0: Launching $f"; + "$f" + else + # warn on shell scripts without exec bit + echo "$0: Ignoring $f, not executable"; + fi + ;; + *) echo "$0: Ignoring $f";; + esac done - # warn on shell scripts without exec bit - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -not -executable); do - echo "$0: Ignoring $f, not executable"; - done - # warn on filetypes we don't know what to do with - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -not -name "*.sh"); do - echo "$0: Ignoring $f"; - done - - echo "$0: Initial configuration complete; ready for start up" + echo "$0: Configuration complete; ready for start up" else - echo "$0: /docker-entrypoint.d/ is empty, skipping initial configuration" + echo "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/stable/buster/docker-entrypoint.sh b/stable/buster/docker-entrypoint.sh index 3836402be..6d7ee8c9e 100755 --- a/stable/buster/docker-entrypoint.sh +++ b/stable/buster/docker-entrypoint.sh @@ -3,28 +3,29 @@ set -e -if [ "$1" = "nginx" ]; then - if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -print -quit 2>/dev/null | /bin/grep -q .; then - echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform an initial configuration" +if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then + echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" echo "$0: Looking for shell scripts in /docker-entrypoint.d/" - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -executable | sort -n); do - echo "$0: Launching $f"; - "$f" + find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do + case "$f" in + *.sh) + if [ -x "$f" ]; then + echo "$0: Launching $f"; + "$f" + else + # warn on shell scripts without exec bit + echo "$0: Ignoring $f, not executable"; + fi + ;; + *) echo "$0: Ignoring $f";; + esac done - # warn on shell scripts without exec bit - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -name "*.sh" -not -executable); do - echo "$0: Ignoring $f, not executable"; - done - # warn on filetypes we don't know what to do with - for f in $(/usr/bin/find /docker-entrypoint.d/ -type f -not -name "*.sh"); do - echo "$0: Ignoring $f"; - done - - echo "$0: Initial configuration complete; ready for start up" + echo "$0: Configuration complete; ready for start up" else - echo "$0: /docker-entrypoint.d/ is empty, skipping initial configuration" + echo "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi From 2ef3fa66f2a434cd5e44e35a02f4ac502cf50808 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 2 Jun 2020 18:22:29 +0300 Subject: [PATCH 060/306] ipv6-listen: detect if default.conf is writable Fixes #416 --- mainline/alpine-perl/10-listen-on-ipv6-by-default.sh | 3 +++ mainline/alpine/10-listen-on-ipv6-by-default.sh | 3 +++ mainline/buster-perl/10-listen-on-ipv6-by-default.sh | 3 +++ mainline/buster/10-listen-on-ipv6-by-default.sh | 3 +++ stable/alpine-perl/10-listen-on-ipv6-by-default.sh | 3 +++ stable/alpine/10-listen-on-ipv6-by-default.sh | 3 +++ stable/buster-perl/10-listen-on-ipv6-by-default.sh | 3 +++ stable/buster/10-listen-on-ipv6-by-default.sh | 3 +++ 8 files changed, 24 insertions(+) diff --git a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh index 0ee48721c..6885a9dbc 100755 --- a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -17,6 +17,9 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then exit 0 fi +# check if the file can be modified, e.g. not on a r/o filesystem +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } + # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } diff --git a/mainline/alpine/10-listen-on-ipv6-by-default.sh b/mainline/alpine/10-listen-on-ipv6-by-default.sh index 0ee48721c..6885a9dbc 100755 --- a/mainline/alpine/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine/10-listen-on-ipv6-by-default.sh @@ -17,6 +17,9 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then exit 0 fi +# check if the file can be modified, e.g. not on a r/o filesystem +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } + # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } diff --git a/mainline/buster-perl/10-listen-on-ipv6-by-default.sh b/mainline/buster-perl/10-listen-on-ipv6-by-default.sh index 0ee48721c..6885a9dbc 100755 --- a/mainline/buster-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/buster-perl/10-listen-on-ipv6-by-default.sh @@ -17,6 +17,9 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then exit 0 fi +# check if the file can be modified, e.g. not on a r/o filesystem +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } + # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } diff --git a/mainline/buster/10-listen-on-ipv6-by-default.sh b/mainline/buster/10-listen-on-ipv6-by-default.sh index 0ee48721c..6885a9dbc 100755 --- a/mainline/buster/10-listen-on-ipv6-by-default.sh +++ b/mainline/buster/10-listen-on-ipv6-by-default.sh @@ -17,6 +17,9 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then exit 0 fi +# check if the file can be modified, e.g. not on a r/o filesystem +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } + # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } diff --git a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh index 0ee48721c..6885a9dbc 100755 --- a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -17,6 +17,9 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then exit 0 fi +# check if the file can be modified, e.g. not on a r/o filesystem +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } + # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } diff --git a/stable/alpine/10-listen-on-ipv6-by-default.sh b/stable/alpine/10-listen-on-ipv6-by-default.sh index 0ee48721c..6885a9dbc 100755 --- a/stable/alpine/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine/10-listen-on-ipv6-by-default.sh @@ -17,6 +17,9 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then exit 0 fi +# check if the file can be modified, e.g. not on a r/o filesystem +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } + # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } diff --git a/stable/buster-perl/10-listen-on-ipv6-by-default.sh b/stable/buster-perl/10-listen-on-ipv6-by-default.sh index 0ee48721c..6885a9dbc 100755 --- a/stable/buster-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/buster-perl/10-listen-on-ipv6-by-default.sh @@ -17,6 +17,9 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then exit 0 fi +# check if the file can be modified, e.g. not on a r/o filesystem +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } + # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } diff --git a/stable/buster/10-listen-on-ipv6-by-default.sh b/stable/buster/10-listen-on-ipv6-by-default.sh index 0ee48721c..6885a9dbc 100755 --- a/stable/buster/10-listen-on-ipv6-by-default.sh +++ b/stable/buster/10-listen-on-ipv6-by-default.sh @@ -17,6 +17,9 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then exit 0 fi +# check if the file can be modified, e.g. not on a r/o filesystem +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } + # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } From d8cbd8e266ea39d188590cd8cd26ae08fbbe3d59 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20D=C3=BCsterhus?= Date: Fri, 12 Jun 2020 22:04:18 +0200 Subject: [PATCH 061/306] Use /bin/sh in shebang instead of /usr/bin/env A POSIX compatible sh is guaranteed to be available as /bin/sh. By not using /usr/bin/env simply whitelisting /docker-entrypoint.sh within mandatory access control frameworks, such as AppArmor, is sufficient. When /usr/bin/env is used /docker-entrypoint.sh and the shell that provides sh (e.g. /bin/dash for debian based images) need to be whitelisted, increasing the possible attack area, by providing access to a full shell. --- mainline/alpine-perl/docker-entrypoint.sh | 2 +- mainline/alpine/docker-entrypoint.sh | 2 +- mainline/buster-perl/docker-entrypoint.sh | 2 +- mainline/buster/docker-entrypoint.sh | 2 +- stable/alpine-perl/docker-entrypoint.sh | 2 +- stable/alpine/docker-entrypoint.sh | 2 +- stable/buster-perl/docker-entrypoint.sh | 2 +- stable/buster/docker-entrypoint.sh | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-perl/docker-entrypoint.sh b/mainline/alpine-perl/docker-entrypoint.sh index 6d7ee8c9e..63c6905c3 100755 --- a/mainline/alpine-perl/docker-entrypoint.sh +++ b/mainline/alpine-perl/docker-entrypoint.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env sh +#!/bin/sh # vim:sw=4:ts=4:et set -e diff --git a/mainline/alpine/docker-entrypoint.sh b/mainline/alpine/docker-entrypoint.sh index 6d7ee8c9e..63c6905c3 100755 --- a/mainline/alpine/docker-entrypoint.sh +++ b/mainline/alpine/docker-entrypoint.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env sh +#!/bin/sh # vim:sw=4:ts=4:et set -e diff --git a/mainline/buster-perl/docker-entrypoint.sh b/mainline/buster-perl/docker-entrypoint.sh index 6d7ee8c9e..63c6905c3 100755 --- a/mainline/buster-perl/docker-entrypoint.sh +++ b/mainline/buster-perl/docker-entrypoint.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env sh +#!/bin/sh # vim:sw=4:ts=4:et set -e diff --git a/mainline/buster/docker-entrypoint.sh b/mainline/buster/docker-entrypoint.sh index 6d7ee8c9e..63c6905c3 100755 --- a/mainline/buster/docker-entrypoint.sh +++ b/mainline/buster/docker-entrypoint.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env sh +#!/bin/sh # vim:sw=4:ts=4:et set -e diff --git a/stable/alpine-perl/docker-entrypoint.sh b/stable/alpine-perl/docker-entrypoint.sh index 6d7ee8c9e..63c6905c3 100755 --- a/stable/alpine-perl/docker-entrypoint.sh +++ b/stable/alpine-perl/docker-entrypoint.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env sh +#!/bin/sh # vim:sw=4:ts=4:et set -e diff --git a/stable/alpine/docker-entrypoint.sh b/stable/alpine/docker-entrypoint.sh index 6d7ee8c9e..63c6905c3 100755 --- a/stable/alpine/docker-entrypoint.sh +++ b/stable/alpine/docker-entrypoint.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env sh +#!/bin/sh # vim:sw=4:ts=4:et set -e diff --git a/stable/buster-perl/docker-entrypoint.sh b/stable/buster-perl/docker-entrypoint.sh index 6d7ee8c9e..63c6905c3 100755 --- a/stable/buster-perl/docker-entrypoint.sh +++ b/stable/buster-perl/docker-entrypoint.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env sh +#!/bin/sh # vim:sw=4:ts=4:et set -e diff --git a/stable/buster/docker-entrypoint.sh b/stable/buster/docker-entrypoint.sh index 6d7ee8c9e..63c6905c3 100755 --- a/stable/buster/docker-entrypoint.sh +++ b/stable/buster/docker-entrypoint.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env sh +#!/bin/sh # vim:sw=4:ts=4:et set -e From a86ccdc94e394d9cf93c13a0e6a0dd0cca48d64d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexandre=20Salom=C3=A9?= Date: Mon, 8 Jun 2020 10:40:57 +0200 Subject: [PATCH 062/306] Add NGINX_ENTRYPOINT_QUIET_LOGS environment variable --- .../10-listen-on-ipv6-by-default.sh | 8 ++++---- .../alpine-perl/20-envsubst-on-templates.sh | 2 +- mainline/alpine-perl/docker-entrypoint.sh | 20 ++++++++++++------- .../alpine/10-listen-on-ipv6-by-default.sh | 8 ++++---- mainline/alpine/20-envsubst-on-templates.sh | 2 +- mainline/alpine/docker-entrypoint.sh | 20 ++++++++++++------- .../10-listen-on-ipv6-by-default.sh | 8 ++++---- .../buster-perl/20-envsubst-on-templates.sh | 2 +- mainline/buster-perl/docker-entrypoint.sh | 20 ++++++++++++------- .../buster/10-listen-on-ipv6-by-default.sh | 8 ++++---- mainline/buster/20-envsubst-on-templates.sh | 2 +- mainline/buster/docker-entrypoint.sh | 20 ++++++++++++------- .../10-listen-on-ipv6-by-default.sh | 8 ++++---- .../alpine-perl/20-envsubst-on-templates.sh | 2 +- stable/alpine-perl/docker-entrypoint.sh | 20 ++++++++++++------- stable/alpine/10-listen-on-ipv6-by-default.sh | 8 ++++---- stable/alpine/20-envsubst-on-templates.sh | 2 +- stable/alpine/docker-entrypoint.sh | 20 ++++++++++++------- .../10-listen-on-ipv6-by-default.sh | 8 ++++---- .../buster-perl/20-envsubst-on-templates.sh | 2 +- stable/buster-perl/docker-entrypoint.sh | 20 ++++++++++++------- stable/buster/10-listen-on-ipv6-by-default.sh | 8 ++++---- stable/buster/20-envsubst-on-templates.sh | 2 +- stable/buster/docker-entrypoint.sh | 20 ++++++++++++------- 24 files changed, 144 insertions(+), 96 deletions(-) diff --git a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh index 6885a9dbc..8ce9e9a38 100755 --- a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -18,10 +18,10 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release @@ -30,7 +30,7 @@ else exit 0 fi -echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" +echo >&3 "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") @@ -56,6 +56,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +echo >&3 "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/mainline/alpine-perl/20-envsubst-on-templates.sh b/mainline/alpine-perl/20-envsubst-on-templates.sh index 4d202a6fc..38df3a67f 100755 --- a/mainline/alpine-perl/20-envsubst-on-templates.sh +++ b/mainline/alpine-perl/20-envsubst-on-templates.sh @@ -22,7 +22,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo "$ME: Running envsubst on $template to $output_path" + echo >&3 "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/mainline/alpine-perl/docker-entrypoint.sh b/mainline/alpine-perl/docker-entrypoint.sh index 63c6905c3..88732541b 100755 --- a/mainline/alpine-perl/docker-entrypoint.sh +++ b/mainline/alpine-perl/docker-entrypoint.sh @@ -3,29 +3,35 @@ set -e +if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + exec 3>&1 +else + exec 3>/dev/null +fi + if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo "$0: Looking for shell scripts in /docker-entrypoint.d/" + echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then - echo "$0: Launching $f"; + echo >&3 "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo "$0: Ignoring $f, not executable"; + echo >&3 "$0: Ignoring $f, not executable"; fi ;; - *) echo "$0: Ignoring $f";; + *) echo >&3 "$0: Ignoring $f";; esac done - echo "$0: Configuration complete; ready for start up" + echo >&3 "$0: Configuration complete; ready for start up" else - echo "$0: No files found in /docker-entrypoint.d/, skipping configuration" + echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/mainline/alpine/10-listen-on-ipv6-by-default.sh b/mainline/alpine/10-listen-on-ipv6-by-default.sh index 6885a9dbc..8ce9e9a38 100755 --- a/mainline/alpine/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine/10-listen-on-ipv6-by-default.sh @@ -18,10 +18,10 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release @@ -30,7 +30,7 @@ else exit 0 fi -echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" +echo >&3 "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") @@ -56,6 +56,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +echo >&3 "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/mainline/alpine/20-envsubst-on-templates.sh b/mainline/alpine/20-envsubst-on-templates.sh index 4d202a6fc..38df3a67f 100755 --- a/mainline/alpine/20-envsubst-on-templates.sh +++ b/mainline/alpine/20-envsubst-on-templates.sh @@ -22,7 +22,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo "$ME: Running envsubst on $template to $output_path" + echo >&3 "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/mainline/alpine/docker-entrypoint.sh b/mainline/alpine/docker-entrypoint.sh index 63c6905c3..88732541b 100755 --- a/mainline/alpine/docker-entrypoint.sh +++ b/mainline/alpine/docker-entrypoint.sh @@ -3,29 +3,35 @@ set -e +if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + exec 3>&1 +else + exec 3>/dev/null +fi + if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo "$0: Looking for shell scripts in /docker-entrypoint.d/" + echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then - echo "$0: Launching $f"; + echo >&3 "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo "$0: Ignoring $f, not executable"; + echo >&3 "$0: Ignoring $f, not executable"; fi ;; - *) echo "$0: Ignoring $f";; + *) echo >&3 "$0: Ignoring $f";; esac done - echo "$0: Configuration complete; ready for start up" + echo >&3 "$0: Configuration complete; ready for start up" else - echo "$0: No files found in /docker-entrypoint.d/, skipping configuration" + echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/mainline/buster-perl/10-listen-on-ipv6-by-default.sh b/mainline/buster-perl/10-listen-on-ipv6-by-default.sh index 6885a9dbc..8ce9e9a38 100755 --- a/mainline/buster-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/buster-perl/10-listen-on-ipv6-by-default.sh @@ -18,10 +18,10 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release @@ -30,7 +30,7 @@ else exit 0 fi -echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" +echo >&3 "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") @@ -56,6 +56,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +echo >&3 "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/mainline/buster-perl/20-envsubst-on-templates.sh b/mainline/buster-perl/20-envsubst-on-templates.sh index 4d202a6fc..38df3a67f 100755 --- a/mainline/buster-perl/20-envsubst-on-templates.sh +++ b/mainline/buster-perl/20-envsubst-on-templates.sh @@ -22,7 +22,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo "$ME: Running envsubst on $template to $output_path" + echo >&3 "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/mainline/buster-perl/docker-entrypoint.sh b/mainline/buster-perl/docker-entrypoint.sh index 63c6905c3..88732541b 100755 --- a/mainline/buster-perl/docker-entrypoint.sh +++ b/mainline/buster-perl/docker-entrypoint.sh @@ -3,29 +3,35 @@ set -e +if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + exec 3>&1 +else + exec 3>/dev/null +fi + if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo "$0: Looking for shell scripts in /docker-entrypoint.d/" + echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then - echo "$0: Launching $f"; + echo >&3 "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo "$0: Ignoring $f, not executable"; + echo >&3 "$0: Ignoring $f, not executable"; fi ;; - *) echo "$0: Ignoring $f";; + *) echo >&3 "$0: Ignoring $f";; esac done - echo "$0: Configuration complete; ready for start up" + echo >&3 "$0: Configuration complete; ready for start up" else - echo "$0: No files found in /docker-entrypoint.d/, skipping configuration" + echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/mainline/buster/10-listen-on-ipv6-by-default.sh b/mainline/buster/10-listen-on-ipv6-by-default.sh index 6885a9dbc..8ce9e9a38 100755 --- a/mainline/buster/10-listen-on-ipv6-by-default.sh +++ b/mainline/buster/10-listen-on-ipv6-by-default.sh @@ -18,10 +18,10 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release @@ -30,7 +30,7 @@ else exit 0 fi -echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" +echo >&3 "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") @@ -56,6 +56,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +echo >&3 "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/mainline/buster/20-envsubst-on-templates.sh b/mainline/buster/20-envsubst-on-templates.sh index 4d202a6fc..38df3a67f 100755 --- a/mainline/buster/20-envsubst-on-templates.sh +++ b/mainline/buster/20-envsubst-on-templates.sh @@ -22,7 +22,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo "$ME: Running envsubst on $template to $output_path" + echo >&3 "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/mainline/buster/docker-entrypoint.sh b/mainline/buster/docker-entrypoint.sh index 63c6905c3..88732541b 100755 --- a/mainline/buster/docker-entrypoint.sh +++ b/mainline/buster/docker-entrypoint.sh @@ -3,29 +3,35 @@ set -e +if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + exec 3>&1 +else + exec 3>/dev/null +fi + if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo "$0: Looking for shell scripts in /docker-entrypoint.d/" + echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then - echo "$0: Launching $f"; + echo >&3 "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo "$0: Ignoring $f, not executable"; + echo >&3 "$0: Ignoring $f, not executable"; fi ;; - *) echo "$0: Ignoring $f";; + *) echo >&3 "$0: Ignoring $f";; esac done - echo "$0: Configuration complete; ready for start up" + echo >&3 "$0: Configuration complete; ready for start up" else - echo "$0: No files found in /docker-entrypoint.d/, skipping configuration" + echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh index 6885a9dbc..8ce9e9a38 100755 --- a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -18,10 +18,10 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release @@ -30,7 +30,7 @@ else exit 0 fi -echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" +echo >&3 "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") @@ -56,6 +56,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +echo >&3 "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/stable/alpine-perl/20-envsubst-on-templates.sh b/stable/alpine-perl/20-envsubst-on-templates.sh index 4d202a6fc..38df3a67f 100755 --- a/stable/alpine-perl/20-envsubst-on-templates.sh +++ b/stable/alpine-perl/20-envsubst-on-templates.sh @@ -22,7 +22,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo "$ME: Running envsubst on $template to $output_path" + echo >&3 "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/stable/alpine-perl/docker-entrypoint.sh b/stable/alpine-perl/docker-entrypoint.sh index 63c6905c3..88732541b 100755 --- a/stable/alpine-perl/docker-entrypoint.sh +++ b/stable/alpine-perl/docker-entrypoint.sh @@ -3,29 +3,35 @@ set -e +if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + exec 3>&1 +else + exec 3>/dev/null +fi + if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo "$0: Looking for shell scripts in /docker-entrypoint.d/" + echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then - echo "$0: Launching $f"; + echo >&3 "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo "$0: Ignoring $f, not executable"; + echo >&3 "$0: Ignoring $f, not executable"; fi ;; - *) echo "$0: Ignoring $f";; + *) echo >&3 "$0: Ignoring $f";; esac done - echo "$0: Configuration complete; ready for start up" + echo >&3 "$0: Configuration complete; ready for start up" else - echo "$0: No files found in /docker-entrypoint.d/, skipping configuration" + echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/stable/alpine/10-listen-on-ipv6-by-default.sh b/stable/alpine/10-listen-on-ipv6-by-default.sh index 6885a9dbc..8ce9e9a38 100755 --- a/stable/alpine/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine/10-listen-on-ipv6-by-default.sh @@ -18,10 +18,10 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release @@ -30,7 +30,7 @@ else exit 0 fi -echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" +echo >&3 "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") @@ -56,6 +56,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +echo >&3 "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/stable/alpine/20-envsubst-on-templates.sh b/stable/alpine/20-envsubst-on-templates.sh index 4d202a6fc..38df3a67f 100755 --- a/stable/alpine/20-envsubst-on-templates.sh +++ b/stable/alpine/20-envsubst-on-templates.sh @@ -22,7 +22,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo "$ME: Running envsubst on $template to $output_path" + echo >&3 "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/stable/alpine/docker-entrypoint.sh b/stable/alpine/docker-entrypoint.sh index 63c6905c3..88732541b 100755 --- a/stable/alpine/docker-entrypoint.sh +++ b/stable/alpine/docker-entrypoint.sh @@ -3,29 +3,35 @@ set -e +if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + exec 3>&1 +else + exec 3>/dev/null +fi + if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo "$0: Looking for shell scripts in /docker-entrypoint.d/" + echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then - echo "$0: Launching $f"; + echo >&3 "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo "$0: Ignoring $f, not executable"; + echo >&3 "$0: Ignoring $f, not executable"; fi ;; - *) echo "$0: Ignoring $f";; + *) echo >&3 "$0: Ignoring $f";; esac done - echo "$0: Configuration complete; ready for start up" + echo >&3 "$0: Configuration complete; ready for start up" else - echo "$0: No files found in /docker-entrypoint.d/, skipping configuration" + echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/stable/buster-perl/10-listen-on-ipv6-by-default.sh b/stable/buster-perl/10-listen-on-ipv6-by-default.sh index 6885a9dbc..8ce9e9a38 100755 --- a/stable/buster-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/buster-perl/10-listen-on-ipv6-by-default.sh @@ -18,10 +18,10 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release @@ -30,7 +30,7 @@ else exit 0 fi -echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" +echo >&3 "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") @@ -56,6 +56,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +echo >&3 "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/stable/buster-perl/20-envsubst-on-templates.sh b/stable/buster-perl/20-envsubst-on-templates.sh index 4d202a6fc..38df3a67f 100755 --- a/stable/buster-perl/20-envsubst-on-templates.sh +++ b/stable/buster-perl/20-envsubst-on-templates.sh @@ -22,7 +22,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo "$ME: Running envsubst on $template to $output_path" + echo >&3 "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/stable/buster-perl/docker-entrypoint.sh b/stable/buster-perl/docker-entrypoint.sh index 63c6905c3..88732541b 100755 --- a/stable/buster-perl/docker-entrypoint.sh +++ b/stable/buster-perl/docker-entrypoint.sh @@ -3,29 +3,35 @@ set -e +if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + exec 3>&1 +else + exec 3>/dev/null +fi + if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo "$0: Looking for shell scripts in /docker-entrypoint.d/" + echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then - echo "$0: Launching $f"; + echo >&3 "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo "$0: Ignoring $f, not executable"; + echo >&3 "$0: Ignoring $f, not executable"; fi ;; - *) echo "$0: Ignoring $f";; + *) echo >&3 "$0: Ignoring $f";; esac done - echo "$0: Configuration complete; ready for start up" + echo >&3 "$0: Configuration complete; ready for start up" else - echo "$0: No files found in /docker-entrypoint.d/, skipping configuration" + echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/stable/buster/10-listen-on-ipv6-by-default.sh b/stable/buster/10-listen-on-ipv6-by-default.sh index 6885a9dbc..8ce9e9a38 100755 --- a/stable/buster/10-listen-on-ipv6-by-default.sh +++ b/stable/buster/10-listen-on-ipv6-by-default.sh @@ -18,10 +18,10 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo "$ME: IPv6 listen already enabled, exiting"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release @@ -30,7 +30,7 @@ else exit 0 fi -echo "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" +echo >&3 "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") @@ -56,6 +56,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +echo >&3 "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/stable/buster/20-envsubst-on-templates.sh b/stable/buster/20-envsubst-on-templates.sh index 4d202a6fc..38df3a67f 100755 --- a/stable/buster/20-envsubst-on-templates.sh +++ b/stable/buster/20-envsubst-on-templates.sh @@ -22,7 +22,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo "$ME: Running envsubst on $template to $output_path" + echo >&3 "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/stable/buster/docker-entrypoint.sh b/stable/buster/docker-entrypoint.sh index 63c6905c3..88732541b 100755 --- a/stable/buster/docker-entrypoint.sh +++ b/stable/buster/docker-entrypoint.sh @@ -3,29 +3,35 @@ set -e +if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + exec 3>&1 +else + exec 3>/dev/null +fi + if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo "$0: Looking for shell scripts in /docker-entrypoint.d/" + echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then - echo "$0: Launching $f"; + echo >&3 "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo "$0: Ignoring $f, not executable"; + echo >&3 "$0: Ignoring $f, not executable"; fi ;; - *) echo "$0: Ignoring $f";; + *) echo >&3 "$0: Ignoring $f";; esac done - echo "$0: Configuration complete; ready for start up" + echo >&3 "$0: Configuration complete; ready for start up" else - echo "$0: No files found in /docker-entrypoint.d/, skipping configuration" + echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi From 172571e53c1c6dacc86bcef2b09abf91c451bd69 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 17 Jun 2020 14:24:07 +0300 Subject: [PATCH 063/306] ipv6 listen: put r/o filesystem alert to stderr --- mainline/alpine-perl/10-listen-on-ipv6-by-default.sh | 2 +- mainline/alpine/10-listen-on-ipv6-by-default.sh | 2 +- mainline/buster-perl/10-listen-on-ipv6-by-default.sh | 2 +- mainline/buster/10-listen-on-ipv6-by-default.sh | 2 +- stable/alpine-perl/10-listen-on-ipv6-by-default.sh | 2 +- stable/alpine/10-listen-on-ipv6-by-default.sh | 2 +- stable/buster-perl/10-listen-on-ipv6-by-default.sh | 2 +- stable/buster/10-listen-on-ipv6-by-default.sh | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh index 8ce9e9a38..85418f3ce 100755 --- a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -18,7 +18,7 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting" >1&2; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } diff --git a/mainline/alpine/10-listen-on-ipv6-by-default.sh b/mainline/alpine/10-listen-on-ipv6-by-default.sh index 8ce9e9a38..85418f3ce 100755 --- a/mainline/alpine/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine/10-listen-on-ipv6-by-default.sh @@ -18,7 +18,7 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting" >1&2; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } diff --git a/mainline/buster-perl/10-listen-on-ipv6-by-default.sh b/mainline/buster-perl/10-listen-on-ipv6-by-default.sh index 8ce9e9a38..85418f3ce 100755 --- a/mainline/buster-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/buster-perl/10-listen-on-ipv6-by-default.sh @@ -18,7 +18,7 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting" >1&2; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } diff --git a/mainline/buster/10-listen-on-ipv6-by-default.sh b/mainline/buster/10-listen-on-ipv6-by-default.sh index 8ce9e9a38..85418f3ce 100755 --- a/mainline/buster/10-listen-on-ipv6-by-default.sh +++ b/mainline/buster/10-listen-on-ipv6-by-default.sh @@ -18,7 +18,7 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting" >1&2; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } diff --git a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh index 8ce9e9a38..85418f3ce 100755 --- a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -18,7 +18,7 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting" >1&2; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } diff --git a/stable/alpine/10-listen-on-ipv6-by-default.sh b/stable/alpine/10-listen-on-ipv6-by-default.sh index 8ce9e9a38..85418f3ce 100755 --- a/stable/alpine/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine/10-listen-on-ipv6-by-default.sh @@ -18,7 +18,7 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting" >1&2; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } diff --git a/stable/buster-perl/10-listen-on-ipv6-by-default.sh b/stable/buster-perl/10-listen-on-ipv6-by-default.sh index 8ce9e9a38..85418f3ce 100755 --- a/stable/buster-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/buster-perl/10-listen-on-ipv6-by-default.sh @@ -18,7 +18,7 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting" >1&2; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } diff --git a/stable/buster/10-listen-on-ipv6-by-default.sh b/stable/buster/10-listen-on-ipv6-by-default.sh index 8ce9e9a38..85418f3ce 100755 --- a/stable/buster/10-listen-on-ipv6-by-default.sh +++ b/stable/buster/10-listen-on-ipv6-by-default.sh @@ -18,7 +18,7 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting" >1&2; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } From 6086122863e2d269dd99b63ed7b2f0e95821dc0b Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 17 Jun 2020 14:38:57 +0300 Subject: [PATCH 064/306] Reworded entrypoint scripts error messages to avoid confusion Fixes #419 --- .../alpine-perl/10-listen-on-ipv6-by-default.sh | 16 ++++++++-------- mainline/alpine-perl/20-envsubst-on-templates.sh | 2 +- mainline/alpine/10-listen-on-ipv6-by-default.sh | 16 ++++++++-------- mainline/alpine/20-envsubst-on-templates.sh | 2 +- .../buster-perl/10-listen-on-ipv6-by-default.sh | 16 ++++++++-------- mainline/buster-perl/20-envsubst-on-templates.sh | 2 +- mainline/buster/10-listen-on-ipv6-by-default.sh | 16 ++++++++-------- mainline/buster/20-envsubst-on-templates.sh | 2 +- .../alpine-perl/10-listen-on-ipv6-by-default.sh | 16 ++++++++-------- stable/alpine-perl/20-envsubst-on-templates.sh | 2 +- stable/alpine/10-listen-on-ipv6-by-default.sh | 16 ++++++++-------- stable/alpine/20-envsubst-on-templates.sh | 2 +- .../buster-perl/10-listen-on-ipv6-by-default.sh | 16 ++++++++-------- stable/buster-perl/20-envsubst-on-templates.sh | 2 +- stable/buster/10-listen-on-ipv6-by-default.sh | 16 ++++++++-------- stable/buster/20-envsubst-on-templates.sh | 2 +- 16 files changed, 72 insertions(+), 72 deletions(-) diff --git a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh index 85418f3ce..f9cf4dad3 100755 --- a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -8,25 +8,25 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo "$ME: ipv6 not available, exiting" 1>&2 + echo "$ME: error: ipv6 not available" 1>&2 exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" 1>&2 exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting" >1&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" >1&2; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo "$ME: can not guess the operating system, exiting" 1>&2 + echo "$ME: error: can not guess the operating system" 1>&2 exit 0 fi @@ -36,19 +36,19 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" 1>&2 exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo "$ME: /$DEFAULT_CONF_FILE differs from the packages version, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" 1>&2 exit 0 } ;; *) - echo "$ME: Unsupported distribution, exiting" 1>&2 + echo "$ME: error: Unsupported distribution" 1>&2 exit 0 ;; esac diff --git a/mainline/alpine-perl/20-envsubst-on-templates.sh b/mainline/alpine-perl/20-envsubst-on-templates.sh index 38df3a67f..545c765b7 100755 --- a/mainline/alpine-perl/20-envsubst-on-templates.sh +++ b/mainline/alpine-perl/20-envsubst-on-templates.sh @@ -13,7 +13,7 @@ auto_envsubst() { defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 + echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable" 1>&2 return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do diff --git a/mainline/alpine/10-listen-on-ipv6-by-default.sh b/mainline/alpine/10-listen-on-ipv6-by-default.sh index 85418f3ce..f9cf4dad3 100755 --- a/mainline/alpine/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine/10-listen-on-ipv6-by-default.sh @@ -8,25 +8,25 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo "$ME: ipv6 not available, exiting" 1>&2 + echo "$ME: error: ipv6 not available" 1>&2 exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" 1>&2 exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting" >1&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" >1&2; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo "$ME: can not guess the operating system, exiting" 1>&2 + echo "$ME: error: can not guess the operating system" 1>&2 exit 0 fi @@ -36,19 +36,19 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" 1>&2 exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo "$ME: /$DEFAULT_CONF_FILE differs from the packages version, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" 1>&2 exit 0 } ;; *) - echo "$ME: Unsupported distribution, exiting" 1>&2 + echo "$ME: error: Unsupported distribution" 1>&2 exit 0 ;; esac diff --git a/mainline/alpine/20-envsubst-on-templates.sh b/mainline/alpine/20-envsubst-on-templates.sh index 38df3a67f..545c765b7 100755 --- a/mainline/alpine/20-envsubst-on-templates.sh +++ b/mainline/alpine/20-envsubst-on-templates.sh @@ -13,7 +13,7 @@ auto_envsubst() { defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 + echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable" 1>&2 return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do diff --git a/mainline/buster-perl/10-listen-on-ipv6-by-default.sh b/mainline/buster-perl/10-listen-on-ipv6-by-default.sh index 85418f3ce..f9cf4dad3 100755 --- a/mainline/buster-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/buster-perl/10-listen-on-ipv6-by-default.sh @@ -8,25 +8,25 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo "$ME: ipv6 not available, exiting" 1>&2 + echo "$ME: error: ipv6 not available" 1>&2 exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" 1>&2 exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting" >1&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" >1&2; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo "$ME: can not guess the operating system, exiting" 1>&2 + echo "$ME: error: can not guess the operating system" 1>&2 exit 0 fi @@ -36,19 +36,19 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" 1>&2 exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo "$ME: /$DEFAULT_CONF_FILE differs from the packages version, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" 1>&2 exit 0 } ;; *) - echo "$ME: Unsupported distribution, exiting" 1>&2 + echo "$ME: error: Unsupported distribution" 1>&2 exit 0 ;; esac diff --git a/mainline/buster-perl/20-envsubst-on-templates.sh b/mainline/buster-perl/20-envsubst-on-templates.sh index 38df3a67f..545c765b7 100755 --- a/mainline/buster-perl/20-envsubst-on-templates.sh +++ b/mainline/buster-perl/20-envsubst-on-templates.sh @@ -13,7 +13,7 @@ auto_envsubst() { defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 + echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable" 1>&2 return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do diff --git a/mainline/buster/10-listen-on-ipv6-by-default.sh b/mainline/buster/10-listen-on-ipv6-by-default.sh index 85418f3ce..f9cf4dad3 100755 --- a/mainline/buster/10-listen-on-ipv6-by-default.sh +++ b/mainline/buster/10-listen-on-ipv6-by-default.sh @@ -8,25 +8,25 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo "$ME: ipv6 not available, exiting" 1>&2 + echo "$ME: error: ipv6 not available" 1>&2 exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" 1>&2 exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting" >1&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" >1&2; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo "$ME: can not guess the operating system, exiting" 1>&2 + echo "$ME: error: can not guess the operating system" 1>&2 exit 0 fi @@ -36,19 +36,19 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" 1>&2 exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo "$ME: /$DEFAULT_CONF_FILE differs from the packages version, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" 1>&2 exit 0 } ;; *) - echo "$ME: Unsupported distribution, exiting" 1>&2 + echo "$ME: error: Unsupported distribution" 1>&2 exit 0 ;; esac diff --git a/mainline/buster/20-envsubst-on-templates.sh b/mainline/buster/20-envsubst-on-templates.sh index 38df3a67f..545c765b7 100755 --- a/mainline/buster/20-envsubst-on-templates.sh +++ b/mainline/buster/20-envsubst-on-templates.sh @@ -13,7 +13,7 @@ auto_envsubst() { defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 + echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable" 1>&2 return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do diff --git a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh index 85418f3ce..f9cf4dad3 100755 --- a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -8,25 +8,25 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo "$ME: ipv6 not available, exiting" 1>&2 + echo "$ME: error: ipv6 not available" 1>&2 exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" 1>&2 exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting" >1&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" >1&2; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo "$ME: can not guess the operating system, exiting" 1>&2 + echo "$ME: error: can not guess the operating system" 1>&2 exit 0 fi @@ -36,19 +36,19 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" 1>&2 exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo "$ME: /$DEFAULT_CONF_FILE differs from the packages version, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" 1>&2 exit 0 } ;; *) - echo "$ME: Unsupported distribution, exiting" 1>&2 + echo "$ME: error: Unsupported distribution" 1>&2 exit 0 ;; esac diff --git a/stable/alpine-perl/20-envsubst-on-templates.sh b/stable/alpine-perl/20-envsubst-on-templates.sh index 38df3a67f..545c765b7 100755 --- a/stable/alpine-perl/20-envsubst-on-templates.sh +++ b/stable/alpine-perl/20-envsubst-on-templates.sh @@ -13,7 +13,7 @@ auto_envsubst() { defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 + echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable" 1>&2 return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do diff --git a/stable/alpine/10-listen-on-ipv6-by-default.sh b/stable/alpine/10-listen-on-ipv6-by-default.sh index 85418f3ce..f9cf4dad3 100755 --- a/stable/alpine/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine/10-listen-on-ipv6-by-default.sh @@ -8,25 +8,25 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo "$ME: ipv6 not available, exiting" 1>&2 + echo "$ME: error: ipv6 not available" 1>&2 exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" 1>&2 exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting" >1&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" >1&2; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo "$ME: can not guess the operating system, exiting" 1>&2 + echo "$ME: error: can not guess the operating system" 1>&2 exit 0 fi @@ -36,19 +36,19 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" 1>&2 exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo "$ME: /$DEFAULT_CONF_FILE differs from the packages version, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" 1>&2 exit 0 } ;; *) - echo "$ME: Unsupported distribution, exiting" 1>&2 + echo "$ME: error: Unsupported distribution" 1>&2 exit 0 ;; esac diff --git a/stable/alpine/20-envsubst-on-templates.sh b/stable/alpine/20-envsubst-on-templates.sh index 38df3a67f..545c765b7 100755 --- a/stable/alpine/20-envsubst-on-templates.sh +++ b/stable/alpine/20-envsubst-on-templates.sh @@ -13,7 +13,7 @@ auto_envsubst() { defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 + echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable" 1>&2 return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do diff --git a/stable/buster-perl/10-listen-on-ipv6-by-default.sh b/stable/buster-perl/10-listen-on-ipv6-by-default.sh index 85418f3ce..f9cf4dad3 100755 --- a/stable/buster-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/buster-perl/10-listen-on-ipv6-by-default.sh @@ -8,25 +8,25 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo "$ME: ipv6 not available, exiting" 1>&2 + echo "$ME: error: ipv6 not available" 1>&2 exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" 1>&2 exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting" >1&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" >1&2; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo "$ME: can not guess the operating system, exiting" 1>&2 + echo "$ME: error: can not guess the operating system" 1>&2 exit 0 fi @@ -36,19 +36,19 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" 1>&2 exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo "$ME: /$DEFAULT_CONF_FILE differs from the packages version, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" 1>&2 exit 0 } ;; *) - echo "$ME: Unsupported distribution, exiting" 1>&2 + echo "$ME: error: Unsupported distribution" 1>&2 exit 0 ;; esac diff --git a/stable/buster-perl/20-envsubst-on-templates.sh b/stable/buster-perl/20-envsubst-on-templates.sh index 38df3a67f..545c765b7 100755 --- a/stable/buster-perl/20-envsubst-on-templates.sh +++ b/stable/buster-perl/20-envsubst-on-templates.sh @@ -13,7 +13,7 @@ auto_envsubst() { defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 + echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable" 1>&2 return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do diff --git a/stable/buster/10-listen-on-ipv6-by-default.sh b/stable/buster/10-listen-on-ipv6-by-default.sh index 85418f3ce..f9cf4dad3 100755 --- a/stable/buster/10-listen-on-ipv6-by-default.sh +++ b/stable/buster/10-listen-on-ipv6-by-default.sh @@ -8,25 +8,25 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo "$ME: ipv6 not available, exiting" 1>&2 + echo "$ME: error: ipv6 not available" 1>&2 exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo "$ME: /$DEFAULT_CONF_FILE is not a file or does not exist, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" 1>&2 exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: Can not modify /$DEFAULT_CONF_FILE (read-only file system?), exiting" >1&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" >1&2; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: IPv6 listen already enabled, exiting"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo "$ME: can not guess the operating system, exiting" 1>&2 + echo "$ME: error: can not guess the operating system" 1>&2 exit 0 fi @@ -36,19 +36,19 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo "$ME: /$DEFAULT_CONF_FILE differs from the packaged version, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" 1>&2 exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo "$ME: /$DEFAULT_CONF_FILE differs from the packages version, exiting" 1>&2 + echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" 1>&2 exit 0 } ;; *) - echo "$ME: Unsupported distribution, exiting" 1>&2 + echo "$ME: error: Unsupported distribution" 1>&2 exit 0 ;; esac diff --git a/stable/buster/20-envsubst-on-templates.sh b/stable/buster/20-envsubst-on-templates.sh index 38df3a67f..545c765b7 100755 --- a/stable/buster/20-envsubst-on-templates.sh +++ b/stable/buster/20-envsubst-on-templates.sh @@ -13,7 +13,7 @@ auto_envsubst() { defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable, exiting" 1>&2 + echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable" 1>&2 return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do From 3dcf654f100182075f01dcb5f0c1e42c3fa402f2 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 18 Jun 2020 12:26:47 +0300 Subject: [PATCH 065/306] Fixed typo introduced in 172571e53c1c6dacc86bcef2b09abf91c451bd69 --- mainline/alpine-perl/10-listen-on-ipv6-by-default.sh | 2 +- mainline/alpine/10-listen-on-ipv6-by-default.sh | 2 +- mainline/buster-perl/10-listen-on-ipv6-by-default.sh | 2 +- mainline/buster/10-listen-on-ipv6-by-default.sh | 2 +- stable/alpine-perl/10-listen-on-ipv6-by-default.sh | 2 +- stable/alpine/10-listen-on-ipv6-by-default.sh | 2 +- stable/buster-perl/10-listen-on-ipv6-by-default.sh | 2 +- stable/buster/10-listen-on-ipv6-by-default.sh | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh index f9cf4dad3..9636f4c6e 100755 --- a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -18,7 +18,7 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" >1&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" 1>&2; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } diff --git a/mainline/alpine/10-listen-on-ipv6-by-default.sh b/mainline/alpine/10-listen-on-ipv6-by-default.sh index f9cf4dad3..9636f4c6e 100755 --- a/mainline/alpine/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine/10-listen-on-ipv6-by-default.sh @@ -18,7 +18,7 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" >1&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" 1>&2; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } diff --git a/mainline/buster-perl/10-listen-on-ipv6-by-default.sh b/mainline/buster-perl/10-listen-on-ipv6-by-default.sh index f9cf4dad3..9636f4c6e 100755 --- a/mainline/buster-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/buster-perl/10-listen-on-ipv6-by-default.sh @@ -18,7 +18,7 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" >1&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" 1>&2; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } diff --git a/mainline/buster/10-listen-on-ipv6-by-default.sh b/mainline/buster/10-listen-on-ipv6-by-default.sh index f9cf4dad3..9636f4c6e 100755 --- a/mainline/buster/10-listen-on-ipv6-by-default.sh +++ b/mainline/buster/10-listen-on-ipv6-by-default.sh @@ -18,7 +18,7 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" >1&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" 1>&2; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } diff --git a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh index f9cf4dad3..9636f4c6e 100755 --- a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -18,7 +18,7 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" >1&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" 1>&2; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } diff --git a/stable/alpine/10-listen-on-ipv6-by-default.sh b/stable/alpine/10-listen-on-ipv6-by-default.sh index f9cf4dad3..9636f4c6e 100755 --- a/stable/alpine/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine/10-listen-on-ipv6-by-default.sh @@ -18,7 +18,7 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" >1&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" 1>&2; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } diff --git a/stable/buster-perl/10-listen-on-ipv6-by-default.sh b/stable/buster-perl/10-listen-on-ipv6-by-default.sh index f9cf4dad3..9636f4c6e 100755 --- a/stable/buster-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/buster-perl/10-listen-on-ipv6-by-default.sh @@ -18,7 +18,7 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" >1&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" 1>&2; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } diff --git a/stable/buster/10-listen-on-ipv6-by-default.sh b/stable/buster/10-listen-on-ipv6-by-default.sh index f9cf4dad3..9636f4c6e 100755 --- a/stable/buster/10-listen-on-ipv6-by-default.sh +++ b/stable/buster/10-listen-on-ipv6-by-default.sh @@ -18,7 +18,7 @@ if [ ! -f "/$DEFAULT_CONF_FILE" ]; then fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" >1&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" 1>&2; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } From ea63c8ef2ffbd861e0d504af0451f76dfba95832 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 10 Jul 2020 14:10:16 +0300 Subject: [PATCH 066/306] Updated mainline nginx to 1.19.1 and njs to 0.4.2 --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/buster-perl/Dockerfile | 4 ++-- mainline/buster/Dockerfile | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index ab3628746..1950ff14e 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.0 -ENV NJS_VERSION 0.4.1 +ENV NGINX_VERSION 1.19.1 +ENV NJS_VERSION 0.4.2 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index b33795b7f..aea7a4248 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.0 -ENV NJS_VERSION 0.4.1 +ENV NGINX_VERSION 1.19.1 +ENV NJS_VERSION 0.4.2 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index f4a99ce4e..033ea6a74 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.0 -ENV NJS_VERSION 0.4.1 +ENV NGINX_VERSION 1.19.1 +ENV NJS_VERSION 0.4.2 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index 88784152b..b7c29cbbd 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.0 -ENV NJS_VERSION 0.4.1 +ENV NGINX_VERSION 1.19.1 +ENV NJS_VERSION 0.4.2 ENV PKG_RELEASE 1~buster RUN set -x \ From a88587d28928da1134d7a73d4fd2087bef966583 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 10 Jul 2020 14:12:43 +0300 Subject: [PATCH 067/306] Updated njs to 0.4.2 for stable images --- stable/alpine-perl/Dockerfile | 4 ++-- stable/alpine/Dockerfile | 4 ++-- stable/buster-perl/Dockerfile | 2 +- stable/buster/Dockerfile | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index c4e7d17e5..da428ec62 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.18.0 -ENV NJS_VERSION 0.4.0 +ENV NJS_VERSION 0.4.2 ENV PKG_RELEASE 1 RUN set -x \ @@ -65,7 +65,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up -r 474 \ + && hg up -r 489 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 09e6b6185..17cabf24c 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.18.0 -ENV NJS_VERSION 0.4.0 +ENV NJS_VERSION 0.4.2 ENV PKG_RELEASE 1 RUN set -x \ @@ -64,7 +64,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up -r 474 \ + && hg up -r 489 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/buster-perl/Dockerfile b/stable/buster-perl/Dockerfile index bb582472f..ea06f94e1 100644 --- a/stable/buster-perl/Dockerfile +++ b/stable/buster-perl/Dockerfile @@ -3,7 +3,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.18.0 -ENV NJS_VERSION 0.4.0 +ENV NJS_VERSION 0.4.2 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/stable/buster/Dockerfile b/stable/buster/Dockerfile index 6c98f2f7f..2e6c4618c 100644 --- a/stable/buster/Dockerfile +++ b/stable/buster/Dockerfile @@ -3,7 +3,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.18.0 -ENV NJS_VERSION 0.4.0 +ENV NJS_VERSION 0.4.2 ENV PKG_RELEASE 1~buster RUN set -x \ From 793319d7251c03eccecbf27b60e0cfbbd2d1f400 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 10 Jul 2020 14:23:41 +0300 Subject: [PATCH 068/306] Made all entrypoint scripts honour NGINX_ENTRYPOINT_QUIET_LOGS in full Fixes #437 --- .../alpine-perl/10-listen-on-ipv6-by-default.sh | 14 +++++++------- mainline/alpine-perl/20-envsubst-on-templates.sh | 2 +- mainline/alpine/10-listen-on-ipv6-by-default.sh | 14 +++++++------- mainline/alpine/20-envsubst-on-templates.sh | 2 +- .../buster-perl/10-listen-on-ipv6-by-default.sh | 14 +++++++------- mainline/buster-perl/20-envsubst-on-templates.sh | 2 +- mainline/buster/10-listen-on-ipv6-by-default.sh | 14 +++++++------- mainline/buster/20-envsubst-on-templates.sh | 2 +- stable/alpine-perl/10-listen-on-ipv6-by-default.sh | 14 +++++++------- stable/alpine-perl/20-envsubst-on-templates.sh | 2 +- stable/alpine/10-listen-on-ipv6-by-default.sh | 14 +++++++------- stable/alpine/20-envsubst-on-templates.sh | 2 +- stable/buster-perl/10-listen-on-ipv6-by-default.sh | 14 +++++++------- stable/buster-perl/20-envsubst-on-templates.sh | 2 +- stable/buster/10-listen-on-ipv6-by-default.sh | 14 +++++++------- stable/buster/20-envsubst-on-templates.sh | 2 +- 16 files changed, 64 insertions(+), 64 deletions(-) diff --git a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh index 9636f4c6e..9f73f9da3 100755 --- a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -8,17 +8,17 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo "$ME: error: ipv6 not available" 1>&2 + echo >&3 "$ME: error: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" 1>&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } @@ -26,7 +26,7 @@ grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo "$ME: error: can not guess the operating system" 1>&2 + echo >&3 "$ME: error: can not guess the operating system" exit 0 fi @@ -36,19 +36,19 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" exit 0 } ;; *) - echo "$ME: error: Unsupported distribution" 1>&2 + echo >&3 "$ME: error: Unsupported distribution" exit 0 ;; esac diff --git a/mainline/alpine-perl/20-envsubst-on-templates.sh b/mainline/alpine-perl/20-envsubst-on-templates.sh index 545c765b7..4f330295b 100755 --- a/mainline/alpine-perl/20-envsubst-on-templates.sh +++ b/mainline/alpine-perl/20-envsubst-on-templates.sh @@ -13,7 +13,7 @@ auto_envsubst() { defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable" 1>&2 + echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do diff --git a/mainline/alpine/10-listen-on-ipv6-by-default.sh b/mainline/alpine/10-listen-on-ipv6-by-default.sh index 9636f4c6e..9f73f9da3 100755 --- a/mainline/alpine/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine/10-listen-on-ipv6-by-default.sh @@ -8,17 +8,17 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo "$ME: error: ipv6 not available" 1>&2 + echo >&3 "$ME: error: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" 1>&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } @@ -26,7 +26,7 @@ grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo "$ME: error: can not guess the operating system" 1>&2 + echo >&3 "$ME: error: can not guess the operating system" exit 0 fi @@ -36,19 +36,19 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" exit 0 } ;; *) - echo "$ME: error: Unsupported distribution" 1>&2 + echo >&3 "$ME: error: Unsupported distribution" exit 0 ;; esac diff --git a/mainline/alpine/20-envsubst-on-templates.sh b/mainline/alpine/20-envsubst-on-templates.sh index 545c765b7..4f330295b 100755 --- a/mainline/alpine/20-envsubst-on-templates.sh +++ b/mainline/alpine/20-envsubst-on-templates.sh @@ -13,7 +13,7 @@ auto_envsubst() { defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable" 1>&2 + echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do diff --git a/mainline/buster-perl/10-listen-on-ipv6-by-default.sh b/mainline/buster-perl/10-listen-on-ipv6-by-default.sh index 9636f4c6e..9f73f9da3 100755 --- a/mainline/buster-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/buster-perl/10-listen-on-ipv6-by-default.sh @@ -8,17 +8,17 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo "$ME: error: ipv6 not available" 1>&2 + echo >&3 "$ME: error: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" 1>&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } @@ -26,7 +26,7 @@ grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo "$ME: error: can not guess the operating system" 1>&2 + echo >&3 "$ME: error: can not guess the operating system" exit 0 fi @@ -36,19 +36,19 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" exit 0 } ;; *) - echo "$ME: error: Unsupported distribution" 1>&2 + echo >&3 "$ME: error: Unsupported distribution" exit 0 ;; esac diff --git a/mainline/buster-perl/20-envsubst-on-templates.sh b/mainline/buster-perl/20-envsubst-on-templates.sh index 545c765b7..4f330295b 100755 --- a/mainline/buster-perl/20-envsubst-on-templates.sh +++ b/mainline/buster-perl/20-envsubst-on-templates.sh @@ -13,7 +13,7 @@ auto_envsubst() { defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable" 1>&2 + echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do diff --git a/mainline/buster/10-listen-on-ipv6-by-default.sh b/mainline/buster/10-listen-on-ipv6-by-default.sh index 9636f4c6e..9f73f9da3 100755 --- a/mainline/buster/10-listen-on-ipv6-by-default.sh +++ b/mainline/buster/10-listen-on-ipv6-by-default.sh @@ -8,17 +8,17 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo "$ME: error: ipv6 not available" 1>&2 + echo >&3 "$ME: error: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" 1>&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } @@ -26,7 +26,7 @@ grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo "$ME: error: can not guess the operating system" 1>&2 + echo >&3 "$ME: error: can not guess the operating system" exit 0 fi @@ -36,19 +36,19 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" exit 0 } ;; *) - echo "$ME: error: Unsupported distribution" 1>&2 + echo >&3 "$ME: error: Unsupported distribution" exit 0 ;; esac diff --git a/mainline/buster/20-envsubst-on-templates.sh b/mainline/buster/20-envsubst-on-templates.sh index 545c765b7..4f330295b 100755 --- a/mainline/buster/20-envsubst-on-templates.sh +++ b/mainline/buster/20-envsubst-on-templates.sh @@ -13,7 +13,7 @@ auto_envsubst() { defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable" 1>&2 + echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do diff --git a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh index 9636f4c6e..9f73f9da3 100755 --- a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -8,17 +8,17 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo "$ME: error: ipv6 not available" 1>&2 + echo >&3 "$ME: error: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" 1>&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } @@ -26,7 +26,7 @@ grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo "$ME: error: can not guess the operating system" 1>&2 + echo >&3 "$ME: error: can not guess the operating system" exit 0 fi @@ -36,19 +36,19 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" exit 0 } ;; *) - echo "$ME: error: Unsupported distribution" 1>&2 + echo >&3 "$ME: error: Unsupported distribution" exit 0 ;; esac diff --git a/stable/alpine-perl/20-envsubst-on-templates.sh b/stable/alpine-perl/20-envsubst-on-templates.sh index 545c765b7..4f330295b 100755 --- a/stable/alpine-perl/20-envsubst-on-templates.sh +++ b/stable/alpine-perl/20-envsubst-on-templates.sh @@ -13,7 +13,7 @@ auto_envsubst() { defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable" 1>&2 + echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do diff --git a/stable/alpine/10-listen-on-ipv6-by-default.sh b/stable/alpine/10-listen-on-ipv6-by-default.sh index 9636f4c6e..9f73f9da3 100755 --- a/stable/alpine/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine/10-listen-on-ipv6-by-default.sh @@ -8,17 +8,17 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo "$ME: error: ipv6 not available" 1>&2 + echo >&3 "$ME: error: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" 1>&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } @@ -26,7 +26,7 @@ grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo "$ME: error: can not guess the operating system" 1>&2 + echo >&3 "$ME: error: can not guess the operating system" exit 0 fi @@ -36,19 +36,19 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" exit 0 } ;; *) - echo "$ME: error: Unsupported distribution" 1>&2 + echo >&3 "$ME: error: Unsupported distribution" exit 0 ;; esac diff --git a/stable/alpine/20-envsubst-on-templates.sh b/stable/alpine/20-envsubst-on-templates.sh index 545c765b7..4f330295b 100755 --- a/stable/alpine/20-envsubst-on-templates.sh +++ b/stable/alpine/20-envsubst-on-templates.sh @@ -13,7 +13,7 @@ auto_envsubst() { defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable" 1>&2 + echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do diff --git a/stable/buster-perl/10-listen-on-ipv6-by-default.sh b/stable/buster-perl/10-listen-on-ipv6-by-default.sh index 9636f4c6e..9f73f9da3 100755 --- a/stable/buster-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/buster-perl/10-listen-on-ipv6-by-default.sh @@ -8,17 +8,17 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo "$ME: error: ipv6 not available" 1>&2 + echo >&3 "$ME: error: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" 1>&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } @@ -26,7 +26,7 @@ grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo "$ME: error: can not guess the operating system" 1>&2 + echo >&3 "$ME: error: can not guess the operating system" exit 0 fi @@ -36,19 +36,19 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" exit 0 } ;; *) - echo "$ME: error: Unsupported distribution" 1>&2 + echo >&3 "$ME: error: Unsupported distribution" exit 0 ;; esac diff --git a/stable/buster-perl/20-envsubst-on-templates.sh b/stable/buster-perl/20-envsubst-on-templates.sh index 545c765b7..4f330295b 100755 --- a/stable/buster-perl/20-envsubst-on-templates.sh +++ b/stable/buster-perl/20-envsubst-on-templates.sh @@ -13,7 +13,7 @@ auto_envsubst() { defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable" 1>&2 + echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do diff --git a/stable/buster/10-listen-on-ipv6-by-default.sh b/stable/buster/10-listen-on-ipv6-by-default.sh index 9636f4c6e..9f73f9da3 100755 --- a/stable/buster/10-listen-on-ipv6-by-default.sh +++ b/stable/buster/10-listen-on-ipv6-by-default.sh @@ -8,17 +8,17 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo "$ME: error: ipv6 not available" 1>&2 + echo >&3 "$ME: error: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)" 1>&2; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } @@ -26,7 +26,7 @@ grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo "$ME: error: can not guess the operating system" 1>&2 + echo >&3 "$ME: error: can not guess the operating system" exit 0 fi @@ -36,19 +36,19 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" 1>&2 + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" exit 0 } ;; *) - echo "$ME: error: Unsupported distribution" 1>&2 + echo >&3 "$ME: error: Unsupported distribution" exit 0 ;; esac diff --git a/stable/buster/20-envsubst-on-templates.sh b/stable/buster/20-envsubst-on-templates.sh index 545c765b7..4f330295b 100755 --- a/stable/buster/20-envsubst-on-templates.sh +++ b/stable/buster/20-envsubst-on-templates.sh @@ -13,7 +13,7 @@ auto_envsubst() { defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo "$ME: ERROR: $template_dir exists, but $output_dir is not writable" 1>&2 + echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do From 9774b522d4661effea57a1fbf64c883e699ac3ec Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 13 Aug 2020 11:27:00 +0300 Subject: [PATCH 069/306] Update nginx to 1.19.2 and njs to 0.4.3 on mainline images --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/buster-perl/Dockerfile | 4 ++-- mainline/buster/Dockerfile | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 1950ff14e..1fdeb33e5 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.1 -ENV NJS_VERSION 0.4.2 +ENV NGINX_VERSION 1.19.2 +ENV NJS_VERSION 0.4.3 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index aea7a4248..b2b59d869 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.1 -ENV NJS_VERSION 0.4.2 +ENV NGINX_VERSION 1.19.2 +ENV NJS_VERSION 0.4.3 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index 033ea6a74..244c5d6cc 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.1 -ENV NJS_VERSION 0.4.2 +ENV NGINX_VERSION 1.19.2 +ENV NJS_VERSION 0.4.3 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index b7c29cbbd..6c31244ae 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.1 -ENV NJS_VERSION 0.4.2 +ENV NGINX_VERSION 1.19.2 +ENV NJS_VERSION 0.4.3 ENV PKG_RELEASE 1~buster RUN set -x \ From dded647966e2a2d09db621d896be6ee682085d5a Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 13 Aug 2020 11:28:44 +0300 Subject: [PATCH 070/306] Updated njs to 0.4.3 on stable images --- stable/alpine-perl/Dockerfile | 4 ++-- stable/alpine/Dockerfile | 4 ++-- stable/buster-perl/Dockerfile | 2 +- stable/buster/Dockerfile | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index da428ec62..7b44d35fc 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.18.0 -ENV NJS_VERSION 0.4.2 +ENV NJS_VERSION 0.4.3 ENV PKG_RELEASE 1 RUN set -x \ @@ -65,7 +65,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up -r 489 \ + && hg up -r 494 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 17cabf24c..f425e7a03 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.18.0 -ENV NJS_VERSION 0.4.2 +ENV NJS_VERSION 0.4.3 ENV PKG_RELEASE 1 RUN set -x \ @@ -64,7 +64,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up -r 489 \ + && hg up -r 494 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/buster-perl/Dockerfile b/stable/buster-perl/Dockerfile index ea06f94e1..5ae0c767e 100644 --- a/stable/buster-perl/Dockerfile +++ b/stable/buster-perl/Dockerfile @@ -3,7 +3,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.18.0 -ENV NJS_VERSION 0.4.2 +ENV NJS_VERSION 0.4.3 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/stable/buster/Dockerfile b/stable/buster/Dockerfile index 2e6c4618c..2df094864 100644 --- a/stable/buster/Dockerfile +++ b/stable/buster/Dockerfile @@ -3,7 +3,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.18.0 -ENV NJS_VERSION 0.4.2 +ENV NJS_VERSION 0.4.3 ENV PKG_RELEASE 1~buster RUN set -x \ From aa41ddeef871b7f0ea64a44f26d3f4aa0e6d5e7b Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 13 Aug 2020 11:29:19 +0300 Subject: [PATCH 071/306] Moved mainline alpine images to 3.12 --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 1fdeb33e5..631ce29be 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.11 +FROM alpine:3.12 LABEL maintainer="NGINX Docker Maintainers " diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index b2b59d869..6b185bffd 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.11 +FROM alpine:3.12 LABEL maintainer="NGINX Docker Maintainers " From 0dc809fa606828a78087cd0a824bed06268d73e0 Mon Sep 17 00:00:00 2001 From: Nicolas Floquet Date: Mon, 5 Oct 2020 13:17:22 +0200 Subject: [PATCH 072/306] Update nginx version to 1.19.3 --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/buster-perl/Dockerfile | 4 ++-- mainline/buster/Dockerfile | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 631ce29be..52156c9a1 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.12 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.2 -ENV NJS_VERSION 0.4.3 +ENV NGINX_VERSION 1.19.3 +ENV NJS_VERSION 0.4.4 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 6b185bffd..79ae29e00 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,8 +2,8 @@ FROM alpine:3.12 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.2 -ENV NJS_VERSION 0.4.3 +ENV NGINX_VERSION 1.19.3 +ENV NJS_VERSION 0.4.4 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index 244c5d6cc..ef7c48f8c 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.2 -ENV NJS_VERSION 0.4.3 +ENV NGINX_VERSION 1.19.3 +ENV NJS_VERSION 0.4.4 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index 6c31244ae..c3747bc71 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -2,8 +2,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.2 -ENV NJS_VERSION 0.4.3 +ENV NGINX_VERSION 1.19.3 +ENV NJS_VERSION 0.4.4 ENV PKG_RELEASE 1~buster RUN set -x \ From 5488180ebdd45b12b45107694dfa92dc878a2795 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 5 Oct 2020 15:23:50 +0300 Subject: [PATCH 073/306] Updated njs to 0.4.4 on stable images --- stable/alpine-perl/Dockerfile | 4 ++-- stable/alpine/Dockerfile | 4 ++-- stable/buster-perl/Dockerfile | 2 +- stable/buster/Dockerfile | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 7b44d35fc..48f7cedad 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.18.0 -ENV NJS_VERSION 0.4.3 +ENV NJS_VERSION 0.4.4 ENV PKG_RELEASE 1 RUN set -x \ @@ -65,7 +65,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up -r 494 \ + && hg up -r 500 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index f425e7a03..9c38a4184 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.18.0 -ENV NJS_VERSION 0.4.3 +ENV NJS_VERSION 0.4.4 ENV PKG_RELEASE 1 RUN set -x \ @@ -64,7 +64,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up -r 494 \ + && hg up -r 500 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/buster-perl/Dockerfile b/stable/buster-perl/Dockerfile index 5ae0c767e..814652f7d 100644 --- a/stable/buster-perl/Dockerfile +++ b/stable/buster-perl/Dockerfile @@ -3,7 +3,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.18.0 -ENV NJS_VERSION 0.4.3 +ENV NJS_VERSION 0.4.4 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/stable/buster/Dockerfile b/stable/buster/Dockerfile index 2df094864..3200ce0ab 100644 --- a/stable/buster/Dockerfile +++ b/stable/buster/Dockerfile @@ -3,7 +3,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.18.0 -ENV NJS_VERSION 0.4.3 +ENV NJS_VERSION 0.4.4 ENV PKG_RELEASE 1~buster RUN set -x \ From a4208f853fa3fcb73a146a268fb2d5f0eee7733b Mon Sep 17 00:00:00 2001 From: Vlad GURDIGA Date: Mon, 31 Aug 2020 17:50:21 +0300 Subject: [PATCH 074/306] Fix typo in 10-listen-on-ipv6-by-default.sh --- mainline/alpine-perl/10-listen-on-ipv6-by-default.sh | 2 +- mainline/alpine/10-listen-on-ipv6-by-default.sh | 2 +- mainline/buster-perl/10-listen-on-ipv6-by-default.sh | 2 +- mainline/buster/10-listen-on-ipv6-by-default.sh | 2 +- stable/alpine-perl/10-listen-on-ipv6-by-default.sh | 2 +- stable/alpine/10-listen-on-ipv6-by-default.sh | 2 +- stable/buster-perl/10-listen-on-ipv6-by-default.sh | 2 +- stable/buster/10-listen-on-ipv6-by-default.sh | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh index 9f73f9da3..54366c2cd 100755 --- a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -43,7 +43,7 @@ case "$ID" in "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; diff --git a/mainline/alpine/10-listen-on-ipv6-by-default.sh b/mainline/alpine/10-listen-on-ipv6-by-default.sh index 9f73f9da3..54366c2cd 100755 --- a/mainline/alpine/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine/10-listen-on-ipv6-by-default.sh @@ -43,7 +43,7 @@ case "$ID" in "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; diff --git a/mainline/buster-perl/10-listen-on-ipv6-by-default.sh b/mainline/buster-perl/10-listen-on-ipv6-by-default.sh index 9f73f9da3..54366c2cd 100755 --- a/mainline/buster-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/buster-perl/10-listen-on-ipv6-by-default.sh @@ -43,7 +43,7 @@ case "$ID" in "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; diff --git a/mainline/buster/10-listen-on-ipv6-by-default.sh b/mainline/buster/10-listen-on-ipv6-by-default.sh index 9f73f9da3..54366c2cd 100755 --- a/mainline/buster/10-listen-on-ipv6-by-default.sh +++ b/mainline/buster/10-listen-on-ipv6-by-default.sh @@ -43,7 +43,7 @@ case "$ID" in "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; diff --git a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh index 9f73f9da3..54366c2cd 100755 --- a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -43,7 +43,7 @@ case "$ID" in "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; diff --git a/stable/alpine/10-listen-on-ipv6-by-default.sh b/stable/alpine/10-listen-on-ipv6-by-default.sh index 9f73f9da3..54366c2cd 100755 --- a/stable/alpine/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine/10-listen-on-ipv6-by-default.sh @@ -43,7 +43,7 @@ case "$ID" in "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; diff --git a/stable/buster-perl/10-listen-on-ipv6-by-default.sh b/stable/buster-perl/10-listen-on-ipv6-by-default.sh index 9f73f9da3..54366c2cd 100755 --- a/stable/buster-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/buster-perl/10-listen-on-ipv6-by-default.sh @@ -43,7 +43,7 @@ case "$ID" in "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; diff --git a/stable/buster/10-listen-on-ipv6-by-default.sh b/stable/buster/10-listen-on-ipv6-by-default.sh index 9f73f9da3..54366c2cd 100755 --- a/stable/buster/10-listen-on-ipv6-by-default.sh +++ b/stable/buster/10-listen-on-ipv6-by-default.sh @@ -43,7 +43,7 @@ case "$ID" in "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packages version" + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; From aebdace36df83690ca283405efd283bc750ff41e Mon Sep 17 00:00:00 2001 From: J0WI Date: Tue, 3 Nov 2020 23:38:56 +0100 Subject: [PATCH 075/306] Update nginx to 1.19.4 --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/buster-perl/Dockerfile | 2 +- mainline/buster/Dockerfile | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 52156c9a1..7e032074a 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.12 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.3 +ENV NGINX_VERSION 1.19.4 ENV NJS_VERSION 0.4.4 ENV PKG_RELEASE 1 diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 79ae29e00..19bf8d422 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.12 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.3 +ENV NGINX_VERSION 1.19.4 ENV NJS_VERSION 0.4.4 ENV PKG_RELEASE 1 diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index ef7c48f8c..e989dbee0 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -2,7 +2,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.3 +ENV NGINX_VERSION 1.19.4 ENV NJS_VERSION 0.4.4 ENV PKG_RELEASE 1~buster diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index c3747bc71..94f0bf66c 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -2,7 +2,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.3 +ENV NGINX_VERSION 1.19.4 ENV NJS_VERSION 0.4.4 ENV PKG_RELEASE 1~buster From deff8fbe9d3e8613de110265aa932d84d1827acf Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 5 Nov 2020 12:12:27 +0300 Subject: [PATCH 076/306] Fixed njs package versioning --- mainline/buster-perl/Dockerfile | 2 +- mainline/buster/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mainline/buster-perl/Dockerfile b/mainline/buster-perl/Dockerfile index e989dbee0..edba63dc7 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/buster-perl/Dockerfile @@ -33,7 +33,7 @@ RUN set -x \ nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ amd64|i386) \ diff --git a/mainline/buster/Dockerfile b/mainline/buster/Dockerfile index 94f0bf66c..b3f07e4a4 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/buster/Dockerfile @@ -32,7 +32,7 @@ RUN set -x \ nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ amd64|i386) \ From d5f4d236dccea71a84c410170566d397066612a5 Mon Sep 17 00:00:00 2001 From: Dmitry Verkhoturov Date: Tue, 10 Nov 2020 16:14:41 +0100 Subject: [PATCH 077/306] Bump 1.18.0 PKG_RELEASE from 1 to 2 --- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- stable/buster-perl/Dockerfile | 2 +- stable/buster/Dockerfile | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 48f7cedad..b6d91ef4b 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -4,7 +4,7 @@ LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.18.0 ENV NJS_VERSION 0.4.4 -ENV PKG_RELEASE 1 +ENV PKG_RELEASE 2 RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 9c38a4184..ec708a035 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -4,7 +4,7 @@ LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.18.0 ENV NJS_VERSION 0.4.4 -ENV PKG_RELEASE 1 +ENV PKG_RELEASE 2 RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants diff --git a/stable/buster-perl/Dockerfile b/stable/buster-perl/Dockerfile index 814652f7d..2fea6ed0e 100644 --- a/stable/buster-perl/Dockerfile +++ b/stable/buster-perl/Dockerfile @@ -4,7 +4,7 @@ LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.18.0 ENV NJS_VERSION 0.4.4 -ENV PKG_RELEASE 1~buster +ENV PKG_RELEASE 2~buster RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants diff --git a/stable/buster/Dockerfile b/stable/buster/Dockerfile index 3200ce0ab..5b9123206 100644 --- a/stable/buster/Dockerfile +++ b/stable/buster/Dockerfile @@ -4,7 +4,7 @@ LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.18.0 ENV NJS_VERSION 0.4.4 -ENV PKG_RELEASE 1~buster +ENV PKG_RELEASE 2~buster RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants From c84a1a2d8845707821af2b79a210b234a805a6a2 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 11 Nov 2020 12:18:37 +0300 Subject: [PATCH 078/306] Lower the severity of logging messages on ipv6-enabling script. Fixes #419 --- mainline/alpine-perl/10-listen-on-ipv6-by-default.sh | 6 +++--- mainline/alpine/10-listen-on-ipv6-by-default.sh | 6 +++--- mainline/buster-perl/10-listen-on-ipv6-by-default.sh | 6 +++--- mainline/buster/10-listen-on-ipv6-by-default.sh | 6 +++--- stable/alpine-perl/10-listen-on-ipv6-by-default.sh | 6 +++--- stable/alpine/10-listen-on-ipv6-by-default.sh | 6 +++--- stable/buster-perl/10-listen-on-ipv6-by-default.sh | 6 +++--- stable/buster/10-listen-on-ipv6-by-default.sh | 6 +++--- 8 files changed, 24 insertions(+), 24 deletions(-) diff --git a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh index 54366c2cd..832918a27 100755 --- a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -21,7 +21,7 @@ fi touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release @@ -36,14 +36,14 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; diff --git a/mainline/alpine/10-listen-on-ipv6-by-default.sh b/mainline/alpine/10-listen-on-ipv6-by-default.sh index 54366c2cd..832918a27 100755 --- a/mainline/alpine/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine/10-listen-on-ipv6-by-default.sh @@ -21,7 +21,7 @@ fi touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release @@ -36,14 +36,14 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; diff --git a/mainline/buster-perl/10-listen-on-ipv6-by-default.sh b/mainline/buster-perl/10-listen-on-ipv6-by-default.sh index 54366c2cd..832918a27 100755 --- a/mainline/buster-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/buster-perl/10-listen-on-ipv6-by-default.sh @@ -21,7 +21,7 @@ fi touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release @@ -36,14 +36,14 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; diff --git a/mainline/buster/10-listen-on-ipv6-by-default.sh b/mainline/buster/10-listen-on-ipv6-by-default.sh index 54366c2cd..832918a27 100755 --- a/mainline/buster/10-listen-on-ipv6-by-default.sh +++ b/mainline/buster/10-listen-on-ipv6-by-default.sh @@ -21,7 +21,7 @@ fi touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release @@ -36,14 +36,14 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; diff --git a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh index 54366c2cd..832918a27 100755 --- a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -21,7 +21,7 @@ fi touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release @@ -36,14 +36,14 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; diff --git a/stable/alpine/10-listen-on-ipv6-by-default.sh b/stable/alpine/10-listen-on-ipv6-by-default.sh index 54366c2cd..832918a27 100755 --- a/stable/alpine/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine/10-listen-on-ipv6-by-default.sh @@ -21,7 +21,7 @@ fi touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release @@ -36,14 +36,14 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; diff --git a/stable/buster-perl/10-listen-on-ipv6-by-default.sh b/stable/buster-perl/10-listen-on-ipv6-by-default.sh index 54366c2cd..832918a27 100755 --- a/stable/buster-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/buster-perl/10-listen-on-ipv6-by-default.sh @@ -21,7 +21,7 @@ fi touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release @@ -36,14 +36,14 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; diff --git a/stable/buster/10-listen-on-ipv6-by-default.sh b/stable/buster/10-listen-on-ipv6-by-default.sh index 54366c2cd..832918a27 100755 --- a/stable/buster/10-listen-on-ipv6-by-default.sh +++ b/stable/buster/10-listen-on-ipv6-by-default.sh @@ -21,7 +21,7 @@ fi touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: error: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release @@ -36,14 +36,14 @@ case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE differs from the packaged version" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; From 4a6623af8e1035cf32b5cb7829a3e8106406cccd Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 12 Nov 2020 18:19:40 +0300 Subject: [PATCH 079/306] Fixed stable alpine builds on non-amd64 --- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index b6d91ef4b..7226df349 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -65,7 +65,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up -r 500 \ + && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index ec708a035..5eddcc294 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -64,7 +64,7 @@ RUN set -x \ && cd ${tempDir} \ && hg clone https://hg.nginx.org/pkg-oss \ && cd pkg-oss \ - && hg up -r 500 \ + && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ From 56a20ba866321e5e5a3bd7dc2569d4a182e62506 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 18 Nov 2020 21:16:51 +0300 Subject: [PATCH 080/306] Added update script and template to make changes management easier --- Dockerfile-alpine.template | 114 ++++++++++++++++ Dockerfile-debian.template | 105 +++++++++++++++ entrypoint/10-listen-on-ipv6-by-default.sh | 61 +++++++++ entrypoint/20-envsubst-on-templates.sh | 32 +++++ entrypoint/docker-entrypoint.sh | 38 ++++++ update.sh | 148 +++++++++++++++++++++ 6 files changed, 498 insertions(+) create mode 100644 Dockerfile-alpine.template create mode 100644 Dockerfile-debian.template create mode 100755 entrypoint/10-listen-on-ipv6-by-default.sh create mode 100755 entrypoint/20-envsubst-on-templates.sh create mode 100755 entrypoint/docker-entrypoint.sh create mode 100755 update.sh diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template new file mode 100644 index 000000000..56e62f36c --- /dev/null +++ b/Dockerfile-alpine.template @@ -0,0 +1,114 @@ +FROM alpine:%%ALPINE_VERSION%% + +LABEL maintainer="NGINX Docker Maintainers " + +ENV NGINX_VERSION %%NGINX_VERSION%% +ENV NJS_VERSION %%NJS_VERSION%% +ENV PKG_RELEASE %%PKG_RELEASE%% + +RUN set -x \ +# create nginx user/group first, to be consistent throughout docker variants + && addgroup -g 101 -S nginx \ + && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \ + && apkArch="$(cat /etc/apk/arch)" \ + && nginxPackages="%%PACKAGES%% + " \ + && case "$apkArch" in \ + x86_64) \ +# arches officially built by upstream + set -x \ + && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && apk add --no-cache --virtual .cert-deps \ + openssl \ + && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ + && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + echo "key verification succeeded!"; \ + mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ + else \ + echo "key verification failed!"; \ + exit 1; \ + fi \ + && apk del .cert-deps \ + && apk add -X "%%PACKAGEREPO%%v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published packaging sources + set -x \ + && tempDir="$(mktemp -d)" \ + && chown nobody:nobody $tempDir \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre-dev \ + zlib-dev \ + linux-headers \ + libxslt-dev \ + gd-dev \ + geoip-dev \ + perl-dev \ + libedit-dev \ + mercurial \ + bash \ + alpine-sdk \ + findutils \ + && su nobody -s /bin/sh -c " \ + export HOME=${tempDir} \ + && cd ${tempDir} \ + && hg clone https://hg.nginx.org/pkg-oss \ + && cd pkg-oss \ + && hg up %%REVISION%% \ + && cd alpine \ + && make all \ + && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ + " \ + && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ + && apk del .build-deps \ + && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ + ;; \ + esac \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ +# Bring in gettext so we can get `envsubst`, then throw +# the rest away. To do this, we need to install `gettext` +# then move `envsubst` out of the way so `gettext` can +# be deleted completely, then move `envsubst` back. + && apk add --no-cache --virtual .gettext gettext \ + && mv /usr/bin/envsubst /tmp/ \ + \ + && runDeps="$( \ + scanelf --needed --nobanner /tmp/envsubst \ + | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ + | sort -u \ + | xargs -r apk info --installed \ + | sort -u \ + )" \ + && apk add --no-cache $runDeps \ + && apk del .gettext \ + && mv /tmp/envsubst /usr/local/bin/ \ +# Bring in tzdata so users could set the timezones through the environment +# variables + && apk add --no-cache tzdata \ +# Bring in curl and ca-certificates to make registering on DNS SD easier + && apk add --no-cache curl ca-certificates \ +# forward request and error logs to docker log collector + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ +# create a docker-entrypoint.d directory + && mkdir /docker-entrypoint.d + +COPY docker-entrypoint.sh / +COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 20-envsubst-on-templates.sh /docker-entrypoint.d +ENTRYPOINT ["/docker-entrypoint.sh"] + +EXPOSE 80 + +STOPSIGNAL SIGTERM + +CMD ["nginx", "-g", "daemon off;"] diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template new file mode 100644 index 000000000..ca89e8f99 --- /dev/null +++ b/Dockerfile-debian.template @@ -0,0 +1,105 @@ +FROM debian:%%DEBIAN_VERSION%%-slim + +LABEL maintainer="NGINX Docker Maintainers " + +ENV NGINX_VERSION %%NGINX_VERSION%% +ENV NJS_VERSION %%NJS_VERSION%% +ENV PKG_RELEASE %%PKG_RELEASE%% + +RUN set -x \ +# create nginx user/group first, to be consistent throughout docker variants + && addgroup --system --gid 101 nginx \ + && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ + && apt-get update \ + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ + && \ + NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + found=''; \ + for server in \ + ha.pool.sks-keyservers.net \ + hkp://keyserver.ubuntu.com:80 \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ + apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ + && dpkgArch="$(dpkg --print-architecture)" \ + && nginxPackages="%%PACKAGES%% + " \ + && case "$dpkgArch" in \ + amd64|i386) \ +# arches officialy built by upstream + echo "deb %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ + && apt-get update \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published source packages + echo "deb-src %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ + \ +# new directory for storing sources and .deb files + && tempDir="$(mktemp -d)" \ + && chmod 777 "$tempDir" \ +# (777 to ensure APT's "_apt" user can access it too) + \ +# save list of currently-installed packages so build dependencies can be cleanly removed later + && savedAptMark="$(apt-mark showmanual)" \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + && apt-get update \ + && apt-get build-dep -y $nginxPackages \ + && ( \ + cd "$tempDir" \ + && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile $nginxPackages \ + ) \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + && apt-mark showmanual | xargs apt-mark auto > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + && ls -lAFh "$tempDir" \ + && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ + && grep '^Package: ' "$tempDir/Packages" \ + && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + && apt-get -o Acquire::GzipIndexes=false update \ + ;; \ + esac \ + \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + $nginxPackages \ + gettext-base \ + curl \ + && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then \ + apt-get purge -y --auto-remove \ + && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi \ +# forward request and error logs to docker log collector + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ +# create a docker-entrypoint.d directory + && mkdir /docker-entrypoint.d + +COPY docker-entrypoint.sh / +COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 20-envsubst-on-templates.sh /docker-entrypoint.d +ENTRYPOINT ["/docker-entrypoint.sh"] + +EXPOSE 80 + +STOPSIGNAL SIGTERM + +CMD ["nginx", "-g", "daemon off;"] diff --git a/entrypoint/10-listen-on-ipv6-by-default.sh b/entrypoint/10-listen-on-ipv6-by-default.sh new file mode 100755 index 000000000..832918a27 --- /dev/null +++ b/entrypoint/10-listen-on-ipv6-by-default.sh @@ -0,0 +1,61 @@ +#!/bin/sh +# vim:sw=4:ts=4:et + +set -e + +ME=$(basename $0) +DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" + +# check if we have ipv6 available +if [ ! -f "/proc/net/if_inet6" ]; then + echo >&3 "$ME: error: ipv6 not available" + exit 0 +fi + +if [ ! -f "/$DEFAULT_CONF_FILE" ]; then + echo >&3 "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" + exit 0 +fi + +# check if the file can be modified, e.g. not on a r/o filesystem +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } + +# check if the file is already modified, e.g. on a container restart +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } + +if [ -f "/etc/os-release" ]; then + . /etc/os-release +else + echo >&3 "$ME: error: can not guess the operating system" + exit 0 +fi + +echo >&3 "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" + +case "$ID" in + "debian") + CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + exit 0 + } + ;; + "alpine") + CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + exit 0 + } + ;; + *) + echo >&3 "$ME: error: Unsupported distribution" + exit 0 + ;; +esac + +# enable ipv6 on default.conf listen sockets +sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE + +echo >&3 "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" + +exit 0 diff --git a/entrypoint/20-envsubst-on-templates.sh b/entrypoint/20-envsubst-on-templates.sh new file mode 100755 index 000000000..4f330295b --- /dev/null +++ b/entrypoint/20-envsubst-on-templates.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +set -e + +ME=$(basename $0) + +auto_envsubst() { + local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" + local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" + local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + + local template defined_envs relative_path output_path subdir + defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + [ -d "$template_dir" ] || return 0 + if [ ! -w "$output_dir" ]; then + echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + return 0 + fi + find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do + relative_path="${template#$template_dir/}" + output_path="$output_dir/${relative_path%$suffix}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$output_dir/$subdir" + echo >&3 "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done +} + +auto_envsubst + +exit 0 diff --git a/entrypoint/docker-entrypoint.sh b/entrypoint/docker-entrypoint.sh new file mode 100755 index 000000000..88732541b --- /dev/null +++ b/entrypoint/docker-entrypoint.sh @@ -0,0 +1,38 @@ +#!/bin/sh +# vim:sw=4:ts=4:et + +set -e + +if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + exec 3>&1 +else + exec 3>/dev/null +fi + +if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then + echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + + echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do + case "$f" in + *.sh) + if [ -x "$f" ]; then + echo >&3 "$0: Launching $f"; + "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; + *) echo >&3 "$0: Ignoring $f";; + esac + done + + echo >&3 "$0: Configuration complete; ready for start up" + else + echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + fi +fi + +exec "$@" diff --git a/update.sh b/update.sh new file mode 100755 index 000000000..e0606bd0e --- /dev/null +++ b/update.sh @@ -0,0 +1,148 @@ +#!/usr/bin/env bash +set -Eeuo pipefail +shopt -s nullglob + +cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" + +declare branches=( + "stable" + "mainline" +) + +declare -A nginx=( + [mainline]='1.19.4' + [stable]='1.18.0' +) + +defaultnjs='0.4.4' +declare -A njs=( + #[stable]='0.4.3' +) + +defaultpkg='1' +declare -A pkg=( + [stable]=2 +) + +defaultdebian='buster' +declare -A debian=( + #[stable]='stretch' +) + +defaultalpine='3.12' +declare -A alpine=( + [stable]='3.11' +) + +# When we bump njs version in a stable release we don't move the tag in the +# mercurial repo. This setting allows us to specify a revision to check out +# when building alpine packages on architectures not supported by nginx.org +defaultrev='${NGINX_VERSION}-${PKG_RELEASE}' +declare -A rev=( + #[stable]='-r 500' +) + +get_packages() { + local distro="$1"; shift; + local branch="$1"; shift; + local perl= + local r= + local sep= + + case "$distro:$branch" in + alpine*:*) + r="r" + sep="." + ;; + debian*:stable) + sep="." + ;; + debian*:*) + sep="+" + ;; + esac + + case "$distro" in + *-perl) + perl="nginx-module-perl" + ;; + esac + + echo -n ' \\\n' + for p in nginx nginx-module-xslt nginx-module-geoip nginx-module-image-filter $perl; do + echo -n ' '"$p"'=${NGINX_VERSION}-'"$r"'${PKG_RELEASE} \\\n' + done + for p in nginx-module-njs; do + echo -n ' '"$p"'=${NGINX_VERSION}'"$sep"'${NJS_VERSION}-'"$r"'${PKG_RELEASE} \\' + done +} + +get_packagerepo() { + local distro="${1%-perl}"; shift; + local branch="$1"; shift; + + [ "$branch" = "mainline" ] && branch="$branch/" || branch="" + + echo "https://nginx.org/packages/${branch}${distro}/" +} + +get_packagever() { + local distro="${1%-perl}"; shift; + local branch="$1"; shift; + local suffix= + + [ "${distro}" = "debian" ] && suffix="~${debianver}" + + echo ${pkg[$branch]:-$defaultpkg}${suffix} +} + +generated_warning() { + cat << __EOF__ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# +__EOF__ +} + +for branch in "${branches[@]}"; do + for variant in \ + alpine{,-perl} \ + debian{,-perl} \ + ; do + echo "$branch: $variant" + dir="$branch/$variant" + variant="$(basename "$variant")" + + [ -d "$dir" ] || continue + + template="Dockerfile-${variant%-perl}.template" + { generated_warning; cat "$template"; } > "$dir/Dockerfile" + + debianver="${debian[$branch]:-$defaultdebian}" + alpinever="${alpine[$branch]:-$defaultalpine}" + nginxver="${nginx[$branch]}" + njsver="${njs[${branch}]:-$defaultnjs}" + pkgver="${pkg[${branch}]:-$defaultpkg}" + revver="${rev[${branch}]:-$defaultrev}" + + packagerepo=$(get_packagerepo "$variant" "$branch") + packages=$(get_packages "$variant" "$branch") + packagever=$(get_packagever "$variant" "$branch") + + sed -i \ + -e 's,%%ALPINE_VERSION%%,'"$alpinever"',' \ + -e 's,%%DEBIAN_VERSION%%,'"$debianver"',' \ + -e 's,%%NGINX_VERSION%%,'"$nginxver"',' \ + -e 's,%%NJS_VERSION%%,'"$njsver"',' \ + -e 's,%%PKG_RELEASE%%,'"$packagever"',' \ + -e 's,%%PACKAGES%%,'"$packages"',' \ + -e 's,%%PACKAGEREPO%%,'"$packagerepo"',' \ + -e 's,%%REVISION%%,'"$revver"',' \ + "$dir/Dockerfile" + + cp -a entrypoint/*.sh "$dir/" + + done +done From 4370fa1e7c8a2aa66205b26c3fb08beb2c37c1b0 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 18 Nov 2020 21:18:36 +0300 Subject: [PATCH 081/306] Renegerated targets via update.sh --- mainline/alpine-perl/Dockerfile | 5 +++++ mainline/alpine/Dockerfile | 5 +++++ .../10-listen-on-ipv6-by-default.sh | 0 .../{buster-perl => debian-perl}/20-envsubst-on-templates.sh | 0 mainline/{buster-perl => debian-perl}/Dockerfile | 5 +++++ mainline/{buster-perl => debian-perl}/docker-entrypoint.sh | 0 mainline/{buster => debian}/10-listen-on-ipv6-by-default.sh | 0 mainline/{buster => debian}/20-envsubst-on-templates.sh | 0 mainline/{buster => debian}/Dockerfile | 5 +++++ mainline/{buster => debian}/docker-entrypoint.sh | 0 stable/alpine-perl/Dockerfile | 5 +++++ stable/alpine/Dockerfile | 5 +++++ .../10-listen-on-ipv6-by-default.sh | 0 .../{buster-perl => debian-perl}/20-envsubst-on-templates.sh | 0 stable/{buster-perl => debian-perl}/Dockerfile | 5 +++++ stable/{buster-perl => debian-perl}/docker-entrypoint.sh | 0 stable/{buster => debian}/10-listen-on-ipv6-by-default.sh | 0 stable/{buster => debian}/20-envsubst-on-templates.sh | 0 stable/{buster => debian}/Dockerfile | 5 +++++ stable/{buster => debian}/docker-entrypoint.sh | 0 20 files changed, 40 insertions(+) rename mainline/{buster-perl => debian-perl}/10-listen-on-ipv6-by-default.sh (100%) rename mainline/{buster-perl => debian-perl}/20-envsubst-on-templates.sh (100%) rename mainline/{buster-perl => debian-perl}/Dockerfile (98%) rename mainline/{buster-perl => debian-perl}/docker-entrypoint.sh (100%) rename mainline/{buster => debian}/10-listen-on-ipv6-by-default.sh (100%) rename mainline/{buster => debian}/20-envsubst-on-templates.sh (100%) rename mainline/{buster => debian}/Dockerfile (98%) rename mainline/{buster => debian}/docker-entrypoint.sh (100%) rename stable/{buster-perl => debian-perl}/10-listen-on-ipv6-by-default.sh (100%) rename stable/{buster-perl => debian-perl}/20-envsubst-on-templates.sh (100%) rename stable/{buster-perl => debian-perl}/Dockerfile (98%) rename stable/{buster-perl => debian-perl}/docker-entrypoint.sh (100%) rename stable/{buster => debian}/10-listen-on-ipv6-by-default.sh (100%) rename stable/{buster => debian}/20-envsubst-on-templates.sh (100%) rename stable/{buster => debian}/Dockerfile (98%) rename stable/{buster => debian}/docker-entrypoint.sh (100%) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 7e032074a..e0c54b80a 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -1,3 +1,8 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# FROM alpine:3.12 LABEL maintainer="NGINX Docker Maintainers " diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 19bf8d422..694870710 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -1,3 +1,8 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# FROM alpine:3.12 LABEL maintainer="NGINX Docker Maintainers " diff --git a/mainline/buster-perl/10-listen-on-ipv6-by-default.sh b/mainline/debian-perl/10-listen-on-ipv6-by-default.sh similarity index 100% rename from mainline/buster-perl/10-listen-on-ipv6-by-default.sh rename to mainline/debian-perl/10-listen-on-ipv6-by-default.sh diff --git a/mainline/buster-perl/20-envsubst-on-templates.sh b/mainline/debian-perl/20-envsubst-on-templates.sh similarity index 100% rename from mainline/buster-perl/20-envsubst-on-templates.sh rename to mainline/debian-perl/20-envsubst-on-templates.sh diff --git a/mainline/buster-perl/Dockerfile b/mainline/debian-perl/Dockerfile similarity index 98% rename from mainline/buster-perl/Dockerfile rename to mainline/debian-perl/Dockerfile index edba63dc7..7b34d369b 100644 --- a/mainline/buster-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -1,3 +1,8 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " diff --git a/mainline/buster-perl/docker-entrypoint.sh b/mainline/debian-perl/docker-entrypoint.sh similarity index 100% rename from mainline/buster-perl/docker-entrypoint.sh rename to mainline/debian-perl/docker-entrypoint.sh diff --git a/mainline/buster/10-listen-on-ipv6-by-default.sh b/mainline/debian/10-listen-on-ipv6-by-default.sh similarity index 100% rename from mainline/buster/10-listen-on-ipv6-by-default.sh rename to mainline/debian/10-listen-on-ipv6-by-default.sh diff --git a/mainline/buster/20-envsubst-on-templates.sh b/mainline/debian/20-envsubst-on-templates.sh similarity index 100% rename from mainline/buster/20-envsubst-on-templates.sh rename to mainline/debian/20-envsubst-on-templates.sh diff --git a/mainline/buster/Dockerfile b/mainline/debian/Dockerfile similarity index 98% rename from mainline/buster/Dockerfile rename to mainline/debian/Dockerfile index b3f07e4a4..34ff4e602 100644 --- a/mainline/buster/Dockerfile +++ b/mainline/debian/Dockerfile @@ -1,3 +1,8 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " diff --git a/mainline/buster/docker-entrypoint.sh b/mainline/debian/docker-entrypoint.sh similarity index 100% rename from mainline/buster/docker-entrypoint.sh rename to mainline/debian/docker-entrypoint.sh diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 7226df349..fcb7da5bf 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -1,3 +1,8 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 5eddcc294..1bf80d1f0 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -1,3 +1,8 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# FROM alpine:3.11 LABEL maintainer="NGINX Docker Maintainers " diff --git a/stable/buster-perl/10-listen-on-ipv6-by-default.sh b/stable/debian-perl/10-listen-on-ipv6-by-default.sh similarity index 100% rename from stable/buster-perl/10-listen-on-ipv6-by-default.sh rename to stable/debian-perl/10-listen-on-ipv6-by-default.sh diff --git a/stable/buster-perl/20-envsubst-on-templates.sh b/stable/debian-perl/20-envsubst-on-templates.sh similarity index 100% rename from stable/buster-perl/20-envsubst-on-templates.sh rename to stable/debian-perl/20-envsubst-on-templates.sh diff --git a/stable/buster-perl/Dockerfile b/stable/debian-perl/Dockerfile similarity index 98% rename from stable/buster-perl/Dockerfile rename to stable/debian-perl/Dockerfile index 2fea6ed0e..64a1cf0db 100644 --- a/stable/buster-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -1,3 +1,8 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " diff --git a/stable/buster-perl/docker-entrypoint.sh b/stable/debian-perl/docker-entrypoint.sh similarity index 100% rename from stable/buster-perl/docker-entrypoint.sh rename to stable/debian-perl/docker-entrypoint.sh diff --git a/stable/buster/10-listen-on-ipv6-by-default.sh b/stable/debian/10-listen-on-ipv6-by-default.sh similarity index 100% rename from stable/buster/10-listen-on-ipv6-by-default.sh rename to stable/debian/10-listen-on-ipv6-by-default.sh diff --git a/stable/buster/20-envsubst-on-templates.sh b/stable/debian/20-envsubst-on-templates.sh similarity index 100% rename from stable/buster/20-envsubst-on-templates.sh rename to stable/debian/20-envsubst-on-templates.sh diff --git a/stable/buster/Dockerfile b/stable/debian/Dockerfile similarity index 98% rename from stable/buster/Dockerfile rename to stable/debian/Dockerfile index 5b9123206..7cd94d525 100644 --- a/stable/buster/Dockerfile +++ b/stable/debian/Dockerfile @@ -1,3 +1,8 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " diff --git a/stable/buster/docker-entrypoint.sh b/stable/debian/docker-entrypoint.sh similarity index 100% rename from stable/buster/docker-entrypoint.sh rename to stable/debian/docker-entrypoint.sh From f836ba88de77f1b7c7d200c4c98625def7f7f102 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 18 Nov 2020 21:19:56 +0300 Subject: [PATCH 082/306] Updated generate-stackbrew-library.sh to pick up naming changes --- generate-stackbrew-library.sh | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 13e252de2..4ebadcb06 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -9,10 +9,9 @@ aliases=( self="$(basename "$BASH_SOURCE")" cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" -base=buster +base=debian -versions=( */ ) -versions=( "${versions[@]%/}" ) +versions=( mainline stable ) # get the most recent commit which modified any of "$@" fileCommit() { @@ -69,7 +68,7 @@ for version in "${versions[@]}"; do Directory: $version/$base EOE - for variant in buster-perl; do + for variant in debian-perl; do commit="$(dirCommit "$version/$variant")" variantAliases=( "${versionAliases[@]/%/-perl}" ) From 08d37de30259d48b54c06172ae09736b70734ac9 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 18 Nov 2020 21:23:14 +0300 Subject: [PATCH 083/306] debian: don't build arm64 packages since nginx.org provides them now --- Dockerfile-debian.template | 2 +- mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 2 +- stable/debian-perl/Dockerfile | 2 +- stable/debian/Dockerfile | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index ca89e8f99..e614aae1e 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -30,7 +30,7 @@ RUN set -x \ && nginxPackages="%%PACKAGES%% " \ && case "$dpkgArch" in \ - amd64|i386) \ + amd64|i386|arm64) \ # arches officialy built by upstream echo "deb %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 7b34d369b..5ff72afc4 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -41,7 +41,7 @@ RUN set -x \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ - amd64|i386) \ + amd64|i386|arm64) \ # arches officialy built by upstream echo "deb https://nginx.org/packages/mainline/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 34ff4e602..ab4595f63 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -40,7 +40,7 @@ RUN set -x \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ - amd64|i386) \ + amd64|i386|arm64) \ # arches officialy built by upstream echo "deb https://nginx.org/packages/mainline/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 64a1cf0db..a3cf34771 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -41,7 +41,7 @@ RUN set -x \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ - amd64|i386) \ + amd64|i386|arm64) \ # arches officialy built by upstream echo "deb https://nginx.org/packages/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 7cd94d525..b9cf7d16d 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -40,7 +40,7 @@ RUN set -x \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ - amd64|i386) \ + amd64|i386|arm64) \ # arches officialy built by upstream echo "deb https://nginx.org/packages/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ From 3fb70ddd7094c1fdd50cc83d432643dc10ab6243 Mon Sep 17 00:00:00 2001 From: Patrick Scheid Date: Tue, 24 Nov 2020 16:43:57 +0300 Subject: [PATCH 084/306] Use SIGQUIT instead of SIGTERM for graceful shutdown of nginx Fixes #377, #457 --- Dockerfile-alpine.template | 2 +- Dockerfile-debian.template | 2 +- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- stable/debian-perl/Dockerfile | 2 +- stable/debian/Dockerfile | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 56e62f36c..eb623c2e8 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -109,6 +109,6 @@ ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 -STOPSIGNAL SIGTERM +STOPSIGNAL SIGQUIT CMD ["nginx", "-g", "daemon off;"] diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index e614aae1e..8521d5a9e 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -100,6 +100,6 @@ ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 -STOPSIGNAL SIGTERM +STOPSIGNAL SIGQUIT CMD ["nginx", "-g", "daemon off;"] diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index e0c54b80a..1b5dfd073 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -120,6 +120,6 @@ ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 -STOPSIGNAL SIGTERM +STOPSIGNAL SIGQUIT CMD ["nginx", "-g", "daemon off;"] diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 694870710..dce93c6ba 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -119,6 +119,6 @@ ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 -STOPSIGNAL SIGTERM +STOPSIGNAL SIGQUIT CMD ["nginx", "-g", "daemon off;"] diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 5ff72afc4..1513ece81 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -111,6 +111,6 @@ ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 -STOPSIGNAL SIGTERM +STOPSIGNAL SIGQUIT CMD ["nginx", "-g", "daemon off;"] diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index ab4595f63..df444aea2 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -110,6 +110,6 @@ ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 -STOPSIGNAL SIGTERM +STOPSIGNAL SIGQUIT CMD ["nginx", "-g", "daemon off;"] diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index fcb7da5bf..d86c2ccd1 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -120,6 +120,6 @@ ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 -STOPSIGNAL SIGTERM +STOPSIGNAL SIGQUIT CMD ["nginx", "-g", "daemon off;"] diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 1bf80d1f0..bd34cfb1f 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -119,6 +119,6 @@ ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 -STOPSIGNAL SIGTERM +STOPSIGNAL SIGQUIT CMD ["nginx", "-g", "daemon off;"] diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index a3cf34771..9998d1321 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -111,6 +111,6 @@ ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 -STOPSIGNAL SIGTERM +STOPSIGNAL SIGQUIT CMD ["nginx", "-g", "daemon off;"] diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index b9cf7d16d..a4b6b7f07 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -110,6 +110,6 @@ ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 -STOPSIGNAL SIGTERM +STOPSIGNAL SIGQUIT CMD ["nginx", "-g", "daemon off;"] From c411fdefd6655144f6cdab425026a8a427adc273 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 24 Nov 2020 17:08:46 +0300 Subject: [PATCH 085/306] Updated mainline nginx to 1.19.5 --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 2 +- update.sh | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 1b5dfd073..513d7c6e8 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.12 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.4 +ENV NGINX_VERSION 1.19.5 ENV NJS_VERSION 0.4.4 ENV PKG_RELEASE 1 diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index dce93c6ba..5fc76efc7 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.12 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.4 +ENV NGINX_VERSION 1.19.5 ENV NJS_VERSION 0.4.4 ENV PKG_RELEASE 1 diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 1513ece81..2080b8446 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -7,7 +7,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.4 +ENV NGINX_VERSION 1.19.5 ENV NJS_VERSION 0.4.4 ENV PKG_RELEASE 1~buster diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index df444aea2..fd707c518 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,7 +7,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.4 +ENV NGINX_VERSION 1.19.5 ENV NJS_VERSION 0.4.4 ENV PKG_RELEASE 1~buster diff --git a/update.sh b/update.sh index e0606bd0e..285d6553e 100755 --- a/update.sh +++ b/update.sh @@ -10,7 +10,7 @@ declare branches=( ) declare -A nginx=( - [mainline]='1.19.4' + [mainline]='1.19.5' [stable]='1.18.0' ) From 3d618e31dedbc8a5c817c4dfc9d300f3e570b5a4 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 4 Dec 2020 19:03:58 +0300 Subject: [PATCH 086/306] Added a script to simplify images mirroring to AWS ECR --- sync-awsecr.sh | 154 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 154 insertions(+) create mode 100755 sync-awsecr.sh diff --git a/sync-awsecr.sh b/sync-awsecr.sh new file mode 100755 index 000000000..f9746f012 --- /dev/null +++ b/sync-awsecr.sh @@ -0,0 +1,154 @@ +#!/bin/bash +set -eu + +image="nginx" +registry="public.ecr.aws/z9d2n7e1" + +declare -A aliases +aliases=( + [mainline]='1 1.19 latest' + [stable]='1.18' +) + +architectures=( amd64 arm64v8 ) + +self="$(basename "$BASH_SOURCE")" +cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" +base=debian + +versions=( mainline stable ) + +pulllist=() +declare -A taglist +taglist=() + +# get the most recent commit which modified any of "$@" +fileCommit() { + git log -1 --format='format:%H' HEAD -- "$@" +} + +# get the most recent commit which modified "$1/Dockerfile" or any file COPY'd from "$1/Dockerfile" +dirCommit() { + local dir="$1"; shift + ( + cd "$dir" + fileCommit \ + Dockerfile \ + $(git show HEAD:./Dockerfile | awk ' + toupper($1) == "COPY" { + for (i = 2; i < NF; i++) { + print $i + } + } + ') + ) +} + +# prints "$2$1$3$1...$N" +join() { + local sep="$1"; shift + local out; printf -v out "${sep//%/%%}%s" "$@" + echo "${out#$sep}" +} + +for version in "${versions[@]}"; do + commit="$(dirCommit "$version/$base")" + fullVersion="$(git show "$commit":"$version/$base/Dockerfile" | awk '$1 == "ENV" && $2 == "NGINX_VERSION" { print $3; exit }')" + pulllist+=( "$image:$fullVersion" ) + for variant in perl alpine alpine-perl; do + pulllist+=( "$image:$fullVersion-$variant" ) + done +done + +for version in "${versions[@]}"; do + commit="$(dirCommit "$version/$base")" + + fullVersion="$(git show "$commit":"$version/$base/Dockerfile" | awk '$1 == "ENV" && $2 == "NGINX_VERSION" { print $3; exit }')" + + versionAliases=( $fullVersion ) + if [ "$version" != "$fullVersion" ]; then + versionAliases+=( $version ) + fi + versionAliases+=( ${aliases[$version]:-} ) + + for tag in ${versionAliases[@]:1}; do + taglist["$image:$tag"]="$image:$fullVersion" + done + + for variant in debian-perl; do + variantAliases=( "${versionAliases[@]/%/-perl}" ) + variantAliases=( "${variantAliases[@]//latest-/}" ) + + for tag in ${variantAliases[@]}; do + if [ "$tag" != "${fullVersion}-perl" ]; then + taglist["$image:$tag"]="$image:$fullVersion-perl" + fi + done + done + + for variant in alpine alpine-perl; do + commit="$(dirCommit "$version/$variant")" + + variantAliases=( "${versionAliases[@]/%/-$variant}" ) + variantAliases=( "${variantAliases[@]//latest-/}" ) + + for tag in ${variantAliases[@]}; do + if [ "$tag" != "${fullVersion}-$variant" ]; then + taglist["$image:$tag"]="$image:${fullVersion}-$variant" + fi + done + done + +done + +echo "#!/bin/sh" +echo "set -ex" +echo +echo "export DOCKER_CLI_EXPERIMENTAL=enabled" +echo +echo "# pulling stuff" +for arch in ${architectures[@]}; do +for tag in ${pulllist[@]}; do + echo "docker pull $arch/$tag"; +done +done + +echo + +echo "# tagging stuff" + +for arch in ${architectures[@]}; do +for tag in ${pulllist[@]}; do + echo "docker tag $arch/$tag $registry/$tag-$arch" +done +for tag in ${!taglist[@]}; do + echo "docker tag $arch/${taglist[$tag]} $registry/$tag-$arch" +done +done + +echo "# pushing stuff" + +for arch in ${architectures[@]}; do +for tag in ${pulllist[@]}; do + echo "docker push $registry/$tag-$arch" +done +for tag in ${!taglist[@]}; do + echo "docker push $registry/$tag-$arch" +done +done + +echo +echo "# manifesting stuff" +for tag in ${pulllist[@]} ${!taglist[@]}; do + string="docker manifest create --amend $registry/$tag" + for arch in ${architectures[@]}; do + string+=" $registry/$tag-$arch" + done + echo $string +done + +echo +echo "# pushing manifests" +for tag in ${pulllist[@]} ${!taglist[@]}; do + echo "docker manifest push --purge $registry/$tag" +done From 14e73942f37a7f4c1eb886a28b1e183555b4eacd Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 15 Dec 2020 17:37:27 +0300 Subject: [PATCH 087/306] 10-liste-on-ipv6-by-default: use "info" instead of error By popular request in https://github.com/nginxinc/docker-nginx/issues/419 --- entrypoint/10-listen-on-ipv6-by-default.sh | 14 +++++++------- .../alpine-perl/10-listen-on-ipv6-by-default.sh | 14 +++++++------- mainline/alpine/10-listen-on-ipv6-by-default.sh | 14 +++++++------- .../debian-perl/10-listen-on-ipv6-by-default.sh | 14 +++++++------- mainline/debian/10-listen-on-ipv6-by-default.sh | 14 +++++++------- stable/alpine-perl/10-listen-on-ipv6-by-default.sh | 14 +++++++------- stable/alpine/10-listen-on-ipv6-by-default.sh | 14 +++++++------- stable/debian-perl/10-listen-on-ipv6-by-default.sh | 14 +++++++------- stable/debian/10-listen-on-ipv6-by-default.sh | 14 +++++++------- 9 files changed, 63 insertions(+), 63 deletions(-) diff --git a/entrypoint/10-listen-on-ipv6-by-default.sh b/entrypoint/10-listen-on-ipv6-by-default.sh index 832918a27..9585152ba 100755 --- a/entrypoint/10-listen-on-ipv6-by-default.sh +++ b/entrypoint/10-listen-on-ipv6-by-default.sh @@ -8,17 +8,17 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: error: ipv6 not available" + echo >&3 "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } @@ -26,11 +26,11 @@ grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: error: can not guess the operating system" + echo >&3 "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" +echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") @@ -48,7 +48,7 @@ case "$ID" in } ;; *) - echo >&3 "$ME: error: Unsupported distribution" + echo >&3 "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +56,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh index 832918a27..9585152ba 100755 --- a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -8,17 +8,17 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: error: ipv6 not available" + echo >&3 "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } @@ -26,11 +26,11 @@ grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: error: can not guess the operating system" + echo >&3 "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" +echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") @@ -48,7 +48,7 @@ case "$ID" in } ;; *) - echo >&3 "$ME: error: Unsupported distribution" + echo >&3 "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +56,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/mainline/alpine/10-listen-on-ipv6-by-default.sh b/mainline/alpine/10-listen-on-ipv6-by-default.sh index 832918a27..9585152ba 100755 --- a/mainline/alpine/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine/10-listen-on-ipv6-by-default.sh @@ -8,17 +8,17 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: error: ipv6 not available" + echo >&3 "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } @@ -26,11 +26,11 @@ grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: error: can not guess the operating system" + echo >&3 "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" +echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") @@ -48,7 +48,7 @@ case "$ID" in } ;; *) - echo >&3 "$ME: error: Unsupported distribution" + echo >&3 "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +56,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/mainline/debian-perl/10-listen-on-ipv6-by-default.sh b/mainline/debian-perl/10-listen-on-ipv6-by-default.sh index 832918a27..9585152ba 100755 --- a/mainline/debian-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/debian-perl/10-listen-on-ipv6-by-default.sh @@ -8,17 +8,17 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: error: ipv6 not available" + echo >&3 "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } @@ -26,11 +26,11 @@ grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: error: can not guess the operating system" + echo >&3 "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" +echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") @@ -48,7 +48,7 @@ case "$ID" in } ;; *) - echo >&3 "$ME: error: Unsupported distribution" + echo >&3 "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +56,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/mainline/debian/10-listen-on-ipv6-by-default.sh b/mainline/debian/10-listen-on-ipv6-by-default.sh index 832918a27..9585152ba 100755 --- a/mainline/debian/10-listen-on-ipv6-by-default.sh +++ b/mainline/debian/10-listen-on-ipv6-by-default.sh @@ -8,17 +8,17 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: error: ipv6 not available" + echo >&3 "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } @@ -26,11 +26,11 @@ grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: error: can not guess the operating system" + echo >&3 "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" +echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") @@ -48,7 +48,7 @@ case "$ID" in } ;; *) - echo >&3 "$ME: error: Unsupported distribution" + echo >&3 "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +56,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh index 832918a27..9585152ba 100755 --- a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -8,17 +8,17 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: error: ipv6 not available" + echo >&3 "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } @@ -26,11 +26,11 @@ grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: error: can not guess the operating system" + echo >&3 "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" +echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") @@ -48,7 +48,7 @@ case "$ID" in } ;; *) - echo >&3 "$ME: error: Unsupported distribution" + echo >&3 "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +56,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/stable/alpine/10-listen-on-ipv6-by-default.sh b/stable/alpine/10-listen-on-ipv6-by-default.sh index 832918a27..9585152ba 100755 --- a/stable/alpine/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine/10-listen-on-ipv6-by-default.sh @@ -8,17 +8,17 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: error: ipv6 not available" + echo >&3 "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } @@ -26,11 +26,11 @@ grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: error: can not guess the operating system" + echo >&3 "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" +echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") @@ -48,7 +48,7 @@ case "$ID" in } ;; *) - echo >&3 "$ME: error: Unsupported distribution" + echo >&3 "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +56,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/stable/debian-perl/10-listen-on-ipv6-by-default.sh b/stable/debian-perl/10-listen-on-ipv6-by-default.sh index 832918a27..9585152ba 100755 --- a/stable/debian-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/debian-perl/10-listen-on-ipv6-by-default.sh @@ -8,17 +8,17 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: error: ipv6 not available" + echo >&3 "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } @@ -26,11 +26,11 @@ grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: error: can not guess the operating system" + echo >&3 "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" +echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") @@ -48,7 +48,7 @@ case "$ID" in } ;; *) - echo >&3 "$ME: error: Unsupported distribution" + echo >&3 "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +56,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/stable/debian/10-listen-on-ipv6-by-default.sh b/stable/debian/10-listen-on-ipv6-by-default.sh index 832918a27..9585152ba 100755 --- a/stable/debian/10-listen-on-ipv6-by-default.sh +++ b/stable/debian/10-listen-on-ipv6-by-default.sh @@ -8,17 +8,17 @@ DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: error: ipv6 not available" + echo >&3 "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: error: /$DEFAULT_CONF_FILE is not a file or does not exist" + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: error: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } @@ -26,11 +26,11 @@ grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: error: can not guess the operating system" + echo >&3 "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: Getting the checksum of /$DEFAULT_CONF_FILE" +echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") @@ -48,7 +48,7 @@ case "$ID" in } ;; *) - echo >&3 "$ME: error: Unsupported distribution" + echo >&3 "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +56,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 From 41156d8a36bd03b2fb36353ba31f16ada08d9e48 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 15 Dec 2020 18:40:46 +0300 Subject: [PATCH 088/306] Updated mainline nginx to 1.19.6 and njs to 0.5.0 --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 4 ++-- update.sh | 6 +++--- 5 files changed, 11 insertions(+), 11 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 513d7c6e8..53269308a 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.12 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.5 -ENV NJS_VERSION 0.4.4 +ENV NGINX_VERSION 1.19.6 +ENV NJS_VERSION 0.5.0 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 5fc76efc7..deafec089 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.12 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.5 -ENV NJS_VERSION 0.4.4 +ENV NGINX_VERSION 1.19.6 +ENV NJS_VERSION 0.5.0 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 2080b8446..1f818c940 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -7,8 +7,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.5 -ENV NJS_VERSION 0.4.4 +ENV NGINX_VERSION 1.19.6 +ENV NJS_VERSION 0.5.0 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index fd707c518..43d697015 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.5 -ENV NJS_VERSION 0.4.4 +ENV NGINX_VERSION 1.19.6 +ENV NJS_VERSION 0.5.0 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/update.sh b/update.sh index 285d6553e..828859fd1 100755 --- a/update.sh +++ b/update.sh @@ -10,13 +10,13 @@ declare branches=( ) declare -A nginx=( - [mainline]='1.19.5' + [mainline]='1.19.6' [stable]='1.18.0' ) -defaultnjs='0.4.4' +defaultnjs='0.5.0' declare -A njs=( - #[stable]='0.4.3' + [stable]='0.4.4' ) defaultpkg='1' From fc5d895ad72b9d91162a8075197d0f7cadbbb197 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 2 Nov 2020 13:06:43 +0300 Subject: [PATCH 089/306] Provided a way to install third-party modules in a sane manner --- modules/Dockerfile | 67 +++++++++++++++++++++++++++++++ modules/Dockerfile.alpine | 67 +++++++++++++++++++++++++++++++ modules/README.md | 83 +++++++++++++++++++++++++++++++++++++++ modules/echo/build-deps | 1 + modules/echo/prebuild | 12 ++++++ modules/echo/source | 1 + 6 files changed, 231 insertions(+) create mode 100644 modules/Dockerfile create mode 100644 modules/Dockerfile.alpine create mode 100644 modules/README.md create mode 100644 modules/echo/build-deps create mode 100755 modules/echo/prebuild create mode 100644 modules/echo/source diff --git a/modules/Dockerfile b/modules/Dockerfile new file mode 100644 index 000000000..9ea6df85a --- /dev/null +++ b/modules/Dockerfile @@ -0,0 +1,67 @@ +FROM nginx:mainline as builder + +ARG ENABLED_MODULES + +RUN set -ex \ + && if [ "$ENABLED_MODULES" = "" ]; then \ + echo "No additional modules enabled, exiting"; \ + exit 1; \ + fi + +COPY ./ /modules/ + +RUN set -ex \ + && apt update \ + && apt install -y --no-install-suggests --no-install-recommends \ + patch make wget mercurial devscripts debhelper dpkg-dev \ + quilt lsb-release build-essential libxml2-utils xsltproc \ + equivs git g++ \ + && hg clone https://hg.nginx.org/pkg-oss/ \ + && cd pkg-oss \ + && mkdir /tmp/packages \ + && for module in $ENABLED_MODULES; do \ + echo "Building $module for nginx-$NGINX_VERSION"; \ + if [ -d /modules/$module ]; then \ + echo "Building $module from user-supplied sources"; \ + # check if module sources file is there and not empty + if [ ! -s /modules/$module/source ]; then \ + echo "No source file for $module in modules/$module/source, exiting"; \ + exit 1; \ + fi; \ + # some modules require build dependencies + if [ -f /modules/$module/build-deps ]; then \ + echo "Installing $module build dependencies"; \ + apt update && apt install -y --no-install-suggests --no-install-recommends $(cat /modules/$module/build-deps | xargs); \ + fi; \ + # if a module has a build dependency that is not in a distro, provide a + # shell script to fetch/build/install those + # note that shared libraries produced as a result of this script will + # not be copied from the builder image to the main one so build static + if [ -x /modules/$module/prebuild ]; then \ + echo "Running prebuild script for $module"; \ + /modules/$module/prebuild; \ + fi; \ + /pkg-oss/build_module.sh -v $NGINX_VERSION -f -y -o /tmp/packages -n $module $(cat /modules/$module/source); \ + elif make -C /pkg-oss/debian list | grep -P "^$module\s+\d" > /dev/null; then \ + echo "Building $module from pkg-oss sources"; \ + cd /pkg-oss/debian; \ + make rules-module-$module BASE_VERSION=$NGINX_VERSION; \ + mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" debuild-module-$module/nginx-$NGINX_VERSION/debian/control; \ + make module-$module BASE_VERSION=$NGINX_VERSION; \ + find ../../ -maxdepth 1 -mindepth 1 -type f -name "*.deb" -exec mv -v {} /tmp/packages/ \;; \ + else \ + echo "Don't know how to build $module module, exiting"; \ + exit 1; \ + fi; \ + done + +FROM nginx:mainline +ARG ENABLED_MODULES +COPY --from=builder /tmp/packages /tmp/packages +RUN set -ex \ + && apt update \ + && for module in $ENABLED_MODULES; do \ + apt install --no-install-suggests --no-install-recommends -y /tmp/packages/nginx-module-${module}_${NGINX_VERSION}*.deb; \ + done \ + && rm -rf /tmp/packages \ + && rm -rf /var/lib/apt/lists/ diff --git a/modules/Dockerfile.alpine b/modules/Dockerfile.alpine new file mode 100644 index 000000000..b2b8b3e3f --- /dev/null +++ b/modules/Dockerfile.alpine @@ -0,0 +1,67 @@ +FROM nginx:mainline-alpine as builder + +ARG ENABLED_MODULES + +RUN set -ex \ + && if [ "$ENABLED_MODULES" = "" ]; then \ + echo "No additional modules enabled, exiting"; \ + exit 1; \ + fi + +COPY ./ /modules/ + +RUN set -ex \ + && apk update \ + && apk add linux-headers openssl-dev pcre-dev zlib-dev openssl abuild \ + musl-dev libxslt libxml2-utils make mercurial gcc unzip git \ + xz g++ \ + # allow abuild as a root user \ + && printf "#!/bin/sh\\n/usr/bin/abuild -F \"\$@\"\\n" > /usr/local/bin/abuild \ + && chmod +x /usr/local/bin/abuild \ + && hg clone https://hg.nginx.org/pkg-oss/ \ + && cd pkg-oss \ + && mkdir /tmp/packages \ + && for module in $ENABLED_MODULES; do \ + echo "Building $module for nginx-$NGINX_VERSION"; \ + if [ -d /modules/$module ]; then \ + echo "Building $module from user-supplied sources"; \ + # check if module sources file is there and not empty + if [ ! -s /modules/$module/source ]; then \ + echo "No source file for $module in modules/$module/source, exiting"; \ + exit 1; \ + fi; \ + # some modules require build dependencies + if [ -f /modules/$module/build-deps ]; then \ + echo "Installing $module build dependencies"; \ + apk update && apk add $(cat /modules/$module/build-deps | xargs); \ + fi; \ + # if a module has a build dependency that is not in a distro, provide a + # shell script to fetch/build/install those + # note that shared libraries produced as a result of this script will + # not be copied from the builder image to the main one so build static + if [ -x /modules/$module/prebuild ]; then \ + echo "Running prebuild script for $module"; \ + /modules/$module/prebuild; \ + fi; \ + /pkg-oss/build_module.sh -v $NGINX_VERSION -f -y -o /tmp/packages -n $module $(cat /modules/$module/source); \ + elif make -C /pkg-oss/alpine list | grep -E "^$module\s+\d+" > /dev/null; then \ + echo "Building $module from pkg-oss sources"; \ + cd /pkg-oss/alpine; \ + make abuild-module-$module BASE_VERSION=$NGINX_VERSION; \ + apk add $(. ./abuild-module-$module/APKBUILD; echo $makedepends;); \ + make module-$module BASE_VERSION=$NGINX_VERSION; \ + find ~/packages -type f -name "*.apk" -exec mv -v {} /tmp/packages/ \;; \ + else \ + echo "Don't know how to build $module module, exiting"; \ + exit 1; \ + fi; \ + done + +FROM nginx:mainline-alpine +ARG ENABLED_MODULES +COPY --from=builder /tmp/packages /tmp/packages +RUN set -ex \ + && for module in $ENABLED_MODULES; do \ + apk add --no-cache --allow-untrusted /tmp/packages/nginx-module-${module}-${NGINX_VERSION}*.apk; \ + done \ + && rm -rf /tmp/packages diff --git a/modules/README.md b/modules/README.md new file mode 100644 index 000000000..8680022eb --- /dev/null +++ b/modules/README.md @@ -0,0 +1,83 @@ +# Adding third-party modules to nginx official image + +It's possible to extend a mainline image with third-party modules either from +your own instuctions following a simple filesystem layout/syntax using +`build_module.sh` helper script, or failing back to package sources from +`https://hg.nginx.org/pkg-oss`. + +## Usage + +``` +$ docker build --build-arg ENABLED_MODULES="ndk lua" -t my-nginx-with-lua . +``` +This command will attempt to build an image called `my-nginx-with-lua` based on +official nginx docker hub image with two modules: `ndk` and `lua`. +By default, a Debian-based image will be used. If you wish to use Alpine +instead, add `-f Dockerfile.alpine` to the command line. + +The build script will look for module build definition files on filesystem +directory under the same name as the module (and resulting package) and if +those are not found will try to look up requested modules in the pkg-oss +repository. + +For well-known modules we maintain a set of build sources packages over at +`pkg-oss`, so it's probably a good idea to rely on those instead of providing +your own implementation. + +As of the time of writing this README, the following modules and their versions +are available from `pkg-oss` repository: + +``` +/pkg-oss $ LC_ALL=C make -C debian list-all-modules +make: Entering directory '/pkg-oss/debian' +brotli 1.0.0-1 +encrypted-session 0.08-1 +geoip 1.19.6-1 +geoip2 3.3-1 +headers-more 0.33-1 +image-filter 1.19.6-1 +lua 0.10.19-1 +modsecurity 1.0.1-1 +ndk 0.3.1-1 +njs 0.5.0-1 +opentracing 0.10.0-1 +passenger 6.0.6-1 +perl 1.19.6-1 +rtmp 1.2.1-1 +set-misc 0.32-1 +subs-filter 0.6.4-1 +xslt 1.19.6-1 +make: Leaving directory '/pkg-oss/debian' +``` + +If you still want to provide your own instructions for a specific module, +organize the build directory in a following way, e.g. for `echo` module: + +``` +docker-nginx/modules $ tree echo +echo +├── build-deps +├── prebuild +└── source + +0 directories, 3 files +``` + +The scripts expect one file to always exist for a module you wish to build +manually: `source`. It should contain a link to a zip/tarball source code of a +module you want to build. In `build-deps` you can specify build dependencies +for a module as found in Debian or Alpine repositories. `prebuild` is a shell +script (make it `chmod +x prebuild`!) that will be executed prior to building +the module but after installing the dependencies, so it can be used to install +additional build dependencies if they are not available from Debian or Alpine. +Keep in mind that those dependencies wont be automatically copied to the +resulting image and if you're building a library, build it statically. + +Once the build is done in the builder image, the built packages are copied over +to resulting image and installed via apt/apk. The resulting image will be +tagged and can be used the same way as an official docker hub image. + +Note that we can not provide any support for those modifications and in no way +guarantee they will work as nice as a build without third-party modules. If +you encounter any issues running your image with the modules enabled, please +reproduce with a vanilla image first. diff --git a/modules/echo/build-deps b/modules/echo/build-deps new file mode 100644 index 000000000..1ccfbc2f4 --- /dev/null +++ b/modules/echo/build-deps @@ -0,0 +1 @@ +make gcc diff --git a/modules/echo/prebuild b/modules/echo/prebuild new file mode 100755 index 000000000..cd2864b05 --- /dev/null +++ b/modules/echo/prebuild @@ -0,0 +1,12 @@ +#!/bin/sh + +# if a module has a build dependency that is not in debian/alpine +# use this script to fetch/build/install them +# +# note that shared libraries produced as a result of this script will +# not be copied from the builder image to the resulting one, so you need to +# build them statically + +echo "No prebuild stage required - all dependencies are satisfied already!" + +exit 0 diff --git a/modules/echo/source b/modules/echo/source new file mode 100644 index 000000000..3a6ad274d --- /dev/null +++ b/modules/echo/source @@ -0,0 +1 @@ +https://github.com/openresty/echo-nginx-module/archive/v0.62.tar.gz From 734e1de30709e375e1b7176d0601d55f840e96ec Mon Sep 17 00:00:00 2001 From: J0WI Date: Fri, 29 Jan 2021 22:49:09 +0100 Subject: [PATCH 090/306] Alpine 3.13 --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- update.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 53269308a..ae3b6ba2c 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.12 +FROM alpine:3.13 LABEL maintainer="NGINX Docker Maintainers " diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index deafec089..11eeab8da 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.12 +FROM alpine:3.13 LABEL maintainer="NGINX Docker Maintainers " diff --git a/update.sh b/update.sh index 828859fd1..49ec3c878 100755 --- a/update.sh +++ b/update.sh @@ -29,7 +29,7 @@ declare -A debian=( #[stable]='stretch' ) -defaultalpine='3.12' +defaultalpine='3.13' declare -A alpine=( [stable]='3.11' ) From 5c93520500b222f6a735a5ea9838cd37c3d867c6 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 1 Feb 2021 12:42:14 +0300 Subject: [PATCH 091/306] docker-entrypoint: use natural sort for scripts to launch Fixes #489. --- entrypoint/docker-entrypoint.sh | 2 +- mainline/alpine-perl/docker-entrypoint.sh | 2 +- mainline/alpine/docker-entrypoint.sh | 2 +- mainline/debian-perl/docker-entrypoint.sh | 2 +- mainline/debian/docker-entrypoint.sh | 2 +- stable/alpine-perl/docker-entrypoint.sh | 2 +- stable/alpine/docker-entrypoint.sh | 2 +- stable/debian-perl/docker-entrypoint.sh | 2 +- stable/debian/docker-entrypoint.sh | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/entrypoint/docker-entrypoint.sh b/entrypoint/docker-entrypoint.sh index 88732541b..72d5cd94e 100755 --- a/entrypoint/docker-entrypoint.sh +++ b/entrypoint/docker-entrypoint.sh @@ -14,7 +14,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do + find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then diff --git a/mainline/alpine-perl/docker-entrypoint.sh b/mainline/alpine-perl/docker-entrypoint.sh index 88732541b..72d5cd94e 100755 --- a/mainline/alpine-perl/docker-entrypoint.sh +++ b/mainline/alpine-perl/docker-entrypoint.sh @@ -14,7 +14,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do + find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then diff --git a/mainline/alpine/docker-entrypoint.sh b/mainline/alpine/docker-entrypoint.sh index 88732541b..72d5cd94e 100755 --- a/mainline/alpine/docker-entrypoint.sh +++ b/mainline/alpine/docker-entrypoint.sh @@ -14,7 +14,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do + find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then diff --git a/mainline/debian-perl/docker-entrypoint.sh b/mainline/debian-perl/docker-entrypoint.sh index 88732541b..72d5cd94e 100755 --- a/mainline/debian-perl/docker-entrypoint.sh +++ b/mainline/debian-perl/docker-entrypoint.sh @@ -14,7 +14,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do + find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then diff --git a/mainline/debian/docker-entrypoint.sh b/mainline/debian/docker-entrypoint.sh index 88732541b..72d5cd94e 100755 --- a/mainline/debian/docker-entrypoint.sh +++ b/mainline/debian/docker-entrypoint.sh @@ -14,7 +14,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do + find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then diff --git a/stable/alpine-perl/docker-entrypoint.sh b/stable/alpine-perl/docker-entrypoint.sh index 88732541b..72d5cd94e 100755 --- a/stable/alpine-perl/docker-entrypoint.sh +++ b/stable/alpine-perl/docker-entrypoint.sh @@ -14,7 +14,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do + find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then diff --git a/stable/alpine/docker-entrypoint.sh b/stable/alpine/docker-entrypoint.sh index 88732541b..72d5cd94e 100755 --- a/stable/alpine/docker-entrypoint.sh +++ b/stable/alpine/docker-entrypoint.sh @@ -14,7 +14,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do + find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then diff --git a/stable/debian-perl/docker-entrypoint.sh b/stable/debian-perl/docker-entrypoint.sh index 88732541b..72d5cd94e 100755 --- a/stable/debian-perl/docker-entrypoint.sh +++ b/stable/debian-perl/docker-entrypoint.sh @@ -14,7 +14,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do + find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then diff --git a/stable/debian/docker-entrypoint.sh b/stable/debian/docker-entrypoint.sh index 88732541b..72d5cd94e 100755 --- a/stable/debian/docker-entrypoint.sh +++ b/stable/debian/docker-entrypoint.sh @@ -14,7 +14,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -n | while read -r f; do + find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then From 2f2859121ae8b0ccf8e9111bf252787a24ad372c Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 1 Feb 2021 13:13:17 +0300 Subject: [PATCH 092/306] README: mentioned nginx.org changelog Fixes #491 --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 7adf25f3d..5fa769cb4 100644 --- a/README.md +++ b/README.md @@ -7,3 +7,4 @@ regarding contributing and issues. The full readme is generated over in [docker-library/docs](https://github.com/docker-library/docs), specifically in [docker-library/docs/nginx](https://github.com/docker-library/docs/tree/master/nginx). +The changelog for NGINX releases is available at [nginx.org changes page](https://nginx.org/en/CHANGES). From 2b064090d1ebb724865ce7e6f4b6cc64c4c5cd6e Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 25 Nov 2020 21:41:08 +0300 Subject: [PATCH 093/306] Introduced an entrypoint script to autotune the number of worker processes The script is a no-op bye default, you would need to enable its logic by setting an NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE variable to any value. The script then tries to get the following values: - getconf _NPROCESSORS_ONLN - the amount of cpus from cpuset cgroupv1 - the quotas from cpu/cpuacct cgroupv1 - the amount of cpus from cgroupv2 - the quotas from cgroupv2 The lowest of all five is then applied to nginx.conf. Fixes #472 --- Dockerfile-alpine.template | 1 + Dockerfile-debian.template | 1 + entrypoint/30-tune-worker-processes.sh | 194 ++++++++++++++++++ .../alpine-perl/30-tune-worker-processes.sh | 194 ++++++++++++++++++ mainline/alpine-perl/Dockerfile | 1 + mainline/alpine/30-tune-worker-processes.sh | 194 ++++++++++++++++++ mainline/alpine/Dockerfile | 1 + .../debian-perl/30-tune-worker-processes.sh | 194 ++++++++++++++++++ mainline/debian-perl/Dockerfile | 1 + mainline/debian/30-tune-worker-processes.sh | 194 ++++++++++++++++++ mainline/debian/Dockerfile | 1 + .../alpine-perl/30-tune-worker-processes.sh | 194 ++++++++++++++++++ stable/alpine-perl/Dockerfile | 1 + stable/alpine/30-tune-worker-processes.sh | 194 ++++++++++++++++++ stable/alpine/Dockerfile | 1 + .../debian-perl/30-tune-worker-processes.sh | 194 ++++++++++++++++++ stable/debian-perl/Dockerfile | 1 + stable/debian/30-tune-worker-processes.sh | 194 ++++++++++++++++++ stable/debian/Dockerfile | 1 + 19 files changed, 1756 insertions(+) create mode 100755 entrypoint/30-tune-worker-processes.sh create mode 100755 mainline/alpine-perl/30-tune-worker-processes.sh create mode 100755 mainline/alpine/30-tune-worker-processes.sh create mode 100755 mainline/debian-perl/30-tune-worker-processes.sh create mode 100755 mainline/debian/30-tune-worker-processes.sh create mode 100755 stable/alpine-perl/30-tune-worker-processes.sh create mode 100755 stable/alpine/30-tune-worker-processes.sh create mode 100755 stable/debian-perl/30-tune-worker-processes.sh create mode 100755 stable/debian/30-tune-worker-processes.sh diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index eb623c2e8..1ce4411ab 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -105,6 +105,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d COPY 20-envsubst-on-templates.sh /docker-entrypoint.d +COPY 30-tune-worker-processes.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 8521d5a9e..91b7cf78c 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -96,6 +96,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d COPY 20-envsubst-on-templates.sh /docker-entrypoint.d +COPY 30-tune-worker-processes.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/entrypoint/30-tune-worker-processes.sh b/entrypoint/30-tune-worker-processes.sh new file mode 100755 index 000000000..4adb0432d --- /dev/null +++ b/entrypoint/30-tune-worker-processes.sh @@ -0,0 +1,194 @@ +#!/bin/sh +# vim:sw=2:ts=2:sts=2:et + +set -eu + +LC_ALL=C +ME=$( basename "$0" ) +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 + +touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } + +ceildiv() { + num=$1 + div=$2 + echo $(( (num + div - 1) / div )) +} + +get_cpuset() { + cpusetroot=$1 + cpusetfile=$2 + ncpu=0 + [ -f "$cpusetroot/$cpusetfile" ] || return + for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do + case "$token" in + *-*) + count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) + ncpu=$(( ncpu+count )) + ;; + *) + ncpu=$(( ncpu+1 )) + ;; + esac + done + echo "$ncpu" +} + +get_quota() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return + [ -f "$cpuroot/cpu.cfs_period_us" ] || return + cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) + cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) + [ "$cfs_quota" = "-1" ] && return + [ "$cfs_period" = "0" ] && return + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return + echo "$ncpu" +} + +get_quota_v2() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.max" ] || return + cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) + cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) + [ "$cfs_quota" = "max" ] && return + [ "$cfs_period" = "0" ] && return + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return + echo "$ncpu" +} + +get_cgroup_v1_path() { + needle=$1 + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return + [ -r "/proc/self/cgroup" ] || return + + while IFS= read -r line; do + case "$needle" in + "cpuset") + case "$line" in + *cpuset*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + ;; + esac + ;; + "cpu") + case "$line" in + *cpuset*) + ;; + *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + ;; + esac + esac + done << __EOF__ +$( grep -F -- '- cgroup ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + controller=$( echo "$line" | cut -d: -f 2 ) + case "$needle" in + "cpuset") + case "$controller" in + cpuset) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + ;; + esac + ;; + "cpu") + case "$controller" in + cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + ;; + esac + ;; + esac +done << __EOF__ +$( grep -F -- 'cpu' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +get_cgroup_v2_path() { + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return + [ -r "/proc/self/cgroup" ] || return + + while IFS= read -r line; do + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + done << __EOF__ +$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + mountpoint=$( echo "$line" | cut -d: -f 3 ) +done << __EOF__ +$( grep -F -- '0::' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "") + return + ;; + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +ncpu_online=$( getconf _NPROCESSORS_ONLN ) +ncpu_cpuset= +ncpu_quota= +ncpu_cpuset_v2= +ncpu_quota_v2= + +cpuset=$( get_cgroup_v1_path "cpuset" ) +[ "$cpuset" ] && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) +[ "$ncpu_cpuset" ] || ncpu_cpuset=$ncpu_online + +cpu=$( get_cgroup_v1_path "cpu" ) +[ "$cpu" ] && ncpu_quota=$( get_quota "$cpu" ) +[ "$ncpu_quota" ] || ncpu_quota=$ncpu_online + +cgroup_v2=$( get_cgroup_v2_path ) +[ "$cgroup_v2" ] && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) +[ "$ncpu_cpuset_v2" ] || ncpu_cpuset_v2=$ncpu_online + +[ "$cgroup_v2" ] && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) +[ "$ncpu_quota_v2" ] || ncpu_quota_v2=$ncpu_online + +ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ + "$ncpu_online" \ + "$ncpu_cpuset" \ + "$ncpu_quota" \ + "$ncpu_cpuset_v2" \ + "$ncpu_quota_v2" \ + | sort -n \ + | head -n 1 ) + +sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/mainline/alpine-perl/30-tune-worker-processes.sh b/mainline/alpine-perl/30-tune-worker-processes.sh new file mode 100755 index 000000000..4adb0432d --- /dev/null +++ b/mainline/alpine-perl/30-tune-worker-processes.sh @@ -0,0 +1,194 @@ +#!/bin/sh +# vim:sw=2:ts=2:sts=2:et + +set -eu + +LC_ALL=C +ME=$( basename "$0" ) +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 + +touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } + +ceildiv() { + num=$1 + div=$2 + echo $(( (num + div - 1) / div )) +} + +get_cpuset() { + cpusetroot=$1 + cpusetfile=$2 + ncpu=0 + [ -f "$cpusetroot/$cpusetfile" ] || return + for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do + case "$token" in + *-*) + count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) + ncpu=$(( ncpu+count )) + ;; + *) + ncpu=$(( ncpu+1 )) + ;; + esac + done + echo "$ncpu" +} + +get_quota() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return + [ -f "$cpuroot/cpu.cfs_period_us" ] || return + cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) + cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) + [ "$cfs_quota" = "-1" ] && return + [ "$cfs_period" = "0" ] && return + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return + echo "$ncpu" +} + +get_quota_v2() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.max" ] || return + cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) + cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) + [ "$cfs_quota" = "max" ] && return + [ "$cfs_period" = "0" ] && return + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return + echo "$ncpu" +} + +get_cgroup_v1_path() { + needle=$1 + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return + [ -r "/proc/self/cgroup" ] || return + + while IFS= read -r line; do + case "$needle" in + "cpuset") + case "$line" in + *cpuset*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + ;; + esac + ;; + "cpu") + case "$line" in + *cpuset*) + ;; + *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + ;; + esac + esac + done << __EOF__ +$( grep -F -- '- cgroup ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + controller=$( echo "$line" | cut -d: -f 2 ) + case "$needle" in + "cpuset") + case "$controller" in + cpuset) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + ;; + esac + ;; + "cpu") + case "$controller" in + cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + ;; + esac + ;; + esac +done << __EOF__ +$( grep -F -- 'cpu' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +get_cgroup_v2_path() { + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return + [ -r "/proc/self/cgroup" ] || return + + while IFS= read -r line; do + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + done << __EOF__ +$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + mountpoint=$( echo "$line" | cut -d: -f 3 ) +done << __EOF__ +$( grep -F -- '0::' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "") + return + ;; + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +ncpu_online=$( getconf _NPROCESSORS_ONLN ) +ncpu_cpuset= +ncpu_quota= +ncpu_cpuset_v2= +ncpu_quota_v2= + +cpuset=$( get_cgroup_v1_path "cpuset" ) +[ "$cpuset" ] && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) +[ "$ncpu_cpuset" ] || ncpu_cpuset=$ncpu_online + +cpu=$( get_cgroup_v1_path "cpu" ) +[ "$cpu" ] && ncpu_quota=$( get_quota "$cpu" ) +[ "$ncpu_quota" ] || ncpu_quota=$ncpu_online + +cgroup_v2=$( get_cgroup_v2_path ) +[ "$cgroup_v2" ] && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) +[ "$ncpu_cpuset_v2" ] || ncpu_cpuset_v2=$ncpu_online + +[ "$cgroup_v2" ] && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) +[ "$ncpu_quota_v2" ] || ncpu_quota_v2=$ncpu_online + +ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ + "$ncpu_online" \ + "$ncpu_cpuset" \ + "$ncpu_quota" \ + "$ncpu_cpuset_v2" \ + "$ncpu_quota_v2" \ + | sort -n \ + | head -n 1 ) + +sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index ae3b6ba2c..d3d9a146a 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -116,6 +116,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d COPY 20-envsubst-on-templates.sh /docker-entrypoint.d +COPY 30-tune-worker-processes.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/mainline/alpine/30-tune-worker-processes.sh b/mainline/alpine/30-tune-worker-processes.sh new file mode 100755 index 000000000..4adb0432d --- /dev/null +++ b/mainline/alpine/30-tune-worker-processes.sh @@ -0,0 +1,194 @@ +#!/bin/sh +# vim:sw=2:ts=2:sts=2:et + +set -eu + +LC_ALL=C +ME=$( basename "$0" ) +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 + +touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } + +ceildiv() { + num=$1 + div=$2 + echo $(( (num + div - 1) / div )) +} + +get_cpuset() { + cpusetroot=$1 + cpusetfile=$2 + ncpu=0 + [ -f "$cpusetroot/$cpusetfile" ] || return + for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do + case "$token" in + *-*) + count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) + ncpu=$(( ncpu+count )) + ;; + *) + ncpu=$(( ncpu+1 )) + ;; + esac + done + echo "$ncpu" +} + +get_quota() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return + [ -f "$cpuroot/cpu.cfs_period_us" ] || return + cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) + cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) + [ "$cfs_quota" = "-1" ] && return + [ "$cfs_period" = "0" ] && return + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return + echo "$ncpu" +} + +get_quota_v2() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.max" ] || return + cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) + cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) + [ "$cfs_quota" = "max" ] && return + [ "$cfs_period" = "0" ] && return + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return + echo "$ncpu" +} + +get_cgroup_v1_path() { + needle=$1 + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return + [ -r "/proc/self/cgroup" ] || return + + while IFS= read -r line; do + case "$needle" in + "cpuset") + case "$line" in + *cpuset*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + ;; + esac + ;; + "cpu") + case "$line" in + *cpuset*) + ;; + *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + ;; + esac + esac + done << __EOF__ +$( grep -F -- '- cgroup ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + controller=$( echo "$line" | cut -d: -f 2 ) + case "$needle" in + "cpuset") + case "$controller" in + cpuset) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + ;; + esac + ;; + "cpu") + case "$controller" in + cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + ;; + esac + ;; + esac +done << __EOF__ +$( grep -F -- 'cpu' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +get_cgroup_v2_path() { + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return + [ -r "/proc/self/cgroup" ] || return + + while IFS= read -r line; do + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + done << __EOF__ +$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + mountpoint=$( echo "$line" | cut -d: -f 3 ) +done << __EOF__ +$( grep -F -- '0::' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "") + return + ;; + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +ncpu_online=$( getconf _NPROCESSORS_ONLN ) +ncpu_cpuset= +ncpu_quota= +ncpu_cpuset_v2= +ncpu_quota_v2= + +cpuset=$( get_cgroup_v1_path "cpuset" ) +[ "$cpuset" ] && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) +[ "$ncpu_cpuset" ] || ncpu_cpuset=$ncpu_online + +cpu=$( get_cgroup_v1_path "cpu" ) +[ "$cpu" ] && ncpu_quota=$( get_quota "$cpu" ) +[ "$ncpu_quota" ] || ncpu_quota=$ncpu_online + +cgroup_v2=$( get_cgroup_v2_path ) +[ "$cgroup_v2" ] && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) +[ "$ncpu_cpuset_v2" ] || ncpu_cpuset_v2=$ncpu_online + +[ "$cgroup_v2" ] && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) +[ "$ncpu_quota_v2" ] || ncpu_quota_v2=$ncpu_online + +ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ + "$ncpu_online" \ + "$ncpu_cpuset" \ + "$ncpu_quota" \ + "$ncpu_cpuset_v2" \ + "$ncpu_quota_v2" \ + | sort -n \ + | head -n 1 ) + +sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 11eeab8da..ea8829e1e 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -115,6 +115,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d COPY 20-envsubst-on-templates.sh /docker-entrypoint.d +COPY 30-tune-worker-processes.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/mainline/debian-perl/30-tune-worker-processes.sh b/mainline/debian-perl/30-tune-worker-processes.sh new file mode 100755 index 000000000..4adb0432d --- /dev/null +++ b/mainline/debian-perl/30-tune-worker-processes.sh @@ -0,0 +1,194 @@ +#!/bin/sh +# vim:sw=2:ts=2:sts=2:et + +set -eu + +LC_ALL=C +ME=$( basename "$0" ) +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 + +touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } + +ceildiv() { + num=$1 + div=$2 + echo $(( (num + div - 1) / div )) +} + +get_cpuset() { + cpusetroot=$1 + cpusetfile=$2 + ncpu=0 + [ -f "$cpusetroot/$cpusetfile" ] || return + for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do + case "$token" in + *-*) + count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) + ncpu=$(( ncpu+count )) + ;; + *) + ncpu=$(( ncpu+1 )) + ;; + esac + done + echo "$ncpu" +} + +get_quota() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return + [ -f "$cpuroot/cpu.cfs_period_us" ] || return + cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) + cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) + [ "$cfs_quota" = "-1" ] && return + [ "$cfs_period" = "0" ] && return + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return + echo "$ncpu" +} + +get_quota_v2() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.max" ] || return + cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) + cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) + [ "$cfs_quota" = "max" ] && return + [ "$cfs_period" = "0" ] && return + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return + echo "$ncpu" +} + +get_cgroup_v1_path() { + needle=$1 + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return + [ -r "/proc/self/cgroup" ] || return + + while IFS= read -r line; do + case "$needle" in + "cpuset") + case "$line" in + *cpuset*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + ;; + esac + ;; + "cpu") + case "$line" in + *cpuset*) + ;; + *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + ;; + esac + esac + done << __EOF__ +$( grep -F -- '- cgroup ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + controller=$( echo "$line" | cut -d: -f 2 ) + case "$needle" in + "cpuset") + case "$controller" in + cpuset) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + ;; + esac + ;; + "cpu") + case "$controller" in + cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + ;; + esac + ;; + esac +done << __EOF__ +$( grep -F -- 'cpu' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +get_cgroup_v2_path() { + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return + [ -r "/proc/self/cgroup" ] || return + + while IFS= read -r line; do + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + done << __EOF__ +$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + mountpoint=$( echo "$line" | cut -d: -f 3 ) +done << __EOF__ +$( grep -F -- '0::' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "") + return + ;; + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +ncpu_online=$( getconf _NPROCESSORS_ONLN ) +ncpu_cpuset= +ncpu_quota= +ncpu_cpuset_v2= +ncpu_quota_v2= + +cpuset=$( get_cgroup_v1_path "cpuset" ) +[ "$cpuset" ] && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) +[ "$ncpu_cpuset" ] || ncpu_cpuset=$ncpu_online + +cpu=$( get_cgroup_v1_path "cpu" ) +[ "$cpu" ] && ncpu_quota=$( get_quota "$cpu" ) +[ "$ncpu_quota" ] || ncpu_quota=$ncpu_online + +cgroup_v2=$( get_cgroup_v2_path ) +[ "$cgroup_v2" ] && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) +[ "$ncpu_cpuset_v2" ] || ncpu_cpuset_v2=$ncpu_online + +[ "$cgroup_v2" ] && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) +[ "$ncpu_quota_v2" ] || ncpu_quota_v2=$ncpu_online + +ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ + "$ncpu_online" \ + "$ncpu_cpuset" \ + "$ncpu_quota" \ + "$ncpu_cpuset_v2" \ + "$ncpu_quota_v2" \ + | sort -n \ + | head -n 1 ) + +sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 1f818c940..aa215d79a 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -107,6 +107,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d COPY 20-envsubst-on-templates.sh /docker-entrypoint.d +COPY 30-tune-worker-processes.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/mainline/debian/30-tune-worker-processes.sh b/mainline/debian/30-tune-worker-processes.sh new file mode 100755 index 000000000..4adb0432d --- /dev/null +++ b/mainline/debian/30-tune-worker-processes.sh @@ -0,0 +1,194 @@ +#!/bin/sh +# vim:sw=2:ts=2:sts=2:et + +set -eu + +LC_ALL=C +ME=$( basename "$0" ) +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 + +touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } + +ceildiv() { + num=$1 + div=$2 + echo $(( (num + div - 1) / div )) +} + +get_cpuset() { + cpusetroot=$1 + cpusetfile=$2 + ncpu=0 + [ -f "$cpusetroot/$cpusetfile" ] || return + for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do + case "$token" in + *-*) + count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) + ncpu=$(( ncpu+count )) + ;; + *) + ncpu=$(( ncpu+1 )) + ;; + esac + done + echo "$ncpu" +} + +get_quota() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return + [ -f "$cpuroot/cpu.cfs_period_us" ] || return + cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) + cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) + [ "$cfs_quota" = "-1" ] && return + [ "$cfs_period" = "0" ] && return + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return + echo "$ncpu" +} + +get_quota_v2() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.max" ] || return + cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) + cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) + [ "$cfs_quota" = "max" ] && return + [ "$cfs_period" = "0" ] && return + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return + echo "$ncpu" +} + +get_cgroup_v1_path() { + needle=$1 + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return + [ -r "/proc/self/cgroup" ] || return + + while IFS= read -r line; do + case "$needle" in + "cpuset") + case "$line" in + *cpuset*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + ;; + esac + ;; + "cpu") + case "$line" in + *cpuset*) + ;; + *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + ;; + esac + esac + done << __EOF__ +$( grep -F -- '- cgroup ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + controller=$( echo "$line" | cut -d: -f 2 ) + case "$needle" in + "cpuset") + case "$controller" in + cpuset) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + ;; + esac + ;; + "cpu") + case "$controller" in + cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + ;; + esac + ;; + esac +done << __EOF__ +$( grep -F -- 'cpu' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +get_cgroup_v2_path() { + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return + [ -r "/proc/self/cgroup" ] || return + + while IFS= read -r line; do + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + done << __EOF__ +$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + mountpoint=$( echo "$line" | cut -d: -f 3 ) +done << __EOF__ +$( grep -F -- '0::' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "") + return + ;; + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +ncpu_online=$( getconf _NPROCESSORS_ONLN ) +ncpu_cpuset= +ncpu_quota= +ncpu_cpuset_v2= +ncpu_quota_v2= + +cpuset=$( get_cgroup_v1_path "cpuset" ) +[ "$cpuset" ] && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) +[ "$ncpu_cpuset" ] || ncpu_cpuset=$ncpu_online + +cpu=$( get_cgroup_v1_path "cpu" ) +[ "$cpu" ] && ncpu_quota=$( get_quota "$cpu" ) +[ "$ncpu_quota" ] || ncpu_quota=$ncpu_online + +cgroup_v2=$( get_cgroup_v2_path ) +[ "$cgroup_v2" ] && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) +[ "$ncpu_cpuset_v2" ] || ncpu_cpuset_v2=$ncpu_online + +[ "$cgroup_v2" ] && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) +[ "$ncpu_quota_v2" ] || ncpu_quota_v2=$ncpu_online + +ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ + "$ncpu_online" \ + "$ncpu_cpuset" \ + "$ncpu_quota" \ + "$ncpu_cpuset_v2" \ + "$ncpu_quota_v2" \ + | sort -n \ + | head -n 1 ) + +sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 43d697015..e9fdc169f 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -106,6 +106,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d COPY 20-envsubst-on-templates.sh /docker-entrypoint.d +COPY 30-tune-worker-processes.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/stable/alpine-perl/30-tune-worker-processes.sh b/stable/alpine-perl/30-tune-worker-processes.sh new file mode 100755 index 000000000..4adb0432d --- /dev/null +++ b/stable/alpine-perl/30-tune-worker-processes.sh @@ -0,0 +1,194 @@ +#!/bin/sh +# vim:sw=2:ts=2:sts=2:et + +set -eu + +LC_ALL=C +ME=$( basename "$0" ) +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 + +touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } + +ceildiv() { + num=$1 + div=$2 + echo $(( (num + div - 1) / div )) +} + +get_cpuset() { + cpusetroot=$1 + cpusetfile=$2 + ncpu=0 + [ -f "$cpusetroot/$cpusetfile" ] || return + for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do + case "$token" in + *-*) + count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) + ncpu=$(( ncpu+count )) + ;; + *) + ncpu=$(( ncpu+1 )) + ;; + esac + done + echo "$ncpu" +} + +get_quota() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return + [ -f "$cpuroot/cpu.cfs_period_us" ] || return + cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) + cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) + [ "$cfs_quota" = "-1" ] && return + [ "$cfs_period" = "0" ] && return + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return + echo "$ncpu" +} + +get_quota_v2() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.max" ] || return + cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) + cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) + [ "$cfs_quota" = "max" ] && return + [ "$cfs_period" = "0" ] && return + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return + echo "$ncpu" +} + +get_cgroup_v1_path() { + needle=$1 + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return + [ -r "/proc/self/cgroup" ] || return + + while IFS= read -r line; do + case "$needle" in + "cpuset") + case "$line" in + *cpuset*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + ;; + esac + ;; + "cpu") + case "$line" in + *cpuset*) + ;; + *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + ;; + esac + esac + done << __EOF__ +$( grep -F -- '- cgroup ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + controller=$( echo "$line" | cut -d: -f 2 ) + case "$needle" in + "cpuset") + case "$controller" in + cpuset) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + ;; + esac + ;; + "cpu") + case "$controller" in + cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + ;; + esac + ;; + esac +done << __EOF__ +$( grep -F -- 'cpu' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +get_cgroup_v2_path() { + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return + [ -r "/proc/self/cgroup" ] || return + + while IFS= read -r line; do + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + done << __EOF__ +$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + mountpoint=$( echo "$line" | cut -d: -f 3 ) +done << __EOF__ +$( grep -F -- '0::' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "") + return + ;; + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +ncpu_online=$( getconf _NPROCESSORS_ONLN ) +ncpu_cpuset= +ncpu_quota= +ncpu_cpuset_v2= +ncpu_quota_v2= + +cpuset=$( get_cgroup_v1_path "cpuset" ) +[ "$cpuset" ] && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) +[ "$ncpu_cpuset" ] || ncpu_cpuset=$ncpu_online + +cpu=$( get_cgroup_v1_path "cpu" ) +[ "$cpu" ] && ncpu_quota=$( get_quota "$cpu" ) +[ "$ncpu_quota" ] || ncpu_quota=$ncpu_online + +cgroup_v2=$( get_cgroup_v2_path ) +[ "$cgroup_v2" ] && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) +[ "$ncpu_cpuset_v2" ] || ncpu_cpuset_v2=$ncpu_online + +[ "$cgroup_v2" ] && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) +[ "$ncpu_quota_v2" ] || ncpu_quota_v2=$ncpu_online + +ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ + "$ncpu_online" \ + "$ncpu_cpuset" \ + "$ncpu_quota" \ + "$ncpu_cpuset_v2" \ + "$ncpu_quota_v2" \ + | sort -n \ + | head -n 1 ) + +sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index d86c2ccd1..6df7dde2c 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -116,6 +116,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d COPY 20-envsubst-on-templates.sh /docker-entrypoint.d +COPY 30-tune-worker-processes.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/stable/alpine/30-tune-worker-processes.sh b/stable/alpine/30-tune-worker-processes.sh new file mode 100755 index 000000000..4adb0432d --- /dev/null +++ b/stable/alpine/30-tune-worker-processes.sh @@ -0,0 +1,194 @@ +#!/bin/sh +# vim:sw=2:ts=2:sts=2:et + +set -eu + +LC_ALL=C +ME=$( basename "$0" ) +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 + +touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } + +ceildiv() { + num=$1 + div=$2 + echo $(( (num + div - 1) / div )) +} + +get_cpuset() { + cpusetroot=$1 + cpusetfile=$2 + ncpu=0 + [ -f "$cpusetroot/$cpusetfile" ] || return + for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do + case "$token" in + *-*) + count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) + ncpu=$(( ncpu+count )) + ;; + *) + ncpu=$(( ncpu+1 )) + ;; + esac + done + echo "$ncpu" +} + +get_quota() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return + [ -f "$cpuroot/cpu.cfs_period_us" ] || return + cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) + cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) + [ "$cfs_quota" = "-1" ] && return + [ "$cfs_period" = "0" ] && return + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return + echo "$ncpu" +} + +get_quota_v2() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.max" ] || return + cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) + cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) + [ "$cfs_quota" = "max" ] && return + [ "$cfs_period" = "0" ] && return + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return + echo "$ncpu" +} + +get_cgroup_v1_path() { + needle=$1 + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return + [ -r "/proc/self/cgroup" ] || return + + while IFS= read -r line; do + case "$needle" in + "cpuset") + case "$line" in + *cpuset*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + ;; + esac + ;; + "cpu") + case "$line" in + *cpuset*) + ;; + *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + ;; + esac + esac + done << __EOF__ +$( grep -F -- '- cgroup ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + controller=$( echo "$line" | cut -d: -f 2 ) + case "$needle" in + "cpuset") + case "$controller" in + cpuset) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + ;; + esac + ;; + "cpu") + case "$controller" in + cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + ;; + esac + ;; + esac +done << __EOF__ +$( grep -F -- 'cpu' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +get_cgroup_v2_path() { + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return + [ -r "/proc/self/cgroup" ] || return + + while IFS= read -r line; do + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + done << __EOF__ +$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + mountpoint=$( echo "$line" | cut -d: -f 3 ) +done << __EOF__ +$( grep -F -- '0::' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "") + return + ;; + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +ncpu_online=$( getconf _NPROCESSORS_ONLN ) +ncpu_cpuset= +ncpu_quota= +ncpu_cpuset_v2= +ncpu_quota_v2= + +cpuset=$( get_cgroup_v1_path "cpuset" ) +[ "$cpuset" ] && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) +[ "$ncpu_cpuset" ] || ncpu_cpuset=$ncpu_online + +cpu=$( get_cgroup_v1_path "cpu" ) +[ "$cpu" ] && ncpu_quota=$( get_quota "$cpu" ) +[ "$ncpu_quota" ] || ncpu_quota=$ncpu_online + +cgroup_v2=$( get_cgroup_v2_path ) +[ "$cgroup_v2" ] && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) +[ "$ncpu_cpuset_v2" ] || ncpu_cpuset_v2=$ncpu_online + +[ "$cgroup_v2" ] && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) +[ "$ncpu_quota_v2" ] || ncpu_quota_v2=$ncpu_online + +ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ + "$ncpu_online" \ + "$ncpu_cpuset" \ + "$ncpu_quota" \ + "$ncpu_cpuset_v2" \ + "$ncpu_quota_v2" \ + | sort -n \ + | head -n 1 ) + +sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index bd34cfb1f..397380ad6 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -115,6 +115,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d COPY 20-envsubst-on-templates.sh /docker-entrypoint.d +COPY 30-tune-worker-processes.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/stable/debian-perl/30-tune-worker-processes.sh b/stable/debian-perl/30-tune-worker-processes.sh new file mode 100755 index 000000000..4adb0432d --- /dev/null +++ b/stable/debian-perl/30-tune-worker-processes.sh @@ -0,0 +1,194 @@ +#!/bin/sh +# vim:sw=2:ts=2:sts=2:et + +set -eu + +LC_ALL=C +ME=$( basename "$0" ) +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 + +touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } + +ceildiv() { + num=$1 + div=$2 + echo $(( (num + div - 1) / div )) +} + +get_cpuset() { + cpusetroot=$1 + cpusetfile=$2 + ncpu=0 + [ -f "$cpusetroot/$cpusetfile" ] || return + for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do + case "$token" in + *-*) + count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) + ncpu=$(( ncpu+count )) + ;; + *) + ncpu=$(( ncpu+1 )) + ;; + esac + done + echo "$ncpu" +} + +get_quota() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return + [ -f "$cpuroot/cpu.cfs_period_us" ] || return + cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) + cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) + [ "$cfs_quota" = "-1" ] && return + [ "$cfs_period" = "0" ] && return + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return + echo "$ncpu" +} + +get_quota_v2() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.max" ] || return + cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) + cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) + [ "$cfs_quota" = "max" ] && return + [ "$cfs_period" = "0" ] && return + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return + echo "$ncpu" +} + +get_cgroup_v1_path() { + needle=$1 + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return + [ -r "/proc/self/cgroup" ] || return + + while IFS= read -r line; do + case "$needle" in + "cpuset") + case "$line" in + *cpuset*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + ;; + esac + ;; + "cpu") + case "$line" in + *cpuset*) + ;; + *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + ;; + esac + esac + done << __EOF__ +$( grep -F -- '- cgroup ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + controller=$( echo "$line" | cut -d: -f 2 ) + case "$needle" in + "cpuset") + case "$controller" in + cpuset) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + ;; + esac + ;; + "cpu") + case "$controller" in + cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + ;; + esac + ;; + esac +done << __EOF__ +$( grep -F -- 'cpu' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +get_cgroup_v2_path() { + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return + [ -r "/proc/self/cgroup" ] || return + + while IFS= read -r line; do + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + done << __EOF__ +$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + mountpoint=$( echo "$line" | cut -d: -f 3 ) +done << __EOF__ +$( grep -F -- '0::' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "") + return + ;; + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +ncpu_online=$( getconf _NPROCESSORS_ONLN ) +ncpu_cpuset= +ncpu_quota= +ncpu_cpuset_v2= +ncpu_quota_v2= + +cpuset=$( get_cgroup_v1_path "cpuset" ) +[ "$cpuset" ] && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) +[ "$ncpu_cpuset" ] || ncpu_cpuset=$ncpu_online + +cpu=$( get_cgroup_v1_path "cpu" ) +[ "$cpu" ] && ncpu_quota=$( get_quota "$cpu" ) +[ "$ncpu_quota" ] || ncpu_quota=$ncpu_online + +cgroup_v2=$( get_cgroup_v2_path ) +[ "$cgroup_v2" ] && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) +[ "$ncpu_cpuset_v2" ] || ncpu_cpuset_v2=$ncpu_online + +[ "$cgroup_v2" ] && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) +[ "$ncpu_quota_v2" ] || ncpu_quota_v2=$ncpu_online + +ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ + "$ncpu_online" \ + "$ncpu_cpuset" \ + "$ncpu_quota" \ + "$ncpu_cpuset_v2" \ + "$ncpu_quota_v2" \ + | sort -n \ + | head -n 1 ) + +sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 9998d1321..90a797dc1 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -107,6 +107,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d COPY 20-envsubst-on-templates.sh /docker-entrypoint.d +COPY 30-tune-worker-processes.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 diff --git a/stable/debian/30-tune-worker-processes.sh b/stable/debian/30-tune-worker-processes.sh new file mode 100755 index 000000000..4adb0432d --- /dev/null +++ b/stable/debian/30-tune-worker-processes.sh @@ -0,0 +1,194 @@ +#!/bin/sh +# vim:sw=2:ts=2:sts=2:et + +set -eu + +LC_ALL=C +ME=$( basename "$0" ) +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 + +touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } + +ceildiv() { + num=$1 + div=$2 + echo $(( (num + div - 1) / div )) +} + +get_cpuset() { + cpusetroot=$1 + cpusetfile=$2 + ncpu=0 + [ -f "$cpusetroot/$cpusetfile" ] || return + for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do + case "$token" in + *-*) + count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) + ncpu=$(( ncpu+count )) + ;; + *) + ncpu=$(( ncpu+1 )) + ;; + esac + done + echo "$ncpu" +} + +get_quota() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return + [ -f "$cpuroot/cpu.cfs_period_us" ] || return + cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) + cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) + [ "$cfs_quota" = "-1" ] && return + [ "$cfs_period" = "0" ] && return + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return + echo "$ncpu" +} + +get_quota_v2() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.max" ] || return + cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) + cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) + [ "$cfs_quota" = "max" ] && return + [ "$cfs_period" = "0" ] && return + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return + echo "$ncpu" +} + +get_cgroup_v1_path() { + needle=$1 + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return + [ -r "/proc/self/cgroup" ] || return + + while IFS= read -r line; do + case "$needle" in + "cpuset") + case "$line" in + *cpuset*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + ;; + esac + ;; + "cpu") + case "$line" in + *cpuset*) + ;; + *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + ;; + esac + esac + done << __EOF__ +$( grep -F -- '- cgroup ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + controller=$( echo "$line" | cut -d: -f 2 ) + case "$needle" in + "cpuset") + case "$controller" in + cpuset) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + ;; + esac + ;; + "cpu") + case "$controller" in + cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + ;; + esac + ;; + esac +done << __EOF__ +$( grep -F -- 'cpu' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +get_cgroup_v2_path() { + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return + [ -r "/proc/self/cgroup" ] || return + + while IFS= read -r line; do + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + done << __EOF__ +$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + mountpoint=$( echo "$line" | cut -d: -f 3 ) +done << __EOF__ +$( grep -F -- '0::' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "") + return + ;; + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +ncpu_online=$( getconf _NPROCESSORS_ONLN ) +ncpu_cpuset= +ncpu_quota= +ncpu_cpuset_v2= +ncpu_quota_v2= + +cpuset=$( get_cgroup_v1_path "cpuset" ) +[ "$cpuset" ] && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) +[ "$ncpu_cpuset" ] || ncpu_cpuset=$ncpu_online + +cpu=$( get_cgroup_v1_path "cpu" ) +[ "$cpu" ] && ncpu_quota=$( get_quota "$cpu" ) +[ "$ncpu_quota" ] || ncpu_quota=$ncpu_online + +cgroup_v2=$( get_cgroup_v2_path ) +[ "$cgroup_v2" ] && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) +[ "$ncpu_cpuset_v2" ] || ncpu_cpuset_v2=$ncpu_online + +[ "$cgroup_v2" ] && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) +[ "$ncpu_quota_v2" ] || ncpu_quota_v2=$ncpu_online + +ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ + "$ncpu_online" \ + "$ncpu_cpuset" \ + "$ncpu_quota" \ + "$ncpu_cpuset_v2" \ + "$ncpu_quota_v2" \ + | sort -n \ + | head -n 1 ) + +sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index a4b6b7f07..a4d932bf7 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -106,6 +106,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d COPY 20-envsubst-on-templates.sh /docker-entrypoint.d +COPY 30-tune-worker-processes.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 80 From fa2213a76da35137a5aee565cef5095a209aeb3d Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 16 Feb 2021 20:28:33 +0300 Subject: [PATCH 094/306] Updated nginx to 1.19.7 and njs to 0.5.1 for mainline --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 4 ++-- update.sh | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index d3d9a146a..851b86d6e 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.13 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.6 -ENV NJS_VERSION 0.5.0 +ENV NGINX_VERSION 1.19.7 +ENV NJS_VERSION 0.5.1 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index ea8829e1e..59519217b 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.13 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.6 -ENV NJS_VERSION 0.5.0 +ENV NGINX_VERSION 1.19.7 +ENV NJS_VERSION 0.5.1 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index aa215d79a..0874f07d8 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -7,8 +7,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.6 -ENV NJS_VERSION 0.5.0 +ENV NGINX_VERSION 1.19.7 +ENV NJS_VERSION 0.5.1 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index e9fdc169f..198e225c3 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.6 -ENV NJS_VERSION 0.5.0 +ENV NGINX_VERSION 1.19.7 +ENV NJS_VERSION 0.5.1 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/update.sh b/update.sh index 49ec3c878..c6f956121 100755 --- a/update.sh +++ b/update.sh @@ -10,11 +10,11 @@ declare branches=( ) declare -A nginx=( - [mainline]='1.19.6' + [mainline]='1.19.7' [stable]='1.18.0' ) -defaultnjs='0.5.0' +defaultnjs='0.5.1' declare -A njs=( [stable]='0.4.4' ) From e559b4da5b4cf0cf94990906f7523d6efcdcdbc9 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 17 Feb 2021 18:22:27 +0300 Subject: [PATCH 095/306] modules: Added a hack to make build system fetch a requested nginx version We're now using a tip of default branch on pkg-oss which moves fast and breaks things. A better solution is probably to check out a specific nginx tag and build whatever is available for it. This, however, is not currently possible with 1.19.6, and only works for 1.19.7. This should probably be reverted once we have enough tags supporting it. --- modules/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/Dockerfile b/modules/Dockerfile index 9ea6df85a..de4c0a76d 100644 --- a/modules/Dockerfile +++ b/modules/Dockerfile @@ -45,9 +45,9 @@ RUN set -ex \ elif make -C /pkg-oss/debian list | grep -P "^$module\s+\d" > /dev/null; then \ echo "Building $module from pkg-oss sources"; \ cd /pkg-oss/debian; \ - make rules-module-$module BASE_VERSION=$NGINX_VERSION; \ + make rules-module-$module BASE_VERSION=$NGINX_VERSION NGINX_VERSION=$NGINX_VERSION; \ mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" debuild-module-$module/nginx-$NGINX_VERSION/debian/control; \ - make module-$module BASE_VERSION=$NGINX_VERSION; \ + make module-$module BASE_VERSION=$NGINX_VERSION NGINX_VERSION=$NGINX_VERSION; \ find ../../ -maxdepth 1 -mindepth 1 -type f -name "*.deb" -exec mv -v {} /tmp/packages/ \;; \ else \ echo "Don't know how to build $module module, exiting"; \ From 636b7e3616ffebd9220f793aad672246c7e18376 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 2 Mar 2021 15:54:52 +0300 Subject: [PATCH 096/306] Updated and improved third-party modules documentation Fixes #511 --- modules/README.md | 101 ++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 94 insertions(+), 7 deletions(-) diff --git a/modules/README.md b/modules/README.md index 8680022eb..db8c93e9f 100644 --- a/modules/README.md +++ b/modules/README.md @@ -3,7 +3,7 @@ It's possible to extend a mainline image with third-party modules either from your own instuctions following a simple filesystem layout/syntax using `build_module.sh` helper script, or failing back to package sources from -`https://hg.nginx.org/pkg-oss`. +[pkg-oss](https://hg.nginx.org/pkg-oss). ## Usage @@ -30,23 +30,25 @@ are available from `pkg-oss` repository: ``` /pkg-oss $ LC_ALL=C make -C debian list-all-modules make: Entering directory '/pkg-oss/debian' +auth-spnego 1.1.0-1 brotli 1.0.0-1 encrypted-session 0.08-1 -geoip 1.19.6-1 +fips-check 0.1-1 +geoip 1.19.7-1 geoip2 3.3-1 headers-more 0.33-1 -image-filter 1.19.6-1 +image-filter 1.19.7-1 lua 0.10.19-1 -modsecurity 1.0.1-1 +modsecurity 1.0.1-2 ndk 0.3.1-1 -njs 0.5.0-1 +njs 0.5.1-1 opentracing 0.10.0-1 passenger 6.0.6-1 -perl 1.19.6-1 +perl 1.19.7-1 rtmp 1.2.1-1 set-misc 0.32-1 subs-filter 0.6.4-1 -xslt 1.19.6-1 +xslt 1.19.7-1 make: Leaving directory '/pkg-oss/debian' ``` @@ -81,3 +83,88 @@ Note that we can not provide any support for those modifications and in no way guarantee they will work as nice as a build without third-party modules. If you encounter any issues running your image with the modules enabled, please reproduce with a vanilla image first. + +## Examples + +### docker-compose with pre-packaged modules + +If desired modules are already packaged in +[pkg-oss](https://hg.nginx.org/pkg-oss/) - e.g. `debian/Makefile.module-*` +exists for a given module, you can use this example. + +1. Create a directory for your project: + +``` +mkdir myapp +cd myapp +```` + +2. Populate the build context for a custom nginx image: + +``` +mkdir my-nginx +curl -o my-nginx/Dockerfile https://raw.githubusercontent.com/nginxinc/docker-nginx/master/modules/Dockerfile +``` + +3. Create a `docker-compose.yml` file: + +``` +cat > docker-compose.yml << __EOF__ +version: "3.3" +services: + web: + build: + context: ./my-nginx/ + args: + ENABLED_MODULES: ndk lua + image: my-nginx-with-lua:v1 + ports: + - "80:8000" +__EOF__ +``` + +Now, running `docker-compose up --build -d` will build the image and run the application for you. + +### docker-compose with a non-packaged module + +If a needed module is not available via `pkg-oss`, you can use this example. + +We're going to build the image with [ngx_cache_purge](https://github.com/FRiCKLE/ngx_cache_purge) module. + +The steps are similar to a previous example, with a notable difference of +providing a URL to fetch the module source code from. + +1. Create a directory for your project: + +``` +mkdir myapp-cache +cd myapp-cache +```` + +2. Populate the build context for a custom nginx image: + +``` +mkdir my-nginx +curl -o my-nginx/Dockerfile https://raw.githubusercontent.com/nginxinc/docker-nginx/master/modules/Dockerfile +mkdir my-nginx/cachepurge +echo "https://github.com/FRiCKLE/ngx_cache_purge/archive/2.3.tar.gz" > my-nginx/cachepurge/source +``` + +3. Create a `docker-compose.yml` file: + +``` +cat > docker-compose.yml << __EOF__ +version: "3.3" +services: + web: + build: + context: ./my-nginx/ + args: + ENABLED_MODULES: cachepurge + image: my-nginx-with-cachepurge:v1 + ports: + - "80:8080" +__EOF__ +``` + +Now, running `docker-compose up --build -d` will build the image and run the application for you. From dcaaf66e4464037b1a887541f39acf8182233ab8 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 9 Mar 2021 20:19:57 +0300 Subject: [PATCH 097/306] Updated mainline nginx to 1.19.8 and njs to 0.5.2 --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 4 ++-- update.sh | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 851b86d6e..2f629e00a 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.13 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.7 -ENV NJS_VERSION 0.5.1 +ENV NGINX_VERSION 1.19.8 +ENV NJS_VERSION 0.5.2 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 59519217b..9e7f149a3 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.13 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.7 -ENV NJS_VERSION 0.5.1 +ENV NGINX_VERSION 1.19.8 +ENV NJS_VERSION 0.5.2 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 0874f07d8..47f68d5cb 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -7,8 +7,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.7 -ENV NJS_VERSION 0.5.1 +ENV NGINX_VERSION 1.19.8 +ENV NJS_VERSION 0.5.2 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 198e225c3..2ff9655d7 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.7 -ENV NJS_VERSION 0.5.1 +ENV NGINX_VERSION 1.19.8 +ENV NJS_VERSION 0.5.2 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/update.sh b/update.sh index c6f956121..71696fc2c 100755 --- a/update.sh +++ b/update.sh @@ -10,11 +10,11 @@ declare branches=( ) declare -A nginx=( - [mainline]='1.19.7' + [mainline]='1.19.8' [stable]='1.18.0' ) -defaultnjs='0.5.1' +defaultnjs='0.5.2' declare -A njs=( [stable]='0.4.4' ) From d1ed2dddd604c216b49c23a0ed747472c122c5bf Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 11 Mar 2021 19:56:02 +0300 Subject: [PATCH 098/306] Made 30-tune-worker-processes.sh more robust and error-prone. Fixes #520. --- entrypoint/30-tune-worker-processes.sh | 52 ++++++++----------- .../alpine-perl/30-tune-worker-processes.sh | 52 ++++++++----------- mainline/alpine/30-tune-worker-processes.sh | 52 ++++++++----------- .../debian-perl/30-tune-worker-processes.sh | 52 ++++++++----------- mainline/debian/30-tune-worker-processes.sh | 52 ++++++++----------- .../alpine-perl/30-tune-worker-processes.sh | 52 ++++++++----------- stable/alpine/30-tune-worker-processes.sh | 52 ++++++++----------- .../debian-perl/30-tune-worker-processes.sh | 52 ++++++++----------- stable/debian/30-tune-worker-processes.sh | 52 ++++++++----------- 9 files changed, 207 insertions(+), 261 deletions(-) diff --git a/entrypoint/30-tune-worker-processes.sh b/entrypoint/30-tune-worker-processes.sh index 4adb0432d..565058715 100755 --- a/entrypoint/30-tune-worker-processes.sh +++ b/entrypoint/30-tune-worker-processes.sh @@ -21,7 +21,7 @@ get_cpuset() { cpusetroot=$1 cpusetfile=$2 ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return + [ -f "$cpusetroot/$cpusetfile" ] || return 1 for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do case "$token" in *-*) @@ -39,27 +39,27 @@ get_cpuset() { get_quota() { cpuroot=$1 ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return - [ -f "$cpuroot/cpu.cfs_period_us" ] || return + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 + [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return - [ "$cfs_period" = "0" ] && return + [ "$cfs_quota" = "-1" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return + [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } get_quota_v2() { cpuroot=$1 ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return + [ -f "$cpuroot/cpu.max" ] || return 1 cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return - [ "$cfs_period" = "0" ] && return + [ "$cfs_quota" = "max" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return + [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } @@ -69,8 +69,8 @@ get_cgroup_v1_path() { foundroot= mountpoint= - [ -r "/proc/self/mountinfo" ] || return - [ -r "/proc/self/cgroup" ] || return + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do case "$needle" in @@ -78,6 +78,7 @@ get_cgroup_v1_path() { case "$line" in *cpuset*) found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break ;; esac ;; @@ -87,6 +88,7 @@ get_cgroup_v1_path() { ;; *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break ;; esac esac @@ -101,6 +103,7 @@ __EOF__ case "$controller" in cpuset) mountpoint=$( echo "$line" | cut -d: -f 3 ) + break ;; esac ;; @@ -108,6 +111,7 @@ __EOF__ case "$controller" in cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) mountpoint=$( echo "$line" | cut -d: -f 3 ) + break ;; esac ;; @@ -132,8 +136,8 @@ get_cgroup_v2_path() { foundroot= mountpoint= - [ -r "/proc/self/mountinfo" ] || return - [ -r "/proc/self/cgroup" ] || return + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do found=$( echo "$line" | cut -d ' ' -f 4,5 ) @@ -149,7 +153,7 @@ __EOF__ case "${found%% *}" in "") - return + return 1 ;; "/") foundroot="${found##* }$mountpoint" @@ -167,20 +171,10 @@ ncpu_quota= ncpu_cpuset_v2= ncpu_quota_v2= -cpuset=$( get_cgroup_v1_path "cpuset" ) -[ "$cpuset" ] && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) -[ "$ncpu_cpuset" ] || ncpu_cpuset=$ncpu_online - -cpu=$( get_cgroup_v1_path "cpu" ) -[ "$cpu" ] && ncpu_quota=$( get_quota "$cpu" ) -[ "$ncpu_quota" ] || ncpu_quota=$ncpu_online - -cgroup_v2=$( get_cgroup_v2_path ) -[ "$cgroup_v2" ] && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) -[ "$ncpu_cpuset_v2" ] || ncpu_cpuset_v2=$ncpu_online - -[ "$cgroup_v2" ] && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) -[ "$ncpu_quota_v2" ] || ncpu_quota_v2=$ncpu_online +cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online +cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ "$ncpu_online" \ diff --git a/mainline/alpine-perl/30-tune-worker-processes.sh b/mainline/alpine-perl/30-tune-worker-processes.sh index 4adb0432d..565058715 100755 --- a/mainline/alpine-perl/30-tune-worker-processes.sh +++ b/mainline/alpine-perl/30-tune-worker-processes.sh @@ -21,7 +21,7 @@ get_cpuset() { cpusetroot=$1 cpusetfile=$2 ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return + [ -f "$cpusetroot/$cpusetfile" ] || return 1 for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do case "$token" in *-*) @@ -39,27 +39,27 @@ get_cpuset() { get_quota() { cpuroot=$1 ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return - [ -f "$cpuroot/cpu.cfs_period_us" ] || return + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 + [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return - [ "$cfs_period" = "0" ] && return + [ "$cfs_quota" = "-1" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return + [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } get_quota_v2() { cpuroot=$1 ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return + [ -f "$cpuroot/cpu.max" ] || return 1 cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return - [ "$cfs_period" = "0" ] && return + [ "$cfs_quota" = "max" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return + [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } @@ -69,8 +69,8 @@ get_cgroup_v1_path() { foundroot= mountpoint= - [ -r "/proc/self/mountinfo" ] || return - [ -r "/proc/self/cgroup" ] || return + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do case "$needle" in @@ -78,6 +78,7 @@ get_cgroup_v1_path() { case "$line" in *cpuset*) found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break ;; esac ;; @@ -87,6 +88,7 @@ get_cgroup_v1_path() { ;; *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break ;; esac esac @@ -101,6 +103,7 @@ __EOF__ case "$controller" in cpuset) mountpoint=$( echo "$line" | cut -d: -f 3 ) + break ;; esac ;; @@ -108,6 +111,7 @@ __EOF__ case "$controller" in cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) mountpoint=$( echo "$line" | cut -d: -f 3 ) + break ;; esac ;; @@ -132,8 +136,8 @@ get_cgroup_v2_path() { foundroot= mountpoint= - [ -r "/proc/self/mountinfo" ] || return - [ -r "/proc/self/cgroup" ] || return + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do found=$( echo "$line" | cut -d ' ' -f 4,5 ) @@ -149,7 +153,7 @@ __EOF__ case "${found%% *}" in "") - return + return 1 ;; "/") foundroot="${found##* }$mountpoint" @@ -167,20 +171,10 @@ ncpu_quota= ncpu_cpuset_v2= ncpu_quota_v2= -cpuset=$( get_cgroup_v1_path "cpuset" ) -[ "$cpuset" ] && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) -[ "$ncpu_cpuset" ] || ncpu_cpuset=$ncpu_online - -cpu=$( get_cgroup_v1_path "cpu" ) -[ "$cpu" ] && ncpu_quota=$( get_quota "$cpu" ) -[ "$ncpu_quota" ] || ncpu_quota=$ncpu_online - -cgroup_v2=$( get_cgroup_v2_path ) -[ "$cgroup_v2" ] && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) -[ "$ncpu_cpuset_v2" ] || ncpu_cpuset_v2=$ncpu_online - -[ "$cgroup_v2" ] && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) -[ "$ncpu_quota_v2" ] || ncpu_quota_v2=$ncpu_online +cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online +cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ "$ncpu_online" \ diff --git a/mainline/alpine/30-tune-worker-processes.sh b/mainline/alpine/30-tune-worker-processes.sh index 4adb0432d..565058715 100755 --- a/mainline/alpine/30-tune-worker-processes.sh +++ b/mainline/alpine/30-tune-worker-processes.sh @@ -21,7 +21,7 @@ get_cpuset() { cpusetroot=$1 cpusetfile=$2 ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return + [ -f "$cpusetroot/$cpusetfile" ] || return 1 for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do case "$token" in *-*) @@ -39,27 +39,27 @@ get_cpuset() { get_quota() { cpuroot=$1 ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return - [ -f "$cpuroot/cpu.cfs_period_us" ] || return + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 + [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return - [ "$cfs_period" = "0" ] && return + [ "$cfs_quota" = "-1" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return + [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } get_quota_v2() { cpuroot=$1 ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return + [ -f "$cpuroot/cpu.max" ] || return 1 cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return - [ "$cfs_period" = "0" ] && return + [ "$cfs_quota" = "max" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return + [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } @@ -69,8 +69,8 @@ get_cgroup_v1_path() { foundroot= mountpoint= - [ -r "/proc/self/mountinfo" ] || return - [ -r "/proc/self/cgroup" ] || return + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do case "$needle" in @@ -78,6 +78,7 @@ get_cgroup_v1_path() { case "$line" in *cpuset*) found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break ;; esac ;; @@ -87,6 +88,7 @@ get_cgroup_v1_path() { ;; *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break ;; esac esac @@ -101,6 +103,7 @@ __EOF__ case "$controller" in cpuset) mountpoint=$( echo "$line" | cut -d: -f 3 ) + break ;; esac ;; @@ -108,6 +111,7 @@ __EOF__ case "$controller" in cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) mountpoint=$( echo "$line" | cut -d: -f 3 ) + break ;; esac ;; @@ -132,8 +136,8 @@ get_cgroup_v2_path() { foundroot= mountpoint= - [ -r "/proc/self/mountinfo" ] || return - [ -r "/proc/self/cgroup" ] || return + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do found=$( echo "$line" | cut -d ' ' -f 4,5 ) @@ -149,7 +153,7 @@ __EOF__ case "${found%% *}" in "") - return + return 1 ;; "/") foundroot="${found##* }$mountpoint" @@ -167,20 +171,10 @@ ncpu_quota= ncpu_cpuset_v2= ncpu_quota_v2= -cpuset=$( get_cgroup_v1_path "cpuset" ) -[ "$cpuset" ] && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) -[ "$ncpu_cpuset" ] || ncpu_cpuset=$ncpu_online - -cpu=$( get_cgroup_v1_path "cpu" ) -[ "$cpu" ] && ncpu_quota=$( get_quota "$cpu" ) -[ "$ncpu_quota" ] || ncpu_quota=$ncpu_online - -cgroup_v2=$( get_cgroup_v2_path ) -[ "$cgroup_v2" ] && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) -[ "$ncpu_cpuset_v2" ] || ncpu_cpuset_v2=$ncpu_online - -[ "$cgroup_v2" ] && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) -[ "$ncpu_quota_v2" ] || ncpu_quota_v2=$ncpu_online +cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online +cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ "$ncpu_online" \ diff --git a/mainline/debian-perl/30-tune-worker-processes.sh b/mainline/debian-perl/30-tune-worker-processes.sh index 4adb0432d..565058715 100755 --- a/mainline/debian-perl/30-tune-worker-processes.sh +++ b/mainline/debian-perl/30-tune-worker-processes.sh @@ -21,7 +21,7 @@ get_cpuset() { cpusetroot=$1 cpusetfile=$2 ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return + [ -f "$cpusetroot/$cpusetfile" ] || return 1 for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do case "$token" in *-*) @@ -39,27 +39,27 @@ get_cpuset() { get_quota() { cpuroot=$1 ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return - [ -f "$cpuroot/cpu.cfs_period_us" ] || return + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 + [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return - [ "$cfs_period" = "0" ] && return + [ "$cfs_quota" = "-1" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return + [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } get_quota_v2() { cpuroot=$1 ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return + [ -f "$cpuroot/cpu.max" ] || return 1 cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return - [ "$cfs_period" = "0" ] && return + [ "$cfs_quota" = "max" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return + [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } @@ -69,8 +69,8 @@ get_cgroup_v1_path() { foundroot= mountpoint= - [ -r "/proc/self/mountinfo" ] || return - [ -r "/proc/self/cgroup" ] || return + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do case "$needle" in @@ -78,6 +78,7 @@ get_cgroup_v1_path() { case "$line" in *cpuset*) found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break ;; esac ;; @@ -87,6 +88,7 @@ get_cgroup_v1_path() { ;; *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break ;; esac esac @@ -101,6 +103,7 @@ __EOF__ case "$controller" in cpuset) mountpoint=$( echo "$line" | cut -d: -f 3 ) + break ;; esac ;; @@ -108,6 +111,7 @@ __EOF__ case "$controller" in cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) mountpoint=$( echo "$line" | cut -d: -f 3 ) + break ;; esac ;; @@ -132,8 +136,8 @@ get_cgroup_v2_path() { foundroot= mountpoint= - [ -r "/proc/self/mountinfo" ] || return - [ -r "/proc/self/cgroup" ] || return + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do found=$( echo "$line" | cut -d ' ' -f 4,5 ) @@ -149,7 +153,7 @@ __EOF__ case "${found%% *}" in "") - return + return 1 ;; "/") foundroot="${found##* }$mountpoint" @@ -167,20 +171,10 @@ ncpu_quota= ncpu_cpuset_v2= ncpu_quota_v2= -cpuset=$( get_cgroup_v1_path "cpuset" ) -[ "$cpuset" ] && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) -[ "$ncpu_cpuset" ] || ncpu_cpuset=$ncpu_online - -cpu=$( get_cgroup_v1_path "cpu" ) -[ "$cpu" ] && ncpu_quota=$( get_quota "$cpu" ) -[ "$ncpu_quota" ] || ncpu_quota=$ncpu_online - -cgroup_v2=$( get_cgroup_v2_path ) -[ "$cgroup_v2" ] && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) -[ "$ncpu_cpuset_v2" ] || ncpu_cpuset_v2=$ncpu_online - -[ "$cgroup_v2" ] && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) -[ "$ncpu_quota_v2" ] || ncpu_quota_v2=$ncpu_online +cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online +cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ "$ncpu_online" \ diff --git a/mainline/debian/30-tune-worker-processes.sh b/mainline/debian/30-tune-worker-processes.sh index 4adb0432d..565058715 100755 --- a/mainline/debian/30-tune-worker-processes.sh +++ b/mainline/debian/30-tune-worker-processes.sh @@ -21,7 +21,7 @@ get_cpuset() { cpusetroot=$1 cpusetfile=$2 ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return + [ -f "$cpusetroot/$cpusetfile" ] || return 1 for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do case "$token" in *-*) @@ -39,27 +39,27 @@ get_cpuset() { get_quota() { cpuroot=$1 ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return - [ -f "$cpuroot/cpu.cfs_period_us" ] || return + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 + [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return - [ "$cfs_period" = "0" ] && return + [ "$cfs_quota" = "-1" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return + [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } get_quota_v2() { cpuroot=$1 ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return + [ -f "$cpuroot/cpu.max" ] || return 1 cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return - [ "$cfs_period" = "0" ] && return + [ "$cfs_quota" = "max" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return + [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } @@ -69,8 +69,8 @@ get_cgroup_v1_path() { foundroot= mountpoint= - [ -r "/proc/self/mountinfo" ] || return - [ -r "/proc/self/cgroup" ] || return + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do case "$needle" in @@ -78,6 +78,7 @@ get_cgroup_v1_path() { case "$line" in *cpuset*) found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break ;; esac ;; @@ -87,6 +88,7 @@ get_cgroup_v1_path() { ;; *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break ;; esac esac @@ -101,6 +103,7 @@ __EOF__ case "$controller" in cpuset) mountpoint=$( echo "$line" | cut -d: -f 3 ) + break ;; esac ;; @@ -108,6 +111,7 @@ __EOF__ case "$controller" in cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) mountpoint=$( echo "$line" | cut -d: -f 3 ) + break ;; esac ;; @@ -132,8 +136,8 @@ get_cgroup_v2_path() { foundroot= mountpoint= - [ -r "/proc/self/mountinfo" ] || return - [ -r "/proc/self/cgroup" ] || return + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do found=$( echo "$line" | cut -d ' ' -f 4,5 ) @@ -149,7 +153,7 @@ __EOF__ case "${found%% *}" in "") - return + return 1 ;; "/") foundroot="${found##* }$mountpoint" @@ -167,20 +171,10 @@ ncpu_quota= ncpu_cpuset_v2= ncpu_quota_v2= -cpuset=$( get_cgroup_v1_path "cpuset" ) -[ "$cpuset" ] && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) -[ "$ncpu_cpuset" ] || ncpu_cpuset=$ncpu_online - -cpu=$( get_cgroup_v1_path "cpu" ) -[ "$cpu" ] && ncpu_quota=$( get_quota "$cpu" ) -[ "$ncpu_quota" ] || ncpu_quota=$ncpu_online - -cgroup_v2=$( get_cgroup_v2_path ) -[ "$cgroup_v2" ] && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) -[ "$ncpu_cpuset_v2" ] || ncpu_cpuset_v2=$ncpu_online - -[ "$cgroup_v2" ] && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) -[ "$ncpu_quota_v2" ] || ncpu_quota_v2=$ncpu_online +cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online +cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ "$ncpu_online" \ diff --git a/stable/alpine-perl/30-tune-worker-processes.sh b/stable/alpine-perl/30-tune-worker-processes.sh index 4adb0432d..565058715 100755 --- a/stable/alpine-perl/30-tune-worker-processes.sh +++ b/stable/alpine-perl/30-tune-worker-processes.sh @@ -21,7 +21,7 @@ get_cpuset() { cpusetroot=$1 cpusetfile=$2 ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return + [ -f "$cpusetroot/$cpusetfile" ] || return 1 for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do case "$token" in *-*) @@ -39,27 +39,27 @@ get_cpuset() { get_quota() { cpuroot=$1 ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return - [ -f "$cpuroot/cpu.cfs_period_us" ] || return + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 + [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return - [ "$cfs_period" = "0" ] && return + [ "$cfs_quota" = "-1" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return + [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } get_quota_v2() { cpuroot=$1 ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return + [ -f "$cpuroot/cpu.max" ] || return 1 cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return - [ "$cfs_period" = "0" ] && return + [ "$cfs_quota" = "max" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return + [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } @@ -69,8 +69,8 @@ get_cgroup_v1_path() { foundroot= mountpoint= - [ -r "/proc/self/mountinfo" ] || return - [ -r "/proc/self/cgroup" ] || return + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do case "$needle" in @@ -78,6 +78,7 @@ get_cgroup_v1_path() { case "$line" in *cpuset*) found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break ;; esac ;; @@ -87,6 +88,7 @@ get_cgroup_v1_path() { ;; *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break ;; esac esac @@ -101,6 +103,7 @@ __EOF__ case "$controller" in cpuset) mountpoint=$( echo "$line" | cut -d: -f 3 ) + break ;; esac ;; @@ -108,6 +111,7 @@ __EOF__ case "$controller" in cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) mountpoint=$( echo "$line" | cut -d: -f 3 ) + break ;; esac ;; @@ -132,8 +136,8 @@ get_cgroup_v2_path() { foundroot= mountpoint= - [ -r "/proc/self/mountinfo" ] || return - [ -r "/proc/self/cgroup" ] || return + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do found=$( echo "$line" | cut -d ' ' -f 4,5 ) @@ -149,7 +153,7 @@ __EOF__ case "${found%% *}" in "") - return + return 1 ;; "/") foundroot="${found##* }$mountpoint" @@ -167,20 +171,10 @@ ncpu_quota= ncpu_cpuset_v2= ncpu_quota_v2= -cpuset=$( get_cgroup_v1_path "cpuset" ) -[ "$cpuset" ] && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) -[ "$ncpu_cpuset" ] || ncpu_cpuset=$ncpu_online - -cpu=$( get_cgroup_v1_path "cpu" ) -[ "$cpu" ] && ncpu_quota=$( get_quota "$cpu" ) -[ "$ncpu_quota" ] || ncpu_quota=$ncpu_online - -cgroup_v2=$( get_cgroup_v2_path ) -[ "$cgroup_v2" ] && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) -[ "$ncpu_cpuset_v2" ] || ncpu_cpuset_v2=$ncpu_online - -[ "$cgroup_v2" ] && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) -[ "$ncpu_quota_v2" ] || ncpu_quota_v2=$ncpu_online +cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online +cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ "$ncpu_online" \ diff --git a/stable/alpine/30-tune-worker-processes.sh b/stable/alpine/30-tune-worker-processes.sh index 4adb0432d..565058715 100755 --- a/stable/alpine/30-tune-worker-processes.sh +++ b/stable/alpine/30-tune-worker-processes.sh @@ -21,7 +21,7 @@ get_cpuset() { cpusetroot=$1 cpusetfile=$2 ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return + [ -f "$cpusetroot/$cpusetfile" ] || return 1 for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do case "$token" in *-*) @@ -39,27 +39,27 @@ get_cpuset() { get_quota() { cpuroot=$1 ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return - [ -f "$cpuroot/cpu.cfs_period_us" ] || return + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 + [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return - [ "$cfs_period" = "0" ] && return + [ "$cfs_quota" = "-1" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return + [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } get_quota_v2() { cpuroot=$1 ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return + [ -f "$cpuroot/cpu.max" ] || return 1 cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return - [ "$cfs_period" = "0" ] && return + [ "$cfs_quota" = "max" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return + [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } @@ -69,8 +69,8 @@ get_cgroup_v1_path() { foundroot= mountpoint= - [ -r "/proc/self/mountinfo" ] || return - [ -r "/proc/self/cgroup" ] || return + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do case "$needle" in @@ -78,6 +78,7 @@ get_cgroup_v1_path() { case "$line" in *cpuset*) found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break ;; esac ;; @@ -87,6 +88,7 @@ get_cgroup_v1_path() { ;; *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break ;; esac esac @@ -101,6 +103,7 @@ __EOF__ case "$controller" in cpuset) mountpoint=$( echo "$line" | cut -d: -f 3 ) + break ;; esac ;; @@ -108,6 +111,7 @@ __EOF__ case "$controller" in cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) mountpoint=$( echo "$line" | cut -d: -f 3 ) + break ;; esac ;; @@ -132,8 +136,8 @@ get_cgroup_v2_path() { foundroot= mountpoint= - [ -r "/proc/self/mountinfo" ] || return - [ -r "/proc/self/cgroup" ] || return + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do found=$( echo "$line" | cut -d ' ' -f 4,5 ) @@ -149,7 +153,7 @@ __EOF__ case "${found%% *}" in "") - return + return 1 ;; "/") foundroot="${found##* }$mountpoint" @@ -167,20 +171,10 @@ ncpu_quota= ncpu_cpuset_v2= ncpu_quota_v2= -cpuset=$( get_cgroup_v1_path "cpuset" ) -[ "$cpuset" ] && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) -[ "$ncpu_cpuset" ] || ncpu_cpuset=$ncpu_online - -cpu=$( get_cgroup_v1_path "cpu" ) -[ "$cpu" ] && ncpu_quota=$( get_quota "$cpu" ) -[ "$ncpu_quota" ] || ncpu_quota=$ncpu_online - -cgroup_v2=$( get_cgroup_v2_path ) -[ "$cgroup_v2" ] && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) -[ "$ncpu_cpuset_v2" ] || ncpu_cpuset_v2=$ncpu_online - -[ "$cgroup_v2" ] && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) -[ "$ncpu_quota_v2" ] || ncpu_quota_v2=$ncpu_online +cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online +cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ "$ncpu_online" \ diff --git a/stable/debian-perl/30-tune-worker-processes.sh b/stable/debian-perl/30-tune-worker-processes.sh index 4adb0432d..565058715 100755 --- a/stable/debian-perl/30-tune-worker-processes.sh +++ b/stable/debian-perl/30-tune-worker-processes.sh @@ -21,7 +21,7 @@ get_cpuset() { cpusetroot=$1 cpusetfile=$2 ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return + [ -f "$cpusetroot/$cpusetfile" ] || return 1 for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do case "$token" in *-*) @@ -39,27 +39,27 @@ get_cpuset() { get_quota() { cpuroot=$1 ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return - [ -f "$cpuroot/cpu.cfs_period_us" ] || return + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 + [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return - [ "$cfs_period" = "0" ] && return + [ "$cfs_quota" = "-1" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return + [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } get_quota_v2() { cpuroot=$1 ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return + [ -f "$cpuroot/cpu.max" ] || return 1 cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return - [ "$cfs_period" = "0" ] && return + [ "$cfs_quota" = "max" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return + [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } @@ -69,8 +69,8 @@ get_cgroup_v1_path() { foundroot= mountpoint= - [ -r "/proc/self/mountinfo" ] || return - [ -r "/proc/self/cgroup" ] || return + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do case "$needle" in @@ -78,6 +78,7 @@ get_cgroup_v1_path() { case "$line" in *cpuset*) found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break ;; esac ;; @@ -87,6 +88,7 @@ get_cgroup_v1_path() { ;; *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break ;; esac esac @@ -101,6 +103,7 @@ __EOF__ case "$controller" in cpuset) mountpoint=$( echo "$line" | cut -d: -f 3 ) + break ;; esac ;; @@ -108,6 +111,7 @@ __EOF__ case "$controller" in cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) mountpoint=$( echo "$line" | cut -d: -f 3 ) + break ;; esac ;; @@ -132,8 +136,8 @@ get_cgroup_v2_path() { foundroot= mountpoint= - [ -r "/proc/self/mountinfo" ] || return - [ -r "/proc/self/cgroup" ] || return + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do found=$( echo "$line" | cut -d ' ' -f 4,5 ) @@ -149,7 +153,7 @@ __EOF__ case "${found%% *}" in "") - return + return 1 ;; "/") foundroot="${found##* }$mountpoint" @@ -167,20 +171,10 @@ ncpu_quota= ncpu_cpuset_v2= ncpu_quota_v2= -cpuset=$( get_cgroup_v1_path "cpuset" ) -[ "$cpuset" ] && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) -[ "$ncpu_cpuset" ] || ncpu_cpuset=$ncpu_online - -cpu=$( get_cgroup_v1_path "cpu" ) -[ "$cpu" ] && ncpu_quota=$( get_quota "$cpu" ) -[ "$ncpu_quota" ] || ncpu_quota=$ncpu_online - -cgroup_v2=$( get_cgroup_v2_path ) -[ "$cgroup_v2" ] && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) -[ "$ncpu_cpuset_v2" ] || ncpu_cpuset_v2=$ncpu_online - -[ "$cgroup_v2" ] && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) -[ "$ncpu_quota_v2" ] || ncpu_quota_v2=$ncpu_online +cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online +cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ "$ncpu_online" \ diff --git a/stable/debian/30-tune-worker-processes.sh b/stable/debian/30-tune-worker-processes.sh index 4adb0432d..565058715 100755 --- a/stable/debian/30-tune-worker-processes.sh +++ b/stable/debian/30-tune-worker-processes.sh @@ -21,7 +21,7 @@ get_cpuset() { cpusetroot=$1 cpusetfile=$2 ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return + [ -f "$cpusetroot/$cpusetfile" ] || return 1 for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do case "$token" in *-*) @@ -39,27 +39,27 @@ get_cpuset() { get_quota() { cpuroot=$1 ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return - [ -f "$cpuroot/cpu.cfs_period_us" ] || return + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 + [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return - [ "$cfs_period" = "0" ] && return + [ "$cfs_quota" = "-1" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return + [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } get_quota_v2() { cpuroot=$1 ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return + [ -f "$cpuroot/cpu.max" ] || return 1 cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return - [ "$cfs_period" = "0" ] && return + [ "$cfs_quota" = "max" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return + [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } @@ -69,8 +69,8 @@ get_cgroup_v1_path() { foundroot= mountpoint= - [ -r "/proc/self/mountinfo" ] || return - [ -r "/proc/self/cgroup" ] || return + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do case "$needle" in @@ -78,6 +78,7 @@ get_cgroup_v1_path() { case "$line" in *cpuset*) found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break ;; esac ;; @@ -87,6 +88,7 @@ get_cgroup_v1_path() { ;; *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break ;; esac esac @@ -101,6 +103,7 @@ __EOF__ case "$controller" in cpuset) mountpoint=$( echo "$line" | cut -d: -f 3 ) + break ;; esac ;; @@ -108,6 +111,7 @@ __EOF__ case "$controller" in cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) mountpoint=$( echo "$line" | cut -d: -f 3 ) + break ;; esac ;; @@ -132,8 +136,8 @@ get_cgroup_v2_path() { foundroot= mountpoint= - [ -r "/proc/self/mountinfo" ] || return - [ -r "/proc/self/cgroup" ] || return + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do found=$( echo "$line" | cut -d ' ' -f 4,5 ) @@ -149,7 +153,7 @@ __EOF__ case "${found%% *}" in "") - return + return 1 ;; "/") foundroot="${found##* }$mountpoint" @@ -167,20 +171,10 @@ ncpu_quota= ncpu_cpuset_v2= ncpu_quota_v2= -cpuset=$( get_cgroup_v1_path "cpuset" ) -[ "$cpuset" ] && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) -[ "$ncpu_cpuset" ] || ncpu_cpuset=$ncpu_online - -cpu=$( get_cgroup_v1_path "cpu" ) -[ "$cpu" ] && ncpu_quota=$( get_quota "$cpu" ) -[ "$ncpu_quota" ] || ncpu_quota=$ncpu_online - -cgroup_v2=$( get_cgroup_v2_path ) -[ "$cgroup_v2" ] && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) -[ "$ncpu_cpuset_v2" ] || ncpu_cpuset_v2=$ncpu_online - -[ "$cgroup_v2" ] && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) -[ "$ncpu_quota_v2" ] || ncpu_quota_v2=$ncpu_online +cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online +cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ "$ncpu_online" \ From e7bab21fb789267fcf5b4d8d3b8a9a4df82966c3 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 12 Mar 2021 18:32:43 +0300 Subject: [PATCH 099/306] modules: use the same workaround for Alpine as we had for Debian Same as e559b4da5b4cf0cf94990906f7523d6efcdcdbc9. --- modules/Dockerfile.alpine | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/Dockerfile.alpine b/modules/Dockerfile.alpine index b2b8b3e3f..ec64282ab 100644 --- a/modules/Dockerfile.alpine +++ b/modules/Dockerfile.alpine @@ -47,9 +47,9 @@ RUN set -ex \ elif make -C /pkg-oss/alpine list | grep -E "^$module\s+\d+" > /dev/null; then \ echo "Building $module from pkg-oss sources"; \ cd /pkg-oss/alpine; \ - make abuild-module-$module BASE_VERSION=$NGINX_VERSION; \ + make abuild-module-$module BASE_VERSION=$NGINX_VERSION NGINX_VERSION=$NGINX_VERSION; \ apk add $(. ./abuild-module-$module/APKBUILD; echo $makedepends;); \ - make module-$module BASE_VERSION=$NGINX_VERSION; \ + make module-$module BASE_VERSION=$NGINX_VERSION NGINX_VERSION=$NGINX_VERSION; \ find ~/packages -type f -name "*.apk" -exec mv -v {} /tmp/packages/ \;; \ else \ echo "Don't know how to build $module module, exiting"; \ From 511c0fe67247c918395640e73abd2913695c10b1 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 30 Mar 2021 16:42:52 +0300 Subject: [PATCH 100/306] modules: check out an explicit pkg-oss tag. Fixes #518 --- modules/Dockerfile | 2 +- modules/Dockerfile.alpine | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/Dockerfile b/modules/Dockerfile index de4c0a76d..cbd3a55ff 100644 --- a/modules/Dockerfile +++ b/modules/Dockerfile @@ -16,7 +16,7 @@ RUN set -ex \ patch make wget mercurial devscripts debhelper dpkg-dev \ quilt lsb-release build-essential libxml2-utils xsltproc \ equivs git g++ \ - && hg clone https://hg.nginx.org/pkg-oss/ \ + && hg clone -r ${NGINX_VERSION}-${PKG_RELEASE} https://hg.nginx.org/pkg-oss/ \ && cd pkg-oss \ && mkdir /tmp/packages \ && for module in $ENABLED_MODULES; do \ diff --git a/modules/Dockerfile.alpine b/modules/Dockerfile.alpine index ec64282ab..68644172a 100644 --- a/modules/Dockerfile.alpine +++ b/modules/Dockerfile.alpine @@ -18,7 +18,7 @@ RUN set -ex \ # allow abuild as a root user \ && printf "#!/bin/sh\\n/usr/bin/abuild -F \"\$@\"\\n" > /usr/local/bin/abuild \ && chmod +x /usr/local/bin/abuild \ - && hg clone https://hg.nginx.org/pkg-oss/ \ + && hg clone -r ${NGINX_VERSION}-${PKG_RELEASE} https://hg.nginx.org/pkg-oss/ \ && cd pkg-oss \ && mkdir /tmp/packages \ && for module in $ENABLED_MODULES; do \ From 0f300ed4ae80724c569c9694bf89014e96ab567b Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 30 Mar 2021 19:26:57 +0300 Subject: [PATCH 101/306] Updated mainline nginx to 1.19.9 and njs to 0.5.3 --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 4 ++-- update.sh | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 2f629e00a..9d8d5b4ca 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.13 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.8 -ENV NJS_VERSION 0.5.2 +ENV NGINX_VERSION 1.19.9 +ENV NJS_VERSION 0.5.3 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 9e7f149a3..a15e0e391 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.13 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.8 -ENV NJS_VERSION 0.5.2 +ENV NGINX_VERSION 1.19.9 +ENV NJS_VERSION 0.5.3 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 47f68d5cb..6c4324285 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -7,8 +7,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.8 -ENV NJS_VERSION 0.5.2 +ENV NGINX_VERSION 1.19.9 +ENV NJS_VERSION 0.5.3 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 2ff9655d7..44891177c 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.8 -ENV NJS_VERSION 0.5.2 +ENV NGINX_VERSION 1.19.9 +ENV NJS_VERSION 0.5.3 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/update.sh b/update.sh index 71696fc2c..d5ec49ee4 100755 --- a/update.sh +++ b/update.sh @@ -10,11 +10,11 @@ declare branches=( ) declare -A nginx=( - [mainline]='1.19.8' + [mainline]='1.19.9' [stable]='1.18.0' ) -defaultnjs='0.5.2' +defaultnjs='0.5.3' declare -A njs=( [stable]='0.4.4' ) From e129306eecbb60a5acc335fcd394e0878a3600ab Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 7 Apr 2021 14:36:28 +0300 Subject: [PATCH 102/306] modules: strip debian version from PKG_RELEASE Fixes #527 --- modules/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Dockerfile b/modules/Dockerfile index cbd3a55ff..9dcbe400d 100644 --- a/modules/Dockerfile +++ b/modules/Dockerfile @@ -16,7 +16,7 @@ RUN set -ex \ patch make wget mercurial devscripts debhelper dpkg-dev \ quilt lsb-release build-essential libxml2-utils xsltproc \ equivs git g++ \ - && hg clone -r ${NGINX_VERSION}-${PKG_RELEASE} https://hg.nginx.org/pkg-oss/ \ + && hg clone -r ${NGINX_VERSION}-${PKG_RELEASE%%~*} https://hg.nginx.org/pkg-oss/ \ && cd pkg-oss \ && mkdir /tmp/packages \ && for module in $ENABLED_MODULES; do \ From 464886ab21ebe4b036ceb36d7557bf491f6d9320 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 13 Apr 2021 19:48:13 +0300 Subject: [PATCH 103/306] Updated mainline nginx to 1.19.10 --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 2 +- update.sh | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 9d8d5b4ca..ee7d540be 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.13 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.9 +ENV NGINX_VERSION 1.19.10 ENV NJS_VERSION 0.5.3 ENV PKG_RELEASE 1 diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index a15e0e391..bba7ac8c8 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.13 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.9 +ENV NGINX_VERSION 1.19.10 ENV NJS_VERSION 0.5.3 ENV PKG_RELEASE 1 diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 6c4324285..4380f2d99 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -7,7 +7,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.9 +ENV NGINX_VERSION 1.19.10 ENV NJS_VERSION 0.5.3 ENV PKG_RELEASE 1~buster diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 44891177c..727af2ba2 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,7 +7,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.9 +ENV NGINX_VERSION 1.19.10 ENV NJS_VERSION 0.5.3 ENV PKG_RELEASE 1~buster diff --git a/update.sh b/update.sh index d5ec49ee4..b2ce85bc0 100755 --- a/update.sh +++ b/update.sh @@ -10,7 +10,7 @@ declare branches=( ) declare -A nginx=( - [mainline]='1.19.9' + [mainline]='1.19.10' [stable]='1.18.0' ) From 010bcbf4db311fd682029b71d92cf2633392fe13 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 20 Apr 2021 19:12:21 +0300 Subject: [PATCH 104/306] Alpine template: nginx.org now provides aarch64 packages. --- Dockerfile-alpine.template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 1ce4411ab..a9eb066ea 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -14,7 +14,7 @@ RUN set -x \ && nginxPackages="%%PACKAGES%% " \ && case "$apkArch" in \ - x86_64) \ + x86_64|aarch64) \ # arches officially built by upstream set -x \ && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ From ab8516ed3a212d8a03392567c8f55c570c839e59 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 20 Apr 2021 19:13:24 +0300 Subject: [PATCH 105/306] Updated stable nginx to 1.20.0 While at it, bumped alpine base image to 3.13 and njs to 0.5.3 --- stable/alpine-perl/Dockerfile | 10 +++++----- stable/alpine/Dockerfile | 10 +++++----- stable/debian-perl/Dockerfile | 8 ++++---- stable/debian/Dockerfile | 8 ++++---- update.sh | 11 ++++------- 5 files changed, 22 insertions(+), 25 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 6df7dde2c..4a6766e5a 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,13 +3,13 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.11 +FROM alpine:3.13 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.18.0 -ENV NJS_VERSION 0.4.4 -ENV PKG_RELEASE 2 +ENV NGINX_VERSION 1.20.0 +ENV NJS_VERSION 0.5.3 +ENV PKG_RELEASE 1 RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -25,7 +25,7 @@ RUN set -x \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ " \ && case "$apkArch" in \ - x86_64) \ + x86_64|aarch64) \ # arches officially built by upstream set -x \ && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 397380ad6..0a04fa802 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,13 +3,13 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.11 +FROM alpine:3.13 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.18.0 -ENV NJS_VERSION 0.4.4 -ENV PKG_RELEASE 2 +ENV NGINX_VERSION 1.20.0 +ENV NJS_VERSION 0.5.3 +ENV PKG_RELEASE 1 RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -24,7 +24,7 @@ RUN set -x \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ " \ && case "$apkArch" in \ - x86_64) \ + x86_64|aarch64) \ # arches officially built by upstream set -x \ && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 90a797dc1..f68d9929f 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -7,9 +7,9 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.18.0 -ENV NJS_VERSION 0.4.4 -ENV PKG_RELEASE 2~buster +ENV NGINX_VERSION 1.20.0 +ENV NJS_VERSION 0.5.3 +ENV PKG_RELEASE 1~buster RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -38,7 +38,7 @@ RUN set -x \ nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ amd64|i386|arm64) \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index a4d932bf7..7010be038 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -7,9 +7,9 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.18.0 -ENV NJS_VERSION 0.4.4 -ENV PKG_RELEASE 2~buster +ENV NGINX_VERSION 1.20.0 +ENV NJS_VERSION 0.5.3 +ENV PKG_RELEASE 1~buster RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -37,7 +37,7 @@ RUN set -x \ nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ amd64|i386|arm64) \ diff --git a/update.sh b/update.sh index b2ce85bc0..e47284f5c 100755 --- a/update.sh +++ b/update.sh @@ -11,17 +11,17 @@ declare branches=( declare -A nginx=( [mainline]='1.19.10' - [stable]='1.18.0' + [stable]='1.20.0' ) defaultnjs='0.5.3' declare -A njs=( - [stable]='0.4.4' +# [stable]='0.4.4' ) defaultpkg='1' declare -A pkg=( - [stable]=2 +# [stable]=2 ) defaultdebian='buster' @@ -31,7 +31,7 @@ declare -A debian=( defaultalpine='3.13' declare -A alpine=( - [stable]='3.11' +# [stable]='3.11' ) # When we bump njs version in a stable release we don't move the tag in the @@ -54,9 +54,6 @@ get_packages() { r="r" sep="." ;; - debian*:stable) - sep="." - ;; debian*:*) sep="+" ;; From 1612733ec60173d9d4a18a0916b860a0ff255e74 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 21 Apr 2021 11:53:41 +0300 Subject: [PATCH 106/306] generate-stackbrew-library.sh: bump stable to 1.20 --- generate-stackbrew-library.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 4ebadcb06..428e41255 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -4,7 +4,7 @@ set -eu declare -A aliases aliases=( [mainline]='1 1.19 latest' - [stable]='1.18' + [stable]='1.20' ) self="$(basename "$BASH_SOURCE")" From be61420a4a6b97ad1e40325b3bbba198bf555e58 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 11 May 2021 12:25:34 +0300 Subject: [PATCH 107/306] sync-awsecr.sh: bump stable to 1.20 Refs: #545 --- sync-awsecr.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sync-awsecr.sh b/sync-awsecr.sh index f9746f012..26196dda5 100755 --- a/sync-awsecr.sh +++ b/sync-awsecr.sh @@ -7,7 +7,7 @@ registry="public.ecr.aws/z9d2n7e1" declare -A aliases aliases=( [mainline]='1 1.19 latest' - [stable]='1.18' + [stable]='1.20' ) architectures=( amd64 arm64v8 ) From f3fe494531f9b157d9c09ba509e412dace54cd4f Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 25 May 2021 17:17:47 +0300 Subject: [PATCH 108/306] Updated nginx to 1.20.1 and 1.21.0 --- generate-stackbrew-library.sh | 2 +- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- stable/debian-perl/Dockerfile | 2 +- stable/debian/Dockerfile | 2 +- sync-awsecr.sh | 2 +- update.sh | 4 ++-- 11 files changed, 14 insertions(+), 14 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 428e41255..4ff7ea38d 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -3,7 +3,7 @@ set -eu declare -A aliases aliases=( - [mainline]='1 1.19 latest' + [mainline]='1 1.21 latest' [stable]='1.20' ) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index ee7d540be..8bf36e079 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.13 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.10 +ENV NGINX_VERSION 1.21.0 ENV NJS_VERSION 0.5.3 ENV PKG_RELEASE 1 @@ -25,7 +25,7 @@ RUN set -x \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ " \ && case "$apkArch" in \ - x86_64) \ + x86_64|aarch64) \ # arches officially built by upstream set -x \ && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index bba7ac8c8..96e351ce6 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.13 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.10 +ENV NGINX_VERSION 1.21.0 ENV NJS_VERSION 0.5.3 ENV PKG_RELEASE 1 @@ -24,7 +24,7 @@ RUN set -x \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ " \ && case "$apkArch" in \ - x86_64) \ + x86_64|aarch64) \ # arches officially built by upstream set -x \ && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 4380f2d99..65007826a 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -7,7 +7,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.10 +ENV NGINX_VERSION 1.21.0 ENV NJS_VERSION 0.5.3 ENV PKG_RELEASE 1~buster diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 727af2ba2..cdeb9c8c4 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,7 +7,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.19.10 +ENV NGINX_VERSION 1.21.0 ENV NJS_VERSION 0.5.3 ENV PKG_RELEASE 1~buster diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 4a6766e5a..f2ca2278e 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.13 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.20.0 +ENV NGINX_VERSION 1.20.1 ENV NJS_VERSION 0.5.3 ENV PKG_RELEASE 1 diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 0a04fa802..f6bd08fe9 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.13 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.20.0 +ENV NGINX_VERSION 1.20.1 ENV NJS_VERSION 0.5.3 ENV PKG_RELEASE 1 diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index f68d9929f..6d5fd1a41 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -7,7 +7,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.20.0 +ENV NGINX_VERSION 1.20.1 ENV NJS_VERSION 0.5.3 ENV PKG_RELEASE 1~buster diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 7010be038..40b4d9ac5 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -7,7 +7,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.20.0 +ENV NGINX_VERSION 1.20.1 ENV NJS_VERSION 0.5.3 ENV PKG_RELEASE 1~buster diff --git a/sync-awsecr.sh b/sync-awsecr.sh index 26196dda5..767e03d42 100755 --- a/sync-awsecr.sh +++ b/sync-awsecr.sh @@ -6,7 +6,7 @@ registry="public.ecr.aws/z9d2n7e1" declare -A aliases aliases=( - [mainline]='1 1.19 latest' + [mainline]='1 1.21 latest' [stable]='1.20' ) diff --git a/update.sh b/update.sh index e47284f5c..f315d3677 100755 --- a/update.sh +++ b/update.sh @@ -10,8 +10,8 @@ declare branches=( ) declare -A nginx=( - [mainline]='1.19.10' - [stable]='1.20.0' + [mainline]='1.21.0' + [stable]='1.20.1' ) defaultnjs='0.5.3' From fe33fad50a41a866a73e0a6607cb189f56169201 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 2 Jun 2021 13:17:12 +0300 Subject: [PATCH 109/306] modules/Dockerfile.alpine: added coreutils to use proper tr --- modules/Dockerfile.alpine | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Dockerfile.alpine b/modules/Dockerfile.alpine index 68644172a..3e47a4132 100644 --- a/modules/Dockerfile.alpine +++ b/modules/Dockerfile.alpine @@ -14,7 +14,7 @@ RUN set -ex \ && apk update \ && apk add linux-headers openssl-dev pcre-dev zlib-dev openssl abuild \ musl-dev libxslt libxml2-utils make mercurial gcc unzip git \ - xz g++ \ + xz g++ coreutils \ # allow abuild as a root user \ && printf "#!/bin/sh\\n/usr/bin/abuild -F \"\$@\"\\n" > /usr/local/bin/abuild \ && chmod +x /usr/local/bin/abuild \ From 6a9fffa542c291b92bb5b135e67cea1e6c92c346 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 2 Jun 2021 14:26:25 +0300 Subject: [PATCH 110/306] third party: fixed builds with non-alphanumeric characters in module names Closes #540 Fixes #550 --- modules/Dockerfile | 9 ++++++--- modules/Dockerfile.alpine | 9 ++++++--- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/modules/Dockerfile b/modules/Dockerfile index 9dcbe400d..7a4e71415 100644 --- a/modules/Dockerfile +++ b/modules/Dockerfile @@ -42,6 +42,7 @@ RUN set -ex \ /modules/$module/prebuild; \ fi; \ /pkg-oss/build_module.sh -v $NGINX_VERSION -f -y -o /tmp/packages -n $module $(cat /modules/$module/source); \ + BUILT_MODULES="$BUILT_MODULES $(echo $module | tr '[A-Z]' '[a-z]' | tr -d '[/_\-\.\t ]')"; \ elif make -C /pkg-oss/debian list | grep -P "^$module\s+\d" > /dev/null; then \ echo "Building $module from pkg-oss sources"; \ cd /pkg-oss/debian; \ @@ -49,18 +50,20 @@ RUN set -ex \ mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" debuild-module-$module/nginx-$NGINX_VERSION/debian/control; \ make module-$module BASE_VERSION=$NGINX_VERSION NGINX_VERSION=$NGINX_VERSION; \ find ../../ -maxdepth 1 -mindepth 1 -type f -name "*.deb" -exec mv -v {} /tmp/packages/ \;; \ + BUILT_MODULES="$BUILT_MODULES $module"; \ else \ echo "Don't know how to build $module module, exiting"; \ exit 1; \ fi; \ - done + done \ + && echo "BUILT_MODULES=\"$BUILT_MODULES\"" > /tmp/packages/modules.env FROM nginx:mainline -ARG ENABLED_MODULES COPY --from=builder /tmp/packages /tmp/packages RUN set -ex \ && apt update \ - && for module in $ENABLED_MODULES; do \ + && . /tmp/packages/modules.env \ + && for module in $BUILT_MODULES; do \ apt install --no-install-suggests --no-install-recommends -y /tmp/packages/nginx-module-${module}_${NGINX_VERSION}*.deb; \ done \ && rm -rf /tmp/packages \ diff --git a/modules/Dockerfile.alpine b/modules/Dockerfile.alpine index 3e47a4132..63dcc69f1 100644 --- a/modules/Dockerfile.alpine +++ b/modules/Dockerfile.alpine @@ -44,6 +44,7 @@ RUN set -ex \ /modules/$module/prebuild; \ fi; \ /pkg-oss/build_module.sh -v $NGINX_VERSION -f -y -o /tmp/packages -n $module $(cat /modules/$module/source); \ + BUILT_MODULES="$BUILT_MODULES $(echo $module | tr '[A-Z]' '[a-z]' | tr -d '[/_\-\.\t ]')"; \ elif make -C /pkg-oss/alpine list | grep -E "^$module\s+\d+" > /dev/null; then \ echo "Building $module from pkg-oss sources"; \ cd /pkg-oss/alpine; \ @@ -51,17 +52,19 @@ RUN set -ex \ apk add $(. ./abuild-module-$module/APKBUILD; echo $makedepends;); \ make module-$module BASE_VERSION=$NGINX_VERSION NGINX_VERSION=$NGINX_VERSION; \ find ~/packages -type f -name "*.apk" -exec mv -v {} /tmp/packages/ \;; \ + BUILT_MODULES="$BUILT_MODULES $module"; \ else \ echo "Don't know how to build $module module, exiting"; \ exit 1; \ fi; \ - done + done \ + && echo "BUILT_MODULES=\"$BUILT_MODULES\"" > /tmp/packages/modules.env FROM nginx:mainline-alpine -ARG ENABLED_MODULES COPY --from=builder /tmp/packages /tmp/packages RUN set -ex \ - && for module in $ENABLED_MODULES; do \ + && . /tmp/packages/modules.env \ + && for module in $BUILT_MODULES; do \ apk add --no-cache --allow-untrusted /tmp/packages/nginx-module-${module}-${NGINX_VERSION}*.apk; \ done \ && rm -rf /tmp/packages From 1c123ec554ac65238c57c2b9c5e97513829238d0 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 2 Jun 2021 14:41:58 +0300 Subject: [PATCH 111/306] modules: updated the list of supported modules --- modules/README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/modules/README.md b/modules/README.md index db8c93e9f..f558e34ab 100644 --- a/modules/README.md +++ b/modules/README.md @@ -34,21 +34,21 @@ auth-spnego 1.1.0-1 brotli 1.0.0-1 encrypted-session 0.08-1 fips-check 0.1-1 -geoip 1.19.7-1 +geoip 1.21.0-1 geoip2 3.3-1 headers-more 0.33-1 -image-filter 1.19.7-1 +image-filter 1.21.0-1 lua 0.10.19-1 modsecurity 1.0.1-2 ndk 0.3.1-1 -njs 0.5.1-1 -opentracing 0.10.0-1 -passenger 6.0.6-1 -perl 1.19.7-1 +njs 0.5.3-1 +opentracing 0.14.0-1 +passenger 6.0.8-1 +perl 1.21.0-1 rtmp 1.2.1-1 set-misc 0.32-1 subs-filter 0.6.4-1 -xslt 1.19.7-1 +xslt 1.21.0-1 make: Leaving directory '/pkg-oss/debian' ``` From 4fb962398934526d5851c07d1f6107db97918c71 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 2 Jul 2021 11:56:24 +0300 Subject: [PATCH 112/306] modules: Dockerfile.alpine: set SETFATTR=true to skip setfattr. This is suggested as a fix for build issues (#525) in https://gitlab.alpinelinux.org/alpine/abuild/-/commit/32b7789e9ac09dad7f6d39df349c9a94e93e00c8 --- modules/Dockerfile.alpine | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Dockerfile.alpine b/modules/Dockerfile.alpine index 63dcc69f1..c154363e0 100644 --- a/modules/Dockerfile.alpine +++ b/modules/Dockerfile.alpine @@ -16,7 +16,7 @@ RUN set -ex \ musl-dev libxslt libxml2-utils make mercurial gcc unzip git \ xz g++ coreutils \ # allow abuild as a root user \ - && printf "#!/bin/sh\\n/usr/bin/abuild -F \"\$@\"\\n" > /usr/local/bin/abuild \ + && printf "#!/bin/sh\\nSETFATTR=true /usr/bin/abuild -F \"\$@\"\\n" > /usr/local/bin/abuild \ && chmod +x /usr/local/bin/abuild \ && hg clone -r ${NGINX_VERSION}-${PKG_RELEASE} https://hg.nginx.org/pkg-oss/ \ && cd pkg-oss \ From f958fbacada447737319e979db45a1da49123142 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 6 Jul 2021 21:35:28 +0300 Subject: [PATCH 113/306] Updated nginx to 1.21.1 and njs to 0.6.1 on mainline builds. While at it, move mainline builds to alpine 3.14. --- mainline/alpine-perl/Dockerfile | 6 +++--- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 4 ++-- update.sh | 10 +++++----- 5 files changed, 15 insertions(+), 15 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 8bf36e079..943622fa4 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,12 +3,12 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.13 +FROM alpine:3.14 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.0 -ENV NJS_VERSION 0.5.3 +ENV NGINX_VERSION 1.21.1 +ENV NJS_VERSION 0.6.1 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 96e351ce6..d02e92628 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,12 +3,12 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.13 +FROM alpine:3.14 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.0 -ENV NJS_VERSION 0.5.3 +ENV NGINX_VERSION 1.21.1 +ENV NJS_VERSION 0.6.1 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 65007826a..1e5ecd12d 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -7,8 +7,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.0 -ENV NJS_VERSION 0.5.3 +ENV NGINX_VERSION 1.21.1 +ENV NJS_VERSION 0.6.1 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index cdeb9c8c4..54ee2f1bd 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.0 -ENV NJS_VERSION 0.5.3 +ENV NGINX_VERSION 1.21.1 +ENV NJS_VERSION 0.6.1 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/update.sh b/update.sh index f315d3677..6dadf6935 100755 --- a/update.sh +++ b/update.sh @@ -10,13 +10,13 @@ declare branches=( ) declare -A nginx=( - [mainline]='1.21.0' + [mainline]='1.21.1' [stable]='1.20.1' ) -defaultnjs='0.5.3' +defaultnjs='0.6.1' declare -A njs=( -# [stable]='0.4.4' + [stable]='0.5.3' ) defaultpkg='1' @@ -29,9 +29,9 @@ declare -A debian=( #[stable]='stretch' ) -defaultalpine='3.13' +defaultalpine='3.14' declare -A alpine=( -# [stable]='3.11' + [stable]='3.13' ) # When we bump njs version in a stable release we don't move the tag in the From 75bc83e409e7ad1e93f65600374319e835442996 Mon Sep 17 00:00:00 2001 From: Chotow Date: Mon, 6 Sep 2021 10:17:28 +0800 Subject: [PATCH 114/306] Updated nginx to 1.21.2 and njs to 0.6.2 on mainline builds. --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 4 ++-- update.sh | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 943622fa4..af8a66293 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.14 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.1 -ENV NJS_VERSION 0.6.1 +ENV NGINX_VERSION 1.21.2 +ENV NJS_VERSION 0.6.2 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index d02e92628..99f7cbaf4 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.14 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.1 -ENV NJS_VERSION 0.6.1 +ENV NGINX_VERSION 1.21.2 +ENV NJS_VERSION 0.6.2 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 1e5ecd12d..d4e425504 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -7,8 +7,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.1 -ENV NJS_VERSION 0.6.1 +ENV NGINX_VERSION 1.21.2 +ENV NJS_VERSION 0.6.2 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 54ee2f1bd..892bf708b 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.1 -ENV NJS_VERSION 0.6.1 +ENV NGINX_VERSION 1.21.2 +ENV NJS_VERSION 0.6.2 ENV PKG_RELEASE 1~buster RUN set -x \ diff --git a/update.sh b/update.sh index 6dadf6935..7aab54f3c 100755 --- a/update.sh +++ b/update.sh @@ -10,11 +10,11 @@ declare branches=( ) declare -A nginx=( - [mainline]='1.21.1' + [mainline]='1.21.2' [stable]='1.20.1' ) -defaultnjs='0.6.1' +defaultnjs='0.6.2' declare -A njs=( [stable]='0.5.3' ) From d496baf859613adfe391ca8e7615cc7ec7966621 Mon Sep 17 00:00:00 2001 From: Elouan Martinet Date: Tue, 7 Sep 2021 19:06:10 +0200 Subject: [PATCH 115/306] Updated nginx mainline to 1.21.3 Signed-off-by: Elouan Martinet --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 2 +- update.sh | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index af8a66293..146f48b4e 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.14 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.2 +ENV NGINX_VERSION 1.21.3 ENV NJS_VERSION 0.6.2 ENV PKG_RELEASE 1 diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 99f7cbaf4..73fd3ca1c 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.14 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.2 +ENV NGINX_VERSION 1.21.3 ENV NJS_VERSION 0.6.2 ENV PKG_RELEASE 1 diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index d4e425504..4e091fc27 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -7,7 +7,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.2 +ENV NGINX_VERSION 1.21.3 ENV NJS_VERSION 0.6.2 ENV PKG_RELEASE 1~buster diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 892bf708b..5fce21d0a 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,7 +7,7 @@ FROM debian:buster-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.2 +ENV NGINX_VERSION 1.21.3 ENV NJS_VERSION 0.6.2 ENV PKG_RELEASE 1~buster diff --git a/update.sh b/update.sh index 7aab54f3c..46c5e4d4c 100755 --- a/update.sh +++ b/update.sh @@ -10,7 +10,7 @@ declare branches=( ) declare -A nginx=( - [mainline]='1.21.2' + [mainline]='1.21.3' [stable]='1.20.1' ) From abc9db01fe510de05efb3fda49015a236089cf82 Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Mon, 20 Sep 2021 13:00:51 -0700 Subject: [PATCH 116/306] Update mainline base image to Debian Bullseye --- mainline/debian-perl/Dockerfile | 8 ++++---- mainline/debian/Dockerfile | 8 ++++---- update.sh | 4 ++-- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 4e091fc27..e67c1c041 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,13 +3,13 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM debian:buster-slim +FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.21.3 ENV NJS_VERSION 0.6.2 -ENV PKG_RELEASE 1~buster +ENV PKG_RELEASE 1~bullseye RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -43,13 +43,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|i386|arm64) \ # arches officialy built by upstream - echo "deb https://nginx.org/packages/mainline/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/mainline/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 5fce21d0a..695b66405 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -3,13 +3,13 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM debian:buster-slim +FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.21.3 ENV NJS_VERSION 0.6.2 -ENV PKG_RELEASE 1~buster +ENV PKG_RELEASE 1~bullseye RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -42,13 +42,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|i386|arm64) \ # arches officialy built by upstream - echo "deb https://nginx.org/packages/mainline/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/mainline/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ diff --git a/update.sh b/update.sh index 46c5e4d4c..7a28b1145 100755 --- a/update.sh +++ b/update.sh @@ -24,9 +24,9 @@ declare -A pkg=( # [stable]=2 ) -defaultdebian='buster' +defaultdebian='bullseye' declare -A debian=( - #[stable]='stretch' + [stable]='buster' ) defaultalpine='3.14' From 4afdc5e1ce43df1e2acba6950f41d28c0ec23768 Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Tue, 21 Sep 2021 08:39:37 -0700 Subject: [PATCH 117/306] Lint update.sh --- update.sh | 52 ++++++++++++++++++++++++++++++---------------------- 1 file changed, 30 insertions(+), 22 deletions(-) diff --git a/update.sh b/update.sh index 7a28b1145..4aa0dc89f 100755 --- a/update.sh +++ b/update.sh @@ -21,12 +21,12 @@ declare -A njs=( defaultpkg='1' declare -A pkg=( -# [stable]=2 + # [stable]=2 ) defaultdebian='bullseye' declare -A debian=( - [stable]='buster' + [stable]='buster' ) defaultalpine='3.14' @@ -43,26 +43,28 @@ declare -A rev=( ) get_packages() { - local distro="$1"; shift; - local branch="$1"; shift; + local distro="$1" + shift + local branch="$1" + shift local perl= local r= local sep= case "$distro:$branch" in - alpine*:*) - r="r" - sep="." - ;; - debian*:*) - sep="+" - ;; + alpine*:*) + r="r" + sep="." + ;; + debian*:*) + sep="+" + ;; esac case "$distro" in - *-perl) - perl="nginx-module-perl" - ;; + *-perl) + perl="nginx-module-perl" + ;; esac echo -n ' \\\n' @@ -75,8 +77,10 @@ get_packages() { } get_packagerepo() { - local distro="${1%-perl}"; shift; - local branch="$1"; shift; + local distro="${1%-perl}" + shift + local branch="$1" + shift [ "$branch" = "mainline" ] && branch="$branch/" || branch="" @@ -84,8 +88,10 @@ get_packagerepo() { } get_packagever() { - local distro="${1%-perl}"; shift; - local branch="$1"; shift; + local distro="${1%-perl}" + shift + local branch="$1" + shift local suffix= [ "${distro}" = "debian" ] && suffix="~${debianver}" @@ -94,7 +100,7 @@ get_packagever() { } generated_warning() { - cat << __EOF__ + cat <<__EOF__ # # NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" # @@ -106,8 +112,7 @@ __EOF__ for branch in "${branches[@]}"; do for variant in \ alpine{,-perl} \ - debian{,-perl} \ - ; do + debian{,-perl}; do echo "$branch: $variant" dir="$branch/$variant" variant="$(basename "$variant")" @@ -115,7 +120,10 @@ for branch in "${branches[@]}"; do [ -d "$dir" ] || continue template="Dockerfile-${variant%-perl}.template" - { generated_warning; cat "$template"; } > "$dir/Dockerfile" + { + generated_warning + cat "$template" + } >"$dir/Dockerfile" debianver="${debian[$branch]:-$defaultdebian}" alpinever="${alpine[$branch]:-$defaultalpine}" From 7be6b74faf374da3018e7c28f9926abe9e8a3bbc Mon Sep 17 00:00:00 2001 From: Robert Heim Date: Wed, 20 Oct 2021 12:26:15 +0200 Subject: [PATCH 118/306] Fix typo --- modules/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/README.md b/modules/README.md index f558e34ab..d5091a0c8 100644 --- a/modules/README.md +++ b/modules/README.md @@ -2,7 +2,7 @@ It's possible to extend a mainline image with third-party modules either from your own instuctions following a simple filesystem layout/syntax using -`build_module.sh` helper script, or failing back to package sources from +`build_module.sh` helper script, or falling back to package sources from [pkg-oss](https://hg.nginx.org/pkg-oss). ## Usage From 328e0f36eae92571465bdd3d268762d2445118f7 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 22 Oct 2021 12:45:58 +0300 Subject: [PATCH 119/306] Alpine: don't depend on mercurial to fetch packaging sources. Alpine doesnt ship mercurial package on x86. --- Dockerfile-alpine.template | 7 +++---- update.sh | 2 +- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index a9eb066ea..c4af94f9c 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -50,16 +50,15 @@ RUN set -x \ geoip-dev \ perl-dev \ libedit-dev \ - mercurial \ bash \ alpine-sdk \ findutils \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && hg clone https://hg.nginx.org/pkg-oss \ - && cd pkg-oss \ - && hg up %%REVISION%% \ + && curl -O https://hg.nginx.org/pkg-oss/archive/%%REVISION%%.tar.gz \ + && tar xzvf %%REVISION%%.tar.gz \ + && cd pkg-oss-%%REVISION%% \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/update.sh b/update.sh index 4aa0dc89f..5f870f504 100755 --- a/update.sh +++ b/update.sh @@ -39,7 +39,7 @@ declare -A alpine=( # when building alpine packages on architectures not supported by nginx.org defaultrev='${NGINX_VERSION}-${PKG_RELEASE}' declare -A rev=( - #[stable]='-r 500' + #[stable]='500' ) get_packages() { From 2decc81a019b5df087c9162d3621b1c9beb3104f Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Tue, 2 Nov 2021 11:36:14 -0700 Subject: [PATCH 120/306] Update nginx mainline to 1.21.4, njs to 0.7.0 --- mainline/alpine-perl/Dockerfile | 11 +++++------ mainline/alpine/Dockerfile | 11 +++++------ mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 4 ++-- stable/alpine-perl/Dockerfile | 7 +++---- stable/alpine/Dockerfile | 7 +++---- update.sh | 4 ++-- 7 files changed, 22 insertions(+), 26 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 146f48b4e..494548f36 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.14 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.3 -ENV NJS_VERSION 0.6.2 +ENV NGINX_VERSION 1.21.4 +ENV NJS_VERSION 0.7.0 ENV PKG_RELEASE 1 RUN set -x \ @@ -61,16 +61,15 @@ RUN set -x \ geoip-dev \ perl-dev \ libedit-dev \ - mercurial \ bash \ alpine-sdk \ findutils \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && hg clone https://hg.nginx.org/pkg-oss \ - && cd pkg-oss \ - && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ + && curl -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 73fd3ca1c..087cb73df 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.14 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.3 -ENV NJS_VERSION 0.6.2 +ENV NGINX_VERSION 1.21.4 +ENV NJS_VERSION 0.7.0 ENV PKG_RELEASE 1 RUN set -x \ @@ -60,16 +60,15 @@ RUN set -x \ geoip-dev \ perl-dev \ libedit-dev \ - mercurial \ bash \ alpine-sdk \ findutils \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && hg clone https://hg.nginx.org/pkg-oss \ - && cd pkg-oss \ - && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ + && curl -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index e67c1c041..6b0e82791 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.3 -ENV NJS_VERSION 0.6.2 +ENV NGINX_VERSION 1.21.4 +ENV NJS_VERSION 0.7.0 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 695b66405..973102a65 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.3 -ENV NJS_VERSION 0.6.2 +ENV NGINX_VERSION 1.21.4 +ENV NJS_VERSION 0.7.0 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index f2ca2278e..4bea3a8c5 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -61,16 +61,15 @@ RUN set -x \ geoip-dev \ perl-dev \ libedit-dev \ - mercurial \ bash \ alpine-sdk \ findutils \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && hg clone https://hg.nginx.org/pkg-oss \ - && cd pkg-oss \ - && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ + && curl -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index f6bd08fe9..6d74c6487 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -60,16 +60,15 @@ RUN set -x \ geoip-dev \ perl-dev \ libedit-dev \ - mercurial \ bash \ alpine-sdk \ findutils \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && hg clone https://hg.nginx.org/pkg-oss \ - && cd pkg-oss \ - && hg up ${NGINX_VERSION}-${PKG_RELEASE} \ + && curl -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/update.sh b/update.sh index 5f870f504..377e4b8d4 100755 --- a/update.sh +++ b/update.sh @@ -10,11 +10,11 @@ declare branches=( ) declare -A nginx=( - [mainline]='1.21.3' + [mainline]='1.21.4' [stable]='1.20.1' ) -defaultnjs='0.6.2' +defaultnjs='0.7.0' declare -A njs=( [stable]='0.5.3' ) From 9fcda7c150d0a6d360a969b81092ae9962585d2d Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 9 Nov 2021 14:33:52 +0300 Subject: [PATCH 121/306] Alpine: verify the checksum of pkg-oss tarball --- Dockerfile-alpine.template | 15 ++++++++++--- mainline/alpine-perl/Dockerfile | 15 ++++++++++--- mainline/alpine/Dockerfile | 15 ++++++++++--- stable/alpine-perl/Dockerfile | 15 ++++++++++--- stable/alpine/Dockerfile | 15 ++++++++++--- update.sh | 40 +++++++++++++++++++++++---------- 6 files changed, 88 insertions(+), 27 deletions(-) diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index c4af94f9c..33d35f5c9 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -13,13 +13,14 @@ RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages="%%PACKAGES%% " \ +# install prerequisites for public key and pkg-oss checks + && apk add --no-cache --virtual .checksum-deps \ + openssl \ && case "$apkArch" in \ x86_64|aarch64) \ # arches officially built by upstream set -x \ && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ - && apk add --no-cache --virtual .cert-deps \ - openssl \ && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ echo "key verification succeeded!"; \ @@ -28,7 +29,6 @@ RUN set -x \ echo "key verification failed!"; \ exit 1; \ fi \ - && apk del .cert-deps \ && apk add -X "%%PACKAGEREPO%%v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ @@ -57,6 +57,13 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -O https://hg.nginx.org/pkg-oss/archive/%%REVISION%%.tar.gz \ + && PKGOSSCHECKSUM=\"%%PKGOSSCHECKSUM%% *%%REVISION%%.tar.gz\" \ + && if [ \"\$(openssl sha512 -r %%REVISION%%.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + echo \"pkg-oss tarball checksum verification succeeded!\"; \ + else \ + echo \"pkg-oss tarball checksum verification failed!\"; \ + exit 1; \ + fi \ && tar xzvf %%REVISION%%.tar.gz \ && cd pkg-oss-%%REVISION%% \ && cd alpine \ @@ -69,6 +76,8 @@ RUN set -x \ && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ +# remove checksum deps + && apk del .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 494548f36..f4e2aec47 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -24,13 +24,14 @@ RUN set -x \ nginx-module-perl=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ " \ +# install prerequisites for public key and pkg-oss checks + && apk add --no-cache --virtual .checksum-deps \ + openssl \ && case "$apkArch" in \ x86_64|aarch64) \ # arches officially built by upstream set -x \ && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ - && apk add --no-cache --virtual .cert-deps \ - openssl \ && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ echo "key verification succeeded!"; \ @@ -39,7 +40,6 @@ RUN set -x \ echo "key verification failed!"; \ exit 1; \ fi \ - && apk del .cert-deps \ && apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ @@ -68,6 +68,13 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"f917c27702aa89cda46878fc80d446839c592c43ce7f251b3f4ced60c7033d34496a92d283927225d458cbc4f2f89499e7fb16344923317cd7725ad722eaf93e *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + echo \"pkg-oss tarball checksum verification succeeded!\"; \ + else \ + echo \"pkg-oss tarball checksum verification failed!\"; \ + exit 1; \ + fi \ && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ @@ -80,6 +87,8 @@ RUN set -x \ && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ +# remove checksum deps + && apk del .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 087cb73df..735c1c03e 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -23,13 +23,14 @@ RUN set -x \ nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ " \ +# install prerequisites for public key and pkg-oss checks + && apk add --no-cache --virtual .checksum-deps \ + openssl \ && case "$apkArch" in \ x86_64|aarch64) \ # arches officially built by upstream set -x \ && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ - && apk add --no-cache --virtual .cert-deps \ - openssl \ && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ echo "key verification succeeded!"; \ @@ -38,7 +39,6 @@ RUN set -x \ echo "key verification failed!"; \ exit 1; \ fi \ - && apk del .cert-deps \ && apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ @@ -67,6 +67,13 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"f917c27702aa89cda46878fc80d446839c592c43ce7f251b3f4ced60c7033d34496a92d283927225d458cbc4f2f89499e7fb16344923317cd7725ad722eaf93e *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + echo \"pkg-oss tarball checksum verification succeeded!\"; \ + else \ + echo \"pkg-oss tarball checksum verification failed!\"; \ + exit 1; \ + fi \ && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ @@ -79,6 +86,8 @@ RUN set -x \ && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ +# remove checksum deps + && apk del .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 4bea3a8c5..2ddc18ae2 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -24,13 +24,14 @@ RUN set -x \ nginx-module-perl=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ " \ +# install prerequisites for public key and pkg-oss checks + && apk add --no-cache --virtual .checksum-deps \ + openssl \ && case "$apkArch" in \ x86_64|aarch64) \ # arches officially built by upstream set -x \ && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ - && apk add --no-cache --virtual .cert-deps \ - openssl \ && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ echo "key verification succeeded!"; \ @@ -39,7 +40,6 @@ RUN set -x \ echo "key verification failed!"; \ exit 1; \ fi \ - && apk del .cert-deps \ && apk add -X "https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ @@ -68,6 +68,13 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"024718988028320b587f03989b76facff6ba899d9bbb36eeb6564fc2569fc32021427fd35ad24a23d7cec63813227ff2f73c953bbb71786a2d3308e65efaf0b1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + echo \"pkg-oss tarball checksum verification succeeded!\"; \ + else \ + echo \"pkg-oss tarball checksum verification failed!\"; \ + exit 1; \ + fi \ && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ @@ -80,6 +87,8 @@ RUN set -x \ && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ +# remove checksum deps + && apk del .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 6d74c6487..e3a0afb94 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -23,13 +23,14 @@ RUN set -x \ nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ " \ +# install prerequisites for public key and pkg-oss checks + && apk add --no-cache --virtual .checksum-deps \ + openssl \ && case "$apkArch" in \ x86_64|aarch64) \ # arches officially built by upstream set -x \ && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ - && apk add --no-cache --virtual .cert-deps \ - openssl \ && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ echo "key verification succeeded!"; \ @@ -38,7 +39,6 @@ RUN set -x \ echo "key verification failed!"; \ exit 1; \ fi \ - && apk del .cert-deps \ && apk add -X "https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ @@ -67,6 +67,13 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"024718988028320b587f03989b76facff6ba899d9bbb36eeb6564fc2569fc32021427fd35ad24a23d7cec63813227ff2f73c953bbb71786a2d3308e65efaf0b1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + echo \"pkg-oss tarball checksum verification succeeded!\"; \ + else \ + echo \"pkg-oss tarball checksum verification failed!\"; \ + exit 1; \ + fi \ && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ @@ -79,6 +86,8 @@ RUN set -x \ && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ +# remove checksum deps + && apk del .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ diff --git a/update.sh b/update.sh index 377e4b8d4..c549a308f 100755 --- a/update.sh +++ b/update.sh @@ -9,39 +9,54 @@ declare branches=( "mainline" ) +# Current nginx versions +# Remember to update pkgosschecksum when changing this. declare -A nginx=( [mainline]='1.21.4' [stable]='1.20.1' ) -defaultnjs='0.7.0' +# Current njs versions declare -A njs=( + [mainline]='0.7.0' [stable]='0.5.3' ) -defaultpkg='1' +# Current package patchlevel version +# Remember to update pkgosschecksum when changing this. declare -A pkg=( - # [stable]=2 + [mainline]=1 + [stable]=1 ) -defaultdebian='bullseye' declare -A debian=( + [mainline]='bullseye' [stable]='buster' ) -defaultalpine='3.14' declare -A alpine=( + [mainline]='3.14' [stable]='3.13' ) # When we bump njs version in a stable release we don't move the tag in the # mercurial repo. This setting allows us to specify a revision to check out # when building alpine packages on architectures not supported by nginx.org -defaultrev='${NGINX_VERSION}-${PKG_RELEASE}' +# Remember to update pkgosschecksum when changing this. declare -A rev=( + [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' + [stable]='${NGINX_VERSION}-${PKG_RELEASE}' #[stable]='500' ) +# Holds SHA512 checksum for the pkg-oss tarball produced by source code +# revision/tag in the previous block +# Used in alpine builds for architectures not packaged by nginx.org +declare -A pkgosschecksum=( + [mainline]='f917c27702aa89cda46878fc80d446839c592c43ce7f251b3f4ced60c7033d34496a92d283927225d458cbc4f2f89499e7fb16344923317cd7725ad722eaf93e' + [stable]='024718988028320b587f03989b76facff6ba899d9bbb36eeb6564fc2569fc32021427fd35ad24a23d7cec63813227ff2f73c953bbb71786a2d3308e65efaf0b1' +) + get_packages() { local distro="$1" shift @@ -96,7 +111,7 @@ get_packagever() { [ "${distro}" = "debian" ] && suffix="~${debianver}" - echo ${pkg[$branch]:-$defaultpkg}${suffix} + echo ${pkg[$branch]}${suffix} } generated_warning() { @@ -125,12 +140,12 @@ for branch in "${branches[@]}"; do cat "$template" } >"$dir/Dockerfile" - debianver="${debian[$branch]:-$defaultdebian}" - alpinever="${alpine[$branch]:-$defaultalpine}" + debianver="${debian[$branch]}" + alpinever="${alpine[$branch]}" nginxver="${nginx[$branch]}" - njsver="${njs[${branch}]:-$defaultnjs}" - pkgver="${pkg[${branch}]:-$defaultpkg}" - revver="${rev[${branch}]:-$defaultrev}" + njsver="${njs[${branch}]}" + revver="${rev[${branch}]}" + pkgosschecksumver="${pkgosschecksum[${branch}]}" packagerepo=$(get_packagerepo "$variant" "$branch") packages=$(get_packages "$variant" "$branch") @@ -145,6 +160,7 @@ for branch in "${branches[@]}"; do -e 's,%%PACKAGES%%,'"$packages"',' \ -e 's,%%PACKAGEREPO%%,'"$packagerepo"',' \ -e 's,%%REVISION%%,'"$revver"',' \ + -e 's,%%PKGOSSCHECKSUM%%,'"$pkgosschecksumver"',' \ "$dir/Dockerfile" cp -a entrypoint/*.sh "$dir/" From 57f73af83954482c647ac32724a5408bcfc1e7fd Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 9 Nov 2021 14:59:13 +0300 Subject: [PATCH 122/306] Made curl fail on non-200 responses. --- Dockerfile-alpine.template | 2 +- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 33d35f5c9..514be0d3b 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -56,7 +56,7 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -O https://hg.nginx.org/pkg-oss/archive/%%REVISION%%.tar.gz \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/%%REVISION%%.tar.gz \ && PKGOSSCHECKSUM=\"%%PKGOSSCHECKSUM%% *%%REVISION%%.tar.gz\" \ && if [ \"\$(openssl sha512 -r %%REVISION%%.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index f4e2aec47..f03d524a3 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -67,7 +67,7 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ && PKGOSSCHECKSUM=\"f917c27702aa89cda46878fc80d446839c592c43ce7f251b3f4ced60c7033d34496a92d283927225d458cbc4f2f89499e7fb16344923317cd7725ad722eaf93e *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 735c1c03e..210fc45a4 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -66,7 +66,7 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ && PKGOSSCHECKSUM=\"f917c27702aa89cda46878fc80d446839c592c43ce7f251b3f4ced60c7033d34496a92d283927225d458cbc4f2f89499e7fb16344923317cd7725ad722eaf93e *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 2ddc18ae2..bf2c9d1c5 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -67,7 +67,7 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ && PKGOSSCHECKSUM=\"024718988028320b587f03989b76facff6ba899d9bbb36eeb6564fc2569fc32021427fd35ad24a23d7cec63813227ff2f73c953bbb71786a2d3308e65efaf0b1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index e3a0afb94..3b5060ad8 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -66,7 +66,7 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ && PKGOSSCHECKSUM=\"024718988028320b587f03989b76facff6ba899d9bbb36eeb6564fc2569fc32021427fd35ad24a23d7cec63813227ff2f73c953bbb71786a2d3308e65efaf0b1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ From fe1fff5d3d1d980e6d1cb3cad3082c24b1deb5ce Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Wed, 10 Nov 2021 19:35:15 -0800 Subject: [PATCH 123/306] Remove i386 from packages built by upstream for Debian --- Dockerfile-debian.template | 2 +- mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 91b7cf78c..c6cfb3253 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -30,7 +30,7 @@ RUN set -x \ && nginxPackages="%%PACKAGES%% " \ && case "$dpkgArch" in \ - amd64|i386|arm64) \ + amd64|arm64) \ # arches officialy built by upstream echo "deb %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 6b0e82791..36cdae695 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -41,7 +41,7 @@ RUN set -x \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ - amd64|i386|arm64) \ + amd64|arm64) \ # arches officialy built by upstream echo "deb https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 973102a65..93e9629db 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -40,7 +40,7 @@ RUN set -x \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ - amd64|i386|arm64) \ + amd64|arm64) \ # arches officialy built by upstream echo "deb https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ From ef8e9912a2de9b51ce9d1f79a5c047eb48b05fc1 Mon Sep 17 00:00:00 2001 From: PM Extra Date: Thu, 11 Nov 2021 17:51:02 +0800 Subject: [PATCH 124/306] Remove deprecated sks-keyservers for debian. --- Dockerfile-debian.template | 2 -- mainline/debian-perl/Dockerfile | 2 -- mainline/debian/Dockerfile | 2 -- stable/debian-perl/Dockerfile | 2 -- stable/debian/Dockerfile | 2 -- 5 files changed, 10 deletions(-) diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index c6cfb3253..8c7bf16f5 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -16,9 +16,7 @@ RUN set -x \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ found=''; \ for server in \ - ha.pool.sks-keyservers.net \ hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 36cdae695..13bca04f7 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -21,9 +21,7 @@ RUN set -x \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ found=''; \ for server in \ - ha.pool.sks-keyservers.net \ hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 93e9629db..3deb3b53f 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -21,9 +21,7 @@ RUN set -x \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ found=''; \ for server in \ - ha.pool.sks-keyservers.net \ hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 6d5fd1a41..05d2148a3 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -21,9 +21,7 @@ RUN set -x \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ found=''; \ for server in \ - ha.pool.sks-keyservers.net \ hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 40b4d9ac5..d4fa56bd3 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -21,9 +21,7 @@ RUN set -x \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ found=''; \ for server in \ - ha.pool.sks-keyservers.net \ hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ From 09a63857ebffd270968d675544b7d5f6c1f303ea Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 15 Nov 2021 15:35:34 +0300 Subject: [PATCH 125/306] Moved stable nginx builds to Debian 11 "Bullseye" and Alpine Linux 3.14. --- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- stable/debian-perl/Dockerfile | 8 ++++---- stable/debian/Dockerfile | 8 ++++---- update.sh | 4 ++-- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index bf2c9d1c5..1600f118c 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.13 +FROM alpine:3.14 LABEL maintainer="NGINX Docker Maintainers " diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 3b5060ad8..d21444175 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.13 +FROM alpine:3.14 LABEL maintainer="NGINX Docker Maintainers " diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 05d2148a3..2f0c5e59e 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -3,13 +3,13 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM debian:buster-slim +FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.20.1 ENV NJS_VERSION 0.5.3 -ENV PKG_RELEASE 1~buster +ENV PKG_RELEASE 1~bullseye RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -41,13 +41,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|i386|arm64) \ # arches officialy built by upstream - echo "deb https://nginx.org/packages/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index d4fa56bd3..577e76efd 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -3,13 +3,13 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM debian:buster-slim +FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.20.1 ENV NJS_VERSION 0.5.3 -ENV PKG_RELEASE 1~buster +ENV PKG_RELEASE 1~bullseye RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -40,13 +40,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|i386|arm64) \ # arches officialy built by upstream - echo "deb https://nginx.org/packages/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ diff --git a/update.sh b/update.sh index c549a308f..98f25c262 100755 --- a/update.sh +++ b/update.sh @@ -31,12 +31,12 @@ declare -A pkg=( declare -A debian=( [mainline]='bullseye' - [stable]='buster' + [stable]='bullseye' ) declare -A alpine=( [mainline]='3.14' - [stable]='3.13' + [stable]='3.14' ) # When we bump njs version in a stable release we don't move the tag in the From b0e153a1b644ca8b2bd378b14913fff316e07cf2 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 16 Nov 2021 18:56:21 +0300 Subject: [PATCH 126/306] Updated stable nginx to 1.20.2 and njs to 0.7.0. --- stable/alpine-perl/Dockerfile | 6 +++--- stable/alpine/Dockerfile | 6 +++--- stable/debian-perl/Dockerfile | 6 +++--- stable/debian/Dockerfile | 6 +++--- update.sh | 6 +++--- 5 files changed, 15 insertions(+), 15 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 1600f118c..7ea9d174f 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.14 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.20.1 -ENV NJS_VERSION 0.5.3 +ENV NGINX_VERSION 1.20.2 +ENV NJS_VERSION 0.7.0 ENV PKG_RELEASE 1 RUN set -x \ @@ -68,7 +68,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"024718988028320b587f03989b76facff6ba899d9bbb36eeb6564fc2569fc32021427fd35ad24a23d7cec63813227ff2f73c953bbb71786a2d3308e65efaf0b1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"af6e7eb25594dffe2903358f7a2c5c956f5b67b8df3f4e8237c30b63e50ce28e6eada3ed453687409beef8f3afa8f551cb20df2f06bd5e235eb66df212ece2ed *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index d21444175..6c09b7517 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.14 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.20.1 -ENV NJS_VERSION 0.5.3 +ENV NGINX_VERSION 1.20.2 +ENV NJS_VERSION 0.7.0 ENV PKG_RELEASE 1 RUN set -x \ @@ -67,7 +67,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"024718988028320b587f03989b76facff6ba899d9bbb36eeb6564fc2569fc32021427fd35ad24a23d7cec63813227ff2f73c953bbb71786a2d3308e65efaf0b1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"af6e7eb25594dffe2903358f7a2c5c956f5b67b8df3f4e8237c30b63e50ce28e6eada3ed453687409beef8f3afa8f551cb20df2f06bd5e235eb66df212ece2ed *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 2f0c5e59e..ef7fe8b99 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.20.1 -ENV NJS_VERSION 0.5.3 +ENV NGINX_VERSION 1.20.2 +ENV NJS_VERSION 0.7.0 ENV PKG_RELEASE 1~bullseye RUN set -x \ @@ -39,7 +39,7 @@ RUN set -x \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ - amd64|i386|arm64) \ + amd64|arm64) \ # arches officialy built by upstream echo "deb https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 577e76efd..de83d24be 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.20.1 -ENV NJS_VERSION 0.5.3 +ENV NGINX_VERSION 1.20.2 +ENV NJS_VERSION 0.7.0 ENV PKG_RELEASE 1~bullseye RUN set -x \ @@ -38,7 +38,7 @@ RUN set -x \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ - amd64|i386|arm64) \ + amd64|arm64) \ # arches officialy built by upstream echo "deb https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ diff --git a/update.sh b/update.sh index 98f25c262..1fec82f1f 100755 --- a/update.sh +++ b/update.sh @@ -13,13 +13,13 @@ declare branches=( # Remember to update pkgosschecksum when changing this. declare -A nginx=( [mainline]='1.21.4' - [stable]='1.20.1' + [stable]='1.20.2' ) # Current njs versions declare -A njs=( [mainline]='0.7.0' - [stable]='0.5.3' + [stable]='0.7.0' ) # Current package patchlevel version @@ -54,7 +54,7 @@ declare -A rev=( # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( [mainline]='f917c27702aa89cda46878fc80d446839c592c43ce7f251b3f4ced60c7033d34496a92d283927225d458cbc4f2f89499e7fb16344923317cd7725ad722eaf93e' - [stable]='024718988028320b587f03989b76facff6ba899d9bbb36eeb6564fc2569fc32021427fd35ad24a23d7cec63813227ff2f73c953bbb71786a2d3308e65efaf0b1' + [stable]='af6e7eb25594dffe2903358f7a2c5c956f5b67b8df3f4e8237c30b63e50ce28e6eada3ed453687409beef8f3afa8f551cb20df2f06bd5e235eb66df212ece2ed' ) get_packages() { From 930c2e26dee0aceca03c9ca7c5686d6c43b26526 Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Mon, 29 Nov 2021 19:46:20 -0800 Subject: [PATCH 127/306] Update mainline base image to Alpine 3.15 --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- update.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index f03d524a3..3603d7518 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.14 +FROM alpine:3.15 LABEL maintainer="NGINX Docker Maintainers " diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 210fc45a4..8065a49c6 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.14 +FROM alpine:3.15 LABEL maintainer="NGINX Docker Maintainers " diff --git a/update.sh b/update.sh index 1fec82f1f..f10fceda6 100755 --- a/update.sh +++ b/update.sh @@ -35,7 +35,7 @@ declare -A debian=( ) declare -A alpine=( - [mainline]='3.14' + [mainline]='3.15' [stable]='3.14' ) From d07b71be964b53184d829dfd00e2eaa51e4e6ecf Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 24 Dec 2021 16:44:35 +0300 Subject: [PATCH 128/306] Changed build dependencies to pcre2 --- Dockerfile-alpine.template | 2 +- modules/Dockerfile.alpine | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 514be0d3b..909323d83 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -42,7 +42,7 @@ RUN set -x \ libc-dev \ make \ openssl-dev \ - pcre-dev \ + pcre2-dev \ zlib-dev \ linux-headers \ libxslt-dev \ diff --git a/modules/Dockerfile.alpine b/modules/Dockerfile.alpine index c154363e0..d575d5d94 100644 --- a/modules/Dockerfile.alpine +++ b/modules/Dockerfile.alpine @@ -12,7 +12,7 @@ COPY ./ /modules/ RUN set -ex \ && apk update \ - && apk add linux-headers openssl-dev pcre-dev zlib-dev openssl abuild \ + && apk add linux-headers openssl-dev pcre2-dev zlib-dev openssl abuild \ musl-dev libxslt libxml2-utils make mercurial gcc unzip git \ xz g++ coreutils \ # allow abuild as a root user \ From 3a7105159a6c743188cb1c61e4186a9a59c025db Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Tue, 28 Dec 2021 17:19:58 -0800 Subject: [PATCH 129/306] Update nginx mainline to 1.21.5, njs to 0.7.1 --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 4 ++-- update.sh | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 3603d7518..17baacc88 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.15 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.4 -ENV NJS_VERSION 0.7.0 +ENV NGINX_VERSION 1.21.5 +ENV NJS_VERSION 0.7.1 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 8065a49c6..ef58e2724 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.15 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.4 -ENV NJS_VERSION 0.7.0 +ENV NGINX_VERSION 1.21.5 +ENV NJS_VERSION 0.7.1 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 13bca04f7..17825ab05 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.4 -ENV NJS_VERSION 0.7.0 +ENV NGINX_VERSION 1.21.5 +ENV NJS_VERSION 0.7.1 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 3deb3b53f..4abb749ea 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.4 -ENV NJS_VERSION 0.7.0 +ENV NGINX_VERSION 1.21.5 +ENV NJS_VERSION 0.7.1 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/update.sh b/update.sh index f10fceda6..13820a77e 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.21.4' + [mainline]='1.21.5' [stable]='1.20.2' ) # Current njs versions declare -A njs=( - [mainline]='0.7.0' + [mainline]='0.7.1' [stable]='0.7.0' ) From 5caf453cf8a3d3305b9054525bc213462a49ddc1 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 29 Dec 2021 12:46:57 +0300 Subject: [PATCH 130/306] Updated the pkg-oss tarball checksum. --- update.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/update.sh b/update.sh index 13820a77e..4c961bee5 100755 --- a/update.sh +++ b/update.sh @@ -53,7 +53,7 @@ declare -A rev=( # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='f917c27702aa89cda46878fc80d446839c592c43ce7f251b3f4ced60c7033d34496a92d283927225d458cbc4f2f89499e7fb16344923317cd7725ad722eaf93e' + [mainline]='b0ed109a820a2e8921f313d653032b8e70d3020138d634039ebb9194dc3968493f6eb4d85bdbf18d2aea7229deddb98ca0f1d9825defcc5af45f68ee37845232' [stable]='af6e7eb25594dffe2903358f7a2c5c956f5b67b8df3f4e8237c30b63e50ce28e6eada3ed453687409beef8f3afa8f551cb20df2f06bd5e235eb66df212ece2ed' ) From 01561128671d4e33c039a654fe198c6259a2514c Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 29 Dec 2021 14:00:57 +0300 Subject: [PATCH 131/306] Updated mainline Dockerfiles to pick up latest changes. --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 17baacc88..bbb52e137 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -53,7 +53,7 @@ RUN set -x \ libc-dev \ make \ openssl-dev \ - pcre-dev \ + pcre2-dev \ zlib-dev \ linux-headers \ libxslt-dev \ @@ -68,7 +68,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"f917c27702aa89cda46878fc80d446839c592c43ce7f251b3f4ced60c7033d34496a92d283927225d458cbc4f2f89499e7fb16344923317cd7725ad722eaf93e *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"b0ed109a820a2e8921f313d653032b8e70d3020138d634039ebb9194dc3968493f6eb4d85bdbf18d2aea7229deddb98ca0f1d9825defcc5af45f68ee37845232 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index ef58e2724..6d2144b03 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -52,7 +52,7 @@ RUN set -x \ libc-dev \ make \ openssl-dev \ - pcre-dev \ + pcre2-dev \ zlib-dev \ linux-headers \ libxslt-dev \ @@ -67,7 +67,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"f917c27702aa89cda46878fc80d446839c592c43ce7f251b3f4ced60c7033d34496a92d283927225d458cbc4f2f89499e7fb16344923317cd7725ad722eaf93e *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"b0ed109a820a2e8921f313d653032b8e70d3020138d634039ebb9194dc3968493f6eb4d85bdbf18d2aea7229deddb98ca0f1d9825defcc5af45f68ee37845232 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ From d660ee43cb10fae9eb916e048c72e488d2b25ee4 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 25 Jan 2022 11:02:13 +0300 Subject: [PATCH 132/306] Updated pkg-oss check sum (the tag was updated on hg.nginx.org). --- update.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/update.sh b/update.sh index 4c961bee5..bae26118d 100755 --- a/update.sh +++ b/update.sh @@ -53,7 +53,7 @@ declare -A rev=( # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='b0ed109a820a2e8921f313d653032b8e70d3020138d634039ebb9194dc3968493f6eb4d85bdbf18d2aea7229deddb98ca0f1d9825defcc5af45f68ee37845232' + [mainline]='01e788d3eed17f072aab2b17d5cb83879fea9a360027ae8dc279557d9b149462a363f31b3b672d07efef472fceeb0d1705e26f83376da4b34f4d7c7cf60960b0' [stable]='af6e7eb25594dffe2903358f7a2c5c956f5b67b8df3f4e8237c30b63e50ce28e6eada3ed453687409beef8f3afa8f551cb20df2f06bd5e235eb66df212ece2ed' ) From 135978e032a4db66ca6bde03978107102065f406 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 25 Jan 2022 11:04:35 +0300 Subject: [PATCH 133/306] Updated Dockerfiles. --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index bbb52e137..5d452cc88 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -68,7 +68,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"b0ed109a820a2e8921f313d653032b8e70d3020138d634039ebb9194dc3968493f6eb4d85bdbf18d2aea7229deddb98ca0f1d9825defcc5af45f68ee37845232 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"01e788d3eed17f072aab2b17d5cb83879fea9a360027ae8dc279557d9b149462a363f31b3b672d07efef472fceeb0d1705e26f83376da4b34f4d7c7cf60960b0 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 6d2144b03..f0dc3b58f 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -67,7 +67,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"b0ed109a820a2e8921f313d653032b8e70d3020138d634039ebb9194dc3968493f6eb4d85bdbf18d2aea7229deddb98ca0f1d9825defcc5af45f68ee37845232 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"01e788d3eed17f072aab2b17d5cb83879fea9a360027ae8dc279557d9b149462a363f31b3b672d07efef472fceeb0d1705e26f83376da4b34f4d7c7cf60960b0 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ From 6f0396c1e06837672698bc97865ffcea9dc841d5 Mon Sep 17 00:00:00 2001 From: shmux8 <75251845+shmux8@users.noreply.github.com> Date: Tue, 25 Jan 2022 19:45:44 +0300 Subject: [PATCH 134/306] Update nginx mainline to 1.21.6, njs to 0.7.2 --- mainline/alpine-perl/Dockerfile | 6 +++--- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 4 ++-- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- update.sh | 6 +++--- 7 files changed, 15 insertions(+), 15 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 5d452cc88..2514aa09d 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.15 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.5 -ENV NJS_VERSION 0.7.1 +ENV NGINX_VERSION 1.21.6 +ENV NJS_VERSION 0.7.2 ENV PKG_RELEASE 1 RUN set -x \ @@ -68,7 +68,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"01e788d3eed17f072aab2b17d5cb83879fea9a360027ae8dc279557d9b149462a363f31b3b672d07efef472fceeb0d1705e26f83376da4b34f4d7c7cf60960b0 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"29ec1c635da36b7727953544e1a20e9d75bd9d2050e063b9f81f88ca07bb7ea0b65cef46d0f3cb7134b38ce9b94ecada631619f233231845a3d8a16b6ad0db82 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index f0dc3b58f..638da921d 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.15 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.5 -ENV NJS_VERSION 0.7.1 +ENV NGINX_VERSION 1.21.6 +ENV NJS_VERSION 0.7.2 ENV PKG_RELEASE 1 RUN set -x \ @@ -67,7 +67,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"01e788d3eed17f072aab2b17d5cb83879fea9a360027ae8dc279557d9b149462a363f31b3b672d07efef472fceeb0d1705e26f83376da4b34f4d7c7cf60960b0 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"29ec1c635da36b7727953544e1a20e9d75bd9d2050e063b9f81f88ca07bb7ea0b65cef46d0f3cb7134b38ce9b94ecada631619f233231845a3d8a16b6ad0db82 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 17825ab05..28d2488f3 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.5 -ENV NJS_VERSION 0.7.1 +ENV NGINX_VERSION 1.21.6 +ENV NJS_VERSION 0.7.2 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 4abb749ea..a1afdde50 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.5 -ENV NJS_VERSION 0.7.1 +ENV NGINX_VERSION 1.21.6 +ENV NJS_VERSION 0.7.2 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 7ea9d174f..b250e4055 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -53,7 +53,7 @@ RUN set -x \ libc-dev \ make \ openssl-dev \ - pcre-dev \ + pcre2-dev \ zlib-dev \ linux-headers \ libxslt-dev \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 6c09b7517..181e6a48a 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -52,7 +52,7 @@ RUN set -x \ libc-dev \ make \ openssl-dev \ - pcre-dev \ + pcre2-dev \ zlib-dev \ linux-headers \ libxslt-dev \ diff --git a/update.sh b/update.sh index bae26118d..f2486b69a 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.21.5' + [mainline]='1.21.6' [stable]='1.20.2' ) # Current njs versions declare -A njs=( - [mainline]='0.7.1' + [mainline]='0.7.2' [stable]='0.7.0' ) @@ -53,7 +53,7 @@ declare -A rev=( # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='01e788d3eed17f072aab2b17d5cb83879fea9a360027ae8dc279557d9b149462a363f31b3b672d07efef472fceeb0d1705e26f83376da4b34f4d7c7cf60960b0' + [mainline]='29ec1c635da36b7727953544e1a20e9d75bd9d2050e063b9f81f88ca07bb7ea0b65cef46d0f3cb7134b38ce9b94ecada631619f233231845a3d8a16b6ad0db82' [stable]='af6e7eb25594dffe2903358f7a2c5c956f5b67b8df3f4e8237c30b63e50ce28e6eada3ed453687409beef8f3afa8f551cb20df2f06bd5e235eb66df212ece2ed' ) From 92973a30900b2ed881d208d10cadade34bbbab33 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 25 Jan 2022 19:59:53 +0300 Subject: [PATCH 135/306] Revert pcre2-related changes to the stable alpine images. stable doesnt support pcre2 yet. --- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index b250e4055..7ea9d174f 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -53,7 +53,7 @@ RUN set -x \ libc-dev \ make \ openssl-dev \ - pcre2-dev \ + pcre-dev \ zlib-dev \ linux-headers \ libxslt-dev \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 181e6a48a..6c09b7517 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -52,7 +52,7 @@ RUN set -x \ libc-dev \ make \ openssl-dev \ - pcre2-dev \ + pcre-dev \ zlib-dev \ linux-headers \ libxslt-dev \ From d039609e3a537df4e15a454fdb5a004d519e9a11 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 17 May 2022 10:31:53 +0400 Subject: [PATCH 136/306] Bump njs revisions for mainline and stable. --- mainline/alpine-perl/Dockerfile | 12 ++++++------ mainline/alpine/Dockerfile | 12 ++++++------ mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 12 ++++++------ stable/alpine/Dockerfile | 12 ++++++------ stable/debian-perl/Dockerfile | 2 +- stable/debian/Dockerfile | 2 +- update.sh | 13 ++++++------- 9 files changed, 34 insertions(+), 35 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 2514aa09d..67a1df190 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -8,7 +8,7 @@ FROM alpine:3.15 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.21.6 -ENV NJS_VERSION 0.7.2 +ENV NJS_VERSION 0.7.3 ENV PKG_RELEASE 1 RUN set -x \ @@ -67,16 +67,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"29ec1c635da36b7727953544e1a20e9d75bd9d2050e063b9f81f88ca07bb7ea0b65cef46d0f3cb7134b38ce9b94ecada631619f233231845a3d8a16b6ad0db82 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/688.tar.gz \ + && PKGOSSCHECKSUM=\"a8ab6ff80ab67c6c9567a9103b52a42a5962e9c1bc7091b7710aaf553a3b484af61b0797dd9b048c518e371a6f69e34d474cfaaeaa116fd2824bffa1cd9d4718 *688.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 688.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 688.tar.gz \ + && cd pkg-oss-688 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 638da921d..79a1e7117 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -8,7 +8,7 @@ FROM alpine:3.15 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.21.6 -ENV NJS_VERSION 0.7.2 +ENV NJS_VERSION 0.7.3 ENV PKG_RELEASE 1 RUN set -x \ @@ -66,16 +66,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"29ec1c635da36b7727953544e1a20e9d75bd9d2050e063b9f81f88ca07bb7ea0b65cef46d0f3cb7134b38ce9b94ecada631619f233231845a3d8a16b6ad0db82 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/688.tar.gz \ + && PKGOSSCHECKSUM=\"a8ab6ff80ab67c6c9567a9103b52a42a5962e9c1bc7091b7710aaf553a3b484af61b0797dd9b048c518e371a6f69e34d474cfaaeaa116fd2824bffa1cd9d4718 *688.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 688.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 688.tar.gz \ + && cd pkg-oss-688 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 28d2488f3..cbf01484d 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.21.6 -ENV NJS_VERSION 0.7.2 +ENV NJS_VERSION 0.7.3 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index a1afdde50..82683a4d6 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.21.6 -ENV NJS_VERSION 0.7.2 +ENV NJS_VERSION 0.7.3 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 7ea9d174f..9bf4be3a9 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -8,7 +8,7 @@ FROM alpine:3.14 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.20.2 -ENV NJS_VERSION 0.7.0 +ENV NJS_VERSION 0.7.3 ENV PKG_RELEASE 1 RUN set -x \ @@ -67,16 +67,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"af6e7eb25594dffe2903358f7a2c5c956f5b67b8df3f4e8237c30b63e50ce28e6eada3ed453687409beef8f3afa8f551cb20df2f06bd5e235eb66df212ece2ed *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/689.tar.gz \ + && PKGOSSCHECKSUM=\"b3cb5de3d22b4db2ab478e60469638e1935cb91c20405e33bdbf7303766278cf864bace62f95ef40f4fe39e92731f53ce1c4a18192ec7f7820f4083cd9384116 *689.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 689.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 689.tar.gz \ + && cd pkg-oss-689 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 6c09b7517..54f2089cc 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -8,7 +8,7 @@ FROM alpine:3.14 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.20.2 -ENV NJS_VERSION 0.7.0 +ENV NJS_VERSION 0.7.3 ENV PKG_RELEASE 1 RUN set -x \ @@ -66,16 +66,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"af6e7eb25594dffe2903358f7a2c5c956f5b67b8df3f4e8237c30b63e50ce28e6eada3ed453687409beef8f3afa8f551cb20df2f06bd5e235eb66df212ece2ed *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/689.tar.gz \ + && PKGOSSCHECKSUM=\"b3cb5de3d22b4db2ab478e60469638e1935cb91c20405e33bdbf7303766278cf864bace62f95ef40f4fe39e92731f53ce1c4a18192ec7f7820f4083cd9384116 *689.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 689.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 689.tar.gz \ + && cd pkg-oss-689 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index ef7fe8b99..740635200 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.20.2 -ENV NJS_VERSION 0.7.0 +ENV NJS_VERSION 0.7.3 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index de83d24be..515b6ba12 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.20.2 -ENV NJS_VERSION 0.7.0 +ENV NJS_VERSION 0.7.3 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/update.sh b/update.sh index f2486b69a..e247549cf 100755 --- a/update.sh +++ b/update.sh @@ -18,8 +18,8 @@ declare -A nginx=( # Current njs versions declare -A njs=( - [mainline]='0.7.2' - [stable]='0.7.0' + [mainline]='0.7.3' + [stable]='0.7.3' ) # Current package patchlevel version @@ -44,17 +44,16 @@ declare -A alpine=( # when building alpine packages on architectures not supported by nginx.org # Remember to update pkgosschecksum when changing this. declare -A rev=( - [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' - [stable]='${NGINX_VERSION}-${PKG_RELEASE}' - #[stable]='500' + [mainline]='688' + [stable]='689' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='29ec1c635da36b7727953544e1a20e9d75bd9d2050e063b9f81f88ca07bb7ea0b65cef46d0f3cb7134b38ce9b94ecada631619f233231845a3d8a16b6ad0db82' - [stable]='af6e7eb25594dffe2903358f7a2c5c956f5b67b8df3f4e8237c30b63e50ce28e6eada3ed453687409beef8f3afa8f551cb20df2f06bd5e235eb66df212ece2ed' + [mainline]='a8ab6ff80ab67c6c9567a9103b52a42a5962e9c1bc7091b7710aaf553a3b484af61b0797dd9b048c518e371a6f69e34d474cfaaeaa116fd2824bffa1cd9d4718' + [stable]='b3cb5de3d22b4db2ab478e60469638e1935cb91c20405e33bdbf7303766278cf864bace62f95ef40f4fe39e92731f53ce1c4a18192ec7f7820f4083cd9384116' ) get_packages() { From 6e580a6f592c02f0bf3d254e0a14c57f3a71e2ff Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 25 May 2022 15:31:16 +0400 Subject: [PATCH 137/306] Updated stable nginx to 1.22.0 and njs to 0.7.4. While at it, bump base OS for Alpine-based stable builds to Alpine 3.16. --- update.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/update.sh b/update.sh index e247549cf..dc0f207fb 100755 --- a/update.sh +++ b/update.sh @@ -13,13 +13,13 @@ declare branches=( # Remember to update pkgosschecksum when changing this. declare -A nginx=( [mainline]='1.21.6' - [stable]='1.20.2' + [stable]='1.22.0' ) # Current njs versions declare -A njs=( [mainline]='0.7.3' - [stable]='0.7.3' + [stable]='0.7.4' ) # Current package patchlevel version @@ -36,7 +36,7 @@ declare -A debian=( declare -A alpine=( [mainline]='3.15' - [stable]='3.14' + [stable]='3.16' ) # When we bump njs version in a stable release we don't move the tag in the @@ -45,7 +45,7 @@ declare -A alpine=( # Remember to update pkgosschecksum when changing this. declare -A rev=( [mainline]='688' - [stable]='689' + [stable]='696' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code @@ -53,7 +53,7 @@ declare -A rev=( # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( [mainline]='a8ab6ff80ab67c6c9567a9103b52a42a5962e9c1bc7091b7710aaf553a3b484af61b0797dd9b048c518e371a6f69e34d474cfaaeaa116fd2824bffa1cd9d4718' - [stable]='b3cb5de3d22b4db2ab478e60469638e1935cb91c20405e33bdbf7303766278cf864bace62f95ef40f4fe39e92731f53ce1c4a18192ec7f7820f4083cd9384116' + [stable]='fabf394af60d935d7c3f5e36db65dddcced9595fd06d3dfdfabbb77aaea88a5b772ef9c1521531673bdbb2876390cdea3b81c51030d36ab76cf5bfc0bfe79230' ) get_packages() { From 40923d1dfb59f6c66bed31012c5b4e2e044b7835 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 25 May 2022 15:35:10 +0400 Subject: [PATCH 138/306] update.sh: be a bit more BSD-friendly. --- update.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/update.sh b/update.sh index dc0f207fb..3017090d6 100755 --- a/update.sh +++ b/update.sh @@ -150,7 +150,7 @@ for branch in "${branches[@]}"; do packages=$(get_packages "$variant" "$branch") packagever=$(get_packagever "$variant" "$branch") - sed -i \ + sed -i.bak \ -e 's,%%ALPINE_VERSION%%,'"$alpinever"',' \ -e 's,%%DEBIAN_VERSION%%,'"$debianver"',' \ -e 's,%%NGINX_VERSION%%,'"$nginxver"',' \ From b18fb328f999b28a7bb6d86e06b0756c1befa21a Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 25 May 2022 16:00:53 +0400 Subject: [PATCH 139/306] Updated Dockerfiles. --- stable/alpine-perl/Dockerfile | 18 +++++++++--------- stable/alpine/Dockerfile | 18 +++++++++--------- stable/debian-perl/Dockerfile | 4 ++-- stable/debian/Dockerfile | 4 ++-- 4 files changed, 22 insertions(+), 22 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 9bf4be3a9..e3596af6d 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,12 +3,12 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.14 +FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.20.2 -ENV NJS_VERSION 0.7.3 +ENV NGINX_VERSION 1.22.0 +ENV NJS_VERSION 0.7.4 ENV PKG_RELEASE 1 RUN set -x \ @@ -53,7 +53,7 @@ RUN set -x \ libc-dev \ make \ openssl-dev \ - pcre-dev \ + pcre2-dev \ zlib-dev \ linux-headers \ libxslt-dev \ @@ -67,16 +67,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/689.tar.gz \ - && PKGOSSCHECKSUM=\"b3cb5de3d22b4db2ab478e60469638e1935cb91c20405e33bdbf7303766278cf864bace62f95ef40f4fe39e92731f53ce1c4a18192ec7f7820f4083cd9384116 *689.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 689.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/696.tar.gz \ + && PKGOSSCHECKSUM=\"fabf394af60d935d7c3f5e36db65dddcced9595fd06d3dfdfabbb77aaea88a5b772ef9c1521531673bdbb2876390cdea3b81c51030d36ab76cf5bfc0bfe79230 *696.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 696.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 689.tar.gz \ - && cd pkg-oss-689 \ + && tar xzvf 696.tar.gz \ + && cd pkg-oss-696 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 54f2089cc..660497686 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,12 +3,12 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.14 +FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.20.2 -ENV NJS_VERSION 0.7.3 +ENV NGINX_VERSION 1.22.0 +ENV NJS_VERSION 0.7.4 ENV PKG_RELEASE 1 RUN set -x \ @@ -52,7 +52,7 @@ RUN set -x \ libc-dev \ make \ openssl-dev \ - pcre-dev \ + pcre2-dev \ zlib-dev \ linux-headers \ libxslt-dev \ @@ -66,16 +66,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/689.tar.gz \ - && PKGOSSCHECKSUM=\"b3cb5de3d22b4db2ab478e60469638e1935cb91c20405e33bdbf7303766278cf864bace62f95ef40f4fe39e92731f53ce1c4a18192ec7f7820f4083cd9384116 *689.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 689.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/696.tar.gz \ + && PKGOSSCHECKSUM=\"fabf394af60d935d7c3f5e36db65dddcced9595fd06d3dfdfabbb77aaea88a5b772ef9c1521531673bdbb2876390cdea3b81c51030d36ab76cf5bfc0bfe79230 *696.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 696.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 689.tar.gz \ - && cd pkg-oss-689 \ + && tar xzvf 696.tar.gz \ + && cd pkg-oss-696 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 740635200..e5612bfef 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.20.2 -ENV NJS_VERSION 0.7.3 +ENV NGINX_VERSION 1.22.0 +ENV NJS_VERSION 0.7.4 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 515b6ba12..a9f05fcfd 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.20.2 -ENV NJS_VERSION 0.7.3 +ENV NGINX_VERSION 1.22.0 +ENV NJS_VERSION 0.7.4 ENV PKG_RELEASE 1~bullseye RUN set -x \ From 88018137053bdda23bd31fd61249b4b521eaffcf Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 25 May 2022 16:02:16 +0400 Subject: [PATCH 140/306] generate-stackbrew-library.sh: updated stable version. --- generate-stackbrew-library.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 4ff7ea38d..92ee34137 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -4,7 +4,7 @@ set -eu declare -A aliases aliases=( [mainline]='1 1.21 latest' - [stable]='1.20' + [stable]='1.22' ) self="$(basename "$BASH_SOURCE")" From 7ff24ba2bed1438c1b72f573dc69532ac26e9cdc Mon Sep 17 00:00:00 2001 From: Jesper Noordsij Date: Thu, 26 May 2022 11:23:57 +0200 Subject: [PATCH 141/306] Update mainline to Alpine 3.16 --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- update.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 67a1df190..2eeea52fd 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.15 +FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 79a1e7117..76e50fce1 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.15 +FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " diff --git a/update.sh b/update.sh index 3017090d6..039231b0c 100755 --- a/update.sh +++ b/update.sh @@ -35,7 +35,7 @@ declare -A debian=( ) declare -A alpine=( - [mainline]='3.15' + [mainline]='3.16' [stable]='3.16' ) From 04226fe92cc11bed68dae464eb60fd5399daf3b1 Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Tue, 21 Jun 2022 15:57:15 -0500 Subject: [PATCH 142/306] Update NGINX to 1.23, NJS to 0.7.5 --- .gitignore | 1 + mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 4 ++-- update.sh | 4 ++-- 6 files changed, 11 insertions(+), 10 deletions(-) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 000000000..751553b3a --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +*.bak diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 2eeea52fd..c8dea2e01 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.6 -ENV NJS_VERSION 0.7.3 +ENV NGINX_VERSION 1.23.0 +ENV NJS_VERSION 0.7.5 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 76e50fce1..c52c24113 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.6 -ENV NJS_VERSION 0.7.3 +ENV NGINX_VERSION 1.23.0 +ENV NJS_VERSION 0.7.5 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index cbf01484d..a0c1781b6 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.6 -ENV NJS_VERSION 0.7.3 +ENV NGINX_VERSION 1.23.0 +ENV NJS_VERSION 0.7.5 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 82683a4d6..4be092e9d 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.21.6 -ENV NJS_VERSION 0.7.3 +ENV NGINX_VERSION 1.23.0 +ENV NJS_VERSION 0.7.5 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/update.sh b/update.sh index 039231b0c..17cd14db0 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.21.6' + [mainline]='1.23.0' [stable]='1.22.0' ) # Current njs versions declare -A njs=( - [mainline]='0.7.3' + [mainline]='0.7.5' [stable]='0.7.4' ) From d4a47bc6602d3a1412dad48a8513b83805605ef3 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 22 Jun 2022 10:30:30 +0400 Subject: [PATCH 143/306] Moved stable to njs 0.7.5. While at it, updated revisions and checksums for current tags. --- mainline/alpine-perl/Dockerfile | 10 +++++----- mainline/alpine/Dockerfile | 10 +++++----- stable/alpine-perl/Dockerfile | 12 ++++++------ stable/alpine/Dockerfile | 12 ++++++------ stable/debian-perl/Dockerfile | 2 +- stable/debian/Dockerfile | 2 +- update.sh | 10 +++++----- 7 files changed, 29 insertions(+), 29 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index c8dea2e01..74b16afb1 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -67,16 +67,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/688.tar.gz \ - && PKGOSSCHECKSUM=\"a8ab6ff80ab67c6c9567a9103b52a42a5962e9c1bc7091b7710aaf553a3b484af61b0797dd9b048c518e371a6f69e34d474cfaaeaa116fd2824bffa1cd9d4718 *688.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 688.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"678b1e9ab34777f1a1a1a8717aff0dfa08cc187cf2cf140c084d23205f3ba3af97805e72ebbed49dd7bfcb23bbeca982b150fff5c2a6c96f161ed9085101f1a4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 688.tar.gz \ - && cd pkg-oss-688 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index c52c24113..75aebbe95 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -66,16 +66,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/688.tar.gz \ - && PKGOSSCHECKSUM=\"a8ab6ff80ab67c6c9567a9103b52a42a5962e9c1bc7091b7710aaf553a3b484af61b0797dd9b048c518e371a6f69e34d474cfaaeaa116fd2824bffa1cd9d4718 *688.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 688.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"678b1e9ab34777f1a1a1a8717aff0dfa08cc187cf2cf140c084d23205f3ba3af97805e72ebbed49dd7bfcb23bbeca982b150fff5c2a6c96f161ed9085101f1a4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 688.tar.gz \ - && cd pkg-oss-688 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index e3596af6d..4f89d0292 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -8,7 +8,7 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.22.0 -ENV NJS_VERSION 0.7.4 +ENV NJS_VERSION 0.7.5 ENV PKG_RELEASE 1 RUN set -x \ @@ -67,16 +67,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/696.tar.gz \ - && PKGOSSCHECKSUM=\"fabf394af60d935d7c3f5e36db65dddcced9595fd06d3dfdfabbb77aaea88a5b772ef9c1521531673bdbb2876390cdea3b81c51030d36ab76cf5bfc0bfe79230 *696.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 696.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/714.tar.gz \ + && PKGOSSCHECKSUM=\"f457d5988c1f2663e04c5cdad71874c25e94754277dd9da5d73c1d37c32bdaf288b3b20d8b5d070ffb33aab363eaf4a7abbcf95fcfd72b0729a1c1908c37e30e *714.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 714.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 696.tar.gz \ - && cd pkg-oss-696 \ + && tar xzvf 714.tar.gz \ + && cd pkg-oss-714 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 660497686..5c79c9067 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -8,7 +8,7 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.22.0 -ENV NJS_VERSION 0.7.4 +ENV NJS_VERSION 0.7.5 ENV PKG_RELEASE 1 RUN set -x \ @@ -66,16 +66,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/696.tar.gz \ - && PKGOSSCHECKSUM=\"fabf394af60d935d7c3f5e36db65dddcced9595fd06d3dfdfabbb77aaea88a5b772ef9c1521531673bdbb2876390cdea3b81c51030d36ab76cf5bfc0bfe79230 *696.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 696.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/714.tar.gz \ + && PKGOSSCHECKSUM=\"f457d5988c1f2663e04c5cdad71874c25e94754277dd9da5d73c1d37c32bdaf288b3b20d8b5d070ffb33aab363eaf4a7abbcf95fcfd72b0729a1c1908c37e30e *714.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 714.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 696.tar.gz \ - && cd pkg-oss-696 \ + && tar xzvf 714.tar.gz \ + && cd pkg-oss-714 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index e5612bfef..57d8a670f 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.22.0 -ENV NJS_VERSION 0.7.4 +ENV NJS_VERSION 0.7.5 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index a9f05fcfd..12eecb65a 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.22.0 -ENV NJS_VERSION 0.7.4 +ENV NJS_VERSION 0.7.5 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/update.sh b/update.sh index 17cd14db0..6f0bb0002 100755 --- a/update.sh +++ b/update.sh @@ -19,7 +19,7 @@ declare -A nginx=( # Current njs versions declare -A njs=( [mainline]='0.7.5' - [stable]='0.7.4' + [stable]='0.7.5' ) # Current package patchlevel version @@ -44,16 +44,16 @@ declare -A alpine=( # when building alpine packages on architectures not supported by nginx.org # Remember to update pkgosschecksum when changing this. declare -A rev=( - [mainline]='688' - [stable]='696' + [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' + [stable]='714' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='a8ab6ff80ab67c6c9567a9103b52a42a5962e9c1bc7091b7710aaf553a3b484af61b0797dd9b048c518e371a6f69e34d474cfaaeaa116fd2824bffa1cd9d4718' - [stable]='fabf394af60d935d7c3f5e36db65dddcced9595fd06d3dfdfabbb77aaea88a5b772ef9c1521531673bdbb2876390cdea3b81c51030d36ab76cf5bfc0bfe79230' + [mainline]='678b1e9ab34777f1a1a1a8717aff0dfa08cc187cf2cf140c084d23205f3ba3af97805e72ebbed49dd7bfcb23bbeca982b150fff5c2a6c96f161ed9085101f1a4' + [stable]='f457d5988c1f2663e04c5cdad71874c25e94754277dd9da5d73c1d37c32bdaf288b3b20d8b5d070ffb33aab363eaf4a7abbcf95fcfd72b0729a1c1908c37e30e' ) get_packages() { From 3e472aef70a13fd52ebac3a6b7902c7ea8e7f7ce Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 22 Jun 2022 11:03:11 +0400 Subject: [PATCH 144/306] generate-stackbrew-library.sh: updated mainline version. --- generate-stackbrew-library.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 92ee34137..d9a24d043 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -3,7 +3,7 @@ set -eu declare -A aliases aliases=( - [mainline]='1 1.21 latest' + [mainline]='1 1.23 latest' [stable]='1.22' ) From a563dda2d52e2aae1883ad174c54add563db78c8 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 27 Jun 2022 12:33:36 +0400 Subject: [PATCH 145/306] sync-awsecr.sh: bumped mainline/stable. --- sync-awsecr.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sync-awsecr.sh b/sync-awsecr.sh index 767e03d42..3e10a9ba1 100755 --- a/sync-awsecr.sh +++ b/sync-awsecr.sh @@ -6,8 +6,8 @@ registry="public.ecr.aws/z9d2n7e1" declare -A aliases aliases=( - [mainline]='1 1.21 latest' - [stable]='1.20' + [mainline]='1 1.23 latest' + [stable]='1.22' ) architectures=( amd64 arm64v8 ) From 3581b6708a9ad8f8511db4a2fd57a703b17903c2 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 29 Jun 2022 13:47:28 +0400 Subject: [PATCH 146/306] modules: added xslscript.pl to debian-based image. This should not be really required. Sometimes when building debian changelogs in pkg-oss there seems to be a timestamp issue forcing changes.xslt to be rebuilt. I can not reliable reproduce it, but a workaround seems to be just to ship the script and use it when it's needed. Fixes #677. --- modules/Dockerfile | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/modules/Dockerfile b/modules/Dockerfile index 7a4e71415..1cce673d2 100644 --- a/modules/Dockerfile +++ b/modules/Dockerfile @@ -15,7 +15,17 @@ RUN set -ex \ && apt install -y --no-install-suggests --no-install-recommends \ patch make wget mercurial devscripts debhelper dpkg-dev \ quilt lsb-release build-essential libxml2-utils xsltproc \ - equivs git g++ \ + equivs git g++ libparse-recdescent-perl \ + && XSLSCRIPT_SHA512="f7194c5198daeab9b3b0c3aebf006922c7df1d345d454bd8474489ff2eb6b4bf8e2ffe442489a45d1aab80da6ecebe0097759a1e12cc26b5f0613d05b7c09ffa *stdin" \ + && wget -O /tmp/xslscript.pl https://hg.nginx.org/xslscript/raw-file/01dc9ba12e1b/xslscript.pl \ + && if [ "$(cat /tmp/xslscript.pl | openssl sha512 -r)" = "$XSLSCRIPT_SHA512" ]; then \ + echo "XSLScript checksum verification succeeded!"; \ + chmod +x /tmp/xslscript.pl; \ + mv /tmp/xslscript.pl /usr/local/bin/; \ + else \ + echo "XSLScript checksum verification failed!"; \ + exit 1; \ + fi \ && hg clone -r ${NGINX_VERSION}-${PKG_RELEASE%%~*} https://hg.nginx.org/pkg-oss/ \ && cd pkg-oss \ && mkdir /tmp/packages \ From f3d86e99ba2db5d9918ede7b094fcad7b9128cd8 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 19 Jul 2022 20:41:42 +0400 Subject: [PATCH 147/306] Updated NGINX to 1.23.1, NJS to 0.7.6 --- mainline/alpine-perl/Dockerfile | 6 +++--- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 4 ++-- stable/alpine-perl/Dockerfile | 12 ++++++------ stable/alpine/Dockerfile | 12 ++++++------ stable/debian-perl/Dockerfile | 2 +- stable/debian/Dockerfile | 2 +- update.sh | 12 ++++++------ 9 files changed, 30 insertions(+), 30 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 74b16afb1..a67df4f7d 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.0 -ENV NJS_VERSION 0.7.5 +ENV NGINX_VERSION 1.23.1 +ENV NJS_VERSION 0.7.6 ENV PKG_RELEASE 1 RUN set -x \ @@ -68,7 +68,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"678b1e9ab34777f1a1a1a8717aff0dfa08cc187cf2cf140c084d23205f3ba3af97805e72ebbed49dd7bfcb23bbeca982b150fff5c2a6c96f161ed9085101f1a4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"513952f1e0432e667a8e3afef791a2daa036911f35573c849712747f10418f3f5b8712faf75fcb87f91bfaf593622b1e1c4f38ad9fef830f4cae141357206ecd *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 75aebbe95..d8a995bd9 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.0 -ENV NJS_VERSION 0.7.5 +ENV NGINX_VERSION 1.23.1 +ENV NJS_VERSION 0.7.6 ENV PKG_RELEASE 1 RUN set -x \ @@ -67,7 +67,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"678b1e9ab34777f1a1a1a8717aff0dfa08cc187cf2cf140c084d23205f3ba3af97805e72ebbed49dd7bfcb23bbeca982b150fff5c2a6c96f161ed9085101f1a4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"513952f1e0432e667a8e3afef791a2daa036911f35573c849712747f10418f3f5b8712faf75fcb87f91bfaf593622b1e1c4f38ad9fef830f4cae141357206ecd *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index a0c1781b6..a0a4c590a 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.0 -ENV NJS_VERSION 0.7.5 +ENV NGINX_VERSION 1.23.1 +ENV NJS_VERSION 0.7.6 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 4be092e9d..dd378e7e0 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.0 -ENV NJS_VERSION 0.7.5 +ENV NGINX_VERSION 1.23.1 +ENV NJS_VERSION 0.7.6 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 4f89d0292..50cac385f 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -8,7 +8,7 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.22.0 -ENV NJS_VERSION 0.7.5 +ENV NJS_VERSION 0.7.6 ENV PKG_RELEASE 1 RUN set -x \ @@ -67,16 +67,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/714.tar.gz \ - && PKGOSSCHECKSUM=\"f457d5988c1f2663e04c5cdad71874c25e94754277dd9da5d73c1d37c32bdaf288b3b20d8b5d070ffb33aab363eaf4a7abbcf95fcfd72b0729a1c1908c37e30e *714.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 714.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/725.tar.gz \ + && PKGOSSCHECKSUM=\"a6c56bb7e98be77337affe349e1316a71ddad7a732dc3b34294a794b3e740d68385022f0de72d08c090156f194580a92dcb8b5e2aa1c9c29b5a8484a6431e9b3 *725.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 725.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 714.tar.gz \ - && cd pkg-oss-714 \ + && tar xzvf 725.tar.gz \ + && cd pkg-oss-725 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 5c79c9067..4bec54dcf 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -8,7 +8,7 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.22.0 -ENV NJS_VERSION 0.7.5 +ENV NJS_VERSION 0.7.6 ENV PKG_RELEASE 1 RUN set -x \ @@ -66,16 +66,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/714.tar.gz \ - && PKGOSSCHECKSUM=\"f457d5988c1f2663e04c5cdad71874c25e94754277dd9da5d73c1d37c32bdaf288b3b20d8b5d070ffb33aab363eaf4a7abbcf95fcfd72b0729a1c1908c37e30e *714.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 714.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/725.tar.gz \ + && PKGOSSCHECKSUM=\"a6c56bb7e98be77337affe349e1316a71ddad7a732dc3b34294a794b3e740d68385022f0de72d08c090156f194580a92dcb8b5e2aa1c9c29b5a8484a6431e9b3 *725.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 725.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 714.tar.gz \ - && cd pkg-oss-714 \ + && tar xzvf 725.tar.gz \ + && cd pkg-oss-725 \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 57d8a670f..fac18e55c 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.22.0 -ENV NJS_VERSION 0.7.5 +ENV NJS_VERSION 0.7.6 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 12eecb65a..48258baca 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.22.0 -ENV NJS_VERSION 0.7.5 +ENV NJS_VERSION 0.7.6 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/update.sh b/update.sh index 6f0bb0002..f1bb316c8 100755 --- a/update.sh +++ b/update.sh @@ -12,14 +12,14 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.23.0' + [mainline]='1.23.1' [stable]='1.22.0' ) # Current njs versions declare -A njs=( - [mainline]='0.7.5' - [stable]='0.7.5' + [mainline]='0.7.6' + [stable]='0.7.6' ) # Current package patchlevel version @@ -45,15 +45,15 @@ declare -A alpine=( # Remember to update pkgosschecksum when changing this. declare -A rev=( [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' - [stable]='714' + [stable]='725' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='678b1e9ab34777f1a1a1a8717aff0dfa08cc187cf2cf140c084d23205f3ba3af97805e72ebbed49dd7bfcb23bbeca982b150fff5c2a6c96f161ed9085101f1a4' - [stable]='f457d5988c1f2663e04c5cdad71874c25e94754277dd9da5d73c1d37c32bdaf288b3b20d8b5d070ffb33aab363eaf4a7abbcf95fcfd72b0729a1c1908c37e30e' + [mainline]='513952f1e0432e667a8e3afef791a2daa036911f35573c849712747f10418f3f5b8712faf75fcb87f91bfaf593622b1e1c4f38ad9fef830f4cae141357206ecd' + [stable]='a6c56bb7e98be77337affe349e1316a71ddad7a732dc3b34294a794b3e740d68385022f0de72d08c090156f194580a92dcb8b5e2aa1c9c29b5a8484a6431e9b3' ) get_packages() { From 1dca42f99b3f032d862a1d35e8a5b951d629dc98 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 9 Sep 2022 16:54:47 +0400 Subject: [PATCH 148/306] Introduced alpine-slim image variant. --- Dockerfile-alpine-slim.template | 115 +++++++++++ generate-stackbrew-library.sh | 15 ++ .../10-listen-on-ipv6-by-default.sh | 61 ++++++ .../alpine-slim/20-envsubst-on-templates.sh | 32 +++ .../alpine-slim/30-tune-worker-processes.sh | 188 ++++++++++++++++++ mainline/alpine-slim/Dockerfile | 121 +++++++++++ mainline/alpine-slim/docker-entrypoint.sh | 38 ++++ .../10-listen-on-ipv6-by-default.sh | 61 ++++++ .../alpine-slim/20-envsubst-on-templates.sh | 32 +++ .../alpine-slim/30-tune-worker-processes.sh | 188 ++++++++++++++++++ stable/alpine-slim/Dockerfile | 121 +++++++++++ stable/alpine-slim/docker-entrypoint.sh | 38 ++++ update.sh | 24 ++- 13 files changed, 1027 insertions(+), 7 deletions(-) create mode 100644 Dockerfile-alpine-slim.template create mode 100755 mainline/alpine-slim/10-listen-on-ipv6-by-default.sh create mode 100755 mainline/alpine-slim/20-envsubst-on-templates.sh create mode 100755 mainline/alpine-slim/30-tune-worker-processes.sh create mode 100644 mainline/alpine-slim/Dockerfile create mode 100755 mainline/alpine-slim/docker-entrypoint.sh create mode 100755 stable/alpine-slim/10-listen-on-ipv6-by-default.sh create mode 100755 stable/alpine-slim/20-envsubst-on-templates.sh create mode 100755 stable/alpine-slim/30-tune-worker-processes.sh create mode 100644 stable/alpine-slim/Dockerfile create mode 100755 stable/alpine-slim/docker-entrypoint.sh diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template new file mode 100644 index 000000000..b394d05ea --- /dev/null +++ b/Dockerfile-alpine-slim.template @@ -0,0 +1,115 @@ +FROM alpine:%%ALPINE_VERSION%% + +LABEL maintainer="NGINX Docker Maintainers " + +ENV NGINX_VERSION %%NGINX_VERSION%% +ENV PKG_RELEASE %%PKG_RELEASE%% + +RUN set -x \ +# create nginx user/group first, to be consistent throughout docker variants + && addgroup -g 101 -S nginx \ + && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \ + && apkArch="$(cat /etc/apk/arch)" \ + && nginxPackages="%%PACKAGES%% + " \ +# install prerequisites for public key and pkg-oss checks + && apk add --no-cache --virtual .checksum-deps \ + openssl \ + && case "$apkArch" in \ + x86_64|aarch64) \ +# arches officially built by upstream + set -x \ + && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ + && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + echo "key verification succeeded!"; \ + mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ + else \ + echo "key verification failed!"; \ + exit 1; \ + fi \ + && apk add -X "%%PACKAGEREPO%%v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published packaging sources + set -x \ + && tempDir="$(mktemp -d)" \ + && chown nobody:nobody $tempDir \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre2-dev \ + zlib-dev \ + linux-headers \ + bash \ + alpine-sdk \ + findutils \ + && su nobody -s /bin/sh -c " \ + export HOME=${tempDir} \ + && cd ${tempDir} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/%%REVISION%%.tar.gz \ + && PKGOSSCHECKSUM=\"%%PKGOSSCHECKSUM%% *%%REVISION%%.tar.gz\" \ + && if [ \"\$(openssl sha512 -r %%REVISION%%.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + echo \"pkg-oss tarball checksum verification succeeded!\"; \ + else \ + echo \"pkg-oss tarball checksum verification failed!\"; \ + exit 1; \ + fi \ + && tar xzvf %%REVISION%%.tar.gz \ + && cd pkg-oss-%%REVISION%% \ + && cd alpine \ + && make base \ + && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ + " \ + && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ + && apk del .build-deps \ + && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ + ;; \ + esac \ +# remove checksum deps + && apk del .checksum-deps \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ +# Bring in gettext so we can get `envsubst`, then throw +# the rest away. To do this, we need to install `gettext` +# then move `envsubst` out of the way so `gettext` can +# be deleted completely, then move `envsubst` back. + && apk add --no-cache --virtual .gettext gettext \ + && mv /usr/bin/envsubst /tmp/ \ + \ + && runDeps="$( \ + scanelf --needed --nobanner /tmp/envsubst \ + | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ + | sort -u \ + | xargs -r apk info --installed \ + | sort -u \ + )" \ + && apk add --no-cache $runDeps \ + && apk del .gettext \ + && mv /tmp/envsubst /usr/local/bin/ \ +# Bring in tzdata so users could set the timezones through the environment +# variables + && apk add --no-cache tzdata \ +# forward request and error logs to docker log collector + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ +# create a docker-entrypoint.d directory + && mkdir /docker-entrypoint.d + +COPY docker-entrypoint.sh / +COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 20-envsubst-on-templates.sh /docker-entrypoint.d +COPY 30-tune-worker-processes.sh /docker-entrypoint.d +ENTRYPOINT ["/docker-entrypoint.sh"] + +EXPOSE 80 + +STOPSIGNAL SIGQUIT + +CMD ["nginx", "-g", "daemon off;"] diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index d9a24d043..9bc067d28 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -98,4 +98,19 @@ for version in "${versions[@]}"; do EOE done + for variant in alpine-slim; do + commit="$(dirCommit "$version/$variant")" + + variantAliases=( "${versionAliases[@]/%/-$variant}" ) + variantAliases=( "${variantAliases[@]//latest-/}" ) + + echo + cat <<-EOE + Tags: $(join ', ' "${variantAliases[@]}") + Architectures: arm64v8, amd64 + GitCommit: $commit + Directory: $version/$variant + EOE + done + done diff --git a/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh b/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh new file mode 100755 index 000000000..9585152ba --- /dev/null +++ b/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh @@ -0,0 +1,61 @@ +#!/bin/sh +# vim:sw=4:ts=4:et + +set -e + +ME=$(basename $0) +DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" + +# check if we have ipv6 available +if [ ! -f "/proc/net/if_inet6" ]; then + echo >&3 "$ME: info: ipv6 not available" + exit 0 +fi + +if [ ! -f "/$DEFAULT_CONF_FILE" ]; then + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + exit 0 +fi + +# check if the file can be modified, e.g. not on a r/o filesystem +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } + +# check if the file is already modified, e.g. on a container restart +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } + +if [ -f "/etc/os-release" ]; then + . /etc/os-release +else + echo >&3 "$ME: info: can not guess the operating system" + exit 0 +fi + +echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" + +case "$ID" in + "debian") + CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + exit 0 + } + ;; + "alpine") + CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + exit 0 + } + ;; + *) + echo >&3 "$ME: info: Unsupported distribution" + exit 0 + ;; +esac + +# enable ipv6 on default.conf listen sockets +sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE + +echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" + +exit 0 diff --git a/mainline/alpine-slim/20-envsubst-on-templates.sh b/mainline/alpine-slim/20-envsubst-on-templates.sh new file mode 100755 index 000000000..4f330295b --- /dev/null +++ b/mainline/alpine-slim/20-envsubst-on-templates.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +set -e + +ME=$(basename $0) + +auto_envsubst() { + local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" + local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" + local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + + local template defined_envs relative_path output_path subdir + defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + [ -d "$template_dir" ] || return 0 + if [ ! -w "$output_dir" ]; then + echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + return 0 + fi + find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do + relative_path="${template#$template_dir/}" + output_path="$output_dir/${relative_path%$suffix}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$output_dir/$subdir" + echo >&3 "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done +} + +auto_envsubst + +exit 0 diff --git a/mainline/alpine-slim/30-tune-worker-processes.sh b/mainline/alpine-slim/30-tune-worker-processes.sh new file mode 100755 index 000000000..565058715 --- /dev/null +++ b/mainline/alpine-slim/30-tune-worker-processes.sh @@ -0,0 +1,188 @@ +#!/bin/sh +# vim:sw=2:ts=2:sts=2:et + +set -eu + +LC_ALL=C +ME=$( basename "$0" ) +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 + +touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } + +ceildiv() { + num=$1 + div=$2 + echo $(( (num + div - 1) / div )) +} + +get_cpuset() { + cpusetroot=$1 + cpusetfile=$2 + ncpu=0 + [ -f "$cpusetroot/$cpusetfile" ] || return 1 + for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do + case "$token" in + *-*) + count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) + ncpu=$(( ncpu+count )) + ;; + *) + ncpu=$(( ncpu+1 )) + ;; + esac + done + echo "$ncpu" +} + +get_quota() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 + [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 + cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) + cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) + [ "$cfs_quota" = "-1" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return 1 + echo "$ncpu" +} + +get_quota_v2() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.max" ] || return 1 + cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) + cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) + [ "$cfs_quota" = "max" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return 1 + echo "$ncpu" +} + +get_cgroup_v1_path() { + needle=$1 + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 + + while IFS= read -r line; do + case "$needle" in + "cpuset") + case "$line" in + *cpuset*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break + ;; + esac + ;; + "cpu") + case "$line" in + *cpuset*) + ;; + *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break + ;; + esac + esac + done << __EOF__ +$( grep -F -- '- cgroup ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + controller=$( echo "$line" | cut -d: -f 2 ) + case "$needle" in + "cpuset") + case "$controller" in + cpuset) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + break + ;; + esac + ;; + "cpu") + case "$controller" in + cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + break + ;; + esac + ;; + esac +done << __EOF__ +$( grep -F -- 'cpu' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +get_cgroup_v2_path() { + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 + + while IFS= read -r line; do + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + done << __EOF__ +$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + mountpoint=$( echo "$line" | cut -d: -f 3 ) +done << __EOF__ +$( grep -F -- '0::' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "") + return 1 + ;; + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +ncpu_online=$( getconf _NPROCESSORS_ONLN ) +ncpu_cpuset= +ncpu_quota= +ncpu_cpuset_v2= +ncpu_quota_v2= + +cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online +cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online + +ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ + "$ncpu_online" \ + "$ncpu_cpuset" \ + "$ncpu_quota" \ + "$ncpu_cpuset_v2" \ + "$ncpu_quota_v2" \ + | sort -n \ + | head -n 1 ) + +sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile new file mode 100644 index 000000000..b5cfded6a --- /dev/null +++ b/mainline/alpine-slim/Dockerfile @@ -0,0 +1,121 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# +FROM alpine:3.16 + +LABEL maintainer="NGINX Docker Maintainers " + +ENV NGINX_VERSION 1.23.1 +ENV PKG_RELEASE 1 + +RUN set -x \ +# create nginx user/group first, to be consistent throughout docker variants + && addgroup -g 101 -S nginx \ + && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \ + && apkArch="$(cat /etc/apk/arch)" \ + && nginxPackages=" \ + nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ + " \ +# install prerequisites for public key and pkg-oss checks + && apk add --no-cache --virtual .checksum-deps \ + openssl \ + && case "$apkArch" in \ + x86_64|aarch64) \ +# arches officially built by upstream + set -x \ + && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ + && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + echo "key verification succeeded!"; \ + mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ + else \ + echo "key verification failed!"; \ + exit 1; \ + fi \ + && apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published packaging sources + set -x \ + && tempDir="$(mktemp -d)" \ + && chown nobody:nobody $tempDir \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre2-dev \ + zlib-dev \ + linux-headers \ + bash \ + alpine-sdk \ + findutils \ + && su nobody -s /bin/sh -c " \ + export HOME=${tempDir} \ + && cd ${tempDir} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"513952f1e0432e667a8e3afef791a2daa036911f35573c849712747f10418f3f5b8712faf75fcb87f91bfaf593622b1e1c4f38ad9fef830f4cae141357206ecd *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + echo \"pkg-oss tarball checksum verification succeeded!\"; \ + else \ + echo \"pkg-oss tarball checksum verification failed!\"; \ + exit 1; \ + fi \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && cd alpine \ + && make base \ + && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ + " \ + && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ + && apk del .build-deps \ + && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ + ;; \ + esac \ +# remove checksum deps + && apk del .checksum-deps \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ +# Bring in gettext so we can get `envsubst`, then throw +# the rest away. To do this, we need to install `gettext` +# then move `envsubst` out of the way so `gettext` can +# be deleted completely, then move `envsubst` back. + && apk add --no-cache --virtual .gettext gettext \ + && mv /usr/bin/envsubst /tmp/ \ + \ + && runDeps="$( \ + scanelf --needed --nobanner /tmp/envsubst \ + | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ + | sort -u \ + | xargs -r apk info --installed \ + | sort -u \ + )" \ + && apk add --no-cache $runDeps \ + && apk del .gettext \ + && mv /tmp/envsubst /usr/local/bin/ \ +# Bring in tzdata so users could set the timezones through the environment +# variables + && apk add --no-cache tzdata \ +# forward request and error logs to docker log collector + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ +# create a docker-entrypoint.d directory + && mkdir /docker-entrypoint.d + +COPY docker-entrypoint.sh / +COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 20-envsubst-on-templates.sh /docker-entrypoint.d +COPY 30-tune-worker-processes.sh /docker-entrypoint.d +ENTRYPOINT ["/docker-entrypoint.sh"] + +EXPOSE 80 + +STOPSIGNAL SIGQUIT + +CMD ["nginx", "-g", "daemon off;"] diff --git a/mainline/alpine-slim/docker-entrypoint.sh b/mainline/alpine-slim/docker-entrypoint.sh new file mode 100755 index 000000000..72d5cd94e --- /dev/null +++ b/mainline/alpine-slim/docker-entrypoint.sh @@ -0,0 +1,38 @@ +#!/bin/sh +# vim:sw=4:ts=4:et + +set -e + +if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + exec 3>&1 +else + exec 3>/dev/null +fi + +if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then + echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + + echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do + case "$f" in + *.sh) + if [ -x "$f" ]; then + echo >&3 "$0: Launching $f"; + "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; + *) echo >&3 "$0: Ignoring $f";; + esac + done + + echo >&3 "$0: Configuration complete; ready for start up" + else + echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + fi +fi + +exec "$@" diff --git a/stable/alpine-slim/10-listen-on-ipv6-by-default.sh b/stable/alpine-slim/10-listen-on-ipv6-by-default.sh new file mode 100755 index 000000000..9585152ba --- /dev/null +++ b/stable/alpine-slim/10-listen-on-ipv6-by-default.sh @@ -0,0 +1,61 @@ +#!/bin/sh +# vim:sw=4:ts=4:et + +set -e + +ME=$(basename $0) +DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" + +# check if we have ipv6 available +if [ ! -f "/proc/net/if_inet6" ]; then + echo >&3 "$ME: info: ipv6 not available" + exit 0 +fi + +if [ ! -f "/$DEFAULT_CONF_FILE" ]; then + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + exit 0 +fi + +# check if the file can be modified, e.g. not on a r/o filesystem +touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } + +# check if the file is already modified, e.g. on a container restart +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } + +if [ -f "/etc/os-release" ]; then + . /etc/os-release +else + echo >&3 "$ME: info: can not guess the operating system" + exit 0 +fi + +echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" + +case "$ID" in + "debian") + CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + exit 0 + } + ;; + "alpine") + CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { + echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + exit 0 + } + ;; + *) + echo >&3 "$ME: info: Unsupported distribution" + exit 0 + ;; +esac + +# enable ipv6 on default.conf listen sockets +sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE + +echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" + +exit 0 diff --git a/stable/alpine-slim/20-envsubst-on-templates.sh b/stable/alpine-slim/20-envsubst-on-templates.sh new file mode 100755 index 000000000..4f330295b --- /dev/null +++ b/stable/alpine-slim/20-envsubst-on-templates.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +set -e + +ME=$(basename $0) + +auto_envsubst() { + local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" + local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" + local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + + local template defined_envs relative_path output_path subdir + defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + [ -d "$template_dir" ] || return 0 + if [ ! -w "$output_dir" ]; then + echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + return 0 + fi + find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do + relative_path="${template#$template_dir/}" + output_path="$output_dir/${relative_path%$suffix}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$output_dir/$subdir" + echo >&3 "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done +} + +auto_envsubst + +exit 0 diff --git a/stable/alpine-slim/30-tune-worker-processes.sh b/stable/alpine-slim/30-tune-worker-processes.sh new file mode 100755 index 000000000..565058715 --- /dev/null +++ b/stable/alpine-slim/30-tune-worker-processes.sh @@ -0,0 +1,188 @@ +#!/bin/sh +# vim:sw=2:ts=2:sts=2:et + +set -eu + +LC_ALL=C +ME=$( basename "$0" ) +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 + +touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } + +ceildiv() { + num=$1 + div=$2 + echo $(( (num + div - 1) / div )) +} + +get_cpuset() { + cpusetroot=$1 + cpusetfile=$2 + ncpu=0 + [ -f "$cpusetroot/$cpusetfile" ] || return 1 + for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do + case "$token" in + *-*) + count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) + ncpu=$(( ncpu+count )) + ;; + *) + ncpu=$(( ncpu+1 )) + ;; + esac + done + echo "$ncpu" +} + +get_quota() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 + [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 + cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) + cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) + [ "$cfs_quota" = "-1" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return 1 + echo "$ncpu" +} + +get_quota_v2() { + cpuroot=$1 + ncpu=0 + [ -f "$cpuroot/cpu.max" ] || return 1 + cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) + cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) + [ "$cfs_quota" = "max" ] && return 1 + [ "$cfs_period" = "0" ] && return 1 + ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + [ "$ncpu" -gt 0 ] || return 1 + echo "$ncpu" +} + +get_cgroup_v1_path() { + needle=$1 + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 + + while IFS= read -r line; do + case "$needle" in + "cpuset") + case "$line" in + *cpuset*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break + ;; + esac + ;; + "cpu") + case "$line" in + *cpuset*) + ;; + *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + break + ;; + esac + esac + done << __EOF__ +$( grep -F -- '- cgroup ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + controller=$( echo "$line" | cut -d: -f 2 ) + case "$needle" in + "cpuset") + case "$controller" in + cpuset) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + break + ;; + esac + ;; + "cpu") + case "$controller" in + cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) + mountpoint=$( echo "$line" | cut -d: -f 3 ) + break + ;; + esac + ;; + esac +done << __EOF__ +$( grep -F -- 'cpu' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +get_cgroup_v2_path() { + found= + foundroot= + mountpoint= + + [ -r "/proc/self/mountinfo" ] || return 1 + [ -r "/proc/self/cgroup" ] || return 1 + + while IFS= read -r line; do + found=$( echo "$line" | cut -d ' ' -f 4,5 ) + done << __EOF__ +$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) +__EOF__ + + while IFS= read -r line; do + mountpoint=$( echo "$line" | cut -d: -f 3 ) +done << __EOF__ +$( grep -F -- '0::' /proc/self/cgroup ) +__EOF__ + + case "${found%% *}" in + "") + return 1 + ;; + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; + esac + echo "$foundroot" +} + +ncpu_online=$( getconf _NPROCESSORS_ONLN ) +ncpu_cpuset= +ncpu_quota= +ncpu_cpuset_v2= +ncpu_quota_v2= + +cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online +cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online +cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online + +ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ + "$ncpu_online" \ + "$ncpu_cpuset" \ + "$ncpu_quota" \ + "$ncpu_cpuset_v2" \ + "$ncpu_quota_v2" \ + | sort -n \ + | head -n 1 ) + +sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile new file mode 100644 index 000000000..8f5485396 --- /dev/null +++ b/stable/alpine-slim/Dockerfile @@ -0,0 +1,121 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# +FROM alpine:3.16 + +LABEL maintainer="NGINX Docker Maintainers " + +ENV NGINX_VERSION 1.22.0 +ENV PKG_RELEASE 1 + +RUN set -x \ +# create nginx user/group first, to be consistent throughout docker variants + && addgroup -g 101 -S nginx \ + && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \ + && apkArch="$(cat /etc/apk/arch)" \ + && nginxPackages=" \ + nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ + " \ +# install prerequisites for public key and pkg-oss checks + && apk add --no-cache --virtual .checksum-deps \ + openssl \ + && case "$apkArch" in \ + x86_64|aarch64) \ +# arches officially built by upstream + set -x \ + && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ + && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + echo "key verification succeeded!"; \ + mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ + else \ + echo "key verification failed!"; \ + exit 1; \ + fi \ + && apk add -X "https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published packaging sources + set -x \ + && tempDir="$(mktemp -d)" \ + && chown nobody:nobody $tempDir \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre2-dev \ + zlib-dev \ + linux-headers \ + bash \ + alpine-sdk \ + findutils \ + && su nobody -s /bin/sh -c " \ + export HOME=${tempDir} \ + && cd ${tempDir} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/725.tar.gz \ + && PKGOSSCHECKSUM=\"a6c56bb7e98be77337affe349e1316a71ddad7a732dc3b34294a794b3e740d68385022f0de72d08c090156f194580a92dcb8b5e2aa1c9c29b5a8484a6431e9b3 *725.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 725.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + echo \"pkg-oss tarball checksum verification succeeded!\"; \ + else \ + echo \"pkg-oss tarball checksum verification failed!\"; \ + exit 1; \ + fi \ + && tar xzvf 725.tar.gz \ + && cd pkg-oss-725 \ + && cd alpine \ + && make base \ + && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ + " \ + && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ + && apk del .build-deps \ + && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ + ;; \ + esac \ +# remove checksum deps + && apk del .checksum-deps \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ +# Bring in gettext so we can get `envsubst`, then throw +# the rest away. To do this, we need to install `gettext` +# then move `envsubst` out of the way so `gettext` can +# be deleted completely, then move `envsubst` back. + && apk add --no-cache --virtual .gettext gettext \ + && mv /usr/bin/envsubst /tmp/ \ + \ + && runDeps="$( \ + scanelf --needed --nobanner /tmp/envsubst \ + | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ + | sort -u \ + | xargs -r apk info --installed \ + | sort -u \ + )" \ + && apk add --no-cache $runDeps \ + && apk del .gettext \ + && mv /tmp/envsubst /usr/local/bin/ \ +# Bring in tzdata so users could set the timezones through the environment +# variables + && apk add --no-cache tzdata \ +# forward request and error logs to docker log collector + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ +# create a docker-entrypoint.d directory + && mkdir /docker-entrypoint.d + +COPY docker-entrypoint.sh / +COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 20-envsubst-on-templates.sh /docker-entrypoint.d +COPY 30-tune-worker-processes.sh /docker-entrypoint.d +ENTRYPOINT ["/docker-entrypoint.sh"] + +EXPOSE 80 + +STOPSIGNAL SIGQUIT + +CMD ["nginx", "-g", "daemon off;"] diff --git a/stable/alpine-slim/docker-entrypoint.sh b/stable/alpine-slim/docker-entrypoint.sh new file mode 100755 index 000000000..72d5cd94e --- /dev/null +++ b/stable/alpine-slim/docker-entrypoint.sh @@ -0,0 +1,38 @@ +#!/bin/sh +# vim:sw=4:ts=4:et + +set -e + +if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + exec 3>&1 +else + exec 3>/dev/null +fi + +if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then + echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + + echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do + case "$f" in + *.sh) + if [ -x "$f" ]; then + echo >&3 "$0: Launching $f"; + "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; + *) echo >&3 "$0: Ignoring $f";; + esac + done + + echo >&3 "$0: Configuration complete; ready for start up" + else + echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + fi +fi + +exec "$@" diff --git a/update.sh b/update.sh index f1bb316c8..ddb783eb1 100755 --- a/update.sh +++ b/update.sh @@ -82,16 +82,26 @@ get_packages() { esac echo -n ' \\\n' - for p in nginx nginx-module-xslt nginx-module-geoip nginx-module-image-filter $perl; do - echo -n ' '"$p"'=${NGINX_VERSION}-'"$r"'${PKG_RELEASE} \\\n' - done - for p in nginx-module-njs; do - echo -n ' '"$p"'=${NGINX_VERSION}'"$sep"'${NJS_VERSION}-'"$r"'${PKG_RELEASE} \\' - done + case "$distro" in + *-slim) + for p in nginx; do + echo -n ' '"$p"'=${NGINX_VERSION}-'"$r"'${PKG_RELEASE} \\' + done + ;; + *) + for p in nginx nginx-module-xslt nginx-module-geoip nginx-module-image-filter $perl; do + echo -n ' '"$p"'=${NGINX_VERSION}-'"$r"'${PKG_RELEASE} \\\n' + done + for p in nginx-module-njs; do + echo -n ' '"$p"'=${NGINX_VERSION}'"$sep"'${NJS_VERSION}-'"$r"'${PKG_RELEASE} \\' + done + ;; + esac } get_packagerepo() { local distro="${1%-perl}" + distro="${distro%-slim}" shift local branch="$1" shift @@ -125,7 +135,7 @@ __EOF__ for branch in "${branches[@]}"; do for variant in \ - alpine{,-perl} \ + alpine{,-perl,-slim} \ debian{,-perl}; do echo "$branch: $variant" dir="$branch/$variant" From 667512852e35b485cc557412e58648cf70a77759 Mon Sep 17 00:00:00 2001 From: JuniorJPDJ Date: Wed, 20 Jul 2022 01:23:20 +0200 Subject: [PATCH 149/306] Source entrypoint files with .envsh extension This allows reusing variables declared between entrypoint scripts --- entrypoint/docker-entrypoint.sh | 9 +++++++++ mainline/alpine-perl/docker-entrypoint.sh | 9 +++++++++ mainline/alpine-slim/docker-entrypoint.sh | 9 +++++++++ mainline/alpine/docker-entrypoint.sh | 9 +++++++++ mainline/debian-perl/docker-entrypoint.sh | 9 +++++++++ mainline/debian/docker-entrypoint.sh | 9 +++++++++ stable/alpine-perl/docker-entrypoint.sh | 9 +++++++++ stable/alpine-slim/docker-entrypoint.sh | 9 +++++++++ stable/alpine/docker-entrypoint.sh | 9 +++++++++ stable/debian-perl/docker-entrypoint.sh | 9 +++++++++ stable/debian/docker-entrypoint.sh | 9 +++++++++ 11 files changed, 99 insertions(+) diff --git a/entrypoint/docker-entrypoint.sh b/entrypoint/docker-entrypoint.sh index 72d5cd94e..b8b99e146 100755 --- a/entrypoint/docker-entrypoint.sh +++ b/entrypoint/docker-entrypoint.sh @@ -16,6 +16,15 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in + *.envsh) + if [ -x "$f" ]; then + echo >&3 "$0: Sourcing $f"; + source "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; *.sh) if [ -x "$f" ]; then echo >&3 "$0: Launching $f"; diff --git a/mainline/alpine-perl/docker-entrypoint.sh b/mainline/alpine-perl/docker-entrypoint.sh index 72d5cd94e..b8b99e146 100755 --- a/mainline/alpine-perl/docker-entrypoint.sh +++ b/mainline/alpine-perl/docker-entrypoint.sh @@ -16,6 +16,15 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in + *.envsh) + if [ -x "$f" ]; then + echo >&3 "$0: Sourcing $f"; + source "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; *.sh) if [ -x "$f" ]; then echo >&3 "$0: Launching $f"; diff --git a/mainline/alpine-slim/docker-entrypoint.sh b/mainline/alpine-slim/docker-entrypoint.sh index 72d5cd94e..b8b99e146 100755 --- a/mainline/alpine-slim/docker-entrypoint.sh +++ b/mainline/alpine-slim/docker-entrypoint.sh @@ -16,6 +16,15 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in + *.envsh) + if [ -x "$f" ]; then + echo >&3 "$0: Sourcing $f"; + source "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; *.sh) if [ -x "$f" ]; then echo >&3 "$0: Launching $f"; diff --git a/mainline/alpine/docker-entrypoint.sh b/mainline/alpine/docker-entrypoint.sh index 72d5cd94e..b8b99e146 100755 --- a/mainline/alpine/docker-entrypoint.sh +++ b/mainline/alpine/docker-entrypoint.sh @@ -16,6 +16,15 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in + *.envsh) + if [ -x "$f" ]; then + echo >&3 "$0: Sourcing $f"; + source "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; *.sh) if [ -x "$f" ]; then echo >&3 "$0: Launching $f"; diff --git a/mainline/debian-perl/docker-entrypoint.sh b/mainline/debian-perl/docker-entrypoint.sh index 72d5cd94e..b8b99e146 100755 --- a/mainline/debian-perl/docker-entrypoint.sh +++ b/mainline/debian-perl/docker-entrypoint.sh @@ -16,6 +16,15 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in + *.envsh) + if [ -x "$f" ]; then + echo >&3 "$0: Sourcing $f"; + source "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; *.sh) if [ -x "$f" ]; then echo >&3 "$0: Launching $f"; diff --git a/mainline/debian/docker-entrypoint.sh b/mainline/debian/docker-entrypoint.sh index 72d5cd94e..b8b99e146 100755 --- a/mainline/debian/docker-entrypoint.sh +++ b/mainline/debian/docker-entrypoint.sh @@ -16,6 +16,15 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in + *.envsh) + if [ -x "$f" ]; then + echo >&3 "$0: Sourcing $f"; + source "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; *.sh) if [ -x "$f" ]; then echo >&3 "$0: Launching $f"; diff --git a/stable/alpine-perl/docker-entrypoint.sh b/stable/alpine-perl/docker-entrypoint.sh index 72d5cd94e..b8b99e146 100755 --- a/stable/alpine-perl/docker-entrypoint.sh +++ b/stable/alpine-perl/docker-entrypoint.sh @@ -16,6 +16,15 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in + *.envsh) + if [ -x "$f" ]; then + echo >&3 "$0: Sourcing $f"; + source "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; *.sh) if [ -x "$f" ]; then echo >&3 "$0: Launching $f"; diff --git a/stable/alpine-slim/docker-entrypoint.sh b/stable/alpine-slim/docker-entrypoint.sh index 72d5cd94e..b8b99e146 100755 --- a/stable/alpine-slim/docker-entrypoint.sh +++ b/stable/alpine-slim/docker-entrypoint.sh @@ -16,6 +16,15 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in + *.envsh) + if [ -x "$f" ]; then + echo >&3 "$0: Sourcing $f"; + source "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; *.sh) if [ -x "$f" ]; then echo >&3 "$0: Launching $f"; diff --git a/stable/alpine/docker-entrypoint.sh b/stable/alpine/docker-entrypoint.sh index 72d5cd94e..b8b99e146 100755 --- a/stable/alpine/docker-entrypoint.sh +++ b/stable/alpine/docker-entrypoint.sh @@ -16,6 +16,15 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in + *.envsh) + if [ -x "$f" ]; then + echo >&3 "$0: Sourcing $f"; + source "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; *.sh) if [ -x "$f" ]; then echo >&3 "$0: Launching $f"; diff --git a/stable/debian-perl/docker-entrypoint.sh b/stable/debian-perl/docker-entrypoint.sh index 72d5cd94e..b8b99e146 100755 --- a/stable/debian-perl/docker-entrypoint.sh +++ b/stable/debian-perl/docker-entrypoint.sh @@ -16,6 +16,15 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in + *.envsh) + if [ -x "$f" ]; then + echo >&3 "$0: Sourcing $f"; + source "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; *.sh) if [ -x "$f" ]; then echo >&3 "$0: Launching $f"; diff --git a/stable/debian/docker-entrypoint.sh b/stable/debian/docker-entrypoint.sh index 72d5cd94e..b8b99e146 100755 --- a/stable/debian/docker-entrypoint.sh +++ b/stable/debian/docker-entrypoint.sh @@ -16,6 +16,15 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in + *.envsh) + if [ -x "$f" ]; then + echo >&3 "$0: Sourcing $f"; + source "$f" + else + # warn on shell scripts without exec bit + echo >&3 "$0: Ignoring $f, not executable"; + fi + ;; *.sh) if [ -x "$f" ]; then echo >&3 "$0: Launching $f"; From 6b94ddac1c42eab917f4060a8a1de673779e87d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Sj=C3=B6lund?= Date: Sun, 11 Sep 2022 07:49:13 +0200 Subject: [PATCH 150/306] docker-entrypoint: don't close fd 3. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The file descriptor 3 in the container might be an activated socket that was inherited from systemd via Podman and should therefore not be closed. Fixes #702. Signed-off-by: Erik Sjölund --- entrypoint/10-listen-on-ipv6-by-default.sh | 26 ++++++++++++-------- entrypoint/20-envsubst-on-templates.sh | 10 ++++++-- entrypoint/docker-entrypoint.sh | 28 +++++++++++----------- 3 files changed, 38 insertions(+), 26 deletions(-) diff --git a/entrypoint/10-listen-on-ipv6-by-default.sh b/entrypoint/10-listen-on-ipv6-by-default.sh index 9585152ba..b2655860d 100755 --- a/entrypoint/10-listen-on-ipv6-by-default.sh +++ b/entrypoint/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/entrypoint/20-envsubst-on-templates.sh b/entrypoint/20-envsubst-on-templates.sh index 4f330295b..1a2560a4c 100755 --- a/entrypoint/20-envsubst-on-templates.sh +++ b/entrypoint/20-envsubst-on-templates.sh @@ -4,6 +4,12 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" @@ -13,7 +19,7 @@ auto_envsubst() { defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/entrypoint/docker-entrypoint.sh b/entrypoint/docker-entrypoint.sh index b8b99e146..34fef79bb 100755 --- a/entrypoint/docker-entrypoint.sh +++ b/entrypoint/docker-entrypoint.sh @@ -3,44 +3,44 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.envsh) if [ -x "$f" ]; then - echo >&3 "$0: Sourcing $f"; + entrypoint_log "$0: Sourcing $f"; source "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi From 4680ae8cb5a0dfc561699c9ed3dc5c93091b9e36 Mon Sep 17 00:00:00 2001 From: Konstantin Demin Date: Sat, 10 Sep 2022 00:47:58 +0300 Subject: [PATCH 151/306] 30-tune-worker-processes.sh: cgroups2 workaround cgroups2 may be set in weird way: <<< $ podman run --rm --network=host debian:stable-slim sh -c 'grep cgroup /proc/self/mountinfo ; echo ; cat /proc/self/cgroup' 754 752 0:27 /../../../../../.. /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - cgroup2 cgroup2 rw,nsdelegate,memory_recursiveprot 0::/ >>> add workaround for that case Signed-off-by: Konstantin Demin --- entrypoint/30-tune-worker-processes.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint/30-tune-worker-processes.sh b/entrypoint/30-tune-worker-processes.sh index 565058715..9aa42e98d 100755 --- a/entrypoint/30-tune-worker-processes.sh +++ b/entrypoint/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac From 0d38d4931427fea915b2db39c1212db369278d5c Mon Sep 17 00:00:00 2001 From: Alex Sheplyakov Date: Tue, 13 Sep 2022 16:22:03 +0400 Subject: [PATCH 152/306] Better ENV variables handling. In case when env contain variables with newlines, the variables substitution script fails, trying to use non-existent variables. See https://github.com/nginxinc/docker-nginx/pull/560 for more details. Co-authored-by: Tianon Gravi --- entrypoint/20-envsubst-on-templates.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint/20-envsubst-on-templates.sh b/entrypoint/20-envsubst-on-templates.sh index 1a2560a4c..8ca5b7e6c 100755 --- a/entrypoint/20-envsubst-on-templates.sh +++ b/entrypoint/20-envsubst-on-templates.sh @@ -16,7 +16,7 @@ auto_envsubst() { local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" From ed42652f987141da65bab235b86a165b2c506cf5 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 13 Sep 2022 16:32:24 +0400 Subject: [PATCH 153/306] Updated entrypoints changed with the recent commits. --- .../10-listen-on-ipv6-by-default.sh | 26 ++++++++++------- .../alpine-perl/20-envsubst-on-templates.sh | 12 ++++++-- .../alpine-perl/30-tune-worker-processes.sh | 2 +- mainline/alpine-perl/docker-entrypoint.sh | 28 +++++++++---------- .../10-listen-on-ipv6-by-default.sh | 26 ++++++++++------- .../alpine-slim/20-envsubst-on-templates.sh | 12 ++++++-- .../alpine-slim/30-tune-worker-processes.sh | 2 +- mainline/alpine-slim/docker-entrypoint.sh | 28 +++++++++---------- .../alpine/10-listen-on-ipv6-by-default.sh | 26 ++++++++++------- mainline/alpine/20-envsubst-on-templates.sh | 12 ++++++-- mainline/alpine/30-tune-worker-processes.sh | 2 +- mainline/alpine/docker-entrypoint.sh | 28 +++++++++---------- .../10-listen-on-ipv6-by-default.sh | 26 ++++++++++------- .../debian-perl/20-envsubst-on-templates.sh | 12 ++++++-- .../debian-perl/30-tune-worker-processes.sh | 2 +- mainline/debian-perl/docker-entrypoint.sh | 28 +++++++++---------- .../debian/10-listen-on-ipv6-by-default.sh | 26 ++++++++++------- mainline/debian/20-envsubst-on-templates.sh | 12 ++++++-- mainline/debian/30-tune-worker-processes.sh | 2 +- mainline/debian/docker-entrypoint.sh | 28 +++++++++---------- .../10-listen-on-ipv6-by-default.sh | 26 ++++++++++------- .../alpine-perl/20-envsubst-on-templates.sh | 12 ++++++-- .../alpine-perl/30-tune-worker-processes.sh | 2 +- stable/alpine-perl/docker-entrypoint.sh | 28 +++++++++---------- .../10-listen-on-ipv6-by-default.sh | 26 ++++++++++------- .../alpine-slim/20-envsubst-on-templates.sh | 12 ++++++-- .../alpine-slim/30-tune-worker-processes.sh | 2 +- stable/alpine-slim/docker-entrypoint.sh | 28 +++++++++---------- stable/alpine/10-listen-on-ipv6-by-default.sh | 26 ++++++++++------- stable/alpine/20-envsubst-on-templates.sh | 12 ++++++-- stable/alpine/30-tune-worker-processes.sh | 2 +- stable/alpine/docker-entrypoint.sh | 28 +++++++++---------- .../10-listen-on-ipv6-by-default.sh | 26 ++++++++++------- .../debian-perl/20-envsubst-on-templates.sh | 12 ++++++-- .../debian-perl/30-tune-worker-processes.sh | 2 +- stable/debian-perl/docker-entrypoint.sh | 28 +++++++++---------- stable/debian/10-listen-on-ipv6-by-default.sh | 26 ++++++++++------- stable/debian/20-envsubst-on-templates.sh | 12 ++++++-- stable/debian/30-tune-worker-processes.sh | 2 +- stable/debian/docker-entrypoint.sh | 28 +++++++++---------- 40 files changed, 400 insertions(+), 280 deletions(-) diff --git a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh index 9585152ba..b2655860d 100755 --- a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/mainline/alpine-perl/20-envsubst-on-templates.sh b/mainline/alpine-perl/20-envsubst-on-templates.sh index 4f330295b..8ca5b7e6c 100755 --- a/mainline/alpine-perl/20-envsubst-on-templates.sh +++ b/mainline/alpine-perl/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/mainline/alpine-perl/30-tune-worker-processes.sh b/mainline/alpine-perl/30-tune-worker-processes.sh index 565058715..9aa42e98d 100755 --- a/mainline/alpine-perl/30-tune-worker-processes.sh +++ b/mainline/alpine-perl/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/mainline/alpine-perl/docker-entrypoint.sh b/mainline/alpine-perl/docker-entrypoint.sh index b8b99e146..34fef79bb 100755 --- a/mainline/alpine-perl/docker-entrypoint.sh +++ b/mainline/alpine-perl/docker-entrypoint.sh @@ -3,44 +3,44 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.envsh) if [ -x "$f" ]; then - echo >&3 "$0: Sourcing $f"; + entrypoint_log "$0: Sourcing $f"; source "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh b/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh index 9585152ba..b2655860d 100755 --- a/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/mainline/alpine-slim/20-envsubst-on-templates.sh b/mainline/alpine-slim/20-envsubst-on-templates.sh index 4f330295b..8ca5b7e6c 100755 --- a/mainline/alpine-slim/20-envsubst-on-templates.sh +++ b/mainline/alpine-slim/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/mainline/alpine-slim/30-tune-worker-processes.sh b/mainline/alpine-slim/30-tune-worker-processes.sh index 565058715..9aa42e98d 100755 --- a/mainline/alpine-slim/30-tune-worker-processes.sh +++ b/mainline/alpine-slim/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/mainline/alpine-slim/docker-entrypoint.sh b/mainline/alpine-slim/docker-entrypoint.sh index b8b99e146..34fef79bb 100755 --- a/mainline/alpine-slim/docker-entrypoint.sh +++ b/mainline/alpine-slim/docker-entrypoint.sh @@ -3,44 +3,44 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.envsh) if [ -x "$f" ]; then - echo >&3 "$0: Sourcing $f"; + entrypoint_log "$0: Sourcing $f"; source "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/mainline/alpine/10-listen-on-ipv6-by-default.sh b/mainline/alpine/10-listen-on-ipv6-by-default.sh index 9585152ba..b2655860d 100755 --- a/mainline/alpine/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/mainline/alpine/20-envsubst-on-templates.sh b/mainline/alpine/20-envsubst-on-templates.sh index 4f330295b..8ca5b7e6c 100755 --- a/mainline/alpine/20-envsubst-on-templates.sh +++ b/mainline/alpine/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/mainline/alpine/30-tune-worker-processes.sh b/mainline/alpine/30-tune-worker-processes.sh index 565058715..9aa42e98d 100755 --- a/mainline/alpine/30-tune-worker-processes.sh +++ b/mainline/alpine/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/mainline/alpine/docker-entrypoint.sh b/mainline/alpine/docker-entrypoint.sh index b8b99e146..34fef79bb 100755 --- a/mainline/alpine/docker-entrypoint.sh +++ b/mainline/alpine/docker-entrypoint.sh @@ -3,44 +3,44 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.envsh) if [ -x "$f" ]; then - echo >&3 "$0: Sourcing $f"; + entrypoint_log "$0: Sourcing $f"; source "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/mainline/debian-perl/10-listen-on-ipv6-by-default.sh b/mainline/debian-perl/10-listen-on-ipv6-by-default.sh index 9585152ba..b2655860d 100755 --- a/mainline/debian-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/debian-perl/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/mainline/debian-perl/20-envsubst-on-templates.sh b/mainline/debian-perl/20-envsubst-on-templates.sh index 4f330295b..8ca5b7e6c 100755 --- a/mainline/debian-perl/20-envsubst-on-templates.sh +++ b/mainline/debian-perl/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/mainline/debian-perl/30-tune-worker-processes.sh b/mainline/debian-perl/30-tune-worker-processes.sh index 565058715..9aa42e98d 100755 --- a/mainline/debian-perl/30-tune-worker-processes.sh +++ b/mainline/debian-perl/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/mainline/debian-perl/docker-entrypoint.sh b/mainline/debian-perl/docker-entrypoint.sh index b8b99e146..34fef79bb 100755 --- a/mainline/debian-perl/docker-entrypoint.sh +++ b/mainline/debian-perl/docker-entrypoint.sh @@ -3,44 +3,44 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.envsh) if [ -x "$f" ]; then - echo >&3 "$0: Sourcing $f"; + entrypoint_log "$0: Sourcing $f"; source "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/mainline/debian/10-listen-on-ipv6-by-default.sh b/mainline/debian/10-listen-on-ipv6-by-default.sh index 9585152ba..b2655860d 100755 --- a/mainline/debian/10-listen-on-ipv6-by-default.sh +++ b/mainline/debian/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/mainline/debian/20-envsubst-on-templates.sh b/mainline/debian/20-envsubst-on-templates.sh index 4f330295b..8ca5b7e6c 100755 --- a/mainline/debian/20-envsubst-on-templates.sh +++ b/mainline/debian/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/mainline/debian/30-tune-worker-processes.sh b/mainline/debian/30-tune-worker-processes.sh index 565058715..9aa42e98d 100755 --- a/mainline/debian/30-tune-worker-processes.sh +++ b/mainline/debian/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/mainline/debian/docker-entrypoint.sh b/mainline/debian/docker-entrypoint.sh index b8b99e146..34fef79bb 100755 --- a/mainline/debian/docker-entrypoint.sh +++ b/mainline/debian/docker-entrypoint.sh @@ -3,44 +3,44 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.envsh) if [ -x "$f" ]; then - echo >&3 "$0: Sourcing $f"; + entrypoint_log "$0: Sourcing $f"; source "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh index 9585152ba..b2655860d 100755 --- a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/stable/alpine-perl/20-envsubst-on-templates.sh b/stable/alpine-perl/20-envsubst-on-templates.sh index 4f330295b..8ca5b7e6c 100755 --- a/stable/alpine-perl/20-envsubst-on-templates.sh +++ b/stable/alpine-perl/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/stable/alpine-perl/30-tune-worker-processes.sh b/stable/alpine-perl/30-tune-worker-processes.sh index 565058715..9aa42e98d 100755 --- a/stable/alpine-perl/30-tune-worker-processes.sh +++ b/stable/alpine-perl/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/stable/alpine-perl/docker-entrypoint.sh b/stable/alpine-perl/docker-entrypoint.sh index b8b99e146..34fef79bb 100755 --- a/stable/alpine-perl/docker-entrypoint.sh +++ b/stable/alpine-perl/docker-entrypoint.sh @@ -3,44 +3,44 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.envsh) if [ -x "$f" ]; then - echo >&3 "$0: Sourcing $f"; + entrypoint_log "$0: Sourcing $f"; source "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/stable/alpine-slim/10-listen-on-ipv6-by-default.sh b/stable/alpine-slim/10-listen-on-ipv6-by-default.sh index 9585152ba..b2655860d 100755 --- a/stable/alpine-slim/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine-slim/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/stable/alpine-slim/20-envsubst-on-templates.sh b/stable/alpine-slim/20-envsubst-on-templates.sh index 4f330295b..8ca5b7e6c 100755 --- a/stable/alpine-slim/20-envsubst-on-templates.sh +++ b/stable/alpine-slim/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/stable/alpine-slim/30-tune-worker-processes.sh b/stable/alpine-slim/30-tune-worker-processes.sh index 565058715..9aa42e98d 100755 --- a/stable/alpine-slim/30-tune-worker-processes.sh +++ b/stable/alpine-slim/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/stable/alpine-slim/docker-entrypoint.sh b/stable/alpine-slim/docker-entrypoint.sh index b8b99e146..34fef79bb 100755 --- a/stable/alpine-slim/docker-entrypoint.sh +++ b/stable/alpine-slim/docker-entrypoint.sh @@ -3,44 +3,44 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.envsh) if [ -x "$f" ]; then - echo >&3 "$0: Sourcing $f"; + entrypoint_log "$0: Sourcing $f"; source "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/stable/alpine/10-listen-on-ipv6-by-default.sh b/stable/alpine/10-listen-on-ipv6-by-default.sh index 9585152ba..b2655860d 100755 --- a/stable/alpine/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/stable/alpine/20-envsubst-on-templates.sh b/stable/alpine/20-envsubst-on-templates.sh index 4f330295b..8ca5b7e6c 100755 --- a/stable/alpine/20-envsubst-on-templates.sh +++ b/stable/alpine/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/stable/alpine/30-tune-worker-processes.sh b/stable/alpine/30-tune-worker-processes.sh index 565058715..9aa42e98d 100755 --- a/stable/alpine/30-tune-worker-processes.sh +++ b/stable/alpine/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/stable/alpine/docker-entrypoint.sh b/stable/alpine/docker-entrypoint.sh index b8b99e146..34fef79bb 100755 --- a/stable/alpine/docker-entrypoint.sh +++ b/stable/alpine/docker-entrypoint.sh @@ -3,44 +3,44 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.envsh) if [ -x "$f" ]; then - echo >&3 "$0: Sourcing $f"; + entrypoint_log "$0: Sourcing $f"; source "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/stable/debian-perl/10-listen-on-ipv6-by-default.sh b/stable/debian-perl/10-listen-on-ipv6-by-default.sh index 9585152ba..b2655860d 100755 --- a/stable/debian-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/debian-perl/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/stable/debian-perl/20-envsubst-on-templates.sh b/stable/debian-perl/20-envsubst-on-templates.sh index 4f330295b..8ca5b7e6c 100755 --- a/stable/debian-perl/20-envsubst-on-templates.sh +++ b/stable/debian-perl/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/stable/debian-perl/30-tune-worker-processes.sh b/stable/debian-perl/30-tune-worker-processes.sh index 565058715..9aa42e98d 100755 --- a/stable/debian-perl/30-tune-worker-processes.sh +++ b/stable/debian-perl/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/stable/debian-perl/docker-entrypoint.sh b/stable/debian-perl/docker-entrypoint.sh index b8b99e146..34fef79bb 100755 --- a/stable/debian-perl/docker-entrypoint.sh +++ b/stable/debian-perl/docker-entrypoint.sh @@ -3,44 +3,44 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.envsh) if [ -x "$f" ]; then - echo >&3 "$0: Sourcing $f"; + entrypoint_log "$0: Sourcing $f"; source "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/stable/debian/10-listen-on-ipv6-by-default.sh b/stable/debian/10-listen-on-ipv6-by-default.sh index 9585152ba..b2655860d 100755 --- a/stable/debian/10-listen-on-ipv6-by-default.sh +++ b/stable/debian/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/stable/debian/20-envsubst-on-templates.sh b/stable/debian/20-envsubst-on-templates.sh index 4f330295b..8ca5b7e6c 100755 --- a/stable/debian/20-envsubst-on-templates.sh +++ b/stable/debian/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/stable/debian/30-tune-worker-processes.sh b/stable/debian/30-tune-worker-processes.sh index 565058715..9aa42e98d 100755 --- a/stable/debian/30-tune-worker-processes.sh +++ b/stable/debian/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/stable/debian/docker-entrypoint.sh b/stable/debian/docker-entrypoint.sh index b8b99e146..34fef79bb 100755 --- a/stable/debian/docker-entrypoint.sh +++ b/stable/debian/docker-entrypoint.sh @@ -3,44 +3,44 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.envsh) if [ -x "$f" ]; then - echo >&3 "$0: Sourcing $f"; + entrypoint_log "$0: Sourcing $f"; source "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi From 34f8babd45eba2b3c4b001b7aac41882aae3b17a Mon Sep 17 00:00:00 2001 From: karlderkaefer Date: Thu, 15 Sep 2022 13:46:21 +0200 Subject: [PATCH 154/306] feat: add optional filter for environment variables passed to envsubst MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit closes #705 Co-authored-by: Erik Sjölund --- entrypoint/20-envsubst-on-templates.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/entrypoint/20-envsubst-on-templates.sh b/entrypoint/20-envsubst-on-templates.sh index 8ca5b7e6c..fc61cdeb4 100755 --- a/entrypoint/20-envsubst-on-templates.sh +++ b/entrypoint/20-envsubst-on-templates.sh @@ -14,9 +14,10 @@ auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" From 98973693a89005722832e1a9e2467211c64139f1 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 27 Sep 2022 13:35:01 +0400 Subject: [PATCH 155/306] Updated entrypoints changed with the previous commit. --- mainline/alpine-perl/20-envsubst-on-templates.sh | 3 ++- mainline/alpine-slim/20-envsubst-on-templates.sh | 3 ++- mainline/alpine/20-envsubst-on-templates.sh | 3 ++- mainline/debian-perl/20-envsubst-on-templates.sh | 3 ++- mainline/debian/20-envsubst-on-templates.sh | 3 ++- stable/alpine-perl/20-envsubst-on-templates.sh | 3 ++- stable/alpine-slim/20-envsubst-on-templates.sh | 3 ++- stable/alpine/20-envsubst-on-templates.sh | 3 ++- stable/debian-perl/20-envsubst-on-templates.sh | 3 ++- stable/debian/20-envsubst-on-templates.sh | 3 ++- 10 files changed, 20 insertions(+), 10 deletions(-) diff --git a/mainline/alpine-perl/20-envsubst-on-templates.sh b/mainline/alpine-perl/20-envsubst-on-templates.sh index 8ca5b7e6c..fc61cdeb4 100755 --- a/mainline/alpine-perl/20-envsubst-on-templates.sh +++ b/mainline/alpine-perl/20-envsubst-on-templates.sh @@ -14,9 +14,10 @@ auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/mainline/alpine-slim/20-envsubst-on-templates.sh b/mainline/alpine-slim/20-envsubst-on-templates.sh index 8ca5b7e6c..fc61cdeb4 100755 --- a/mainline/alpine-slim/20-envsubst-on-templates.sh +++ b/mainline/alpine-slim/20-envsubst-on-templates.sh @@ -14,9 +14,10 @@ auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/mainline/alpine/20-envsubst-on-templates.sh b/mainline/alpine/20-envsubst-on-templates.sh index 8ca5b7e6c..fc61cdeb4 100755 --- a/mainline/alpine/20-envsubst-on-templates.sh +++ b/mainline/alpine/20-envsubst-on-templates.sh @@ -14,9 +14,10 @@ auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/mainline/debian-perl/20-envsubst-on-templates.sh b/mainline/debian-perl/20-envsubst-on-templates.sh index 8ca5b7e6c..fc61cdeb4 100755 --- a/mainline/debian-perl/20-envsubst-on-templates.sh +++ b/mainline/debian-perl/20-envsubst-on-templates.sh @@ -14,9 +14,10 @@ auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/mainline/debian/20-envsubst-on-templates.sh b/mainline/debian/20-envsubst-on-templates.sh index 8ca5b7e6c..fc61cdeb4 100755 --- a/mainline/debian/20-envsubst-on-templates.sh +++ b/mainline/debian/20-envsubst-on-templates.sh @@ -14,9 +14,10 @@ auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/stable/alpine-perl/20-envsubst-on-templates.sh b/stable/alpine-perl/20-envsubst-on-templates.sh index 8ca5b7e6c..fc61cdeb4 100755 --- a/stable/alpine-perl/20-envsubst-on-templates.sh +++ b/stable/alpine-perl/20-envsubst-on-templates.sh @@ -14,9 +14,10 @@ auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/stable/alpine-slim/20-envsubst-on-templates.sh b/stable/alpine-slim/20-envsubst-on-templates.sh index 8ca5b7e6c..fc61cdeb4 100755 --- a/stable/alpine-slim/20-envsubst-on-templates.sh +++ b/stable/alpine-slim/20-envsubst-on-templates.sh @@ -14,9 +14,10 @@ auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/stable/alpine/20-envsubst-on-templates.sh b/stable/alpine/20-envsubst-on-templates.sh index 8ca5b7e6c..fc61cdeb4 100755 --- a/stable/alpine/20-envsubst-on-templates.sh +++ b/stable/alpine/20-envsubst-on-templates.sh @@ -14,9 +14,10 @@ auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/stable/debian-perl/20-envsubst-on-templates.sh b/stable/debian-perl/20-envsubst-on-templates.sh index 8ca5b7e6c..fc61cdeb4 100755 --- a/stable/debian-perl/20-envsubst-on-templates.sh +++ b/stable/debian-perl/20-envsubst-on-templates.sh @@ -14,9 +14,10 @@ auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/stable/debian/20-envsubst-on-templates.sh b/stable/debian/20-envsubst-on-templates.sh index 8ca5b7e6c..fc61cdeb4 100755 --- a/stable/debian/20-envsubst-on-templates.sh +++ b/stable/debian/20-envsubst-on-templates.sh @@ -14,9 +14,10 @@ auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" From cc7ca22aee900542c05594d7a2b18623d84c7d12 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 27 Sep 2022 14:59:48 +0400 Subject: [PATCH 156/306] docker-entrypoint.sh: Use a portable source command. --- entrypoint/docker-entrypoint.sh | 2 +- mainline/alpine-perl/docker-entrypoint.sh | 2 +- mainline/alpine-slim/docker-entrypoint.sh | 2 +- mainline/alpine/docker-entrypoint.sh | 2 +- mainline/debian-perl/docker-entrypoint.sh | 2 +- mainline/debian/docker-entrypoint.sh | 2 +- stable/alpine-perl/docker-entrypoint.sh | 2 +- stable/alpine-slim/docker-entrypoint.sh | 2 +- stable/alpine/docker-entrypoint.sh | 2 +- stable/debian-perl/docker-entrypoint.sh | 2 +- stable/debian/docker-entrypoint.sh | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/entrypoint/docker-entrypoint.sh b/entrypoint/docker-entrypoint.sh index 34fef79bb..e201fe608 100755 --- a/entrypoint/docker-entrypoint.sh +++ b/entrypoint/docker-entrypoint.sh @@ -19,7 +19,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then *.envsh) if [ -x "$f" ]; then entrypoint_log "$0: Sourcing $f"; - source "$f" + . "$f" else # warn on shell scripts without exec bit entrypoint_log "$0: Ignoring $f, not executable"; diff --git a/mainline/alpine-perl/docker-entrypoint.sh b/mainline/alpine-perl/docker-entrypoint.sh index 34fef79bb..e201fe608 100755 --- a/mainline/alpine-perl/docker-entrypoint.sh +++ b/mainline/alpine-perl/docker-entrypoint.sh @@ -19,7 +19,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then *.envsh) if [ -x "$f" ]; then entrypoint_log "$0: Sourcing $f"; - source "$f" + . "$f" else # warn on shell scripts without exec bit entrypoint_log "$0: Ignoring $f, not executable"; diff --git a/mainline/alpine-slim/docker-entrypoint.sh b/mainline/alpine-slim/docker-entrypoint.sh index 34fef79bb..e201fe608 100755 --- a/mainline/alpine-slim/docker-entrypoint.sh +++ b/mainline/alpine-slim/docker-entrypoint.sh @@ -19,7 +19,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then *.envsh) if [ -x "$f" ]; then entrypoint_log "$0: Sourcing $f"; - source "$f" + . "$f" else # warn on shell scripts without exec bit entrypoint_log "$0: Ignoring $f, not executable"; diff --git a/mainline/alpine/docker-entrypoint.sh b/mainline/alpine/docker-entrypoint.sh index 34fef79bb..e201fe608 100755 --- a/mainline/alpine/docker-entrypoint.sh +++ b/mainline/alpine/docker-entrypoint.sh @@ -19,7 +19,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then *.envsh) if [ -x "$f" ]; then entrypoint_log "$0: Sourcing $f"; - source "$f" + . "$f" else # warn on shell scripts without exec bit entrypoint_log "$0: Ignoring $f, not executable"; diff --git a/mainline/debian-perl/docker-entrypoint.sh b/mainline/debian-perl/docker-entrypoint.sh index 34fef79bb..e201fe608 100755 --- a/mainline/debian-perl/docker-entrypoint.sh +++ b/mainline/debian-perl/docker-entrypoint.sh @@ -19,7 +19,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then *.envsh) if [ -x "$f" ]; then entrypoint_log "$0: Sourcing $f"; - source "$f" + . "$f" else # warn on shell scripts without exec bit entrypoint_log "$0: Ignoring $f, not executable"; diff --git a/mainline/debian/docker-entrypoint.sh b/mainline/debian/docker-entrypoint.sh index 34fef79bb..e201fe608 100755 --- a/mainline/debian/docker-entrypoint.sh +++ b/mainline/debian/docker-entrypoint.sh @@ -19,7 +19,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then *.envsh) if [ -x "$f" ]; then entrypoint_log "$0: Sourcing $f"; - source "$f" + . "$f" else # warn on shell scripts without exec bit entrypoint_log "$0: Ignoring $f, not executable"; diff --git a/stable/alpine-perl/docker-entrypoint.sh b/stable/alpine-perl/docker-entrypoint.sh index 34fef79bb..e201fe608 100755 --- a/stable/alpine-perl/docker-entrypoint.sh +++ b/stable/alpine-perl/docker-entrypoint.sh @@ -19,7 +19,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then *.envsh) if [ -x "$f" ]; then entrypoint_log "$0: Sourcing $f"; - source "$f" + . "$f" else # warn on shell scripts without exec bit entrypoint_log "$0: Ignoring $f, not executable"; diff --git a/stable/alpine-slim/docker-entrypoint.sh b/stable/alpine-slim/docker-entrypoint.sh index 34fef79bb..e201fe608 100755 --- a/stable/alpine-slim/docker-entrypoint.sh +++ b/stable/alpine-slim/docker-entrypoint.sh @@ -19,7 +19,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then *.envsh) if [ -x "$f" ]; then entrypoint_log "$0: Sourcing $f"; - source "$f" + . "$f" else # warn on shell scripts without exec bit entrypoint_log "$0: Ignoring $f, not executable"; diff --git a/stable/alpine/docker-entrypoint.sh b/stable/alpine/docker-entrypoint.sh index 34fef79bb..e201fe608 100755 --- a/stable/alpine/docker-entrypoint.sh +++ b/stable/alpine/docker-entrypoint.sh @@ -19,7 +19,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then *.envsh) if [ -x "$f" ]; then entrypoint_log "$0: Sourcing $f"; - source "$f" + . "$f" else # warn on shell scripts without exec bit entrypoint_log "$0: Ignoring $f, not executable"; diff --git a/stable/debian-perl/docker-entrypoint.sh b/stable/debian-perl/docker-entrypoint.sh index 34fef79bb..e201fe608 100755 --- a/stable/debian-perl/docker-entrypoint.sh +++ b/stable/debian-perl/docker-entrypoint.sh @@ -19,7 +19,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then *.envsh) if [ -x "$f" ]; then entrypoint_log "$0: Sourcing $f"; - source "$f" + . "$f" else # warn on shell scripts without exec bit entrypoint_log "$0: Ignoring $f, not executable"; diff --git a/stable/debian/docker-entrypoint.sh b/stable/debian/docker-entrypoint.sh index 34fef79bb..e201fe608 100755 --- a/stable/debian/docker-entrypoint.sh +++ b/stable/debian/docker-entrypoint.sh @@ -19,7 +19,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then *.envsh) if [ -x "$f" ]; then entrypoint_log "$0: Sourcing $f"; - source "$f" + . "$f" else # warn on shell scripts without exec bit entrypoint_log "$0: Ignoring $f, not executable"; From 7e0541f37699661c286ba68a67a5cee4a0ea05a9 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 28 Sep 2022 12:01:33 +0400 Subject: [PATCH 157/306] 20-envsubst-on-templates.sh: use awk to get environment. The solution with xargs reading from /proc/self/environ is too expensive, especially when there is a lot of environment variables to be checked. See https://github.com/nginxinc/docker-nginx-unprivileged/issues/107 for more details. --- entrypoint/20-envsubst-on-templates.sh | 2 +- mainline/alpine-perl/20-envsubst-on-templates.sh | 2 +- mainline/alpine-slim/20-envsubst-on-templates.sh | 2 +- mainline/alpine/20-envsubst-on-templates.sh | 2 +- mainline/debian-perl/20-envsubst-on-templates.sh | 2 +- mainline/debian/20-envsubst-on-templates.sh | 2 +- stable/alpine-perl/20-envsubst-on-templates.sh | 2 +- stable/alpine-slim/20-envsubst-on-templates.sh | 2 +- stable/alpine/20-envsubst-on-templates.sh | 2 +- stable/debian-perl/20-envsubst-on-templates.sh | 2 +- stable/debian/20-envsubst-on-templates.sh | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/entrypoint/20-envsubst-on-templates.sh b/entrypoint/20-envsubst-on-templates.sh index fc61cdeb4..d0398b1e1 100755 --- a/entrypoint/20-envsubst-on-templates.sh +++ b/entrypoint/20-envsubst-on-templates.sh @@ -17,7 +17,7 @@ auto_envsubst() { local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); + defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/mainline/alpine-perl/20-envsubst-on-templates.sh b/mainline/alpine-perl/20-envsubst-on-templates.sh index fc61cdeb4..d0398b1e1 100755 --- a/mainline/alpine-perl/20-envsubst-on-templates.sh +++ b/mainline/alpine-perl/20-envsubst-on-templates.sh @@ -17,7 +17,7 @@ auto_envsubst() { local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); + defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/mainline/alpine-slim/20-envsubst-on-templates.sh b/mainline/alpine-slim/20-envsubst-on-templates.sh index fc61cdeb4..d0398b1e1 100755 --- a/mainline/alpine-slim/20-envsubst-on-templates.sh +++ b/mainline/alpine-slim/20-envsubst-on-templates.sh @@ -17,7 +17,7 @@ auto_envsubst() { local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); + defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/mainline/alpine/20-envsubst-on-templates.sh b/mainline/alpine/20-envsubst-on-templates.sh index fc61cdeb4..d0398b1e1 100755 --- a/mainline/alpine/20-envsubst-on-templates.sh +++ b/mainline/alpine/20-envsubst-on-templates.sh @@ -17,7 +17,7 @@ auto_envsubst() { local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); + defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/mainline/debian-perl/20-envsubst-on-templates.sh b/mainline/debian-perl/20-envsubst-on-templates.sh index fc61cdeb4..d0398b1e1 100755 --- a/mainline/debian-perl/20-envsubst-on-templates.sh +++ b/mainline/debian-perl/20-envsubst-on-templates.sh @@ -17,7 +17,7 @@ auto_envsubst() { local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); + defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/mainline/debian/20-envsubst-on-templates.sh b/mainline/debian/20-envsubst-on-templates.sh index fc61cdeb4..d0398b1e1 100755 --- a/mainline/debian/20-envsubst-on-templates.sh +++ b/mainline/debian/20-envsubst-on-templates.sh @@ -17,7 +17,7 @@ auto_envsubst() { local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); + defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/stable/alpine-perl/20-envsubst-on-templates.sh b/stable/alpine-perl/20-envsubst-on-templates.sh index fc61cdeb4..d0398b1e1 100755 --- a/stable/alpine-perl/20-envsubst-on-templates.sh +++ b/stable/alpine-perl/20-envsubst-on-templates.sh @@ -17,7 +17,7 @@ auto_envsubst() { local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); + defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/stable/alpine-slim/20-envsubst-on-templates.sh b/stable/alpine-slim/20-envsubst-on-templates.sh index fc61cdeb4..d0398b1e1 100755 --- a/stable/alpine-slim/20-envsubst-on-templates.sh +++ b/stable/alpine-slim/20-envsubst-on-templates.sh @@ -17,7 +17,7 @@ auto_envsubst() { local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); + defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/stable/alpine/20-envsubst-on-templates.sh b/stable/alpine/20-envsubst-on-templates.sh index fc61cdeb4..d0398b1e1 100755 --- a/stable/alpine/20-envsubst-on-templates.sh +++ b/stable/alpine/20-envsubst-on-templates.sh @@ -17,7 +17,7 @@ auto_envsubst() { local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); + defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/stable/debian-perl/20-envsubst-on-templates.sh b/stable/debian-perl/20-envsubst-on-templates.sh index fc61cdeb4..d0398b1e1 100755 --- a/stable/debian-perl/20-envsubst-on-templates.sh +++ b/stable/debian-perl/20-envsubst-on-templates.sh @@ -17,7 +17,7 @@ auto_envsubst() { local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); + defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" diff --git a/stable/debian/20-envsubst-on-templates.sh b/stable/debian/20-envsubst-on-templates.sh index fc61cdeb4..d0398b1e1 100755 --- a/stable/debian/20-envsubst-on-templates.sh +++ b/stable/debian/20-envsubst-on-templates.sh @@ -17,7 +17,7 @@ auto_envsubst() { local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c "echo \"\$@\" | grep -- \"${filter}\" | grep -oEm1 \"^[^=]+\"" --)); + defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" From fef51235521d1cdf8b05d8cb1378a526d2abf421 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 19 Oct 2022 16:27:43 +0400 Subject: [PATCH 158/306] Updated NGINX to 1.22.1, 1.23.2, NJS to 0.7.7. --- mainline/alpine-perl/Dockerfile | 6 +++--- mainline/alpine-slim/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 4 ++-- stable/alpine-perl/Dockerfile | 14 +++++++------- stable/alpine-slim/Dockerfile | 12 ++++++------ stable/alpine/Dockerfile | 14 +++++++------- stable/debian-perl/Dockerfile | 4 ++-- stable/debian/Dockerfile | 4 ++-- update.sh | 14 +++++++------- 11 files changed, 43 insertions(+), 43 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index a67df4f7d..0308d51d6 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.1 -ENV NJS_VERSION 0.7.6 +ENV NGINX_VERSION 1.23.2 +ENV NJS_VERSION 0.7.7 ENV PKG_RELEASE 1 RUN set -x \ @@ -68,7 +68,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"513952f1e0432e667a8e3afef791a2daa036911f35573c849712747f10418f3f5b8712faf75fcb87f91bfaf593622b1e1c4f38ad9fef830f4cae141357206ecd *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"98d244d5dea3f0c49692843b1857e21dc7353e749f9ff8a526036a3beeea299e156183b6a98070ffc68a23d191e1f24c577d7ea874f8cc27ce01f4dc832658b6 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index b5cfded6a..737f738a1 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.1 +ENV NGINX_VERSION 1.23.2 ENV PKG_RELEASE 1 RUN set -x \ @@ -57,7 +57,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"513952f1e0432e667a8e3afef791a2daa036911f35573c849712747f10418f3f5b8712faf75fcb87f91bfaf593622b1e1c4f38ad9fef830f4cae141357206ecd *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"98d244d5dea3f0c49692843b1857e21dc7353e749f9ff8a526036a3beeea299e156183b6a98070ffc68a23d191e1f24c577d7ea874f8cc27ce01f4dc832658b6 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index d8a995bd9..7aebcf88b 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.1 -ENV NJS_VERSION 0.7.6 +ENV NGINX_VERSION 1.23.2 +ENV NJS_VERSION 0.7.7 ENV PKG_RELEASE 1 RUN set -x \ @@ -67,7 +67,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"513952f1e0432e667a8e3afef791a2daa036911f35573c849712747f10418f3f5b8712faf75fcb87f91bfaf593622b1e1c4f38ad9fef830f4cae141357206ecd *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"98d244d5dea3f0c49692843b1857e21dc7353e749f9ff8a526036a3beeea299e156183b6a98070ffc68a23d191e1f24c577d7ea874f8cc27ce01f4dc832658b6 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index a0a4c590a..913ee5fef 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.1 -ENV NJS_VERSION 0.7.6 +ENV NGINX_VERSION 1.23.2 +ENV NJS_VERSION 0.7.7 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index dd378e7e0..cd819d0db 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.1 -ENV NJS_VERSION 0.7.6 +ENV NGINX_VERSION 1.23.2 +ENV NJS_VERSION 0.7.7 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 50cac385f..52ac64c9e 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.22.0 -ENV NJS_VERSION 0.7.6 +ENV NGINX_VERSION 1.22.1 +ENV NJS_VERSION 0.7.7 ENV PKG_RELEASE 1 RUN set -x \ @@ -67,16 +67,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/725.tar.gz \ - && PKGOSSCHECKSUM=\"a6c56bb7e98be77337affe349e1316a71ddad7a732dc3b34294a794b3e740d68385022f0de72d08c090156f194580a92dcb8b5e2aa1c9c29b5a8484a6431e9b3 *725.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 725.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"7266f418dcc9d89a2990f504d99ec58d10febbaf078c03630d42843955cee7e50b0f90fb317360384a32473839dc42d8b329b737015ec8dd0d028f90d4d5ed25 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 725.tar.gz \ - && cd pkg-oss-725 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 8f5485396..3244126b2 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.22.0 +ENV NGINX_VERSION 1.22.1 ENV PKG_RELEASE 1 RUN set -x \ @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/725.tar.gz \ - && PKGOSSCHECKSUM=\"a6c56bb7e98be77337affe349e1316a71ddad7a732dc3b34294a794b3e740d68385022f0de72d08c090156f194580a92dcb8b5e2aa1c9c29b5a8484a6431e9b3 *725.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 725.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"7266f418dcc9d89a2990f504d99ec58d10febbaf078c03630d42843955cee7e50b0f90fb317360384a32473839dc42d8b329b737015ec8dd0d028f90d4d5ed25 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 725.tar.gz \ - && cd pkg-oss-725 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 4bec54dcf..2e27da182 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.16 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.22.0 -ENV NJS_VERSION 0.7.6 +ENV NGINX_VERSION 1.22.1 +ENV NJS_VERSION 0.7.7 ENV PKG_RELEASE 1 RUN set -x \ @@ -66,16 +66,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/725.tar.gz \ - && PKGOSSCHECKSUM=\"a6c56bb7e98be77337affe349e1316a71ddad7a732dc3b34294a794b3e740d68385022f0de72d08c090156f194580a92dcb8b5e2aa1c9c29b5a8484a6431e9b3 *725.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 725.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"7266f418dcc9d89a2990f504d99ec58d10febbaf078c03630d42843955cee7e50b0f90fb317360384a32473839dc42d8b329b737015ec8dd0d028f90d4d5ed25 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 725.tar.gz \ - && cd pkg-oss-725 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make all \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index fac18e55c..c72c92836 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.22.0 -ENV NJS_VERSION 0.7.6 +ENV NGINX_VERSION 1.22.1 +ENV NJS_VERSION 0.7.7 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 48258baca..da4872d3f 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.22.0 -ENV NJS_VERSION 0.7.6 +ENV NGINX_VERSION 1.22.1 +ENV NJS_VERSION 0.7.7 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/update.sh b/update.sh index ddb783eb1..7cad38966 100755 --- a/update.sh +++ b/update.sh @@ -12,14 +12,14 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.23.1' - [stable]='1.22.0' + [mainline]='1.23.2' + [stable]='1.22.1' ) # Current njs versions declare -A njs=( - [mainline]='0.7.6' - [stable]='0.7.6' + [mainline]='0.7.7' + [stable]='0.7.7' ) # Current package patchlevel version @@ -45,15 +45,15 @@ declare -A alpine=( # Remember to update pkgosschecksum when changing this. declare -A rev=( [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' - [stable]='725' + [stable]='${NGINX_VERSION}-${PKG_RELEASE}' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='513952f1e0432e667a8e3afef791a2daa036911f35573c849712747f10418f3f5b8712faf75fcb87f91bfaf593622b1e1c4f38ad9fef830f4cae141357206ecd' - [stable]='a6c56bb7e98be77337affe349e1316a71ddad7a732dc3b34294a794b3e740d68385022f0de72d08c090156f194580a92dcb8b5e2aa1c9c29b5a8484a6431e9b3' + [mainline]='98d244d5dea3f0c49692843b1857e21dc7353e749f9ff8a526036a3beeea299e156183b6a98070ffc68a23d191e1f24c577d7ea874f8cc27ce01f4dc832658b6' + [stable]='7266f418dcc9d89a2990f504d99ec58d10febbaf078c03630d42843955cee7e50b0f90fb317360384a32473839dc42d8b329b737015ec8dd0d028f90d4d5ed25' ) get_packages() { From 2f944f859fd98b1f8ac3d7903beb93c60439ac42 Mon Sep 17 00:00:00 2001 From: Jesper Noordsij Date: Wed, 23 Nov 2022 11:42:51 +0100 Subject: [PATCH 159/306] Update mainline to Alpine 3.17 --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine-slim/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- update.sh | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 0308d51d6..7564b4622 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.16 +FROM alpine:3.17 LABEL maintainer="NGINX Docker Maintainers " diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 737f738a1..315f55f3a 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.16 +FROM alpine:3.17 LABEL maintainer="NGINX Docker Maintainers " diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 7aebcf88b..b81c2e299 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.16 +FROM alpine:3.17 LABEL maintainer="NGINX Docker Maintainers " diff --git a/update.sh b/update.sh index 7cad38966..d76dc8c47 100755 --- a/update.sh +++ b/update.sh @@ -35,7 +35,7 @@ declare -A debian=( ) declare -A alpine=( - [mainline]='3.16' + [mainline]='3.17' [stable]='3.16' ) From 456bf337ceb922a207651aa7c6077a316c3e368c Mon Sep 17 00:00:00 2001 From: Jesper Noordsij Date: Wed, 23 Nov 2022 13:05:47 +0100 Subject: [PATCH 160/306] Update stable to Alpine 3.17 --- stable/alpine-perl/Dockerfile | 2 +- stable/alpine-slim/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- update.sh | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 52ac64c9e..b7118ba74 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.16 +FROM alpine:3.17 LABEL maintainer="NGINX Docker Maintainers " diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 3244126b2..e90b95985 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.16 +FROM alpine:3.17 LABEL maintainer="NGINX Docker Maintainers " diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 2e27da182..86520fef2 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.16 +FROM alpine:3.17 LABEL maintainer="NGINX Docker Maintainers " diff --git a/update.sh b/update.sh index d76dc8c47..3d5dfbc17 100755 --- a/update.sh +++ b/update.sh @@ -36,7 +36,7 @@ declare -A debian=( declare -A alpine=( [mainline]='3.17' - [stable]='3.16' + [stable]='3.17' ) # When we bump njs version in a stable release we don't move the tag in the From b87bbb86650368c31152bec7cf5f0207d7f3ce9b Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 4 Nov 2022 18:01:28 +0400 Subject: [PATCH 161/306] Based alpine and alpine-perl variants off slim one. --- Dockerfile-alpine.template | 48 ++------------------------------------ update.sh | 10 ++++++-- 2 files changed, 10 insertions(+), 48 deletions(-) diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 909323d83..e81503d7b 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -1,15 +1,8 @@ -FROM alpine:%%ALPINE_VERSION%% +FROM nginx:%%NGINX_VERSION%%-alpine-slim -LABEL maintainer="NGINX Docker Maintainers " - -ENV NGINX_VERSION %%NGINX_VERSION%% ENV NJS_VERSION %%NJS_VERSION%% -ENV PKG_RELEASE %%PKG_RELEASE%% RUN set -x \ -# create nginx user/group first, to be consistent throughout docker variants - && addgroup -g 101 -S nginx \ - && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages="%%PACKAGES%% " \ @@ -82,42 +75,5 @@ RUN set -x \ && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ -# Bring in gettext so we can get `envsubst`, then throw -# the rest away. To do this, we need to install `gettext` -# then move `envsubst` out of the way so `gettext` can -# be deleted completely, then move `envsubst` back. - && apk add --no-cache --virtual .gettext gettext \ - && mv /usr/bin/envsubst /tmp/ \ - \ - && runDeps="$( \ - scanelf --needed --nobanner /tmp/envsubst \ - | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ - | sort -u \ - | xargs -r apk info --installed \ - | sort -u \ - )" \ - && apk add --no-cache $runDeps \ - && apk del .gettext \ - && mv /tmp/envsubst /usr/local/bin/ \ -# Bring in tzdata so users could set the timezones through the environment -# variables - && apk add --no-cache tzdata \ # Bring in curl and ca-certificates to make registering on DNS SD easier - && apk add --no-cache curl ca-certificates \ -# forward request and error logs to docker log collector - && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log \ -# create a docker-entrypoint.d directory - && mkdir /docker-entrypoint.d - -COPY docker-entrypoint.sh / -COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d -COPY 20-envsubst-on-templates.sh /docker-entrypoint.d -COPY 30-tune-worker-processes.sh /docker-entrypoint.d -ENTRYPOINT ["/docker-entrypoint.sh"] - -EXPOSE 80 - -STOPSIGNAL SIGQUIT - -CMD ["nginx", "-g", "daemon off;"] + && apk add --no-cache curl ca-certificates diff --git a/update.sh b/update.sh index 3d5dfbc17..c25de8ace 100755 --- a/update.sh +++ b/update.sh @@ -137,7 +137,7 @@ for branch in "${branches[@]}"; do for variant in \ alpine{,-perl,-slim} \ debian{,-perl}; do - echo "$branch: $variant" + echo "$branch: $variant dockerfiles" dir="$branch/$variant" variant="$(basename "$variant")" @@ -172,7 +172,13 @@ for branch in "${branches[@]}"; do -e 's,%%PKGOSSCHECKSUM%%,'"$pkgosschecksumver"',' \ "$dir/Dockerfile" - cp -a entrypoint/*.sh "$dir/" + done + for variant in \ + alpine-slim \ + debian{,-perl}; do \ + echo "$branch: $variant entrypoint scripts" + dir="$branch/$variant" + cp -a entrypoint/*.sh "$dir/" done done From 436c6e35a71d108669a43f0d2ee43c409cb62cf8 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 4 Nov 2022 19:15:25 +0400 Subject: [PATCH 162/306] Based perl variants off default ones. --- Dockerfile-alpine-perl.template | 71 ++++++++++++++++++++++++++++++ Dockerfile-alpine-slim.template | 2 +- Dockerfile-alpine.template | 3 +- Dockerfile-debian-perl.template | 78 +++++++++++++++++++++++++++++++++ Dockerfile-debian.template | 4 +- update.sh | 27 +++++++++++- 6 files changed, 178 insertions(+), 7 deletions(-) create mode 100644 Dockerfile-alpine-perl.template create mode 100644 Dockerfile-debian-perl.template diff --git a/Dockerfile-alpine-perl.template b/Dockerfile-alpine-perl.template new file mode 100644 index 000000000..f3a3c85fc --- /dev/null +++ b/Dockerfile-alpine-perl.template @@ -0,0 +1,71 @@ +FROM nginx:%%NGINX_VERSION%%-alpine + +RUN set -x \ + && apkArch="$(cat /etc/apk/arch)" \ + && nginxPackages="%%PACKAGES%% + " \ +# install prerequisites for public key and pkg-oss checks + && apk add --no-cache --virtual .checksum-deps \ + openssl \ + && case "$apkArch" in \ + x86_64|aarch64) \ +# arches officially built by upstream + set -x \ + && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ + && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + echo "key verification succeeded!"; \ + mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ + else \ + echo "key verification failed!"; \ + exit 1; \ + fi \ + && apk add -X "%%PACKAGEREPO%%v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published packaging sources + set -x \ + && tempDir="$(mktemp -d)" \ + && chown nobody:nobody $tempDir \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre2-dev \ + zlib-dev \ + linux-headers \ + perl-dev \ + bash \ + alpine-sdk \ + findutils \ + && su nobody -s /bin/sh -c " \ + export HOME=${tempDir} \ + && cd ${tempDir} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/%%REVISION%%.tar.gz \ + && PKGOSSCHECKSUM=\"%%PKGOSSCHECKSUM%% *%%REVISION%%.tar.gz\" \ + && if [ \"\$(openssl sha512 -r %%REVISION%%.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + echo \"pkg-oss tarball checksum verification succeeded!\"; \ + else \ + echo \"pkg-oss tarball checksum verification failed!\"; \ + exit 1; \ + fi \ + && tar xzvf %%REVISION%%.tar.gz \ + && cd pkg-oss-%%REVISION%% \ + && cd alpine \ + && make %%BUILDTARGET%% \ + && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ + " \ + && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ + && apk del .build-deps \ + && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ + ;; \ + esac \ +# remove checksum deps + && apk del .checksum-deps \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template index b394d05ea..5a60ba84d 100644 --- a/Dockerfile-alpine-slim.template +++ b/Dockerfile-alpine-slim.template @@ -61,7 +61,7 @@ RUN set -x \ && tar xzvf %%REVISION%%.tar.gz \ && cd pkg-oss-%%REVISION%% \ && cd alpine \ - && make base \ + && make %%BUILDTARGET%% \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index e81503d7b..82f0f56ca 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -41,7 +41,6 @@ RUN set -x \ libxslt-dev \ gd-dev \ geoip-dev \ - perl-dev \ libedit-dev \ bash \ alpine-sdk \ @@ -60,7 +59,7 @@ RUN set -x \ && tar xzvf %%REVISION%%.tar.gz \ && cd pkg-oss-%%REVISION%% \ && cd alpine \ - && make all \ + && make %%BUILDTARGET%% \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ diff --git a/Dockerfile-debian-perl.template b/Dockerfile-debian-perl.template new file mode 100644 index 000000000..39e3b989c --- /dev/null +++ b/Dockerfile-debian-perl.template @@ -0,0 +1,78 @@ +FROM nginx:%%NGINX_VERSION%% + +RUN set -x \ + && apt-get update \ + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ + && \ + NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + found=''; \ + for server in \ + hkp://keyserver.ubuntu.com:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ + apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ + && dpkgArch="$(dpkg --print-architecture)" \ + && nginxPackages="%%PACKAGES%% + " \ + && case "$dpkgArch" in \ + amd64|arm64) \ +# arches officialy built by upstream + echo "deb %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ + && apt-get update \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published source packages + echo "deb-src %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ + \ +# new directory for storing sources and .deb files + && tempDir="$(mktemp -d)" \ + && chmod 777 "$tempDir" \ +# (777 to ensure APT's "_apt" user can access it too) + \ +# save list of currently-installed packages so build dependencies can be cleanly removed later + && savedAptMark="$(apt-mark showmanual)" \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + && apt-get update \ + && apt-get build-dep -y %%BUILDTARGET%% \ + && ( \ + cd "$tempDir" \ + && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile %%BUILDTARGET%% \ + ) \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + && apt-mark showmanual | xargs apt-mark auto > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + && ls -lAFh "$tempDir" \ + && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ + && grep '^Package: ' "$tempDir/Packages" \ + && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + && apt-get -o Acquire::GzipIndexes=false update \ + ;; \ + esac \ + \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + $nginxPackages \ + gettext-base \ + curl \ + && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then \ + apt-get purge -y --auto-remove \ + && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 8c7bf16f5..eaffeabe6 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -48,11 +48,11 @@ RUN set -x \ \ # build .deb files from upstream's source packages (which are verified by apt-get) && apt-get update \ - && apt-get build-dep -y $nginxPackages \ + && apt-get build-dep -y %%BUILDTARGET%% \ && ( \ cd "$tempDir" \ && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile $nginxPackages \ + apt-get source --compile %%BUILDTARGET%% \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ diff --git a/update.sh b/update.sh index c25de8ace..5b245169f 100755 --- a/update.sh +++ b/update.sh @@ -123,6 +123,27 @@ get_packagever() { echo ${pkg[$branch]}${suffix} } +get_buildtarget() { + local distro="$1" + case "$distro" in + alpine-slim) + echo base + ;; + alpine-perl) + echo module-perl + ;; + alpine) + echo module-geoip module-image-filter module-njs module-xslt + ;; + debian) + echo "\$nginxPackages" + ;; + debian-perl) + echo "nginx-module-perl=\${NGINX_VERSION}-\${PKG_RELEASE}" + ;; + esac +} + generated_warning() { cat <<__EOF__ # @@ -143,7 +164,7 @@ for branch in "${branches[@]}"; do [ -d "$dir" ] || continue - template="Dockerfile-${variant%-perl}.template" + template="Dockerfile-${variant}.template" { generated_warning cat "$template" @@ -159,6 +180,7 @@ for branch in "${branches[@]}"; do packagerepo=$(get_packagerepo "$variant" "$branch") packages=$(get_packages "$variant" "$branch") packagever=$(get_packagever "$variant" "$branch") + buildtarget=$(get_buildtarget "$variant") sed -i.bak \ -e 's,%%ALPINE_VERSION%%,'"$alpinever"',' \ @@ -170,13 +192,14 @@ for branch in "${branches[@]}"; do -e 's,%%PACKAGEREPO%%,'"$packagerepo"',' \ -e 's,%%REVISION%%,'"$revver"',' \ -e 's,%%PKGOSSCHECKSUM%%,'"$pkgosschecksumver"',' \ + -e 's,%%BUILDTARGET%%,'"$buildtarget"',' \ "$dir/Dockerfile" done for variant in \ alpine-slim \ - debian{,-perl}; do \ + debian; do \ echo "$branch: $variant entrypoint scripts" dir="$branch/$variant" cp -a entrypoint/*.sh "$dir/" From 914af51cd9d1bb37deb6e49ee5070280d9f3f103 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 4 Nov 2022 19:22:04 +0400 Subject: [PATCH 163/306] Regenerated after last commits. --- .../10-listen-on-ipv6-by-default.sh | 67 ------- .../alpine-perl/20-envsubst-on-templates.sh | 39 ---- .../alpine-perl/30-tune-worker-processes.sh | 188 ------------------ mainline/alpine-perl/Dockerfile | 58 +----- mainline/alpine-perl/docker-entrypoint.sh | 47 ----- .../alpine/10-listen-on-ipv6-by-default.sh | 67 ------- mainline/alpine/20-envsubst-on-templates.sh | 39 ---- mainline/alpine/30-tune-worker-processes.sh | 188 ------------------ mainline/alpine/Dockerfile | 51 +---- mainline/alpine/docker-entrypoint.sh | 47 ----- .../10-listen-on-ipv6-by-default.sh | 67 ------- .../debian-perl/20-envsubst-on-templates.sh | 39 ---- .../debian-perl/30-tune-worker-processes.sh | 188 ------------------ mainline/debian-perl/Dockerfile | 34 +--- mainline/debian-perl/docker-entrypoint.sh | 47 ----- .../10-listen-on-ipv6-by-default.sh | 67 ------- .../alpine-perl/20-envsubst-on-templates.sh | 39 ---- .../alpine-perl/30-tune-worker-processes.sh | 188 ------------------ stable/alpine-perl/Dockerfile | 58 +----- stable/alpine-perl/docker-entrypoint.sh | 47 ----- stable/alpine/10-listen-on-ipv6-by-default.sh | 67 ------- stable/alpine/20-envsubst-on-templates.sh | 39 ---- stable/alpine/30-tune-worker-processes.sh | 188 ------------------ stable/alpine/Dockerfile | 51 +---- stable/alpine/docker-entrypoint.sh | 47 ----- .../10-listen-on-ipv6-by-default.sh | 67 ------- .../debian-perl/20-envsubst-on-templates.sh | 39 ---- .../debian-perl/30-tune-worker-processes.sh | 188 ------------------ stable/debian-perl/Dockerfile | 34 +--- stable/debian-perl/docker-entrypoint.sh | 47 ----- 30 files changed, 20 insertions(+), 2312 deletions(-) delete mode 100755 mainline/alpine-perl/10-listen-on-ipv6-by-default.sh delete mode 100755 mainline/alpine-perl/20-envsubst-on-templates.sh delete mode 100755 mainline/alpine-perl/30-tune-worker-processes.sh delete mode 100755 mainline/alpine-perl/docker-entrypoint.sh delete mode 100755 mainline/alpine/10-listen-on-ipv6-by-default.sh delete mode 100755 mainline/alpine/20-envsubst-on-templates.sh delete mode 100755 mainline/alpine/30-tune-worker-processes.sh delete mode 100755 mainline/alpine/docker-entrypoint.sh delete mode 100755 mainline/debian-perl/10-listen-on-ipv6-by-default.sh delete mode 100755 mainline/debian-perl/20-envsubst-on-templates.sh delete mode 100755 mainline/debian-perl/30-tune-worker-processes.sh delete mode 100755 mainline/debian-perl/docker-entrypoint.sh delete mode 100755 stable/alpine-perl/10-listen-on-ipv6-by-default.sh delete mode 100755 stable/alpine-perl/20-envsubst-on-templates.sh delete mode 100755 stable/alpine-perl/30-tune-worker-processes.sh delete mode 100755 stable/alpine-perl/docker-entrypoint.sh delete mode 100755 stable/alpine/10-listen-on-ipv6-by-default.sh delete mode 100755 stable/alpine/20-envsubst-on-templates.sh delete mode 100755 stable/alpine/30-tune-worker-processes.sh delete mode 100755 stable/alpine/docker-entrypoint.sh delete mode 100755 stable/debian-perl/10-listen-on-ipv6-by-default.sh delete mode 100755 stable/debian-perl/20-envsubst-on-templates.sh delete mode 100755 stable/debian-perl/30-tune-worker-processes.sh delete mode 100755 stable/debian-perl/docker-entrypoint.sh diff --git a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh deleted file mode 100755 index b2655860d..000000000 --- a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/sh -# vim:sw=4:ts=4:et - -set -e - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -ME=$(basename $0) -DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" - -# check if we have ipv6 available -if [ ! -f "/proc/net/if_inet6" ]; then - entrypoint_log "$ME: info: ipv6 not available" - exit 0 -fi - -if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" - exit 0 -fi - -# check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } - -# check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } - -if [ -f "/etc/os-release" ]; then - . /etc/os-release -else - entrypoint_log "$ME: info: can not guess the operating system" - exit 0 -fi - -entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" - -case "$ID" in - "debian") - CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - "alpine") - CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - *) - entrypoint_log "$ME: info: Unsupported distribution" - exit 0 - ;; -esac - -# enable ipv6 on default.conf listen sockets -sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE - -entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" - -exit 0 diff --git a/mainline/alpine-perl/20-envsubst-on-templates.sh b/mainline/alpine-perl/20-envsubst-on-templates.sh deleted file mode 100755 index d0398b1e1..000000000 --- a/mainline/alpine-perl/20-envsubst-on-templates.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh - -set -e - -ME=$(basename $0) - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -auto_envsubst() { - local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" - local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" - local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" - local filter="${NGINX_ENVSUBST_FILTER:-}" - - local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) - [ -d "$template_dir" ] || return 0 - if [ ! -w "$output_dir" ]; then - entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" - return 0 - fi - find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$output_dir/${relative_path%$suffix}" - subdir=$(dirname "$relative_path") - # create a subdirectory where the template file exists - mkdir -p "$output_dir/$subdir" - entrypoint_log "$ME: Running envsubst on $template to $output_path" - envsubst "$defined_envs" < "$template" > "$output_path" - done -} - -auto_envsubst - -exit 0 diff --git a/mainline/alpine-perl/30-tune-worker-processes.sh b/mainline/alpine-perl/30-tune-worker-processes.sh deleted file mode 100755 index 9aa42e98d..000000000 --- a/mainline/alpine-perl/30-tune-worker-processes.sh +++ /dev/null @@ -1,188 +0,0 @@ -#!/bin/sh -# vim:sw=2:ts=2:sts=2:et - -set -eu - -LC_ALL=C -ME=$( basename "$0" ) -PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - -[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 - -touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } - -ceildiv() { - num=$1 - div=$2 - echo $(( (num + div - 1) / div )) -} - -get_cpuset() { - cpusetroot=$1 - cpusetfile=$2 - ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return 1 - for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do - case "$token" in - *-*) - count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) - ncpu=$(( ncpu+count )) - ;; - *) - ncpu=$(( ncpu+1 )) - ;; - esac - done - echo "$ncpu" -} - -get_quota() { - cpuroot=$1 - ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 - [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 - cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) - cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" -} - -get_quota_v2() { - cpuroot=$1 - ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return 1 - cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) - cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" -} - -get_cgroup_v1_path() { - needle=$1 - found= - foundroot= - mountpoint= - - [ -r "/proc/self/mountinfo" ] || return 1 - [ -r "/proc/self/cgroup" ] || return 1 - - while IFS= read -r line; do - case "$needle" in - "cpuset") - case "$line" in - *cpuset*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac - ;; - "cpu") - case "$line" in - *cpuset*) - ;; - *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac - esac - done << __EOF__ -$( grep -F -- '- cgroup ' /proc/self/mountinfo ) -__EOF__ - - while IFS= read -r line; do - controller=$( echo "$line" | cut -d: -f 2 ) - case "$needle" in - "cpuset") - case "$controller" in - cpuset) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac - ;; - "cpu") - case "$controller" in - cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac - ;; - esac -done << __EOF__ -$( grep -F -- 'cpu' /proc/self/cgroup ) -__EOF__ - - case "${found%% *}" in - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint") - foundroot="${found##* }" - ;; - esac - echo "$foundroot" -} - -get_cgroup_v2_path() { - found= - foundroot= - mountpoint= - - [ -r "/proc/self/mountinfo" ] || return 1 - [ -r "/proc/self/cgroup" ] || return 1 - - while IFS= read -r line; do - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - done << __EOF__ -$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) -__EOF__ - - while IFS= read -r line; do - mountpoint=$( echo "$line" | cut -d: -f 3 ) -done << __EOF__ -$( grep -F -- '0::' /proc/self/cgroup ) -__EOF__ - - case "${found%% *}" in - "") - return 1 - ;; - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint" | /../*) - foundroot="${found##* }" - ;; - esac - echo "$foundroot" -} - -ncpu_online=$( getconf _NPROCESSORS_ONLN ) -ncpu_cpuset= -ncpu_quota= -ncpu_cpuset_v2= -ncpu_quota_v2= - -cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online -cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online - -ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ - "$ncpu_online" \ - "$ncpu_cpuset" \ - "$ncpu_quota" \ - "$ncpu_cpuset_v2" \ - "$ncpu_quota_v2" \ - | sort -n \ - | head -n 1 ) - -sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 7564b4622..d0e13e4a1 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,18 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.17 - -LABEL maintainer="NGINX Docker Maintainers " - -ENV NGINX_VERSION 1.23.2 -ENV NJS_VERSION 0.7.7 -ENV PKG_RELEASE 1 +FROM nginx:1.23.2-alpine RUN set -x \ -# create nginx user/group first, to be consistent throughout docker variants - && addgroup -g 101 -S nginx \ - && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ @@ -56,11 +47,7 @@ RUN set -x \ pcre2-dev \ zlib-dev \ linux-headers \ - libxslt-dev \ - gd-dev \ - geoip-dev \ perl-dev \ - libedit-dev \ bash \ alpine-sdk \ findutils \ @@ -78,7 +65,7 @@ RUN set -x \ && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ - && make all \ + && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ @@ -92,43 +79,4 @@ RUN set -x \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ -# Bring in gettext so we can get `envsubst`, then throw -# the rest away. To do this, we need to install `gettext` -# then move `envsubst` out of the way so `gettext` can -# be deleted completely, then move `envsubst` back. - && apk add --no-cache --virtual .gettext gettext \ - && mv /usr/bin/envsubst /tmp/ \ - \ - && runDeps="$( \ - scanelf --needed --nobanner /tmp/envsubst \ - | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ - | sort -u \ - | xargs -r apk info --installed \ - | sort -u \ - )" \ - && apk add --no-cache $runDeps \ - && apk del .gettext \ - && mv /tmp/envsubst /usr/local/bin/ \ -# Bring in tzdata so users could set the timezones through the environment -# variables - && apk add --no-cache tzdata \ -# Bring in curl and ca-certificates to make registering on DNS SD easier - && apk add --no-cache curl ca-certificates \ -# forward request and error logs to docker log collector - && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log \ -# create a docker-entrypoint.d directory - && mkdir /docker-entrypoint.d - -COPY docker-entrypoint.sh / -COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d -COPY 20-envsubst-on-templates.sh /docker-entrypoint.d -COPY 30-tune-worker-processes.sh /docker-entrypoint.d -ENTRYPOINT ["/docker-entrypoint.sh"] - -EXPOSE 80 - -STOPSIGNAL SIGQUIT - -CMD ["nginx", "-g", "daemon off;"] + && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi diff --git a/mainline/alpine-perl/docker-entrypoint.sh b/mainline/alpine-perl/docker-entrypoint.sh deleted file mode 100755 index e201fe608..000000000 --- a/mainline/alpine-perl/docker-entrypoint.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/sh -# vim:sw=4:ts=4:et - -set -e - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then - if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - - entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do - case "$f" in - *.envsh) - if [ -x "$f" ]; then - entrypoint_log "$0: Sourcing $f"; - . "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *.sh) - if [ -x "$f" ]; then - entrypoint_log "$0: Launching $f"; - "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *) entrypoint_log "$0: Ignoring $f";; - esac - done - - entrypoint_log "$0: Configuration complete; ready for start up" - else - entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" - fi -fi - -exec "$@" diff --git a/mainline/alpine/10-listen-on-ipv6-by-default.sh b/mainline/alpine/10-listen-on-ipv6-by-default.sh deleted file mode 100755 index b2655860d..000000000 --- a/mainline/alpine/10-listen-on-ipv6-by-default.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/sh -# vim:sw=4:ts=4:et - -set -e - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -ME=$(basename $0) -DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" - -# check if we have ipv6 available -if [ ! -f "/proc/net/if_inet6" ]; then - entrypoint_log "$ME: info: ipv6 not available" - exit 0 -fi - -if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" - exit 0 -fi - -# check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } - -# check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } - -if [ -f "/etc/os-release" ]; then - . /etc/os-release -else - entrypoint_log "$ME: info: can not guess the operating system" - exit 0 -fi - -entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" - -case "$ID" in - "debian") - CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - "alpine") - CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - *) - entrypoint_log "$ME: info: Unsupported distribution" - exit 0 - ;; -esac - -# enable ipv6 on default.conf listen sockets -sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE - -entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" - -exit 0 diff --git a/mainline/alpine/20-envsubst-on-templates.sh b/mainline/alpine/20-envsubst-on-templates.sh deleted file mode 100755 index d0398b1e1..000000000 --- a/mainline/alpine/20-envsubst-on-templates.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh - -set -e - -ME=$(basename $0) - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -auto_envsubst() { - local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" - local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" - local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" - local filter="${NGINX_ENVSUBST_FILTER:-}" - - local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) - [ -d "$template_dir" ] || return 0 - if [ ! -w "$output_dir" ]; then - entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" - return 0 - fi - find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$output_dir/${relative_path%$suffix}" - subdir=$(dirname "$relative_path") - # create a subdirectory where the template file exists - mkdir -p "$output_dir/$subdir" - entrypoint_log "$ME: Running envsubst on $template to $output_path" - envsubst "$defined_envs" < "$template" > "$output_path" - done -} - -auto_envsubst - -exit 0 diff --git a/mainline/alpine/30-tune-worker-processes.sh b/mainline/alpine/30-tune-worker-processes.sh deleted file mode 100755 index 9aa42e98d..000000000 --- a/mainline/alpine/30-tune-worker-processes.sh +++ /dev/null @@ -1,188 +0,0 @@ -#!/bin/sh -# vim:sw=2:ts=2:sts=2:et - -set -eu - -LC_ALL=C -ME=$( basename "$0" ) -PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - -[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 - -touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } - -ceildiv() { - num=$1 - div=$2 - echo $(( (num + div - 1) / div )) -} - -get_cpuset() { - cpusetroot=$1 - cpusetfile=$2 - ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return 1 - for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do - case "$token" in - *-*) - count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) - ncpu=$(( ncpu+count )) - ;; - *) - ncpu=$(( ncpu+1 )) - ;; - esac - done - echo "$ncpu" -} - -get_quota() { - cpuroot=$1 - ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 - [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 - cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) - cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" -} - -get_quota_v2() { - cpuroot=$1 - ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return 1 - cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) - cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" -} - -get_cgroup_v1_path() { - needle=$1 - found= - foundroot= - mountpoint= - - [ -r "/proc/self/mountinfo" ] || return 1 - [ -r "/proc/self/cgroup" ] || return 1 - - while IFS= read -r line; do - case "$needle" in - "cpuset") - case "$line" in - *cpuset*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac - ;; - "cpu") - case "$line" in - *cpuset*) - ;; - *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac - esac - done << __EOF__ -$( grep -F -- '- cgroup ' /proc/self/mountinfo ) -__EOF__ - - while IFS= read -r line; do - controller=$( echo "$line" | cut -d: -f 2 ) - case "$needle" in - "cpuset") - case "$controller" in - cpuset) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac - ;; - "cpu") - case "$controller" in - cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac - ;; - esac -done << __EOF__ -$( grep -F -- 'cpu' /proc/self/cgroup ) -__EOF__ - - case "${found%% *}" in - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint") - foundroot="${found##* }" - ;; - esac - echo "$foundroot" -} - -get_cgroup_v2_path() { - found= - foundroot= - mountpoint= - - [ -r "/proc/self/mountinfo" ] || return 1 - [ -r "/proc/self/cgroup" ] || return 1 - - while IFS= read -r line; do - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - done << __EOF__ -$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) -__EOF__ - - while IFS= read -r line; do - mountpoint=$( echo "$line" | cut -d: -f 3 ) -done << __EOF__ -$( grep -F -- '0::' /proc/self/cgroup ) -__EOF__ - - case "${found%% *}" in - "") - return 1 - ;; - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint" | /../*) - foundroot="${found##* }" - ;; - esac - echo "$foundroot" -} - -ncpu_online=$( getconf _NPROCESSORS_ONLN ) -ncpu_cpuset= -ncpu_quota= -ncpu_cpuset_v2= -ncpu_quota_v2= - -cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online -cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online - -ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ - "$ncpu_online" \ - "$ncpu_cpuset" \ - "$ncpu_quota" \ - "$ncpu_cpuset_v2" \ - "$ncpu_quota_v2" \ - | sort -n \ - | head -n 1 ) - -sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index b81c2e299..c6550eb04 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,18 +3,11 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.17 +FROM nginx:1.23.2-alpine-slim -LABEL maintainer="NGINX Docker Maintainers " - -ENV NGINX_VERSION 1.23.2 ENV NJS_VERSION 0.7.7 -ENV PKG_RELEASE 1 RUN set -x \ -# create nginx user/group first, to be consistent throughout docker variants - && addgroup -g 101 -S nginx \ - && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ @@ -58,7 +51,6 @@ RUN set -x \ libxslt-dev \ gd-dev \ geoip-dev \ - perl-dev \ libedit-dev \ bash \ alpine-sdk \ @@ -77,7 +69,7 @@ RUN set -x \ && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ - && make all \ + && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ @@ -92,42 +84,5 @@ RUN set -x \ && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ -# Bring in gettext so we can get `envsubst`, then throw -# the rest away. To do this, we need to install `gettext` -# then move `envsubst` out of the way so `gettext` can -# be deleted completely, then move `envsubst` back. - && apk add --no-cache --virtual .gettext gettext \ - && mv /usr/bin/envsubst /tmp/ \ - \ - && runDeps="$( \ - scanelf --needed --nobanner /tmp/envsubst \ - | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ - | sort -u \ - | xargs -r apk info --installed \ - | sort -u \ - )" \ - && apk add --no-cache $runDeps \ - && apk del .gettext \ - && mv /tmp/envsubst /usr/local/bin/ \ -# Bring in tzdata so users could set the timezones through the environment -# variables - && apk add --no-cache tzdata \ # Bring in curl and ca-certificates to make registering on DNS SD easier - && apk add --no-cache curl ca-certificates \ -# forward request and error logs to docker log collector - && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log \ -# create a docker-entrypoint.d directory - && mkdir /docker-entrypoint.d - -COPY docker-entrypoint.sh / -COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d -COPY 20-envsubst-on-templates.sh /docker-entrypoint.d -COPY 30-tune-worker-processes.sh /docker-entrypoint.d -ENTRYPOINT ["/docker-entrypoint.sh"] - -EXPOSE 80 - -STOPSIGNAL SIGQUIT - -CMD ["nginx", "-g", "daemon off;"] + && apk add --no-cache curl ca-certificates diff --git a/mainline/alpine/docker-entrypoint.sh b/mainline/alpine/docker-entrypoint.sh deleted file mode 100755 index e201fe608..000000000 --- a/mainline/alpine/docker-entrypoint.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/sh -# vim:sw=4:ts=4:et - -set -e - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then - if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - - entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do - case "$f" in - *.envsh) - if [ -x "$f" ]; then - entrypoint_log "$0: Sourcing $f"; - . "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *.sh) - if [ -x "$f" ]; then - entrypoint_log "$0: Launching $f"; - "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *) entrypoint_log "$0: Ignoring $f";; - esac - done - - entrypoint_log "$0: Configuration complete; ready for start up" - else - entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" - fi -fi - -exec "$@" diff --git a/mainline/debian-perl/10-listen-on-ipv6-by-default.sh b/mainline/debian-perl/10-listen-on-ipv6-by-default.sh deleted file mode 100755 index b2655860d..000000000 --- a/mainline/debian-perl/10-listen-on-ipv6-by-default.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/sh -# vim:sw=4:ts=4:et - -set -e - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -ME=$(basename $0) -DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" - -# check if we have ipv6 available -if [ ! -f "/proc/net/if_inet6" ]; then - entrypoint_log "$ME: info: ipv6 not available" - exit 0 -fi - -if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" - exit 0 -fi - -# check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } - -# check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } - -if [ -f "/etc/os-release" ]; then - . /etc/os-release -else - entrypoint_log "$ME: info: can not guess the operating system" - exit 0 -fi - -entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" - -case "$ID" in - "debian") - CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - "alpine") - CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - *) - entrypoint_log "$ME: info: Unsupported distribution" - exit 0 - ;; -esac - -# enable ipv6 on default.conf listen sockets -sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE - -entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" - -exit 0 diff --git a/mainline/debian-perl/20-envsubst-on-templates.sh b/mainline/debian-perl/20-envsubst-on-templates.sh deleted file mode 100755 index d0398b1e1..000000000 --- a/mainline/debian-perl/20-envsubst-on-templates.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh - -set -e - -ME=$(basename $0) - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -auto_envsubst() { - local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" - local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" - local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" - local filter="${NGINX_ENVSUBST_FILTER:-}" - - local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) - [ -d "$template_dir" ] || return 0 - if [ ! -w "$output_dir" ]; then - entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" - return 0 - fi - find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$output_dir/${relative_path%$suffix}" - subdir=$(dirname "$relative_path") - # create a subdirectory where the template file exists - mkdir -p "$output_dir/$subdir" - entrypoint_log "$ME: Running envsubst on $template to $output_path" - envsubst "$defined_envs" < "$template" > "$output_path" - done -} - -auto_envsubst - -exit 0 diff --git a/mainline/debian-perl/30-tune-worker-processes.sh b/mainline/debian-perl/30-tune-worker-processes.sh deleted file mode 100755 index 9aa42e98d..000000000 --- a/mainline/debian-perl/30-tune-worker-processes.sh +++ /dev/null @@ -1,188 +0,0 @@ -#!/bin/sh -# vim:sw=2:ts=2:sts=2:et - -set -eu - -LC_ALL=C -ME=$( basename "$0" ) -PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - -[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 - -touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } - -ceildiv() { - num=$1 - div=$2 - echo $(( (num + div - 1) / div )) -} - -get_cpuset() { - cpusetroot=$1 - cpusetfile=$2 - ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return 1 - for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do - case "$token" in - *-*) - count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) - ncpu=$(( ncpu+count )) - ;; - *) - ncpu=$(( ncpu+1 )) - ;; - esac - done - echo "$ncpu" -} - -get_quota() { - cpuroot=$1 - ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 - [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 - cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) - cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" -} - -get_quota_v2() { - cpuroot=$1 - ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return 1 - cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) - cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" -} - -get_cgroup_v1_path() { - needle=$1 - found= - foundroot= - mountpoint= - - [ -r "/proc/self/mountinfo" ] || return 1 - [ -r "/proc/self/cgroup" ] || return 1 - - while IFS= read -r line; do - case "$needle" in - "cpuset") - case "$line" in - *cpuset*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac - ;; - "cpu") - case "$line" in - *cpuset*) - ;; - *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac - esac - done << __EOF__ -$( grep -F -- '- cgroup ' /proc/self/mountinfo ) -__EOF__ - - while IFS= read -r line; do - controller=$( echo "$line" | cut -d: -f 2 ) - case "$needle" in - "cpuset") - case "$controller" in - cpuset) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac - ;; - "cpu") - case "$controller" in - cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac - ;; - esac -done << __EOF__ -$( grep -F -- 'cpu' /proc/self/cgroup ) -__EOF__ - - case "${found%% *}" in - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint") - foundroot="${found##* }" - ;; - esac - echo "$foundroot" -} - -get_cgroup_v2_path() { - found= - foundroot= - mountpoint= - - [ -r "/proc/self/mountinfo" ] || return 1 - [ -r "/proc/self/cgroup" ] || return 1 - - while IFS= read -r line; do - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - done << __EOF__ -$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) -__EOF__ - - while IFS= read -r line; do - mountpoint=$( echo "$line" | cut -d: -f 3 ) -done << __EOF__ -$( grep -F -- '0::' /proc/self/cgroup ) -__EOF__ - - case "${found%% *}" in - "") - return 1 - ;; - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint" | /../*) - foundroot="${found##* }" - ;; - esac - echo "$foundroot" -} - -ncpu_online=$( getconf _NPROCESSORS_ONLN ) -ncpu_cpuset= -ncpu_quota= -ncpu_cpuset_v2= -ncpu_quota_v2= - -cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online -cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online - -ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ - "$ncpu_online" \ - "$ncpu_cpuset" \ - "$ncpu_quota" \ - "$ncpu_cpuset_v2" \ - "$ncpu_quota_v2" \ - | sort -n \ - | head -n 1 ) - -sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 913ee5fef..92896b77b 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,18 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM debian:bullseye-slim - -LABEL maintainer="NGINX Docker Maintainers " - -ENV NGINX_VERSION 1.23.2 -ENV NJS_VERSION 0.7.7 -ENV PKG_RELEASE 1~bullseye +FROM nginx:1.23.2 RUN set -x \ -# create nginx user/group first, to be consistent throughout docker variants - && addgroup --system --gid 101 nginx \ - && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ @@ -59,11 +50,11 @@ RUN set -x \ \ # build .deb files from upstream's source packages (which are verified by apt-get) && apt-get update \ - && apt-get build-dep -y $nginxPackages \ + && apt-get build-dep -y nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ && ( \ cd "$tempDir" \ && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile $nginxPackages \ + apt-get source --compile nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ @@ -95,21 +86,4 @@ RUN set -x \ && if [ -n "$tempDir" ]; then \ apt-get purge -y --auto-remove \ && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi \ -# forward request and error logs to docker log collector - && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log \ -# create a docker-entrypoint.d directory - && mkdir /docker-entrypoint.d - -COPY docker-entrypoint.sh / -COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d -COPY 20-envsubst-on-templates.sh /docker-entrypoint.d -COPY 30-tune-worker-processes.sh /docker-entrypoint.d -ENTRYPOINT ["/docker-entrypoint.sh"] - -EXPOSE 80 - -STOPSIGNAL SIGQUIT - -CMD ["nginx", "-g", "daemon off;"] + fi diff --git a/mainline/debian-perl/docker-entrypoint.sh b/mainline/debian-perl/docker-entrypoint.sh deleted file mode 100755 index e201fe608..000000000 --- a/mainline/debian-perl/docker-entrypoint.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/sh -# vim:sw=4:ts=4:et - -set -e - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then - if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - - entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do - case "$f" in - *.envsh) - if [ -x "$f" ]; then - entrypoint_log "$0: Sourcing $f"; - . "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *.sh) - if [ -x "$f" ]; then - entrypoint_log "$0: Launching $f"; - "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *) entrypoint_log "$0: Ignoring $f";; - esac - done - - entrypoint_log "$0: Configuration complete; ready for start up" - else - entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" - fi -fi - -exec "$@" diff --git a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh deleted file mode 100755 index b2655860d..000000000 --- a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/sh -# vim:sw=4:ts=4:et - -set -e - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -ME=$(basename $0) -DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" - -# check if we have ipv6 available -if [ ! -f "/proc/net/if_inet6" ]; then - entrypoint_log "$ME: info: ipv6 not available" - exit 0 -fi - -if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" - exit 0 -fi - -# check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } - -# check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } - -if [ -f "/etc/os-release" ]; then - . /etc/os-release -else - entrypoint_log "$ME: info: can not guess the operating system" - exit 0 -fi - -entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" - -case "$ID" in - "debian") - CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - "alpine") - CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - *) - entrypoint_log "$ME: info: Unsupported distribution" - exit 0 - ;; -esac - -# enable ipv6 on default.conf listen sockets -sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE - -entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" - -exit 0 diff --git a/stable/alpine-perl/20-envsubst-on-templates.sh b/stable/alpine-perl/20-envsubst-on-templates.sh deleted file mode 100755 index d0398b1e1..000000000 --- a/stable/alpine-perl/20-envsubst-on-templates.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh - -set -e - -ME=$(basename $0) - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -auto_envsubst() { - local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" - local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" - local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" - local filter="${NGINX_ENVSUBST_FILTER:-}" - - local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) - [ -d "$template_dir" ] || return 0 - if [ ! -w "$output_dir" ]; then - entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" - return 0 - fi - find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$output_dir/${relative_path%$suffix}" - subdir=$(dirname "$relative_path") - # create a subdirectory where the template file exists - mkdir -p "$output_dir/$subdir" - entrypoint_log "$ME: Running envsubst on $template to $output_path" - envsubst "$defined_envs" < "$template" > "$output_path" - done -} - -auto_envsubst - -exit 0 diff --git a/stable/alpine-perl/30-tune-worker-processes.sh b/stable/alpine-perl/30-tune-worker-processes.sh deleted file mode 100755 index 9aa42e98d..000000000 --- a/stable/alpine-perl/30-tune-worker-processes.sh +++ /dev/null @@ -1,188 +0,0 @@ -#!/bin/sh -# vim:sw=2:ts=2:sts=2:et - -set -eu - -LC_ALL=C -ME=$( basename "$0" ) -PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - -[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 - -touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } - -ceildiv() { - num=$1 - div=$2 - echo $(( (num + div - 1) / div )) -} - -get_cpuset() { - cpusetroot=$1 - cpusetfile=$2 - ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return 1 - for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do - case "$token" in - *-*) - count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) - ncpu=$(( ncpu+count )) - ;; - *) - ncpu=$(( ncpu+1 )) - ;; - esac - done - echo "$ncpu" -} - -get_quota() { - cpuroot=$1 - ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 - [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 - cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) - cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" -} - -get_quota_v2() { - cpuroot=$1 - ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return 1 - cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) - cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" -} - -get_cgroup_v1_path() { - needle=$1 - found= - foundroot= - mountpoint= - - [ -r "/proc/self/mountinfo" ] || return 1 - [ -r "/proc/self/cgroup" ] || return 1 - - while IFS= read -r line; do - case "$needle" in - "cpuset") - case "$line" in - *cpuset*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac - ;; - "cpu") - case "$line" in - *cpuset*) - ;; - *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac - esac - done << __EOF__ -$( grep -F -- '- cgroup ' /proc/self/mountinfo ) -__EOF__ - - while IFS= read -r line; do - controller=$( echo "$line" | cut -d: -f 2 ) - case "$needle" in - "cpuset") - case "$controller" in - cpuset) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac - ;; - "cpu") - case "$controller" in - cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac - ;; - esac -done << __EOF__ -$( grep -F -- 'cpu' /proc/self/cgroup ) -__EOF__ - - case "${found%% *}" in - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint") - foundroot="${found##* }" - ;; - esac - echo "$foundroot" -} - -get_cgroup_v2_path() { - found= - foundroot= - mountpoint= - - [ -r "/proc/self/mountinfo" ] || return 1 - [ -r "/proc/self/cgroup" ] || return 1 - - while IFS= read -r line; do - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - done << __EOF__ -$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) -__EOF__ - - while IFS= read -r line; do - mountpoint=$( echo "$line" | cut -d: -f 3 ) -done << __EOF__ -$( grep -F -- '0::' /proc/self/cgroup ) -__EOF__ - - case "${found%% *}" in - "") - return 1 - ;; - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint" | /../*) - foundroot="${found##* }" - ;; - esac - echo "$foundroot" -} - -ncpu_online=$( getconf _NPROCESSORS_ONLN ) -ncpu_cpuset= -ncpu_quota= -ncpu_cpuset_v2= -ncpu_quota_v2= - -cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online -cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online - -ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ - "$ncpu_online" \ - "$ncpu_cpuset" \ - "$ncpu_quota" \ - "$ncpu_cpuset_v2" \ - "$ncpu_quota_v2" \ - | sort -n \ - | head -n 1 ) - -sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index b7118ba74..b1320e9e8 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,18 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.17 - -LABEL maintainer="NGINX Docker Maintainers " - -ENV NGINX_VERSION 1.22.1 -ENV NJS_VERSION 0.7.7 -ENV PKG_RELEASE 1 +FROM nginx:1.22.1-alpine RUN set -x \ -# create nginx user/group first, to be consistent throughout docker variants - && addgroup -g 101 -S nginx \ - && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ @@ -56,11 +47,7 @@ RUN set -x \ pcre2-dev \ zlib-dev \ linux-headers \ - libxslt-dev \ - gd-dev \ - geoip-dev \ perl-dev \ - libedit-dev \ bash \ alpine-sdk \ findutils \ @@ -78,7 +65,7 @@ RUN set -x \ && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ - && make all \ + && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ @@ -92,43 +79,4 @@ RUN set -x \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ -# Bring in gettext so we can get `envsubst`, then throw -# the rest away. To do this, we need to install `gettext` -# then move `envsubst` out of the way so `gettext` can -# be deleted completely, then move `envsubst` back. - && apk add --no-cache --virtual .gettext gettext \ - && mv /usr/bin/envsubst /tmp/ \ - \ - && runDeps="$( \ - scanelf --needed --nobanner /tmp/envsubst \ - | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ - | sort -u \ - | xargs -r apk info --installed \ - | sort -u \ - )" \ - && apk add --no-cache $runDeps \ - && apk del .gettext \ - && mv /tmp/envsubst /usr/local/bin/ \ -# Bring in tzdata so users could set the timezones through the environment -# variables - && apk add --no-cache tzdata \ -# Bring in curl and ca-certificates to make registering on DNS SD easier - && apk add --no-cache curl ca-certificates \ -# forward request and error logs to docker log collector - && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log \ -# create a docker-entrypoint.d directory - && mkdir /docker-entrypoint.d - -COPY docker-entrypoint.sh / -COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d -COPY 20-envsubst-on-templates.sh /docker-entrypoint.d -COPY 30-tune-worker-processes.sh /docker-entrypoint.d -ENTRYPOINT ["/docker-entrypoint.sh"] - -EXPOSE 80 - -STOPSIGNAL SIGQUIT - -CMD ["nginx", "-g", "daemon off;"] + && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi diff --git a/stable/alpine-perl/docker-entrypoint.sh b/stable/alpine-perl/docker-entrypoint.sh deleted file mode 100755 index e201fe608..000000000 --- a/stable/alpine-perl/docker-entrypoint.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/sh -# vim:sw=4:ts=4:et - -set -e - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then - if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - - entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do - case "$f" in - *.envsh) - if [ -x "$f" ]; then - entrypoint_log "$0: Sourcing $f"; - . "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *.sh) - if [ -x "$f" ]; then - entrypoint_log "$0: Launching $f"; - "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *) entrypoint_log "$0: Ignoring $f";; - esac - done - - entrypoint_log "$0: Configuration complete; ready for start up" - else - entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" - fi -fi - -exec "$@" diff --git a/stable/alpine/10-listen-on-ipv6-by-default.sh b/stable/alpine/10-listen-on-ipv6-by-default.sh deleted file mode 100755 index b2655860d..000000000 --- a/stable/alpine/10-listen-on-ipv6-by-default.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/sh -# vim:sw=4:ts=4:et - -set -e - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -ME=$(basename $0) -DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" - -# check if we have ipv6 available -if [ ! -f "/proc/net/if_inet6" ]; then - entrypoint_log "$ME: info: ipv6 not available" - exit 0 -fi - -if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" - exit 0 -fi - -# check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } - -# check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } - -if [ -f "/etc/os-release" ]; then - . /etc/os-release -else - entrypoint_log "$ME: info: can not guess the operating system" - exit 0 -fi - -entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" - -case "$ID" in - "debian") - CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - "alpine") - CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - *) - entrypoint_log "$ME: info: Unsupported distribution" - exit 0 - ;; -esac - -# enable ipv6 on default.conf listen sockets -sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE - -entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" - -exit 0 diff --git a/stable/alpine/20-envsubst-on-templates.sh b/stable/alpine/20-envsubst-on-templates.sh deleted file mode 100755 index d0398b1e1..000000000 --- a/stable/alpine/20-envsubst-on-templates.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh - -set -e - -ME=$(basename $0) - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -auto_envsubst() { - local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" - local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" - local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" - local filter="${NGINX_ENVSUBST_FILTER:-}" - - local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) - [ -d "$template_dir" ] || return 0 - if [ ! -w "$output_dir" ]; then - entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" - return 0 - fi - find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$output_dir/${relative_path%$suffix}" - subdir=$(dirname "$relative_path") - # create a subdirectory where the template file exists - mkdir -p "$output_dir/$subdir" - entrypoint_log "$ME: Running envsubst on $template to $output_path" - envsubst "$defined_envs" < "$template" > "$output_path" - done -} - -auto_envsubst - -exit 0 diff --git a/stable/alpine/30-tune-worker-processes.sh b/stable/alpine/30-tune-worker-processes.sh deleted file mode 100755 index 9aa42e98d..000000000 --- a/stable/alpine/30-tune-worker-processes.sh +++ /dev/null @@ -1,188 +0,0 @@ -#!/bin/sh -# vim:sw=2:ts=2:sts=2:et - -set -eu - -LC_ALL=C -ME=$( basename "$0" ) -PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - -[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 - -touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } - -ceildiv() { - num=$1 - div=$2 - echo $(( (num + div - 1) / div )) -} - -get_cpuset() { - cpusetroot=$1 - cpusetfile=$2 - ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return 1 - for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do - case "$token" in - *-*) - count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) - ncpu=$(( ncpu+count )) - ;; - *) - ncpu=$(( ncpu+1 )) - ;; - esac - done - echo "$ncpu" -} - -get_quota() { - cpuroot=$1 - ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 - [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 - cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) - cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" -} - -get_quota_v2() { - cpuroot=$1 - ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return 1 - cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) - cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" -} - -get_cgroup_v1_path() { - needle=$1 - found= - foundroot= - mountpoint= - - [ -r "/proc/self/mountinfo" ] || return 1 - [ -r "/proc/self/cgroup" ] || return 1 - - while IFS= read -r line; do - case "$needle" in - "cpuset") - case "$line" in - *cpuset*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac - ;; - "cpu") - case "$line" in - *cpuset*) - ;; - *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac - esac - done << __EOF__ -$( grep -F -- '- cgroup ' /proc/self/mountinfo ) -__EOF__ - - while IFS= read -r line; do - controller=$( echo "$line" | cut -d: -f 2 ) - case "$needle" in - "cpuset") - case "$controller" in - cpuset) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac - ;; - "cpu") - case "$controller" in - cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac - ;; - esac -done << __EOF__ -$( grep -F -- 'cpu' /proc/self/cgroup ) -__EOF__ - - case "${found%% *}" in - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint") - foundroot="${found##* }" - ;; - esac - echo "$foundroot" -} - -get_cgroup_v2_path() { - found= - foundroot= - mountpoint= - - [ -r "/proc/self/mountinfo" ] || return 1 - [ -r "/proc/self/cgroup" ] || return 1 - - while IFS= read -r line; do - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - done << __EOF__ -$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) -__EOF__ - - while IFS= read -r line; do - mountpoint=$( echo "$line" | cut -d: -f 3 ) -done << __EOF__ -$( grep -F -- '0::' /proc/self/cgroup ) -__EOF__ - - case "${found%% *}" in - "") - return 1 - ;; - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint" | /../*) - foundroot="${found##* }" - ;; - esac - echo "$foundroot" -} - -ncpu_online=$( getconf _NPROCESSORS_ONLN ) -ncpu_cpuset= -ncpu_quota= -ncpu_cpuset_v2= -ncpu_quota_v2= - -cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online -cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online - -ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ - "$ncpu_online" \ - "$ncpu_cpuset" \ - "$ncpu_quota" \ - "$ncpu_cpuset_v2" \ - "$ncpu_quota_v2" \ - | sort -n \ - | head -n 1 ) - -sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 86520fef2..23d87fcb5 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,18 +3,11 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.17 +FROM nginx:1.22.1-alpine-slim -LABEL maintainer="NGINX Docker Maintainers " - -ENV NGINX_VERSION 1.22.1 ENV NJS_VERSION 0.7.7 -ENV PKG_RELEASE 1 RUN set -x \ -# create nginx user/group first, to be consistent throughout docker variants - && addgroup -g 101 -S nginx \ - && adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ @@ -58,7 +51,6 @@ RUN set -x \ libxslt-dev \ gd-dev \ geoip-dev \ - perl-dev \ libedit-dev \ bash \ alpine-sdk \ @@ -77,7 +69,7 @@ RUN set -x \ && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ - && make all \ + && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ @@ -92,42 +84,5 @@ RUN set -x \ && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ -# Bring in gettext so we can get `envsubst`, then throw -# the rest away. To do this, we need to install `gettext` -# then move `envsubst` out of the way so `gettext` can -# be deleted completely, then move `envsubst` back. - && apk add --no-cache --virtual .gettext gettext \ - && mv /usr/bin/envsubst /tmp/ \ - \ - && runDeps="$( \ - scanelf --needed --nobanner /tmp/envsubst \ - | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ - | sort -u \ - | xargs -r apk info --installed \ - | sort -u \ - )" \ - && apk add --no-cache $runDeps \ - && apk del .gettext \ - && mv /tmp/envsubst /usr/local/bin/ \ -# Bring in tzdata so users could set the timezones through the environment -# variables - && apk add --no-cache tzdata \ # Bring in curl and ca-certificates to make registering on DNS SD easier - && apk add --no-cache curl ca-certificates \ -# forward request and error logs to docker log collector - && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log \ -# create a docker-entrypoint.d directory - && mkdir /docker-entrypoint.d - -COPY docker-entrypoint.sh / -COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d -COPY 20-envsubst-on-templates.sh /docker-entrypoint.d -COPY 30-tune-worker-processes.sh /docker-entrypoint.d -ENTRYPOINT ["/docker-entrypoint.sh"] - -EXPOSE 80 - -STOPSIGNAL SIGQUIT - -CMD ["nginx", "-g", "daemon off;"] + && apk add --no-cache curl ca-certificates diff --git a/stable/alpine/docker-entrypoint.sh b/stable/alpine/docker-entrypoint.sh deleted file mode 100755 index e201fe608..000000000 --- a/stable/alpine/docker-entrypoint.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/sh -# vim:sw=4:ts=4:et - -set -e - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then - if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - - entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do - case "$f" in - *.envsh) - if [ -x "$f" ]; then - entrypoint_log "$0: Sourcing $f"; - . "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *.sh) - if [ -x "$f" ]; then - entrypoint_log "$0: Launching $f"; - "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *) entrypoint_log "$0: Ignoring $f";; - esac - done - - entrypoint_log "$0: Configuration complete; ready for start up" - else - entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" - fi -fi - -exec "$@" diff --git a/stable/debian-perl/10-listen-on-ipv6-by-default.sh b/stable/debian-perl/10-listen-on-ipv6-by-default.sh deleted file mode 100755 index b2655860d..000000000 --- a/stable/debian-perl/10-listen-on-ipv6-by-default.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/sh -# vim:sw=4:ts=4:et - -set -e - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -ME=$(basename $0) -DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" - -# check if we have ipv6 available -if [ ! -f "/proc/net/if_inet6" ]; then - entrypoint_log "$ME: info: ipv6 not available" - exit 0 -fi - -if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" - exit 0 -fi - -# check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } - -# check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } - -if [ -f "/etc/os-release" ]; then - . /etc/os-release -else - entrypoint_log "$ME: info: can not guess the operating system" - exit 0 -fi - -entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" - -case "$ID" in - "debian") - CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - "alpine") - CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - *) - entrypoint_log "$ME: info: Unsupported distribution" - exit 0 - ;; -esac - -# enable ipv6 on default.conf listen sockets -sed -i -E 's,listen 80;,listen 80;\n listen [::]:80;,' /$DEFAULT_CONF_FILE - -entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" - -exit 0 diff --git a/stable/debian-perl/20-envsubst-on-templates.sh b/stable/debian-perl/20-envsubst-on-templates.sh deleted file mode 100755 index d0398b1e1..000000000 --- a/stable/debian-perl/20-envsubst-on-templates.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh - -set -e - -ME=$(basename $0) - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -auto_envsubst() { - local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" - local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" - local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" - local filter="${NGINX_ENVSUBST_FILTER:-}" - - local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) - [ -d "$template_dir" ] || return 0 - if [ ! -w "$output_dir" ]; then - entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" - return 0 - fi - find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$output_dir/${relative_path%$suffix}" - subdir=$(dirname "$relative_path") - # create a subdirectory where the template file exists - mkdir -p "$output_dir/$subdir" - entrypoint_log "$ME: Running envsubst on $template to $output_path" - envsubst "$defined_envs" < "$template" > "$output_path" - done -} - -auto_envsubst - -exit 0 diff --git a/stable/debian-perl/30-tune-worker-processes.sh b/stable/debian-perl/30-tune-worker-processes.sh deleted file mode 100755 index 9aa42e98d..000000000 --- a/stable/debian-perl/30-tune-worker-processes.sh +++ /dev/null @@ -1,188 +0,0 @@ -#!/bin/sh -# vim:sw=2:ts=2:sts=2:et - -set -eu - -LC_ALL=C -ME=$( basename "$0" ) -PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - -[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 - -touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } - -ceildiv() { - num=$1 - div=$2 - echo $(( (num + div - 1) / div )) -} - -get_cpuset() { - cpusetroot=$1 - cpusetfile=$2 - ncpu=0 - [ -f "$cpusetroot/$cpusetfile" ] || return 1 - for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do - case "$token" in - *-*) - count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) - ncpu=$(( ncpu+count )) - ;; - *) - ncpu=$(( ncpu+1 )) - ;; - esac - done - echo "$ncpu" -} - -get_quota() { - cpuroot=$1 - ncpu=0 - [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 - [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 - cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) - cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) - [ "$cfs_quota" = "-1" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" -} - -get_quota_v2() { - cpuroot=$1 - ncpu=0 - [ -f "$cpuroot/cpu.max" ] || return 1 - cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) - cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) - [ "$cfs_quota" = "max" ] && return 1 - [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) - [ "$ncpu" -gt 0 ] || return 1 - echo "$ncpu" -} - -get_cgroup_v1_path() { - needle=$1 - found= - foundroot= - mountpoint= - - [ -r "/proc/self/mountinfo" ] || return 1 - [ -r "/proc/self/cgroup" ] || return 1 - - while IFS= read -r line; do - case "$needle" in - "cpuset") - case "$line" in - *cpuset*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac - ;; - "cpu") - case "$line" in - *cpuset*) - ;; - *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac - esac - done << __EOF__ -$( grep -F -- '- cgroup ' /proc/self/mountinfo ) -__EOF__ - - while IFS= read -r line; do - controller=$( echo "$line" | cut -d: -f 2 ) - case "$needle" in - "cpuset") - case "$controller" in - cpuset) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac - ;; - "cpu") - case "$controller" in - cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac - ;; - esac -done << __EOF__ -$( grep -F -- 'cpu' /proc/self/cgroup ) -__EOF__ - - case "${found%% *}" in - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint") - foundroot="${found##* }" - ;; - esac - echo "$foundroot" -} - -get_cgroup_v2_path() { - found= - foundroot= - mountpoint= - - [ -r "/proc/self/mountinfo" ] || return 1 - [ -r "/proc/self/cgroup" ] || return 1 - - while IFS= read -r line; do - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - done << __EOF__ -$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) -__EOF__ - - while IFS= read -r line; do - mountpoint=$( echo "$line" | cut -d: -f 3 ) -done << __EOF__ -$( grep -F -- '0::' /proc/self/cgroup ) -__EOF__ - - case "${found%% *}" in - "") - return 1 - ;; - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint" | /../*) - foundroot="${found##* }" - ;; - esac - echo "$foundroot" -} - -ncpu_online=$( getconf _NPROCESSORS_ONLN ) -ncpu_cpuset= -ncpu_quota= -ncpu_cpuset_v2= -ncpu_quota_v2= - -cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online -cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online - -ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ - "$ncpu_online" \ - "$ncpu_cpuset" \ - "$ncpu_quota" \ - "$ncpu_cpuset_v2" \ - "$ncpu_quota_v2" \ - | sort -n \ - | head -n 1 ) - -sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index c72c92836..2a72881aa 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -3,18 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM debian:bullseye-slim - -LABEL maintainer="NGINX Docker Maintainers " - -ENV NGINX_VERSION 1.22.1 -ENV NJS_VERSION 0.7.7 -ENV PKG_RELEASE 1~bullseye +FROM nginx:1.22.1 RUN set -x \ -# create nginx user/group first, to be consistent throughout docker variants - && addgroup --system --gid 101 nginx \ - && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ @@ -59,11 +50,11 @@ RUN set -x \ \ # build .deb files from upstream's source packages (which are verified by apt-get) && apt-get update \ - && apt-get build-dep -y $nginxPackages \ + && apt-get build-dep -y nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ && ( \ cd "$tempDir" \ && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile $nginxPackages \ + apt-get source --compile nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ @@ -95,21 +86,4 @@ RUN set -x \ && if [ -n "$tempDir" ]; then \ apt-get purge -y --auto-remove \ && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ - fi \ -# forward request and error logs to docker log collector - && ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log \ -# create a docker-entrypoint.d directory - && mkdir /docker-entrypoint.d - -COPY docker-entrypoint.sh / -COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d -COPY 20-envsubst-on-templates.sh /docker-entrypoint.d -COPY 30-tune-worker-processes.sh /docker-entrypoint.d -ENTRYPOINT ["/docker-entrypoint.sh"] - -EXPOSE 80 - -STOPSIGNAL SIGQUIT - -CMD ["nginx", "-g", "daemon off;"] + fi diff --git a/stable/debian-perl/docker-entrypoint.sh b/stable/debian-perl/docker-entrypoint.sh deleted file mode 100755 index e201fe608..000000000 --- a/stable/debian-perl/docker-entrypoint.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/sh -# vim:sw=4:ts=4:et - -set -e - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then - if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - - entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do - case "$f" in - *.envsh) - if [ -x "$f" ]; then - entrypoint_log "$0: Sourcing $f"; - . "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *.sh) - if [ -x "$f" ]; then - entrypoint_log "$0: Launching $f"; - "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *) entrypoint_log "$0: Ignoring $f";; - esac - done - - entrypoint_log "$0: Configuration complete; ready for start up" - else - entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" - fi -fi - -exec "$@" From f27368329ff9f02b9973bc3a23d7a643e2485d7d Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 30 Nov 2022 13:59:54 +0400 Subject: [PATCH 164/306] Fixed Alpine signing key checksum check. On newer openssl (version 3), the output format for rsa command slightly changed, leading to a different checksum. The fix is to take a checksum for the whole file instead. Closes https://github.com/nginxinc/docker-nginx/issues/721 --- Dockerfile-alpine-perl.template | 4 ++-- Dockerfile-alpine-slim.template | 4 ++-- Dockerfile-alpine.template | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Dockerfile-alpine-perl.template b/Dockerfile-alpine-perl.template index f3a3c85fc..a1aaac54f 100644 --- a/Dockerfile-alpine-perl.template +++ b/Dockerfile-alpine-perl.template @@ -11,9 +11,9 @@ RUN set -x \ x86_64|aarch64) \ # arches officially built by upstream set -x \ - && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ echo "key verification succeeded!"; \ mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ else \ diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template index 5a60ba84d..57b9be42d 100644 --- a/Dockerfile-alpine-slim.template +++ b/Dockerfile-alpine-slim.template @@ -19,9 +19,9 @@ RUN set -x \ x86_64|aarch64) \ # arches officially built by upstream set -x \ - && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ echo "key verification succeeded!"; \ mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ else \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 82f0f56ca..8c464dfd4 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -13,9 +13,9 @@ RUN set -x \ x86_64|aarch64) \ # arches officially built by upstream set -x \ - && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ echo "key verification succeeded!"; \ mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ else \ From ce8322287b7def616fd077ea21c9c045c50ac461 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 30 Nov 2022 14:04:06 +0400 Subject: [PATCH 165/306] Updated njs to 0.7.9. --- update.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/update.sh b/update.sh index 5b245169f..533c96838 100755 --- a/update.sh +++ b/update.sh @@ -18,8 +18,8 @@ declare -A nginx=( # Current njs versions declare -A njs=( - [mainline]='0.7.7' - [stable]='0.7.7' + [mainline]='0.7.9' + [stable]='0.7.9' ) # Current package patchlevel version @@ -44,16 +44,16 @@ declare -A alpine=( # when building alpine packages on architectures not supported by nginx.org # Remember to update pkgosschecksum when changing this. declare -A rev=( - [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' - [stable]='${NGINX_VERSION}-${PKG_RELEASE}' + [mainline]='756' + [stable]='757' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='98d244d5dea3f0c49692843b1857e21dc7353e749f9ff8a526036a3beeea299e156183b6a98070ffc68a23d191e1f24c577d7ea874f8cc27ce01f4dc832658b6' - [stable]='7266f418dcc9d89a2990f504d99ec58d10febbaf078c03630d42843955cee7e50b0f90fb317360384a32473839dc42d8b329b737015ec8dd0d028f90d4d5ed25' + [mainline]='5e79f9be4f8ba037fa8138fe50a8fc9e41a0192c1d8c9b2cc58b5c5f5eb3ac66b4807083d25ca21363f07075320a7566eb3e4d3317aa01d3b3e23b20943c411f' + [stable]='32a039e8d3cc54404a8ad4a31981e76a49632f1ebec2f45bb309689d6ba2f82e3e8aea8abf582b49931636ea53271b48a7e2f2ef8ebe35b167b3fe18b8b99852' ) get_packages() { From 4785a604aa40e0b0a69047a61e28781a2b0c2069 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 30 Nov 2022 14:05:04 +0400 Subject: [PATCH 166/306] Regenerated after last commits. --- mainline/alpine-perl/Dockerfile | 14 +++++++------- mainline/alpine-slim/Dockerfile | 14 +++++++------- mainline/alpine/Dockerfile | 16 ++++++++-------- mainline/debian/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 14 +++++++------- stable/alpine-slim/Dockerfile | 14 +++++++------- stable/alpine/Dockerfile | 16 ++++++++-------- stable/debian/Dockerfile | 2 +- 8 files changed, 46 insertions(+), 46 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index d0e13e4a1..69b6dab82 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -22,9 +22,9 @@ RUN set -x \ x86_64|aarch64) \ # arches officially built by upstream set -x \ - && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ echo "key verification succeeded!"; \ mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ else \ @@ -54,16 +54,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"98d244d5dea3f0c49692843b1857e21dc7353e749f9ff8a526036a3beeea299e156183b6a98070ffc68a23d191e1f24c577d7ea874f8cc27ce01f4dc832658b6 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/756.tar.gz \ + && PKGOSSCHECKSUM=\"5e79f9be4f8ba037fa8138fe50a8fc9e41a0192c1d8c9b2cc58b5c5f5eb3ac66b4807083d25ca21363f07075320a7566eb3e4d3317aa01d3b3e23b20943c411f *756.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 756.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 756.tar.gz \ + && cd pkg-oss-756 \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 315f55f3a..961af746c 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -25,9 +25,9 @@ RUN set -x \ x86_64|aarch64) \ # arches officially built by upstream set -x \ - && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ echo "key verification succeeded!"; \ mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ else \ @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"98d244d5dea3f0c49692843b1857e21dc7353e749f9ff8a526036a3beeea299e156183b6a98070ffc68a23d191e1f24c577d7ea874f8cc27ce01f4dc832658b6 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/756.tar.gz \ + && PKGOSSCHECKSUM=\"5e79f9be4f8ba037fa8138fe50a8fc9e41a0192c1d8c9b2cc58b5c5f5eb3ac66b4807083d25ca21363f07075320a7566eb3e4d3317aa01d3b3e23b20943c411f *756.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 756.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 756.tar.gz \ + && cd pkg-oss-756 \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index c6550eb04..6749393bf 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -5,7 +5,7 @@ # FROM nginx:1.23.2-alpine-slim -ENV NJS_VERSION 0.7.7 +ENV NJS_VERSION 0.7.9 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -23,9 +23,9 @@ RUN set -x \ x86_64|aarch64) \ # arches officially built by upstream set -x \ - && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ echo "key verification succeeded!"; \ mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ else \ @@ -58,16 +58,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"98d244d5dea3f0c49692843b1857e21dc7353e749f9ff8a526036a3beeea299e156183b6a98070ffc68a23d191e1f24c577d7ea874f8cc27ce01f4dc832658b6 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/756.tar.gz \ + && PKGOSSCHECKSUM=\"5e79f9be4f8ba037fa8138fe50a8fc9e41a0192c1d8c9b2cc58b5c5f5eb3ac66b4807083d25ca21363f07075320a7566eb3e4d3317aa01d3b3e23b20943c411f *756.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 756.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 756.tar.gz \ + && cd pkg-oss-756 \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index cd819d0db..22d4dc2c7 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.23.2 -ENV NJS_VERSION 0.7.7 +ENV NJS_VERSION 0.7.9 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index b1320e9e8..b681d57c3 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -22,9 +22,9 @@ RUN set -x \ x86_64|aarch64) \ # arches officially built by upstream set -x \ - && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ echo "key verification succeeded!"; \ mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ else \ @@ -54,16 +54,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"7266f418dcc9d89a2990f504d99ec58d10febbaf078c03630d42843955cee7e50b0f90fb317360384a32473839dc42d8b329b737015ec8dd0d028f90d4d5ed25 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/757.tar.gz \ + && PKGOSSCHECKSUM=\"32a039e8d3cc54404a8ad4a31981e76a49632f1ebec2f45bb309689d6ba2f82e3e8aea8abf582b49931636ea53271b48a7e2f2ef8ebe35b167b3fe18b8b99852 *757.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 757.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 757.tar.gz \ + && cd pkg-oss-757 \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index e90b95985..ba4905580 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -25,9 +25,9 @@ RUN set -x \ x86_64|aarch64) \ # arches officially built by upstream set -x \ - && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ echo "key verification succeeded!"; \ mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ else \ @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"7266f418dcc9d89a2990f504d99ec58d10febbaf078c03630d42843955cee7e50b0f90fb317360384a32473839dc42d8b329b737015ec8dd0d028f90d4d5ed25 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/757.tar.gz \ + && PKGOSSCHECKSUM=\"32a039e8d3cc54404a8ad4a31981e76a49632f1ebec2f45bb309689d6ba2f82e3e8aea8abf582b49931636ea53271b48a7e2f2ef8ebe35b167b3fe18b8b99852 *757.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 757.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 757.tar.gz \ + && cd pkg-oss-757 \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 23d87fcb5..f7bf38812 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -5,7 +5,7 @@ # FROM nginx:1.22.1-alpine-slim -ENV NJS_VERSION 0.7.7 +ENV NJS_VERSION 0.7.9 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -23,9 +23,9 @@ RUN set -x \ x86_64|aarch64) \ # arches officially built by upstream set -x \ - && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \ + && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then \ + && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ echo "key verification succeeded!"; \ mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ else \ @@ -58,16 +58,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"7266f418dcc9d89a2990f504d99ec58d10febbaf078c03630d42843955cee7e50b0f90fb317360384a32473839dc42d8b329b737015ec8dd0d028f90d4d5ed25 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/757.tar.gz \ + && PKGOSSCHECKSUM=\"32a039e8d3cc54404a8ad4a31981e76a49632f1ebec2f45bb309689d6ba2f82e3e8aea8abf582b49931636ea53271b48a7e2f2ef8ebe35b167b3fe18b8b99852 *757.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 757.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 757.tar.gz \ + && cd pkg-oss-757 \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index da4872d3f..f40ef2728 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.22.1 -ENV NJS_VERSION 0.7.7 +ENV NJS_VERSION 0.7.9 ENV PKG_RELEASE 1~bullseye RUN set -x \ From 564ae3cd9783719b91a210023f40e8a213766a3e Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 13 Dec 2022 11:55:37 -0800 Subject: [PATCH 167/306] generate-stackbrew-library.sh: build alpine-slim on all arches. --- generate-stackbrew-library.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 9bc067d28..e15b128e4 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -107,7 +107,7 @@ for version in "${versions[@]}"; do echo cat <<-EOE Tags: $(join ', ' "${variantAliases[@]}") - Architectures: arm64v8, amd64 + Architectures: arm64v8, arm32v6, arm32v7, ppc64le, s390x, i386, amd64 GitCommit: $commit Directory: $version/$variant EOE From 5ce65c3efd395ee2d82d32670f233140e92dba99 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 13 Dec 2022 12:05:04 -0800 Subject: [PATCH 168/306] Updated mainline NGINX to 1.23.3. --- mainline/alpine-perl/Dockerfile | 12 ++++++------ mainline/alpine-slim/Dockerfile | 12 ++++++------ mainline/alpine/Dockerfile | 12 ++++++------ mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 2 +- update.sh | 6 +++--- 6 files changed, 23 insertions(+), 23 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 69b6dab82..4cc786d52 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.23.2-alpine +FROM nginx:1.23.3-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -54,16 +54,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/756.tar.gz \ - && PKGOSSCHECKSUM=\"5e79f9be4f8ba037fa8138fe50a8fc9e41a0192c1d8c9b2cc58b5c5f5eb3ac66b4807083d25ca21363f07075320a7566eb3e4d3317aa01d3b3e23b20943c411f *756.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 756.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"52a80f6c3b3914462f8a0b2fbadea950bcd79c1bd528386aff4c28d5a80c6920d783575a061a47b60fea800eef66bf5a0178a137ea51c37277fe9c2779715990 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 756.tar.gz \ - && cd pkg-oss-756 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 961af746c..89ad64128 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.17 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.2 +ENV NGINX_VERSION 1.23.3 ENV PKG_RELEASE 1 RUN set -x \ @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/756.tar.gz \ - && PKGOSSCHECKSUM=\"5e79f9be4f8ba037fa8138fe50a8fc9e41a0192c1d8c9b2cc58b5c5f5eb3ac66b4807083d25ca21363f07075320a7566eb3e4d3317aa01d3b3e23b20943c411f *756.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 756.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"52a80f6c3b3914462f8a0b2fbadea950bcd79c1bd528386aff4c28d5a80c6920d783575a061a47b60fea800eef66bf5a0178a137ea51c37277fe9c2779715990 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 756.tar.gz \ - && cd pkg-oss-756 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 6749393bf..68eacfd48 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.23.2-alpine-slim +FROM nginx:1.23.3-alpine-slim ENV NJS_VERSION 0.7.9 @@ -58,16 +58,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/756.tar.gz \ - && PKGOSSCHECKSUM=\"5e79f9be4f8ba037fa8138fe50a8fc9e41a0192c1d8c9b2cc58b5c5f5eb3ac66b4807083d25ca21363f07075320a7566eb3e4d3317aa01d3b3e23b20943c411f *756.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 756.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"52a80f6c3b3914462f8a0b2fbadea950bcd79c1bd528386aff4c28d5a80c6920d783575a061a47b60fea800eef66bf5a0178a137ea51c37277fe9c2779715990 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 756.tar.gz \ - && cd pkg-oss-756 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 92896b77b..0f671d71f 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.23.2 +FROM nginx:1.23.3 RUN set -x \ && apt-get update \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 22d4dc2c7..01bcfd27b 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,7 +7,7 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.2 +ENV NGINX_VERSION 1.23.3 ENV NJS_VERSION 0.7.9 ENV PKG_RELEASE 1~bullseye diff --git a/update.sh b/update.sh index 533c96838..662ff7f74 100755 --- a/update.sh +++ b/update.sh @@ -12,7 +12,7 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.23.2' + [mainline]='1.23.3' [stable]='1.22.1' ) @@ -44,7 +44,7 @@ declare -A alpine=( # when building alpine packages on architectures not supported by nginx.org # Remember to update pkgosschecksum when changing this. declare -A rev=( - [mainline]='756' + [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' [stable]='757' ) @@ -52,7 +52,7 @@ declare -A rev=( # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='5e79f9be4f8ba037fa8138fe50a8fc9e41a0192c1d8c9b2cc58b5c5f5eb3ac66b4807083d25ca21363f07075320a7566eb3e4d3317aa01d3b3e23b20943c411f' + [mainline]='52a80f6c3b3914462f8a0b2fbadea950bcd79c1bd528386aff4c28d5a80c6920d783575a061a47b60fea800eef66bf5a0178a137ea51c37277fe9c2779715990' [stable]='32a039e8d3cc54404a8ad4a31981e76a49632f1ebec2f45bb309689d6ba2f82e3e8aea8abf582b49931636ea53271b48a7e2f2ef8ebe35b167b3fe18b8b99852' ) From 38e2690b304b8dca4848f3e70a1fc95837f61510 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 9 Jan 2023 11:46:43 -0800 Subject: [PATCH 169/306] Debian-based dockerfiles: don't depend on deprecated apt-key. Fixes #739 --- Dockerfile-debian-perl.template | 10 +++++++--- Dockerfile-debian.template | 10 +++++++--- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/Dockerfile-debian-perl.template b/Dockerfile-debian-perl.template index 39e3b989c..38b65598c 100644 --- a/Dockerfile-debian-perl.template +++ b/Dockerfile-debian-perl.template @@ -5,15 +5,19 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + export GNUPGHOME="$(mktemp -d)"; \ found=''; \ for server in \ hkp://keyserver.ubuntu.com:80 \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ + rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages="%%PACKAGES%% @@ -21,13 +25,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index eaffeabe6..b4f3bd94d 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -14,15 +14,19 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + export GNUPGHOME="$(mktemp -d)"; \ found=''; \ for server in \ hkp://keyserver.ubuntu.com:80 \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ + rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages="%%PACKAGES%% @@ -30,13 +34,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ From 761fffeba0d867d6e80d38998073e0eaa456bb02 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 9 Jan 2023 11:55:09 -0800 Subject: [PATCH 170/306] Regenerated after last commit. --- mainline/debian-perl/Dockerfile | 10 +++++++--- mainline/debian/Dockerfile | 10 +++++++--- stable/debian-perl/Dockerfile | 10 +++++++--- stable/debian/Dockerfile | 10 +++++++--- 4 files changed, 28 insertions(+), 12 deletions(-) diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 0f671d71f..fc3044181 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -10,15 +10,19 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + export GNUPGHOME="$(mktemp -d)"; \ found=''; \ for server in \ hkp://keyserver.ubuntu.com:80 \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ + rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ @@ -32,13 +36,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 01bcfd27b..e3e3f8440 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -19,15 +19,19 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + export GNUPGHOME="$(mktemp -d)"; \ found=''; \ for server in \ hkp://keyserver.ubuntu.com:80 \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ + rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ @@ -40,13 +44,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 2a72881aa..55d2b8ba4 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -10,15 +10,19 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + export GNUPGHOME="$(mktemp -d)"; \ found=''; \ for server in \ hkp://keyserver.ubuntu.com:80 \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ + rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ @@ -32,13 +36,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index f40ef2728..2bbeffd97 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -19,15 +19,19 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + export GNUPGHOME="$(mktemp -d)"; \ found=''; \ for server in \ hkp://keyserver.ubuntu.com:80 \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ + rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ @@ -40,13 +44,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ From 1bacdf4820c8b558e79b8cebb3e6f29c7fc77c17 Mon Sep 17 00:00:00 2001 From: Dave McAllister Date: Wed, 1 Mar 2023 11:43:31 -0800 Subject: [PATCH 171/306] adds the Code of Conduct file This adds the NGINX Code of Conduct file to the repo, as it is one of the recognized community guides by GitHub --- CODE_OF_CONDUCT.md | 74 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 CODE_OF_CONDUCT.md diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 000000000..aea287f60 --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,74 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as +contributors and maintainers pledge to making participation in our project and +our community a harassment-free experience for everyone, regardless of age, body +size, disability, ethnicity, sex characteristics, gender identity and expression, +level of experience, education, socio-economic status, nationality, personal +appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behavior that contributes to creating a positive environment +include: + +- Using welcoming and inclusive language +- Being respectful of differing viewpoints and experiences +- Gracefully accepting constructive criticism +- Focusing on what is best for the community +- Showing empathy towards other community members + +Examples of unacceptable behavior by participants include: + +- The use of sexualized language or imagery and unwelcome sexual attention or + advances +- Trolling, insulting/derogatory comments, and personal or political attacks +- Public or private harassment +- Publishing others' private information, such as a physical or electronic + address, without explicit permission +- Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable +behavior and are expected to take appropriate and fair corrective action in +response to any instances of unacceptable behavior. + +Project maintainers have the right and responsibility to remove, edit, or +reject comments, commits, code, wiki edits, issues, and other contributions +that are not aligned to this Code of Conduct, or to ban temporarily or +permanently any contributor for other behaviors that they deem inappropriate, +threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces +when an individual is representing the project or its community. Examples of +representing a project or community include using an official project e-mail +address, posting via an official social media account, or acting as an appointed +representative at an online or offline event. Representation of a project may be +further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported by contacting the moderation team at nginx-oss-community@f5.com. All +complaints will be reviewed and investigated and will result in a response that +is deemed necessary and appropriate to the circumstances. The project team is +obligated to maintain confidentiality with regard to the reporter of an incident. +Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good +faith may face temporary or permanent repercussions as determined by other +members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org), version 1.4, +available at + +For answers to common questions about this code of conduct, see + From beac75efbd331ef54c5409c410fbb4832ba09a3d Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 14 Feb 2023 17:55:40 -0800 Subject: [PATCH 172/306] Added distribution versions to generated tags. Refs https://github.com/nginxinc/docker-nginx/issues/649 --- generate-stackbrew-library.sh | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index e15b128e4..d5b71cb21 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -60,9 +60,13 @@ for version in "${versions[@]}"; do fi versionAliases+=( ${aliases[$version]:-} ) + debianVersion="$(git show "$commit":"$version/$base/Dockerfile" | awk -F"[-:]" '$1 == "FROM debian" { print $2; exit }')" + debianAliases=( ${versionAliases[@]/%/-$debianVersion} ) + debianAliases=( "${debianAliases[@]//latest-/}" ) + echo cat <<-EOE - Tags: $(join ', ' "${versionAliases[@]}") + Tags: $(join ', ' "${versionAliases[@]}"), $(join ', ' "${debianAliases[@]}") Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x GitCommit: $commit Directory: $version/$base @@ -72,6 +76,7 @@ for version in "${versions[@]}"; do commit="$(dirCommit "$version/$variant")" variantAliases=( "${versionAliases[@]/%/-perl}" ) + variantAliases+=( "${versionAliases[@]/%/-${variant/debian/$debianVersion}}" ) variantAliases=( "${variantAliases[@]//latest-/}" ) echo @@ -83,10 +88,13 @@ for version in "${versions[@]}"; do EOE done + alpineVersion="$(git show "$commit":"$version/alpine-slim/Dockerfile" | awk -F: '$1 == "FROM alpine" { print $2; exit }')" + for variant in alpine alpine-perl; do commit="$(dirCommit "$version/$variant")" variantAliases=( "${versionAliases[@]/%/-$variant}" ) + variantAliases+=( "${versionAliases[@]/%/-${variant/alpine/alpine$alpineVersion}}" ) variantAliases=( "${variantAliases[@]//latest-/}" ) echo @@ -102,6 +110,7 @@ for version in "${versions[@]}"; do commit="$(dirCommit "$version/$variant")" variantAliases=( "${versionAliases[@]/%/-$variant}" ) + variantAliases+=( "${versionAliases[@]/%/-${variant/alpine/alpine$alpineVersion}}" ) variantAliases=( "${variantAliases[@]//latest-/}" ) echo From 73a5acae6945b75b433cafd0c9318e4378e72cbb Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 28 Mar 2023 12:14:25 -0700 Subject: [PATCH 173/306] Updated mainline nginx to 1.23.4. --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 4 ++-- update.sh | 6 +++--- 6 files changed, 13 insertions(+), 13 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 4cc786d52..134f44555 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.23.3-alpine +FROM nginx:1.23.4-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -55,7 +55,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"52a80f6c3b3914462f8a0b2fbadea950bcd79c1bd528386aff4c28d5a80c6920d783575a061a47b60fea800eef66bf5a0178a137ea51c37277fe9c2779715990 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"8f3f6c1ddd984c0c7320d3bea25eee42749db6d69c251223cf91d69b8d80b703ab39eb94fcf731399a7693ebd8dd37d1b3232ea1184ca98e5ca0ba6165e1a05c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 89ad64128..f35e861cc 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.17 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.3 +ENV NGINX_VERSION 1.23.4 ENV PKG_RELEASE 1 RUN set -x \ @@ -57,7 +57,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"52a80f6c3b3914462f8a0b2fbadea950bcd79c1bd528386aff4c28d5a80c6920d783575a061a47b60fea800eef66bf5a0178a137ea51c37277fe9c2779715990 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"8f3f6c1ddd984c0c7320d3bea25eee42749db6d69c251223cf91d69b8d80b703ab39eb94fcf731399a7693ebd8dd37d1b3232ea1184ca98e5ca0ba6165e1a05c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 68eacfd48..bb064be53 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.23.3-alpine-slim +FROM nginx:1.23.4-alpine-slim -ENV NJS_VERSION 0.7.9 +ENV NJS_VERSION 0.7.11 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"52a80f6c3b3914462f8a0b2fbadea950bcd79c1bd528386aff4c28d5a80c6920d783575a061a47b60fea800eef66bf5a0178a137ea51c37277fe9c2779715990 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"8f3f6c1ddd984c0c7320d3bea25eee42749db6d69c251223cf91d69b8d80b703ab39eb94fcf731399a7693ebd8dd37d1b3232ea1184ca98e5ca0ba6165e1a05c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index fc3044181..44ac453de 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.23.3 +FROM nginx:1.23.4 RUN set -x \ && apt-get update \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index e3e3f8440..31b13877d 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.3 -ENV NJS_VERSION 0.7.9 +ENV NGINX_VERSION 1.23.4 +ENV NJS_VERSION 0.7.11 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/update.sh b/update.sh index 662ff7f74..4c059b969 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.23.3' + [mainline]='1.23.4' [stable]='1.22.1' ) # Current njs versions declare -A njs=( - [mainline]='0.7.9' + [mainline]='0.7.11' [stable]='0.7.9' ) @@ -52,7 +52,7 @@ declare -A rev=( # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='52a80f6c3b3914462f8a0b2fbadea950bcd79c1bd528386aff4c28d5a80c6920d783575a061a47b60fea800eef66bf5a0178a137ea51c37277fe9c2779715990' + [mainline]='8f3f6c1ddd984c0c7320d3bea25eee42749db6d69c251223cf91d69b8d80b703ab39eb94fcf731399a7693ebd8dd37d1b3232ea1184ca98e5ca0ba6165e1a05c' [stable]='32a039e8d3cc54404a8ad4a31981e76a49632f1ebec2f45bb309689d6ba2f82e3e8aea8abf582b49931636ea53271b48a7e2f2ef8ebe35b167b3fe18b8b99852' ) From 7f1ef355dea083761951da16ab02ea2c37addbdd Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 28 Mar 2023 12:34:13 -0700 Subject: [PATCH 174/306] Updated njs for stable to 0.7.11. --- stable/alpine-perl/Dockerfile | 10 +++++----- stable/alpine-slim/Dockerfile | 10 +++++----- stable/alpine/Dockerfile | 12 ++++++------ stable/debian/Dockerfile | 2 +- update.sh | 6 +++--- 5 files changed, 20 insertions(+), 20 deletions(-) diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index b681d57c3..d929754c2 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -54,16 +54,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/757.tar.gz \ - && PKGOSSCHECKSUM=\"32a039e8d3cc54404a8ad4a31981e76a49632f1ebec2f45bb309689d6ba2f82e3e8aea8abf582b49931636ea53271b48a7e2f2ef8ebe35b167b3fe18b8b99852 *757.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 757.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/811.tar.gz \ + && PKGOSSCHECKSUM=\"c979fbdcc429d146f7fce922b0cc3f47dfbfbec5685af82395c59e21216dce47ef13fc26d610f1faabc0cb3a4ee58b42000c511bf77277f0898f5de55c868dcc *811.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 811.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 757.tar.gz \ - && cd pkg-oss-757 \ + && tar xzvf 811.tar.gz \ + && cd pkg-oss-811 \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index ba4905580..221f28b34 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/757.tar.gz \ - && PKGOSSCHECKSUM=\"32a039e8d3cc54404a8ad4a31981e76a49632f1ebec2f45bb309689d6ba2f82e3e8aea8abf582b49931636ea53271b48a7e2f2ef8ebe35b167b3fe18b8b99852 *757.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 757.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/811.tar.gz \ + && PKGOSSCHECKSUM=\"c979fbdcc429d146f7fce922b0cc3f47dfbfbec5685af82395c59e21216dce47ef13fc26d610f1faabc0cb3a4ee58b42000c511bf77277f0898f5de55c868dcc *811.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 811.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 757.tar.gz \ - && cd pkg-oss-757 \ + && tar xzvf 811.tar.gz \ + && cd pkg-oss-811 \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index f7bf38812..a5b7d644a 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -5,7 +5,7 @@ # FROM nginx:1.22.1-alpine-slim -ENV NJS_VERSION 0.7.9 +ENV NJS_VERSION 0.7.11 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -58,16 +58,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/757.tar.gz \ - && PKGOSSCHECKSUM=\"32a039e8d3cc54404a8ad4a31981e76a49632f1ebec2f45bb309689d6ba2f82e3e8aea8abf582b49931636ea53271b48a7e2f2ef8ebe35b167b3fe18b8b99852 *757.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 757.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/811.tar.gz \ + && PKGOSSCHECKSUM=\"c979fbdcc429d146f7fce922b0cc3f47dfbfbec5685af82395c59e21216dce47ef13fc26d610f1faabc0cb3a4ee58b42000c511bf77277f0898f5de55c868dcc *811.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 811.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 757.tar.gz \ - && cd pkg-oss-757 \ + && tar xzvf 811.tar.gz \ + && cd pkg-oss-811 \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 2bbeffd97..db048dd6e 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.22.1 -ENV NJS_VERSION 0.7.9 +ENV NJS_VERSION 0.7.11 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/update.sh b/update.sh index 4c059b969..421523772 100755 --- a/update.sh +++ b/update.sh @@ -19,7 +19,7 @@ declare -A nginx=( # Current njs versions declare -A njs=( [mainline]='0.7.11' - [stable]='0.7.9' + [stable]='0.7.11' ) # Current package patchlevel version @@ -45,7 +45,7 @@ declare -A alpine=( # Remember to update pkgosschecksum when changing this. declare -A rev=( [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' - [stable]='757' + [stable]='811' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code @@ -53,7 +53,7 @@ declare -A rev=( # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( [mainline]='8f3f6c1ddd984c0c7320d3bea25eee42749db6d69c251223cf91d69b8d80b703ab39eb94fcf731399a7693ebd8dd37d1b3232ea1184ca98e5ca0ba6165e1a05c' - [stable]='32a039e8d3cc54404a8ad4a31981e76a49632f1ebec2f45bb309689d6ba2f82e3e8aea8abf582b49931636ea53271b48a7e2f2ef8ebe35b167b3fe18b8b99852' + [stable]='c979fbdcc429d146f7fce922b0cc3f47dfbfbec5685af82395c59e21216dce47ef13fc26d610f1faabc0cb3a4ee58b42000c511bf77277f0898f5de55c868dcc' ) get_packages() { From 1a8d87b69760693a8e33cd8a9e0c2e5f0e8b0e3c Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 11 Apr 2023 12:57:07 -0700 Subject: [PATCH 175/306] Updated stable nginx to 1.24.0. --- generate-stackbrew-library.sh | 2 +- stable/alpine-perl/Dockerfile | 12 ++++++------ stable/alpine-slim/Dockerfile | 12 ++++++------ stable/alpine/Dockerfile | 14 +++++++------- stable/debian-perl/Dockerfile | 2 +- stable/debian/Dockerfile | 4 ++-- sync-awsecr.sh | 2 +- update.sh | 8 ++++---- 8 files changed, 28 insertions(+), 28 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index d5b71cb21..cb25d0138 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -4,7 +4,7 @@ set -eu declare -A aliases aliases=( [mainline]='1 1.23 latest' - [stable]='1.22' + [stable]='1.24' ) self="$(basename "$BASH_SOURCE")" diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index d929754c2..15cc834a9 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.22.1-alpine +FROM nginx:1.24.0-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -54,16 +54,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/811.tar.gz \ - && PKGOSSCHECKSUM=\"c979fbdcc429d146f7fce922b0cc3f47dfbfbec5685af82395c59e21216dce47ef13fc26d610f1faabc0cb3a4ee58b42000c511bf77277f0898f5de55c868dcc *811.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 811.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"dc47dbaeb1c0874b264d34ddfec40e7d2b814e7db48d144e12d5991c743ef5fcf780ecbab72324e562dd84bb9c0e4dd71d14850b20ceaf470c46f8fe7510275b *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 811.tar.gz \ - && cd pkg-oss-811 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 221f28b34..0f8c0b29c 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.17 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.22.1 +ENV NGINX_VERSION 1.24.0 ENV PKG_RELEASE 1 RUN set -x \ @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/811.tar.gz \ - && PKGOSSCHECKSUM=\"c979fbdcc429d146f7fce922b0cc3f47dfbfbec5685af82395c59e21216dce47ef13fc26d610f1faabc0cb3a4ee58b42000c511bf77277f0898f5de55c868dcc *811.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 811.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"dc47dbaeb1c0874b264d34ddfec40e7d2b814e7db48d144e12d5991c743ef5fcf780ecbab72324e562dd84bb9c0e4dd71d14850b20ceaf470c46f8fe7510275b *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 811.tar.gz \ - && cd pkg-oss-811 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index a5b7d644a..a5842e104 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.22.1-alpine-slim +FROM nginx:1.24.0-alpine-slim -ENV NJS_VERSION 0.7.11 +ENV NJS_VERSION 0.7.12 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -58,16 +58,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/811.tar.gz \ - && PKGOSSCHECKSUM=\"c979fbdcc429d146f7fce922b0cc3f47dfbfbec5685af82395c59e21216dce47ef13fc26d610f1faabc0cb3a4ee58b42000c511bf77277f0898f5de55c868dcc *811.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 811.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"dc47dbaeb1c0874b264d34ddfec40e7d2b814e7db48d144e12d5991c743ef5fcf780ecbab72324e562dd84bb9c0e4dd71d14850b20ceaf470c46f8fe7510275b *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 811.tar.gz \ - && cd pkg-oss-811 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 55d2b8ba4..e485478c8 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.22.1 +FROM nginx:1.24.0 RUN set -x \ && apt-get update \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index db048dd6e..be3ec6073 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.22.1 -ENV NJS_VERSION 0.7.11 +ENV NGINX_VERSION 1.24.0 +ENV NJS_VERSION 0.7.12 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/sync-awsecr.sh b/sync-awsecr.sh index 3e10a9ba1..015dd6304 100755 --- a/sync-awsecr.sh +++ b/sync-awsecr.sh @@ -7,7 +7,7 @@ registry="public.ecr.aws/z9d2n7e1" declare -A aliases aliases=( [mainline]='1 1.23 latest' - [stable]='1.22' + [stable]='1.24' ) architectures=( amd64 arm64v8 ) diff --git a/update.sh b/update.sh index 421523772..e545c72b7 100755 --- a/update.sh +++ b/update.sh @@ -13,13 +13,13 @@ declare branches=( # Remember to update pkgosschecksum when changing this. declare -A nginx=( [mainline]='1.23.4' - [stable]='1.22.1' + [stable]='1.24.0' ) # Current njs versions declare -A njs=( [mainline]='0.7.11' - [stable]='0.7.11' + [stable]='0.7.12' ) # Current package patchlevel version @@ -45,7 +45,7 @@ declare -A alpine=( # Remember to update pkgosschecksum when changing this. declare -A rev=( [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' - [stable]='811' + [stable]='${NGINX_VERSION}-${PKG_RELEASE}' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code @@ -53,7 +53,7 @@ declare -A rev=( # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( [mainline]='8f3f6c1ddd984c0c7320d3bea25eee42749db6d69c251223cf91d69b8d80b703ab39eb94fcf731399a7693ebd8dd37d1b3232ea1184ca98e5ca0ba6165e1a05c' - [stable]='c979fbdcc429d146f7fce922b0cc3f47dfbfbec5685af82395c59e21216dce47ef13fc26d610f1faabc0cb3a4ee58b42000c511bf77277f0898f5de55c868dcc' + [stable]='dc47dbaeb1c0874b264d34ddfec40e7d2b814e7db48d144e12d5991c743ef5fcf780ecbab72324e562dd84bb9c0e4dd71d14850b20ceaf470c46f8fe7510275b' ) get_packages() { From b053826f5ddc6cccd43ada260c8077744319363d Mon Sep 17 00:00:00 2001 From: Iain Henderson Date: Thu, 18 May 2023 07:08:35 -0400 Subject: [PATCH 176/306] 20-envsubst-on-templates.sh: added stream templating. Fixes: https://github.com/nginxinc/docker-nginx/pull/782 --- entrypoint/20-envsubst-on-templates.sh | 39 ++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/entrypoint/20-envsubst-on-templates.sh b/entrypoint/20-envsubst-on-templates.sh index d0398b1e1..f3fb9fcb9 100755 --- a/entrypoint/20-envsubst-on-templates.sh +++ b/entrypoint/20-envsubst-on-templates.sh @@ -10,10 +10,30 @@ entrypoint_log() { fi } +add_stream_block() { + local conffile="/etc/nginx/nginx.conf" + + if grep -q -E "\s*stream\s*\{" "$conffile"; then + entrypoint_log "$ME: $conffile contains a stream block; include $stream_output_dir/*.conf to enable stream templates" + else + # check if the file can be modified, e.g. not on a r/o filesystem + touch "$conffile" 2>/dev/null || { entrypoint_log "$ME: info: can not modify $conffile (read-only file system?)"; exit 0; } + entrypoint_log "$ME: Appending stream block to $conffile to include $stream_output_dir/*.conf" + cat << END >> "$conffile" +# added by "$ME" on "$(date)" +stream { + include $stream_output_dir/*.conf; +} +END + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local stream_suffix="${NGINX_ENVSUBST_STREAM_TEMPLATE_SUFFIX:-.stream-template}" + local stream_output_dir="${NGINX_ENVSUBST_STREAM_OUTPUT_DIR:-/etc/nginx/stream-conf.d}" local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir @@ -32,6 +52,25 @@ auto_envsubst() { entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done + + # Print the first file with the stream suffix, this will be false if there are none + if test -n "$(find "$template_dir" -name "*$stream_suffix" -print -quit)"; then + mkdir -p "$stream_output_dir" + if [ ! -w "$stream_output_dir" ]; then + entrypoint_log "$ME: ERROR: $template_dir exists, but $stream_output_dir is not writable" + return 0 + fi + add_stream_block + find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do + relative_path="${template#$template_dir/}" + output_path="$stream_output_dir/${relative_path%$stream_suffix}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$stream_output_dir/$subdir" + entrypoint_log "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done + fi } auto_envsubst From ee6b833b5d9d1966b85a5d318efc04cf8b1c1ba5 Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Tue, 23 May 2023 15:13:44 -0700 Subject: [PATCH 177/306] Bump NGINX mainline to 1.25.0, NJS to 0.7.12 --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine-slim/Dockerfile | 2 +- mainline/alpine/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 4 ++-- update.sh | 4 ++-- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 134f44555..9a97a76ff 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.23.4-alpine +FROM nginx:1.25.0-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index f35e861cc..cfac0da73 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.17 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.4 +ENV NGINX_VERSION 1.25.0 ENV PKG_RELEASE 1 RUN set -x \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index bb064be53..e02bf1e8a 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.23.4-alpine-slim +FROM nginx:1.25.0-alpine-slim -ENV NJS_VERSION 0.7.11 +ENV NJS_VERSION 0.7.12 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 44ac453de..fe8ab0e58 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.23.4 +FROM nginx:1.25.0 RUN set -x \ && apt-get update \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 31b13877d..c3ccd5d46 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.23.4 -ENV NJS_VERSION 0.7.11 +ENV NGINX_VERSION 1.25.0 +ENV NJS_VERSION 0.7.12 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/update.sh b/update.sh index e545c72b7..36e7cc089 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.23.4' + [mainline]='1.25.0' [stable]='1.24.0' ) # Current njs versions declare -A njs=( - [mainline]='0.7.11' + [mainline]='0.7.12' [stable]='0.7.12' ) From 123ef33694fccfefcb7db63251b21c0496537c76 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 May 2023 17:25:42 -0700 Subject: [PATCH 178/306] Updated pkgosschecksum to fetch sources for 1.25.0 builds. --- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine-slim/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- update.sh | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 9a97a76ff..93576b1c9 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -55,7 +55,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"8f3f6c1ddd984c0c7320d3bea25eee42749db6d69c251223cf91d69b8d80b703ab39eb94fcf731399a7693ebd8dd37d1b3232ea1184ca98e5ca0ba6165e1a05c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"18bee4bd498e0b8da765e8cd2d824e1027d40fd95d55fd59339cdb5d5e0e633795f4196c76045e86027cdfc6ab05a3cc0d39b25bd0a967f1edd47910d813262a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index cfac0da73..8edcb094a 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -57,7 +57,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"8f3f6c1ddd984c0c7320d3bea25eee42749db6d69c251223cf91d69b8d80b703ab39eb94fcf731399a7693ebd8dd37d1b3232ea1184ca98e5ca0ba6165e1a05c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"18bee4bd498e0b8da765e8cd2d824e1027d40fd95d55fd59339cdb5d5e0e633795f4196c76045e86027cdfc6ab05a3cc0d39b25bd0a967f1edd47910d813262a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index e02bf1e8a..901442b4a 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"8f3f6c1ddd984c0c7320d3bea25eee42749db6d69c251223cf91d69b8d80b703ab39eb94fcf731399a7693ebd8dd37d1b3232ea1184ca98e5ca0ba6165e1a05c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"18bee4bd498e0b8da765e8cd2d824e1027d40fd95d55fd59339cdb5d5e0e633795f4196c76045e86027cdfc6ab05a3cc0d39b25bd0a967f1edd47910d813262a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/update.sh b/update.sh index 36e7cc089..c8363f984 100755 --- a/update.sh +++ b/update.sh @@ -52,7 +52,7 @@ declare -A rev=( # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='8f3f6c1ddd984c0c7320d3bea25eee42749db6d69c251223cf91d69b8d80b703ab39eb94fcf731399a7693ebd8dd37d1b3232ea1184ca98e5ca0ba6165e1a05c' + [mainline]='18bee4bd498e0b8da765e8cd2d824e1027d40fd95d55fd59339cdb5d5e0e633795f4196c76045e86027cdfc6ab05a3cc0d39b25bd0a967f1edd47910d813262a' [stable]='dc47dbaeb1c0874b264d34ddfec40e7d2b814e7db48d144e12d5991c743ef5fcf780ecbab72324e562dd84bb9c0e4dd71d14850b20ceaf470c46f8fe7510275b' ) From 3591b5e431af710432bd4852d9ee26eb19992776 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 May 2023 17:31:05 -0700 Subject: [PATCH 179/306] Updated mainline entrypoints after b053826f5ddc6cccd43ada260c8077744319363d. --- .../alpine-slim/20-envsubst-on-templates.sh | 39 +++++++++++++++++++ mainline/debian/20-envsubst-on-templates.sh | 39 +++++++++++++++++++ 2 files changed, 78 insertions(+) diff --git a/mainline/alpine-slim/20-envsubst-on-templates.sh b/mainline/alpine-slim/20-envsubst-on-templates.sh index d0398b1e1..f3fb9fcb9 100755 --- a/mainline/alpine-slim/20-envsubst-on-templates.sh +++ b/mainline/alpine-slim/20-envsubst-on-templates.sh @@ -10,10 +10,30 @@ entrypoint_log() { fi } +add_stream_block() { + local conffile="/etc/nginx/nginx.conf" + + if grep -q -E "\s*stream\s*\{" "$conffile"; then + entrypoint_log "$ME: $conffile contains a stream block; include $stream_output_dir/*.conf to enable stream templates" + else + # check if the file can be modified, e.g. not on a r/o filesystem + touch "$conffile" 2>/dev/null || { entrypoint_log "$ME: info: can not modify $conffile (read-only file system?)"; exit 0; } + entrypoint_log "$ME: Appending stream block to $conffile to include $stream_output_dir/*.conf" + cat << END >> "$conffile" +# added by "$ME" on "$(date)" +stream { + include $stream_output_dir/*.conf; +} +END + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local stream_suffix="${NGINX_ENVSUBST_STREAM_TEMPLATE_SUFFIX:-.stream-template}" + local stream_output_dir="${NGINX_ENVSUBST_STREAM_OUTPUT_DIR:-/etc/nginx/stream-conf.d}" local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir @@ -32,6 +52,25 @@ auto_envsubst() { entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done + + # Print the first file with the stream suffix, this will be false if there are none + if test -n "$(find "$template_dir" -name "*$stream_suffix" -print -quit)"; then + mkdir -p "$stream_output_dir" + if [ ! -w "$stream_output_dir" ]; then + entrypoint_log "$ME: ERROR: $template_dir exists, but $stream_output_dir is not writable" + return 0 + fi + add_stream_block + find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do + relative_path="${template#$template_dir/}" + output_path="$stream_output_dir/${relative_path%$stream_suffix}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$stream_output_dir/$subdir" + entrypoint_log "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done + fi } auto_envsubst diff --git a/mainline/debian/20-envsubst-on-templates.sh b/mainline/debian/20-envsubst-on-templates.sh index d0398b1e1..f3fb9fcb9 100755 --- a/mainline/debian/20-envsubst-on-templates.sh +++ b/mainline/debian/20-envsubst-on-templates.sh @@ -10,10 +10,30 @@ entrypoint_log() { fi } +add_stream_block() { + local conffile="/etc/nginx/nginx.conf" + + if grep -q -E "\s*stream\s*\{" "$conffile"; then + entrypoint_log "$ME: $conffile contains a stream block; include $stream_output_dir/*.conf to enable stream templates" + else + # check if the file can be modified, e.g. not on a r/o filesystem + touch "$conffile" 2>/dev/null || { entrypoint_log "$ME: info: can not modify $conffile (read-only file system?)"; exit 0; } + entrypoint_log "$ME: Appending stream block to $conffile to include $stream_output_dir/*.conf" + cat << END >> "$conffile" +# added by "$ME" on "$(date)" +stream { + include $stream_output_dir/*.conf; +} +END + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local stream_suffix="${NGINX_ENVSUBST_STREAM_TEMPLATE_SUFFIX:-.stream-template}" + local stream_output_dir="${NGINX_ENVSUBST_STREAM_OUTPUT_DIR:-/etc/nginx/stream-conf.d}" local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir @@ -32,6 +52,25 @@ auto_envsubst() { entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done + + # Print the first file with the stream suffix, this will be false if there are none + if test -n "$(find "$template_dir" -name "*$stream_suffix" -print -quit)"; then + mkdir -p "$stream_output_dir" + if [ ! -w "$stream_output_dir" ]; then + entrypoint_log "$ME: ERROR: $template_dir exists, but $stream_output_dir is not writable" + return 0 + fi + add_stream_block + find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do + relative_path="${template#$template_dir/}" + output_path="$stream_output_dir/${relative_path%$stream_suffix}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$stream_output_dir/$subdir" + entrypoint_log "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done + fi } auto_envsubst From 0cfc9381f01c6cd455e014ad738b5bcdffe8024c Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 24 May 2023 09:45:03 -0700 Subject: [PATCH 180/306] Bumped mainline version to 1.25 in auxiliary scripts. --- generate-stackbrew-library.sh | 2 +- sync-awsecr.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index cb25d0138..eba3c3210 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -3,7 +3,7 @@ set -eu declare -A aliases aliases=( - [mainline]='1 1.23 latest' + [mainline]='1 1.25 latest' [stable]='1.24' ) diff --git a/sync-awsecr.sh b/sync-awsecr.sh index 015dd6304..8730f1b9a 100755 --- a/sync-awsecr.sh +++ b/sync-awsecr.sh @@ -6,7 +6,7 @@ registry="public.ecr.aws/z9d2n7e1" declare -A aliases aliases=( - [mainline]='1 1.23 latest' + [mainline]='1 1.25 latest' [stable]='1.24' ) From 2b0c2850785c31550087ab9010c6b7cf0890f714 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 24 May 2023 18:51:40 -0700 Subject: [PATCH 181/306] Added a local resolver entrypoint script. If enabled via NGINX_ENTRYPOINT_LOCAL_RESOLVERS variable, this script will populate NGINX_LOCAL_RESOLVERS variable that can be used in the envsubst-base templating to populate the configuration files. Fixes https://github.com/nginxinc/docker-nginx/issues/673 --- Dockerfile-alpine-slim.template | 1 + Dockerfile-debian.template | 1 + entrypoint/15-local-resolvers.envsh | 11 +++++++++++ 3 files changed, 13 insertions(+) create mode 100755 entrypoint/15-local-resolvers.envsh diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template index 57b9be42d..65be89165 100644 --- a/Dockerfile-alpine-slim.template +++ b/Dockerfile-alpine-slim.template @@ -104,6 +104,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 15-local-resolvers.envsh /docker-entrypoint.d COPY 20-envsubst-on-templates.sh /docker-entrypoint.d COPY 30-tune-worker-processes.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index b4f3bd94d..404094f18 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -97,6 +97,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 15-local-resolvers.envsh /docker-entrypoint.d COPY 20-envsubst-on-templates.sh /docker-entrypoint.d COPY 30-tune-worker-processes.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] diff --git a/entrypoint/15-local-resolvers.envsh b/entrypoint/15-local-resolvers.envsh new file mode 100755 index 000000000..12d928490 --- /dev/null +++ b/entrypoint/15-local-resolvers.envsh @@ -0,0 +1,11 @@ +#!/bin/sh +# vim:sw=2:ts=2:sts=2:et + +set -eu + +LC_ALL=C +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +if [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS}" ]; then + export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +fi From 9f5b41a99cd6f6da6afa615849c41b1393483106 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 26 May 2023 16:41:07 -0700 Subject: [PATCH 182/306] Added alpine-slim to sync script. --- sync-awsecr.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sync-awsecr.sh b/sync-awsecr.sh index 8730f1b9a..5065c3b55 100755 --- a/sync-awsecr.sh +++ b/sync-awsecr.sh @@ -55,7 +55,7 @@ for version in "${versions[@]}"; do commit="$(dirCommit "$version/$base")" fullVersion="$(git show "$commit":"$version/$base/Dockerfile" | awk '$1 == "ENV" && $2 == "NGINX_VERSION" { print $3; exit }')" pulllist+=( "$image:$fullVersion" ) - for variant in perl alpine alpine-perl; do + for variant in perl alpine alpine-perl alpine-slim; do pulllist+=( "$image:$fullVersion-$variant" ) done done @@ -86,7 +86,7 @@ for version in "${versions[@]}"; do done done - for variant in alpine alpine-perl; do + for variant in alpine alpine-perl alpine-slim; do commit="$(dirCommit "$version/$variant")" variantAliases=( "${versionAliases[@]/%/-$variant}" ) From 526d1db8dc40e3445a2cad48a2193db9e763f349 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 30 May 2023 11:52:56 -0700 Subject: [PATCH 183/306] update.sh: copy *.envsh to target directories. --- update.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/update.sh b/update.sh index c8363f984..2dcbb20d9 100755 --- a/update.sh +++ b/update.sh @@ -203,5 +203,6 @@ for branch in "${branches[@]}"; do echo "$branch: $variant entrypoint scripts" dir="$branch/$variant" cp -a entrypoint/*.sh "$dir/" + cp -a entrypoint/*.envsh "$dir/" done done From 10fa7fccfbfcaf172e2da956ba21e053020029ac Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 30 May 2023 14:01:57 -0700 Subject: [PATCH 184/306] Updated entrypoints and dockerfiles after recent commits. --- mainline/alpine-slim/15-local-resolvers.envsh | 11 ++++++ mainline/alpine-slim/Dockerfile | 1 + mainline/debian/15-local-resolvers.envsh | 11 ++++++ mainline/debian/Dockerfile | 1 + stable/alpine-slim/15-local-resolvers.envsh | 11 ++++++ .../alpine-slim/20-envsubst-on-templates.sh | 39 +++++++++++++++++++ stable/alpine-slim/Dockerfile | 1 + stable/debian/15-local-resolvers.envsh | 11 ++++++ stable/debian/20-envsubst-on-templates.sh | 39 +++++++++++++++++++ stable/debian/Dockerfile | 1 + 10 files changed, 126 insertions(+) create mode 100755 mainline/alpine-slim/15-local-resolvers.envsh create mode 100755 mainline/debian/15-local-resolvers.envsh create mode 100755 stable/alpine-slim/15-local-resolvers.envsh create mode 100755 stable/debian/15-local-resolvers.envsh diff --git a/mainline/alpine-slim/15-local-resolvers.envsh b/mainline/alpine-slim/15-local-resolvers.envsh new file mode 100755 index 000000000..12d928490 --- /dev/null +++ b/mainline/alpine-slim/15-local-resolvers.envsh @@ -0,0 +1,11 @@ +#!/bin/sh +# vim:sw=2:ts=2:sts=2:et + +set -eu + +LC_ALL=C +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +if [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS}" ]; then + export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +fi diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 8edcb094a..dbc44b3e2 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -110,6 +110,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 15-local-resolvers.envsh /docker-entrypoint.d COPY 20-envsubst-on-templates.sh /docker-entrypoint.d COPY 30-tune-worker-processes.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] diff --git a/mainline/debian/15-local-resolvers.envsh b/mainline/debian/15-local-resolvers.envsh new file mode 100755 index 000000000..12d928490 --- /dev/null +++ b/mainline/debian/15-local-resolvers.envsh @@ -0,0 +1,11 @@ +#!/bin/sh +# vim:sw=2:ts=2:sts=2:et + +set -eu + +LC_ALL=C +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +if [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS}" ]; then + export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +fi diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index c3ccd5d46..a4ee7e6b2 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -107,6 +107,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 15-local-resolvers.envsh /docker-entrypoint.d COPY 20-envsubst-on-templates.sh /docker-entrypoint.d COPY 30-tune-worker-processes.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] diff --git a/stable/alpine-slim/15-local-resolvers.envsh b/stable/alpine-slim/15-local-resolvers.envsh new file mode 100755 index 000000000..12d928490 --- /dev/null +++ b/stable/alpine-slim/15-local-resolvers.envsh @@ -0,0 +1,11 @@ +#!/bin/sh +# vim:sw=2:ts=2:sts=2:et + +set -eu + +LC_ALL=C +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +if [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS}" ]; then + export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +fi diff --git a/stable/alpine-slim/20-envsubst-on-templates.sh b/stable/alpine-slim/20-envsubst-on-templates.sh index d0398b1e1..f3fb9fcb9 100755 --- a/stable/alpine-slim/20-envsubst-on-templates.sh +++ b/stable/alpine-slim/20-envsubst-on-templates.sh @@ -10,10 +10,30 @@ entrypoint_log() { fi } +add_stream_block() { + local conffile="/etc/nginx/nginx.conf" + + if grep -q -E "\s*stream\s*\{" "$conffile"; then + entrypoint_log "$ME: $conffile contains a stream block; include $stream_output_dir/*.conf to enable stream templates" + else + # check if the file can be modified, e.g. not on a r/o filesystem + touch "$conffile" 2>/dev/null || { entrypoint_log "$ME: info: can not modify $conffile (read-only file system?)"; exit 0; } + entrypoint_log "$ME: Appending stream block to $conffile to include $stream_output_dir/*.conf" + cat << END >> "$conffile" +# added by "$ME" on "$(date)" +stream { + include $stream_output_dir/*.conf; +} +END + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local stream_suffix="${NGINX_ENVSUBST_STREAM_TEMPLATE_SUFFIX:-.stream-template}" + local stream_output_dir="${NGINX_ENVSUBST_STREAM_OUTPUT_DIR:-/etc/nginx/stream-conf.d}" local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir @@ -32,6 +52,25 @@ auto_envsubst() { entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done + + # Print the first file with the stream suffix, this will be false if there are none + if test -n "$(find "$template_dir" -name "*$stream_suffix" -print -quit)"; then + mkdir -p "$stream_output_dir" + if [ ! -w "$stream_output_dir" ]; then + entrypoint_log "$ME: ERROR: $template_dir exists, but $stream_output_dir is not writable" + return 0 + fi + add_stream_block + find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do + relative_path="${template#$template_dir/}" + output_path="$stream_output_dir/${relative_path%$stream_suffix}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$stream_output_dir/$subdir" + entrypoint_log "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done + fi } auto_envsubst diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 0f8c0b29c..c650e81fc 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -110,6 +110,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 15-local-resolvers.envsh /docker-entrypoint.d COPY 20-envsubst-on-templates.sh /docker-entrypoint.d COPY 30-tune-worker-processes.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] diff --git a/stable/debian/15-local-resolvers.envsh b/stable/debian/15-local-resolvers.envsh new file mode 100755 index 000000000..12d928490 --- /dev/null +++ b/stable/debian/15-local-resolvers.envsh @@ -0,0 +1,11 @@ +#!/bin/sh +# vim:sw=2:ts=2:sts=2:et + +set -eu + +LC_ALL=C +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +if [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS}" ]; then + export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +fi diff --git a/stable/debian/20-envsubst-on-templates.sh b/stable/debian/20-envsubst-on-templates.sh index d0398b1e1..f3fb9fcb9 100755 --- a/stable/debian/20-envsubst-on-templates.sh +++ b/stable/debian/20-envsubst-on-templates.sh @@ -10,10 +10,30 @@ entrypoint_log() { fi } +add_stream_block() { + local conffile="/etc/nginx/nginx.conf" + + if grep -q -E "\s*stream\s*\{" "$conffile"; then + entrypoint_log "$ME: $conffile contains a stream block; include $stream_output_dir/*.conf to enable stream templates" + else + # check if the file can be modified, e.g. not on a r/o filesystem + touch "$conffile" 2>/dev/null || { entrypoint_log "$ME: info: can not modify $conffile (read-only file system?)"; exit 0; } + entrypoint_log "$ME: Appending stream block to $conffile to include $stream_output_dir/*.conf" + cat << END >> "$conffile" +# added by "$ME" on "$(date)" +stream { + include $stream_output_dir/*.conf; +} +END + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" + local stream_suffix="${NGINX_ENVSUBST_STREAM_TEMPLATE_SUFFIX:-.stream-template}" + local stream_output_dir="${NGINX_ENVSUBST_STREAM_OUTPUT_DIR:-/etc/nginx/stream-conf.d}" local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir @@ -32,6 +52,25 @@ auto_envsubst() { entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done + + # Print the first file with the stream suffix, this will be false if there are none + if test -n "$(find "$template_dir" -name "*$stream_suffix" -print -quit)"; then + mkdir -p "$stream_output_dir" + if [ ! -w "$stream_output_dir" ]; then + entrypoint_log "$ME: ERROR: $template_dir exists, but $stream_output_dir is not writable" + return 0 + fi + add_stream_block + find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do + relative_path="${template#$template_dir/}" + output_path="$stream_output_dir/${relative_path%$stream_suffix}" + subdir=$(dirname "$relative_path") + # create a subdirectory where the template file exists + mkdir -p "$stream_output_dir/$subdir" + entrypoint_log "$ME: Running envsubst on $template to $output_path" + envsubst "$defined_envs" < "$template" > "$output_path" + done + fi } auto_envsubst diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index be3ec6073..0b7ec02b3 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -107,6 +107,7 @@ RUN set -x \ COPY docker-entrypoint.sh / COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 15-local-resolvers.envsh /docker-entrypoint.d COPY 20-envsubst-on-templates.sh /docker-entrypoint.d COPY 30-tune-worker-processes.sh /docker-entrypoint.d ENTRYPOINT ["/docker-entrypoint.sh"] From b3fc0e631e0eabfd842c04b9fae5345a9264334e Mon Sep 17 00:00:00 2001 From: J0WI Date: Fri, 2 Jun 2023 14:24:50 +0200 Subject: [PATCH 185/306] Add no-network option --- Dockerfile-alpine-perl.template | 4 ++-- Dockerfile-alpine-slim.template | 6 +++--- Dockerfile-alpine.template | 4 ++-- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 6 +++--- mainline/alpine/Dockerfile | 4 ++-- stable/alpine-perl/Dockerfile | 4 ++-- stable/alpine-slim/Dockerfile | 6 +++--- stable/alpine/Dockerfile | 4 ++-- 9 files changed, 21 insertions(+), 21 deletions(-) diff --git a/Dockerfile-alpine-perl.template b/Dockerfile-alpine-perl.template index a1aaac54f..c4e064004 100644 --- a/Dockerfile-alpine-perl.template +++ b/Dockerfile-alpine-perl.template @@ -59,12 +59,12 @@ RUN set -x \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ - && apk del .build-deps \ + && apk del --no-network .build-deps \ && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ # remove checksum deps - && apk del .checksum-deps \ + && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template index 65be89165..7c8347e90 100644 --- a/Dockerfile-alpine-slim.template +++ b/Dockerfile-alpine-slim.template @@ -66,12 +66,12 @@ RUN set -x \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ - && apk del .build-deps \ + && apk del --no-network .build-deps \ && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ # remove checksum deps - && apk del .checksum-deps \ + && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ @@ -91,7 +91,7 @@ RUN set -x \ | sort -u \ )" \ && apk add --no-cache $runDeps \ - && apk del .gettext \ + && apk del --no-network .gettext \ && mv /tmp/envsubst /usr/local/bin/ \ # Bring in tzdata so users could set the timezones through the environment # variables diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 8c464dfd4..ba91fe6cc 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -64,12 +64,12 @@ RUN set -x \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ - && apk del .build-deps \ + && apk del --no-network .build-deps \ && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ # remove checksum deps - && apk del .checksum-deps \ + && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 93576b1c9..18d3aaead 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -70,12 +70,12 @@ RUN set -x \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ - && apk del .build-deps \ + && apk del --no-network .build-deps \ && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ # remove checksum deps - && apk del .checksum-deps \ + && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index dbc44b3e2..6c56ba68f 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -72,12 +72,12 @@ RUN set -x \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ - && apk del .build-deps \ + && apk del --no-network .build-deps \ && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ # remove checksum deps - && apk del .checksum-deps \ + && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ @@ -97,7 +97,7 @@ RUN set -x \ | sort -u \ )" \ && apk add --no-cache $runDeps \ - && apk del .gettext \ + && apk del --no-network .gettext \ && mv /tmp/envsubst /usr/local/bin/ \ # Bring in tzdata so users could set the timezones through the environment # variables diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 901442b4a..1741b7bf4 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -74,12 +74,12 @@ RUN set -x \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ - && apk del .build-deps \ + && apk del --no-network .build-deps \ && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ # remove checksum deps - && apk del .checksum-deps \ + && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 15cc834a9..7d1c92c0d 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -70,12 +70,12 @@ RUN set -x \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ - && apk del .build-deps \ + && apk del --no-network .build-deps \ && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ # remove checksum deps - && apk del .checksum-deps \ + && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index c650e81fc..464de81f8 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -72,12 +72,12 @@ RUN set -x \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ - && apk del .build-deps \ + && apk del --no-network .build-deps \ && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ # remove checksum deps - && apk del .checksum-deps \ + && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ @@ -97,7 +97,7 @@ RUN set -x \ | sort -u \ )" \ && apk add --no-cache $runDeps \ - && apk del .gettext \ + && apk del --no-network .gettext \ && mv /tmp/envsubst /usr/local/bin/ \ # Bring in tzdata so users could set the timezones through the environment # variables diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index a5842e104..0c8c69691 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -74,12 +74,12 @@ RUN set -x \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ - && apk del .build-deps \ + && apk del --no-network .build-deps \ && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ # remove checksum deps - && apk del .checksum-deps \ + && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ From 1d46d905b1e75b30ebce631fe8de8a7282e0f404 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 13 Jun 2023 11:47:50 -0700 Subject: [PATCH 186/306] Updated mainline nginx to 1.25.1. --- update.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/update.sh b/update.sh index 2dcbb20d9..2b5797dce 100755 --- a/update.sh +++ b/update.sh @@ -12,7 +12,7 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.25.0' + [mainline]='1.25.1' [stable]='1.24.0' ) @@ -52,7 +52,7 @@ declare -A rev=( # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='18bee4bd498e0b8da765e8cd2d824e1027d40fd95d55fd59339cdb5d5e0e633795f4196c76045e86027cdfc6ab05a3cc0d39b25bd0a967f1edd47910d813262a' + [mainline]='dd08a5c2b441817d58ffc91ade0d927a21bc9854c768391e92a005997a2961bcda64ca6a5cfce98d5394ac2787c8f4839b150f206835a8a7db944625651f9fd8' [stable]='dc47dbaeb1c0874b264d34ddfec40e7d2b814e7db48d144e12d5991c743ef5fcf780ecbab72324e562dd84bb9c0e4dd71d14850b20ceaf470c46f8fe7510275b' ) From dc87ccb2f43156de35f682e7c85d3a848f0fcace Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 13 Jun 2023 11:48:15 -0700 Subject: [PATCH 187/306] Moved mainline nginx to Debian 12 "Bookworm". --- update.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/update.sh b/update.sh index 2b5797dce..3d4feb4b5 100755 --- a/update.sh +++ b/update.sh @@ -30,7 +30,7 @@ declare -A pkg=( ) declare -A debian=( - [mainline]='bullseye' + [mainline]='bookworm' [stable]='bullseye' ) From 4ac589e5161def34bb9e02324fb52ed337611f48 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 13 Jun 2023 11:56:07 -0700 Subject: [PATCH 188/306] Debian: move to groupadd/useradd. --- Dockerfile-debian.template | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 404094f18..4615a39fd 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -8,8 +8,8 @@ ENV PKG_RELEASE %%PKG_RELEASE%% RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants - && addgroup --system --gid 101 nginx \ - && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ + && groupadd --system --gid 101 nginx \ + && useradd --system --gid nginx --no-create-home --home /nonexistent --comment "nginx user" --shell /bin/false --uid 101 nginx \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ From 5673d69221fa0367040d60397cc0d39ee892f4d5 Mon Sep 17 00:00:00 2001 From: Eugene Venter Date: Wed, 7 Jun 2023 14:15:32 +1200 Subject: [PATCH 189/306] fix unbound variable issue in local resolver entrypoint script --- entrypoint/15-local-resolvers.envsh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/entrypoint/15-local-resolvers.envsh b/entrypoint/15-local-resolvers.envsh index 12d928490..930621598 100755 --- a/entrypoint/15-local-resolvers.envsh +++ b/entrypoint/15-local-resolvers.envsh @@ -6,6 +6,6 @@ set -eu LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin -if [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS}" ]; then - export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) -fi +[ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 + +export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) From 7870605f4b93d86e898af291086d77ab9e6b96e3 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 13 Jun 2023 14:29:53 -0700 Subject: [PATCH 190/306] Updated entrypoints and dockerfiles after recent commits. --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/15-local-resolvers.envsh | 6 +++--- mainline/alpine-slim/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 6 +++--- mainline/debian/15-local-resolvers.envsh | 6 +++--- mainline/debian/Dockerfile | 14 +++++++------- stable/alpine-slim/15-local-resolvers.envsh | 6 +++--- stable/debian/15-local-resolvers.envsh | 6 +++--- stable/debian/Dockerfile | 4 ++-- 10 files changed, 30 insertions(+), 30 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 18d3aaead..1de479d1f 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.0-alpine +FROM nginx:1.25.1-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -55,7 +55,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"18bee4bd498e0b8da765e8cd2d824e1027d40fd95d55fd59339cdb5d5e0e633795f4196c76045e86027cdfc6ab05a3cc0d39b25bd0a967f1edd47910d813262a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"dd08a5c2b441817d58ffc91ade0d927a21bc9854c768391e92a005997a2961bcda64ca6a5cfce98d5394ac2787c8f4839b150f206835a8a7db944625651f9fd8 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/15-local-resolvers.envsh b/mainline/alpine-slim/15-local-resolvers.envsh index 12d928490..930621598 100755 --- a/mainline/alpine-slim/15-local-resolvers.envsh +++ b/mainline/alpine-slim/15-local-resolvers.envsh @@ -6,6 +6,6 @@ set -eu LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin -if [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS}" ]; then - export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) -fi +[ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 + +export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 6c56ba68f..fc36884d3 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.17 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.25.0 +ENV NGINX_VERSION 1.25.1 ENV PKG_RELEASE 1 RUN set -x \ @@ -57,7 +57,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"18bee4bd498e0b8da765e8cd2d824e1027d40fd95d55fd59339cdb5d5e0e633795f4196c76045e86027cdfc6ab05a3cc0d39b25bd0a967f1edd47910d813262a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"dd08a5c2b441817d58ffc91ade0d927a21bc9854c768391e92a005997a2961bcda64ca6a5cfce98d5394ac2787c8f4839b150f206835a8a7db944625651f9fd8 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 1741b7bf4..6f8961d64 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.0-alpine-slim +FROM nginx:1.25.1-alpine-slim ENV NJS_VERSION 0.7.12 @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"18bee4bd498e0b8da765e8cd2d824e1027d40fd95d55fd59339cdb5d5e0e633795f4196c76045e86027cdfc6ab05a3cc0d39b25bd0a967f1edd47910d813262a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"dd08a5c2b441817d58ffc91ade0d927a21bc9854c768391e92a005997a2961bcda64ca6a5cfce98d5394ac2787c8f4839b150f206835a8a7db944625651f9fd8 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index fe8ab0e58..377cadb9f 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.0 +FROM nginx:1.25.1 RUN set -x \ && apt-get update \ @@ -36,13 +36,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ diff --git a/mainline/debian/15-local-resolvers.envsh b/mainline/debian/15-local-resolvers.envsh index 12d928490..930621598 100755 --- a/mainline/debian/15-local-resolvers.envsh +++ b/mainline/debian/15-local-resolvers.envsh @@ -6,6 +6,6 @@ set -eu LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin -if [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS}" ]; then - export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) -fi +[ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 + +export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index a4ee7e6b2..0a169d135 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -3,18 +3,18 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM debian:bullseye-slim +FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.25.0 +ENV NGINX_VERSION 1.25.1 ENV NJS_VERSION 0.7.12 -ENV PKG_RELEASE 1~bullseye +ENV PKG_RELEASE 1~bookworm RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants - && addgroup --system --gid 101 nginx \ - && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ + && groupadd --system --gid 101 nginx \ + && useradd --system --gid nginx --no-create-home --home /nonexistent --comment "nginx user" --shell /bin/false --uid 101 nginx \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ @@ -44,13 +44,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ diff --git a/stable/alpine-slim/15-local-resolvers.envsh b/stable/alpine-slim/15-local-resolvers.envsh index 12d928490..930621598 100755 --- a/stable/alpine-slim/15-local-resolvers.envsh +++ b/stable/alpine-slim/15-local-resolvers.envsh @@ -6,6 +6,6 @@ set -eu LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin -if [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS}" ]; then - export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) -fi +[ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 + +export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) diff --git a/stable/debian/15-local-resolvers.envsh b/stable/debian/15-local-resolvers.envsh index 12d928490..930621598 100755 --- a/stable/debian/15-local-resolvers.envsh +++ b/stable/debian/15-local-resolvers.envsh @@ -6,6 +6,6 @@ set -eu LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin -if [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS}" ]; then - export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) -fi +[ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 + +export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 0b7ec02b3..e4b6286b3 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -13,8 +13,8 @@ ENV PKG_RELEASE 1~bullseye RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants - && addgroup --system --gid 101 nginx \ - && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \ + && groupadd --system --gid 101 nginx \ + && useradd --system --gid nginx --no-create-home --home /nonexistent --comment "nginx user" --shell /bin/false --uid 101 nginx \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ From 14607f5700c82b0383dbeb29a8313f19363a1ce9 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 13 Jun 2023 16:26:21 -0700 Subject: [PATCH 191/306] Added Github CI and functional tests. --- .github/workflows/ci.yml | 49 +++++++++++++++++ .test/config.sh | 9 +++ .test/tests/ipv6/expected-std-out.txt | 2 + .test/tests/ipv6/run.sh | 52 ++++++++++++++++++ .test/tests/static/run.sh | 46 ++++++++++++++++ .test/tests/templates-resolver/run.sh | 51 +++++++++++++++++ .../templates-resolver/server.conf.template | 9 +++ .test/tests/templates/run.sh | 51 +++++++++++++++++ .test/tests/templates/server.conf.template | 7 +++ .test/tests/workers/expected-std-out.txt | 2 + .test/tests/workers/run.sh | 55 +++++++++++++++++++ .test/tests/workers/server.conf.template | 7 +++ 12 files changed, 340 insertions(+) create mode 100644 .github/workflows/ci.yml create mode 100755 .test/config.sh create mode 100644 .test/tests/ipv6/expected-std-out.txt create mode 100755 .test/tests/ipv6/run.sh create mode 100755 .test/tests/static/run.sh create mode 100755 .test/tests/templates-resolver/run.sh create mode 100644 .test/tests/templates-resolver/server.conf.template create mode 100755 .test/tests/templates/run.sh create mode 100644 .test/tests/templates/server.conf.template create mode 100644 .test/tests/workers/expected-std-out.txt create mode 100755 .test/tests/workers/run.sh create mode 100644 .test/tests/workers/server.conf.template diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 000000000..30eccf55b --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,49 @@ +name: GitHub CI + +on: + pull_request: + push: + schedule: + - cron: 0 10 * * Mon + +defaults: + run: + shell: 'bash -Eeuo pipefail -x {0}' + +jobs: + + generate-jobs: + name: Generate Jobs + runs-on: ubuntu-latest + outputs: + strategy: ${{ steps.generate-jobs.outputs.strategy }} + steps: + - uses: actions/checkout@v3 + - uses: docker-library/bashbrew@v0.1.8 + - id: generate-jobs + name: Generate Jobs + run: | + strategy="$(GITHUB_REPOSITORY=nginx "$BASHBREW_SCRIPTS/github-actions/generate.sh")" + strategy="$(GITHUB_REPOSITORY=nginx "$BASHBREW_SCRIPTS/github-actions/munge-i386.sh" -c <<<"$strategy")" + echo "strategy=$strategy" >> "$GITHUB_OUTPUT" + jq . <<<"$strategy" # sanity check / debugging aid + + test: + needs: generate-jobs + strategy: ${{ fromJson(needs.generate-jobs.outputs.strategy) }} + name: ${{ matrix.name }} + runs-on: ${{ matrix.os }} + steps: + - uses: actions/checkout@v3 + - name: Prepare Environment + run: ${{ matrix.runs.prepare }} + - name: Pull Dependencies + run: ${{ matrix.runs.pull }} + - name: Build ${{ matrix.name }} + run: ${{ matrix.runs.build }} + - name: History ${{ matrix.name }} + run: ${{ matrix.runs.history }} + - name: Test ${{ matrix.name }} + run: ${{ matrix.runs.test }} + - name: '"docker images"' + run: ${{ matrix.runs.images }} diff --git a/.test/config.sh b/.test/config.sh new file mode 100755 index 000000000..6d6b74ed3 --- /dev/null +++ b/.test/config.sh @@ -0,0 +1,9 @@ +imageTests+=( + [nginx]=' + ipv6 + static + templates + templates-resolver + workers + ' +) diff --git a/.test/tests/ipv6/expected-std-out.txt b/.test/tests/ipv6/expected-std-out.txt new file mode 100644 index 000000000..f16a08766 --- /dev/null +++ b/.test/tests/ipv6/expected-std-out.txt @@ -0,0 +1,2 @@ +

Welcome to nginx!

+10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf diff --git a/.test/tests/ipv6/run.sh b/.test/tests/ipv6/run.sh new file mode 100755 index 000000000..0235db6b5 --- /dev/null +++ b/.test/tests/ipv6/run.sh @@ -0,0 +1,52 @@ +#!/bin/bash + +[ "$DEBUG" ] && set -x + +set -eo pipefail + +# check if we have ipv6 available +if [ ! -f "/proc/net/if_inet6" ]; then + exit 0 +fi + +dir="$(dirname "$(readlink -f "$BASH_SOURCE")")" + +image="$1" + +clientImage='buildpack-deps:buster-curl' +# ensure the clientImage is ready and available +if ! docker image inspect "$clientImage" &> /dev/null; then + docker pull "$clientImage" > /dev/null +fi + +cid="$(docker run -d "$image")" +trap "docker rm -vf $cid > /dev/null" EXIT + +_request() { + local method="$1" + shift + + local proto="$1" + shift + + local url="${1#/}" + shift + + if [ "$(docker inspect -f '{{.State.Running}}' "$cid" 2>/dev/null)" != 'true' ]; then + echo >&2 "$image stopped unexpectedly!" + ( set -x && docker logs "$cid" ) >&2 || true + false + fi + + docker run --rm \ + --link "$cid":nginx \ + "$clientImage" \ + curl -fsSL -X"$method" --connect-to '::nginx:' "$@" "$proto://example.com/$url" +} + +. "$HOME/oi/test/retry.sh" '[ "$(_request GET / --output /dev/null || echo $?)" != 7 ]' + +# Check that we can request / +_request GET http '/index.html' | grep '

Welcome to nginx!

' + +docker logs $cid 2>&1 | grep "Enabled listen on IPv6" diff --git a/.test/tests/static/run.sh b/.test/tests/static/run.sh new file mode 100755 index 000000000..f026bedb3 --- /dev/null +++ b/.test/tests/static/run.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +[ "$DEBUG" ] && set -x + +set -eo pipefail + +dir="$(dirname "$(readlink -f "$BASH_SOURCE")")" + +image="$1" + +clientImage='buildpack-deps:buster-curl' +# ensure the clientImage is ready and available +if ! docker image inspect "$clientImage" &> /dev/null; then + docker pull "$clientImage" > /dev/null +fi + +# Create an instance of the container-under-test +cid="$(docker run -d "$image")" +trap "docker rm -vf $cid > /dev/null" EXIT + +_request() { + local method="$1" + shift + + local proto="$1" + shift + + local url="${1#/}" + shift + + if [ "$(docker inspect -f '{{.State.Running}}' "$cid" 2>/dev/null)" != 'true' ]; then + echo >&2 "$image stopped unexpectedly!" + ( set -x && docker logs "$cid" ) >&2 || true + false + fi + + docker run --rm \ + --link "$cid":nginx \ + "$clientImage" \ + curl -fsSL -X"$method" --connect-to '::nginx:' "$@" "$proto://example.com/$url" +} + +. "$HOME/oi/test/retry.sh" '[ "$(_request GET / --output /dev/null || echo $?)" != 7 ]' + +# Check that we can request / +_request GET http '/index.html' | grep '

Welcome to nginx!

' diff --git a/.test/tests/templates-resolver/run.sh b/.test/tests/templates-resolver/run.sh new file mode 100755 index 000000000..041f7abd5 --- /dev/null +++ b/.test/tests/templates-resolver/run.sh @@ -0,0 +1,51 @@ +#!/bin/bash + +[ "$DEBUG" ] && set -x + +set -eo pipefail + +dir="$(dirname "$(readlink -f "$BASH_SOURCE")")" + +image="$1" + +clientImage='buildpack-deps:buster-curl' +# ensure the clientImage is ready and available +if ! docker image inspect "$clientImage" &> /dev/null; then + docker pull "$clientImage" > /dev/null +fi + +# Create an instance of the container-under-test +serverImage="$("$HOME/oi/test/tests/image-name.sh" librarytest/nginx-template "$image")" +"$HOME/oi/test/tests/docker-build.sh" "$dir" "$serverImage" < /dev/null" EXIT + +_request() { + local method="$1" + shift + + local proto="$1" + shift + + local url="${1#/}" + shift + + if [ "$(docker inspect -f '{{.State.Running}}' "$cid" 2>/dev/null)" != 'true' ]; then + echo >&2 "$image stopped unexpectedly!" + ( set -x && docker logs "$cid" ) >&2 || true + false + fi + + docker run --rm \ + --link "$cid":nginx \ + "$clientImage" \ + curl -fsSL -X"$method" --connect-to '::nginx:' "$@" "$proto://example.com/$url" +} + +. "$HOME/oi/test/retry.sh" '[ "$(_request GET / --output /dev/null || echo $?)" != 7 ]' + +# Check that we can request / +_request GET http '/resolver-templates' | grep 'example.com - OK' diff --git a/.test/tests/templates-resolver/server.conf.template b/.test/tests/templates-resolver/server.conf.template new file mode 100644 index 000000000..04a0c0859 --- /dev/null +++ b/.test/tests/templates-resolver/server.conf.template @@ -0,0 +1,9 @@ +resolver ${NGINX_LOCAL_RESOLVERS}; + +server { + listen 80; + server_name ${NGINX_MY_SERVER_NAME}; + default_type text/plain; + location = / { return 200 'OK\n'; } + location / { return 200 "${NGINX_MY_SERVER_NAME} - OK\n"; } +} diff --git a/.test/tests/templates/run.sh b/.test/tests/templates/run.sh new file mode 100755 index 000000000..c43aa1db0 --- /dev/null +++ b/.test/tests/templates/run.sh @@ -0,0 +1,51 @@ +#!/bin/bash + +[ "$DEBUG" ] && set -x + +set -eo pipefail + +dir="$(dirname "$(readlink -f "$BASH_SOURCE")")" + +image="$1" + +clientImage='buildpack-deps:buster-curl' +# ensure the clientImage is ready and available +if ! docker image inspect "$clientImage" &> /dev/null; then + docker pull "$clientImage" > /dev/null +fi + +# Create an instance of the container-under-test +serverImage="$("$HOME/oi/test/tests/image-name.sh" librarytest/nginx-template "$image")" +"$HOME/oi/test/tests/docker-build.sh" "$dir" "$serverImage" < /dev/null" EXIT + +_request() { + local method="$1" + shift + + local proto="$1" + shift + + local url="${1#/}" + shift + + if [ "$(docker inspect -f '{{.State.Running}}' "$cid" 2>/dev/null)" != 'true' ]; then + echo >&2 "$image stopped unexpectedly!" + ( set -x && docker logs "$cid" ) >&2 || true + false + fi + + docker run --rm \ + --link "$cid":nginx \ + "$clientImage" \ + curl -fsSL -X"$method" --connect-to '::nginx:' "$@" "$proto://example.com/$url" +} + +. "$HOME/oi/test/retry.sh" '[ "$(_request GET / --output /dev/null || echo $?)" != 7 ]' + +# Check that we can request / +_request GET http '/templates' | grep 'example.com - OK' diff --git a/.test/tests/templates/server.conf.template b/.test/tests/templates/server.conf.template new file mode 100644 index 000000000..6b00bed6c --- /dev/null +++ b/.test/tests/templates/server.conf.template @@ -0,0 +1,7 @@ +server { + listen 80; + server_name ${NGINX_MY_SERVER_NAME}; + default_type text/plain; + location = / { return 200 'OK\n'; } + location / { return 200 "${NGINX_MY_SERVER_NAME} - OK\n"; } +} diff --git a/.test/tests/workers/expected-std-out.txt b/.test/tests/workers/expected-std-out.txt new file mode 100644 index 000000000..9f1d3ac3a --- /dev/null +++ b/.test/tests/workers/expected-std-out.txt @@ -0,0 +1,2 @@ +example.com - OK +# Commented out by 30-tune-worker-processes.sh diff --git a/.test/tests/workers/run.sh b/.test/tests/workers/run.sh new file mode 100755 index 000000000..50def70cb --- /dev/null +++ b/.test/tests/workers/run.sh @@ -0,0 +1,55 @@ +#!/bin/bash + +[ "$DEBUG" ] && set -x + +set -eo pipefail + +dir="$(dirname "$(readlink -f "$BASH_SOURCE")")" + +image="$1" + +clientImage='buildpack-deps:buster-curl' +# ensure the clientImage is ready and available +if ! docker image inspect "$clientImage" &> /dev/null; then + docker pull "$clientImage" > /dev/null +fi + +# Create an instance of the container-under-test +serverImage="$("$HOME/oi/test/tests/image-name.sh" librarytest/nginx-template "$image")" +"$HOME/oi/test/tests/docker-build.sh" "$dir" "$serverImage" < /dev/null" EXIT + +_request() { + local method="$1" + shift + + local proto="$1" + shift + + local url="${1#/}" + shift + + if [ "$(docker inspect -f '{{.State.Running}}' "$cid" 2>/dev/null)" != 'true' ]; then + echo >&2 "$image stopped unexpectedly!" + ( set -x && docker logs "$cid" ) >&2 || true + false + fi + + docker run --rm \ + --link "$cid":nginx \ + "$clientImage" \ + curl -fsSL -X"$method" --connect-to '::nginx:' "$@" "$proto://example.com/$url" +} + +. "$HOME/oi/test/retry.sh" '[ "$(_request GET / --output /dev/null || echo $?)" != 7 ]' + +# Check that we can request / +_request GET http '/worker-templates' | grep 'example.com - OK' + +result="$(docker exec $cid grep "Commented out by" /etc/nginx/nginx.conf)" + +echo "$result" | cut -d\ -f 1-5 diff --git a/.test/tests/workers/server.conf.template b/.test/tests/workers/server.conf.template new file mode 100644 index 000000000..6b00bed6c --- /dev/null +++ b/.test/tests/workers/server.conf.template @@ -0,0 +1,7 @@ +server { + listen 80; + server_name ${NGINX_MY_SERVER_NAME}; + default_type text/plain; + location = / { return 200 'OK\n'; } + location / { return 200 "${NGINX_MY_SERVER_NAME} - OK\n"; } +} From 5d6be2e7a58d6ce76c7784c75c750b48af6f1f5d Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 14 Jun 2023 15:35:54 -0700 Subject: [PATCH 192/306] Updated README.md --- README.md | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 5fa769cb4..e852ff4bb 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,25 @@ # About this Repo -This is the Git repo of the official Docker image for [nginx](https://registry.hub.docker.com/_/nginx/). See the -Hub page for the full readme on how to use the Docker image and for information -regarding contributing and issues. +## Maintained by: [the NGINX Docker Maintainers](https://github.com/nginxinc/docker-nginx) -The full readme is generated over in [docker-library/docs](https://github.com/docker-library/docs), -specifically in [docker-library/docs/nginx](https://github.com/docker-library/docs/tree/master/nginx). +This is the Git repo of the [Docker "Official Image"](https://github.com/docker-library/official-images#what-are-official-images) for [`nginx`](https://hub.docker.com/_/nginx/). See [the Docker Hub page](https://hub.docker.com/_/nginx/) for the full readme on how to use this Docker image and for information regarding contributing and issues. + +The [full image description on Docker Hub](https://hub.docker.com/_/nginx/) is generated/maintained over in [the docker-library/docs repository](https://github.com/docker-library/docs), specifically in [the `nginx` directory](https://github.com/docker-library/docs/tree/master/nginx). The changelog for NGINX releases is available at [nginx.org changes page](https://nginx.org/en/CHANGES). + +## See a change merged here that doesn't show up on Docker Hub yet? + +For more information about the full official images change lifecycle, see [the "An image's source changed in Git, now what?" FAQ entry](https://github.com/docker-library/faq#an-images-source-changed-in-git-now-what). + +For outstanding `nginx` image PRs, check [PRs with the "library/nginx" label on the official-images repository](https://github.com/docker-library/official-images/labels/library%2Fnginx). For the current "source of truth" for [`nginx`](https://hub.docker.com/_/nginx/), see [the `library/nginx` file in the official-images repository](https://github.com/docker-library/official-images/blob/master/library/nginx). + +--- + +- [![build status badge](https://img.shields.io/github/actions/workflow/status/nginxinc/docker-nginx/ci.yml?branch=master&label=GitHub%20CI)](https://github.com/nginxinc/docker-nginx/actions?query=workflow%3A%22GitHub+CI%22+branch%3Amaster) + +| Build | Status | Badges | (per-arch) | +|:-:|:-:|:-:|:-:| +| [![amd64 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/amd64/job/nginx.svg?label=amd64)](https://doi-janky.infosiftr.net/job/multiarch/job/amd64/job/nginx/) | [![arm32v5 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v5/job/nginx.svg?label=arm32v5)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v5/job/nginx/) | [![arm32v6 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v6/job/nginx.svg?label=arm32v6)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v6/job/nginx/) | [![arm32v7 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm32v7/job/nginx.svg?label=arm32v7)](https://doi-janky.infosiftr.net/job/multiarch/job/arm32v7/job/nginx/) | +| [![arm64v8 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/arm64v8/job/nginx.svg?label=arm64v8)](https://doi-janky.infosiftr.net/job/multiarch/job/arm64v8/job/nginx/) | [![i386 build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/i386/job/nginx.svg?label=i386)](https://doi-janky.infosiftr.net/job/multiarch/job/i386/job/nginx/) | [![mips64le build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/mips64le/job/nginx.svg?label=mips64le)](https://doi-janky.infosiftr.net/job/multiarch/job/mips64le/job/nginx/) | [![ppc64le build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/ppc64le/job/nginx.svg?label=ppc64le)](https://doi-janky.infosiftr.net/job/multiarch/job/ppc64le/job/nginx/) | +| [![s390x build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/multiarch/job/s390x/job/nginx.svg?label=s390x)](https://doi-janky.infosiftr.net/job/multiarch/job/s390x/job/nginx/) | [![put-shared build status badge](https://img.shields.io/jenkins/s/https/doi-janky.infosiftr.net/job/put-shared/job/light/job/nginx.svg?label=put-shared)](https://doi-janky.infosiftr.net/job/put-shared/job/light/job/nginx/) | From 7c10a4a1c2aa479070a07e7cad70ec95ea969e54 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 16 Jun 2023 19:17:43 -0700 Subject: [PATCH 193/306] Updated Alpine to 3.18 Fixes https://github.com/nginxinc/docker-nginx/issues/792 --- mainline/alpine-slim/Dockerfile | 2 +- stable/alpine-slim/Dockerfile | 2 +- update.sh | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index fc36884d3..f46d07358 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.17 +FROM alpine:3.18 LABEL maintainer="NGINX Docker Maintainers " diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 464de81f8..fe63fc1b3 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.17 +FROM alpine:3.18 LABEL maintainer="NGINX Docker Maintainers " diff --git a/update.sh b/update.sh index 3d4feb4b5..df2d8a28e 100755 --- a/update.sh +++ b/update.sh @@ -35,8 +35,8 @@ declare -A debian=( ) declare -A alpine=( - [mainline]='3.17' - [stable]='3.17' + [mainline]='3.18' + [stable]='3.18' ) # When we bump njs version in a stable release we don't move the tag in the From 3e71631e0e757f13265e0bd1d1e30e937ad49347 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 11 Jul 2023 14:26:58 -0700 Subject: [PATCH 194/306] Updated njs to 0.8.0. Closes https://github.com/nginxinc/docker-nginx/issues/809 --- mainline/alpine-perl/Dockerfile | 10 +++++----- mainline/alpine-slim/Dockerfile | 10 +++++----- mainline/alpine/Dockerfile | 12 ++++++------ mainline/debian/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 10 +++++----- stable/alpine-slim/Dockerfile | 10 +++++----- stable/alpine/Dockerfile | 12 ++++++------ stable/debian/Dockerfile | 2 +- update.sh | 12 ++++++------ 9 files changed, 40 insertions(+), 40 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 1de479d1f..e392c742f 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -54,16 +54,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"dd08a5c2b441817d58ffc91ade0d927a21bc9854c768391e92a005997a2961bcda64ca6a5cfce98d5394ac2787c8f4839b150f206835a8a7db944625651f9fd8 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/e0da7da2b70a.tar.gz \ + && PKGOSSCHECKSUM=\"147d7cce3f47d4dbd7bbce8da3199943e15ba64d4be44f603bd90286f8d38320ad027bfa8506a00ca84964b763c19c4ab1d504f586cfc7798518df97700ab1a3 *e0da7da2b70a.tar.gz\" \ + && if [ \"\$(openssl sha512 -r e0da7da2b70a.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf e0da7da2b70a.tar.gz \ + && cd pkg-oss-e0da7da2b70a \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index f46d07358..b9133e069 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"dd08a5c2b441817d58ffc91ade0d927a21bc9854c768391e92a005997a2961bcda64ca6a5cfce98d5394ac2787c8f4839b150f206835a8a7db944625651f9fd8 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/e0da7da2b70a.tar.gz \ + && PKGOSSCHECKSUM=\"147d7cce3f47d4dbd7bbce8da3199943e15ba64d4be44f603bd90286f8d38320ad027bfa8506a00ca84964b763c19c4ab1d504f586cfc7798518df97700ab1a3 *e0da7da2b70a.tar.gz\" \ + && if [ \"\$(openssl sha512 -r e0da7da2b70a.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf e0da7da2b70a.tar.gz \ + && cd pkg-oss-e0da7da2b70a \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 6f8961d64..f2c5c88df 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -5,7 +5,7 @@ # FROM nginx:1.25.1-alpine-slim -ENV NJS_VERSION 0.7.12 +ENV NJS_VERSION 0.8.0 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -58,16 +58,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"dd08a5c2b441817d58ffc91ade0d927a21bc9854c768391e92a005997a2961bcda64ca6a5cfce98d5394ac2787c8f4839b150f206835a8a7db944625651f9fd8 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/e0da7da2b70a.tar.gz \ + && PKGOSSCHECKSUM=\"147d7cce3f47d4dbd7bbce8da3199943e15ba64d4be44f603bd90286f8d38320ad027bfa8506a00ca84964b763c19c4ab1d504f586cfc7798518df97700ab1a3 *e0da7da2b70a.tar.gz\" \ + && if [ \"\$(openssl sha512 -r e0da7da2b70a.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf e0da7da2b70a.tar.gz \ + && cd pkg-oss-e0da7da2b70a \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 0a169d135..bc7c19431 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.25.1 -ENV NJS_VERSION 0.7.12 +ENV NJS_VERSION 0.8.0 ENV PKG_RELEASE 1~bookworm RUN set -x \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 7d1c92c0d..633809b82 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -54,16 +54,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"dc47dbaeb1c0874b264d34ddfec40e7d2b814e7db48d144e12d5991c743ef5fcf780ecbab72324e562dd84bb9c0e4dd71d14850b20ceaf470c46f8fe7510275b *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/e5d85b3424bb.tar.gz \ + && PKGOSSCHECKSUM=\"4f33347bf05e7d7dd42a52b6e7af7ec21e3ed71df05a8ec16dd1228425f04e4318d88b1340370ccb6ad02cde590fc102094ddffbb1fc86d2085295a43f02f67b *e5d85b3424bb.tar.gz\" \ + && if [ \"\$(openssl sha512 -r e5d85b3424bb.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf e5d85b3424bb.tar.gz \ + && cd pkg-oss-e5d85b3424bb \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index fe63fc1b3..875877566 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"dc47dbaeb1c0874b264d34ddfec40e7d2b814e7db48d144e12d5991c743ef5fcf780ecbab72324e562dd84bb9c0e4dd71d14850b20ceaf470c46f8fe7510275b *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/e5d85b3424bb.tar.gz \ + && PKGOSSCHECKSUM=\"4f33347bf05e7d7dd42a52b6e7af7ec21e3ed71df05a8ec16dd1228425f04e4318d88b1340370ccb6ad02cde590fc102094ddffbb1fc86d2085295a43f02f67b *e5d85b3424bb.tar.gz\" \ + && if [ \"\$(openssl sha512 -r e5d85b3424bb.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf e5d85b3424bb.tar.gz \ + && cd pkg-oss-e5d85b3424bb \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 0c8c69691..b703af15e 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -5,7 +5,7 @@ # FROM nginx:1.24.0-alpine-slim -ENV NJS_VERSION 0.7.12 +ENV NJS_VERSION 0.8.0 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -58,16 +58,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"dc47dbaeb1c0874b264d34ddfec40e7d2b814e7db48d144e12d5991c743ef5fcf780ecbab72324e562dd84bb9c0e4dd71d14850b20ceaf470c46f8fe7510275b *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/e5d85b3424bb.tar.gz \ + && PKGOSSCHECKSUM=\"4f33347bf05e7d7dd42a52b6e7af7ec21e3ed71df05a8ec16dd1228425f04e4318d88b1340370ccb6ad02cde590fc102094ddffbb1fc86d2085295a43f02f67b *e5d85b3424bb.tar.gz\" \ + && if [ \"\$(openssl sha512 -r e5d85b3424bb.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf e5d85b3424bb.tar.gz \ + && cd pkg-oss-e5d85b3424bb \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index e4b6286b3..56ae36840 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bullseye-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.24.0 -ENV NJS_VERSION 0.7.12 +ENV NJS_VERSION 0.8.0 ENV PKG_RELEASE 1~bullseye RUN set -x \ diff --git a/update.sh b/update.sh index df2d8a28e..269b35362 100755 --- a/update.sh +++ b/update.sh @@ -18,8 +18,8 @@ declare -A nginx=( # Current njs versions declare -A njs=( - [mainline]='0.7.12' - [stable]='0.7.12' + [mainline]='0.8.0' + [stable]='0.8.0' ) # Current package patchlevel version @@ -44,16 +44,16 @@ declare -A alpine=( # when building alpine packages on architectures not supported by nginx.org # Remember to update pkgosschecksum when changing this. declare -A rev=( - [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' - [stable]='${NGINX_VERSION}-${PKG_RELEASE}' + [mainline]='e0da7da2b70a' + [stable]='e5d85b3424bb' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='dd08a5c2b441817d58ffc91ade0d927a21bc9854c768391e92a005997a2961bcda64ca6a5cfce98d5394ac2787c8f4839b150f206835a8a7db944625651f9fd8' - [stable]='dc47dbaeb1c0874b264d34ddfec40e7d2b814e7db48d144e12d5991c743ef5fcf780ecbab72324e562dd84bb9c0e4dd71d14850b20ceaf470c46f8fe7510275b' + [mainline]='147d7cce3f47d4dbd7bbce8da3199943e15ba64d4be44f603bd90286f8d38320ad027bfa8506a00ca84964b763c19c4ab1d504f586cfc7798518df97700ab1a3' + [stable]='4f33347bf05e7d7dd42a52b6e7af7ec21e3ed71df05a8ec16dd1228425f04e4318d88b1340370ccb6ad02cde590fc102094ddffbb1fc86d2085295a43f02f67b' ) get_packages() { From 4d700b97e48ccf981cdaf865b59bb3d7a827ff7c Mon Sep 17 00:00:00 2001 From: Mathieu Rampant Date: Mon, 10 Jul 2023 07:35:42 -0400 Subject: [PATCH 195/306] Update Dockerfile to work with other version of nginx --- modules/Dockerfile.alpine | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/Dockerfile.alpine b/modules/Dockerfile.alpine index d575d5d94..771f384c4 100644 --- a/modules/Dockerfile.alpine +++ b/modules/Dockerfile.alpine @@ -1,4 +1,5 @@ -FROM nginx:mainline-alpine as builder +ARG NGINX_VERSION_FROM=mainline-alpine +FROM nginx:${NGINX_VERSION_FROM}-alpine as builder ARG ENABLED_MODULES @@ -60,7 +61,7 @@ RUN set -ex \ done \ && echo "BUILT_MODULES=\"$BUILT_MODULES\"" > /tmp/packages/modules.env -FROM nginx:mainline-alpine +FROM nginx:${NGINX_VERSION_FROM}-alpine COPY --from=builder /tmp/packages /tmp/packages RUN set -ex \ && . /tmp/packages/modules.env \ From 46a0d48398525c5478680583ec558d09e5b9d6ca Mon Sep 17 00:00:00 2001 From: Mathieu Rampant Date: Mon, 10 Jul 2023 07:33:41 -0400 Subject: [PATCH 196/306] Update Dockerfile to work with other version of nginx --- modules/Dockerfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/Dockerfile b/modules/Dockerfile index 1cce673d2..44eae4c9c 100644 --- a/modules/Dockerfile +++ b/modules/Dockerfile @@ -1,4 +1,5 @@ -FROM nginx:mainline as builder +ARG NGINX_VERSION_FROM=mainline +FROM nginx:${NGINX_VERSION_FROM} as builder ARG ENABLED_MODULES @@ -68,7 +69,7 @@ RUN set -ex \ done \ && echo "BUILT_MODULES=\"$BUILT_MODULES\"" > /tmp/packages/modules.env -FROM nginx:mainline +FROM nginx:${NGINX_VERSION_FROM} COPY --from=builder /tmp/packages /tmp/packages RUN set -ex \ && apt update \ From c300144f441708492e414d5ab91692ca13c9dde2 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 13 Jul 2023 16:46:47 -0700 Subject: [PATCH 197/306] modules: use NGINX_FROM_IMAGE to specify which image to start with. --- modules/Dockerfile | 6 +++--- modules/Dockerfile.alpine | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/Dockerfile b/modules/Dockerfile index 44eae4c9c..79b58f4d5 100644 --- a/modules/Dockerfile +++ b/modules/Dockerfile @@ -1,5 +1,5 @@ -ARG NGINX_VERSION_FROM=mainline -FROM nginx:${NGINX_VERSION_FROM} as builder +ARG NGINX_FROM_IMAGE=nginx:mainline +FROM ${NGINX_FROM_IMAGE} as builder ARG ENABLED_MODULES @@ -69,7 +69,7 @@ RUN set -ex \ done \ && echo "BUILT_MODULES=\"$BUILT_MODULES\"" > /tmp/packages/modules.env -FROM nginx:${NGINX_VERSION_FROM} +FROM ${NGINX_FROM_IMAGE} COPY --from=builder /tmp/packages /tmp/packages RUN set -ex \ && apt update \ diff --git a/modules/Dockerfile.alpine b/modules/Dockerfile.alpine index 771f384c4..347c6a650 100644 --- a/modules/Dockerfile.alpine +++ b/modules/Dockerfile.alpine @@ -1,5 +1,5 @@ -ARG NGINX_VERSION_FROM=mainline-alpine -FROM nginx:${NGINX_VERSION_FROM}-alpine as builder +ARG NGINX_FROM_IMAGE=nginx:mainline-alpine +FROM ${NGINX_FROM_IMAGE} as builder ARG ENABLED_MODULES @@ -61,7 +61,7 @@ RUN set -ex \ done \ && echo "BUILT_MODULES=\"$BUILT_MODULES\"" > /tmp/packages/modules.env -FROM nginx:${NGINX_VERSION_FROM}-alpine +FROM ${NGINX_FROM_IMAGE} COPY --from=builder /tmp/packages /tmp/packages RUN set -ex \ && . /tmp/packages/modules.env \ From 00edc58f4843edd06680d9a9f7e258ca3dbe0366 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 13 Jul 2023 16:47:27 -0700 Subject: [PATCH 198/306] CI: Added a test for modules builds. --- .test/config.sh | 1 + .test/tests/modules/nginx.conf.sme | 34 ++++++++++++++ .test/tests/modules/run.sh | 71 ++++++++++++++++++++++++++++++ 3 files changed, 106 insertions(+) create mode 100644 .test/tests/modules/nginx.conf.sme create mode 100755 .test/tests/modules/run.sh diff --git a/.test/config.sh b/.test/config.sh index 6d6b74ed3..87e466a62 100755 --- a/.test/config.sh +++ b/.test/config.sh @@ -5,5 +5,6 @@ imageTests+=( templates templates-resolver workers + modules ' ) diff --git a/.test/tests/modules/nginx.conf.sme b/.test/tests/modules/nginx.conf.sme new file mode 100644 index 000000000..dab101456 --- /dev/null +++ b/.test/tests/modules/nginx.conf.sme @@ -0,0 +1,34 @@ +user nginx; +worker_processes auto; + +load_module modules/ndk_http_module.so; +load_module modules/ngx_http_echo_module.so; +load_module modules/ngx_http_set_misc_module.so; + +error_log /var/log/nginx/error.log notice; +pid /var/run/nginx.pid; + +events { + worker_connections 1024; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + server { + listen 80 default_server; + location /hello { + set $raw "hello"; + set_sha1 $digest $raw; + + echo $digest; + } + } +} diff --git a/.test/tests/modules/run.sh b/.test/tests/modules/run.sh new file mode 100755 index 000000000..9dbe4c3df --- /dev/null +++ b/.test/tests/modules/run.sh @@ -0,0 +1,71 @@ +#!/bin/bash + +set -eo pipefail + +dir="$(dirname "$(readlink -f "$BASH_SOURCE")")" + +echo $dir + +image="$1" + +case "$image" in + *-perl) + ;; + *) + echo >&2 "skipping non-leaf image: $image" + exit + ;; +esac + +dockerfile="Dockerfile" +case "$image" in + *alpine*) + dockerfile="$dockerfile.alpine" + ;; +esac + +clientImage='buildpack-deps:buster-curl' +# ensure the clientImage is ready and available +if ! docker image inspect "$clientImage" &> /dev/null; then + docker pull "$clientImage" > /dev/null +fi + +# Create an instance of the container-under-test +modulesImage="$("$HOME/oi/test/tests/image-name.sh" librarytest/nginx-template "$image")" +DOCKER_BUILDKIT=0 docker build --build-arg NGINX_FROM_IMAGE="$image" --build-arg ENABLED_MODULES="ndk set-misc echo" -t "$modulesImage" -f "modules/$dockerfile" "$GITHUB_WORKSPACE/modules" + +serverImage="${modulesImage}-sme" +"$HOME/oi/test/tests/docker-build.sh" "$dir" "$serverImage" < /dev/null" EXIT + +_request() { + local method="$1" + shift + + local proto="$1" + shift + + local url="${1#/}" + shift + + if [ "$(docker inspect -f '{{.State.Running}}' "$cid" 2>/dev/null)" != 'true' ]; then + echo >&2 "$image stopped unexpectedly!" + ( set -x && docker logs "$cid" ) >&2 || true + false + fi + + docker run --rm \ + --link "$cid":nginx \ + "$clientImage" \ + curl -fsSL -X"$method" --connect-to '::nginx:' "$@" "$proto://example.com/$url" +} + +. "$HOME/oi/test/retry.sh" '[ "$(_request GET / --output /dev/null || echo $?)" != 7 ]' + +# Check that we can request / +_request GET http '/hello' | grep 'aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d' From 22e65b3df3acef8ba2bb517191f2e495782dbbeb Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 13 Jul 2023 16:31:12 -0700 Subject: [PATCH 199/306] Documented a way to redefined base modules image. --- modules/README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/README.md b/modules/README.md index d5091a0c8..ccca21d8b 100644 --- a/modules/README.md +++ b/modules/README.md @@ -13,7 +13,10 @@ $ docker build --build-arg ENABLED_MODULES="ndk lua" -t my-nginx-with-lua . This command will attempt to build an image called `my-nginx-with-lua` based on official nginx docker hub image with two modules: `ndk` and `lua`. By default, a Debian-based image will be used. If you wish to use Alpine -instead, add `-f Dockerfile.alpine` to the command line. +instead, add `-f Dockerfile.alpine` to the command line. By default, mainline +images are used as a base, but it's possible to specify a different image by +providing `NGINX_FROM_IMAGE` build argument, e.g. `--build-arg +NGINX_FROM_IMAGE=nginx:stable`. The build script will look for module build definition files on filesystem directory under the same name as the module (and resulting package) and if From a4d9a5c94867f845db761672b9c422f46e0090ef Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 13 Jul 2023 16:37:14 -0700 Subject: [PATCH 200/306] Updated the modules versions. --- modules/README.md | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/modules/README.md b/modules/README.md index ccca21d8b..b2f3965db 100644 --- a/modules/README.md +++ b/modules/README.md @@ -33,25 +33,25 @@ are available from `pkg-oss` repository: ``` /pkg-oss $ LC_ALL=C make -C debian list-all-modules make: Entering directory '/pkg-oss/debian' -auth-spnego 1.1.0-1 -brotli 1.0.0-1 -encrypted-session 0.08-1 -fips-check 0.1-1 -geoip 1.21.0-1 -geoip2 3.3-1 -headers-more 0.33-1 -image-filter 1.21.0-1 -lua 0.10.19-1 -modsecurity 1.0.1-2 -ndk 0.3.1-1 -njs 0.5.3-1 -opentracing 0.14.0-1 -passenger 6.0.8-1 -perl 1.21.0-1 -rtmp 1.2.1-1 -set-misc 0.32-1 -subs-filter 0.6.4-1 -xslt 1.21.0-1 +auth-spnego 1.1.1-1 +brotli 1.0.0-1 +encrypted-session 0.09-1 +fips-check 0.1-1 +geoip 1.25.1-1 +geoip2 3.4-1 +headers-more 0.34-1 +image-filter 1.25.1-1 +lua 0.10.25-1 +modsecurity 1.0.3-3 +ndk 0.3.2-1 +njs 0.8.0-1 +opentracing 0.29.0-1 +passenger 6.0.18-1 +perl 1.25.1-1 +rtmp 1.2.2-1 +set-misc 0.33-1 +subs-filter 0.6.4-1 +xslt 1.25.1-1 make: Leaving directory '/pkg-oss/debian' ``` From 2879b26c7dedf1d958b1894a5c1b1dec3c026369 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Wed, 2 Aug 2023 23:20:17 +0200 Subject: [PATCH 201/306] fix: address Alpine bug and shell linter warnings * Replace `-n` with `-f` in Alpine Linux conditional check * Ensure shell variables are properly quoted * Set variable before exporting to ensure it properly fails (if it fails) * Replace obsolete `-o` conditional check with `||` --- Dockerfile-alpine-perl.template | 6 +++--- Dockerfile-alpine-slim.template | 6 +++--- Dockerfile-alpine.template | 6 +++--- entrypoint/10-listen-on-ipv6-by-default.sh | 2 +- entrypoint/15-local-resolvers.envsh | 3 ++- entrypoint/20-envsubst-on-templates.sh | 10 +++++----- entrypoint/30-tune-worker-processes.sh | 2 +- entrypoint/docker-entrypoint.sh | 2 +- mainline/alpine-perl/Dockerfile | 6 +++--- mainline/alpine-slim/10-listen-on-ipv6-by-default.sh | 2 +- mainline/alpine-slim/15-local-resolvers.envsh | 3 ++- mainline/alpine-slim/20-envsubst-on-templates.sh | 10 +++++----- mainline/alpine-slim/30-tune-worker-processes.sh | 2 +- mainline/alpine-slim/Dockerfile | 6 +++--- mainline/alpine-slim/docker-entrypoint.sh | 2 +- mainline/alpine/Dockerfile | 6 +++--- mainline/debian/10-listen-on-ipv6-by-default.sh | 2 +- mainline/debian/15-local-resolvers.envsh | 3 ++- mainline/debian/20-envsubst-on-templates.sh | 10 +++++----- mainline/debian/30-tune-worker-processes.sh | 2 +- mainline/debian/docker-entrypoint.sh | 2 +- stable/alpine-perl/Dockerfile | 6 +++--- stable/alpine-slim/10-listen-on-ipv6-by-default.sh | 2 +- stable/alpine-slim/15-local-resolvers.envsh | 3 ++- stable/alpine-slim/20-envsubst-on-templates.sh | 10 +++++----- stable/alpine-slim/30-tune-worker-processes.sh | 2 +- stable/alpine-slim/Dockerfile | 6 +++--- stable/alpine-slim/docker-entrypoint.sh | 2 +- stable/alpine/Dockerfile | 6 +++--- stable/debian/10-listen-on-ipv6-by-default.sh | 2 +- stable/debian/15-local-resolvers.envsh | 3 ++- stable/debian/20-envsubst-on-templates.sh | 10 +++++----- stable/debian/30-tune-worker-processes.sh | 2 +- stable/debian/docker-entrypoint.sh | 2 +- 34 files changed, 77 insertions(+), 72 deletions(-) diff --git a/Dockerfile-alpine-perl.template b/Dockerfile-alpine-perl.template index c4e064004..c8c56ae8a 100644 --- a/Dockerfile-alpine-perl.template +++ b/Dockerfile-alpine-perl.template @@ -66,6 +66,6 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi + && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template index 7c8347e90..4a88c230d 100644 --- a/Dockerfile-alpine-slim.template +++ b/Dockerfile-alpine-slim.template @@ -73,9 +73,9 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ + && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in gettext so we can get `envsubst`, then throw # the rest away. To do this, we need to install `gettext` # then move `envsubst` out of the way so `gettext` can diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index ba91fe6cc..9bff5ab81 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -71,8 +71,8 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ + && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in curl and ca-certificates to make registering on DNS SD easier && apk add --no-cache curl ca-certificates diff --git a/entrypoint/10-listen-on-ipv6-by-default.sh b/entrypoint/10-listen-on-ipv6-by-default.sh index b2655860d..b90bf0c94 100755 --- a/entrypoint/10-listen-on-ipv6-by-default.sh +++ b/entrypoint/10-listen-on-ipv6-by-default.sh @@ -9,7 +9,7 @@ entrypoint_log() { fi } -ME=$(basename $0) +ME=$(basename "$0") DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available diff --git a/entrypoint/15-local-resolvers.envsh b/entrypoint/15-local-resolvers.envsh index 930621598..da963525b 100755 --- a/entrypoint/15-local-resolvers.envsh +++ b/entrypoint/15-local-resolvers.envsh @@ -8,4 +8,5 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 -export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +export NGINX_LOCAL_RESOLVERS diff --git a/entrypoint/20-envsubst-on-templates.sh b/entrypoint/20-envsubst-on-templates.sh index f3fb9fcb9..3804165c9 100755 --- a/entrypoint/20-envsubst-on-templates.sh +++ b/entrypoint/20-envsubst-on-templates.sh @@ -2,7 +2,7 @@ set -e -ME=$(basename $0) +ME=$(basename "$0") entrypoint_log() { if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then @@ -44,8 +44,8 @@ auto_envsubst() { return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$output_dir/${relative_path%$suffix}" + relative_path="${template#"$template_dir/"}" + output_path="$output_dir/${relative_path%"$suffix"}" subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" @@ -62,8 +62,8 @@ auto_envsubst() { fi add_stream_block find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$stream_output_dir/${relative_path%$stream_suffix}" + relative_path="${template#"$template_dir/"}" + output_path="$stream_output_dir/${relative_path%"$stream_suffix"}" subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$stream_output_dir/$subdir" diff --git a/entrypoint/30-tune-worker-processes.sh b/entrypoint/30-tune-worker-processes.sh index 9aa42e98d..defb994f3 100755 --- a/entrypoint/30-tune-worker-processes.sh +++ b/entrypoint/30-tune-worker-processes.sh @@ -4,7 +4,7 @@ set -eu LC_ALL=C -ME=$( basename "$0" ) +ME=$(basename "$0") PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 diff --git a/entrypoint/docker-entrypoint.sh b/entrypoint/docker-entrypoint.sh index e201fe608..8ea04f217 100755 --- a/entrypoint/docker-entrypoint.sh +++ b/entrypoint/docker-entrypoint.sh @@ -9,7 +9,7 @@ entrypoint_log() { fi } -if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then +if [ "$1" = "nginx" ] || [ "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index e392c742f..6119fbd07 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -77,6 +77,6 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi + && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi diff --git a/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh b/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh index b2655860d..b90bf0c94 100755 --- a/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh @@ -9,7 +9,7 @@ entrypoint_log() { fi } -ME=$(basename $0) +ME=$(basename "$0") DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available diff --git a/mainline/alpine-slim/15-local-resolvers.envsh b/mainline/alpine-slim/15-local-resolvers.envsh index 930621598..da963525b 100755 --- a/mainline/alpine-slim/15-local-resolvers.envsh +++ b/mainline/alpine-slim/15-local-resolvers.envsh @@ -8,4 +8,5 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 -export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +export NGINX_LOCAL_RESOLVERS diff --git a/mainline/alpine-slim/20-envsubst-on-templates.sh b/mainline/alpine-slim/20-envsubst-on-templates.sh index f3fb9fcb9..3804165c9 100755 --- a/mainline/alpine-slim/20-envsubst-on-templates.sh +++ b/mainline/alpine-slim/20-envsubst-on-templates.sh @@ -2,7 +2,7 @@ set -e -ME=$(basename $0) +ME=$(basename "$0") entrypoint_log() { if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then @@ -44,8 +44,8 @@ auto_envsubst() { return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$output_dir/${relative_path%$suffix}" + relative_path="${template#"$template_dir/"}" + output_path="$output_dir/${relative_path%"$suffix"}" subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" @@ -62,8 +62,8 @@ auto_envsubst() { fi add_stream_block find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$stream_output_dir/${relative_path%$stream_suffix}" + relative_path="${template#"$template_dir/"}" + output_path="$stream_output_dir/${relative_path%"$stream_suffix"}" subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$stream_output_dir/$subdir" diff --git a/mainline/alpine-slim/30-tune-worker-processes.sh b/mainline/alpine-slim/30-tune-worker-processes.sh index 9aa42e98d..defb994f3 100755 --- a/mainline/alpine-slim/30-tune-worker-processes.sh +++ b/mainline/alpine-slim/30-tune-worker-processes.sh @@ -4,7 +4,7 @@ set -eu LC_ALL=C -ME=$( basename "$0" ) +ME=$(basename "$0") PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index b9133e069..9de2c8c75 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -79,9 +79,9 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ + && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in gettext so we can get `envsubst`, then throw # the rest away. To do this, we need to install `gettext` # then move `envsubst` out of the way so `gettext` can diff --git a/mainline/alpine-slim/docker-entrypoint.sh b/mainline/alpine-slim/docker-entrypoint.sh index e201fe608..8ea04f217 100755 --- a/mainline/alpine-slim/docker-entrypoint.sh +++ b/mainline/alpine-slim/docker-entrypoint.sh @@ -9,7 +9,7 @@ entrypoint_log() { fi } -if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then +if [ "$1" = "nginx" ] || [ "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index f2c5c88df..58282e3eb 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -81,8 +81,8 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ + && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in curl and ca-certificates to make registering on DNS SD easier && apk add --no-cache curl ca-certificates diff --git a/mainline/debian/10-listen-on-ipv6-by-default.sh b/mainline/debian/10-listen-on-ipv6-by-default.sh index b2655860d..b90bf0c94 100755 --- a/mainline/debian/10-listen-on-ipv6-by-default.sh +++ b/mainline/debian/10-listen-on-ipv6-by-default.sh @@ -9,7 +9,7 @@ entrypoint_log() { fi } -ME=$(basename $0) +ME=$(basename "$0") DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available diff --git a/mainline/debian/15-local-resolvers.envsh b/mainline/debian/15-local-resolvers.envsh index 930621598..da963525b 100755 --- a/mainline/debian/15-local-resolvers.envsh +++ b/mainline/debian/15-local-resolvers.envsh @@ -8,4 +8,5 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 -export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +export NGINX_LOCAL_RESOLVERS diff --git a/mainline/debian/20-envsubst-on-templates.sh b/mainline/debian/20-envsubst-on-templates.sh index f3fb9fcb9..3804165c9 100755 --- a/mainline/debian/20-envsubst-on-templates.sh +++ b/mainline/debian/20-envsubst-on-templates.sh @@ -2,7 +2,7 @@ set -e -ME=$(basename $0) +ME=$(basename "$0") entrypoint_log() { if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then @@ -44,8 +44,8 @@ auto_envsubst() { return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$output_dir/${relative_path%$suffix}" + relative_path="${template#"$template_dir/"}" + output_path="$output_dir/${relative_path%"$suffix"}" subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" @@ -62,8 +62,8 @@ auto_envsubst() { fi add_stream_block find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$stream_output_dir/${relative_path%$stream_suffix}" + relative_path="${template#"$template_dir/"}" + output_path="$stream_output_dir/${relative_path%"$stream_suffix"}" subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$stream_output_dir/$subdir" diff --git a/mainline/debian/30-tune-worker-processes.sh b/mainline/debian/30-tune-worker-processes.sh index 9aa42e98d..defb994f3 100755 --- a/mainline/debian/30-tune-worker-processes.sh +++ b/mainline/debian/30-tune-worker-processes.sh @@ -4,7 +4,7 @@ set -eu LC_ALL=C -ME=$( basename "$0" ) +ME=$(basename "$0") PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 diff --git a/mainline/debian/docker-entrypoint.sh b/mainline/debian/docker-entrypoint.sh index e201fe608..8ea04f217 100755 --- a/mainline/debian/docker-entrypoint.sh +++ b/mainline/debian/docker-entrypoint.sh @@ -9,7 +9,7 @@ entrypoint_log() { fi } -if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then +if [ "$1" = "nginx" ] || [ "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 633809b82..5e5b3af12 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -77,6 +77,6 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi + && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi diff --git a/stable/alpine-slim/10-listen-on-ipv6-by-default.sh b/stable/alpine-slim/10-listen-on-ipv6-by-default.sh index b2655860d..b90bf0c94 100755 --- a/stable/alpine-slim/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine-slim/10-listen-on-ipv6-by-default.sh @@ -9,7 +9,7 @@ entrypoint_log() { fi } -ME=$(basename $0) +ME=$(basename "$0") DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available diff --git a/stable/alpine-slim/15-local-resolvers.envsh b/stable/alpine-slim/15-local-resolvers.envsh index 930621598..da963525b 100755 --- a/stable/alpine-slim/15-local-resolvers.envsh +++ b/stable/alpine-slim/15-local-resolvers.envsh @@ -8,4 +8,5 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 -export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +export NGINX_LOCAL_RESOLVERS diff --git a/stable/alpine-slim/20-envsubst-on-templates.sh b/stable/alpine-slim/20-envsubst-on-templates.sh index f3fb9fcb9..3804165c9 100755 --- a/stable/alpine-slim/20-envsubst-on-templates.sh +++ b/stable/alpine-slim/20-envsubst-on-templates.sh @@ -2,7 +2,7 @@ set -e -ME=$(basename $0) +ME=$(basename "$0") entrypoint_log() { if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then @@ -44,8 +44,8 @@ auto_envsubst() { return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$output_dir/${relative_path%$suffix}" + relative_path="${template#"$template_dir/"}" + output_path="$output_dir/${relative_path%"$suffix"}" subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" @@ -62,8 +62,8 @@ auto_envsubst() { fi add_stream_block find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$stream_output_dir/${relative_path%$stream_suffix}" + relative_path="${template#"$template_dir/"}" + output_path="$stream_output_dir/${relative_path%"$stream_suffix"}" subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$stream_output_dir/$subdir" diff --git a/stable/alpine-slim/30-tune-worker-processes.sh b/stable/alpine-slim/30-tune-worker-processes.sh index 9aa42e98d..defb994f3 100755 --- a/stable/alpine-slim/30-tune-worker-processes.sh +++ b/stable/alpine-slim/30-tune-worker-processes.sh @@ -4,7 +4,7 @@ set -eu LC_ALL=C -ME=$( basename "$0" ) +ME=$(basename "$0") PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 875877566..1826029e6 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -79,9 +79,9 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ + && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in gettext so we can get `envsubst`, then throw # the rest away. To do this, we need to install `gettext` # then move `envsubst` out of the way so `gettext` can diff --git a/stable/alpine-slim/docker-entrypoint.sh b/stable/alpine-slim/docker-entrypoint.sh index e201fe608..8ea04f217 100755 --- a/stable/alpine-slim/docker-entrypoint.sh +++ b/stable/alpine-slim/docker-entrypoint.sh @@ -9,7 +9,7 @@ entrypoint_log() { fi } -if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then +if [ "$1" = "nginx" ] || [ "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index b703af15e..629e1755d 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -81,8 +81,8 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ + && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in curl and ca-certificates to make registering on DNS SD easier && apk add --no-cache curl ca-certificates diff --git a/stable/debian/10-listen-on-ipv6-by-default.sh b/stable/debian/10-listen-on-ipv6-by-default.sh index b2655860d..b90bf0c94 100755 --- a/stable/debian/10-listen-on-ipv6-by-default.sh +++ b/stable/debian/10-listen-on-ipv6-by-default.sh @@ -9,7 +9,7 @@ entrypoint_log() { fi } -ME=$(basename $0) +ME=$(basename "$0") DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available diff --git a/stable/debian/15-local-resolvers.envsh b/stable/debian/15-local-resolvers.envsh index 930621598..da963525b 100755 --- a/stable/debian/15-local-resolvers.envsh +++ b/stable/debian/15-local-resolvers.envsh @@ -8,4 +8,5 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 -export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +export NGINX_LOCAL_RESOLVERS diff --git a/stable/debian/20-envsubst-on-templates.sh b/stable/debian/20-envsubst-on-templates.sh index f3fb9fcb9..3804165c9 100755 --- a/stable/debian/20-envsubst-on-templates.sh +++ b/stable/debian/20-envsubst-on-templates.sh @@ -2,7 +2,7 @@ set -e -ME=$(basename $0) +ME=$(basename "$0") entrypoint_log() { if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then @@ -44,8 +44,8 @@ auto_envsubst() { return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$output_dir/${relative_path%$suffix}" + relative_path="${template#"$template_dir/"}" + output_path="$output_dir/${relative_path%"$suffix"}" subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" @@ -62,8 +62,8 @@ auto_envsubst() { fi add_stream_block find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$stream_output_dir/${relative_path%$stream_suffix}" + relative_path="${template#"$template_dir/"}" + output_path="$stream_output_dir/${relative_path%"$stream_suffix"}" subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$stream_output_dir/$subdir" diff --git a/stable/debian/30-tune-worker-processes.sh b/stable/debian/30-tune-worker-processes.sh index 9aa42e98d..defb994f3 100755 --- a/stable/debian/30-tune-worker-processes.sh +++ b/stable/debian/30-tune-worker-processes.sh @@ -4,7 +4,7 @@ set -eu LC_ALL=C -ME=$( basename "$0" ) +ME=$(basename "$0") PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 diff --git a/stable/debian/docker-entrypoint.sh b/stable/debian/docker-entrypoint.sh index e201fe608..8ea04f217 100755 --- a/stable/debian/docker-entrypoint.sh +++ b/stable/debian/docker-entrypoint.sh @@ -9,7 +9,7 @@ entrypoint_log() { fi } -if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then +if [ "$1" = "nginx" ] || [ "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" From 3aac9b12463cf031037f7e21b3857f9a4bec3f28 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Mon, 24 Jul 2023 23:11:17 +0200 Subject: [PATCH 202/306] docs: Add community related docs docs: address PR feedback Move README section uptop Replace project with repo name where appropriate --- .github/ISSUE_TEMPLATE/bug_report.md | 33 ++++++++++++++ .github/ISSUE_TEMPLATE/feature_request.md | 23 ++++++++++ .github/pull_request_template.md | 12 +++++ CODE_OF_CONDUCT.md | 2 +- CONTRIBUTING.md | 53 +++++++++++++++++++++++ LICENSE | 2 +- README.md | 15 ++++++- SECURITY.md | 14 ++++++ SUPPORT.md | 37 ++++++++++++++++ 9 files changed, 188 insertions(+), 3 deletions(-) create mode 100644 .github/ISSUE_TEMPLATE/bug_report.md create mode 100644 .github/ISSUE_TEMPLATE/feature_request.md create mode 100644 .github/pull_request_template.md create mode 100644 CONTRIBUTING.md create mode 100644 SECURITY.md create mode 100644 SUPPORT.md diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 000000000..6c7471a38 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,33 @@ +--- +name: Bug report +about: Create a report to help us improve +title: "" +labels: "" +assignees: "" +--- + +### Describe the bug + +A clear and concise description of what the bug is. + +### To reproduce + +Steps to reproduce the behavior: + +1. Deploy the NGINX Docker image using ... +2. View output/logs/configuration on ... +3. See error + +### Expected behavior + +A clear and concise description of what you expected to happen. + +### Your environment + +- Version/release of Docker and method of installation (e.g. Docker Desktop / Docker Server) +- Version/tag of the NGINX Docker image (e.g. `nginx:alpine`) +- Target deployment platform (e.g. OpenShift / Kubernetes / Docker Compose / etc...) + +### Additional context + +Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 000000000..e2242abbe --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,23 @@ +--- +name: Feature request +about: Suggest an idea for this project +title: "" +labels: "" +assignees: "" +--- + +### Is your feature request related to a problem? Please describe + +A clear and concise description of what the problem is. Ex. I'm always frustrated when ... + +### Describe the solution you'd like + +A clear and concise description of what you want to happen. + +### Describe alternatives you've considered + +A clear and concise description of any alternative solutions or features you've considered. + +### Additional context + +Add any other context or screenshots about the feature request here. diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 000000000..e869fe513 --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,12 @@ +### Proposed changes + +Describe the use case and detail of the change. If this PR addresses an issue on GitHub, make sure to include a link to that issue using one of the [supported keywords](https://docs.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue) here in this description (not in the title of the PR). + +### Checklist + +Before creating a PR, run through this checklist and mark each as complete: +- [ ] I have read the [`CONTRIBUTING`](https://github.com/nginxinc/docker-nginx/blob/master/CONTRIBUTING.md) document +- [ ] I have run `./update.sh` and ensured all entrypoint/Dockerfile template changes have been applied to the relevant image entrypoint scripts & Dockerfiles +- [ ] If applicable, I have added tests that prove my fix is effective or that my feature works +- [ ] If applicable, I have checked that any relevant tests pass after adding my changes +- [ ] I have updated any relevant documentation diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index aea287f60..78354a27b 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -55,7 +55,7 @@ further defined and clarified by project maintainers. ## Enforcement Instances of abusive, harassing, or otherwise unacceptable behavior may be -reported by contacting the moderation team at nginx-oss-community@f5.com. All +reported by contacting the moderation team at . All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 000000000..b4b863581 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,53 @@ +# Contributing Guidelines + +The following is a set of guidelines for contributing to the Docker NGINX image. We really appreciate that you are considering contributing! + +#### Table Of Contents + +[Getting Started](#getting-started) + +[Contributing](#contributing) + +[Code Guidelines](#code-guidelines) + +[Code of Conduct](https://github.com/nginxinc/docker-nginx/blob/master/CODE_OF_CONDUCT.md) + +## Getting Started + +Follow our [how to use this image guide](https://hub.docker.com/_/nginx/) to get the Docker NGINX image up and running. + +## Contributing + +### Report a Bug + +To report a bug, open an issue on GitHub with the label `bug` using the available bug report issue template. Please ensure the bug has not already been reported. **If the bug is a potential security vulnerability, please report it using our [security policy](https://github.com/nginxinc/docker-nginx/blob/master/SECURITY.md).** + +### Suggest a Feature or Enhancement + +To suggest a feature or enhancement, please create an issue on GitHub with the label `enhancement` using the available [feature request template](https://github.com/nginxinc/docker-nginx/blob/master/.github/feature_request_template.md). Please ensure the feature or enhancement has not already been suggested. + +### Open a Pull Request + +- Fork the repo, create a branch, implement your changes, add any relevant tests, submit a PR when your changes are **tested** and ready for review. +- Fill in [our pull request template](https://github.com/nginxinc/docker-nginx/blob/master/.github/pull_request_template.md). + +Note: if you'd like to implement a new feature, please consider creating a [feature request issue](https://github.com/nginxinc/docker-nginx/blob/master/.github/feature_request_template.md) first to start a discussion about the feature. + +## Code Guidelines + +### Git Guidelines + +- Keep a clean, concise and meaningful git commit history on your branch (within reason), rebasing locally and squashing before submitting a PR. +- If possible and/or relevant, use the [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) format when writing a commit message, so that changelogs can be automatically generated +- Follow the guidelines of writing a good commit message as described here and summarised in the next few points: + - In the subject line, use the present tense ("Add feature" not "Added feature"). + - In the subject line, use the imperative mood ("Move cursor to..." not "Moves cursor to..."). + - Limit the subject line to 72 characters or less. + - Reference issues and pull requests liberally after the subject line. + - Add more detailed description in the body of the git message (`git commit -a` to give you more space and time in your text editor to write a good message instead of `git commit -am`). + +### Docker Guidelines + +- Update any entrypoint scripts via the the scripts contained in the `/entrypoint` directory. +- Update any Dockerfiles via the Dockerfile templates in the root directory (e.g. `Dockerfile-alpine.template`). +- Run the `./update.sh` script to apply all entrypoint/Dockerfile template changes to the relevant image entrypoints & Dockerfiles. diff --git a/LICENSE b/LICENSE index bc1d673f0..f5af4aac9 100644 --- a/LICENSE +++ b/LICENSE @@ -1,4 +1,4 @@ -Copyright (C) 2011-2016 Nginx, Inc. +Copyright (C) 2011-2023 F5, Inc. All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/README.md b/README.md index e852ff4bb..24d8e79c3 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,6 @@ +[![Project Status: Active – The project has reached a stable, usable state and is being actively developed.](https://www.repostatus.org/badges/latest/active.svg)](https://www.repostatus.org/#active) +[![Community Support](https://badgen.net/badge/support/community/cyan?icon=awesome)](https://github.com/nginxinc/docker-nginx/blob/master/SUPPORT.md) + # About this Repo ## Maintained by: [the NGINX Docker Maintainers](https://github.com/nginxinc/docker-nginx) @@ -14,9 +17,19 @@ For more information about the full official images change lifecycle, see [the " For outstanding `nginx` image PRs, check [PRs with the "library/nginx" label on the official-images repository](https://github.com/docker-library/official-images/labels/library%2Fnginx). For the current "source of truth" for [`nginx`](https://hub.docker.com/_/nginx/), see [the `library/nginx` file in the official-images repository](https://github.com/docker-library/official-images/blob/master/library/nginx). +## Contributing + +Please see the [contributing guide](https://github.com/nginxinc/docker-nginx/blob/master/CONTRIBUTING.md) for guidelines on how to best contribute to this project. + +## License + +[BSD 2-Clause](https://github.com/nginxinc/docker-nginx/blob/master/LICENSE) + +© [F5, Inc.](https://www.f5.com/) 2023 + --- -- [![build status badge](https://img.shields.io/github/actions/workflow/status/nginxinc/docker-nginx/ci.yml?branch=master&label=GitHub%20CI)](https://github.com/nginxinc/docker-nginx/actions?query=workflow%3A%22GitHub+CI%22+branch%3Amaster) +- [![build status badge](https://img.shields.io/github/actions/workflow/status/nginxinc/docker-nginx/ci.yml?branch=master&label=GitHub%20CI)](https://github.com/nginxinc/docker-nginx/actions?query=workflow%3A%22GitHub+CI%22+branch%3Amaster) | Build | Status | Badges | (per-arch) | |:-:|:-:|:-:|:-:| diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..47a42e266 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,14 @@ +# Security Policy + +## Latest Versions + +We advise users to run or update to the most recent release of the NGINX Docker image. Older versions of the NGINX Docker image may not have all enhancements and/or bug fixes applied to them. + +## Reporting a Vulnerability + +The F5 Security Incident Response Team (F5 SIRT) has an email alias that makes it easy to report potential security vulnerabilities. + +- If you’re an F5 customer with an active support contract, please contact [F5 Technical Support](https://www.f5.com/services/support). +- If you aren’t an F5 customer, please report any potential or current instances of security vulnerabilities with any F5 product to the F5 Security Incident Response Team at . + +For more information visit [https://www.f5.com/services/support/report-a-vulnerability](https://www.f5.com/services/support/report-a-vulnerability) diff --git a/SUPPORT.md b/SUPPORT.md new file mode 100644 index 000000000..2a6b505d6 --- /dev/null +++ b/SUPPORT.md @@ -0,0 +1,37 @@ +# Support + +## Ask a Question + +We use GitHub for tracking bugs and feature requests related to all the Docker NGINX images (including all variants and container registries). + +Don't know how something in this project works? Curious if this project can achieve your desired functionality? Please open an issue on GitHub with the label `question`. + +## NGINX Specific Questions and/or Issues + +This isn't the right place to get support for NGINX specific questions, but the following resources are available below. Thanks for your understanding! + +### Community Slack + +We have a community [Slack](https://nginxcommunity.slack.com/)! + +If you are not a member, click [here](https://community.nginx.org/joinslack) to sign up (and let us know if the link does not seem to be working!) + +Once you join, check out the `#beginner-questions` and `nginx-users` channels :) + +### Documentation + +For a comprehensive list of all NGINX directives, check out . + +For a comprehensive list of admin and deployment guides for all NGINX products, check out . + +### Mailing List + +Want to get in touch with the NGINX development team directly? Try using the relevant mailing list found at ! + +## Contributing + +Please see the [contributing guide](https://github.com/nginxinc/docker-nginx/blob/master/CONTRIBUTING.md) for guidelines on how to best contribute to this project. + +## Commercial Support + +Commercial support for this project may be available. Please get in touch with [NGINX sales](https://www.nginx.com/contact-sales/) or check your contract details for more info! From 321a13a966eeff945196ddd31a629dad2aa85eda Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 15 Aug 2023 13:21:12 -0700 Subject: [PATCH 203/306] Updated mainline nginx to 1.25.2. --- mainline/alpine-perl/Dockerfile | 12 ++++++------ mainline/alpine-slim/Dockerfile | 12 ++++++------ mainline/alpine/Dockerfile | 12 ++++++------ mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 2 +- update.sh | 6 +++--- 6 files changed, 23 insertions(+), 23 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 6119fbd07..ee22c72f9 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.1-alpine +FROM nginx:1.25.2-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -54,16 +54,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/e0da7da2b70a.tar.gz \ - && PKGOSSCHECKSUM=\"147d7cce3f47d4dbd7bbce8da3199943e15ba64d4be44f603bd90286f8d38320ad027bfa8506a00ca84964b763c19c4ab1d504f586cfc7798518df97700ab1a3 *e0da7da2b70a.tar.gz\" \ - && if [ \"\$(openssl sha512 -r e0da7da2b70a.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"64d3f504b246df1997d8442b12303944d2f51e09b35443b23da479af7790b9f84cf2ddf8ba108bdd712f92466f9a8e107b865a488f0898b87d39059f9f7ff56c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf e0da7da2b70a.tar.gz \ - && cd pkg-oss-e0da7da2b70a \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 9de2c8c75..d1ff2e01b 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.18 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.25.1 +ENV NGINX_VERSION 1.25.2 ENV PKG_RELEASE 1 RUN set -x \ @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/e0da7da2b70a.tar.gz \ - && PKGOSSCHECKSUM=\"147d7cce3f47d4dbd7bbce8da3199943e15ba64d4be44f603bd90286f8d38320ad027bfa8506a00ca84964b763c19c4ab1d504f586cfc7798518df97700ab1a3 *e0da7da2b70a.tar.gz\" \ - && if [ \"\$(openssl sha512 -r e0da7da2b70a.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"64d3f504b246df1997d8442b12303944d2f51e09b35443b23da479af7790b9f84cf2ddf8ba108bdd712f92466f9a8e107b865a488f0898b87d39059f9f7ff56c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf e0da7da2b70a.tar.gz \ - && cd pkg-oss-e0da7da2b70a \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 58282e3eb..834bd72e0 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.1-alpine-slim +FROM nginx:1.25.2-alpine-slim ENV NJS_VERSION 0.8.0 @@ -58,16 +58,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/e0da7da2b70a.tar.gz \ - && PKGOSSCHECKSUM=\"147d7cce3f47d4dbd7bbce8da3199943e15ba64d4be44f603bd90286f8d38320ad027bfa8506a00ca84964b763c19c4ab1d504f586cfc7798518df97700ab1a3 *e0da7da2b70a.tar.gz\" \ - && if [ \"\$(openssl sha512 -r e0da7da2b70a.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"64d3f504b246df1997d8442b12303944d2f51e09b35443b23da479af7790b9f84cf2ddf8ba108bdd712f92466f9a8e107b865a488f0898b87d39059f9f7ff56c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf e0da7da2b70a.tar.gz \ - && cd pkg-oss-e0da7da2b70a \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 377cadb9f..c557638fa 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.1 +FROM nginx:1.25.2 RUN set -x \ && apt-get update \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index bc7c19431..bc172decb 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,7 +7,7 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.25.1 +ENV NGINX_VERSION 1.25.2 ENV NJS_VERSION 0.8.0 ENV PKG_RELEASE 1~bookworm diff --git a/update.sh b/update.sh index 269b35362..31d9a37c9 100755 --- a/update.sh +++ b/update.sh @@ -12,7 +12,7 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.25.1' + [mainline]='1.25.2' [stable]='1.24.0' ) @@ -44,7 +44,7 @@ declare -A alpine=( # when building alpine packages on architectures not supported by nginx.org # Remember to update pkgosschecksum when changing this. declare -A rev=( - [mainline]='e0da7da2b70a' + [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' [stable]='e5d85b3424bb' ) @@ -52,7 +52,7 @@ declare -A rev=( # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='147d7cce3f47d4dbd7bbce8da3199943e15ba64d4be44f603bd90286f8d38320ad027bfa8506a00ca84964b763c19c4ab1d504f586cfc7798518df97700ab1a3' + [mainline]='64d3f504b246df1997d8442b12303944d2f51e09b35443b23da479af7790b9f84cf2ddf8ba108bdd712f92466f9a8e107b865a488f0898b87d39059f9f7ff56c' [stable]='4f33347bf05e7d7dd42a52b6e7af7ec21e3ed71df05a8ec16dd1228425f04e4318d88b1340370ccb6ad02cde590fc102094ddffbb1fc86d2085295a43f02f67b' ) From 4b0d808b8f320df132c154a974ebe46e9e5f5ffe Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 28 Aug 2023 12:56:43 -0700 Subject: [PATCH 204/306] Alpine: check if length of $tempDir is non-zero. Fixes #835. --- Dockerfile-alpine-perl.template | 2 +- Dockerfile-alpine-slim.template | 2 +- Dockerfile-alpine.template | 2 +- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine-slim/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 2 +- stable/alpine-slim/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/Dockerfile-alpine-perl.template b/Dockerfile-alpine-perl.template index c8c56ae8a..d892f81b3 100644 --- a/Dockerfile-alpine-perl.template +++ b/Dockerfile-alpine-perl.template @@ -66,6 +66,6 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template index 4a88c230d..a50789713 100644 --- a/Dockerfile-alpine-slim.template +++ b/Dockerfile-alpine-slim.template @@ -73,7 +73,7 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in gettext so we can get `envsubst`, then throw diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 9bff5ab81..148d4ff27 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -71,7 +71,7 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in curl and ca-certificates to make registering on DNS SD easier diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index ee22c72f9..a69383c32 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -77,6 +77,6 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index d1ff2e01b..f16153086 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -79,7 +79,7 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in gettext so we can get `envsubst`, then throw diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 834bd72e0..fc8215347 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -81,7 +81,7 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in curl and ca-certificates to make registering on DNS SD easier diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 5e5b3af12..a70cca172 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -77,6 +77,6 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 1826029e6..8d59f1bb9 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -79,7 +79,7 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in gettext so we can get `envsubst`, then throw diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 629e1755d..fbe85c5c9 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -81,7 +81,7 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in curl and ca-certificates to make registering on DNS SD easier From 4bf0763f4977fff7e9648add59e0540088f3ca9f Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 24 Oct 2023 15:20:22 -0700 Subject: [PATCH 205/306] Updated mainline nginx to 1.25.3 and njs to 0.8.2. --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 4 ++-- update.sh | 6 +++--- 6 files changed, 13 insertions(+), 13 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index a69383c32..f2ecca4af 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.2-alpine +FROM nginx:1.25.3-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -55,7 +55,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"64d3f504b246df1997d8442b12303944d2f51e09b35443b23da479af7790b9f84cf2ddf8ba108bdd712f92466f9a8e107b865a488f0898b87d39059f9f7ff56c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"00b217979265cc9d66c991c9c89427558936dbaa568d175ca45780589171d94f1866217be09a83438d95494cf38baaa6788320f6d8d23f2fb29c03117391ff88 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index f16153086..d36ab1602 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.18 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.25.2 +ENV NGINX_VERSION 1.25.3 ENV PKG_RELEASE 1 RUN set -x \ @@ -57,7 +57,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"64d3f504b246df1997d8442b12303944d2f51e09b35443b23da479af7790b9f84cf2ddf8ba108bdd712f92466f9a8e107b865a488f0898b87d39059f9f7ff56c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"00b217979265cc9d66c991c9c89427558936dbaa568d175ca45780589171d94f1866217be09a83438d95494cf38baaa6788320f6d8d23f2fb29c03117391ff88 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index fc8215347..5dd4739dc 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.2-alpine-slim +FROM nginx:1.25.3-alpine-slim -ENV NJS_VERSION 0.8.0 +ENV NJS_VERSION 0.8.2 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"64d3f504b246df1997d8442b12303944d2f51e09b35443b23da479af7790b9f84cf2ddf8ba108bdd712f92466f9a8e107b865a488f0898b87d39059f9f7ff56c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"00b217979265cc9d66c991c9c89427558936dbaa568d175ca45780589171d94f1866217be09a83438d95494cf38baaa6788320f6d8d23f2fb29c03117391ff88 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index c557638fa..bbf88b060 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.2 +FROM nginx:1.25.3 RUN set -x \ && apt-get update \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index bc172decb..6bf4fdfcb 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.25.2 -ENV NJS_VERSION 0.8.0 +ENV NGINX_VERSION 1.25.3 +ENV NJS_VERSION 0.8.2 ENV PKG_RELEASE 1~bookworm RUN set -x \ diff --git a/update.sh b/update.sh index 31d9a37c9..9f9d0d132 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.25.2' + [mainline]='1.25.3' [stable]='1.24.0' ) # Current njs versions declare -A njs=( - [mainline]='0.8.0' + [mainline]='0.8.2' [stable]='0.8.0' ) @@ -52,7 +52,7 @@ declare -A rev=( # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='64d3f504b246df1997d8442b12303944d2f51e09b35443b23da479af7790b9f84cf2ddf8ba108bdd712f92466f9a8e107b865a488f0898b87d39059f9f7ff56c' + [mainline]='00b217979265cc9d66c991c9c89427558936dbaa568d175ca45780589171d94f1866217be09a83438d95494cf38baaa6788320f6d8d23f2fb29c03117391ff88' [stable]='4f33347bf05e7d7dd42a52b6e7af7ec21e3ed71df05a8ec16dd1228425f04e4318d88b1340370ccb6ad02cde590fc102094ddffbb1fc86d2085295a43f02f67b' ) From 6cb33076be05c335be33b1d52cfb677533a303f1 Mon Sep 17 00:00:00 2001 From: Jesper Noordsij <45041769+jnoordsij@users.noreply.github.com> Date: Mon, 8 Jan 2024 19:00:18 +0100 Subject: [PATCH 206/306] Replace COPY with bind mount in Alpine modules example --- modules/Dockerfile.alpine | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/modules/Dockerfile.alpine b/modules/Dockerfile.alpine index 347c6a650..230eb4622 100644 --- a/modules/Dockerfile.alpine +++ b/modules/Dockerfile.alpine @@ -62,10 +62,9 @@ RUN set -ex \ && echo "BUILT_MODULES=\"$BUILT_MODULES\"" > /tmp/packages/modules.env FROM ${NGINX_FROM_IMAGE} -COPY --from=builder /tmp/packages /tmp/packages -RUN set -ex \ +RUN --mount=type=bind,target=/tmp/packages/,source=/tmp/packages/,from=builder \ + set -ex \ && . /tmp/packages/modules.env \ && for module in $BUILT_MODULES; do \ apk add --no-cache --allow-untrusted /tmp/packages/nginx-module-${module}-${NGINX_VERSION}*.apk; \ - done \ - && rm -rf /tmp/packages + done From 7399d225a285628b679e40f4c2bd9efee76a2359 Mon Sep 17 00:00:00 2001 From: Jesper Noordsij <45041769+jnoordsij@users.noreply.github.com> Date: Mon, 8 Jan 2024 19:03:36 +0100 Subject: [PATCH 207/306] Replace COPY with bind mount in default modules example --- modules/Dockerfile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/modules/Dockerfile b/modules/Dockerfile index 79b58f4d5..8a261abf8 100644 --- a/modules/Dockerfile +++ b/modules/Dockerfile @@ -70,12 +70,11 @@ RUN set -ex \ && echo "BUILT_MODULES=\"$BUILT_MODULES\"" > /tmp/packages/modules.env FROM ${NGINX_FROM_IMAGE} -COPY --from=builder /tmp/packages /tmp/packages -RUN set -ex \ +RUN --mount=type=bind,target=/tmp/packages/,source=/tmp/packages/,from=builder \ + set -ex \ && apt update \ && . /tmp/packages/modules.env \ && for module in $BUILT_MODULES; do \ apt install --no-install-suggests --no-install-recommends -y /tmp/packages/nginx-module-${module}_${NGINX_VERSION}*.deb; \ done \ - && rm -rf /tmp/packages \ && rm -rf /var/lib/apt/lists/ From 5b37ab090f1c8269d252dfb479865955cbe50bce Mon Sep 17 00:00:00 2001 From: Jesper Noordsij Date: Tue, 9 Jan 2024 09:48:27 +0100 Subject: [PATCH 208/306] Use Docker BuildKit for modules test buils --- .test/tests/modules/run.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.test/tests/modules/run.sh b/.test/tests/modules/run.sh index 9dbe4c3df..257cdd551 100755 --- a/.test/tests/modules/run.sh +++ b/.test/tests/modules/run.sh @@ -32,7 +32,7 @@ fi # Create an instance of the container-under-test modulesImage="$("$HOME/oi/test/tests/image-name.sh" librarytest/nginx-template "$image")" -DOCKER_BUILDKIT=0 docker build --build-arg NGINX_FROM_IMAGE="$image" --build-arg ENABLED_MODULES="ndk set-misc echo" -t "$modulesImage" -f "modules/$dockerfile" "$GITHUB_WORKSPACE/modules" +docker build --build-arg NGINX_FROM_IMAGE="$image" --build-arg ENABLED_MODULES="ndk set-misc echo" -t "$modulesImage" -f "modules/$dockerfile" "$GITHUB_WORKSPACE/modules" serverImage="${modulesImage}-sme" "$HOME/oi/test/tests/docker-build.sh" "$dir" "$serverImage" < Date: Tue, 9 Jan 2024 09:48:43 +0100 Subject: [PATCH 209/306] Add requirement of BuildKit to modules README --- modules/README.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/modules/README.md b/modules/README.md index b2f3965db..887eaa58b 100644 --- a/modules/README.md +++ b/modules/README.md @@ -5,6 +5,17 @@ your own instuctions following a simple filesystem layout/syntax using `build_module.sh` helper script, or falling back to package sources from [pkg-oss](https://hg.nginx.org/pkg-oss). +## Requirements + +To use the Dockerfiles provided here, +[Docker BuildKit](https://docs.docker.com/build/buildkit/) is required. +This is enabled by default as of version 23.0; for earlier versions this can be +enabled by setting the environment variable `DOCKER_BUILDKIT` to `1`. + +If you can not or do not want to use BuildKit, you can use a previous version +of these files, see for example +https://github.com/nginxinc/docker-nginx/tree/4bf0763f4977fff7e9648add59e0540088f3ca9f/modules. + ## Usage ``` From 77dafa64e30a024c7bae7a37bb0741fefc0762cf Mon Sep 17 00:00:00 2001 From: Christian Loos Date: Fri, 13 Jan 2023 17:17:57 +0100 Subject: [PATCH 210/306] use apt-get instead of apt in modules/Dockerfile Do not use apt as it is meant to be an end-user tool. --- modules/Dockerfile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/Dockerfile b/modules/Dockerfile index 8a261abf8..f9aba1da3 100644 --- a/modules/Dockerfile +++ b/modules/Dockerfile @@ -12,8 +12,8 @@ RUN set -ex \ COPY ./ /modules/ RUN set -ex \ - && apt update \ - && apt install -y --no-install-suggests --no-install-recommends \ + && apt-get update \ + && apt-get install -y --no-install-suggests --no-install-recommends \ patch make wget mercurial devscripts debhelper dpkg-dev \ quilt lsb-release build-essential libxml2-utils xsltproc \ equivs git g++ libparse-recdescent-perl \ @@ -42,7 +42,7 @@ RUN set -ex \ # some modules require build dependencies if [ -f /modules/$module/build-deps ]; then \ echo "Installing $module build dependencies"; \ - apt update && apt install -y --no-install-suggests --no-install-recommends $(cat /modules/$module/build-deps | xargs); \ + apt-get update && apt-get install -y --no-install-suggests --no-install-recommends $(cat /modules/$module/build-deps | xargs); \ fi; \ # if a module has a build dependency that is not in a distro, provide a # shell script to fetch/build/install those @@ -72,9 +72,9 @@ RUN set -ex \ FROM ${NGINX_FROM_IMAGE} RUN --mount=type=bind,target=/tmp/packages/,source=/tmp/packages/,from=builder \ set -ex \ - && apt update \ + && apt-get update \ && . /tmp/packages/modules.env \ && for module in $BUILT_MODULES; do \ - apt install --no-install-suggests --no-install-recommends -y /tmp/packages/nginx-module-${module}_${NGINX_VERSION}*.deb; \ + apt-get install --no-install-suggests --no-install-recommends -y /tmp/packages/nginx-module-${module}_${NGINX_VERSION}*.deb; \ done \ && rm -rf /var/lib/apt/lists/ From 5b7624a8f98af507d6d1da2ad7b01806305524ae Mon Sep 17 00:00:00 2001 From: Christian Loos Date: Fri, 13 Jan 2023 17:27:21 +0100 Subject: [PATCH 211/306] use "-o pipefail" for RUN commands in modules Dockerfiles see: https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#using-pipes https://github.com/hadolint/hadolint/wiki/DL4006 --- modules/Dockerfile | 11 +++++------ modules/Dockerfile.alpine | 11 +++++------ 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/modules/Dockerfile b/modules/Dockerfile index f9aba1da3..e9dea75b1 100644 --- a/modules/Dockerfile +++ b/modules/Dockerfile @@ -3,16 +3,16 @@ FROM ${NGINX_FROM_IMAGE} as builder ARG ENABLED_MODULES -RUN set -ex \ - && if [ "$ENABLED_MODULES" = "" ]; then \ +SHELL ["/bin/bash", "-exo", "pipefail", "-c"] + +RUN if [ "$ENABLED_MODULES" = "" ]; then \ echo "No additional modules enabled, exiting"; \ exit 1; \ fi COPY ./ /modules/ -RUN set -ex \ - && apt-get update \ +RUN apt-get update \ && apt-get install -y --no-install-suggests --no-install-recommends \ patch make wget mercurial devscripts debhelper dpkg-dev \ quilt lsb-release build-essential libxml2-utils xsltproc \ @@ -71,8 +71,7 @@ RUN set -ex \ FROM ${NGINX_FROM_IMAGE} RUN --mount=type=bind,target=/tmp/packages/,source=/tmp/packages/,from=builder \ - set -ex \ - && apt-get update \ + apt-get update \ && . /tmp/packages/modules.env \ && for module in $BUILT_MODULES; do \ apt-get install --no-install-suggests --no-install-recommends -y /tmp/packages/nginx-module-${module}_${NGINX_VERSION}*.deb; \ diff --git a/modules/Dockerfile.alpine b/modules/Dockerfile.alpine index 230eb4622..4b6b09100 100644 --- a/modules/Dockerfile.alpine +++ b/modules/Dockerfile.alpine @@ -3,16 +3,16 @@ FROM ${NGINX_FROM_IMAGE} as builder ARG ENABLED_MODULES -RUN set -ex \ - && if [ "$ENABLED_MODULES" = "" ]; then \ +SHELL ["/bin/ash", "-exo", "pipefail", "-c"] + +RUN if [ "$ENABLED_MODULES" = "" ]; then \ echo "No additional modules enabled, exiting"; \ exit 1; \ fi COPY ./ /modules/ -RUN set -ex \ - && apk update \ +RUN apk update \ && apk add linux-headers openssl-dev pcre2-dev zlib-dev openssl abuild \ musl-dev libxslt libxml2-utils make mercurial gcc unzip git \ xz g++ coreutils \ @@ -63,8 +63,7 @@ RUN set -ex \ FROM ${NGINX_FROM_IMAGE} RUN --mount=type=bind,target=/tmp/packages/,source=/tmp/packages/,from=builder \ - set -ex \ - && . /tmp/packages/modules.env \ + . /tmp/packages/modules.env \ && for module in $BUILT_MODULES; do \ apk add --no-cache --allow-untrusted /tmp/packages/nginx-module-${module}-${NGINX_VERSION}*.apk; \ done From 75d5e98b637f193781676bf5ea7c7704273b4355 Mon Sep 17 00:00:00 2001 From: Ambrose Chua Date: Thu, 4 Jan 2024 11:29:55 +0800 Subject: [PATCH 212/306] Add IPv6 support for local-resolvers substitution script --- entrypoint/15-local-resolvers.envsh | 2 +- mainline/alpine-slim/15-local-resolvers.envsh | 2 +- mainline/debian/15-local-resolvers.envsh | 2 +- stable/alpine-slim/15-local-resolvers.envsh | 2 +- stable/debian/15-local-resolvers.envsh | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/entrypoint/15-local-resolvers.envsh b/entrypoint/15-local-resolvers.envsh index da963525b..450a999f4 100755 --- a/entrypoint/15-local-resolvers.envsh +++ b/entrypoint/15-local-resolvers.envsh @@ -8,5 +8,5 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 -NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {if ($2 ~ ":") {print "["$2"]"} else {print $2}}' /etc/resolv.conf) export NGINX_LOCAL_RESOLVERS diff --git a/mainline/alpine-slim/15-local-resolvers.envsh b/mainline/alpine-slim/15-local-resolvers.envsh index da963525b..450a999f4 100755 --- a/mainline/alpine-slim/15-local-resolvers.envsh +++ b/mainline/alpine-slim/15-local-resolvers.envsh @@ -8,5 +8,5 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 -NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {if ($2 ~ ":") {print "["$2"]"} else {print $2}}' /etc/resolv.conf) export NGINX_LOCAL_RESOLVERS diff --git a/mainline/debian/15-local-resolvers.envsh b/mainline/debian/15-local-resolvers.envsh index da963525b..450a999f4 100755 --- a/mainline/debian/15-local-resolvers.envsh +++ b/mainline/debian/15-local-resolvers.envsh @@ -8,5 +8,5 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 -NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {if ($2 ~ ":") {print "["$2"]"} else {print $2}}' /etc/resolv.conf) export NGINX_LOCAL_RESOLVERS diff --git a/stable/alpine-slim/15-local-resolvers.envsh b/stable/alpine-slim/15-local-resolvers.envsh index da963525b..450a999f4 100755 --- a/stable/alpine-slim/15-local-resolvers.envsh +++ b/stable/alpine-slim/15-local-resolvers.envsh @@ -8,5 +8,5 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 -NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {if ($2 ~ ":") {print "["$2"]"} else {print $2}}' /etc/resolv.conf) export NGINX_LOCAL_RESOLVERS diff --git a/stable/debian/15-local-resolvers.envsh b/stable/debian/15-local-resolvers.envsh index da963525b..450a999f4 100755 --- a/stable/debian/15-local-resolvers.envsh +++ b/stable/debian/15-local-resolvers.envsh @@ -8,5 +8,5 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 -NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {if ($2 ~ ":") {print "["$2"]"} else {print $2}}' /etc/resolv.conf) export NGINX_LOCAL_RESOLVERS From 418a6ea01041c873c01c1c43ce34663866251e1d Mon Sep 17 00:00:00 2001 From: Ambrose Chua Date: Thu, 4 Jan 2024 11:56:19 +0800 Subject: [PATCH 213/306] Add tests --- .test/tests/templates-resolver-ipv6/run.sh | 60 +++++++++++++++++++ .../server.conf.template | 9 +++ 2 files changed, 69 insertions(+) create mode 100755 .test/tests/templates-resolver-ipv6/run.sh create mode 100644 .test/tests/templates-resolver-ipv6/server.conf.template diff --git a/.test/tests/templates-resolver-ipv6/run.sh b/.test/tests/templates-resolver-ipv6/run.sh new file mode 100755 index 000000000..8ebbabf92 --- /dev/null +++ b/.test/tests/templates-resolver-ipv6/run.sh @@ -0,0 +1,60 @@ +#!/bin/bash + +[ "$DEBUG" ] && set -x + +set -eo pipefail + +# check if we have ipv6 available +if [ ! -f "/proc/net/if_inet6" ]; then + exit 0 +fi + +dir="$(dirname "$(readlink -f "$BASH_SOURCE")")" + +image="$1" + +clientImage='buildpack-deps:buster-curl' +# ensure the clientImage is ready and available +if ! docker image inspect "$clientImage" &> /dev/null; then + docker pull "$clientImage" > /dev/null +fi + +# Create a new Docker network +nid="$(docker network create --ipv6 --subnet fd0c:7e57::/64 nginx-test-ipv6-network)" +trap "docker network rm -f $nid > /dev/null" EXIT + +# Create an instance of the container-under-test +serverImage="$("$HOME/oi/test/tests/image-name.sh" librarytest/nginx-template "$image")" +"$HOME/oi/test/tests/docker-build.sh" "$dir" "$serverImage" < /dev/null" EXIT + +_request() { + local method="$1" + shift + + local proto="$1" + shift + + local url="${1#/}" + shift + + if [ "$(docker inspect -f '{{.State.Running}}' "$cid" 2>/dev/null)" != 'true' ]; then + echo >&2 "$image stopped unexpectedly!" + ( set -x && docker logs "$cid" ) >&2 || true + false + fi + + docker run --rm \ + --link "$cid":nginx \ + "$clientImage" \ + curl -fsSL -X"$method" --connect-to '::nginx:' "$@" "$proto://example.com/$url" +} + +. "$HOME/oi/test/retry.sh" '[ "$(_request GET / --output /dev/null || echo $?)" != 7 ]' + +# Check that we can request / +_request GET http '/resolver-templates' | grep 'example.com - OK' diff --git a/.test/tests/templates-resolver-ipv6/server.conf.template b/.test/tests/templates-resolver-ipv6/server.conf.template new file mode 100644 index 000000000..04a0c0859 --- /dev/null +++ b/.test/tests/templates-resolver-ipv6/server.conf.template @@ -0,0 +1,9 @@ +resolver ${NGINX_LOCAL_RESOLVERS}; + +server { + listen 80; + server_name ${NGINX_MY_SERVER_NAME}; + default_type text/plain; + location = / { return 200 'OK\n'; } + location / { return 200 "${NGINX_MY_SERVER_NAME} - OK\n"; } +} From a06a1689fcb98f8d84979e4fc41dfce298206b73 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 6 Feb 2024 13:51:00 -0800 Subject: [PATCH 214/306] CI: added templates-resolver-ipv6 to the test runs. --- .test/config.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/.test/config.sh b/.test/config.sh index 87e466a62..e371f4043 100755 --- a/.test/config.sh +++ b/.test/config.sh @@ -4,6 +4,7 @@ imageTests+=( static templates templates-resolver + templates-resolver-ipv6 workers modules ' From e230e12e34036a35af1393060be1f03159be76d5 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 6 Feb 2024 14:00:30 -0800 Subject: [PATCH 215/306] CI: fixed templates-resolver-ipv6 tests. --- .../expected-std-out.txt | 2 ++ .test/tests/templates-resolver-ipv6/run.sh | 29 ++++++++++++++++--- .../server.conf.template | 1 + 3 files changed, 28 insertions(+), 4 deletions(-) create mode 100644 .test/tests/templates-resolver-ipv6/expected-std-out.txt diff --git a/.test/tests/templates-resolver-ipv6/expected-std-out.txt b/.test/tests/templates-resolver-ipv6/expected-std-out.txt new file mode 100644 index 000000000..5309ac822 --- /dev/null +++ b/.test/tests/templates-resolver-ipv6/expected-std-out.txt @@ -0,0 +1,2 @@ +example.com - OK +ipv6 nameserver(s) present diff --git a/.test/tests/templates-resolver-ipv6/run.sh b/.test/tests/templates-resolver-ipv6/run.sh index 8ebbabf92..a7bc3332d 100755 --- a/.test/tests/templates-resolver-ipv6/run.sh +++ b/.test/tests/templates-resolver-ipv6/run.sh @@ -21,7 +21,10 @@ fi # Create a new Docker network nid="$(docker network create --ipv6 --subnet fd0c:7e57::/64 nginx-test-ipv6-network)" -trap "docker network rm -f $nid > /dev/null" EXIT + +_network_exit_handler() { + docker network rm -f $nid > /dev/null +} # Create an instance of the container-under-test serverImage="$("$HOME/oi/test/tests/image-name.sh" librarytest/nginx-template "$image")" @@ -30,7 +33,14 @@ FROM $image COPY dir/server.conf.template /etc/nginx/templates/server.conf.template EOD cid="$(docker run -d --network $nid -e NGINX_ENTRYPOINT_LOCAL_RESOLVERS=true -e NGINX_MY_SERVER_NAME=example.com "$serverImage")" -trap "docker rm -vf $cid > /dev/null" EXIT + +_container_exit_handler() { + docker rm -vf $cid > /dev/null +} +_exit_handler() { _container_exit_handler; _network_exit_handler; } +trap "_exit_handler" EXIT + +ipv6cid="$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.GlobalIPv6Address}}{{end}}' $cid)" _request() { local method="$1" @@ -49,12 +59,23 @@ _request() { fi docker run --rm \ - --link "$cid":nginx \ + --network "$nid" \ "$clientImage" \ - curl -fsSL -X"$method" --connect-to '::nginx:' "$@" "$proto://example.com/$url" + curl -fsSL -X"$method" --connect-to "::[$ipv6cid]:" "$@" "$proto://example.com/$url" } . "$HOME/oi/test/retry.sh" '[ "$(_request GET / --output /dev/null || echo $?)" != 7 ]' # Check that we can request / _request GET http '/resolver-templates' | grep 'example.com - OK' + +result="$(docker exec $cid grep resolver /etc/nginx/conf.d/server.conf)" + +case "$result" in + resolver*\[*\]*) + echo "ipv6 nameserver(s) present" + ;; + *) + echo "no ipv6 nameserver(s) present" + ;; +esac diff --git a/.test/tests/templates-resolver-ipv6/server.conf.template b/.test/tests/templates-resolver-ipv6/server.conf.template index 04a0c0859..70835560f 100644 --- a/.test/tests/templates-resolver-ipv6/server.conf.template +++ b/.test/tests/templates-resolver-ipv6/server.conf.template @@ -2,6 +2,7 @@ resolver ${NGINX_LOCAL_RESOLVERS}; server { listen 80; + listen [::]:80; server_name ${NGINX_MY_SERVER_NAME}; default_type text/plain; location = / { return 200 'OK\n'; } From 1f227619c1f1baa0bed8bed844ea614437ff14fb Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 14 Feb 2024 10:12:27 -0800 Subject: [PATCH 216/306] Updated mainline nginx to 1.25.4 and njs to 0.8.3. --- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 4 ++-- update.sh | 6 +++--- 6 files changed, 13 insertions(+), 13 deletions(-) diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index f2ecca4af..b500d17fc 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.3-alpine +FROM nginx:1.25.4-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -55,7 +55,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"00b217979265cc9d66c991c9c89427558936dbaa568d175ca45780589171d94f1866217be09a83438d95494cf38baaa6788320f6d8d23f2fb29c03117391ff88 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"79bf214256bf55700c776a87abfc3cf542323a267d879e89110aa44b551d12f6df7d56676a68f255ebbb54275185980d1fa37075f000d98e0ecac28db9e89fe3 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index d36ab1602..2cdb70e14 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.18 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.25.3 +ENV NGINX_VERSION 1.25.4 ENV PKG_RELEASE 1 RUN set -x \ @@ -57,7 +57,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"00b217979265cc9d66c991c9c89427558936dbaa568d175ca45780589171d94f1866217be09a83438d95494cf38baaa6788320f6d8d23f2fb29c03117391ff88 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"79bf214256bf55700c776a87abfc3cf542323a267d879e89110aa44b551d12f6df7d56676a68f255ebbb54275185980d1fa37075f000d98e0ecac28db9e89fe3 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 5dd4739dc..b3ee8c0ab 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.3-alpine-slim +FROM nginx:1.25.4-alpine-slim -ENV NJS_VERSION 0.8.2 +ENV NJS_VERSION 0.8.3 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"00b217979265cc9d66c991c9c89427558936dbaa568d175ca45780589171d94f1866217be09a83438d95494cf38baaa6788320f6d8d23f2fb29c03117391ff88 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"79bf214256bf55700c776a87abfc3cf542323a267d879e89110aa44b551d12f6df7d56676a68f255ebbb54275185980d1fa37075f000d98e0ecac28db9e89fe3 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index bbf88b060..28d8d826c 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.3 +FROM nginx:1.25.4 RUN set -x \ && apt-get update \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 6bf4fdfcb..48b78ba48 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.25.3 -ENV NJS_VERSION 0.8.2 +ENV NGINX_VERSION 1.25.4 +ENV NJS_VERSION 0.8.3 ENV PKG_RELEASE 1~bookworm RUN set -x \ diff --git a/update.sh b/update.sh index 9f9d0d132..cb5626666 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.25.3' + [mainline]='1.25.4' [stable]='1.24.0' ) # Current njs versions declare -A njs=( - [mainline]='0.8.2' + [mainline]='0.8.3' [stable]='0.8.0' ) @@ -52,7 +52,7 @@ declare -A rev=( # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='00b217979265cc9d66c991c9c89427558936dbaa568d175ca45780589171d94f1866217be09a83438d95494cf38baaa6788320f6d8d23f2fb29c03117391ff88' + [mainline]='79bf214256bf55700c776a87abfc3cf542323a267d879e89110aa44b551d12f6df7d56676a68f255ebbb54275185980d1fa37075f000d98e0ecac28db9e89fe3' [stable]='4f33347bf05e7d7dd42a52b6e7af7ec21e3ed71df05a8ec16dd1228425f04e4318d88b1340370ccb6ad02cde590fc102094ddffbb1fc86d2085295a43f02f67b' ) From e16114680b7ba115ffe4fe44be0b5b0bb14fba93 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 7 Mar 2024 20:51:38 -0800 Subject: [PATCH 217/306] Specify architecture to pull in the sync script. --- sync-awsecr.sh | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/sync-awsecr.sh b/sync-awsecr.sh index 5065c3b55..317054488 100755 --- a/sync-awsecr.sh +++ b/sync-awsecr.sh @@ -108,8 +108,16 @@ echo "export DOCKER_CLI_EXPERIMENTAL=enabled" echo echo "# pulling stuff" for arch in ${architectures[@]}; do + case $arch in + arm64v8) + parch="aarch64" + ;; + *) + parch=$arch + ;; + esac for tag in ${pulllist[@]}; do - echo "docker pull $arch/$tag"; + echo "docker pull --platform linux/$parch $arch/$tag"; done done From 67270a20ffca47f954593b540136974bc831a61c Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 7 Mar 2024 21:12:16 -0800 Subject: [PATCH 218/306] Specify distribution versions tags in sync script. This mostly synchronises it with generate-stackbrew-library.sh script. --- sync-awsecr.sh | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/sync-awsecr.sh b/sync-awsecr.sh index 317054488..e35d1807c 100755 --- a/sync-awsecr.sh +++ b/sync-awsecr.sh @@ -71,12 +71,17 @@ for version in "${versions[@]}"; do fi versionAliases+=( ${aliases[$version]:-} ) - for tag in ${versionAliases[@]:1}; do + debianVersion="$(git show "$commit":"$version/$base/Dockerfile" | awk -F"[-:]" '$1 == "FROM debian" { print $2; exit }')" + debianAliases=( ${versionAliases[@]/%/-$debianVersion} ) + debianAliases=( "${debianAliases[@]//latest-/}" ) + + for tag in ${versionAliases[@]:1} ${debianAliases[@]:1}; do taglist["$image:$tag"]="$image:$fullVersion" done for variant in debian-perl; do variantAliases=( "${versionAliases[@]/%/-perl}" ) + variantAliases+=( "${versionAliases[@]/%/-${variant/debian/$debianVersion}}" ) variantAliases=( "${variantAliases[@]//latest-/}" ) for tag in ${variantAliases[@]}; do @@ -86,10 +91,13 @@ for version in "${versions[@]}"; do done done + alpineVersion="$(git show "$commit":"$version/alpine-slim/Dockerfile" | awk -F: '$1 == "FROM alpine" { print $2; exit }')" + for variant in alpine alpine-perl alpine-slim; do commit="$(dirCommit "$version/$variant")" variantAliases=( "${versionAliases[@]/%/-$variant}" ) + variantAliases+=( "${versionAliases[@]/%/-${variant/alpine/alpine$alpineVersion}}" ) variantAliases=( "${variantAliases[@]//latest-/}" ) for tag in ${variantAliases[@]}; do From 6f3d62b782254d12694260d1d92162111c73af6d Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 7 Mar 2024 21:13:03 -0800 Subject: [PATCH 219/306] generate-stackbrew-library.sh: simplify. alpine-slim is built on all architectures and is not different to other alpine versions, so no reason to have a separate section for it anymore. --- generate-stackbrew-library.sh | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index eba3c3210..a7709d58e 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -90,23 +90,7 @@ for version in "${versions[@]}"; do alpineVersion="$(git show "$commit":"$version/alpine-slim/Dockerfile" | awk -F: '$1 == "FROM alpine" { print $2; exit }')" - for variant in alpine alpine-perl; do - commit="$(dirCommit "$version/$variant")" - - variantAliases=( "${versionAliases[@]/%/-$variant}" ) - variantAliases+=( "${versionAliases[@]/%/-${variant/alpine/alpine$alpineVersion}}" ) - variantAliases=( "${variantAliases[@]//latest-/}" ) - - echo - cat <<-EOE - Tags: $(join ', ' "${variantAliases[@]}") - Architectures: arm64v8, arm32v6, arm32v7, ppc64le, s390x, i386, amd64 - GitCommit: $commit - Directory: $version/$variant - EOE - done - - for variant in alpine-slim; do + for variant in alpine alpine-perl alpine-slim; do commit="$(dirCommit "$version/$variant")" variantAliases=( "${versionAliases[@]/%/-$variant}" ) From 9cb278860bdcea48abc0bc770a29ead3fc9a1fe6 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 12 Dec 2023 14:03:09 -0800 Subject: [PATCH 220/306] Added an otel module image variant. The variant provides an image built with a recently opensourced opentelemetry module developed by F5/NGINX [1]. I've decided to make a separate variant based on the main image instead of extending it because the module build-depends on a fairly large chunk of C++ code from multiple projects, which takes around 10 minutes to compile and link on an 8-core amd64 machine. This is why it's currently limited to amd64 and arm64v8, which nginx.org provides builds for. Users can build them on less popular architectures as the instructions are still provided in the dockerfiles. Also, it's currently only available for the "mainline" branch, with "stable" to follow in the future. [1] https://nginx.org/en/docs/ngx_otel_module.html [2] https://nginx.org/en/linux_packages.html#dynmodules --- Dockerfile-alpine-otel.template | 76 ++++++++++++++++++++++++++ Dockerfile-debian-otel.template | 84 +++++++++++++++++++++++++++++ generate-stackbrew-library.sh | 39 ++++++++++++++ mainline/alpine-otel/Dockerfile | 87 ++++++++++++++++++++++++++++++ mainline/debian-otel/Dockerfile | 95 +++++++++++++++++++++++++++++++++ update.sh | 44 ++++++++++++--- 6 files changed, 419 insertions(+), 6 deletions(-) create mode 100644 Dockerfile-alpine-otel.template create mode 100644 Dockerfile-debian-otel.template create mode 100644 mainline/alpine-otel/Dockerfile create mode 100644 mainline/debian-otel/Dockerfile diff --git a/Dockerfile-alpine-otel.template b/Dockerfile-alpine-otel.template new file mode 100644 index 000000000..743c532c0 --- /dev/null +++ b/Dockerfile-alpine-otel.template @@ -0,0 +1,76 @@ +FROM nginx:%%NGINX_VERSION%%-alpine + +ENV OTEL_VERSION %%OTEL_VERSION%% + +RUN set -x \ + && apkArch="$(cat /etc/apk/arch)" \ + && nginxPackages="%%PACKAGES%% + " \ +# install prerequisites for public key and pkg-oss checks + && apk add --no-cache --virtual .checksum-deps \ + openssl \ + && case "$apkArch" in \ + x86_64|aarch64) \ +# arches officially built by upstream + set -x \ + && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ + && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ + && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ + echo "key verification succeeded!"; \ + mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ + else \ + echo "key verification failed!"; \ + exit 1; \ + fi \ + && apk add -X "%%PACKAGEREPO%%v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published packaging sources + set -x \ + && tempDir="$(mktemp -d)" \ + && chown nobody:nobody $tempDir \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre2-dev \ + zlib-dev \ + linux-headers \ + cmake \ + bash \ + alpine-sdk \ + findutils \ + xz \ + re2-dev \ + c-ares-dev \ + && su nobody -s /bin/sh -c " \ + export HOME=${tempDir} \ + && cd ${tempDir} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/%%REVISION%%.tar.gz \ + && PKGOSSCHECKSUM=\"%%PKGOSSCHECKSUM%% *%%REVISION%%.tar.gz\" \ + && if [ \"\$(openssl sha512 -r %%REVISION%%.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + echo \"pkg-oss tarball checksum verification succeeded!\"; \ + else \ + echo \"pkg-oss tarball checksum verification failed!\"; \ + exit 1; \ + fi \ + && tar xzvf %%REVISION%%.tar.gz \ + && cd pkg-oss-%%REVISION%% \ + && cd alpine \ + && make %%BUILDTARGET%% \ + && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ + " \ + && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ + && apk del --no-network .build-deps \ + && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ + ;; \ + esac \ +# remove checksum deps + && apk del --no-network .checksum-deps \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi diff --git a/Dockerfile-debian-otel.template b/Dockerfile-debian-otel.template new file mode 100644 index 000000000..2cc519b7b --- /dev/null +++ b/Dockerfile-debian-otel.template @@ -0,0 +1,84 @@ +FROM nginx:%%NGINX_VERSION%% + +ENV OTEL_VERSION %%OTEL_VERSION%% + +RUN set -x \ + && apt-get update \ + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ + && \ + NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + export GNUPGHOME="$(mktemp -d)"; \ + found=''; \ + for server in \ + hkp://keyserver.ubuntu.com:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ + gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ + rm -rf "$GNUPGHOME"; \ + apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ + && dpkgArch="$(dpkg --print-architecture)" \ + && nginxPackages="%%PACKAGES%% + " \ + && case "$dpkgArch" in \ + amd64|arm64) \ +# arches officialy built by upstream + echo "deb [signed-by=$NGINX_GPGKEY_PATH] %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ + && apt-get update \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published source packages + echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ + \ +# new directory for storing sources and .deb files + && tempDir="$(mktemp -d)" \ + && chmod 777 "$tempDir" \ +# (777 to ensure APT's "_apt" user can access it too) + \ +# save list of currently-installed packages so build dependencies can be cleanly removed later + && savedAptMark="$(apt-mark showmanual)" \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + && apt-get update \ + && apt-get build-dep -y %%BUILDTARGET%% \ + && ( \ + cd "$tempDir" \ + && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile %%BUILDTARGET%% \ + ) \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + && apt-mark showmanual | xargs apt-mark auto > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + && ls -lAFh "$tempDir" \ + && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ + && grep '^Package: ' "$tempDir/Packages" \ + && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + && apt-get -o Acquire::GzipIndexes=false update \ + ;; \ + esac \ + \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + $nginxPackages \ + gettext-base \ + curl \ + && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then \ + apt-get purge -y --auto-remove \ + && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index a7709d58e..0990cc61b 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -50,6 +50,12 @@ join() { } for version in "${versions[@]}"; do + debian_otel= + alpine_otel= + if [ "$version" = "mainline" ]; then + debian_otel="debian-otel" + alpine_otel="alpine-otel" + fi commit="$(dirCommit "$version/$base")" fullVersion="$(git show "$commit":"$version/$base/Dockerfile" | awk '$1 == "ENV" && $2 == "NGINX_VERSION" { print $3; exit }')" @@ -88,6 +94,23 @@ for version in "${versions[@]}"; do EOE done + for variant in $debian_otel; do + commit="$(dirCommit "$version/$variant")" + + variantAliases=( "${versionAliases[@]/%/-otel}" ) + variantAliases+=( "${versionAliases[@]/%/-${variant/debian/$debianVersion}}" ) + variantAliases=( "${variantAliases[@]//latest-/}" ) + + echo + cat <<-EOE + Tags: $(join ', ' "${variantAliases[@]}") + Architectures: amd64, arm64v8 + GitCommit: $commit + Directory: $version/$variant + EOE + done + + alpineVersion="$(git show "$commit":"$version/alpine-slim/Dockerfile" | awk -F: '$1 == "FROM alpine" { print $2; exit }')" for variant in alpine alpine-perl alpine-slim; do @@ -106,4 +129,20 @@ for version in "${versions[@]}"; do EOE done + for variant in $alpine_otel; do + commit="$(dirCommit "$version/$variant")" + + variantAliases=( "${versionAliases[@]/%/-$variant}" ) + variantAliases+=( "${versionAliases[@]/%/-${variant/alpine/alpine$alpineVersion}}" ) + variantAliases=( "${variantAliases[@]//latest-/}" ) + + echo + cat <<-EOE + Tags: $(join ', ' "${variantAliases[@]}") + Architectures: amd64, arm64v8 + GitCommit: $commit + Directory: $version/$variant + EOE + done + done diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile new file mode 100644 index 000000000..714113c98 --- /dev/null +++ b/mainline/alpine-otel/Dockerfile @@ -0,0 +1,87 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# +FROM nginx:1.25.4-alpine + +ENV OTEL_VERSION 0.1.0 + +RUN set -x \ + && apkArch="$(cat /etc/apk/arch)" \ + && nginxPackages=" \ + nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ + nginx-module-otel=${NGINX_VERSION}.${OTEL_VERSION}-r${PKG_RELEASE} \ + " \ +# install prerequisites for public key and pkg-oss checks + && apk add --no-cache --virtual .checksum-deps \ + openssl \ + && case "$apkArch" in \ + x86_64|aarch64) \ +# arches officially built by upstream + set -x \ + && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ + && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ + && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ + echo "key verification succeeded!"; \ + mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ + else \ + echo "key verification failed!"; \ + exit 1; \ + fi \ + && apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published packaging sources + set -x \ + && tempDir="$(mktemp -d)" \ + && chown nobody:nobody $tempDir \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre2-dev \ + zlib-dev \ + linux-headers \ + cmake \ + bash \ + alpine-sdk \ + findutils \ + xz \ + re2-dev \ + c-ares-dev \ + && su nobody -s /bin/sh -c " \ + export HOME=${tempDir} \ + && cd ${tempDir} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"79bf214256bf55700c776a87abfc3cf542323a267d879e89110aa44b551d12f6df7d56676a68f255ebbb54275185980d1fa37075f000d98e0ecac28db9e89fe3 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + echo \"pkg-oss tarball checksum verification succeeded!\"; \ + else \ + echo \"pkg-oss tarball checksum verification failed!\"; \ + exit 1; \ + fi \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && cd alpine \ + && make module-otel \ + && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ + " \ + && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ + && apk del --no-network .build-deps \ + && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ + ;; \ + esac \ +# remove checksum deps + && apk del --no-network .checksum-deps \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile new file mode 100644 index 000000000..8fbf2a308 --- /dev/null +++ b/mainline/debian-otel/Dockerfile @@ -0,0 +1,95 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# +FROM nginx:1.25.4 + +ENV OTEL_VERSION 0.1.0 + +RUN set -x \ + && apt-get update \ + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ + && \ + NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + export GNUPGHOME="$(mktemp -d)"; \ + found=''; \ + for server in \ + hkp://keyserver.ubuntu.com:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ + gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ + rm -rf "$GNUPGHOME"; \ + apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ + && dpkgArch="$(dpkg --print-architecture)" \ + && nginxPackages=" \ + nginx=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ + nginx-module-otel=${NGINX_VERSION}+${OTEL_VERSION}-${PKG_RELEASE} \ + " \ + && case "$dpkgArch" in \ + amd64|arm64) \ +# arches officialy built by upstream + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ + && apt-get update \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published source packages + echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ + \ +# new directory for storing sources and .deb files + && tempDir="$(mktemp -d)" \ + && chmod 777 "$tempDir" \ +# (777 to ensure APT's "_apt" user can access it too) + \ +# save list of currently-installed packages so build dependencies can be cleanly removed later + && savedAptMark="$(apt-mark showmanual)" \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + && apt-get update \ + && apt-get build-dep -y nginx-module-otel \ + && ( \ + cd "$tempDir" \ + && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile nginx-module-otel \ + ) \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + && apt-mark showmanual | xargs apt-mark auto > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + && ls -lAFh "$tempDir" \ + && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ + && grep '^Package: ' "$tempDir/Packages" \ + && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + && apt-get -o Acquire::GzipIndexes=false update \ + ;; \ + esac \ + \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + $nginxPackages \ + gettext-base \ + curl \ + && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then \ + apt-get purge -y --auto-remove \ + && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi diff --git a/update.sh b/update.sh index cb5626666..40449e1e8 100755 --- a/update.sh +++ b/update.sh @@ -22,6 +22,12 @@ declare -A njs=( [stable]='0.8.0' ) +# Current otel versions +declare -A otel=( + [mainline]='0.1.0' + [stable]='0.1.0' +) + # Current package patchlevel version # Remember to update pkgosschecksum when changing this. declare -A pkg=( @@ -61,6 +67,8 @@ get_packages() { shift local branch="$1" shift + local bn="" + local otel= local perl= local r= local sep= @@ -81,6 +89,13 @@ get_packages() { ;; esac + case "$distro:$branch" in + *-otel:mainline) + otel="nginx-module-otel" + bn="\n" + ;; + esac + echo -n ' \\\n' case "$distro" in *-slim) @@ -93,16 +108,21 @@ get_packages() { echo -n ' '"$p"'=${NGINX_VERSION}-'"$r"'${PKG_RELEASE} \\\n' done for p in nginx-module-njs; do - echo -n ' '"$p"'=${NGINX_VERSION}'"$sep"'${NJS_VERSION}-'"$r"'${PKG_RELEASE} \\' + echo -n ' '"$p"'=${NGINX_VERSION}'"$sep"'${NJS_VERSION}-'"$r"'${PKG_RELEASE} \\'"$bn" + done + for p in $otel; do + echo -n ' '"$p"'=${NGINX_VERSION}'"$sep"'${OTEL_VERSION}-'"$r"'${PKG_RELEASE} \\' done ;; esac } get_packagerepo() { - local distro="${1%-perl}" - distro="${distro%-slim}" + local distro="$1" shift + distro="${distro%-perl}" + distro="${distro%-otel}" + distro="${distro%-slim}" local branch="$1" shift @@ -112,8 +132,11 @@ get_packagerepo() { } get_packagever() { - local distro="${1%-perl}" + local distro="$1" shift + distro="${distro%-perl}" + distro="${distro%-otel}" + distro="${distro%-slim}" local branch="$1" shift local suffix= @@ -125,6 +148,7 @@ get_packagever() { get_buildtarget() { local distro="$1" + shift case "$distro" in alpine-slim) echo base @@ -132,6 +156,9 @@ get_buildtarget() { alpine-perl) echo module-perl ;; + alpine-otel) + echo module-otel + ;; alpine) echo module-geoip module-image-filter module-njs module-xslt ;; @@ -141,6 +168,9 @@ get_buildtarget() { debian-perl) echo "nginx-module-perl=\${NGINX_VERSION}-\${PKG_RELEASE}" ;; + debian-otel) + echo "nginx-module-otel" + ;; esac } @@ -156,8 +186,8 @@ __EOF__ for branch in "${branches[@]}"; do for variant in \ - alpine{,-perl,-slim} \ - debian{,-perl}; do + alpine{,-perl,-otel,-slim} \ + debian{,-perl,-otel}; do echo "$branch: $variant dockerfiles" dir="$branch/$variant" variant="$(basename "$variant")" @@ -174,6 +204,7 @@ for branch in "${branches[@]}"; do alpinever="${alpine[$branch]}" nginxver="${nginx[$branch]}" njsver="${njs[${branch}]}" + otelver="${otel[${branch}]}" revver="${rev[${branch}]}" pkgosschecksumver="${pkgosschecksum[${branch}]}" @@ -187,6 +218,7 @@ for branch in "${branches[@]}"; do -e 's,%%DEBIAN_VERSION%%,'"$debianver"',' \ -e 's,%%NGINX_VERSION%%,'"$nginxver"',' \ -e 's,%%NJS_VERSION%%,'"$njsver"',' \ + -e 's,%%OTEL_VERSION%%,'"$otelver"',' \ -e 's,%%PKG_RELEASE%%,'"$packagever"',' \ -e 's,%%PACKAGES%%,'"$packages"',' \ -e 's,%%PACKAGEREPO%%,'"$packagerepo"',' \ From 29d5001c15e7a2c7b34402c35254cc55199f8cc8 Mon Sep 17 00:00:00 2001 From: oxpa Date: Tue, 16 Apr 2024 18:12:08 +0100 Subject: [PATCH 221/306] Updated mainline to 1.25.5. --- mainline/alpine-otel/Dockerfile | 4 ++-- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 6 +++--- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-otel/Dockerfile | 2 +- mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 4 ++-- update.sh | 8 ++++---- 8 files changed, 18 insertions(+), 18 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index 714113c98..f7460dcb7 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.4-alpine +FROM nginx:1.25.5-alpine ENV OTEL_VERSION 0.1.0 @@ -60,7 +60,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"79bf214256bf55700c776a87abfc3cf542323a267d879e89110aa44b551d12f6df7d56676a68f255ebbb54275185980d1fa37075f000d98e0ecac28db9e89fe3 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"74000f32ab250be492a8ae4d408cd63a4c422f4f0af84689973a2844fceeb8a3e7e12b04d7c6dac0f993d7102d920a5f60e6f49be23ce4093f48a8eb1ae36ce5 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index b500d17fc..5ded61923 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.4-alpine +FROM nginx:1.25.5-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -55,7 +55,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"79bf214256bf55700c776a87abfc3cf542323a267d879e89110aa44b551d12f6df7d56676a68f255ebbb54275185980d1fa37075f000d98e0ecac28db9e89fe3 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"74000f32ab250be492a8ae4d408cd63a4c422f4f0af84689973a2844fceeb8a3e7e12b04d7c6dac0f993d7102d920a5f60e6f49be23ce4093f48a8eb1ae36ce5 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 2cdb70e14..d867eb42b 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -3,11 +3,11 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.18 +FROM alpine:3.19 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.25.4 +ENV NGINX_VERSION 1.25.5 ENV PKG_RELEASE 1 RUN set -x \ @@ -57,7 +57,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"79bf214256bf55700c776a87abfc3cf542323a267d879e89110aa44b551d12f6df7d56676a68f255ebbb54275185980d1fa37075f000d98e0ecac28db9e89fe3 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"74000f32ab250be492a8ae4d408cd63a4c422f4f0af84689973a2844fceeb8a3e7e12b04d7c6dac0f993d7102d920a5f60e6f49be23ce4093f48a8eb1ae36ce5 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index b3ee8c0ab..fba7100eb 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.4-alpine-slim +FROM nginx:1.25.5-alpine-slim -ENV NJS_VERSION 0.8.3 +ENV NJS_VERSION 0.8.4 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"79bf214256bf55700c776a87abfc3cf542323a267d879e89110aa44b551d12f6df7d56676a68f255ebbb54275185980d1fa37075f000d98e0ecac28db9e89fe3 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"74000f32ab250be492a8ae4d408cd63a4c422f4f0af84689973a2844fceeb8a3e7e12b04d7c6dac0f993d7102d920a5f60e6f49be23ce4093f48a8eb1ae36ce5 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 8fbf2a308..d093409ec 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.4 +FROM nginx:1.25.5 ENV OTEL_VERSION 0.1.0 diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 28d8d826c..237266786 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.4 +FROM nginx:1.25.5 RUN set -x \ && apt-get update \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 48b78ba48..22ad7980e 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.25.4 -ENV NJS_VERSION 0.8.3 +ENV NGINX_VERSION 1.25.5 +ENV NJS_VERSION 0.8.4 ENV PKG_RELEASE 1~bookworm RUN set -x \ diff --git a/update.sh b/update.sh index 40449e1e8..cc7123794 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.25.4' + [mainline]='1.25.5' [stable]='1.24.0' ) # Current njs versions declare -A njs=( - [mainline]='0.8.3' + [mainline]='0.8.4' [stable]='0.8.0' ) @@ -41,7 +41,7 @@ declare -A debian=( ) declare -A alpine=( - [mainline]='3.18' + [mainline]='3.19' [stable]='3.18' ) @@ -58,7 +58,7 @@ declare -A rev=( # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='79bf214256bf55700c776a87abfc3cf542323a267d879e89110aa44b551d12f6df7d56676a68f255ebbb54275185980d1fa37075f000d98e0ecac28db9e89fe3' + [mainline]='74000f32ab250be492a8ae4d408cd63a4c422f4f0af84689973a2844fceeb8a3e7e12b04d7c6dac0f993d7102d920a5f60e6f49be23ce4093f48a8eb1ae36ce5' [stable]='4f33347bf05e7d7dd42a52b6e7af7ec21e3ed71df05a8ec16dd1228425f04e4318d88b1340370ccb6ad02cde590fc102094ddffbb1fc86d2085295a43f02f67b' ) From 308c492bfaec8ffb73eb7508395165b92113fe47 Mon Sep 17 00:00:00 2001 From: Jesper Noordsij Date: Thu, 7 Dec 2023 11:18:15 +0100 Subject: [PATCH 222/306] Update mainline to Alpine 3.19 --- stable/alpine-slim/Dockerfile | 2 +- update.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 8d59f1bb9..90d0cf288 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.18 +FROM alpine:3.19 LABEL maintainer="NGINX Docker Maintainers " diff --git a/update.sh b/update.sh index cc7123794..cd9ade25b 100755 --- a/update.sh +++ b/update.sh @@ -42,7 +42,7 @@ declare -A debian=( declare -A alpine=( [mainline]='3.19' - [stable]='3.18' + [stable]='3.19' ) # When we bump njs version in a stable release we don't move the tag in the From b7a32965681b02a7d0e18425333328df4cd48652 Mon Sep 17 00:00:00 2001 From: Orgad Shaneh Date: Thu, 21 Mar 2024 12:33:30 +0200 Subject: [PATCH 223/306] Keep repo key registered in alpine, and simplify Dockerfiles In debian image, the key is not deleted. This can also be used in user images to install packages directly. --- Dockerfile-alpine-otel.template | 15 ++------------- Dockerfile-alpine-perl.template | 15 ++------------- Dockerfile-alpine-slim.template | 1 - Dockerfile-alpine.template | 13 +------------ Dockerfile-debian-otel.template | 21 ++------------------- Dockerfile-debian-perl.template | 21 ++------------------- mainline/alpine-otel/Dockerfile | 15 ++------------- mainline/alpine-perl/Dockerfile | 15 ++------------- mainline/alpine-slim/Dockerfile | 1 - mainline/alpine/Dockerfile | 13 +------------ mainline/debian-otel/Dockerfile | 21 ++------------------- mainline/debian-perl/Dockerfile | 21 ++------------------- stable/alpine-perl/Dockerfile | 15 ++------------- stable/alpine-slim/Dockerfile | 1 - stable/alpine/Dockerfile | 13 +------------ stable/debian-perl/Dockerfile | 21 ++------------------- 16 files changed, 23 insertions(+), 199 deletions(-) diff --git a/Dockerfile-alpine-otel.template b/Dockerfile-alpine-otel.template index 743c532c0..7090e4fd4 100644 --- a/Dockerfile-alpine-otel.template +++ b/Dockerfile-alpine-otel.template @@ -12,17 +12,7 @@ RUN set -x \ && case "$apkArch" in \ x86_64|aarch64) \ # arches officially built by upstream - set -x \ - && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ - && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ - echo "key verification succeeded!"; \ - mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ - else \ - echo "key verification failed!"; \ - exit 1; \ - fi \ - && apk add -X "%%PACKAGEREPO%%v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + apk add -X "%%PACKAGEREPO%%v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for @@ -72,5 +62,4 @@ RUN set -x \ && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi diff --git a/Dockerfile-alpine-perl.template b/Dockerfile-alpine-perl.template index d892f81b3..9c87b72c6 100644 --- a/Dockerfile-alpine-perl.template +++ b/Dockerfile-alpine-perl.template @@ -10,17 +10,7 @@ RUN set -x \ && case "$apkArch" in \ x86_64|aarch64) \ # arches officially built by upstream - set -x \ - && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ - && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ - echo "key verification succeeded!"; \ - mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ - else \ - echo "key verification failed!"; \ - exit 1; \ - fi \ - && apk add -X "%%PACKAGEREPO%%v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + apk add -X "%%PACKAGEREPO%%v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for @@ -67,5 +57,4 @@ RUN set -x \ && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template index a50789713..e6809e87f 100644 --- a/Dockerfile-alpine-slim.template +++ b/Dockerfile-alpine-slim.template @@ -75,7 +75,6 @@ RUN set -x \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in gettext so we can get `envsubst`, then throw # the rest away. To do this, we need to install `gettext` # then move `envsubst` out of the way so `gettext` can diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 148d4ff27..f64222bbb 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -12,17 +12,7 @@ RUN set -x \ && case "$apkArch" in \ x86_64|aarch64) \ # arches officially built by upstream - set -x \ - && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ - && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ - echo "key verification succeeded!"; \ - mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ - else \ - echo "key verification failed!"; \ - exit 1; \ - fi \ - && apk add -X "%%PACKAGEREPO%%v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + apk add -X "%%PACKAGEREPO%%v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for @@ -73,6 +63,5 @@ RUN set -x \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in curl and ca-certificates to make registering on DNS SD easier && apk add --no-cache curl ca-certificates diff --git a/Dockerfile-debian-otel.template b/Dockerfile-debian-otel.template index 2cc519b7b..dff7acc0b 100644 --- a/Dockerfile-debian-otel.template +++ b/Dockerfile-debian-otel.template @@ -2,26 +2,9 @@ FROM nginx:%%NGINX_VERSION%% ENV OTEL_VERSION %%OTEL_VERSION%% -RUN set -x \ - && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ - && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ +RUN set -x; \ NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ - export GNUPGHOME="$(mktemp -d)"; \ - found=''; \ - for server in \ - hkp://keyserver.ubuntu.com:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ - rm -rf "$GNUPGHOME"; \ - apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ - && dpkgArch="$(dpkg --print-architecture)" \ + dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages="%%PACKAGES%% " \ && case "$dpkgArch" in \ diff --git a/Dockerfile-debian-perl.template b/Dockerfile-debian-perl.template index 38b65598c..430996561 100644 --- a/Dockerfile-debian-perl.template +++ b/Dockerfile-debian-perl.template @@ -1,25 +1,8 @@ FROM nginx:%%NGINX_VERSION%% -RUN set -x \ - && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ - && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ +RUN set -x; \ NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ - export GNUPGHOME="$(mktemp -d)"; \ - found=''; \ - for server in \ - hkp://keyserver.ubuntu.com:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ - rm -rf "$GNUPGHOME"; \ - apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ - && dpkgArch="$(dpkg --print-architecture)" \ + dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages="%%PACKAGES%% " \ && case "$dpkgArch" in \ diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index f7460dcb7..b42f79592 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -23,17 +23,7 @@ RUN set -x \ && case "$apkArch" in \ x86_64|aarch64) \ # arches officially built by upstream - set -x \ - && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ - && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ - echo "key verification succeeded!"; \ - mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ - else \ - echo "key verification failed!"; \ - exit 1; \ - fi \ - && apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for @@ -83,5 +73,4 @@ RUN set -x \ && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 5ded61923..d108211af 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -21,17 +21,7 @@ RUN set -x \ && case "$apkArch" in \ x86_64|aarch64) \ # arches officially built by upstream - set -x \ - && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ - && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ - echo "key verification succeeded!"; \ - mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ - else \ - echo "key verification failed!"; \ - exit 1; \ - fi \ - && apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for @@ -78,5 +68,4 @@ RUN set -x \ && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index d867eb42b..8c2a221dc 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -81,7 +81,6 @@ RUN set -x \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in gettext so we can get `envsubst`, then throw # the rest away. To do this, we need to install `gettext` # then move `envsubst` out of the way so `gettext` can diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index fba7100eb..a90a2c52c 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -22,17 +22,7 @@ RUN set -x \ && case "$apkArch" in \ x86_64|aarch64) \ # arches officially built by upstream - set -x \ - && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ - && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ - echo "key verification succeeded!"; \ - mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ - else \ - echo "key verification failed!"; \ - exit 1; \ - fi \ - && apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for @@ -83,6 +73,5 @@ RUN set -x \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in curl and ca-certificates to make registering on DNS SD easier && apk add --no-cache curl ca-certificates diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index d093409ec..a9f211925 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -7,26 +7,9 @@ FROM nginx:1.25.5 ENV OTEL_VERSION 0.1.0 -RUN set -x \ - && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ - && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ +RUN set -x; \ NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ - export GNUPGHOME="$(mktemp -d)"; \ - found=''; \ - for server in \ - hkp://keyserver.ubuntu.com:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ - rm -rf "$GNUPGHOME"; \ - apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ - && dpkgArch="$(dpkg --print-architecture)" \ + dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 237266786..8e3c99598 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -5,26 +5,9 @@ # FROM nginx:1.25.5 -RUN set -x \ - && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ - && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ +RUN set -x; \ NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ - export GNUPGHOME="$(mktemp -d)"; \ - found=''; \ - for server in \ - hkp://keyserver.ubuntu.com:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ - rm -rf "$GNUPGHOME"; \ - apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ - && dpkgArch="$(dpkg --print-architecture)" \ + dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index a70cca172..3515f3a91 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -21,17 +21,7 @@ RUN set -x \ && case "$apkArch" in \ x86_64|aarch64) \ # arches officially built by upstream - set -x \ - && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ - && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ - echo "key verification succeeded!"; \ - mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ - else \ - echo "key verification failed!"; \ - exit 1; \ - fi \ - && apk add -X "https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + apk add -X "https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for @@ -78,5 +68,4 @@ RUN set -x \ && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 90d0cf288..6bdfc4335 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -81,7 +81,6 @@ RUN set -x \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in gettext so we can get `envsubst`, then throw # the rest away. To do this, we need to install `gettext` # then move `envsubst` out of the way so `gettext` can diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index fbe85c5c9..2025ea0ec 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -22,17 +22,7 @@ RUN set -x \ && case "$apkArch" in \ x86_64|aarch64) \ # arches officially built by upstream - set -x \ - && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ - && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ - echo "key verification succeeded!"; \ - mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ - else \ - echo "key verification failed!"; \ - exit 1; \ - fi \ - && apk add -X "https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + apk add -X "https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for @@ -83,6 +73,5 @@ RUN set -x \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in curl and ca-certificates to make registering on DNS SD easier && apk add --no-cache curl ca-certificates diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index e485478c8..0e35589b8 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -5,26 +5,9 @@ # FROM nginx:1.24.0 -RUN set -x \ - && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ - && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ +RUN set -x; \ NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ - export GNUPGHOME="$(mktemp -d)"; \ - found=''; \ - for server in \ - hkp://keyserver.ubuntu.com:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ - rm -rf "$GNUPGHOME"; \ - apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ - && dpkgArch="$(dpkg --print-architecture)" \ + dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ From ed439d2266cee6304339d50c5fe33d8f87f6eb37 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Apr 2024 12:59:29 -0700 Subject: [PATCH 224/306] Updated stable nginx to 1.26.0 and moved to bookworm. This also adds otel module to stable images. --- stable/alpine-otel/Dockerfile | 87 ++++++++++++++++++++++++++++++++ stable/alpine-perl/Dockerfile | 12 ++--- stable/alpine-slim/Dockerfile | 12 ++--- stable/alpine/Dockerfile | 14 +++--- stable/debian-otel/Dockerfile | 95 +++++++++++++++++++++++++++++++++++ stable/debian-perl/Dockerfile | 6 +-- stable/debian/Dockerfile | 12 ++--- update.sh | 15 +++--- 8 files changed, 216 insertions(+), 37 deletions(-) create mode 100644 stable/alpine-otel/Dockerfile create mode 100644 stable/debian-otel/Dockerfile diff --git a/stable/alpine-otel/Dockerfile b/stable/alpine-otel/Dockerfile new file mode 100644 index 000000000..af9951c12 --- /dev/null +++ b/stable/alpine-otel/Dockerfile @@ -0,0 +1,87 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# +FROM nginx:1.26.0-alpine + +ENV OTEL_VERSION 0.1.0 + +RUN set -x \ + && apkArch="$(cat /etc/apk/arch)" \ + && nginxPackages=" \ + nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ + nginx-module-otel=${NGINX_VERSION}.${OTEL_VERSION}-r${PKG_RELEASE} \ + " \ +# install prerequisites for public key and pkg-oss checks + && apk add --no-cache --virtual .checksum-deps \ + openssl \ + && case "$apkArch" in \ + x86_64|aarch64) \ +# arches officially built by upstream + set -x \ + && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ + && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ + && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ + echo "key verification succeeded!"; \ + mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ + else \ + echo "key verification failed!"; \ + exit 1; \ + fi \ + && apk add -X "https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published packaging sources + set -x \ + && tempDir="$(mktemp -d)" \ + && chown nobody:nobody $tempDir \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + make \ + openssl-dev \ + pcre2-dev \ + zlib-dev \ + linux-headers \ + cmake \ + bash \ + alpine-sdk \ + findutils \ + xz \ + re2-dev \ + c-ares-dev \ + && su nobody -s /bin/sh -c " \ + export HOME=${tempDir} \ + && cd ${tempDir} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"f0ee7cef9a6e4aa1923177eb2782577ce61837c22c59bd0c3bd027a0a4dc3a3cdc4a16e95480a075bdee32ae59c0c6385dfadb971f93931fea84976c4a21fceb *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + echo \"pkg-oss tarball checksum verification succeeded!\"; \ + else \ + echo \"pkg-oss tarball checksum verification failed!\"; \ + exit 1; \ + fi \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && cd alpine \ + && make module-otel \ + && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ + " \ + && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ + && apk del --no-network .build-deps \ + && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ + ;; \ + esac \ +# remove checksum deps + && apk del --no-network .checksum-deps \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 3515f3a91..4c4989c25 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.24.0-alpine +FROM nginx:1.26.0-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -44,16 +44,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/e5d85b3424bb.tar.gz \ - && PKGOSSCHECKSUM=\"4f33347bf05e7d7dd42a52b6e7af7ec21e3ed71df05a8ec16dd1228425f04e4318d88b1340370ccb6ad02cde590fc102094ddffbb1fc86d2085295a43f02f67b *e5d85b3424bb.tar.gz\" \ - && if [ \"\$(openssl sha512 -r e5d85b3424bb.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"f0ee7cef9a6e4aa1923177eb2782577ce61837c22c59bd0c3bd027a0a4dc3a3cdc4a16e95480a075bdee32ae59c0c6385dfadb971f93931fea84976c4a21fceb *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf e5d85b3424bb.tar.gz \ - && cd pkg-oss-e5d85b3424bb \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 6bdfc4335..de34e10a7 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.19 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.24.0 +ENV NGINX_VERSION 1.26.0 ENV PKG_RELEASE 1 RUN set -x \ @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/e5d85b3424bb.tar.gz \ - && PKGOSSCHECKSUM=\"4f33347bf05e7d7dd42a52b6e7af7ec21e3ed71df05a8ec16dd1228425f04e4318d88b1340370ccb6ad02cde590fc102094ddffbb1fc86d2085295a43f02f67b *e5d85b3424bb.tar.gz\" \ - && if [ \"\$(openssl sha512 -r e5d85b3424bb.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"f0ee7cef9a6e4aa1923177eb2782577ce61837c22c59bd0c3bd027a0a4dc3a3cdc4a16e95480a075bdee32ae59c0c6385dfadb971f93931fea84976c4a21fceb *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf e5d85b3424bb.tar.gz \ - && cd pkg-oss-e5d85b3424bb \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 2025ea0ec..1a664de87 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.24.0-alpine-slim +FROM nginx:1.26.0-alpine-slim -ENV NJS_VERSION 0.8.0 +ENV NJS_VERSION 0.8.4 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -48,16 +48,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/e5d85b3424bb.tar.gz \ - && PKGOSSCHECKSUM=\"4f33347bf05e7d7dd42a52b6e7af7ec21e3ed71df05a8ec16dd1228425f04e4318d88b1340370ccb6ad02cde590fc102094ddffbb1fc86d2085295a43f02f67b *e5d85b3424bb.tar.gz\" \ - && if [ \"\$(openssl sha512 -r e5d85b3424bb.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"f0ee7cef9a6e4aa1923177eb2782577ce61837c22c59bd0c3bd027a0a4dc3a3cdc4a16e95480a075bdee32ae59c0c6385dfadb971f93931fea84976c4a21fceb *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf e5d85b3424bb.tar.gz \ - && cd pkg-oss-e5d85b3424bb \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian-otel/Dockerfile b/stable/debian-otel/Dockerfile new file mode 100644 index 000000000..62a7f273b --- /dev/null +++ b/stable/debian-otel/Dockerfile @@ -0,0 +1,95 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# +FROM nginx:1.26.0 + +ENV OTEL_VERSION 0.1.0 + +RUN set -x \ + && apt-get update \ + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ + && \ + NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + export GNUPGHOME="$(mktemp -d)"; \ + found=''; \ + for server in \ + hkp://keyserver.ubuntu.com:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ + gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ + rm -rf "$GNUPGHOME"; \ + apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ + && dpkgArch="$(dpkg --print-architecture)" \ + && nginxPackages=" \ + nginx=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ + nginx-module-otel=${NGINX_VERSION}+${OTEL_VERSION}-${PKG_RELEASE} \ + " \ + && case "$dpkgArch" in \ + amd64|arm64) \ +# arches officialy built by upstream + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ + && apt-get update \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published source packages + echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ + \ +# new directory for storing sources and .deb files + && tempDir="$(mktemp -d)" \ + && chmod 777 "$tempDir" \ +# (777 to ensure APT's "_apt" user can access it too) + \ +# save list of currently-installed packages so build dependencies can be cleanly removed later + && savedAptMark="$(apt-mark showmanual)" \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + && apt-get update \ + && apt-get build-dep -y nginx-module-otel \ + && ( \ + cd "$tempDir" \ + && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile nginx-module-otel \ + ) \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + && apt-mark showmanual | xargs apt-mark auto > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + && ls -lAFh "$tempDir" \ + && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ + && grep '^Package: ' "$tempDir/Packages" \ + && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + && apt-get -o Acquire::GzipIndexes=false update \ + ;; \ + esac \ + \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + $nginxPackages \ + gettext-base \ + curl \ + && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then \ + apt-get purge -y --auto-remove \ + && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 0e35589b8..c7e0fdd6d 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.24.0 +FROM nginx:1.26.0 RUN set -x; \ NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ @@ -19,13 +19,13 @@ RUN set -x; \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 56ae36840..b19556df8 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -3,13 +3,13 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM debian:bullseye-slim +FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.24.0 -ENV NJS_VERSION 0.8.0 -ENV PKG_RELEASE 1~bullseye +ENV NGINX_VERSION 1.26.0 +ENV NJS_VERSION 0.8.4 +ENV PKG_RELEASE 1~bookworm RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -44,13 +44,13 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from the published source packages - echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ \ # new directory for storing sources and .deb files && tempDir="$(mktemp -d)" \ diff --git a/update.sh b/update.sh index cd9ade25b..70dd71f4b 100755 --- a/update.sh +++ b/update.sh @@ -13,13 +13,13 @@ declare branches=( # Remember to update pkgosschecksum when changing this. declare -A nginx=( [mainline]='1.25.5' - [stable]='1.24.0' + [stable]='1.26.0' ) # Current njs versions declare -A njs=( [mainline]='0.8.4' - [stable]='0.8.0' + [stable]='0.8.4' ) # Current otel versions @@ -37,7 +37,7 @@ declare -A pkg=( declare -A debian=( [mainline]='bookworm' - [stable]='bullseye' + [stable]='bookworm' ) declare -A alpine=( @@ -51,7 +51,7 @@ declare -A alpine=( # Remember to update pkgosschecksum when changing this. declare -A rev=( [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' - [stable]='e5d85b3424bb' + [stable]='${NGINX_VERSION}-${PKG_RELEASE}' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code @@ -59,7 +59,7 @@ declare -A rev=( # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( [mainline]='74000f32ab250be492a8ae4d408cd63a4c422f4f0af84689973a2844fceeb8a3e7e12b04d7c6dac0f993d7102d920a5f60e6f49be23ce4093f48a8eb1ae36ce5' - [stable]='4f33347bf05e7d7dd42a52b6e7af7ec21e3ed71df05a8ec16dd1228425f04e4318d88b1340370ccb6ad02cde590fc102094ddffbb1fc86d2085295a43f02f67b' + [stable]='f0ee7cef9a6e4aa1923177eb2782577ce61837c22c59bd0c3bd027a0a4dc3a3cdc4a16e95480a075bdee32ae59c0c6385dfadb971f93931fea84976c4a21fceb' ) get_packages() { @@ -87,10 +87,7 @@ get_packages() { *-perl) perl="nginx-module-perl" ;; - esac - - case "$distro:$branch" in - *-otel:mainline) + *-otel) otel="nginx-module-otel" bn="\n" ;; From 435f9c2a06cf2d5fd65767d2f0696b9c988b814b Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Apr 2024 13:04:31 -0700 Subject: [PATCH 225/306] generate-stackbrew-library: moved stable to 1.26 With that, added otel tags for stable, too. --- generate-stackbrew-library.sh | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 0990cc61b..aadcf07eb 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -4,7 +4,7 @@ set -eu declare -A aliases aliases=( [mainline]='1 1.25 latest' - [stable]='1.24' + [stable]='1.26' ) self="$(basename "$BASH_SOURCE")" @@ -50,12 +50,8 @@ join() { } for version in "${versions[@]}"; do - debian_otel= - alpine_otel= - if [ "$version" = "mainline" ]; then - debian_otel="debian-otel" - alpine_otel="alpine-otel" - fi + debian_otel="debian-otel" + alpine_otel="alpine-otel" commit="$(dirCommit "$version/$base")" fullVersion="$(git show "$commit":"$version/$base/Dockerfile" | awk '$1 == "ENV" && $2 == "NGINX_VERSION" { print $3; exit }')" From 56cb1dd64cb83e8f54f4c95a526e526f65703ce9 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Apr 2024 13:05:23 -0700 Subject: [PATCH 226/306] sync-awsecr: moved stable to 1.26. --- sync-awsecr.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sync-awsecr.sh b/sync-awsecr.sh index e35d1807c..c9ea9634f 100755 --- a/sync-awsecr.sh +++ b/sync-awsecr.sh @@ -7,7 +7,7 @@ registry="public.ecr.aws/z9d2n7e1" declare -A aliases aliases=( [mainline]='1 1.25 latest' - [stable]='1.24' + [stable]='1.26' ) architectures=( amd64 arm64v8 ) From 3fb7e2e6266d5652dabe275dbfd50bdb3418361e Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Apr 2024 13:12:40 -0700 Subject: [PATCH 227/306] Introduce NJS_RELEASE to hold the version for njs package release. This is currently needed for mainline versions to pick up an update njs release (0.8.4-2). --- Dockerfile-alpine.template | 1 + Dockerfile-debian.template | 1 + mainline/alpine-otel/Dockerfile | 12 ++++++------ mainline/alpine-perl/Dockerfile | 12 ++++++------ mainline/alpine-slim/Dockerfile | 10 +++++----- mainline/alpine/Dockerfile | 13 +++++++------ mainline/debian-otel/Dockerfile | 2 +- mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 3 ++- stable/alpine-otel/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 2 +- stable/alpine/Dockerfile | 3 ++- stable/debian-otel/Dockerfile | 2 +- stable/debian-perl/Dockerfile | 2 +- stable/debian/Dockerfile | 3 ++- update.sh | 21 ++++++++++++++++----- 16 files changed, 54 insertions(+), 37 deletions(-) diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index f64222bbb..8c9d490d3 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -1,6 +1,7 @@ FROM nginx:%%NGINX_VERSION%%-alpine-slim ENV NJS_VERSION %%NJS_VERSION%% +ENV NJS_RELEASE %%NJS_RELEASE%% RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 4615a39fd..49b298c24 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -4,6 +4,7 @@ LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION %%NGINX_VERSION%% ENV NJS_VERSION %%NJS_VERSION%% +ENV NJS_RELEASE %%NJS_RELEASE%% ENV PKG_RELEASE %%PKG_RELEASE%% RUN set -x \ diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index b42f79592..25b3b95ba 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -14,7 +14,7 @@ RUN set -x \ nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ nginx-module-otel=${NGINX_VERSION}.${OTEL_VERSION}-r${PKG_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks @@ -49,16 +49,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"74000f32ab250be492a8ae4d408cd63a4c422f4f0af84689973a2844fceeb8a3e7e12b04d7c6dac0f993d7102d920a5f60e6f49be23ce4093f48a8eb1ae36ce5 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/93ac6e194ad0.tar.gz \ + && PKGOSSCHECKSUM=\"d56d10fbc6a1774e0a000b4322c5f847f8dfdcc3035b21cfd2a4a417ecce46939f39ff39ab865689b60cf6486c3da132aa5a88fa56edaad13d90715affe2daf0 *93ac6e194ad0.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 93ac6e194ad0.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 93ac6e194ad0.tar.gz \ + && cd pkg-oss-93ac6e194ad0 \ && cd alpine \ && make module-otel \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index d108211af..bf4296b1e 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -13,7 +13,7 @@ RUN set -x \ nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-perl=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks && apk add --no-cache --virtual .checksum-deps \ @@ -44,16 +44,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"74000f32ab250be492a8ae4d408cd63a4c422f4f0af84689973a2844fceeb8a3e7e12b04d7c6dac0f993d7102d920a5f60e6f49be23ce4093f48a8eb1ae36ce5 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/93ac6e194ad0.tar.gz \ + && PKGOSSCHECKSUM=\"d56d10fbc6a1774e0a000b4322c5f847f8dfdcc3035b21cfd2a4a417ecce46939f39ff39ab865689b60cf6486c3da132aa5a88fa56edaad13d90715affe2daf0 *93ac6e194ad0.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 93ac6e194ad0.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 93ac6e194ad0.tar.gz \ + && cd pkg-oss-93ac6e194ad0 \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 8c2a221dc..e164320fa 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"74000f32ab250be492a8ae4d408cd63a4c422f4f0af84689973a2844fceeb8a3e7e12b04d7c6dac0f993d7102d920a5f60e6f49be23ce4093f48a8eb1ae36ce5 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/93ac6e194ad0.tar.gz \ + && PKGOSSCHECKSUM=\"d56d10fbc6a1774e0a000b4322c5f847f8dfdcc3035b21cfd2a4a417ecce46939f39ff39ab865689b60cf6486c3da132aa5a88fa56edaad13d90715affe2daf0 *93ac6e194ad0.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 93ac6e194ad0.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 93ac6e194ad0.tar.gz \ + && cd pkg-oss-93ac6e194ad0 \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index a90a2c52c..3f3f6cd15 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -6,6 +6,7 @@ FROM nginx:1.25.5-alpine-slim ENV NJS_VERSION 0.8.4 +ENV NJS_RELEASE 2 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -14,7 +15,7 @@ RUN set -x \ nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks && apk add --no-cache --virtual .checksum-deps \ @@ -48,16 +49,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"74000f32ab250be492a8ae4d408cd63a4c422f4f0af84689973a2844fceeb8a3e7e12b04d7c6dac0f993d7102d920a5f60e6f49be23ce4093f48a8eb1ae36ce5 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/93ac6e194ad0.tar.gz \ + && PKGOSSCHECKSUM=\"d56d10fbc6a1774e0a000b4322c5f847f8dfdcc3035b21cfd2a4a417ecce46939f39ff39ab865689b60cf6486c3da132aa5a88fa56edaad13d90715affe2daf0 *93ac6e194ad0.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 93ac6e194ad0.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 93ac6e194ad0.tar.gz \ + && cd pkg-oss-93ac6e194ad0 \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index a9f211925..96f3a702c 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -15,7 +15,7 @@ RUN set -x; \ nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ nginx-module-otel=${NGINX_VERSION}+${OTEL_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 8e3c99598..cc01d476d 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -14,7 +14,7 @@ RUN set -x; \ nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ " \ && case "$dpkgArch" in \ amd64|arm64) \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 22ad7980e..76bce0bc3 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -9,6 +9,7 @@ LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.25.5 ENV NJS_VERSION 0.8.4 +ENV NJS_RELEASE 2~bookworm ENV PKG_RELEASE 1~bookworm RUN set -x \ @@ -39,7 +40,7 @@ RUN set -x \ nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ " \ && case "$dpkgArch" in \ amd64|arm64) \ diff --git a/stable/alpine-otel/Dockerfile b/stable/alpine-otel/Dockerfile index af9951c12..a1ead88a3 100644 --- a/stable/alpine-otel/Dockerfile +++ b/stable/alpine-otel/Dockerfile @@ -14,7 +14,7 @@ RUN set -x \ nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ nginx-module-otel=${NGINX_VERSION}.${OTEL_VERSION}-r${PKG_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 4c4989c25..9a941e0a8 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -13,7 +13,7 @@ RUN set -x \ nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-perl=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks && apk add --no-cache --virtual .checksum-deps \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 1a664de87..132b71d6e 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -6,6 +6,7 @@ FROM nginx:1.26.0-alpine-slim ENV NJS_VERSION 0.8.4 +ENV NJS_RELEASE 1 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -14,7 +15,7 @@ RUN set -x \ nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks && apk add --no-cache --virtual .checksum-deps \ diff --git a/stable/debian-otel/Dockerfile b/stable/debian-otel/Dockerfile index 62a7f273b..d96976937 100644 --- a/stable/debian-otel/Dockerfile +++ b/stable/debian-otel/Dockerfile @@ -32,7 +32,7 @@ RUN set -x \ nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ nginx-module-otel=${NGINX_VERSION}+${OTEL_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index c7e0fdd6d..0c8edc134 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -14,7 +14,7 @@ RUN set -x; \ nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ " \ && case "$dpkgArch" in \ amd64|arm64) \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index b19556df8..3b1c14381 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -9,6 +9,7 @@ LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.26.0 ENV NJS_VERSION 0.8.4 +ENV NJS_RELEASE 1~bookworm ENV PKG_RELEASE 1~bookworm RUN set -x \ @@ -39,7 +40,7 @@ RUN set -x \ nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \ + nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ " \ && case "$dpkgArch" in \ amd64|arm64) \ diff --git a/update.sh b/update.sh index 70dd71f4b..1249f91a3 100755 --- a/update.sh +++ b/update.sh @@ -22,6 +22,13 @@ declare -A njs=( [stable]='0.8.4' ) +# Current njs patchlevel version +# Remember to update pkgosschecksum when changing this. +declare -A njspkg=( + [mainline]='2' + [stable]='1' +) + # Current otel versions declare -A otel=( [mainline]='0.1.0' @@ -50,7 +57,7 @@ declare -A alpine=( # when building alpine packages on architectures not supported by nginx.org # Remember to update pkgosschecksum when changing this. declare -A rev=( - [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' + [mainline]='93ac6e194ad0' [stable]='${NGINX_VERSION}-${PKG_RELEASE}' ) @@ -58,7 +65,7 @@ declare -A rev=( # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='74000f32ab250be492a8ae4d408cd63a4c422f4f0af84689973a2844fceeb8a3e7e12b04d7c6dac0f993d7102d920a5f60e6f49be23ce4093f48a8eb1ae36ce5' + [mainline]='d56d10fbc6a1774e0a000b4322c5f847f8dfdcc3035b21cfd2a4a417ecce46939f39ff39ab865689b60cf6486c3da132aa5a88fa56edaad13d90715affe2daf0' [stable]='f0ee7cef9a6e4aa1923177eb2782577ce61837c22c59bd0c3bd027a0a4dc3a3cdc4a16e95480a075bdee32ae59c0c6385dfadb971f93931fea84976c4a21fceb' ) @@ -105,7 +112,7 @@ get_packages() { echo -n ' '"$p"'=${NGINX_VERSION}-'"$r"'${PKG_RELEASE} \\\n' done for p in nginx-module-njs; do - echo -n ' '"$p"'=${NGINX_VERSION}'"$sep"'${NJS_VERSION}-'"$r"'${PKG_RELEASE} \\'"$bn" + echo -n ' '"$p"'=${NGINX_VERSION}'"$sep"'${NJS_VERSION}-'"$r"'${NJS_RELEASE} \\'"$bn" done for p in $otel; do echo -n ' '"$p"'=${NGINX_VERSION}'"$sep"'${OTEL_VERSION}-'"$r"'${PKG_RELEASE} \\' @@ -136,11 +143,13 @@ get_packagever() { distro="${distro%-slim}" local branch="$1" shift + local package="$1" + shift local suffix= [ "${distro}" = "debian" ] && suffix="~${debianver}" - echo ${pkg[$branch]}${suffix} + [ "${package}" = "njs" ] && echo ${njspkg[$branch]}${suffix} || echo ${pkg[$branch]}${suffix} } get_buildtarget() { @@ -207,7 +216,8 @@ for branch in "${branches[@]}"; do packagerepo=$(get_packagerepo "$variant" "$branch") packages=$(get_packages "$variant" "$branch") - packagever=$(get_packagever "$variant" "$branch") + packagever=$(get_packagever "$variant" "$branch" "any") + njspkgver=$(get_packagever "$variant" "$branch" "njs") buildtarget=$(get_buildtarget "$variant") sed -i.bak \ @@ -215,6 +225,7 @@ for branch in "${branches[@]}"; do -e 's,%%DEBIAN_VERSION%%,'"$debianver"',' \ -e 's,%%NGINX_VERSION%%,'"$nginxver"',' \ -e 's,%%NJS_VERSION%%,'"$njsver"',' \ + -e 's,%%NJS_RELEASE%%,'"$njspkgver"',' \ -e 's,%%OTEL_VERSION%%,'"$otelver"',' \ -e 's,%%PKG_RELEASE%%,'"$packagever"',' \ -e 's,%%PACKAGES%%,'"$packages"',' \ From 33588b16913fe91d3a201043b73f3366d15fcce1 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Apr 2024 13:34:32 -0700 Subject: [PATCH 228/306] Updated remaining Dockerfiles after b7a32965681. --- stable/alpine-otel/Dockerfile | 15 ++------------- stable/debian-otel/Dockerfile | 21 ++------------------- 2 files changed, 4 insertions(+), 32 deletions(-) diff --git a/stable/alpine-otel/Dockerfile b/stable/alpine-otel/Dockerfile index a1ead88a3..060bd73c3 100644 --- a/stable/alpine-otel/Dockerfile +++ b/stable/alpine-otel/Dockerfile @@ -23,17 +23,7 @@ RUN set -x \ && case "$apkArch" in \ x86_64|aarch64) \ # arches officially built by upstream - set -x \ - && KEY_SHA512="e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655" \ - && wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ - && if echo "$KEY_SHA512 */tmp/nginx_signing.rsa.pub" | sha512sum -c -; then \ - echo "key verification succeeded!"; \ - mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \ - else \ - echo "key verification failed!"; \ - exit 1; \ - fi \ - && apk add -X "https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ + apk add -X "https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for @@ -83,5 +73,4 @@ RUN set -x \ && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi diff --git a/stable/debian-otel/Dockerfile b/stable/debian-otel/Dockerfile index d96976937..dbe9f4bbe 100644 --- a/stable/debian-otel/Dockerfile +++ b/stable/debian-otel/Dockerfile @@ -7,26 +7,9 @@ FROM nginx:1.26.0 ENV OTEL_VERSION 0.1.0 -RUN set -x \ - && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ - && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ +RUN set -x; \ NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ - export GNUPGHOME="$(mktemp -d)"; \ - found=''; \ - for server in \ - hkp://keyserver.ubuntu.com:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ - rm -rf "$GNUPGHOME"; \ - apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ - && dpkgArch="$(dpkg --print-architecture)" \ + dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ From 23bcf128302c8731b1d50e03da63cda31d69ba5f Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Apr 2024 13:36:59 -0700 Subject: [PATCH 229/306] Debian: updated GPG keys dir. Closes: https://github.com/nginxinc/docker-nginx/pull/821 --- Dockerfile-debian.template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 49b298c24..4fe841a60 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -15,7 +15,7 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ - NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ export GNUPGHOME="$(mktemp -d)"; \ found=''; \ for server in \ From 66c0f94b4c764b1a531528e8c242ad94497011f6 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Apr 2024 14:37:04 -0700 Subject: [PATCH 230/306] Updated dockerfiles after 23bcf128302 --- mainline/debian/Dockerfile | 2 +- stable/debian/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 76bce0bc3..f0bec38fa 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -20,7 +20,7 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ - NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ export GNUPGHOME="$(mktemp -d)"; \ found=''; \ for server in \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 3b1c14381..4a06824e6 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -20,7 +20,7 @@ RUN set -x \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ - NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ export GNUPGHOME="$(mktemp -d)"; \ found=''; \ for server in \ From 5bf2e65ab9eaa029613e18fc5dfab04693511ed6 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Apr 2024 14:44:57 -0700 Subject: [PATCH 231/306] Updated GPG key dirs in templates missed in 23bcf128302 --- Dockerfile-debian-otel.template | 2 +- Dockerfile-debian-perl.template | 2 +- mainline/debian-otel/Dockerfile | 2 +- mainline/debian-perl/Dockerfile | 2 +- stable/debian-otel/Dockerfile | 2 +- stable/debian-perl/Dockerfile | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Dockerfile-debian-otel.template b/Dockerfile-debian-otel.template index dff7acc0b..b1a8a8e2e 100644 --- a/Dockerfile-debian-otel.template +++ b/Dockerfile-debian-otel.template @@ -3,7 +3,7 @@ FROM nginx:%%NGINX_VERSION%% ENV OTEL_VERSION %%OTEL_VERSION%% RUN set -x; \ - NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages="%%PACKAGES%% " \ diff --git a/Dockerfile-debian-perl.template b/Dockerfile-debian-perl.template index 430996561..03e801f56 100644 --- a/Dockerfile-debian-perl.template +++ b/Dockerfile-debian-perl.template @@ -1,7 +1,7 @@ FROM nginx:%%NGINX_VERSION%% RUN set -x; \ - NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages="%%PACKAGES%% " \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 96f3a702c..51f8c54e3 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -8,7 +8,7 @@ FROM nginx:1.25.5 ENV OTEL_VERSION 0.1.0 RUN set -x; \ - NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index cc01d476d..4bdba1e6f 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -6,7 +6,7 @@ FROM nginx:1.25.5 RUN set -x; \ - NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ diff --git a/stable/debian-otel/Dockerfile b/stable/debian-otel/Dockerfile index dbe9f4bbe..2a2ca729f 100644 --- a/stable/debian-otel/Dockerfile +++ b/stable/debian-otel/Dockerfile @@ -8,7 +8,7 @@ FROM nginx:1.26.0 ENV OTEL_VERSION 0.1.0 RUN set -x; \ - NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 0c8edc134..ee08af922 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -6,7 +6,7 @@ FROM nginx:1.26.0 RUN set -x; \ - NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ From 3142ac341053ce45b6c5065734084e7e0154a1f2 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 30 Apr 2024 16:26:48 -0700 Subject: [PATCH 232/306] Updated the modules list and versions. (Modsecurity is no longer built & shipped in pkg-oss). --- modules/README.md | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/modules/README.md b/modules/README.md index 887eaa58b..e1ff4ba73 100644 --- a/modules/README.md +++ b/modules/README.md @@ -43,27 +43,25 @@ are available from `pkg-oss` repository: ``` /pkg-oss $ LC_ALL=C make -C debian list-all-modules -make: Entering directory '/pkg-oss/debian' auth-spnego 1.1.1-1 brotli 1.0.0-1 encrypted-session 0.09-1 fips-check 0.1-1 -geoip 1.25.1-1 +geoip 1.25.5-1 geoip2 3.4-1 -headers-more 0.34-1 -image-filter 1.25.1-1 -lua 0.10.25-1 -modsecurity 1.0.3-3 -ndk 0.3.2-1 -njs 0.8.0-1 -opentracing 0.29.0-1 -passenger 6.0.18-1 -perl 1.25.1-1 +headers-more 0.35-1 +image-filter 1.25.5-1 +lua 0.10.26-1 +ndk 0.3.3-1 +njs 0.8.4-2 +opentracing 0.33.0-1 +otel 0.1.0-1 +passenger 6.0.19-1 +perl 1.25.5-1 rtmp 1.2.2-1 set-misc 0.33-1 subs-filter 0.6.4-1 -xslt 1.25.1-1 -make: Leaving directory '/pkg-oss/debian' +xslt 1.25.5-1 ``` If you still want to provide your own instructions for a specific module, From 9abe4ae472b3332665fad9b12ee146dc242e775c Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 3 May 2024 12:48:45 -0700 Subject: [PATCH 233/306] Bump njs releases to hopefully fix builds on arm32v5 --- mainline/alpine-otel/Dockerfile | 10 +++++----- mainline/alpine-perl/Dockerfile | 10 +++++----- mainline/alpine-slim/Dockerfile | 10 +++++----- mainline/alpine/Dockerfile | 12 ++++++------ mainline/debian/Dockerfile | 2 +- stable/alpine-otel/Dockerfile | 10 +++++----- stable/alpine-perl/Dockerfile | 10 +++++----- stable/alpine-slim/Dockerfile | 10 +++++----- stable/alpine/Dockerfile | 12 ++++++------ stable/debian/Dockerfile | 2 +- update.sh | 12 ++++++------ 11 files changed, 50 insertions(+), 50 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index 25b3b95ba..7e08f87a3 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -49,16 +49,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/93ac6e194ad0.tar.gz \ - && PKGOSSCHECKSUM=\"d56d10fbc6a1774e0a000b4322c5f847f8dfdcc3035b21cfd2a4a417ecce46939f39ff39ab865689b60cf6486c3da132aa5a88fa56edaad13d90715affe2daf0 *93ac6e194ad0.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 93ac6e194ad0.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/27357d6c5453.tar.gz \ + && PKGOSSCHECKSUM=\"a80fc5706ad8e98597478b9e041f658375d53d22f7c8004dd16354067a3d48eb4ef234830b697ddf5c45ec57b837237cc11317bcaaa5133ccbe71bce15d969b0 *27357d6c5453.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 27357d6c5453.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 93ac6e194ad0.tar.gz \ - && cd pkg-oss-93ac6e194ad0 \ + && tar xzvf 27357d6c5453.tar.gz \ + && cd pkg-oss-27357d6c5453 \ && cd alpine \ && make module-otel \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index bf4296b1e..2c583aad8 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -44,16 +44,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/93ac6e194ad0.tar.gz \ - && PKGOSSCHECKSUM=\"d56d10fbc6a1774e0a000b4322c5f847f8dfdcc3035b21cfd2a4a417ecce46939f39ff39ab865689b60cf6486c3da132aa5a88fa56edaad13d90715affe2daf0 *93ac6e194ad0.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 93ac6e194ad0.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/27357d6c5453.tar.gz \ + && PKGOSSCHECKSUM=\"a80fc5706ad8e98597478b9e041f658375d53d22f7c8004dd16354067a3d48eb4ef234830b697ddf5c45ec57b837237cc11317bcaaa5133ccbe71bce15d969b0 *27357d6c5453.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 27357d6c5453.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 93ac6e194ad0.tar.gz \ - && cd pkg-oss-93ac6e194ad0 \ + && tar xzvf 27357d6c5453.tar.gz \ + && cd pkg-oss-27357d6c5453 \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index e164320fa..c1bde59c8 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/93ac6e194ad0.tar.gz \ - && PKGOSSCHECKSUM=\"d56d10fbc6a1774e0a000b4322c5f847f8dfdcc3035b21cfd2a4a417ecce46939f39ff39ab865689b60cf6486c3da132aa5a88fa56edaad13d90715affe2daf0 *93ac6e194ad0.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 93ac6e194ad0.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/27357d6c5453.tar.gz \ + && PKGOSSCHECKSUM=\"a80fc5706ad8e98597478b9e041f658375d53d22f7c8004dd16354067a3d48eb4ef234830b697ddf5c45ec57b837237cc11317bcaaa5133ccbe71bce15d969b0 *27357d6c5453.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 27357d6c5453.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 93ac6e194ad0.tar.gz \ - && cd pkg-oss-93ac6e194ad0 \ + && tar xzvf 27357d6c5453.tar.gz \ + && cd pkg-oss-27357d6c5453 \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 3f3f6cd15..a1a047002 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -6,7 +6,7 @@ FROM nginx:1.25.5-alpine-slim ENV NJS_VERSION 0.8.4 -ENV NJS_RELEASE 2 +ENV NJS_RELEASE 3 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -49,16 +49,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/93ac6e194ad0.tar.gz \ - && PKGOSSCHECKSUM=\"d56d10fbc6a1774e0a000b4322c5f847f8dfdcc3035b21cfd2a4a417ecce46939f39ff39ab865689b60cf6486c3da132aa5a88fa56edaad13d90715affe2daf0 *93ac6e194ad0.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 93ac6e194ad0.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/27357d6c5453.tar.gz \ + && PKGOSSCHECKSUM=\"a80fc5706ad8e98597478b9e041f658375d53d22f7c8004dd16354067a3d48eb4ef234830b697ddf5c45ec57b837237cc11317bcaaa5133ccbe71bce15d969b0 *27357d6c5453.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 27357d6c5453.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 93ac6e194ad0.tar.gz \ - && cd pkg-oss-93ac6e194ad0 \ + && tar xzvf 27357d6c5453.tar.gz \ + && cd pkg-oss-27357d6c5453 \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index f0bec38fa..c20481998 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -9,7 +9,7 @@ LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.25.5 ENV NJS_VERSION 0.8.4 -ENV NJS_RELEASE 2~bookworm +ENV NJS_RELEASE 3~bookworm ENV PKG_RELEASE 1~bookworm RUN set -x \ diff --git a/stable/alpine-otel/Dockerfile b/stable/alpine-otel/Dockerfile index 060bd73c3..66923ea1f 100644 --- a/stable/alpine-otel/Dockerfile +++ b/stable/alpine-otel/Dockerfile @@ -49,16 +49,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"f0ee7cef9a6e4aa1923177eb2782577ce61837c22c59bd0c3bd027a0a4dc3a3cdc4a16e95480a075bdee32ae59c0c6385dfadb971f93931fea84976c4a21fceb *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/73d6839714a2.tar.gz \ + && PKGOSSCHECKSUM=\"95d513d058493d60cba5a6bb328dc3c3e75ea115cf248a64bd921159e11c6fc87d33c7f058562c584fe440a219b931d53fd66bd4c596244b54287b62979834db *73d6839714a2.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 73d6839714a2.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 73d6839714a2.tar.gz \ + && cd pkg-oss-73d6839714a2 \ && cd alpine \ && make module-otel \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 9a941e0a8..9cdf5d0f2 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -44,16 +44,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"f0ee7cef9a6e4aa1923177eb2782577ce61837c22c59bd0c3bd027a0a4dc3a3cdc4a16e95480a075bdee32ae59c0c6385dfadb971f93931fea84976c4a21fceb *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/73d6839714a2.tar.gz \ + && PKGOSSCHECKSUM=\"95d513d058493d60cba5a6bb328dc3c3e75ea115cf248a64bd921159e11c6fc87d33c7f058562c584fe440a219b931d53fd66bd4c596244b54287b62979834db *73d6839714a2.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 73d6839714a2.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 73d6839714a2.tar.gz \ + && cd pkg-oss-73d6839714a2 \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index de34e10a7..59e0e309a 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"f0ee7cef9a6e4aa1923177eb2782577ce61837c22c59bd0c3bd027a0a4dc3a3cdc4a16e95480a075bdee32ae59c0c6385dfadb971f93931fea84976c4a21fceb *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/73d6839714a2.tar.gz \ + && PKGOSSCHECKSUM=\"95d513d058493d60cba5a6bb328dc3c3e75ea115cf248a64bd921159e11c6fc87d33c7f058562c584fe440a219b931d53fd66bd4c596244b54287b62979834db *73d6839714a2.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 73d6839714a2.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 73d6839714a2.tar.gz \ + && cd pkg-oss-73d6839714a2 \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 132b71d6e..d7f1f0c5c 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -6,7 +6,7 @@ FROM nginx:1.26.0-alpine-slim ENV NJS_VERSION 0.8.4 -ENV NJS_RELEASE 1 +ENV NJS_RELEASE 2 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -49,16 +49,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"f0ee7cef9a6e4aa1923177eb2782577ce61837c22c59bd0c3bd027a0a4dc3a3cdc4a16e95480a075bdee32ae59c0c6385dfadb971f93931fea84976c4a21fceb *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/73d6839714a2.tar.gz \ + && PKGOSSCHECKSUM=\"95d513d058493d60cba5a6bb328dc3c3e75ea115cf248a64bd921159e11c6fc87d33c7f058562c584fe440a219b931d53fd66bd4c596244b54287b62979834db *73d6839714a2.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 73d6839714a2.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 73d6839714a2.tar.gz \ + && cd pkg-oss-73d6839714a2 \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 4a06824e6..853e3e601 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -9,7 +9,7 @@ LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.26.0 ENV NJS_VERSION 0.8.4 -ENV NJS_RELEASE 1~bookworm +ENV NJS_RELEASE 2~bookworm ENV PKG_RELEASE 1~bookworm RUN set -x \ diff --git a/update.sh b/update.sh index 1249f91a3..1327b7088 100755 --- a/update.sh +++ b/update.sh @@ -25,8 +25,8 @@ declare -A njs=( # Current njs patchlevel version # Remember to update pkgosschecksum when changing this. declare -A njspkg=( - [mainline]='2' - [stable]='1' + [mainline]='3' + [stable]='2' ) # Current otel versions @@ -57,16 +57,16 @@ declare -A alpine=( # when building alpine packages on architectures not supported by nginx.org # Remember to update pkgosschecksum when changing this. declare -A rev=( - [mainline]='93ac6e194ad0' - [stable]='${NGINX_VERSION}-${PKG_RELEASE}' + [mainline]='27357d6c5453' + [stable]='73d6839714a2' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='d56d10fbc6a1774e0a000b4322c5f847f8dfdcc3035b21cfd2a4a417ecce46939f39ff39ab865689b60cf6486c3da132aa5a88fa56edaad13d90715affe2daf0' - [stable]='f0ee7cef9a6e4aa1923177eb2782577ce61837c22c59bd0c3bd027a0a4dc3a3cdc4a16e95480a075bdee32ae59c0c6385dfadb971f93931fea84976c4a21fceb' + [mainline]='a80fc5706ad8e98597478b9e041f658375d53d22f7c8004dd16354067a3d48eb4ef234830b697ddf5c45ec57b837237cc11317bcaaa5133ccbe71bce15d969b0' + [stable]='95d513d058493d60cba5a6bb328dc3c3e75ea115cf248a64bd921159e11c6fc87d33c7f058562c584fe440a219b931d53fd66bd4c596244b54287b62979834db' ) get_packages() { From b5e83108e52bfb4aeea4cb533285e58792a2bd40 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 29 May 2024 15:12:21 -0700 Subject: [PATCH 234/306] Updated nginx versions to 1.26.1 and 1.27.0 --- generate-stackbrew-library.sh | 2 +- sync-awsecr.sh | 2 +- update.sh | 18 +++++++++--------- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index aadcf07eb..fc42760c3 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -3,7 +3,7 @@ set -eu declare -A aliases aliases=( - [mainline]='1 1.25 latest' + [mainline]='1 1.27 latest' [stable]='1.26' ) diff --git a/sync-awsecr.sh b/sync-awsecr.sh index c9ea9634f..0e7cfffad 100755 --- a/sync-awsecr.sh +++ b/sync-awsecr.sh @@ -6,7 +6,7 @@ registry="public.ecr.aws/z9d2n7e1" declare -A aliases aliases=( - [mainline]='1 1.25 latest' + [mainline]='1 1.27 latest' [stable]='1.26' ) diff --git a/update.sh b/update.sh index 1327b7088..bbd5ebeab 100755 --- a/update.sh +++ b/update.sh @@ -12,8 +12,8 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.25.5' - [stable]='1.26.0' + [mainline]='1.27.0' + [stable]='1.26.1' ) # Current njs versions @@ -25,7 +25,7 @@ declare -A njs=( # Current njs patchlevel version # Remember to update pkgosschecksum when changing this. declare -A njspkg=( - [mainline]='3' + [mainline]='2' [stable]='2' ) @@ -38,8 +38,8 @@ declare -A otel=( # Current package patchlevel version # Remember to update pkgosschecksum when changing this. declare -A pkg=( - [mainline]=1 - [stable]=1 + [mainline]=2 + [stable]=2 ) declare -A debian=( @@ -57,16 +57,16 @@ declare -A alpine=( # when building alpine packages on architectures not supported by nginx.org # Remember to update pkgosschecksum when changing this. declare -A rev=( - [mainline]='27357d6c5453' - [stable]='73d6839714a2' + [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' + [stable]='${NGINX_VERSION}-${PKG_RELEASE}' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='a80fc5706ad8e98597478b9e041f658375d53d22f7c8004dd16354067a3d48eb4ef234830b697ddf5c45ec57b837237cc11317bcaaa5133ccbe71bce15d969b0' - [stable]='95d513d058493d60cba5a6bb328dc3c3e75ea115cf248a64bd921159e11c6fc87d33c7f058562c584fe440a219b931d53fd66bd4c596244b54287b62979834db' + [mainline]='cd3333f4dfa4a873f6df73dfe24e047adc092d779aefb46577b6307ff0d0125543508694a80158b2bfc891167ad763b0d08287829df9924d4c22f50d063e76c0' + [stable]='0db2bf5f86e7c31f23d0e3e7699a5d8a4d9d9b0dc2f98d3e3a31e004df20206270debf6502e4481892e8b64d55fba73fcc8d74c3e0ddfcd2d3f85a17fa02a25e' ) get_packages() { From 3180cdbec313dc4a9f6dd1109ae66adaf98f11fb Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 29 May 2024 15:13:35 -0700 Subject: [PATCH 235/306] Regenerated after last commits --- mainline/alpine-otel/Dockerfile | 12 ++++++------ mainline/alpine-perl/Dockerfile | 12 ++++++------ mainline/alpine-slim/Dockerfile | 14 +++++++------- mainline/alpine/Dockerfile | 14 +++++++------- mainline/debian-otel/Dockerfile | 2 +- mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 6 +++--- stable/alpine-otel/Dockerfile | 12 ++++++------ stable/alpine-perl/Dockerfile | 12 ++++++------ stable/alpine-slim/Dockerfile | 14 +++++++------- stable/alpine/Dockerfile | 12 ++++++------ stable/debian-otel/Dockerfile | 2 +- stable/debian-perl/Dockerfile | 2 +- stable/debian/Dockerfile | 4 ++-- 14 files changed, 60 insertions(+), 60 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index 7e08f87a3..f5dcf080a 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.5-alpine +FROM nginx:1.27.0-alpine ENV OTEL_VERSION 0.1.0 @@ -49,16 +49,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/27357d6c5453.tar.gz \ - && PKGOSSCHECKSUM=\"a80fc5706ad8e98597478b9e041f658375d53d22f7c8004dd16354067a3d48eb4ef234830b697ddf5c45ec57b837237cc11317bcaaa5133ccbe71bce15d969b0 *27357d6c5453.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 27357d6c5453.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"cd3333f4dfa4a873f6df73dfe24e047adc092d779aefb46577b6307ff0d0125543508694a80158b2bfc891167ad763b0d08287829df9924d4c22f50d063e76c0 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 27357d6c5453.tar.gz \ - && cd pkg-oss-27357d6c5453 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-otel \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 2c583aad8..7c5092157 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.5-alpine +FROM nginx:1.27.0-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -44,16 +44,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/27357d6c5453.tar.gz \ - && PKGOSSCHECKSUM=\"a80fc5706ad8e98597478b9e041f658375d53d22f7c8004dd16354067a3d48eb4ef234830b697ddf5c45ec57b837237cc11317bcaaa5133ccbe71bce15d969b0 *27357d6c5453.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 27357d6c5453.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"cd3333f4dfa4a873f6df73dfe24e047adc092d779aefb46577b6307ff0d0125543508694a80158b2bfc891167ad763b0d08287829df9924d4c22f50d063e76c0 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 27357d6c5453.tar.gz \ - && cd pkg-oss-27357d6c5453 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index c1bde59c8..370879bb7 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.19 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.25.5 -ENV PKG_RELEASE 1 +ENV NGINX_VERSION 1.27.0 +ENV PKG_RELEASE 2 RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/27357d6c5453.tar.gz \ - && PKGOSSCHECKSUM=\"a80fc5706ad8e98597478b9e041f658375d53d22f7c8004dd16354067a3d48eb4ef234830b697ddf5c45ec57b837237cc11317bcaaa5133ccbe71bce15d969b0 *27357d6c5453.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 27357d6c5453.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"cd3333f4dfa4a873f6df73dfe24e047adc092d779aefb46577b6307ff0d0125543508694a80158b2bfc891167ad763b0d08287829df9924d4c22f50d063e76c0 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 27357d6c5453.tar.gz \ - && cd pkg-oss-27357d6c5453 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index a1a047002..6437da3e5 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,10 +3,10 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.5-alpine-slim +FROM nginx:1.27.0-alpine-slim ENV NJS_VERSION 0.8.4 -ENV NJS_RELEASE 3 +ENV NJS_RELEASE 2 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -49,16 +49,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/27357d6c5453.tar.gz \ - && PKGOSSCHECKSUM=\"a80fc5706ad8e98597478b9e041f658375d53d22f7c8004dd16354067a3d48eb4ef234830b697ddf5c45ec57b837237cc11317bcaaa5133ccbe71bce15d969b0 *27357d6c5453.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 27357d6c5453.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"cd3333f4dfa4a873f6df73dfe24e047adc092d779aefb46577b6307ff0d0125543508694a80158b2bfc891167ad763b0d08287829df9924d4c22f50d063e76c0 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 27357d6c5453.tar.gz \ - && cd pkg-oss-27357d6c5453 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 51f8c54e3..9fe3620a3 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.5 +FROM nginx:1.27.0 ENV OTEL_VERSION 0.1.0 diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 4bdba1e6f..b2fcb2e5d 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.25.5 +FROM nginx:1.27.0 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index c20481998..0087d4572 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,10 +7,10 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.25.5 +ENV NGINX_VERSION 1.27.0 ENV NJS_VERSION 0.8.4 -ENV NJS_RELEASE 3~bookworm -ENV PKG_RELEASE 1~bookworm +ENV NJS_RELEASE 2~bookworm +ENV PKG_RELEASE 2~bookworm RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants diff --git a/stable/alpine-otel/Dockerfile b/stable/alpine-otel/Dockerfile index 66923ea1f..b60ade032 100644 --- a/stable/alpine-otel/Dockerfile +++ b/stable/alpine-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.0-alpine +FROM nginx:1.26.1-alpine ENV OTEL_VERSION 0.1.0 @@ -49,16 +49,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/73d6839714a2.tar.gz \ - && PKGOSSCHECKSUM=\"95d513d058493d60cba5a6bb328dc3c3e75ea115cf248a64bd921159e11c6fc87d33c7f058562c584fe440a219b931d53fd66bd4c596244b54287b62979834db *73d6839714a2.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 73d6839714a2.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"0db2bf5f86e7c31f23d0e3e7699a5d8a4d9d9b0dc2f98d3e3a31e004df20206270debf6502e4481892e8b64d55fba73fcc8d74c3e0ddfcd2d3f85a17fa02a25e *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 73d6839714a2.tar.gz \ - && cd pkg-oss-73d6839714a2 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-otel \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 9cdf5d0f2..355d191ad 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.0-alpine +FROM nginx:1.26.1-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -44,16 +44,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/73d6839714a2.tar.gz \ - && PKGOSSCHECKSUM=\"95d513d058493d60cba5a6bb328dc3c3e75ea115cf248a64bd921159e11c6fc87d33c7f058562c584fe440a219b931d53fd66bd4c596244b54287b62979834db *73d6839714a2.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 73d6839714a2.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"0db2bf5f86e7c31f23d0e3e7699a5d8a4d9d9b0dc2f98d3e3a31e004df20206270debf6502e4481892e8b64d55fba73fcc8d74c3e0ddfcd2d3f85a17fa02a25e *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 73d6839714a2.tar.gz \ - && cd pkg-oss-73d6839714a2 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-perl \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 59e0e309a..452317de3 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -7,8 +7,8 @@ FROM alpine:3.19 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.26.0 -ENV PKG_RELEASE 1 +ENV NGINX_VERSION 1.26.1 +ENV PKG_RELEASE 2 RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -56,16 +56,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/73d6839714a2.tar.gz \ - && PKGOSSCHECKSUM=\"95d513d058493d60cba5a6bb328dc3c3e75ea115cf248a64bd921159e11c6fc87d33c7f058562c584fe440a219b931d53fd66bd4c596244b54287b62979834db *73d6839714a2.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 73d6839714a2.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"0db2bf5f86e7c31f23d0e3e7699a5d8a4d9d9b0dc2f98d3e3a31e004df20206270debf6502e4481892e8b64d55fba73fcc8d74c3e0ddfcd2d3f85a17fa02a25e *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 73d6839714a2.tar.gz \ - && cd pkg-oss-73d6839714a2 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make base \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index d7f1f0c5c..2fffeaba3 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.0-alpine-slim +FROM nginx:1.26.1-alpine-slim ENV NJS_VERSION 0.8.4 ENV NJS_RELEASE 2 @@ -49,16 +49,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/73d6839714a2.tar.gz \ - && PKGOSSCHECKSUM=\"95d513d058493d60cba5a6bb328dc3c3e75ea115cf248a64bd921159e11c6fc87d33c7f058562c584fe440a219b931d53fd66bd4c596244b54287b62979834db *73d6839714a2.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 73d6839714a2.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"0db2bf5f86e7c31f23d0e3e7699a5d8a4d9d9b0dc2f98d3e3a31e004df20206270debf6502e4481892e8b64d55fba73fcc8d74c3e0ddfcd2d3f85a17fa02a25e *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 73d6839714a2.tar.gz \ - && cd pkg-oss-73d6839714a2 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian-otel/Dockerfile b/stable/debian-otel/Dockerfile index 2a2ca729f..764b994a9 100644 --- a/stable/debian-otel/Dockerfile +++ b/stable/debian-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.0 +FROM nginx:1.26.1 ENV OTEL_VERSION 0.1.0 diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index ee08af922..adfd57f83 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.0 +FROM nginx:1.26.1 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 853e3e601..9c782b27e 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -7,10 +7,10 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.26.0 +ENV NGINX_VERSION 1.26.1 ENV NJS_VERSION 0.8.4 ENV NJS_RELEASE 2~bookworm -ENV PKG_RELEASE 1~bookworm +ENV PKG_RELEASE 2~bookworm RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants From 94a27ac42d45670d941a55334d89e80760f7cc8e Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 20 Jun 2024 15:57:12 -0700 Subject: [PATCH 236/306] Fixed failure to build packages from source on recent Alpine versions apk index no longer accepts untrusted keys since 2.14.2 --- Dockerfile-alpine-otel.template | 2 +- Dockerfile-alpine-perl.template | 2 +- Dockerfile-alpine-slim.template | 2 +- Dockerfile-alpine.template | 2 +- mainline/alpine-otel/Dockerfile | 2 +- mainline/alpine-perl/Dockerfile | 2 +- mainline/alpine-slim/Dockerfile | 2 +- mainline/alpine/Dockerfile | 2 +- stable/alpine-otel/Dockerfile | 2 +- stable/alpine-perl/Dockerfile | 2 +- stable/alpine-slim/Dockerfile | 2 +- stable/alpine/Dockerfile | 2 +- 12 files changed, 12 insertions(+), 12 deletions(-) diff --git a/Dockerfile-alpine-otel.template b/Dockerfile-alpine-otel.template index 7090e4fd4..027e99aeb 100644 --- a/Dockerfile-alpine-otel.template +++ b/Dockerfile-alpine-otel.template @@ -50,7 +50,7 @@ RUN set -x \ && cd pkg-oss-%%REVISION%% \ && cd alpine \ && make %%BUILDTARGET%% \ - && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ diff --git a/Dockerfile-alpine-perl.template b/Dockerfile-alpine-perl.template index 9c87b72c6..660e4b7b5 100644 --- a/Dockerfile-alpine-perl.template +++ b/Dockerfile-alpine-perl.template @@ -45,7 +45,7 @@ RUN set -x \ && cd pkg-oss-%%REVISION%% \ && cd alpine \ && make %%BUILDTARGET%% \ - && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template index e6809e87f..128cc0e11 100644 --- a/Dockerfile-alpine-slim.template +++ b/Dockerfile-alpine-slim.template @@ -62,7 +62,7 @@ RUN set -x \ && cd pkg-oss-%%REVISION%% \ && cd alpine \ && make %%BUILDTARGET%% \ - && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 8c9d490d3..cce7c7b82 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -51,7 +51,7 @@ RUN set -x \ && cd pkg-oss-%%REVISION%% \ && cd alpine \ && make %%BUILDTARGET%% \ - && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index f5dcf080a..784dd98bc 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -61,7 +61,7 @@ RUN set -x \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-otel \ - && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 7c5092157..55e9c5fb4 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -56,7 +56,7 @@ RUN set -x \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-perl \ - && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 370879bb7..202eed78b 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -68,7 +68,7 @@ RUN set -x \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make base \ - && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 6437da3e5..d1c396563 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -61,7 +61,7 @@ RUN set -x \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ - && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ diff --git a/stable/alpine-otel/Dockerfile b/stable/alpine-otel/Dockerfile index b60ade032..6fd59d888 100644 --- a/stable/alpine-otel/Dockerfile +++ b/stable/alpine-otel/Dockerfile @@ -61,7 +61,7 @@ RUN set -x \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-otel \ - && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 355d191ad..f017a96ef 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -56,7 +56,7 @@ RUN set -x \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-perl \ - && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 452317de3..458724c72 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -68,7 +68,7 @@ RUN set -x \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make base \ - && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 2fffeaba3..317e11c11 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -61,7 +61,7 @@ RUN set -x \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ - && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ + && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ From 1717492fe0135a8f4c2b88b9db2128724412869a Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 20 Jun 2024 16:54:59 -0700 Subject: [PATCH 237/306] Tests: temporarily remove ipv6 check It seems github actions runners are having issues with ipv6 since lateset updates to Docker 26. Let them sort the issues out first, and then we can revert this change. --- .../templates-resolver-ipv6/expected-std-out.txt | 1 - .test/tests/templates-resolver-ipv6/run.sh | 11 ----------- 2 files changed, 12 deletions(-) diff --git a/.test/tests/templates-resolver-ipv6/expected-std-out.txt b/.test/tests/templates-resolver-ipv6/expected-std-out.txt index 5309ac822..38bfee851 100644 --- a/.test/tests/templates-resolver-ipv6/expected-std-out.txt +++ b/.test/tests/templates-resolver-ipv6/expected-std-out.txt @@ -1,2 +1 @@ example.com - OK -ipv6 nameserver(s) present diff --git a/.test/tests/templates-resolver-ipv6/run.sh b/.test/tests/templates-resolver-ipv6/run.sh index a7bc3332d..88476d650 100755 --- a/.test/tests/templates-resolver-ipv6/run.sh +++ b/.test/tests/templates-resolver-ipv6/run.sh @@ -68,14 +68,3 @@ _request() { # Check that we can request / _request GET http '/resolver-templates' | grep 'example.com - OK' - -result="$(docker exec $cid grep resolver /etc/nginx/conf.d/server.conf)" - -case "$result" in - resolver*\[*\]*) - echo "ipv6 nameserver(s) present" - ;; - *) - echo "no ipv6 nameserver(s) present" - ;; -esac From a6f7d140744f8b15ff4314b8718b3f022efc7f43 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 20 Jun 2024 17:49:20 -0700 Subject: [PATCH 238/306] Updated GPG keys used to sign packages Prebuilt binaries from nginx.org are to be signed with different keys moving forward. This change introduces two new 4096-bit RSA keys (aptly named "signing key 2" and "signing key 3") that will be used for that process. The keys can be fetched from nginx.org, too: $ curl -s https://nginx.org/keys/nginx_signing.key | gpg --show-keys - pub rsa4096 2024-05-29 [SC] 8540A6F18833A80E9C1653A42FD21310B49F6B46 uid nginx signing key pub rsa2048 2011-08-19 [SC] [expires: 2027-05-24] 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 uid nginx signing key pub rsa4096 2024-05-29 [SC] 9E9BE90EACBCDE69FE9B204CBCDCD8A38D88A2B3 uid nginx signing key As a nice side-effect, this allows us to re-fetch the older 2048-bit RSA key. It expired on Jun 14 2024, but was extended to be valid for another three years) still used to sign current packages. Unfortunately the key with the extended validity period was uploaded to the keyservers a bit too late to be picked up by current image builds, resulting in somewhat unexpected breakages for downstream images. --- Dockerfile-debian.template | 6 ++++-- mainline/debian/Dockerfile | 6 ++++-- stable/debian/Dockerfile | 6 ++++-- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 4fe841a60..cccf6ea7c 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -14,10 +14,11 @@ RUN set -x \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + NGINX_GPGKEYS="573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 8540A6F18833A80E9C1653A42FD21310B49F6B46 9E9BE90EACBCDE69FE9B204CBCDCD8A38D88A2B3"; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ export GNUPGHOME="$(mktemp -d)"; \ found=''; \ + for NGINX_GPGKEY in $NGINX_GPGKEYS; do \ for server in \ hkp://keyserver.ubuntu.com:80 \ pgp.mit.edu \ @@ -26,7 +27,8 @@ RUN set -x \ gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ + done; \ + gpg1 --export "$NGINX_GPGKEYS" > "$NGINX_GPGKEY_PATH" ; \ rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 0087d4572..1795d6b01 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -19,10 +19,11 @@ RUN set -x \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + NGINX_GPGKEYS="573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 8540A6F18833A80E9C1653A42FD21310B49F6B46 9E9BE90EACBCDE69FE9B204CBCDCD8A38D88A2B3"; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ export GNUPGHOME="$(mktemp -d)"; \ found=''; \ + for NGINX_GPGKEY in $NGINX_GPGKEYS; do \ for server in \ hkp://keyserver.ubuntu.com:80 \ pgp.mit.edu \ @@ -31,7 +32,8 @@ RUN set -x \ gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ + done; \ + gpg1 --export "$NGINX_GPGKEYS" > "$NGINX_GPGKEY_PATH" ; \ rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 9c782b27e..dfdc54280 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -19,10 +19,11 @@ RUN set -x \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + NGINX_GPGKEYS="573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 8540A6F18833A80E9C1653A42FD21310B49F6B46 9E9BE90EACBCDE69FE9B204CBCDCD8A38D88A2B3"; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ export GNUPGHOME="$(mktemp -d)"; \ found=''; \ + for NGINX_GPGKEY in $NGINX_GPGKEYS; do \ for server in \ hkp://keyserver.ubuntu.com:80 \ pgp.mit.edu \ @@ -31,7 +32,8 @@ RUN set -x \ gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ + done; \ + gpg1 --export "$NGINX_GPGKEYS" > "$NGINX_GPGKEY_PATH" ; \ rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ From 0eef6515e5b1da1e1f06cb71edbaa73769054cec Mon Sep 17 00:00:00 2001 From: Your Name Date: Wed, 14 Aug 2024 20:35:37 +0000 Subject: [PATCH 239/306] Updated nginx versions to current While at it, introduced specific env variables for built-in dynamic modules versions, as they can differ from the main nginx binary packages. --- Dockerfile-alpine-slim.template | 5 ++-- Dockerfile-debian.template | 1 + update.sh | 46 ++++++++++++++++++++++++--------- 3 files changed, 38 insertions(+), 14 deletions(-) diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template index 128cc0e11..6c6f92f23 100644 --- a/Dockerfile-alpine-slim.template +++ b/Dockerfile-alpine-slim.template @@ -2,8 +2,9 @@ FROM alpine:%%ALPINE_VERSION%% LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION %%NGINX_VERSION%% -ENV PKG_RELEASE %%PKG_RELEASE%% +ENV NGINX_VERSION %%NGINX_VERSION%% +ENV PKG_RELEASE %%PKG_RELEASE%% +ENV DYNPKG_RELEASE %%DYNPKG_RELEASE%% RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index cccf6ea7c..efef6e542 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -6,6 +6,7 @@ ENV NGINX_VERSION %%NGINX_VERSION%% ENV NJS_VERSION %%NJS_VERSION%% ENV NJS_RELEASE %%NJS_RELEASE%% ENV PKG_RELEASE %%PKG_RELEASE%% +ENV DYNPKG_RELEASE %%DYNPKG_RELEASE%% RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants diff --git a/update.sh b/update.sh index bbd5ebeab..a075b0754 100755 --- a/update.sh +++ b/update.sh @@ -12,21 +12,21 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.27.0' - [stable]='1.26.1' + [mainline]='1.27.1' + [stable]='1.26.2' ) # Current njs versions declare -A njs=( - [mainline]='0.8.4' - [stable]='0.8.4' + [mainline]='0.8.5' + [stable]='0.8.5' ) # Current njs patchlevel version # Remember to update pkgosschecksum when changing this. declare -A njspkg=( - [mainline]='2' - [stable]='2' + [mainline]='1' + [stable]='1' ) # Current otel versions @@ -35,9 +35,16 @@ declare -A otel=( [stable]='0.1.0' ) -# Current package patchlevel version +# Current nginx package patchlevel version # Remember to update pkgosschecksum when changing this. declare -A pkg=( + [mainline]=1 + [stable]=1 +) + +# Current built-in dynamic modules package patchlevel version +# Remember to update pkgosschecksum when changing this +declare -A dynpkg=( [mainline]=2 [stable]=2 ) @@ -65,8 +72,8 @@ declare -A rev=( # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='cd3333f4dfa4a873f6df73dfe24e047adc092d779aefb46577b6307ff0d0125543508694a80158b2bfc891167ad763b0d08287829df9924d4c22f50d063e76c0' - [stable]='0db2bf5f86e7c31f23d0e3e7699a5d8a4d9d9b0dc2f98d3e3a31e004df20206270debf6502e4481892e8b64d55fba73fcc8d74c3e0ddfcd2d3f85a17fa02a25e' + [mainline]='b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907' + [stable]='825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a' ) get_packages() { @@ -108,9 +115,12 @@ get_packages() { done ;; *) - for p in nginx nginx-module-xslt nginx-module-geoip nginx-module-image-filter $perl; do + for p in nginx; do echo -n ' '"$p"'=${NGINX_VERSION}-'"$r"'${PKG_RELEASE} \\\n' done + for p in nginx-module-xslt nginx-module-geoip nginx-module-image-filter $perl; do + echo -n ' '"$p"'=${NGINX_VERSION}-'"$r"'${DYNPKG_RELEASE} \\\n' + done for p in nginx-module-njs; do echo -n ' '"$p"'=${NGINX_VERSION}'"$sep"'${NJS_VERSION}-'"$r"'${NJS_RELEASE} \\'"$bn" done @@ -149,7 +159,17 @@ get_packagever() { [ "${distro}" = "debian" ] && suffix="~${debianver}" - [ "${package}" = "njs" ] && echo ${njspkg[$branch]}${suffix} || echo ${pkg[$branch]}${suffix} + case "${package}" in + "njs") + echo ${njspkg[$branch]}${suffix} + ;; + "dyn") + echo ${dynpkg[$branch]}${suffix} + ;; + *) + echo ${pkg[$branch]}${suffix} + ;; + esac } get_buildtarget() { @@ -172,7 +192,7 @@ get_buildtarget() { echo "\$nginxPackages" ;; debian-perl) - echo "nginx-module-perl=\${NGINX_VERSION}-\${PKG_RELEASE}" + echo "nginx-module-perl=\${NGINX_VERSION}-\${DYNPKG_RELEASE}" ;; debian-otel) echo "nginx-module-otel" @@ -218,11 +238,13 @@ for branch in "${branches[@]}"; do packages=$(get_packages "$variant" "$branch") packagever=$(get_packagever "$variant" "$branch" "any") njspkgver=$(get_packagever "$variant" "$branch" "njs") + dynpkgver=$(get_packagever "$variant" "$branch" "dyn") buildtarget=$(get_buildtarget "$variant") sed -i.bak \ -e 's,%%ALPINE_VERSION%%,'"$alpinever"',' \ -e 's,%%DEBIAN_VERSION%%,'"$debianver"',' \ + -e 's,%%DYNPKG_RELEASE%%,'"$dynpkgver"',' \ -e 's,%%NGINX_VERSION%%,'"$nginxver"',' \ -e 's,%%NJS_VERSION%%,'"$njsver"',' \ -e 's,%%NJS_RELEASE%%,'"$njspkgver"',' \ From e78cf70ce7b73a0c9ea734c9cf8aaaa283c1cc5a Mon Sep 17 00:00:00 2001 From: Your Name Date: Wed, 14 Aug 2024 20:36:50 +0000 Subject: [PATCH 240/306] Run update.sh to pick up changes after previous commit. --- mainline/alpine-otel/Dockerfile | 10 +++++----- mainline/alpine-perl/Dockerfile | 12 ++++++------ mainline/alpine-slim/Dockerfile | 7 ++++--- mainline/alpine/Dockerfile | 14 +++++++------- mainline/debian-otel/Dockerfile | 8 ++++---- mainline/debian-perl/Dockerfile | 14 +++++++------- mainline/debian/Dockerfile | 15 ++++++++------- stable/alpine-otel/Dockerfile | 10 +++++----- stable/alpine-perl/Dockerfile | 12 ++++++------ stable/alpine-slim/Dockerfile | 7 ++++--- stable/alpine/Dockerfile | 14 +++++++------- stable/debian-otel/Dockerfile | 8 ++++---- stable/debian-perl/Dockerfile | 14 +++++++------- stable/debian/Dockerfile | 15 ++++++++------- 14 files changed, 82 insertions(+), 78 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index 784dd98bc..a3e926b0c 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.0-alpine +FROM nginx:1.27.1-alpine ENV OTEL_VERSION 0.1.0 @@ -11,9 +11,9 @@ RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ nginx-module-otel=${NGINX_VERSION}.${OTEL_VERSION}-r${PKG_RELEASE} \ " \ @@ -50,7 +50,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"cd3333f4dfa4a873f6df73dfe24e047adc092d779aefb46577b6307ff0d0125543508694a80158b2bfc891167ad763b0d08287829df9924d4c22f50d063e76c0 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 55e9c5fb4..e5162bebf 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,16 +3,16 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.0-alpine +FROM nginx:1.27.1-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-perl=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-perl=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks @@ -45,7 +45,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"cd3333f4dfa4a873f6df73dfe24e047adc092d779aefb46577b6307ff0d0125543508694a80158b2bfc891167ad763b0d08287829df9924d4c22f50d063e76c0 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 202eed78b..9d1c1709f 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,8 +7,9 @@ FROM alpine:3.19 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.27.0 -ENV PKG_RELEASE 2 +ENV NGINX_VERSION 1.27.1 +ENV PKG_RELEASE 1 +ENV DYNPKG_RELEASE 2 RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -57,7 +58,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"cd3333f4dfa4a873f6df73dfe24e047adc092d779aefb46577b6307ff0d0125543508694a80158b2bfc891167ad763b0d08287829df9924d4c22f50d063e76c0 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index d1c396563..b6b9120ad 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,18 +3,18 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.0-alpine-slim +FROM nginx:1.27.1-alpine-slim -ENV NJS_VERSION 0.8.4 -ENV NJS_RELEASE 2 +ENV NJS_VERSION 0.8.5 +ENV NJS_RELEASE 1 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks @@ -50,7 +50,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"cd3333f4dfa4a873f6df73dfe24e047adc092d779aefb46577b6307ff0d0125543508694a80158b2bfc891167ad763b0d08287829df9924d4c22f50d063e76c0 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 9fe3620a3..58a5cd998 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.0 +FROM nginx:1.27.1 ENV OTEL_VERSION 0.1.0 @@ -12,9 +12,9 @@ RUN set -x; \ dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ nginx-module-otel=${NGINX_VERSION}+${OTEL_VERSION}-${PKG_RELEASE} \ " \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index b2fcb2e5d..e3a51fb70 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,17 +3,17 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.0 +FROM nginx:1.27.1 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ " \ && case "$dpkgArch" in \ @@ -37,11 +37,11 @@ RUN set -x; \ \ # build .deb files from upstream's source packages (which are verified by apt-get) && apt-get update \ - && apt-get build-dep -y nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ + && apt-get build-dep -y nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \ && ( \ cd "$tempDir" \ && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ + apt-get source --compile nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 1795d6b01..40a9838dc 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,10 +7,11 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.27.0 -ENV NJS_VERSION 0.8.4 -ENV NJS_RELEASE 2~bookworm -ENV PKG_RELEASE 2~bookworm +ENV NGINX_VERSION 1.27.1 +ENV NJS_VERSION 0.8.5 +ENV NJS_RELEASE 1~bookworm +ENV PKG_RELEASE 1~bookworm +ENV DYNPKG_RELEASE 2~bookworm RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -39,9 +40,9 @@ RUN set -x \ && dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ " \ && case "$dpkgArch" in \ diff --git a/stable/alpine-otel/Dockerfile b/stable/alpine-otel/Dockerfile index 6fd59d888..29ec4cd7a 100644 --- a/stable/alpine-otel/Dockerfile +++ b/stable/alpine-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.1-alpine +FROM nginx:1.26.2-alpine ENV OTEL_VERSION 0.1.0 @@ -11,9 +11,9 @@ RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ nginx-module-otel=${NGINX_VERSION}.${OTEL_VERSION}-r${PKG_RELEASE} \ " \ @@ -50,7 +50,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"0db2bf5f86e7c31f23d0e3e7699a5d8a4d9d9b0dc2f98d3e3a31e004df20206270debf6502e4481892e8b64d55fba73fcc8d74c3e0ddfcd2d3f85a17fa02a25e *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index f017a96ef..099d1c146 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,16 +3,16 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.1-alpine +FROM nginx:1.26.2-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-perl=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-perl=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks @@ -45,7 +45,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"0db2bf5f86e7c31f23d0e3e7699a5d8a4d9d9b0dc2f98d3e3a31e004df20206270debf6502e4481892e8b64d55fba73fcc8d74c3e0ddfcd2d3f85a17fa02a25e *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 458724c72..c26a8a06b 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -7,8 +7,9 @@ FROM alpine:3.19 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.26.1 -ENV PKG_RELEASE 2 +ENV NGINX_VERSION 1.26.2 +ENV PKG_RELEASE 1 +ENV DYNPKG_RELEASE 2 RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -57,7 +58,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"0db2bf5f86e7c31f23d0e3e7699a5d8a4d9d9b0dc2f98d3e3a31e004df20206270debf6502e4481892e8b64d55fba73fcc8d74c3e0ddfcd2d3f85a17fa02a25e *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 317e11c11..adbef6741 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,18 +3,18 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.1-alpine-slim +FROM nginx:1.26.2-alpine-slim -ENV NJS_VERSION 0.8.4 -ENV NJS_RELEASE 2 +ENV NJS_VERSION 0.8.5 +ENV NJS_RELEASE 1 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \ - nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks @@ -50,7 +50,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"0db2bf5f86e7c31f23d0e3e7699a5d8a4d9d9b0dc2f98d3e3a31e004df20206270debf6502e4481892e8b64d55fba73fcc8d74c3e0ddfcd2d3f85a17fa02a25e *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/debian-otel/Dockerfile b/stable/debian-otel/Dockerfile index 764b994a9..1bc689614 100644 --- a/stable/debian-otel/Dockerfile +++ b/stable/debian-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.1 +FROM nginx:1.26.2 ENV OTEL_VERSION 0.1.0 @@ -12,9 +12,9 @@ RUN set -x; \ dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ nginx-module-otel=${NGINX_VERSION}+${OTEL_VERSION}-${PKG_RELEASE} \ " \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index adfd57f83..17b0f1036 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -3,17 +3,17 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.1 +FROM nginx:1.26.2 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ " \ && case "$dpkgArch" in \ @@ -37,11 +37,11 @@ RUN set -x; \ \ # build .deb files from upstream's source packages (which are verified by apt-get) && apt-get update \ - && apt-get build-dep -y nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ + && apt-get build-dep -y nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \ && ( \ cd "$tempDir" \ && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile nginx-module-perl=${NGINX_VERSION}-${PKG_RELEASE} \ + apt-get source --compile nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index dfdc54280..e623e4141 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -7,10 +7,11 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.26.1 -ENV NJS_VERSION 0.8.4 -ENV NJS_RELEASE 2~bookworm -ENV PKG_RELEASE 2~bookworm +ENV NGINX_VERSION 1.26.2 +ENV NJS_VERSION 0.8.5 +ENV NJS_RELEASE 1~bookworm +ENV PKG_RELEASE 1~bookworm +ENV DYNPKG_RELEASE 2~bookworm RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -39,9 +40,9 @@ RUN set -x \ && dpkgArch="$(dpkg --print-architecture)" \ && nginxPackages=" \ nginx=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \ - nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \ + nginx-module-xslt=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-geoip=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + nginx-module-image-filter=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ " \ && case "$dpkgArch" in \ From ab376cce6d325132adb02b6d2a248b9ad1cd9fe1 Mon Sep 17 00:00:00 2001 From: Jesper Noordsij Date: Wed, 22 May 2024 14:49:13 +0200 Subject: [PATCH 241/306] Update mainline to Alpine 3.20 --- mainline/alpine-slim/Dockerfile | 2 +- update.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 9d1c1709f..44fb1f357 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.19 +FROM alpine:3.20 LABEL maintainer="NGINX Docker Maintainers " diff --git a/update.sh b/update.sh index a075b0754..d5ebc2ce7 100755 --- a/update.sh +++ b/update.sh @@ -55,7 +55,7 @@ declare -A debian=( ) declare -A alpine=( - [mainline]='3.19' + [mainline]='3.20' [stable]='3.19' ) From 239684923b2c652b0767540d180de7f7e84bd9fa Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 14 Aug 2024 14:47:12 -0700 Subject: [PATCH 242/306] Alpine: install curl on architectures we build from source. --- Dockerfile-alpine-otel.template | 1 + Dockerfile-alpine-perl.template | 1 + Dockerfile-alpine-slim.template | 1 + Dockerfile-alpine.template | 1 + mainline/alpine-otel/Dockerfile | 1 + mainline/alpine-perl/Dockerfile | 1 + mainline/alpine-slim/Dockerfile | 1 + mainline/alpine/Dockerfile | 1 + stable/alpine-otel/Dockerfile | 1 + stable/alpine-perl/Dockerfile | 1 + stable/alpine-slim/Dockerfile | 1 + stable/alpine/Dockerfile | 1 + 12 files changed, 12 insertions(+) diff --git a/Dockerfile-alpine-otel.template b/Dockerfile-alpine-otel.template index 027e99aeb..f122273e1 100644 --- a/Dockerfile-alpine-otel.template +++ b/Dockerfile-alpine-otel.template @@ -32,6 +32,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ + curl \ xz \ re2-dev \ c-ares-dev \ diff --git a/Dockerfile-alpine-perl.template b/Dockerfile-alpine-perl.template index 660e4b7b5..2726d46e3 100644 --- a/Dockerfile-alpine-perl.template +++ b/Dockerfile-alpine-perl.template @@ -30,6 +30,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ + curl \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template index 6c6f92f23..b60e641e5 100644 --- a/Dockerfile-alpine-slim.template +++ b/Dockerfile-alpine-slim.template @@ -48,6 +48,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ + curl \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index cce7c7b82..437eb7e0b 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -36,6 +36,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ + curl \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index a3e926b0c..320fb0745 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -43,6 +43,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ + curl \ xz \ re2-dev \ c-ares-dev \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index e5162bebf..dc7219fd9 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -41,6 +41,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ + curl \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 44fb1f357..a93180941 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -54,6 +54,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ + curl \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index b6b9120ad..1bb5b530a 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -46,6 +46,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ + curl \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ diff --git a/stable/alpine-otel/Dockerfile b/stable/alpine-otel/Dockerfile index 29ec4cd7a..dbb4501ed 100644 --- a/stable/alpine-otel/Dockerfile +++ b/stable/alpine-otel/Dockerfile @@ -43,6 +43,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ + curl \ xz \ re2-dev \ c-ares-dev \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 099d1c146..077ff3e91 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -41,6 +41,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ + curl \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index c26a8a06b..0350ad86e 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -54,6 +54,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ + curl \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index adbef6741..603b75489 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -46,6 +46,7 @@ RUN set -x \ bash \ alpine-sdk \ findutils \ + curl \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ From 1c99bf1406f95d5fbddb4c9f246e67ad07f79642 Mon Sep 17 00:00:00 2001 From: Jesper Noordsij Date: Wed, 29 May 2024 17:09:10 +0200 Subject: [PATCH 243/306] Update stable to Alpine 3.20 --- stable/alpine-slim/Dockerfile | 2 +- update.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 0350ad86e..d1d3d8a65 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.19 +FROM alpine:3.20 LABEL maintainer="NGINX Docker Maintainers " diff --git a/update.sh b/update.sh index d5ebc2ce7..9a7d6b9b2 100755 --- a/update.sh +++ b/update.sh @@ -56,7 +56,7 @@ declare -A debian=( declare -A alpine=( [mainline]='3.20' - [stable]='3.19' + [stable]='3.20' ) # When we bump njs version in a stable release we don't move the tag in the From 8f11e7e2ce61b3bb1283432d03883497a0cab554 Mon Sep 17 00:00:00 2001 From: Jesper Noordsij Date: Thu, 15 Aug 2024 08:47:32 +0200 Subject: [PATCH 244/306] Use Alpine-related commit for detecting version in generate-stackbrew-library.sh --- generate-stackbrew-library.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index fc42760c3..3a21d6418 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -107,6 +107,7 @@ for version in "${versions[@]}"; do done + commit="$(dirCommit "$version/alpine-slim")" alpineVersion="$(git show "$commit":"$version/alpine-slim/Dockerfile" | awk -F: '$1 == "FROM alpine" { print $2; exit }')" for variant in alpine alpine-perl alpine-slim; do From d92a4f0d19747b43fd4dfe598c0bb9c854033c5e Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Thu, 15 Aug 2024 15:29:01 -0700 Subject: [PATCH 245/306] Use Alpine-related commit for detecting version in sync-awsecr.sh --- sync-awsecr.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/sync-awsecr.sh b/sync-awsecr.sh index 0e7cfffad..547c83ffd 100755 --- a/sync-awsecr.sh +++ b/sync-awsecr.sh @@ -91,6 +91,7 @@ for version in "${versions[@]}"; do done done + commit="$(dirCommit "$version/alpine-slim")" alpineVersion="$(git show "$commit":"$version/alpine-slim/Dockerfile" | awk -F: '$1 == "FROM alpine" { print $2; exit }')" for variant in alpine alpine-perl alpine-slim; do From 8b08a26142fc4539ca8eaa6bdff8c463294eed88 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 16 Aug 2024 12:47:47 -0700 Subject: [PATCH 246/306] 15-local-resolvers: strip trailing whitespace Trailing whitespaces break configs that use quotation marks around vars. See https://github.com/nginxinc/docker-nginx-unprivileged/issues/234 --- entrypoint/15-local-resolvers.envsh | 3 +++ mainline/alpine-slim/15-local-resolvers.envsh | 3 +++ mainline/debian/15-local-resolvers.envsh | 3 +++ stable/alpine-slim/15-local-resolvers.envsh | 3 +++ stable/debian/15-local-resolvers.envsh | 3 +++ 5 files changed, 15 insertions(+) diff --git a/entrypoint/15-local-resolvers.envsh b/entrypoint/15-local-resolvers.envsh index 450a999f4..e830ddacd 100755 --- a/entrypoint/15-local-resolvers.envsh +++ b/entrypoint/15-local-resolvers.envsh @@ -9,4 +9,7 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {if ($2 ~ ":") {print "["$2"]"} else {print $2}}' /etc/resolv.conf) + +NGINX_LOCAL_RESOLVERS="${NGINX_LOCAL_RESOLVERS% }" + export NGINX_LOCAL_RESOLVERS diff --git a/mainline/alpine-slim/15-local-resolvers.envsh b/mainline/alpine-slim/15-local-resolvers.envsh index 450a999f4..e830ddacd 100755 --- a/mainline/alpine-slim/15-local-resolvers.envsh +++ b/mainline/alpine-slim/15-local-resolvers.envsh @@ -9,4 +9,7 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {if ($2 ~ ":") {print "["$2"]"} else {print $2}}' /etc/resolv.conf) + +NGINX_LOCAL_RESOLVERS="${NGINX_LOCAL_RESOLVERS% }" + export NGINX_LOCAL_RESOLVERS diff --git a/mainline/debian/15-local-resolvers.envsh b/mainline/debian/15-local-resolvers.envsh index 450a999f4..e830ddacd 100755 --- a/mainline/debian/15-local-resolvers.envsh +++ b/mainline/debian/15-local-resolvers.envsh @@ -9,4 +9,7 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {if ($2 ~ ":") {print "["$2"]"} else {print $2}}' /etc/resolv.conf) + +NGINX_LOCAL_RESOLVERS="${NGINX_LOCAL_RESOLVERS% }" + export NGINX_LOCAL_RESOLVERS diff --git a/stable/alpine-slim/15-local-resolvers.envsh b/stable/alpine-slim/15-local-resolvers.envsh index 450a999f4..e830ddacd 100755 --- a/stable/alpine-slim/15-local-resolvers.envsh +++ b/stable/alpine-slim/15-local-resolvers.envsh @@ -9,4 +9,7 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {if ($2 ~ ":") {print "["$2"]"} else {print $2}}' /etc/resolv.conf) + +NGINX_LOCAL_RESOLVERS="${NGINX_LOCAL_RESOLVERS% }" + export NGINX_LOCAL_RESOLVERS diff --git a/stable/debian/15-local-resolvers.envsh b/stable/debian/15-local-resolvers.envsh index 450a999f4..e830ddacd 100755 --- a/stable/debian/15-local-resolvers.envsh +++ b/stable/debian/15-local-resolvers.envsh @@ -9,4 +9,7 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {if ($2 ~ ":") {print "["$2"]"} else {print $2}}' /etc/resolv.conf) + +NGINX_LOCAL_RESOLVERS="${NGINX_LOCAL_RESOLVERS% }" + export NGINX_LOCAL_RESOLVERS From 479f90adc64a726d76890b0604b5116b8d7fe7f5 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 16 Aug 2024 17:46:09 -0700 Subject: [PATCH 247/306] modules/Dockerfile.alpine: install curl Not all alpine-based images have curl that's needed to fetch the sources of modules built. --- modules/Dockerfile.alpine | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Dockerfile.alpine b/modules/Dockerfile.alpine index 4b6b09100..f6d39c0db 100644 --- a/modules/Dockerfile.alpine +++ b/modules/Dockerfile.alpine @@ -15,7 +15,7 @@ COPY ./ /modules/ RUN apk update \ && apk add linux-headers openssl-dev pcre2-dev zlib-dev openssl abuild \ musl-dev libxslt libxml2-utils make mercurial gcc unzip git \ - xz g++ coreutils \ + xz g++ coreutils curl \ # allow abuild as a root user \ && printf "#!/bin/sh\\nSETFATTR=true /usr/bin/abuild -F \"\$@\"\\n" > /usr/local/bin/abuild \ && chmod +x /usr/local/bin/abuild \ From f0fc31f0f73d59cc46e16fae973065a6aea63c15 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 16 Aug 2024 23:15:16 +0000 Subject: [PATCH 248/306] Use packaging sources to build packages on non-mainstream architectures. --- Dockerfile-debian-otel.template | 38 ++++++++++++++++++++++++++------- Dockerfile-debian-perl.template | 38 ++++++++++++++++++++++++++------- Dockerfile-debian.template | 38 ++++++++++++++++++++++++++------- mainline/debian-otel/Dockerfile | 38 ++++++++++++++++++++++++++------- mainline/debian-perl/Dockerfile | 38 ++++++++++++++++++++++++++------- mainline/debian/Dockerfile | 38 ++++++++++++++++++++++++++------- stable/debian-otel/Dockerfile | 38 ++++++++++++++++++++++++++------- stable/debian-perl/Dockerfile | 38 ++++++++++++++++++++++++++------- stable/debian/Dockerfile | 38 ++++++++++++++++++++++++++------- update.sh | 16 +++++--------- 10 files changed, 275 insertions(+), 83 deletions(-) diff --git a/Dockerfile-debian-otel.template b/Dockerfile-debian-otel.template index b1a8a8e2e..50f090320 100644 --- a/Dockerfile-debian-otel.template +++ b/Dockerfile-debian-otel.template @@ -15,24 +15,46 @@ RUN set -x; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for -# let's build binaries from the published source packages - echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ - \ +# let's build binaries from the published packaging sources # new directory for storing sources and .deb files - && tempDir="$(mktemp -d)" \ + tempDir="$(mktemp -d)" \ && chmod 777 "$tempDir" \ # (777 to ensure APT's "_apt" user can access it too) \ # save list of currently-installed packages so build dependencies can be cleanly removed later && savedAptMark="$(apt-mark showmanual)" \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# build .deb files from upstream's packaging sources && apt-get update \ - && apt-get build-dep -y %%BUILDTARGET%% \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + curl \ + devscripts \ + equivs \ + git \ + libxml2-utils \ + lsb-release \ + xsltproc \ && ( \ cd "$tempDir" \ - && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile %%BUILDTARGET%% \ + && REVISION="%%REVISION%%" \ + && REVISION=${REVISION%~*} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="%%PKGOSSCHECKSUM%% *${REVISION}.tar.gz" \ + && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ + echo "pkg-oss tarball checksum verification succeeded!"; \ + else \ + echo "pkg-oss tarball checksum verification failed!"; \ + exit 1; \ + fi \ + && tar xzvf ${REVISION}.tar.gz \ + && cd pkg-oss-${REVISION} \ + && cd debian \ + && for target in %%BUILDTARGET%%; do \ + make rules-$target; \ + mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \ + debuild-$target/nginx-$NGINX_VERSION/debian/control; \ + done \ + && make %%BUILDTARGET%% \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ diff --git a/Dockerfile-debian-perl.template b/Dockerfile-debian-perl.template index 03e801f56..d26452c36 100644 --- a/Dockerfile-debian-perl.template +++ b/Dockerfile-debian-perl.template @@ -13,24 +13,46 @@ RUN set -x; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for -# let's build binaries from the published source packages - echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ - \ +# let's build binaries from the published packaging sources # new directory for storing sources and .deb files - && tempDir="$(mktemp -d)" \ + tempDir="$(mktemp -d)" \ && chmod 777 "$tempDir" \ # (777 to ensure APT's "_apt" user can access it too) \ # save list of currently-installed packages so build dependencies can be cleanly removed later && savedAptMark="$(apt-mark showmanual)" \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# build .deb files from upstream's packaging sources && apt-get update \ - && apt-get build-dep -y %%BUILDTARGET%% \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + curl \ + devscripts \ + equivs \ + git \ + libxml2-utils \ + lsb-release \ + xsltproc \ && ( \ cd "$tempDir" \ - && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile %%BUILDTARGET%% \ + && REVISION="%%REVISION%%" \ + && REVISION=${REVISION%~*} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="%%PKGOSSCHECKSUM%% *${REVISION}.tar.gz" \ + && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ + echo "pkg-oss tarball checksum verification succeeded!"; \ + else \ + echo "pkg-oss tarball checksum verification failed!"; \ + exit 1; \ + fi \ + && tar xzvf ${REVISION}.tar.gz \ + && cd pkg-oss-${REVISION} \ + && cd debian \ + && for target in %%BUILDTARGET%%; do \ + make rules-$target; \ + mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \ + debuild-$target/nginx-$NGINX_VERSION/debian/control; \ + done \ + && make %%BUILDTARGET%% \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index efef6e542..9dabd67c0 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -43,24 +43,46 @@ RUN set -x \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for -# let's build binaries from the published source packages - echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ - \ +# let's build binaries from the published packaging sources # new directory for storing sources and .deb files - && tempDir="$(mktemp -d)" \ + tempDir="$(mktemp -d)" \ && chmod 777 "$tempDir" \ # (777 to ensure APT's "_apt" user can access it too) \ # save list of currently-installed packages so build dependencies can be cleanly removed later && savedAptMark="$(apt-mark showmanual)" \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# build .deb files from upstream's packaging sources && apt-get update \ - && apt-get build-dep -y %%BUILDTARGET%% \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + curl \ + devscripts \ + equivs \ + git \ + libxml2-utils \ + lsb-release \ + xsltproc \ && ( \ cd "$tempDir" \ - && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile %%BUILDTARGET%% \ + && REVISION="%%REVISION%%" \ + && REVISION=${REVISION%~*} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="%%PKGOSSCHECKSUM%% *${REVISION}.tar.gz" \ + && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ + echo "pkg-oss tarball checksum verification succeeded!"; \ + else \ + echo "pkg-oss tarball checksum verification failed!"; \ + exit 1; \ + fi \ + && tar xzvf ${REVISION}.tar.gz \ + && cd pkg-oss-${REVISION} \ + && cd debian \ + && for target in %%BUILDTARGET%%; do \ + make rules-$target; \ + mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \ + debuild-$target/nginx-$NGINX_VERSION/debian/control; \ + done \ + && make %%BUILDTARGET%% \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 58a5cd998..1bb07c136 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -26,24 +26,46 @@ RUN set -x; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for -# let's build binaries from the published source packages - echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ - \ +# let's build binaries from the published packaging sources # new directory for storing sources and .deb files - && tempDir="$(mktemp -d)" \ + tempDir="$(mktemp -d)" \ && chmod 777 "$tempDir" \ # (777 to ensure APT's "_apt" user can access it too) \ # save list of currently-installed packages so build dependencies can be cleanly removed later && savedAptMark="$(apt-mark showmanual)" \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# build .deb files from upstream's packaging sources && apt-get update \ - && apt-get build-dep -y nginx-module-otel \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + curl \ + devscripts \ + equivs \ + git \ + libxml2-utils \ + lsb-release \ + xsltproc \ && ( \ cd "$tempDir" \ - && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile nginx-module-otel \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION=${REVISION%~*} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${REVISION}.tar.gz" \ + && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ + echo "pkg-oss tarball checksum verification succeeded!"; \ + else \ + echo "pkg-oss tarball checksum verification failed!"; \ + exit 1; \ + fi \ + && tar xzvf ${REVISION}.tar.gz \ + && cd pkg-oss-${REVISION} \ + && cd debian \ + && for target in module-otel; do \ + make rules-$target; \ + mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \ + debuild-$target/nginx-$NGINX_VERSION/debian/control; \ + done \ + && make module-otel \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index e3a51fb70..3c6682a81 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -24,24 +24,46 @@ RUN set -x; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for -# let's build binaries from the published source packages - echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ - \ +# let's build binaries from the published packaging sources # new directory for storing sources and .deb files - && tempDir="$(mktemp -d)" \ + tempDir="$(mktemp -d)" \ && chmod 777 "$tempDir" \ # (777 to ensure APT's "_apt" user can access it too) \ # save list of currently-installed packages so build dependencies can be cleanly removed later && savedAptMark="$(apt-mark showmanual)" \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# build .deb files from upstream's packaging sources && apt-get update \ - && apt-get build-dep -y nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + curl \ + devscripts \ + equivs \ + git \ + libxml2-utils \ + lsb-release \ + xsltproc \ && ( \ cd "$tempDir" \ - && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION=${REVISION%~*} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${REVISION}.tar.gz" \ + && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ + echo "pkg-oss tarball checksum verification succeeded!"; \ + else \ + echo "pkg-oss tarball checksum verification failed!"; \ + exit 1; \ + fi \ + && tar xzvf ${REVISION}.tar.gz \ + && cd pkg-oss-${REVISION} \ + && cd debian \ + && for target in module-perl; do \ + make rules-$target; \ + mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \ + debuild-$target/nginx-$NGINX_VERSION/debian/control; \ + done \ + && make module-perl \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 40a9838dc..5cbec01a9 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -53,24 +53,46 @@ RUN set -x \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for -# let's build binaries from the published source packages - echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ - \ +# let's build binaries from the published packaging sources # new directory for storing sources and .deb files - && tempDir="$(mktemp -d)" \ + tempDir="$(mktemp -d)" \ && chmod 777 "$tempDir" \ # (777 to ensure APT's "_apt" user can access it too) \ # save list of currently-installed packages so build dependencies can be cleanly removed later && savedAptMark="$(apt-mark showmanual)" \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# build .deb files from upstream's packaging sources && apt-get update \ - && apt-get build-dep -y $nginxPackages \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + curl \ + devscripts \ + equivs \ + git \ + libxml2-utils \ + lsb-release \ + xsltproc \ && ( \ cd "$tempDir" \ - && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile $nginxPackages \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION=${REVISION%~*} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${REVISION}.tar.gz" \ + && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ + echo "pkg-oss tarball checksum verification succeeded!"; \ + else \ + echo "pkg-oss tarball checksum verification failed!"; \ + exit 1; \ + fi \ + && tar xzvf ${REVISION}.tar.gz \ + && cd pkg-oss-${REVISION} \ + && cd debian \ + && for target in base module-geoip module-image-filter module-njs module-xslt; do \ + make rules-$target; \ + mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \ + debuild-$target/nginx-$NGINX_VERSION/debian/control; \ + done \ + && make base module-geoip module-image-filter module-njs module-xslt \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ diff --git a/stable/debian-otel/Dockerfile b/stable/debian-otel/Dockerfile index 1bc689614..f0c48907c 100644 --- a/stable/debian-otel/Dockerfile +++ b/stable/debian-otel/Dockerfile @@ -26,24 +26,46 @@ RUN set -x; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for -# let's build binaries from the published source packages - echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ - \ +# let's build binaries from the published packaging sources # new directory for storing sources and .deb files - && tempDir="$(mktemp -d)" \ + tempDir="$(mktemp -d)" \ && chmod 777 "$tempDir" \ # (777 to ensure APT's "_apt" user can access it too) \ # save list of currently-installed packages so build dependencies can be cleanly removed later && savedAptMark="$(apt-mark showmanual)" \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# build .deb files from upstream's packaging sources && apt-get update \ - && apt-get build-dep -y nginx-module-otel \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + curl \ + devscripts \ + equivs \ + git \ + libxml2-utils \ + lsb-release \ + xsltproc \ && ( \ cd "$tempDir" \ - && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile nginx-module-otel \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION=${REVISION%~*} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${REVISION}.tar.gz" \ + && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ + echo "pkg-oss tarball checksum verification succeeded!"; \ + else \ + echo "pkg-oss tarball checksum verification failed!"; \ + exit 1; \ + fi \ + && tar xzvf ${REVISION}.tar.gz \ + && cd pkg-oss-${REVISION} \ + && cd debian \ + && for target in module-otel; do \ + make rules-$target; \ + mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \ + debuild-$target/nginx-$NGINX_VERSION/debian/control; \ + done \ + && make module-otel \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 17b0f1036..394c98225 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -24,24 +24,46 @@ RUN set -x; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for -# let's build binaries from the published source packages - echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ - \ +# let's build binaries from the published packaging sources # new directory for storing sources and .deb files - && tempDir="$(mktemp -d)" \ + tempDir="$(mktemp -d)" \ && chmod 777 "$tempDir" \ # (777 to ensure APT's "_apt" user can access it too) \ # save list of currently-installed packages so build dependencies can be cleanly removed later && savedAptMark="$(apt-mark showmanual)" \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# build .deb files from upstream's packaging sources && apt-get update \ - && apt-get build-dep -y nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + curl \ + devscripts \ + equivs \ + git \ + libxml2-utils \ + lsb-release \ + xsltproc \ && ( \ cd "$tempDir" \ - && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION=${REVISION%~*} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${REVISION}.tar.gz" \ + && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ + echo "pkg-oss tarball checksum verification succeeded!"; \ + else \ + echo "pkg-oss tarball checksum verification failed!"; \ + exit 1; \ + fi \ + && tar xzvf ${REVISION}.tar.gz \ + && cd pkg-oss-${REVISION} \ + && cd debian \ + && for target in module-perl; do \ + make rules-$target; \ + mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \ + debuild-$target/nginx-$NGINX_VERSION/debian/control; \ + done \ + && make module-perl \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index e623e4141..c5a239539 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -53,24 +53,46 @@ RUN set -x \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for -# let's build binaries from the published source packages - echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ - \ +# let's build binaries from the published packaging sources # new directory for storing sources and .deb files - && tempDir="$(mktemp -d)" \ + tempDir="$(mktemp -d)" \ && chmod 777 "$tempDir" \ # (777 to ensure APT's "_apt" user can access it too) \ # save list of currently-installed packages so build dependencies can be cleanly removed later && savedAptMark="$(apt-mark showmanual)" \ \ -# build .deb files from upstream's source packages (which are verified by apt-get) +# build .deb files from upstream's packaging sources && apt-get update \ - && apt-get build-dep -y $nginxPackages \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + curl \ + devscripts \ + equivs \ + git \ + libxml2-utils \ + lsb-release \ + xsltproc \ && ( \ cd "$tempDir" \ - && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ - apt-get source --compile $nginxPackages \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION=${REVISION%~*} \ + && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${REVISION}.tar.gz" \ + && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ + echo "pkg-oss tarball checksum verification succeeded!"; \ + else \ + echo "pkg-oss tarball checksum verification failed!"; \ + exit 1; \ + fi \ + && tar xzvf ${REVISION}.tar.gz \ + && cd pkg-oss-${REVISION} \ + && cd debian \ + && for target in base module-geoip module-image-filter module-njs module-xslt; do \ + make rules-$target; \ + mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \ + debuild-$target/nginx-$NGINX_VERSION/debian/control; \ + done \ + && make base module-geoip module-image-filter module-njs module-xslt \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ diff --git a/update.sh b/update.sh index 9a7d6b9b2..84218c2dd 100755 --- a/update.sh +++ b/update.sh @@ -179,23 +179,17 @@ get_buildtarget() { alpine-slim) echo base ;; - alpine-perl) - echo module-perl - ;; - alpine-otel) - echo module-otel - ;; alpine) echo module-geoip module-image-filter module-njs module-xslt ;; debian) - echo "\$nginxPackages" + echo base module-geoip module-image-filter module-njs module-xslt ;; - debian-perl) - echo "nginx-module-perl=\${NGINX_VERSION}-\${DYNPKG_RELEASE}" + *-perl) + echo module-perl ;; - debian-otel) - echo "nginx-module-otel" + *-otel) + echo module-otel ;; esac } From 829c3fbedaad7d3d64b0b56a6c3948ac10e81bb3 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 4 Sep 2024 01:22:39 +0000 Subject: [PATCH 249/306] modules: pkg-oss moved to GitHub. --- modules/Dockerfile | 6 +++--- modules/Dockerfile.alpine | 2 +- modules/README.md | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/Dockerfile b/modules/Dockerfile index e9dea75b1..61573c17c 100644 --- a/modules/Dockerfile +++ b/modules/Dockerfile @@ -14,11 +14,11 @@ COPY ./ /modules/ RUN apt-get update \ && apt-get install -y --no-install-suggests --no-install-recommends \ - patch make wget mercurial devscripts debhelper dpkg-dev \ + patch make wget git devscripts debhelper dpkg-dev \ quilt lsb-release build-essential libxml2-utils xsltproc \ equivs git g++ libparse-recdescent-perl \ && XSLSCRIPT_SHA512="f7194c5198daeab9b3b0c3aebf006922c7df1d345d454bd8474489ff2eb6b4bf8e2ffe442489a45d1aab80da6ecebe0097759a1e12cc26b5f0613d05b7c09ffa *stdin" \ - && wget -O /tmp/xslscript.pl https://hg.nginx.org/xslscript/raw-file/01dc9ba12e1b/xslscript.pl \ + && wget -O /tmp/xslscript.pl https://raw.githubusercontent.com/nginx/xslscript/9204424259c343ca08a18a78915f40f28025e093/xslscript.pl \ && if [ "$(cat /tmp/xslscript.pl | openssl sha512 -r)" = "$XSLSCRIPT_SHA512" ]; then \ echo "XSLScript checksum verification succeeded!"; \ chmod +x /tmp/xslscript.pl; \ @@ -27,7 +27,7 @@ RUN apt-get update \ echo "XSLScript checksum verification failed!"; \ exit 1; \ fi \ - && hg clone -r ${NGINX_VERSION}-${PKG_RELEASE%%~*} https://hg.nginx.org/pkg-oss/ \ + && git clone -b ${NGINX_VERSION}-${PKG_RELEASE%%~*} https://github.com/nginx/pkg-oss/ \ && cd pkg-oss \ && mkdir /tmp/packages \ && for module in $ENABLED_MODULES; do \ diff --git a/modules/Dockerfile.alpine b/modules/Dockerfile.alpine index f6d39c0db..9b305fff5 100644 --- a/modules/Dockerfile.alpine +++ b/modules/Dockerfile.alpine @@ -19,7 +19,7 @@ RUN apk update \ # allow abuild as a root user \ && printf "#!/bin/sh\\nSETFATTR=true /usr/bin/abuild -F \"\$@\"\\n" > /usr/local/bin/abuild \ && chmod +x /usr/local/bin/abuild \ - && hg clone -r ${NGINX_VERSION}-${PKG_RELEASE} https://hg.nginx.org/pkg-oss/ \ + && git clone -b ${NGINX_VERSION}-${PKG_RELEASE} https://github.com/nginx/pkg-oss/ \ && cd pkg-oss \ && mkdir /tmp/packages \ && for module in $ENABLED_MODULES; do \ diff --git a/modules/README.md b/modules/README.md index e1ff4ba73..624b97cc0 100644 --- a/modules/README.md +++ b/modules/README.md @@ -3,7 +3,7 @@ It's possible to extend a mainline image with third-party modules either from your own instuctions following a simple filesystem layout/syntax using `build_module.sh` helper script, or falling back to package sources from -[pkg-oss](https://hg.nginx.org/pkg-oss). +[pkg-oss](https://github.com/nginx/pkg-oss). ## Requirements @@ -101,7 +101,7 @@ reproduce with a vanilla image first. ### docker-compose with pre-packaged modules If desired modules are already packaged in -[pkg-oss](https://hg.nginx.org/pkg-oss/) - e.g. `debian/Makefile.module-*` +[pkg-oss](https://github.com/nginx/pkg-oss/) - e.g. `debian/Makefile.module-*` exists for a given module, you can use this example. 1. Create a directory for your project: From d8e917637c776fef865b0740a752980f26162877 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 4 Sep 2024 01:33:55 +0000 Subject: [PATCH 250/306] pkg-oss moved to GitHub. --- Dockerfile-alpine-otel.template | 2 +- Dockerfile-alpine-perl.template | 2 +- Dockerfile-alpine-slim.template | 2 +- Dockerfile-alpine.template | 2 +- Dockerfile-debian-otel.template | 2 +- Dockerfile-debian-perl.template | 2 +- Dockerfile-debian.template | 2 +- mainline/alpine-otel/Dockerfile | 4 ++-- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 4 ++-- mainline/debian-otel/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 4 ++-- stable/alpine-otel/Dockerfile | 4 ++-- stable/alpine-perl/Dockerfile | 4 ++-- stable/alpine-slim/Dockerfile | 4 ++-- stable/alpine/Dockerfile | 4 ++-- stable/debian-otel/Dockerfile | 4 ++-- stable/debian-perl/Dockerfile | 4 ++-- stable/debian/Dockerfile | 4 ++-- update.sh | 4 ++-- 22 files changed, 37 insertions(+), 37 deletions(-) diff --git a/Dockerfile-alpine-otel.template b/Dockerfile-alpine-otel.template index f122273e1..7b4bc8f6b 100644 --- a/Dockerfile-alpine-otel.template +++ b/Dockerfile-alpine-otel.template @@ -39,7 +39,7 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/%%REVISION%%.tar.gz \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/%%REVISION%%.tar.gz \ && PKGOSSCHECKSUM=\"%%PKGOSSCHECKSUM%% *%%REVISION%%.tar.gz\" \ && if [ \"\$(openssl sha512 -r %%REVISION%%.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ diff --git a/Dockerfile-alpine-perl.template b/Dockerfile-alpine-perl.template index 2726d46e3..6fc37deac 100644 --- a/Dockerfile-alpine-perl.template +++ b/Dockerfile-alpine-perl.template @@ -34,7 +34,7 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/%%REVISION%%.tar.gz \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/%%REVISION%%.tar.gz \ && PKGOSSCHECKSUM=\"%%PKGOSSCHECKSUM%% *%%REVISION%%.tar.gz\" \ && if [ \"\$(openssl sha512 -r %%REVISION%%.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template index b60e641e5..896b9a5cb 100644 --- a/Dockerfile-alpine-slim.template +++ b/Dockerfile-alpine-slim.template @@ -52,7 +52,7 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/%%REVISION%%.tar.gz \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/%%REVISION%%.tar.gz \ && PKGOSSCHECKSUM=\"%%PKGOSSCHECKSUM%% *%%REVISION%%.tar.gz\" \ && if [ \"\$(openssl sha512 -r %%REVISION%%.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 437eb7e0b..bc77dfd61 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -40,7 +40,7 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/%%REVISION%%.tar.gz \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/%%REVISION%%.tar.gz \ && PKGOSSCHECKSUM=\"%%PKGOSSCHECKSUM%% *%%REVISION%%.tar.gz\" \ && if [ \"\$(openssl sha512 -r %%REVISION%%.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ diff --git a/Dockerfile-debian-otel.template b/Dockerfile-debian-otel.template index 50f090320..709836c17 100644 --- a/Dockerfile-debian-otel.template +++ b/Dockerfile-debian-otel.template @@ -38,7 +38,7 @@ RUN set -x; \ cd "$tempDir" \ && REVISION="%%REVISION%%" \ && REVISION=${REVISION%~*} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ && PKGOSSCHECKSUM="%%PKGOSSCHECKSUM%% *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ diff --git a/Dockerfile-debian-perl.template b/Dockerfile-debian-perl.template index d26452c36..84cf99f6e 100644 --- a/Dockerfile-debian-perl.template +++ b/Dockerfile-debian-perl.template @@ -36,7 +36,7 @@ RUN set -x; \ cd "$tempDir" \ && REVISION="%%REVISION%%" \ && REVISION=${REVISION%~*} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ && PKGOSSCHECKSUM="%%PKGOSSCHECKSUM%% *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 9dabd67c0..9138f4c9a 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -66,7 +66,7 @@ RUN set -x \ cd "$tempDir" \ && REVISION="%%REVISION%%" \ && REVISION=${REVISION%~*} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ && PKGOSSCHECKSUM="%%PKGOSSCHECKSUM%% *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index 320fb0745..161136017 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -50,8 +50,8 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index dc7219fd9..7c798b88b 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -45,8 +45,8 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index a93180941..67b58c111 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -58,8 +58,8 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 1bb5b530a..a30b5b382 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -50,8 +50,8 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 1bb07c136..076c4679d 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -49,8 +49,8 @@ RUN set -x; \ cd "$tempDir" \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${REVISION}.tar.gz" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 3c6682a81..c1cc3a37d 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -47,8 +47,8 @@ RUN set -x; \ cd "$tempDir" \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${REVISION}.tar.gz" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 5cbec01a9..e39e378d0 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -76,8 +76,8 @@ RUN set -x \ cd "$tempDir" \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${REVISION}.tar.gz" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/alpine-otel/Dockerfile b/stable/alpine-otel/Dockerfile index dbb4501ed..c8928e3c2 100644 --- a/stable/alpine-otel/Dockerfile +++ b/stable/alpine-otel/Dockerfile @@ -50,8 +50,8 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 077ff3e91..8c4068fee 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -45,8 +45,8 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index d1d3d8a65..ce62fc815 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -58,8 +58,8 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 603b75489..ed53f9a83 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -50,8 +50,8 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/debian-otel/Dockerfile b/stable/debian-otel/Dockerfile index f0c48907c..c2ae60e99 100644 --- a/stable/debian-otel/Dockerfile +++ b/stable/debian-otel/Dockerfile @@ -49,8 +49,8 @@ RUN set -x; \ cd "$tempDir" \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${REVISION}.tar.gz" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 394c98225..c14fdd506 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -47,8 +47,8 @@ RUN set -x; \ cd "$tempDir" \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${REVISION}.tar.gz" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index c5a239539..593ca813d 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -76,8 +76,8 @@ RUN set -x \ cd "$tempDir" \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ - && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${REVISION}.tar.gz" \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ + && PKGOSSCHECKSUM="b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/update.sh b/update.sh index 84218c2dd..ce510b4b1 100755 --- a/update.sh +++ b/update.sh @@ -72,8 +72,8 @@ declare -A rev=( # revision/tag in the previous block # Used in alpine builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907' - [stable]='825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a' + [mainline]='e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443' + [stable]='b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764' ) get_packages() { From d3ac5b0b9dd316db5797e13789b5b8c3e8fa9ff6 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 4 Sep 2024 01:35:10 +0000 Subject: [PATCH 251/306] update.sh: minor wording changes to accomodate for latest changes. --- update.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/update.sh b/update.sh index ce510b4b1..0773e4709 100755 --- a/update.sh +++ b/update.sh @@ -60,8 +60,8 @@ declare -A alpine=( ) # When we bump njs version in a stable release we don't move the tag in the -# mercurial repo. This setting allows us to specify a revision to check out -# when building alpine packages on architectures not supported by nginx.org +# pkg-oss repo. This setting allows us to specify a revision to check out +# when building packages on architectures not supported by nginx.org # Remember to update pkgosschecksum when changing this. declare -A rev=( [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' @@ -70,7 +70,7 @@ declare -A rev=( # Holds SHA512 checksum for the pkg-oss tarball produced by source code # revision/tag in the previous block -# Used in alpine builds for architectures not packaged by nginx.org +# Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( [mainline]='e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443' [stable]='b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764' From 6a4c0cb4ac7e53bbbe473df71b61a5bf9f95252f Mon Sep 17 00:00:00 2001 From: oxpa Date: Wed, 2 Oct 2024 18:47:05 +0100 Subject: [PATCH 252/306] Updated mainline to 1.27.2. --- mainline/alpine-otel/Dockerfile | 4 ++-- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 6 +++--- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-otel/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 8 ++++---- update.sh | 8 ++++---- 8 files changed, 22 insertions(+), 22 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index 161136017..d396fa25d 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.1-alpine +FROM nginx:1.27.2-alpine ENV OTEL_VERSION 0.1.0 @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 7c798b88b..db4489c72 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.1-alpine +FROM nginx:1.27.2-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -46,7 +46,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 67b58c111..1491b23b2 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,9 +7,9 @@ FROM alpine:3.20 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.27.1 +ENV NGINX_VERSION 1.27.2 ENV PKG_RELEASE 1 -ENV DYNPKG_RELEASE 2 +ENV DYNPKG_RELEASE 1 RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index a30b5b382..246edd81c 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.1-alpine-slim +FROM nginx:1.27.2-alpine-slim -ENV NJS_VERSION 0.8.5 +ENV NJS_VERSION 0.8.6 ENV NJS_RELEASE 1 RUN set -x \ @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 076c4679d..9cc28f637 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.1 +FROM nginx:1.27.2 ENV OTEL_VERSION 0.1.0 @@ -50,7 +50,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index c1cc3a37d..ef4bcf3d8 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.1 +FROM nginx:1.27.2 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -48,7 +48,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index e39e378d0..2e9d964ba 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,11 +7,11 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.27.1 -ENV NJS_VERSION 0.8.5 +ENV NGINX_VERSION 1.27.2 +ENV NJS_VERSION 0.8.6 ENV NJS_RELEASE 1~bookworm ENV PKG_RELEASE 1~bookworm -ENV DYNPKG_RELEASE 2~bookworm +ENV DYNPKG_RELEASE 1~bookworm RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -77,7 +77,7 @@ RUN set -x \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/update.sh b/update.sh index 0773e4709..02cc9c6d7 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.27.1' + [mainline]='1.27.2' [stable]='1.26.2' ) # Current njs versions declare -A njs=( - [mainline]='0.8.5' + [mainline]='0.8.6' [stable]='0.8.5' ) @@ -45,7 +45,7 @@ declare -A pkg=( # Current built-in dynamic modules package patchlevel version # Remember to update pkgosschecksum when changing this declare -A dynpkg=( - [mainline]=2 + [mainline]=1 [stable]=2 ) @@ -72,7 +72,7 @@ declare -A rev=( # revision/tag in the previous block # Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='e1a8e980d904df21484fc09793f1c938d566dcf0e752171714e70fc364dcd54b1bf3ce3e2ec90747114c5b24ac8050f1e8c6a774ff4476508d5dc99666e59443' + [mainline]='6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c' [stable]='b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764' ) From d21b4f2d90a1abb712a610678872e804267f4815 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 26 Nov 2024 10:14:45 -0800 Subject: [PATCH 253/306] Updated mainline nginx to 1.27.3. While at it, bump njs to 0.8.7. --- mainline/alpine-otel/Dockerfile | 4 ++-- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-otel/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 6 +++--- update.sh | 6 +++--- 8 files changed, 19 insertions(+), 19 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index d396fa25d..cace990cc 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.2-alpine +FROM nginx:1.27.3-alpine ENV OTEL_VERSION 0.1.0 @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index db4489c72..8526345d6 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.2-alpine +FROM nginx:1.27.3-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -46,7 +46,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 1491b23b2..11a27aa3d 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.20 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.27.2 +ENV NGINX_VERSION 1.27.3 ENV PKG_RELEASE 1 ENV DYNPKG_RELEASE 1 @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 246edd81c..f96405640 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.2-alpine-slim +FROM nginx:1.27.3-alpine-slim -ENV NJS_VERSION 0.8.6 +ENV NJS_VERSION 0.8.7 ENV NJS_RELEASE 1 RUN set -x \ @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 9cc28f637..f10a00261 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.2 +FROM nginx:1.27.3 ENV OTEL_VERSION 0.1.0 @@ -50,7 +50,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index ef4bcf3d8..25d524608 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.2 +FROM nginx:1.27.3 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -48,7 +48,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 2e9d964ba..70155d492 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.27.2 -ENV NJS_VERSION 0.8.6 +ENV NGINX_VERSION 1.27.3 +ENV NJS_VERSION 0.8.7 ENV NJS_RELEASE 1~bookworm ENV PKG_RELEASE 1~bookworm ENV DYNPKG_RELEASE 1~bookworm @@ -77,7 +77,7 @@ RUN set -x \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/update.sh b/update.sh index 02cc9c6d7..8eebd74e7 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.27.2' + [mainline]='1.27.3' [stable]='1.26.2' ) # Current njs versions declare -A njs=( - [mainline]='0.8.6' + [mainline]='0.8.7' [stable]='0.8.5' ) @@ -72,7 +72,7 @@ declare -A rev=( # revision/tag in the previous block # Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c' + [mainline]='5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960' [stable]='b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764' ) From 9bef259b010ed747bc3352dd2aaad8cdf66d4444 Mon Sep 17 00:00:00 2001 From: Meng Zhuo Date: Thu, 15 Aug 2024 09:51:22 +0800 Subject: [PATCH 254/306] Add riscv64 support --- generate-stackbrew-library.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 3a21d6418..bfb45a8a5 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -120,7 +120,7 @@ for version in "${versions[@]}"; do echo cat <<-EOE Tags: $(join ', ' "${variantAliases[@]}") - Architectures: arm64v8, arm32v6, arm32v7, ppc64le, s390x, i386, amd64 + Architectures: arm64v8, arm32v6, arm32v7, ppc64le, s390x, i386, amd64, riscv64 GitCommit: $commit Directory: $version/$variant EOE From da92b328a0eef8258ed02bb23689f9bf8409ceca Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 10 Dec 2024 17:58:52 -0800 Subject: [PATCH 255/306] Added a CI job to sync images to AWS ECR Public. --- .github/workflows/sync.yml | 44 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 .github/workflows/sync.yml diff --git a/.github/workflows/sync.yml b/.github/workflows/sync.yml new file mode 100644 index 000000000..99dc98601 --- /dev/null +++ b/.github/workflows/sync.yml @@ -0,0 +1,44 @@ +name: Sync DockerHub with AWS ECR + +on: + workflow_dispatch: + schedule: + - cron: 23 20 * * * + +defaults: + run: + shell: 'bash -Eeuo pipefail -x {0}' + +jobs: + sync-awsecr: + name: Sync Docker Hub to AWS ECR Public + runs-on: ubuntu-24.04 + permissions: + id-token: write + contents: read + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + with: + role-to-assume: ${{ secrets.AWS_ROLE_PUBLIC_ECR }} + aws-region: us-east-1 + + - name: Login to Amazon ECR Public + id: login-ecr-public + uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1 + with: + registry-type: public + + - name: Login to Docker Hub + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Build, tag, and push docker image to Amazon ECR Public + run: | + ./sync-awsecr.sh > sync-real.sh + chmod +x sync-real.sh + ./sync-real.sh From 767c5b46e0e6e27f3af88da2b5d31c84c17dee59 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 16 Dec 2024 13:39:06 -0800 Subject: [PATCH 256/306] CI: bump docker-library/bashbrew to contemporary version --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 30eccf55b..37d7a6218 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,7 +19,7 @@ jobs: strategy: ${{ steps.generate-jobs.outputs.strategy }} steps: - uses: actions/checkout@v3 - - uses: docker-library/bashbrew@v0.1.8 + - uses: docker-library/bashbrew@v0.1.12 - id: generate-jobs name: Generate Jobs run: | From 135307daa356d74185053a2d9d99c85854d84f34 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 27 Dec 2024 09:25:21 -0800 Subject: [PATCH 257/306] Updated njs to 0.8.8 --- update.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/update.sh b/update.sh index 8eebd74e7..bf01741fe 100755 --- a/update.sh +++ b/update.sh @@ -18,8 +18,8 @@ declare -A nginx=( # Current njs versions declare -A njs=( - [mainline]='0.8.7' - [stable]='0.8.5' + [mainline]='0.8.8' + [stable]='0.8.8' ) # Current njs patchlevel version @@ -64,16 +64,16 @@ declare -A alpine=( # when building packages on architectures not supported by nginx.org # Remember to update pkgosschecksum when changing this. declare -A rev=( - [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' - [stable]='${NGINX_VERSION}-${PKG_RELEASE}' + [mainline]='0286c5190d972a49bffc9bf247885dd510ce8181' + [stable]='f43e929dc7a6111ef5d9ecb281a75749f7934261' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code # revision/tag in the previous block # Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960' - [stable]='b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764' + [mainline]='1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535' + [stable]='315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6' ) get_packages() { From f227279d7b5c8ae8f99d29ed61f0da4c9ac0a404 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 27 Dec 2024 09:26:59 -0800 Subject: [PATCH 258/306] Updated dockerfiles after the last commit --- mainline/alpine-otel/Dockerfile | 10 +++++----- mainline/alpine-perl/Dockerfile | 10 +++++----- mainline/alpine-slim/Dockerfile | 10 +++++----- mainline/alpine/Dockerfile | 12 ++++++------ mainline/debian-otel/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 6 +++--- stable/alpine-otel/Dockerfile | 10 +++++----- stable/alpine-perl/Dockerfile | 10 +++++----- stable/alpine-slim/Dockerfile | 10 +++++----- stable/alpine/Dockerfile | 12 ++++++------ stable/debian-otel/Dockerfile | 4 ++-- stable/debian-perl/Dockerfile | 4 ++-- stable/debian/Dockerfile | 6 +++--- 14 files changed, 56 insertions(+), 56 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index cace990cc..272387915 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -50,16 +50,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ + && PKGOSSCHECKSUM=\"1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ + && cd pkg-oss-0286c5190d972a49bffc9bf247885dd510ce8181 \ && cd alpine \ && make module-otel \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 8526345d6..6f02b3ccb 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -45,16 +45,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ + && PKGOSSCHECKSUM=\"1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ + && cd pkg-oss-0286c5190d972a49bffc9bf247885dd510ce8181 \ && cd alpine \ && make module-perl \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 11a27aa3d..58e01411f 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -58,16 +58,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ + && PKGOSSCHECKSUM=\"1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ + && cd pkg-oss-0286c5190d972a49bffc9bf247885dd510ce8181 \ && cd alpine \ && make base \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index f96405640..6c82f99a9 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -5,7 +5,7 @@ # FROM nginx:1.27.3-alpine-slim -ENV NJS_VERSION 0.8.7 +ENV NJS_VERSION 0.8.8 ENV NJS_RELEASE 1 RUN set -x \ @@ -50,16 +50,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ + && PKGOSSCHECKSUM=\"1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ + && cd pkg-oss-0286c5190d972a49bffc9bf247885dd510ce8181 \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index f10a00261..30b6c0410 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -47,10 +47,10 @@ RUN set -x; \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION="0286c5190d972a49bffc9bf247885dd510ce8181" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 25d524608..d11af1574 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -45,10 +45,10 @@ RUN set -x; \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION="0286c5190d972a49bffc9bf247885dd510ce8181" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 70155d492..c25a780db 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.27.3 -ENV NJS_VERSION 0.8.7 +ENV NJS_VERSION 0.8.8 ENV NJS_RELEASE 1~bookworm ENV PKG_RELEASE 1~bookworm ENV DYNPKG_RELEASE 1~bookworm @@ -74,10 +74,10 @@ RUN set -x \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION="0286c5190d972a49bffc9bf247885dd510ce8181" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="5617feecfb441cd972b9ac51a2fd78384a3d2bde2f399163be0746d44ec8f7d8c47234af4f6b0012667c3d0446cced521f55f8f71254415e3766c2e3802bf960 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/alpine-otel/Dockerfile b/stable/alpine-otel/Dockerfile index c8928e3c2..ccfa9139e 100644 --- a/stable/alpine-otel/Dockerfile +++ b/stable/alpine-otel/Dockerfile @@ -50,16 +50,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ + && PKGOSSCHECKSUM=\"315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz\" \ + && if [ \"\$(openssl sha512 -r f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ + && cd pkg-oss-f43e929dc7a6111ef5d9ecb281a75749f7934261 \ && cd alpine \ && make module-otel \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 8c4068fee..f64de3682 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -45,16 +45,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ + && PKGOSSCHECKSUM=\"315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz\" \ + && if [ \"\$(openssl sha512 -r f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ + && cd pkg-oss-f43e929dc7a6111ef5d9ecb281a75749f7934261 \ && cd alpine \ && make module-perl \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index ce62fc815..949cd4c14 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -58,16 +58,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ + && PKGOSSCHECKSUM=\"315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz\" \ + && if [ \"\$(openssl sha512 -r f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ + && cd pkg-oss-f43e929dc7a6111ef5d9ecb281a75749f7934261 \ && cd alpine \ && make base \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index ed53f9a83..9a638a5dc 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -5,7 +5,7 @@ # FROM nginx:1.26.2-alpine-slim -ENV NJS_VERSION 0.8.5 +ENV NJS_VERSION 0.8.8 ENV NJS_RELEASE 1 RUN set -x \ @@ -50,16 +50,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ + && PKGOSSCHECKSUM=\"315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz\" \ + && if [ \"\$(openssl sha512 -r f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ + && cd pkg-oss-f43e929dc7a6111ef5d9ecb281a75749f7934261 \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian-otel/Dockerfile b/stable/debian-otel/Dockerfile index c2ae60e99..225651269 100644 --- a/stable/debian-otel/Dockerfile +++ b/stable/debian-otel/Dockerfile @@ -47,10 +47,10 @@ RUN set -x; \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION="f43e929dc7a6111ef5d9ecb281a75749f7934261" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index c14fdd506..a8d611620 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -45,10 +45,10 @@ RUN set -x; \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION="f43e929dc7a6111ef5d9ecb281a75749f7934261" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 593ca813d..416d8338f 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -8,7 +8,7 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.26.2 -ENV NJS_VERSION 0.8.5 +ENV NJS_VERSION 0.8.8 ENV NJS_RELEASE 1~bookworm ENV PKG_RELEASE 1~bookworm ENV DYNPKG_RELEASE 2~bookworm @@ -74,10 +74,10 @@ RUN set -x \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION="f43e929dc7a6111ef5d9ecb281a75749f7934261" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="b5d8ad59567a5df18f134236c4e22a339229cd56f4b2ae8d1b77a17f3dcfb16672103bd9191d419acf93c90e866b59417aad26ad7710d9dcc53bf38d1f88d764 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ From 150370563fcce53e834194ce154f4035ee52d7bf Mon Sep 17 00:00:00 2001 From: Jesper Noordsij Date: Thu, 5 Dec 2024 14:21:48 +0100 Subject: [PATCH 259/306] Update mainline to Alpine 3.21 --- mainline/alpine-slim/Dockerfile | 2 +- update.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 58e01411f..c9a2e62ea 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.20 +FROM alpine:3.21 LABEL maintainer="NGINX Docker Maintainers " diff --git a/update.sh b/update.sh index bf01741fe..e2563dbf9 100755 --- a/update.sh +++ b/update.sh @@ -55,7 +55,7 @@ declare -A debian=( ) declare -A alpine=( - [mainline]='3.20' + [mainline]='3.21' [stable]='3.20' ) From 6b055c471a6619d4c81671e682a6d6affe0cf9c0 Mon Sep 17 00:00:00 2001 From: Wesley Pyburn <10319195+TCNOco@users.noreply.github.com> Date: Sun, 22 Dec 2024 02:01:03 +0200 Subject: [PATCH 260/306] Fix FromAsCasing Docker complains about FROM ${NGINX_FROM_IMAGE} as builder because `'as' and 'FROM' keywords' casing do not match` [info](https://docs.docker.com/reference/build-checks/from-as-casing/). Super simple fix. Absolutely a minor fix, but it's one less warning. --- modules/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Dockerfile b/modules/Dockerfile index 61573c17c..2e77a0405 100644 --- a/modules/Dockerfile +++ b/modules/Dockerfile @@ -1,5 +1,5 @@ ARG NGINX_FROM_IMAGE=nginx:mainline -FROM ${NGINX_FROM_IMAGE} as builder +FROM ${NGINX_FROM_IMAGE} AS builder ARG ENABLED_MODULES From 36e3b8eb3ae82085348d36857c7086ec0954b68a Mon Sep 17 00:00:00 2001 From: Wesley Pyburn <10319195+TCNOco@users.noreply.github.com> Date: Sun, 22 Dec 2024 02:04:39 +0200 Subject: [PATCH 261/306] Another FromAsCasing fix --- modules/Dockerfile.alpine | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Dockerfile.alpine b/modules/Dockerfile.alpine index 9b305fff5..0ea49f5ce 100644 --- a/modules/Dockerfile.alpine +++ b/modules/Dockerfile.alpine @@ -1,5 +1,5 @@ ARG NGINX_FROM_IMAGE=nginx:mainline-alpine -FROM ${NGINX_FROM_IMAGE} as builder +FROM ${NGINX_FROM_IMAGE} AS builder ARG ENABLED_MODULES From 86a61eb483d3c7288562d21933db6ad8e0748d17 Mon Sep 17 00:00:00 2001 From: pengcheng Date: Tue, 7 Jan 2025 16:29:41 +0800 Subject: [PATCH 262/306] rm mercurial cause it's replaced by git --- modules/Dockerfile.alpine | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Dockerfile.alpine b/modules/Dockerfile.alpine index 0ea49f5ce..2cdb29366 100644 --- a/modules/Dockerfile.alpine +++ b/modules/Dockerfile.alpine @@ -14,7 +14,7 @@ COPY ./ /modules/ RUN apk update \ && apk add linux-headers openssl-dev pcre2-dev zlib-dev openssl abuild \ - musl-dev libxslt libxml2-utils make mercurial gcc unzip git \ + musl-dev libxslt libxml2-utils make gcc unzip git \ xz g++ coreutils curl \ # allow abuild as a root user \ && printf "#!/bin/sh\\nSETFATTR=true /usr/bin/abuild -F \"\$@\"\\n" > /usr/local/bin/abuild \ From a91845d5b0a05066001354a442974530e23a7ef1 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 5 Feb 2025 11:02:08 -0800 Subject: [PATCH 263/306] Updated NGINX to 1.26.3 and 1.27.4. While at it, bump njs and otel that are now shipped with those releases. --- Dockerfile-alpine-otel.template | 4 ++-- update.sh | 20 ++++++++++---------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/Dockerfile-alpine-otel.template b/Dockerfile-alpine-otel.template index 7b4bc8f6b..b870b9544 100644 --- a/Dockerfile-alpine-otel.template +++ b/Dockerfile-alpine-otel.template @@ -34,8 +34,8 @@ RUN set -x \ findutils \ curl \ xz \ - re2-dev \ - c-ares-dev \ + protobuf-dev \ + grpc-dev \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ diff --git a/update.sh b/update.sh index e2563dbf9..8f79de6a2 100755 --- a/update.sh +++ b/update.sh @@ -12,14 +12,14 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.27.3' - [stable]='1.26.2' + [mainline]='1.27.4' + [stable]='1.26.3' ) # Current njs versions declare -A njs=( - [mainline]='0.8.8' - [stable]='0.8.8' + [mainline]='0.8.9' + [stable]='0.8.9' ) # Current njs patchlevel version @@ -31,8 +31,8 @@ declare -A njspkg=( # Current otel versions declare -A otel=( - [mainline]='0.1.0' - [stable]='0.1.0' + [mainline]='0.1.1' + [stable]='0.1.1' ) # Current nginx package patchlevel version @@ -64,16 +64,16 @@ declare -A alpine=( # when building packages on architectures not supported by nginx.org # Remember to update pkgosschecksum when changing this. declare -A rev=( - [mainline]='0286c5190d972a49bffc9bf247885dd510ce8181' - [stable]='f43e929dc7a6111ef5d9ecb281a75749f7934261' + [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' + [stable]='${NGINX_VERSION}-${PKG_RELEASE}' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code # revision/tag in the previous block # Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535' - [stable]='315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6' + [mainline]='973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845' + [stable]='3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea' ) get_packages() { From cffeb933620093bc0c08c0b28c3d5cbaec79d729 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 5 Feb 2025 11:02:54 -0800 Subject: [PATCH 264/306] Updated dockerfiles after the last commits. --- mainline/alpine-otel/Dockerfile | 18 +++++++++--------- mainline/alpine-perl/Dockerfile | 12 ++++++------ mainline/alpine-slim/Dockerfile | 12 ++++++------ mainline/alpine/Dockerfile | 14 +++++++------- mainline/debian-otel/Dockerfile | 8 ++++---- mainline/debian-perl/Dockerfile | 6 +++--- mainline/debian/Dockerfile | 8 ++++---- stable/alpine-otel/Dockerfile | 18 +++++++++--------- stable/alpine-perl/Dockerfile | 12 ++++++------ stable/alpine-slim/Dockerfile | 12 ++++++------ stable/alpine/Dockerfile | 14 +++++++------- stable/debian-otel/Dockerfile | 8 ++++---- stable/debian-perl/Dockerfile | 6 +++--- stable/debian/Dockerfile | 8 ++++---- 14 files changed, 78 insertions(+), 78 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index 272387915..b7e897a8d 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.3-alpine +FROM nginx:1.27.4-alpine -ENV OTEL_VERSION 0.1.0 +ENV OTEL_VERSION 0.1.1 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -45,21 +45,21 @@ RUN set -x \ findutils \ curl \ xz \ - re2-dev \ - c-ares-dev \ + protobuf-dev \ + grpc-dev \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ - && PKGOSSCHECKSUM=\"1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ - && cd pkg-oss-0286c5190d972a49bffc9bf247885dd510ce8181 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-otel \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 6f02b3ccb..16bc601fe 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.3-alpine +FROM nginx:1.27.4-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -45,16 +45,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ - && PKGOSSCHECKSUM=\"1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ - && cd pkg-oss-0286c5190d972a49bffc9bf247885dd510ce8181 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-perl \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index c9a2e62ea..caab8e19b 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.21 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.27.3 +ENV NGINX_VERSION 1.27.4 ENV PKG_RELEASE 1 ENV DYNPKG_RELEASE 1 @@ -58,16 +58,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ - && PKGOSSCHECKSUM=\"1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ - && cd pkg-oss-0286c5190d972a49bffc9bf247885dd510ce8181 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make base \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 6c82f99a9..03a8fd94c 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.3-alpine-slim +FROM nginx:1.27.4-alpine-slim -ENV NJS_VERSION 0.8.8 +ENV NJS_VERSION 0.8.9 ENV NJS_RELEASE 1 RUN set -x \ @@ -50,16 +50,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ - && PKGOSSCHECKSUM=\"1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz\" \ - && if [ \"\$(openssl sha512 -r 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf 0286c5190d972a49bffc9bf247885dd510ce8181.tar.gz \ - && cd pkg-oss-0286c5190d972a49bffc9bf247885dd510ce8181 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 30b6c0410..7119d905e 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.3 +FROM nginx:1.27.4 -ENV OTEL_VERSION 0.1.0 +ENV OTEL_VERSION 0.1.1 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -47,10 +47,10 @@ RUN set -x; \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="0286c5190d972a49bffc9bf247885dd510ce8181" \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index d11af1574..662381c65 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.3 +FROM nginx:1.27.4 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -45,10 +45,10 @@ RUN set -x; \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="0286c5190d972a49bffc9bf247885dd510ce8181" \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index c25a780db..d71d71926 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.27.3 -ENV NJS_VERSION 0.8.8 +ENV NGINX_VERSION 1.27.4 +ENV NJS_VERSION 0.8.9 ENV NJS_RELEASE 1~bookworm ENV PKG_RELEASE 1~bookworm ENV DYNPKG_RELEASE 1~bookworm @@ -74,10 +74,10 @@ RUN set -x \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="0286c5190d972a49bffc9bf247885dd510ce8181" \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="1e546bd15d7bc68e1772ecb6a73e29ba108ee5554a28928e57af038a9e8fc4f5cd35708ce89ad1dfaac97d870e663d32ef41045611d30b20d38b46816e3ab535 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/alpine-otel/Dockerfile b/stable/alpine-otel/Dockerfile index ccfa9139e..cb6cd3bd5 100644 --- a/stable/alpine-otel/Dockerfile +++ b/stable/alpine-otel/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.2-alpine +FROM nginx:1.26.3-alpine -ENV OTEL_VERSION 0.1.0 +ENV OTEL_VERSION 0.1.1 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -45,21 +45,21 @@ RUN set -x \ findutils \ curl \ xz \ - re2-dev \ - c-ares-dev \ + protobuf-dev \ + grpc-dev \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ - && PKGOSSCHECKSUM=\"315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz\" \ - && if [ \"\$(openssl sha512 -r f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ - && cd pkg-oss-f43e929dc7a6111ef5d9ecb281a75749f7934261 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-otel \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index f64de3682..133c8a6eb 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.2-alpine +FROM nginx:1.26.3-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -45,16 +45,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ - && PKGOSSCHECKSUM=\"315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz\" \ - && if [ \"\$(openssl sha512 -r f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ - && cd pkg-oss-f43e929dc7a6111ef5d9ecb281a75749f7934261 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-perl \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 949cd4c14..d125af5fb 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.20 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.26.2 +ENV NGINX_VERSION 1.26.3 ENV PKG_RELEASE 1 ENV DYNPKG_RELEASE 2 @@ -58,16 +58,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ - && PKGOSSCHECKSUM=\"315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz\" \ - && if [ \"\$(openssl sha512 -r f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ - && cd pkg-oss-f43e929dc7a6111ef5d9ecb281a75749f7934261 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make base \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 9a638a5dc..ec1007e40 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.2-alpine-slim +FROM nginx:1.26.3-alpine-slim -ENV NJS_VERSION 0.8.8 +ENV NJS_VERSION 0.8.9 ENV NJS_RELEASE 1 RUN set -x \ @@ -50,16 +50,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ - && PKGOSSCHECKSUM=\"315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz\" \ - && if [ \"\$(openssl sha512 -r f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && PKGOSSCHECKSUM=\"3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf f43e929dc7a6111ef5d9ecb281a75749f7934261.tar.gz \ - && cd pkg-oss-f43e929dc7a6111ef5d9ecb281a75749f7934261 \ + && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ + && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ && make module-geoip module-image-filter module-njs module-xslt \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/debian-otel/Dockerfile b/stable/debian-otel/Dockerfile index 225651269..c39b0ee7a 100644 --- a/stable/debian-otel/Dockerfile +++ b/stable/debian-otel/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.2 +FROM nginx:1.26.3 -ENV OTEL_VERSION 0.1.0 +ENV OTEL_VERSION 0.1.1 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -47,10 +47,10 @@ RUN set -x; \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="f43e929dc7a6111ef5d9ecb281a75749f7934261" \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index a8d611620..18ca094ed 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.2 +FROM nginx:1.26.3 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -45,10 +45,10 @@ RUN set -x; \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="f43e929dc7a6111ef5d9ecb281a75749f7934261" \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 416d8338f..509a1f761 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.26.2 -ENV NJS_VERSION 0.8.8 +ENV NGINX_VERSION 1.26.3 +ENV NJS_VERSION 0.8.9 ENV NJS_RELEASE 1~bookworm ENV PKG_RELEASE 1~bookworm ENV DYNPKG_RELEASE 2~bookworm @@ -74,10 +74,10 @@ RUN set -x \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="f43e929dc7a6111ef5d9ecb281a75749f7934261" \ + && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="315e9e9040253396ebd9f540557e69cda7d9754a7895c3bf04fbf79d43be8d56e8efc6c22c21c87632039340080511179946456bbc4660e8faf171d130b475a6 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ From b430becb8f0f6b8d69e68cc73a82ea2873c38639 Mon Sep 17 00:00:00 2001 From: Daniel Edgar Date: Fri, 14 Feb 2025 07:19:46 -0500 Subject: [PATCH 265/306] fix: typo --- modules/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/README.md b/modules/README.md index 624b97cc0..cde57ecc4 100644 --- a/modules/README.md +++ b/modules/README.md @@ -1,7 +1,7 @@ # Adding third-party modules to nginx official image It's possible to extend a mainline image with third-party modules either from -your own instuctions following a simple filesystem layout/syntax using +your own instructions following a simple filesystem layout/syntax using `build_module.sh` helper script, or falling back to package sources from [pkg-oss](https://github.com/nginx/pkg-oss). From 66df4d84e7217fcb23a28f66598af31d849c04ab Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 18 Mar 2025 10:49:15 -0700 Subject: [PATCH 266/306] Change the org following the repo transfer to nginx namespace. --- .github/pull_request_template.md | 2 +- CONTRIBUTING.md | 10 +++++----- README.md | 10 +++++----- SUPPORT.md | 2 +- generate-stackbrew-library.sh | 6 +++--- modules/README.md | 6 +++--- 6 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index e869fe513..a0811a77f 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -5,7 +5,7 @@ Describe the use case and detail of the change. If this PR addresses an issue on ### Checklist Before creating a PR, run through this checklist and mark each as complete: -- [ ] I have read the [`CONTRIBUTING`](https://github.com/nginxinc/docker-nginx/blob/master/CONTRIBUTING.md) document +- [ ] I have read the [`CONTRIBUTING`](https://github.com/nginx/docker-nginx/blob/master/CONTRIBUTING.md) document - [ ] I have run `./update.sh` and ensured all entrypoint/Dockerfile template changes have been applied to the relevant image entrypoint scripts & Dockerfiles - [ ] If applicable, I have added tests that prove my fix is effective or that my feature works - [ ] If applicable, I have checked that any relevant tests pass after adding my changes diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index b4b863581..7d1571476 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -10,7 +10,7 @@ The following is a set of guidelines for contributing to the Docker NGINX image. [Code Guidelines](#code-guidelines) -[Code of Conduct](https://github.com/nginxinc/docker-nginx/blob/master/CODE_OF_CONDUCT.md) +[Code of Conduct](https://github.com/nginx/docker-nginx/blob/master/CODE_OF_CONDUCT.md) ## Getting Started @@ -20,18 +20,18 @@ Follow our [how to use this image guide](https://hub.docker.com/_/nginx/) to get ### Report a Bug -To report a bug, open an issue on GitHub with the label `bug` using the available bug report issue template. Please ensure the bug has not already been reported. **If the bug is a potential security vulnerability, please report it using our [security policy](https://github.com/nginxinc/docker-nginx/blob/master/SECURITY.md).** +To report a bug, open an issue on GitHub with the label `bug` using the available bug report issue template. Please ensure the bug has not already been reported. **If the bug is a potential security vulnerability, please report it using our [security policy](https://github.com/nginx/docker-nginx/blob/master/SECURITY.md).** ### Suggest a Feature or Enhancement -To suggest a feature or enhancement, please create an issue on GitHub with the label `enhancement` using the available [feature request template](https://github.com/nginxinc/docker-nginx/blob/master/.github/feature_request_template.md). Please ensure the feature or enhancement has not already been suggested. +To suggest a feature or enhancement, please create an issue on GitHub with the label `enhancement` using the available [feature request template](https://github.com/nginx/docker-nginx/blob/master/.github/feature_request_template.md). Please ensure the feature or enhancement has not already been suggested. ### Open a Pull Request - Fork the repo, create a branch, implement your changes, add any relevant tests, submit a PR when your changes are **tested** and ready for review. -- Fill in [our pull request template](https://github.com/nginxinc/docker-nginx/blob/master/.github/pull_request_template.md). +- Fill in [our pull request template](https://github.com/nginx/docker-nginx/blob/master/.github/pull_request_template.md). -Note: if you'd like to implement a new feature, please consider creating a [feature request issue](https://github.com/nginxinc/docker-nginx/blob/master/.github/feature_request_template.md) first to start a discussion about the feature. +Note: if you'd like to implement a new feature, please consider creating a [feature request issue](https://github.com/nginx/docker-nginx/blob/master/.github/feature_request_template.md) first to start a discussion about the feature. ## Code Guidelines diff --git a/README.md b/README.md index 24d8e79c3..ec659fa09 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,9 @@ [![Project Status: Active – The project has reached a stable, usable state and is being actively developed.](https://www.repostatus.org/badges/latest/active.svg)](https://www.repostatus.org/#active) -[![Community Support](https://badgen.net/badge/support/community/cyan?icon=awesome)](https://github.com/nginxinc/docker-nginx/blob/master/SUPPORT.md) +[![Community Support](https://badgen.net/badge/support/community/cyan?icon=awesome)](https://github.com/nginx/docker-nginx/blob/master/SUPPORT.md) # About this Repo -## Maintained by: [the NGINX Docker Maintainers](https://github.com/nginxinc/docker-nginx) +## Maintained by: [the NGINX Docker Maintainers](https://github.com/nginx/docker-nginx) This is the Git repo of the [Docker "Official Image"](https://github.com/docker-library/official-images#what-are-official-images) for [`nginx`](https://hub.docker.com/_/nginx/). See [the Docker Hub page](https://hub.docker.com/_/nginx/) for the full readme on how to use this Docker image and for information regarding contributing and issues. @@ -19,17 +19,17 @@ For outstanding `nginx` image PRs, check [PRs with the "library/nginx" label on ## Contributing -Please see the [contributing guide](https://github.com/nginxinc/docker-nginx/blob/master/CONTRIBUTING.md) for guidelines on how to best contribute to this project. +Please see the [contributing guide](https://github.com/nginx/docker-nginx/blob/master/CONTRIBUTING.md) for guidelines on how to best contribute to this project. ## License -[BSD 2-Clause](https://github.com/nginxinc/docker-nginx/blob/master/LICENSE) +[BSD 2-Clause](https://github.com/nginx/docker-nginx/blob/master/LICENSE) © [F5, Inc.](https://www.f5.com/) 2023 --- -- [![build status badge](https://img.shields.io/github/actions/workflow/status/nginxinc/docker-nginx/ci.yml?branch=master&label=GitHub%20CI)](https://github.com/nginxinc/docker-nginx/actions?query=workflow%3A%22GitHub+CI%22+branch%3Amaster) +- [![build status badge](https://img.shields.io/github/actions/workflow/status/nginx/docker-nginx/ci.yml?branch=master&label=GitHub%20CI)](https://github.com/nginx/docker-nginx/actions?query=workflow%3A%22GitHub+CI%22+branch%3Amaster) | Build | Status | Badges | (per-arch) | |:-:|:-:|:-:|:-:| diff --git a/SUPPORT.md b/SUPPORT.md index 2a6b505d6..7813793d5 100644 --- a/SUPPORT.md +++ b/SUPPORT.md @@ -30,7 +30,7 @@ Want to get in touch with the NGINX development team directly? Try using the rel ## Contributing -Please see the [contributing guide](https://github.com/nginxinc/docker-nginx/blob/master/CONTRIBUTING.md) for guidelines on how to best contribute to this project. +Please see the [contributing guide](https://github.com/nginx/docker-nginx/blob/master/CONTRIBUTING.md) for guidelines on how to best contribute to this project. ## Commercial Support diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index bfb45a8a5..5f1025dda 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -36,10 +36,10 @@ dirCommit() { } cat <<-EOH -# this file is generated via https://github.com/nginxinc/docker-nginx/blob/$(fileCommit "$self")/$self +# this file is generated via https://github.com/nginx/docker-nginx/blob/$(fileCommit "$self")/$self -Maintainers: NGINX Docker Maintainers (@nginxinc) -GitRepo: https://github.com/nginxinc/docker-nginx.git +Maintainers: NGINX Docker Maintainers (@nginx) +GitRepo: https://github.com/nginx/docker-nginx.git EOH # prints "$2$1$3$1...$N" diff --git a/modules/README.md b/modules/README.md index cde57ecc4..0704a05bd 100644 --- a/modules/README.md +++ b/modules/README.md @@ -14,7 +14,7 @@ enabled by setting the environment variable `DOCKER_BUILDKIT` to `1`. If you can not or do not want to use BuildKit, you can use a previous version of these files, see for example -https://github.com/nginxinc/docker-nginx/tree/4bf0763f4977fff7e9648add59e0540088f3ca9f/modules. +https://github.com/nginx/docker-nginx/tree/4bf0763f4977fff7e9648add59e0540088f3ca9f/modules. ## Usage @@ -115,7 +115,7 @@ cd myapp ``` mkdir my-nginx -curl -o my-nginx/Dockerfile https://raw.githubusercontent.com/nginxinc/docker-nginx/master/modules/Dockerfile +curl -o my-nginx/Dockerfile https://raw.githubusercontent.com/nginx/docker-nginx/master/modules/Dockerfile ``` 3. Create a `docker-compose.yml` file: @@ -157,7 +157,7 @@ cd myapp-cache ``` mkdir my-nginx -curl -o my-nginx/Dockerfile https://raw.githubusercontent.com/nginxinc/docker-nginx/master/modules/Dockerfile +curl -o my-nginx/Dockerfile https://raw.githubusercontent.com/nginx/docker-nginx/master/modules/Dockerfile mkdir my-nginx/cachepurge echo "https://github.com/FRiCKLE/ngx_cache_purge/archive/2.3.tar.gz" > my-nginx/cachepurge/source ``` From b2ba208bfb9f4c1e4ac1612c00eb71bc0e489fc4 Mon Sep 17 00:00:00 2001 From: Gnought <1684105+gnought@users.noreply.github.com> Date: Thu, 20 Mar 2025 02:10:30 +0800 Subject: [PATCH 267/306] chore: bump echo-nginx-module from 0.62 to 0.63 --- modules/echo/source | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/echo/source b/modules/echo/source index 3a6ad274d..78cb376e9 100644 --- a/modules/echo/source +++ b/modules/echo/source @@ -1 +1 @@ -https://github.com/openresty/echo-nginx-module/archive/v0.62.tar.gz +https://github.com/openresty/echo-nginx-module/archive/v0.63.tar.gz From ddfb6ba94c63bd68767c1c8c03829a8776e30559 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Tue, 18 Mar 2025 22:45:02 +0100 Subject: [PATCH 268/306] feat: Add F5 CLA workflow --- .github/workflows/f5_cla.yml | 42 ++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 .github/workflows/f5_cla.yml diff --git a/.github/workflows/f5_cla.yml b/.github/workflows/f5_cla.yml new file mode 100644 index 000000000..58e811714 --- /dev/null +++ b/.github/workflows/f5_cla.yml @@ -0,0 +1,42 @@ +--- +name: F5 CLA +on: + issue_comment: + types: [created] + pull_request_target: + types: [opened, closed, synchronize] +permissions: read-all +jobs: + f5-cla: + name: F5 CLA + runs-on: ubuntu-24.04 + permissions: + actions: write + pull-requests: write + statuses: write + steps: + - name: Run F5 Contributor License Agreement (CLA) assistant + if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have hereby read the F5 CLA and agree to its terms') || github.event_name == 'pull_request_target' + uses: contributor-assistant/github-action@ca4a40a7d1004f18d9960b404b97e5f30a505a08 # v2.6.1 + with: + # Any pull request targeting the following branch will trigger a CLA check. + # NOTE: You might need to edit this value to 'main'. + branch: master + # Path to the CLA document. + path-to-document: https://github.com/f5/f5-cla/blob/main/docs/f5_cla.md + # Custom CLA messages. + custom-notsigned-prcomment: '🎉 Thank you for your contribution! It appears you have not yet signed the [F5 Contributor License Agreement (CLA)](https://github.com/f5/f5-cla/blob/main/docs/f5_cla.md), which is required for your changes to be incorporated into an F5 Open Source Software (OSS) project. Please kindly read the [F5 CLA](https://github.com/f5/f5-cla/blob/main/docs/f5_cla.md) and reply on a new comment with the following text to agree:' + custom-pr-sign-comment: 'I have hereby read the F5 CLA and agree to its terms' + custom-allsigned-prcomment: '✅ All required contributors have signed the F5 CLA for this PR. Thank you!' + # Remote repository storing CLA signatures. + remote-organization-name: f5 + remote-repository-name: f5-cla-data + path-to-signatures: signatures/signatures.json + # Comma separated list of usernames for maintainers or any other individuals who should not be prompted for a CLA. + # NOTE: You will want to edit the usernames to suit your project needs. + allowlist: bot* + # Do not lock PRs after a merge. + lock-pullrequest-aftermerge: false + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + PERSONAL_ACCESS_TOKEN: ${{ secrets.F5_CLA_TOKEN }} From 4527783ec600ac482bc0b9a5ce29ec5c63c3e0a2 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Tue, 18 Mar 2025 22:44:30 +0100 Subject: [PATCH 269/306] docs: Update community files --- .github/CODEOWNERS | 6 ++ .github/ISSUE_TEMPLATE/bug_report.md | 33 ------- .github/ISSUE_TEMPLATE/bug_report.yml | 62 ++++++++++++ .github/ISSUE_TEMPLATE/config.yml | 12 +++ .github/ISSUE_TEMPLATE/feature_request.md | 23 ----- .github/ISSUE_TEMPLATE/feature_request.yml | 41 ++++++++ .github/pull_request_template.md | 8 +- CODE_OF_CONDUCT.md | 104 +++++++++++---------- CONTRIBUTING.md | 29 +++--- README.md | 9 +- SECURITY.md | 8 +- SUPPORT.md | 22 ++--- 12 files changed, 217 insertions(+), 140 deletions(-) create mode 100644 .github/CODEOWNERS delete mode 100644 .github/ISSUE_TEMPLATE/bug_report.md create mode 100644 .github/ISSUE_TEMPLATE/bug_report.yml create mode 100644 .github/ISSUE_TEMPLATE/config.yml delete mode 100644 .github/ISSUE_TEMPLATE/feature_request.md create mode 100644 .github/ISSUE_TEMPLATE/feature_request.yml diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 000000000..26eed7d85 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,6 @@ +##################### +# Main global owner # +##################### + +* @thresheek + diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md deleted file mode 100644 index 6c7471a38..000000000 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ /dev/null @@ -1,33 +0,0 @@ ---- -name: Bug report -about: Create a report to help us improve -title: "" -labels: "" -assignees: "" ---- - -### Describe the bug - -A clear and concise description of what the bug is. - -### To reproduce - -Steps to reproduce the behavior: - -1. Deploy the NGINX Docker image using ... -2. View output/logs/configuration on ... -3. See error - -### Expected behavior - -A clear and concise description of what you expected to happen. - -### Your environment - -- Version/release of Docker and method of installation (e.g. Docker Desktop / Docker Server) -- Version/tag of the NGINX Docker image (e.g. `nginx:alpine`) -- Target deployment platform (e.g. OpenShift / Kubernetes / Docker Compose / etc...) - -### Additional context - -Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml new file mode 100644 index 000000000..aa0fb9e13 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -0,0 +1,62 @@ +--- +name: 🐛 Bug report +description: Create a report to help us improve +labels: bug +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to fill out this bug report! + + Before you continue filling out this report, please take a moment to check that your bug has not been [already reported on GitHub][issue search] 🙌 + + Remember to redact any sensitive information such as authentication credentials and/or license keys! + + [issue search]: ../search?q=is%3Aissue&type=issues + + - type: textarea + id: overview + attributes: + label: Bug Overview + description: A clear and concise overview of the bug. + placeholder: When I do "X" with the NGINX Docker image, "Y" happens instead of "Z". + validations: + required: true + + - type: textarea + id: behavior + attributes: + label: Expected Behavior + description: A clear and concise description of what you expected to happen. + placeholder: When I do "X" with the NGINX Docker image, I expect "Z" to happen. + validations: + required: true + + - type: textarea + id: steps + attributes: + label: Steps to Reproduce the Bug + description: Detail the series of steps required to reproduce the bug. + placeholder: When I run the Docker NGINX image using [...], the image fails with an error message. If I check the terminal outputs and/or logs, I see the following error info. + validations: + required: true + + - type: textarea + id: environment + attributes: + label: Environment Details + description: Please provide details about your environment. + value: | + - Version/release of Docker and method of installation (e.g. Docker Desktop / Docker Server) + - Version of the Docker NGINX image or specific commit: [e.g. 1.4.3/commit hash] + - Target deployment platform: [e.g. OpenShift/Kubernetes/Docker Compose/local cluster/etc...] + - Target OS: [e.g. RHEL 9/Ubuntu 24.04/etc...] + validations: + required: true + + - type: textarea + id: context + attributes: + label: Additional Context + description: Add any other context about the problem here. + placeholder: Feel free to add any other context/information/screenshots/etc... that you think might be relevant to this issue in here. diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 000000000..3f7850f70 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,12 @@ +--- +blank_issues_enabled: false +contact_links: + - name: 💬 Talk to the NGINX community! + url: https://community.nginx.org + about: A community forum for NGINX users, developers, and contributors + - name: 📝 Code of Conduct + url: https://www.contributor-covenant.org/version/2/1/code_of_conduct + about: NGINX follows the Contributor Covenant Code of Conduct to ensure a safe and inclusive community + - name: 💼 For commercial & enterprise users + url: https://www.f5.com/products/nginx + about: F5 offers a wide range of NGINX products for commercial & enterprise users diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md deleted file mode 100644 index e2242abbe..000000000 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ /dev/null @@ -1,23 +0,0 @@ ---- -name: Feature request -about: Suggest an idea for this project -title: "" -labels: "" -assignees: "" ---- - -### Is your feature request related to a problem? Please describe - -A clear and concise description of what the problem is. Ex. I'm always frustrated when ... - -### Describe the solution you'd like - -A clear and concise description of what you want to happen. - -### Describe alternatives you've considered - -A clear and concise description of any alternative solutions or features you've considered. - -### Additional context - -Add any other context or screenshots about the feature request here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml new file mode 100644 index 000000000..ee20eec9f --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.yml @@ -0,0 +1,41 @@ +--- +name: ✨ Feature request +description: Suggest an idea for this project +labels: enhancement +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to fill out this feature request! + + Before you continue filling out this request, please take a moment to check that your feature has not been [already requested on GitHub][issue search] 🙌 + + **Note:** If you are seeking community support or have a question, please consider starting a new thread via [GitHub discussions][discussions] or the [NGINX Community forum][forum]. + + [issue search]: ../search?q=is%3Aissue&type=issues + + [discussions]: ../discussions + [forum]: https://community.nginx.org + + - type: textarea + id: overview + attributes: + label: Feature Overview + description: A clear and concise description of what the feature request is. + placeholder: I would like the Docker NGINX image to be able to do "X". + validations: + required: true + + - type: textarea + id: alternatives + attributes: + label: Alternatives Considered + description: Detail any potential alternative solutions/workarounds you've used or considered. + placeholder: I have done/might be able to do "X" in the Docker NGINX image by doing "Y". + + - type: textarea + id: context + attributes: + label: Additional Context + description: Add any other context about the problem here. + placeholder: Feel free to add any other context/information/screenshots/etc... that you think might be relevant to this feature request here. diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index a0811a77f..0dc5899cf 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,12 +1,14 @@ ### Proposed changes -Describe the use case and detail of the change. If this PR addresses an issue on GitHub, make sure to include a link to that issue using one of the [supported keywords](https://docs.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue) here in this description (not in the title of the PR). +Describe the use case and detail of the change. If this PR addresses an issue on GitHub, make sure to include a link to that issue using one of the [supported keywords](https://docs.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue) in this PR's description or commit message. ### Checklist Before creating a PR, run through this checklist and mark each as complete: -- [ ] I have read the [`CONTRIBUTING`](https://github.com/nginx/docker-nginx/blob/master/CONTRIBUTING.md) document + +- [ ] I have read the [contributing guidelines](/CONTRIBUTING.md) +- [ ] I have signed the [F5 Contributor License Agreement (CLA)](https://github.com/f5/f5-cla/blob/main/docs/f5_cla.md) - [ ] I have run `./update.sh` and ensured all entrypoint/Dockerfile template changes have been applied to the relevant image entrypoint scripts & Dockerfiles - [ ] If applicable, I have added tests that prove my fix is effective or that my feature works - [ ] If applicable, I have checked that any relevant tests pass after adding my changes -- [ ] I have updated any relevant documentation +- [ ] I have updated any relevant documentation ([`README.md`](/README.md) and/or [`modules/README.md`](/modules/README.md)) diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index 78354a27b..e18d3706b 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -2,73 +2,77 @@ ## Our Pledge -In the interest of fostering an open and welcoming environment, we as -contributors and maintainers pledge to making participation in our project and -our community a harassment-free experience for everyone, regardless of age, body -size, disability, ethnicity, sex characteristics, gender identity and expression, -level of experience, education, socio-economic status, nationality, personal -appearance, race, religion, or sexual identity and orientation. +We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community. ## Our Standards -Examples of behavior that contributes to creating a positive environment -include: +Examples of behavior that contributes to a positive environment for our community include: -- Using welcoming and inclusive language -- Being respectful of differing viewpoints and experiences -- Gracefully accepting constructive criticism -- Focusing on what is best for the community -- Showing empathy towards other community members +- Demonstrating empathy and kindness toward other people. +- Being respectful of differing opinions, viewpoints, and experiences. +- Giving and gracefully accepting constructive feedback. +- Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience. +- Focusing on what is best not just for us as individuals, but for the overall community. -Examples of unacceptable behavior by participants include: +Examples of unacceptable behavior include: -- The use of sexualized language or imagery and unwelcome sexual attention or - advances -- Trolling, insulting/derogatory comments, and personal or political attacks -- Public or private harassment -- Publishing others' private information, such as a physical or electronic - address, without explicit permission -- Other conduct which could reasonably be considered inappropriate in a - professional setting +- The use of sexualized language or imagery, and sexual attention or advances of any kind. +- Trolling, insulting or derogatory comments, and personal or political attacks. +- Public or private harassment. +- Publishing others' private information, such as a physical or email address, without their explicit permission. +- Other conduct which could reasonably be considered inappropriate in a professional setting. -## Our Responsibilities +## Enforcement Responsibilities -Project maintainers are responsible for clarifying the standards of acceptable -behavior and are expected to take appropriate and fair corrective action in -response to any instances of unacceptable behavior. +Community leaders are responsible for clarifying and enforcing our standards of acceptable behavior and will take appropriate and fair corrective action in response to any behavior that they deem inappropriate, threatening, offensive, or harmful. -Project maintainers have the right and responsibility to remove, edit, or -reject comments, commits, code, wiki edits, issues, and other contributions -that are not aligned to this Code of Conduct, or to ban temporarily or -permanently any contributor for other behaviors that they deem inappropriate, -threatening, offensive, or harmful. +Community leaders have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, and will communicate reasons for moderation decisions when appropriate. ## Scope -This Code of Conduct applies both within project spaces and in public spaces -when an individual is representing the project or its community. Examples of -representing a project or community include using an official project e-mail -address, posting via an official social media account, or acting as an appointed -representative at an online or offline event. Representation of a project may be -further defined and clarified by project maintainers. +This Code of Conduct applies within all community spaces, and also applies when an individual is officially representing the community in public spaces. Examples of representing our community include using an official email address, posting via an official social media account, or acting as an appointed representative at an online or offline event. ## Enforcement -Instances of abusive, harassing, or otherwise unacceptable behavior may be -reported by contacting the moderation team at . All -complaints will be reviewed and investigated and will result in a response that -is deemed necessary and appropriate to the circumstances. The project team is -obligated to maintain confidentiality with regard to the reporter of an incident. -Further details of specific enforcement policies may be posted separately. +Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the community leaders responsible for enforcement at . All complaints will be reviewed and investigated promptly and fairly. + +All community leaders are obligated to respect the privacy and security of the reporter of any incident. + +## Enforcement Guidelines + +Community leaders will follow these Community Impact Guidelines in determining the consequences for any action they deem in violation of this Code of Conduct: + +### 1. Correction + +**Community Impact**: Use of inappropriate language or other behavior deemed unprofessional or unwelcome in the community. + +**Consequence**: A private, written warning from community leaders, providing clarity around the nature of the violation and an explanation of why the behavior was inappropriate. A public apology may be requested. + +### 2. Warning -Project maintainers who do not follow or enforce the Code of Conduct in good -faith may face temporary or permanent repercussions as determined by other -members of the project's leadership. +**Community Impact**: A violation through a single incident or series of actions. + +**Consequence**: A warning with consequences for continued behavior. No interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, for a specified period of time. This includes avoiding interactions in community spaces as well as external channels like social media. Violating these terms may lead to a temporary or permanent ban. + +### 3. Temporary Ban + +**Community Impact**: A serious violation of community standards, including sustained inappropriate behavior. + +**Consequence**: A temporary ban from any sort of interaction or public communication with the community for a specified period of time. No public or private interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, is allowed during this period. Violating these terms may lead to a permanent ban. + +### 4. Permanent Ban + +**Community Impact**: Demonstrating a pattern of violation of community standards, including sustained inappropriate behavior, harassment of an individual, or aggression toward or disparagement of classes of individuals. + +**Consequence**: A permanent ban from any sort of public interaction within the community. ## Attribution -This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org), version 1.4, -available at +This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org), version 2.1, available at . + +Community Impact Guidelines were inspired by +[Mozilla's code of conduct enforcement ladder](https://github.com/mozilla/inclusion). -For answers to common questions about this code of conduct, see - +For answers to common questions about this code of conduct, see the FAQ at . Translations are available at . diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 7d1571476..ebdcace7c 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -4,13 +4,10 @@ The following is a set of guidelines for contributing to the Docker NGINX image. #### Table Of Contents -[Getting Started](#getting-started) - -[Contributing](#contributing) - -[Code Guidelines](#code-guidelines) - -[Code of Conduct](https://github.com/nginx/docker-nginx/blob/master/CODE_OF_CONDUCT.md) +- [Getting Started](#getting-started) +- [Contributing](#contributing) +- [Code Guidelines](#code-guidelines) +- [Code of Conduct](/CODE_OF_CONDUCT.md) ## Getting Started @@ -20,18 +17,24 @@ Follow our [how to use this image guide](https://hub.docker.com/_/nginx/) to get ### Report a Bug -To report a bug, open an issue on GitHub with the label `bug` using the available bug report issue template. Please ensure the bug has not already been reported. **If the bug is a potential security vulnerability, please report it using our [security policy](https://github.com/nginx/docker-nginx/blob/master/SECURITY.md).** +To report a bug, open an issue on GitHub with the label `bug` using the available [bug report issue form](/.github/ISSUE_TEMPLATE/bug_report.yml). Please ensure the bug has not already been reported. **If the bug is a potential security vulnerability, please report it using our [security policy](/SECURITY.md).** ### Suggest a Feature or Enhancement -To suggest a feature or enhancement, please create an issue on GitHub with the label `enhancement` using the available [feature request template](https://github.com/nginx/docker-nginx/blob/master/.github/feature_request_template.md). Please ensure the feature or enhancement has not already been suggested. +To suggest a feature or enhancement, please create an issue on GitHub with the label `enhancement` using the available [feature request issue form](/.github/ISSUE_TEMPLATE/feature_request.yml). Please ensure the feature or enhancement has not already been suggested. + +### Open a Pull Request (PR) + +- Fork the repo, create a branch, implement your changes, add any relevant tests, and submit a PR when your changes are **tested** and ready for review. +- Fill in the [PR template](/.github/pull_request_template.md). + +**Note:** If you'd like to implement a new feature, please consider creating a [feature request issue](/.github/ISSUE_TEMPLATE/feature_request.yml) first to start a discussion about the feature. -### Open a Pull Request +#### F5 Contributor License Agreement (CLA) -- Fork the repo, create a branch, implement your changes, add any relevant tests, submit a PR when your changes are **tested** and ready for review. -- Fill in [our pull request template](https://github.com/nginx/docker-nginx/blob/master/.github/pull_request_template.md). +F5 requires all contributors to agree to the terms of the F5 CLA (available [here](https://github.com/f5/f5-cla/.github/blob/main/docs/f5_cla.md)) before any of their changes can be incorporated into an F5 Open Source repository (even contributions to the F5 CLA itself!). -Note: if you'd like to implement a new feature, please consider creating a [feature request issue](https://github.com/nginx/docker-nginx/blob/master/.github/feature_request_template.md) first to start a discussion about the feature. +If you have not yet agreed to the F5 CLA terms and submit a PR to this repository, a bot will prompt you to view and agree to the F5 CLA. You will have to agree to the F5 CLA terms through a comment in the PR before any of your changes can be merged. Your agreement signature will be safely stored by F5 and no longer be required in future PRs. ## Code Guidelines diff --git a/README.md b/README.md index ec659fa09..d23812adf 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,8 @@ [![Project Status: Active – The project has reached a stable, usable state and is being actively developed.](https://www.repostatus.org/badges/latest/active.svg)](https://www.repostatus.org/#active) [![Community Support](https://badgen.net/badge/support/community/cyan?icon=awesome)](https://github.com/nginx/docker-nginx/blob/master/SUPPORT.md) +[![Community Forum](https://img.shields.io/badge/community-forum-009639?logo=discourse&link=https%3A%2F%2Fcommunity.nginx.org)](https://community.nginx.org) +[![License](https://img.shields.io/badge/License-BSD_2--Clause-blue.svg)](https://opensource.org/license/bsd-2-clause) +[![Contributor Covenant](https://img.shields.io/badge/Contributor%20Covenant-2.1-4baaaa.svg)](/CODE_OF_CONDUCT.md) # About this Repo @@ -19,13 +22,13 @@ For outstanding `nginx` image PRs, check [PRs with the "library/nginx" label on ## Contributing -Please see the [contributing guide](https://github.com/nginx/docker-nginx/blob/master/CONTRIBUTING.md) for guidelines on how to best contribute to this project. +Please see the [contributing guide](/CONTRIBUTING.md) for guidelines on how to best contribute to this project. ## License -[BSD 2-Clause](https://github.com/nginx/docker-nginx/blob/master/LICENSE) +[BSD 2-Clause](/LICENSE) -© [F5, Inc.](https://www.f5.com/) 2023 +© [F5, Inc.](https://www.f5.com/) 2014-2025 --- diff --git a/SECURITY.md b/SECURITY.md index 47a42e266..bf09fe02e 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -6,9 +6,9 @@ We advise users to run or update to the most recent release of the NGINX Docker ## Reporting a Vulnerability -The F5 Security Incident Response Team (F5 SIRT) has an email alias that makes it easy to report potential security vulnerabilities. +The F5 Security Incident Response Team (F5 SIRT) offers two methods to easily report potential security vulnerabilities: -- If you’re an F5 customer with an active support contract, please contact [F5 Technical Support](https://www.f5.com/services/support). -- If you aren’t an F5 customer, please report any potential or current instances of security vulnerabilities with any F5 product to the F5 Security Incident Response Team at . +- If you’re an F5 customer with an active support contract, please contact [F5 Technical Support](https://www.f5.com/support). +- If you aren’t an F5 customer, please report any potential or current instances of security vulnerabilities in any F5 product to the F5 Security Incident Response Team at . -For more information visit [https://www.f5.com/services/support/report-a-vulnerability](https://www.f5.com/services/support/report-a-vulnerability) +For more information, please read the F5 SIRT vulnerability reporting guidelines available at [https://www.f5.com/support/report-a-vulnerability](https://www.f5.com/support/report-a-vulnerability). diff --git a/SUPPORT.md b/SUPPORT.md index 7813793d5..5e9434084 100644 --- a/SUPPORT.md +++ b/SUPPORT.md @@ -2,27 +2,23 @@ ## Ask a Question -We use GitHub for tracking bugs and feature requests related to all the Docker NGINX images (including all variants and container registries). +We use GitHub for tracking bugs and feature requests related to this project. -Don't know how something in this project works? Curious if this project can achieve your desired functionality? Please open an issue on GitHub with the label `question`. +Don't know how something in this project works? Curious if this project can achieve your desired functionality? Please open an issue on GitHub with the label `question`. Alternatively, start a GitHub discussion! ## NGINX Specific Questions and/or Issues This isn't the right place to get support for NGINX specific questions, but the following resources are available below. Thanks for your understanding! -### Community Slack +### Community Forum -We have a community [Slack](https://nginxcommunity.slack.com/)! - -If you are not a member, click [here](https://community.nginx.org/joinslack) to sign up (and let us know if the link does not seem to be working!) - -Once you join, check out the `#beginner-questions` and `nginx-users` channels :) +We have a community [forum](https://community.nginx.org/)! If you have any questions and/or issues, try checking out the [`Troubleshooting`](https://community.nginx.org/c/troubleshooting/8) and [`How do I...?`](https://community.nginx.org/c/how-do-i/9) categories. Both fellow community members and NGINXers might be able to help you! :) ### Documentation For a comprehensive list of all NGINX directives, check out . -For a comprehensive list of admin and deployment guides for all NGINX products, check out . +For a comprehensive list of administration and deployment guides for all NGINX products, check out . ### Mailing List @@ -30,8 +26,12 @@ Want to get in touch with the NGINX development team directly? Try using the rel ## Contributing -Please see the [contributing guide](https://github.com/nginx/docker-nginx/blob/master/CONTRIBUTING.md) for guidelines on how to best contribute to this project. +Please see the [contributing guide](/CONTRIBUTING.md) for guidelines on how to best contribute to this project. ## Commercial Support -Commercial support for this project may be available. Please get in touch with [NGINX sales](https://www.nginx.com/contact-sales/) or check your contract details for more info! +Commercial support for this project may be available. Please get in touch with [NGINX sales](https://www.f5.com/products/get-f5/) or check your contract details for more information! + +## Community Support + +Community support is offered on a best effort basis through either GitHub issues/PRs/discussions or through any of our active communities. From efbe7fee6fb30be225e7ff7bc531740d08a36e3e Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Thu, 20 Mar 2025 22:59:03 +0100 Subject: [PATCH 270/306] docs: Use syseng team for codeowners --- .github/CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 26eed7d85..d8b19f81d 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -2,5 +2,5 @@ # Main global owner # ##################### -* @thresheek +* @nginx/syseng From d797950017665ebf75d77ace030deb2a021702d8 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Mon, 24 Mar 2025 20:36:14 +0100 Subject: [PATCH 271/306] fix: Target correct branch within CLA workflow --- .github/workflows/f5_cla.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/f5_cla.yml b/.github/workflows/f5_cla.yml index 58e811714..43e473eab 100644 --- a/.github/workflows/f5_cla.yml +++ b/.github/workflows/f5_cla.yml @@ -19,9 +19,6 @@ jobs: if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have hereby read the F5 CLA and agree to its terms') || github.event_name == 'pull_request_target' uses: contributor-assistant/github-action@ca4a40a7d1004f18d9960b404b97e5f30a505a08 # v2.6.1 with: - # Any pull request targeting the following branch will trigger a CLA check. - # NOTE: You might need to edit this value to 'main'. - branch: master # Path to the CLA document. path-to-document: https://github.com/f5/f5-cla/blob/main/docs/f5_cla.md # Custom CLA messages. @@ -31,6 +28,8 @@ jobs: # Remote repository storing CLA signatures. remote-organization-name: f5 remote-repository-name: f5-cla-data + # Branch where CLA signatures are stored. + branch: main path-to-signatures: signatures/signatures.json # Comma separated list of usernames for maintainers or any other individuals who should not be prompted for a CLA. # NOTE: You will want to edit the usernames to suit your project needs. From 0aa20e60342a306bf1eb1449a1ae247a0cdfa91a Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Fri, 21 Mar 2025 15:12:19 -0700 Subject: [PATCH 272/306] modules/README.md: updated the current list of modules. --- modules/README.md | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/modules/README.md b/modules/README.md index 0704a05bd..93620e450 100644 --- a/modules/README.md +++ b/modules/README.md @@ -43,25 +43,24 @@ are available from `pkg-oss` repository: ``` /pkg-oss $ LC_ALL=C make -C debian list-all-modules -auth-spnego 1.1.1-1 +auth-spnego 1.1.2-1 brotli 1.0.0-1 encrypted-session 0.09-1 fips-check 0.1-1 -geoip 1.25.5-1 +geoip 1.27.4-1 geoip2 3.4-1 -headers-more 0.35-1 -image-filter 1.25.5-1 -lua 0.10.26-1 +headers-more 0.37-1 +image-filter 1.27.4-1 +lua 0.10.28-1 ndk 0.3.3-1 -njs 0.8.4-2 -opentracing 0.33.0-1 -otel 0.1.0-1 -passenger 6.0.19-1 -perl 1.25.5-1 +njs 0.8.9-1 +otel 0.1.1-1 +passenger 6.0.26-1 +perl 1.27.4-1 rtmp 1.2.2-1 set-misc 0.33-1 subs-filter 0.6.4-1 -xslt 1.25.5-1 +xslt 1.27.4-1 ``` If you still want to provide your own instructions for a specific module, From 483f2828f37a017bb02684d7e3d0a64a8212640e Mon Sep 17 00:00:00 2001 From: Reuben Lifshay Date: Sat, 5 Apr 2025 20:27:32 -0700 Subject: [PATCH 273/306] chore: use gettext-envsubst alpine package instead of workaround --- Dockerfile-alpine-slim.template | 19 ++----------------- 1 file changed, 2 insertions(+), 17 deletions(-) diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template index 896b9a5cb..ff076f09c 100644 --- a/Dockerfile-alpine-slim.template +++ b/Dockerfile-alpine-slim.template @@ -77,23 +77,8 @@ RUN set -x \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ -# Bring in gettext so we can get `envsubst`, then throw -# the rest away. To do this, we need to install `gettext` -# then move `envsubst` out of the way so `gettext` can -# be deleted completely, then move `envsubst` back. - && apk add --no-cache --virtual .gettext gettext \ - && mv /usr/bin/envsubst /tmp/ \ - \ - && runDeps="$( \ - scanelf --needed --nobanner /tmp/envsubst \ - | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ - | sort -u \ - | xargs -r apk info --installed \ - | sort -u \ - )" \ - && apk add --no-cache $runDeps \ - && apk del --no-network .gettext \ - && mv /tmp/envsubst /usr/local/bin/ \ +# Add `envsubst` for templating environment variables + && apk add --no-cache gettext-envsubst \ # Bring in tzdata so users could set the timezones through the environment # variables && apk add --no-cache tzdata \ From bd3e501c6d800f0a541fe7c965ef905f470cd75f Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 8 Apr 2025 14:52:20 -0700 Subject: [PATCH 274/306] Updated dockerfiles after the last commit --- mainline/alpine-slim/Dockerfile | 19 ++----------------- stable/alpine-slim/Dockerfile | 19 ++----------------- 2 files changed, 4 insertions(+), 34 deletions(-) diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index caab8e19b..7f4b9fa27 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -83,23 +83,8 @@ RUN set -x \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ -# Bring in gettext so we can get `envsubst`, then throw -# the rest away. To do this, we need to install `gettext` -# then move `envsubst` out of the way so `gettext` can -# be deleted completely, then move `envsubst` back. - && apk add --no-cache --virtual .gettext gettext \ - && mv /usr/bin/envsubst /tmp/ \ - \ - && runDeps="$( \ - scanelf --needed --nobanner /tmp/envsubst \ - | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ - | sort -u \ - | xargs -r apk info --installed \ - | sort -u \ - )" \ - && apk add --no-cache $runDeps \ - && apk del --no-network .gettext \ - && mv /tmp/envsubst /usr/local/bin/ \ +# Add `envsubst` for templating environment variables + && apk add --no-cache gettext-envsubst \ # Bring in tzdata so users could set the timezones through the environment # variables && apk add --no-cache tzdata \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index d125af5fb..65bd54498 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -83,23 +83,8 @@ RUN set -x \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ -# Bring in gettext so we can get `envsubst`, then throw -# the rest away. To do this, we need to install `gettext` -# then move `envsubst` out of the way so `gettext` can -# be deleted completely, then move `envsubst` back. - && apk add --no-cache --virtual .gettext gettext \ - && mv /usr/bin/envsubst /tmp/ \ - \ - && runDeps="$( \ - scanelf --needed --nobanner /tmp/envsubst \ - | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ - | sort -u \ - | xargs -r apk info --installed \ - | sort -u \ - )" \ - && apk add --no-cache $runDeps \ - && apk del --no-network .gettext \ - && mv /tmp/envsubst /usr/local/bin/ \ +# Add `envsubst` for templating environment variables + && apk add --no-cache gettext-envsubst \ # Bring in tzdata so users could set the timezones through the environment # variables && apk add --no-cache tzdata \ From eaf8875a1967d24cea6ed8b37109075e39ed9e43 Mon Sep 17 00:00:00 2001 From: oxpa Date: Wed, 16 Apr 2025 15:35:16 +0100 Subject: [PATCH 275/306] Updated mainline to 1.27.5. While at it, updated njs to 0.8.10 for mainline. --- mainline/alpine-otel/Dockerfile | 4 ++-- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-otel/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 6 +++--- update.sh | 6 +++--- 8 files changed, 19 insertions(+), 19 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index b7e897a8d..c0013029f 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.4-alpine +FROM nginx:1.27.5-alpine ENV OTEL_VERSION 0.1.1 @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 16bc601fe..43a9b54e1 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.4-alpine +FROM nginx:1.27.5-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -46,7 +46,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 7f4b9fa27..bcf90752b 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.21 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.27.4 +ENV NGINX_VERSION 1.27.5 ENV PKG_RELEASE 1 ENV DYNPKG_RELEASE 1 @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 03a8fd94c..aafff7413 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.4-alpine-slim +FROM nginx:1.27.5-alpine-slim -ENV NJS_VERSION 0.8.9 +ENV NJS_VERSION 0.8.10 ENV NJS_RELEASE 1 RUN set -x \ @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 7119d905e..70151a28a 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.4 +FROM nginx:1.27.5 ENV OTEL_VERSION 0.1.1 @@ -50,7 +50,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 662381c65..940ef74d7 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.4 +FROM nginx:1.27.5 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -48,7 +48,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index d71d71926..f034b778a 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.27.4 -ENV NJS_VERSION 0.8.9 +ENV NGINX_VERSION 1.27.5 +ENV NJS_VERSION 0.8.10 ENV NJS_RELEASE 1~bookworm ENV PKG_RELEASE 1~bookworm ENV DYNPKG_RELEASE 1~bookworm @@ -77,7 +77,7 @@ RUN set -x \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/update.sh b/update.sh index 8f79de6a2..32e4a103c 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.27.4' + [mainline]='1.27.5' [stable]='1.26.3' ) # Current njs versions declare -A njs=( - [mainline]='0.8.9' + [mainline]='0.8.10' [stable]='0.8.9' ) @@ -72,7 +72,7 @@ declare -A rev=( # revision/tag in the previous block # Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='973690e64fa47e3704e817a3b08205b9e3f8c0cbe31825d9d62a81c11eb3aa186df015f27fdfd48c8799ffc528e38a9168c592ae665e4835c2d28638ec5f7845' + [mainline]='c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745' [stable]='3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea' ) From 4e08af2988063a3b02420ef0040e2e13fc9d93d6 Mon Sep 17 00:00:00 2001 From: oxpa Date: Wed, 16 Apr 2025 16:01:48 +0100 Subject: [PATCH 276/306] Updated nginx otel for mainline to 0.1.2. --- mainline/alpine-otel/Dockerfile | 2 +- mainline/debian-otel/Dockerfile | 2 +- update.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index c0013029f..d7b73e6e6 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -5,7 +5,7 @@ # FROM nginx:1.27.5-alpine -ENV OTEL_VERSION 0.1.1 +ENV OTEL_VERSION 0.1.2 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 70151a28a..199614ff7 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -5,7 +5,7 @@ # FROM nginx:1.27.5 -ENV OTEL_VERSION 0.1.1 +ENV OTEL_VERSION 0.1.2 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ diff --git a/update.sh b/update.sh index 32e4a103c..08744e966 100755 --- a/update.sh +++ b/update.sh @@ -31,7 +31,7 @@ declare -A njspkg=( # Current otel versions declare -A otel=( - [mainline]='0.1.1' + [mainline]='0.1.2' [stable]='0.1.1' ) From fb92d1121ab8f58830155d34aeb607f2375829dc Mon Sep 17 00:00:00 2001 From: Jesper Noordsij Date: Thu, 5 Dec 2024 14:23:22 +0100 Subject: [PATCH 277/306] Update stable to Alpine 3.21 --- stable/alpine-slim/Dockerfile | 2 +- update.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 65bd54498..af03749c4 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.20 +FROM alpine:3.21 LABEL maintainer="NGINX Docker Maintainers " diff --git a/update.sh b/update.sh index 08744e966..7df556d6a 100755 --- a/update.sh +++ b/update.sh @@ -56,7 +56,7 @@ declare -A debian=( declare -A alpine=( [mainline]='3.21' - [stable]='3.20' + [stable]='3.21' ) # When we bump njs version in a stable release we don't move the tag in the From 025c52f4168ed96e503e165741b0ba39ca80bd76 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 22 Apr 2025 13:51:29 -0700 Subject: [PATCH 278/306] Bump stable to 1.28.0. While at it, bump njs and otel to contemporary versions as well. --- generate-stackbrew-library.sh | 2 +- sync-awsecr.sh | 2 +- update.sh | 10 +++++----- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 5f1025dda..8776c6868 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -4,7 +4,7 @@ set -eu declare -A aliases aliases=( [mainline]='1 1.27 latest' - [stable]='1.26' + [stable]='1.28' ) self="$(basename "$BASH_SOURCE")" diff --git a/sync-awsecr.sh b/sync-awsecr.sh index 547c83ffd..af1ed2bc8 100755 --- a/sync-awsecr.sh +++ b/sync-awsecr.sh @@ -7,7 +7,7 @@ registry="public.ecr.aws/z9d2n7e1" declare -A aliases aliases=( [mainline]='1 1.27 latest' - [stable]='1.26' + [stable]='1.28' ) architectures=( amd64 arm64v8 ) diff --git a/update.sh b/update.sh index 7df556d6a..dfe7935a2 100755 --- a/update.sh +++ b/update.sh @@ -13,13 +13,13 @@ declare branches=( # Remember to update pkgosschecksum when changing this. declare -A nginx=( [mainline]='1.27.5' - [stable]='1.26.3' + [stable]='1.28.0' ) # Current njs versions declare -A njs=( [mainline]='0.8.10' - [stable]='0.8.9' + [stable]='0.8.10' ) # Current njs patchlevel version @@ -32,7 +32,7 @@ declare -A njspkg=( # Current otel versions declare -A otel=( [mainline]='0.1.2' - [stable]='0.1.1' + [stable]='0.1.2' ) # Current nginx package patchlevel version @@ -46,7 +46,7 @@ declare -A pkg=( # Remember to update pkgosschecksum when changing this declare -A dynpkg=( [mainline]=1 - [stable]=2 + [stable]=1 ) declare -A debian=( @@ -73,7 +73,7 @@ declare -A rev=( # Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( [mainline]='c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745' - [stable]='3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea' + [stable]='517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4' ) get_packages() { From 7f1d49f6f222f7e588a9066fd53a0ce43c3466a5 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 23 Apr 2025 10:06:56 -0700 Subject: [PATCH 279/306] Regenerated stable dockerfiles after the last commits. --- stable/alpine-otel/Dockerfile | 6 +++--- stable/alpine-perl/Dockerfile | 4 ++-- stable/alpine-slim/Dockerfile | 6 +++--- stable/alpine/Dockerfile | 6 +++--- stable/debian-otel/Dockerfile | 6 +++--- stable/debian-perl/Dockerfile | 4 ++-- stable/debian/Dockerfile | 8 ++++---- 7 files changed, 20 insertions(+), 20 deletions(-) diff --git a/stable/alpine-otel/Dockerfile b/stable/alpine-otel/Dockerfile index cb6cd3bd5..7ca1a94b4 100644 --- a/stable/alpine-otel/Dockerfile +++ b/stable/alpine-otel/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.3-alpine +FROM nginx:1.28.0-alpine -ENV OTEL_VERSION 0.1.1 +ENV OTEL_VERSION 0.1.2 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 133c8a6eb..9676d8bc5 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.3-alpine +FROM nginx:1.28.0-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -46,7 +46,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index af03749c4..29bf5ba2a 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -7,9 +7,9 @@ FROM alpine:3.21 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.26.3 +ENV NGINX_VERSION 1.28.0 ENV PKG_RELEASE 1 -ENV DYNPKG_RELEASE 2 +ENV DYNPKG_RELEASE 1 RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index ec1007e40..fb0c900a9 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.3-alpine-slim +FROM nginx:1.28.0-alpine-slim -ENV NJS_VERSION 0.8.9 +ENV NJS_VERSION 0.8.10 ENV NJS_RELEASE 1 RUN set -x \ @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/debian-otel/Dockerfile b/stable/debian-otel/Dockerfile index c39b0ee7a..e4129a437 100644 --- a/stable/debian-otel/Dockerfile +++ b/stable/debian-otel/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.3 +FROM nginx:1.28.0 -ENV OTEL_VERSION 0.1.1 +ENV OTEL_VERSION 0.1.2 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -50,7 +50,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 18ca094ed..bda0e1b84 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.26.3 +FROM nginx:1.28.0 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -48,7 +48,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 509a1f761..d0b7cf625 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -7,11 +7,11 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.26.3 -ENV NJS_VERSION 0.8.9 +ENV NGINX_VERSION 1.28.0 +ENV NJS_VERSION 0.8.10 ENV NJS_RELEASE 1~bookworm ENV PKG_RELEASE 1~bookworm -ENV DYNPKG_RELEASE 2~bookworm +ENV DYNPKG_RELEASE 1~bookworm RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -77,7 +77,7 @@ RUN set -x \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="3a4e869eded0c71e92f522e94edffea7fbfb5e78886ea7e484342fa2e028c62099a67d08860c249bf93776da97b924225e0d849dbb4697b298afe5421d7d6fea *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ From 1b87dc1ab18a1b15fe89d946f37987e2ec5793c9 Mon Sep 17 00:00:00 2001 From: Jesper Noordsij Date: Mon, 2 Jun 2025 14:28:35 +0200 Subject: [PATCH 280/306] Update mainline to Alpine 3.22 --- mainline/alpine-slim/Dockerfile | 2 +- update.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index bcf90752b..b7258283f 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.21 +FROM alpine:3.22 LABEL maintainer="NGINX Docker Maintainers " diff --git a/update.sh b/update.sh index dfe7935a2..ede32ea27 100755 --- a/update.sh +++ b/update.sh @@ -55,7 +55,7 @@ declare -A debian=( ) declare -A alpine=( - [mainline]='3.21' + [mainline]='3.22' [stable]='3.21' ) From 6a0bb106841e86fb043b4cbfb526135c7a7f0c72 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 24 Jun 2025 12:11:04 -0700 Subject: [PATCH 281/306] Updated nginx mainline to 1.29.0 and njs to 0.9.0. --- update.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/update.sh b/update.sh index ede32ea27..e85d193f4 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.27.5' + [mainline]='1.29.0' [stable]='1.28.0' ) # Current njs versions declare -A njs=( - [mainline]='0.8.10' + [mainline]='0.9.0' [stable]='0.8.10' ) @@ -72,7 +72,7 @@ declare -A rev=( # revision/tag in the previous block # Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745' + [mainline]='400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1' [stable]='517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4' ) From 7895505c41013f66d3841cd2613b436229c1fe0e Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 24 Jun 2025 12:11:24 -0700 Subject: [PATCH 282/306] Regenerated dockerfiles after the last commit. --- mainline/alpine-otel/Dockerfile | 4 ++-- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-otel/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 6 +++--- 7 files changed, 16 insertions(+), 16 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index d7b73e6e6..87c8559b1 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.5-alpine +FROM nginx:1.29.0-alpine ENV OTEL_VERSION 0.1.2 @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 43a9b54e1..5bbd2d7c9 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.5-alpine +FROM nginx:1.29.0-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -46,7 +46,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index b7258283f..f9fd0dd6f 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.22 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.27.5 +ENV NGINX_VERSION 1.29.0 ENV PKG_RELEASE 1 ENV DYNPKG_RELEASE 1 @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index aafff7413..d52960271 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.5-alpine-slim +FROM nginx:1.29.0-alpine-slim -ENV NJS_VERSION 0.8.10 +ENV NJS_VERSION 0.9.0 ENV NJS_RELEASE 1 RUN set -x \ @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 199614ff7..4b551fc43 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.5 +FROM nginx:1.29.0 ENV OTEL_VERSION 0.1.2 @@ -50,7 +50,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 940ef74d7..37d0b8713 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.27.5 +FROM nginx:1.29.0 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -48,7 +48,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index f034b778a..9e9f0ce44 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.27.5 -ENV NJS_VERSION 0.8.10 +ENV NGINX_VERSION 1.29.0 +ENV NJS_VERSION 0.9.0 ENV NJS_RELEASE 1~bookworm ENV PKG_RELEASE 1~bookworm ENV DYNPKG_RELEASE 1~bookworm @@ -77,7 +77,7 @@ RUN set -x \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ From c3dcb125c9534ed5e76ebba48171b26411b8e478 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 24 Jun 2025 13:53:53 -0700 Subject: [PATCH 283/306] Bump versions in auxiliary scripts. --- generate-stackbrew-library.sh | 2 +- sync-awsecr.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 8776c6868..021332fad 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -3,7 +3,7 @@ set -eu declare -A aliases aliases=( - [mainline]='1 1.27 latest' + [mainline]='1 1.29 latest' [stable]='1.28' ) diff --git a/sync-awsecr.sh b/sync-awsecr.sh index af1ed2bc8..599a33a12 100755 --- a/sync-awsecr.sh +++ b/sync-awsecr.sh @@ -6,7 +6,7 @@ registry="public.ecr.aws/z9d2n7e1" declare -A aliases aliases=( - [mainline]='1 1.27 latest' + [mainline]='1 1.29 latest' [stable]='1.28' ) From 0b49b8b12fd214b633114ac16d2dfd65d45ff160 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 14 Jul 2025 14:36:10 -0700 Subject: [PATCH 284/306] Pass GPG key ids as separate arguments when exporting. This makes sure all keys are exported to a keyring archive, as opposed to only the first key. --- Dockerfile-debian.template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 9138f4c9a..644e0de07 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -29,7 +29,7 @@ RUN set -x \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ done; \ - gpg1 --export "$NGINX_GPGKEYS" > "$NGINX_GPGKEY_PATH" ; \ + gpg1 --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \ rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ From b2faad22d5d15d966e46922033681639b2a6d6fa Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 14 Jul 2025 14:42:25 -0700 Subject: [PATCH 285/306] Regenerated dockerfiles after the last commit. --- mainline/debian/Dockerfile | 2 +- stable/debian/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 9e9f0ce44..84b47aef0 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -34,7 +34,7 @@ RUN set -x \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ done; \ - gpg1 --export "$NGINX_GPGKEYS" > "$NGINX_GPGKEY_PATH" ; \ + gpg1 --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \ rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index d0b7cf625..447f10ec1 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -34,7 +34,7 @@ RUN set -x \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ done; \ - gpg1 --export "$NGINX_GPGKEYS" > "$NGINX_GPGKEY_PATH" ; \ + gpg1 --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \ rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ From 8852665dbc86d516617450cf6117786a93f37bea Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 14 Jul 2025 18:04:28 -0700 Subject: [PATCH 286/306] gpg: use --batch for all invocations. Suggested-by: https://github.com/docker-library/official-images/pull/19467#issuecomment-3071271603 --- Dockerfile-debian.template | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 644e0de07..57abba1ab 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -25,11 +25,11 @@ RUN set -x \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + gpg1 --batch --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ done; \ - gpg1 --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \ + gpg1 --batch --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \ rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ From 95de31b3a72d30853977968822f866727074662a Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 6 Aug 2025 16:12:22 -0700 Subject: [PATCH 287/306] Fixed a typo in 10-listen-on-ipv6-by-default.sh. --- entrypoint/10-listen-on-ipv6-by-default.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint/10-listen-on-ipv6-by-default.sh b/entrypoint/10-listen-on-ipv6-by-default.sh index b90bf0c94..61a901dee 100755 --- a/entrypoint/10-listen-on-ipv6-by-default.sh +++ b/entrypoint/10-listen-on-ipv6-by-default.sh @@ -27,7 +27,7 @@ fi touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::\]:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release From 9b549fdf936778810dbe95a4813899c60444ef1c Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 6 Aug 2025 16:21:14 -0700 Subject: [PATCH 288/306] Regenerated dockerfiles after last commits. --- mainline/alpine-slim/10-listen-on-ipv6-by-default.sh | 2 +- mainline/debian/10-listen-on-ipv6-by-default.sh | 2 +- mainline/debian/Dockerfile | 4 ++-- stable/alpine-slim/10-listen-on-ipv6-by-default.sh | 2 +- stable/debian/10-listen-on-ipv6-by-default.sh | 2 +- stable/debian/Dockerfile | 4 ++-- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh b/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh index b90bf0c94..61a901dee 100755 --- a/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh @@ -27,7 +27,7 @@ fi touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::\]:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release diff --git a/mainline/debian/10-listen-on-ipv6-by-default.sh b/mainline/debian/10-listen-on-ipv6-by-default.sh index b90bf0c94..61a901dee 100755 --- a/mainline/debian/10-listen-on-ipv6-by-default.sh +++ b/mainline/debian/10-listen-on-ipv6-by-default.sh @@ -27,7 +27,7 @@ fi touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::\]:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 84b47aef0..69b5fcf01 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -30,11 +30,11 @@ RUN set -x \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + gpg1 --batch --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ done; \ - gpg1 --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \ + gpg1 --batch --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \ rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ diff --git a/stable/alpine-slim/10-listen-on-ipv6-by-default.sh b/stable/alpine-slim/10-listen-on-ipv6-by-default.sh index b90bf0c94..61a901dee 100755 --- a/stable/alpine-slim/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine-slim/10-listen-on-ipv6-by-default.sh @@ -27,7 +27,7 @@ fi touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::\]:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release diff --git a/stable/debian/10-listen-on-ipv6-by-default.sh b/stable/debian/10-listen-on-ipv6-by-default.sh index b90bf0c94..61a901dee 100755 --- a/stable/debian/10-listen-on-ipv6-by-default.sh +++ b/stable/debian/10-listen-on-ipv6-by-default.sh @@ -27,7 +27,7 @@ fi touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::\]:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 447f10ec1..99f34952d 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -30,11 +30,11 @@ RUN set -x \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + gpg1 --batch --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ done; \ test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ done; \ - gpg1 --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \ + gpg1 --batch --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \ rm -rf "$GNUPGHOME"; \ apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ && dpkgArch="$(dpkg --print-architecture)" \ From 5a4ad48c733b365d69a4d1c9946a9d8480469c7f Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Wed, 13 Aug 2025 09:03:44 -0700 Subject: [PATCH 289/306] Updated nginx mainline to 1.29.1 and njs to 0.9.1. --- mainline/alpine-otel/Dockerfile | 4 ++-- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-otel/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 6 +++--- update.sh | 6 +++--- 8 files changed, 19 insertions(+), 19 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index 87c8559b1..ae0cd5ea6 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.0-alpine +FROM nginx:1.29.1-alpine ENV OTEL_VERSION 0.1.2 @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 5bbd2d7c9..83bee1124 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.0-alpine +FROM nginx:1.29.1-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -46,7 +46,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index f9fd0dd6f..2edb07765 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.22 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.29.0 +ENV NGINX_VERSION 1.29.1 ENV PKG_RELEASE 1 ENV DYNPKG_RELEASE 1 @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index d52960271..6c7ad1f77 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.0-alpine-slim +FROM nginx:1.29.1-alpine-slim -ENV NJS_VERSION 0.9.0 +ENV NJS_VERSION 0.9.1 ENV NJS_RELEASE 1 RUN set -x \ @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 4b551fc43..6bdb7325b 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.0 +FROM nginx:1.29.1 ENV OTEL_VERSION 0.1.2 @@ -50,7 +50,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 37d0b8713..8e0e79ac1 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.0 +FROM nginx:1.29.1 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -48,7 +48,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 69b5fcf01..3d08fc15d 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:bookworm-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.29.0 -ENV NJS_VERSION 0.9.0 +ENV NGINX_VERSION 1.29.1 +ENV NJS_VERSION 0.9.1 ENV NJS_RELEASE 1~bookworm ENV PKG_RELEASE 1~bookworm ENV DYNPKG_RELEASE 1~bookworm @@ -77,7 +77,7 @@ RUN set -x \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/update.sh b/update.sh index e85d193f4..65e54101d 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.29.0' + [mainline]='1.29.1' [stable]='1.28.0' ) # Current njs versions declare -A njs=( - [mainline]='0.9.0' + [mainline]='0.9.1' [stable]='0.8.10' ) @@ -72,7 +72,7 @@ declare -A rev=( # revision/tag in the previous block # Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='400593da45fc0195a01138c0c23a06059da1c6a2e26959f2c4c95fbaf63436ff211665ef01392d2b775a0133d5b57680dabe51b840a55f82e89621e84cf651d1' + [mainline]='43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4' [stable]='517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4' ) From 3cabe641e7f111919a661430d77cf4c70a3a2794 Mon Sep 17 00:00:00 2001 From: Jesper Noordsij Date: Wed, 13 Aug 2025 09:29:26 +0200 Subject: [PATCH 290/306] Update mainline to Debian trixie --- mainline/debian-otel/Dockerfile | 2 +- mainline/debian-perl/Dockerfile | 2 +- mainline/debian/Dockerfile | 10 +++++----- update.sh | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 6bdb7325b..41eb50f54 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -21,7 +21,7 @@ RUN set -x; \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ trixie nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 8e0e79ac1..71a034617 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -19,7 +19,7 @@ RUN set -x; \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ trixie nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 3d08fc15d..ecc07412f 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -3,15 +3,15 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM debian:bookworm-slim +FROM debian:trixie-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.29.1 ENV NJS_VERSION 0.9.1 -ENV NJS_RELEASE 1~bookworm -ENV PKG_RELEASE 1~bookworm -ENV DYNPKG_RELEASE 1~bookworm +ENV NJS_RELEASE 1~trixie +ENV PKG_RELEASE 1~trixie +ENV DYNPKG_RELEASE 1~trixie RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -48,7 +48,7 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ trixie nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ diff --git a/update.sh b/update.sh index 65e54101d..0b8af1793 100755 --- a/update.sh +++ b/update.sh @@ -50,7 +50,7 @@ declare -A dynpkg=( ) declare -A debian=( - [mainline]='bookworm' + [mainline]='trixie' [stable]='bookworm' ) From 78438bffee73f0badc243eea35909cede2d3afd7 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 7 Oct 2025 12:47:41 -0700 Subject: [PATCH 291/306] Updated mainline nginx to 1.29.2 and njs to 0.9.3. --- update.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/update.sh b/update.sh index 0b8af1793..ca9491891 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.29.1' + [mainline]='1.29.2' [stable]='1.28.0' ) # Current njs versions declare -A njs=( - [mainline]='0.9.1' + [mainline]='0.9.3' [stable]='0.8.10' ) @@ -72,7 +72,7 @@ declare -A rev=( # revision/tag in the previous block # Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4' + [mainline]='633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700' [stable]='517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4' ) From c3785f2653008f9354c3d29a54d8c5459c53fa60 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 7 Oct 2025 12:48:18 -0700 Subject: [PATCH 292/306] Regenerated Dockerfiles after the last commit. --- mainline/alpine-otel/Dockerfile | 4 ++-- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-otel/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 6 +++--- 7 files changed, 16 insertions(+), 16 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index ae0cd5ea6..52b98949e 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.1-alpine +FROM nginx:1.29.2-alpine ENV OTEL_VERSION 0.1.2 @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 83bee1124..b16c406f6 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.1-alpine +FROM nginx:1.29.2-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -46,7 +46,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 2edb07765..d09211eec 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.22 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.29.1 +ENV NGINX_VERSION 1.29.2 ENV PKG_RELEASE 1 ENV DYNPKG_RELEASE 1 @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 6c7ad1f77..5d9aae8f8 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.1-alpine-slim +FROM nginx:1.29.2-alpine-slim -ENV NJS_VERSION 0.9.1 +ENV NJS_VERSION 0.9.3 ENV NJS_RELEASE 1 RUN set -x \ @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 41eb50f54..075e43f54 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.1 +FROM nginx:1.29.2 ENV OTEL_VERSION 0.1.2 @@ -50,7 +50,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 71a034617..258db626d 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.1 +FROM nginx:1.29.2 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -48,7 +48,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index ecc07412f..b2eea0ea8 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:trixie-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.29.1 -ENV NJS_VERSION 0.9.1 +ENV NGINX_VERSION 1.29.2 +ENV NJS_VERSION 0.9.3 ENV NJS_RELEASE 1~trixie ENV PKG_RELEASE 1~trixie ENV DYNPKG_RELEASE 1~trixie @@ -77,7 +77,7 @@ RUN set -x \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="43ecd667d9039c9ab0fab9068c16b37825b15f7d4ef6ea8f36a41378bdf1a198463c751f8b76cfe2aef7ffa8dd9f88f180b958a8189d770258b5a97dc302daf4 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ From b75b089789daa4ce5510d6cb246147cb1eb8922d Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 7 Oct 2025 14:15:47 -0700 Subject: [PATCH 293/306] library: allow redefining architectures to build Debian-based images for. mainline is now based on trixie, which removes mips64le and adds riscv64. stable is currently kept as-is. --- generate-stackbrew-library.sh | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 021332fad..13a18cfe0 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -13,6 +13,12 @@ base=debian versions=( mainline stable ) +declare -A debian_architectures +debian_architectures=( + [mainline]='amd64, arm32v5, arm32v7, arm64v8, i386, ppc64le, riscv64, s390x' + [stable]='amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x' +) + # get the most recent commit which modified any of "$@" fileCommit() { git log -1 --format='format:%H' HEAD -- "$@" @@ -69,7 +75,7 @@ for version in "${versions[@]}"; do echo cat <<-EOE Tags: $(join ', ' "${versionAliases[@]}"), $(join ', ' "${debianAliases[@]}") - Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x + Architectures: ${debian_architectures[$version]} GitCommit: $commit Directory: $version/$base EOE @@ -84,7 +90,7 @@ for version in "${versions[@]}"; do echo cat <<-EOE Tags: $(join ', ' "${variantAliases[@]}") - Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x + Architectures: ${debian_architectures[$version]} GitCommit: $commit Directory: $version/$variant EOE From 1a3dfcb82c76fa8d292d42188cc71866e657a005 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 28 Oct 2025 11:52:47 -0700 Subject: [PATCH 294/306] Update mainline nginx to 1.29.3 and njs to 0.9.4 --- update.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/update.sh b/update.sh index ca9491891..50f9d2a11 100755 --- a/update.sh +++ b/update.sh @@ -12,13 +12,13 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.29.2' + [mainline]='1.29.3' [stable]='1.28.0' ) # Current njs versions declare -A njs=( - [mainline]='0.9.3' + [mainline]='0.9.4' [stable]='0.8.10' ) @@ -72,7 +72,7 @@ declare -A rev=( # revision/tag in the previous block # Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700' + [mainline]='249858446828ace0c81ea3e057135aa368f3dab83430cf867bb9fc32598948f29c4bd50908491da704536af1106aa87553f6a76cc126c6833dc9b14dd00564b8' [stable]='517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4' ) From e4d5453581d9d3618f77c4aeccf2e6171a1cd6ff Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 28 Oct 2025 11:53:09 -0700 Subject: [PATCH 295/306] Regenerated Dockerfiles after the last commit --- mainline/alpine-otel/Dockerfile | 4 ++-- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 4 ++-- mainline/alpine/Dockerfile | 6 +++--- mainline/debian-otel/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 6 +++--- 7 files changed, 16 insertions(+), 16 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index 52b98949e..495c61e18 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.2-alpine +FROM nginx:1.29.3-alpine ENV OTEL_VERSION 0.1.2 @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"249858446828ace0c81ea3e057135aa368f3dab83430cf867bb9fc32598948f29c4bd50908491da704536af1106aa87553f6a76cc126c6833dc9b14dd00564b8 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index b16c406f6..837daac1f 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.2-alpine +FROM nginx:1.29.3-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -46,7 +46,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"249858446828ace0c81ea3e057135aa368f3dab83430cf867bb9fc32598948f29c4bd50908491da704536af1106aa87553f6a76cc126c6833dc9b14dd00564b8 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index d09211eec..9fe90d6f6 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -7,7 +7,7 @@ FROM alpine:3.22 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.29.2 +ENV NGINX_VERSION 1.29.3 ENV PKG_RELEASE 1 ENV DYNPKG_RELEASE 1 @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"249858446828ace0c81ea3e057135aa368f3dab83430cf867bb9fc32598948f29c4bd50908491da704536af1106aa87553f6a76cc126c6833dc9b14dd00564b8 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 5d9aae8f8..ff89c3b25 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.2-alpine-slim +FROM nginx:1.29.3-alpine-slim -ENV NJS_VERSION 0.9.3 +ENV NJS_VERSION 0.9.4 ENV NJS_RELEASE 1 RUN set -x \ @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"249858446828ace0c81ea3e057135aa368f3dab83430cf867bb9fc32598948f29c4bd50908491da704536af1106aa87553f6a76cc126c6833dc9b14dd00564b8 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 075e43f54..da68ae7c9 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.2 +FROM nginx:1.29.3 ENV OTEL_VERSION 0.1.2 @@ -50,7 +50,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="249858446828ace0c81ea3e057135aa368f3dab83430cf867bb9fc32598948f29c4bd50908491da704536af1106aa87553f6a76cc126c6833dc9b14dd00564b8 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index 258db626d..ef0ad258a 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.2 +FROM nginx:1.29.3 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -48,7 +48,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="249858446828ace0c81ea3e057135aa368f3dab83430cf867bb9fc32598948f29c4bd50908491da704536af1106aa87553f6a76cc126c6833dc9b14dd00564b8 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index b2eea0ea8..27b4e1312 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,8 +7,8 @@ FROM debian:trixie-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.29.2 -ENV NJS_VERSION 0.9.3 +ENV NGINX_VERSION 1.29.3 +ENV NJS_VERSION 0.9.4 ENV NJS_RELEASE 1~trixie ENV PKG_RELEASE 1~trixie ENV DYNPKG_RELEASE 1~trixie @@ -77,7 +77,7 @@ RUN set -x \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="633b2a8b56bd48527d7e293a255fd706dfbb5a9c47605ff18e91a2a409801043ee00ecb0da5fadf9cdf1d483c5ca848e81c1861870619523e15ca9e494b6e700 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="249858446828ace0c81ea3e057135aa368f3dab83430cf867bb9fc32598948f29c4bd50908491da704536af1106aa87553f6a76cc126c6833dc9b14dd00564b8 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ From 74eadcb7b5b04430ced1608646d21dcc796f98d4 Mon Sep 17 00:00:00 2001 From: Gnought <1684105+gnought@users.noreply.github.com> Date: Sat, 6 Dec 2025 08:23:29 +0800 Subject: [PATCH 296/306] chore: bump echo-nginx-module from 0.63 to 0.64 --- modules/echo/source | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/echo/source b/modules/echo/source index 78cb376e9..19c767245 100644 --- a/modules/echo/source +++ b/modules/echo/source @@ -1 +1 @@ -https://github.com/openresty/echo-nginx-module/archive/v0.63.tar.gz +https://github.com/openresty/echo-nginx-module/archive/v0.64.tar.gz From 92f6adb437aecb09a766c022c7cb379c63781ffd Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 9 Dec 2025 13:16:36 -0800 Subject: [PATCH 297/306] Update mainline nginx to 1.29.4 While at it, update mainline images to use Alpine Linux 3.23. --- update.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/update.sh b/update.sh index 50f9d2a11..7e9d231b0 100755 --- a/update.sh +++ b/update.sh @@ -12,7 +12,7 @@ declare branches=( # Current nginx versions # Remember to update pkgosschecksum when changing this. declare -A nginx=( - [mainline]='1.29.3' + [mainline]='1.29.4' [stable]='1.28.0' ) @@ -55,7 +55,7 @@ declare -A debian=( ) declare -A alpine=( - [mainline]='3.22' + [mainline]='3.23' [stable]='3.21' ) @@ -72,7 +72,7 @@ declare -A rev=( # revision/tag in the previous block # Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( - [mainline]='249858446828ace0c81ea3e057135aa368f3dab83430cf867bb9fc32598948f29c4bd50908491da704536af1106aa87553f6a76cc126c6833dc9b14dd00564b8' + [mainline]='e8b08060e10b8d8819e03533cb4922992ea138bcbf16a89a90593db719f17d78afa1cc4785592260c9c897753ec28c8b0d02c01df4b7d0e0ed286d0a42cef68c' [stable]='517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4' ) From afa829ae8cd9e25cf539cb03167dff1162f852cb Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 9 Dec 2025 13:17:21 -0800 Subject: [PATCH 298/306] Regenerated dockerfiles after the last commit --- mainline/alpine-otel/Dockerfile | 4 ++-- mainline/alpine-perl/Dockerfile | 4 ++-- mainline/alpine-slim/Dockerfile | 6 +++--- mainline/alpine/Dockerfile | 4 ++-- mainline/debian-otel/Dockerfile | 4 ++-- mainline/debian-perl/Dockerfile | 4 ++-- mainline/debian/Dockerfile | 4 ++-- 7 files changed, 15 insertions(+), 15 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index 495c61e18..52a5d70f3 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.3-alpine +FROM nginx:1.29.4-alpine ENV OTEL_VERSION 0.1.2 @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"249858446828ace0c81ea3e057135aa368f3dab83430cf867bb9fc32598948f29c4bd50908491da704536af1106aa87553f6a76cc126c6833dc9b14dd00564b8 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"e8b08060e10b8d8819e03533cb4922992ea138bcbf16a89a90593db719f17d78afa1cc4785592260c9c897753ec28c8b0d02c01df4b7d0e0ed286d0a42cef68c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 837daac1f..4f708e845 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.3-alpine +FROM nginx:1.29.4-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -46,7 +46,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"249858446828ace0c81ea3e057135aa368f3dab83430cf867bb9fc32598948f29c4bd50908491da704536af1106aa87553f6a76cc126c6833dc9b14dd00564b8 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"e8b08060e10b8d8819e03533cb4922992ea138bcbf16a89a90593db719f17d78afa1cc4785592260c9c897753ec28c8b0d02c01df4b7d0e0ed286d0a42cef68c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index 9fe90d6f6..2ae5d7e5c 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -3,11 +3,11 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.22 +FROM alpine:3.23 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.29.3 +ENV NGINX_VERSION 1.29.4 ENV PKG_RELEASE 1 ENV DYNPKG_RELEASE 1 @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"249858446828ace0c81ea3e057135aa368f3dab83430cf867bb9fc32598948f29c4bd50908491da704536af1106aa87553f6a76cc126c6833dc9b14dd00564b8 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"e8b08060e10b8d8819e03533cb4922992ea138bcbf16a89a90593db719f17d78afa1cc4785592260c9c897753ec28c8b0d02c01df4b7d0e0ed286d0a42cef68c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index ff89c3b25..3f4d280bc 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.3-alpine-slim +FROM nginx:1.29.4-alpine-slim ENV NJS_VERSION 0.9.4 ENV NJS_RELEASE 1 @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"249858446828ace0c81ea3e057135aa368f3dab83430cf867bb9fc32598948f29c4bd50908491da704536af1106aa87553f6a76cc126c6833dc9b14dd00564b8 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"e8b08060e10b8d8819e03533cb4922992ea138bcbf16a89a90593db719f17d78afa1cc4785592260c9c897753ec28c8b0d02c01df4b7d0e0ed286d0a42cef68c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index da68ae7c9..7db184555 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.3 +FROM nginx:1.29.4 ENV OTEL_VERSION 0.1.2 @@ -50,7 +50,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="249858446828ace0c81ea3e057135aa368f3dab83430cf867bb9fc32598948f29c4bd50908491da704536af1106aa87553f6a76cc126c6833dc9b14dd00564b8 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="e8b08060e10b8d8819e03533cb4922992ea138bcbf16a89a90593db719f17d78afa1cc4785592260c9c897753ec28c8b0d02c01df4b7d0e0ed286d0a42cef68c *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index ef0ad258a..f1187a144 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.29.3 +FROM nginx:1.29.4 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -48,7 +48,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="249858446828ace0c81ea3e057135aa368f3dab83430cf867bb9fc32598948f29c4bd50908491da704536af1106aa87553f6a76cc126c6833dc9b14dd00564b8 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="e8b08060e10b8d8819e03533cb4922992ea138bcbf16a89a90593db719f17d78afa1cc4785592260c9c897753ec28c8b0d02c01df4b7d0e0ed286d0a42cef68c *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 27b4e1312..140b570b7 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -7,7 +7,7 @@ FROM debian:trixie-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.29.3 +ENV NGINX_VERSION 1.29.4 ENV NJS_VERSION 0.9.4 ENV NJS_RELEASE 1~trixie ENV PKG_RELEASE 1~trixie @@ -77,7 +77,7 @@ RUN set -x \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="249858446828ace0c81ea3e057135aa368f3dab83430cf867bb9fc32598948f29c4bd50908491da704536af1106aa87553f6a76cc126c6833dc9b14dd00564b8 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="e8b08060e10b8d8819e03533cb4922992ea138bcbf16a89a90593db719f17d78afa1cc4785592260c9c897753ec28c8b0d02c01df4b7d0e0ed286d0a42cef68c *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ From df5ce7be2ddbb1d0938a1b5dd89b1da22b3f048a Mon Sep 17 00:00:00 2001 From: Robin Schneider Date: Wed, 10 Dec 2025 08:48:01 +0100 Subject: [PATCH 299/306] Fix PR template --- .github/pull_request_template.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 0dc5899cf..da0cd713b 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -6,9 +6,9 @@ Describe the use case and detail of the change. If this PR addresses an issue on Before creating a PR, run through this checklist and mark each as complete: -- [ ] I have read the [contributing guidelines](/CONTRIBUTING.md) +- [ ] I have read the [contributing guidelines](https://github.com/nginx/docker-nginx/blob/master/CONTRIBUTING.md) - [ ] I have signed the [F5 Contributor License Agreement (CLA)](https://github.com/f5/f5-cla/blob/main/docs/f5_cla.md) - [ ] I have run `./update.sh` and ensured all entrypoint/Dockerfile template changes have been applied to the relevant image entrypoint scripts & Dockerfiles - [ ] If applicable, I have added tests that prove my fix is effective or that my feature works - [ ] If applicable, I have checked that any relevant tests pass after adding my changes -- [ ] I have updated any relevant documentation ([`README.md`](/README.md) and/or [`modules/README.md`](/modules/README.md)) +- [ ] I have updated any relevant documentation ([`README.md`](https://github.com/nginx/docker-nginx/blob/master/README.md) and/or [`modules/README.md`](https://github.com/nginx/docker-nginx/blob/master/modules/README.md)) From 0c973d79ca899ac1ce5b715e6e0c84866c7b94c9 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Dec 2025 12:23:14 -0800 Subject: [PATCH 300/306] Updated stable nginx to 1.28.1 and njs to 0.9.4 --- update.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/update.sh b/update.sh index 7e9d231b0..cca3f8852 100755 --- a/update.sh +++ b/update.sh @@ -13,13 +13,13 @@ declare branches=( # Remember to update pkgosschecksum when changing this. declare -A nginx=( [mainline]='1.29.4' - [stable]='1.28.0' + [stable]='1.28.1' ) # Current njs versions declare -A njs=( [mainline]='0.9.4' - [stable]='0.8.10' + [stable]='0.9.4' ) # Current njs patchlevel version @@ -73,7 +73,7 @@ declare -A rev=( # Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( [mainline]='e8b08060e10b8d8819e03533cb4922992ea138bcbf16a89a90593db719f17d78afa1cc4785592260c9c897753ec28c8b0d02c01df4b7d0e0ed286d0a42cef68c' - [stable]='517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4' + [stable]='4d43d5eadf39a2428e91a4e6fde0188f1cfb76354598d818d2ef2f8ff5cfa8d65993248b19a2d7ae663798d2362905e63ebd5dca6ca82cabc2831631d0e079ea' ) get_packages() { From 1733df4445c59503d7855d6d8bed74cf049ac570 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Dec 2025 12:23:44 -0800 Subject: [PATCH 301/306] Moved stable nginx to Trixie and Alpine 3.23 --- generate-stackbrew-library.sh | 2 +- update.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 13a18cfe0..fe79a05c7 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -16,7 +16,7 @@ versions=( mainline stable ) declare -A debian_architectures debian_architectures=( [mainline]='amd64, arm32v5, arm32v7, arm64v8, i386, ppc64le, riscv64, s390x' - [stable]='amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x' + [stable]='amd64, arm32v5, arm32v7, arm64v8, i386, ppc64le, riscv64, s390x' ) # get the most recent commit which modified any of "$@" diff --git a/update.sh b/update.sh index cca3f8852..54b729bb7 100755 --- a/update.sh +++ b/update.sh @@ -51,12 +51,12 @@ declare -A dynpkg=( declare -A debian=( [mainline]='trixie' - [stable]='bookworm' + [stable]='trixie' ) declare -A alpine=( [mainline]='3.23' - [stable]='3.21' + [stable]='3.23' ) # When we bump njs version in a stable release we don't move the tag in the From 50dc9c37b0668fd9e7760c9841c3bef50e8d4227 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 23 Dec 2025 12:25:21 -0800 Subject: [PATCH 302/306] Updated dockerfiles after the last commits --- stable/alpine-otel/Dockerfile | 4 ++-- stable/alpine-perl/Dockerfile | 4 ++-- stable/alpine-slim/Dockerfile | 6 +++--- stable/alpine/Dockerfile | 6 +++--- stable/debian-otel/Dockerfile | 6 +++--- stable/debian-perl/Dockerfile | 6 +++--- stable/debian/Dockerfile | 16 ++++++++-------- 7 files changed, 24 insertions(+), 24 deletions(-) diff --git a/stable/alpine-otel/Dockerfile b/stable/alpine-otel/Dockerfile index 7ca1a94b4..d2a2ee7cd 100644 --- a/stable/alpine-otel/Dockerfile +++ b/stable/alpine-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.28.0-alpine +FROM nginx:1.28.1-alpine ENV OTEL_VERSION 0.1.2 @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"4d43d5eadf39a2428e91a4e6fde0188f1cfb76354598d818d2ef2f8ff5cfa8d65993248b19a2d7ae663798d2362905e63ebd5dca6ca82cabc2831631d0e079ea *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 9676d8bc5..16817ea9a 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.28.0-alpine +FROM nginx:1.28.1-alpine RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -46,7 +46,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"4d43d5eadf39a2428e91a4e6fde0188f1cfb76354598d818d2ef2f8ff5cfa8d65993248b19a2d7ae663798d2362905e63ebd5dca6ca82cabc2831631d0e079ea *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 29bf5ba2a..676bf03f6 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -3,11 +3,11 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.21 +FROM alpine:3.23 LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.28.0 +ENV NGINX_VERSION 1.28.1 ENV PKG_RELEASE 1 ENV DYNPKG_RELEASE 1 @@ -59,7 +59,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"4d43d5eadf39a2428e91a4e6fde0188f1cfb76354598d818d2ef2f8ff5cfa8d65993248b19a2d7ae663798d2362905e63ebd5dca6ca82cabc2831631d0e079ea *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index fb0c900a9..74510b8c4 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -3,9 +3,9 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.28.0-alpine-slim +FROM nginx:1.28.1-alpine-slim -ENV NJS_VERSION 0.8.10 +ENV NJS_VERSION 0.9.4 ENV NJS_RELEASE 1 RUN set -x \ @@ -51,7 +51,7 @@ RUN set -x \ export HOME=${tempDir} \ && cd ${tempDir} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ + && PKGOSSCHECKSUM=\"4d43d5eadf39a2428e91a4e6fde0188f1cfb76354598d818d2ef2f8ff5cfa8d65993248b19a2d7ae663798d2362905e63ebd5dca6ca82cabc2831631d0e079ea *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ diff --git a/stable/debian-otel/Dockerfile b/stable/debian-otel/Dockerfile index e4129a437..35e7cb05a 100644 --- a/stable/debian-otel/Dockerfile +++ b/stable/debian-otel/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.28.0 +FROM nginx:1.28.1 ENV OTEL_VERSION 0.1.2 @@ -21,7 +21,7 @@ RUN set -x; \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ trixie nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ @@ -50,7 +50,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="4d43d5eadf39a2428e91a4e6fde0188f1cfb76354598d818d2ef2f8ff5cfa8d65993248b19a2d7ae663798d2362905e63ebd5dca6ca82cabc2831631d0e079ea *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index bda0e1b84..7b0daea7a 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM nginx:1.28.0 +FROM nginx:1.28.1 RUN set -x; \ NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \ @@ -19,7 +19,7 @@ RUN set -x; \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ trixie nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ @@ -48,7 +48,7 @@ RUN set -x; \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="4d43d5eadf39a2428e91a4e6fde0188f1cfb76354598d818d2ef2f8ff5cfa8d65993248b19a2d7ae663798d2362905e63ebd5dca6ca82cabc2831631d0e079ea *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 99f34952d..c51dc2888 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -3,15 +3,15 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM debian:bookworm-slim +FROM debian:trixie-slim LABEL maintainer="NGINX Docker Maintainers " -ENV NGINX_VERSION 1.28.0 -ENV NJS_VERSION 0.8.10 -ENV NJS_RELEASE 1~bookworm -ENV PKG_RELEASE 1~bookworm -ENV DYNPKG_RELEASE 1~bookworm +ENV NGINX_VERSION 1.28.1 +ENV NJS_VERSION 0.9.4 +ENV NJS_RELEASE 1~trixie +ENV PKG_RELEASE 1~trixie +ENV DYNPKG_RELEASE 1~trixie RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -48,7 +48,7 @@ RUN set -x \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ trixie nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ @@ -77,7 +77,7 @@ RUN set -x \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="4d43d5eadf39a2428e91a4e6fde0188f1cfb76354598d818d2ef2f8ff5cfa8d65993248b19a2d7ae663798d2362905e63ebd5dca6ca82cabc2831631d0e079ea *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ From a763c4634835305c25d86aae388890ace226af1b Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 28 Oct 2025 14:12:17 -0700 Subject: [PATCH 303/306] Added nginx-module-acme to the main image --- Dockerfile-alpine.template | 3 +++ Dockerfile-debian.template | 3 +++ update.sh | 17 ++++++++++++++--- 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index bc77dfd61..8d5c77c95 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -2,6 +2,7 @@ FROM nginx:%%NGINX_VERSION%%-alpine-slim ENV NJS_VERSION %%NJS_VERSION%% ENV NJS_RELEASE %%NJS_RELEASE%% +ENV ACME_VERSION %%ACME_VERSION%% RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -37,6 +38,8 @@ RUN set -x \ alpine-sdk \ findutils \ curl \ + cargo \ + clang-libclang \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 57abba1ab..eceae24e2 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -5,6 +5,7 @@ LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION %%NGINX_VERSION%% ENV NJS_VERSION %%NJS_VERSION%% ENV NJS_RELEASE %%NJS_RELEASE%% +ENV ACME_VERSION %%ACME_VERSION%% ENV PKG_RELEASE %%PKG_RELEASE%% ENV DYNPKG_RELEASE %%DYNPKG_RELEASE%% @@ -55,6 +56,7 @@ RUN set -x \ # build .deb files from upstream's packaging sources && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y \ + cargo \ curl \ devscripts \ equivs \ @@ -64,6 +66,7 @@ RUN set -x \ xsltproc \ && ( \ cd "$tempDir" \ + && export CARGO_HOME="$tempDir/.cargo" \ && REVISION="%%REVISION%%" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ diff --git a/update.sh b/update.sh index 54b729bb7..7ee9fb6e0 100755 --- a/update.sh +++ b/update.sh @@ -35,6 +35,12 @@ declare -A otel=( [stable]='0.1.2' ) +# Current acme versions +declare -A acme=( + [mainline]='0.3.1' + [stable]='0.3.1' +) + # Current nginx package patchlevel version # Remember to update pkgosschecksum when changing this. declare -A pkg=( @@ -122,7 +128,10 @@ get_packages() { echo -n ' '"$p"'=${NGINX_VERSION}-'"$r"'${DYNPKG_RELEASE} \\\n' done for p in nginx-module-njs; do - echo -n ' '"$p"'=${NGINX_VERSION}'"$sep"'${NJS_VERSION}-'"$r"'${NJS_RELEASE} \\'"$bn" + echo -n ' '"$p"'=${NGINX_VERSION}'"$sep"'${NJS_VERSION}-'"$r"'${NJS_RELEASE} \\\n' + done + for p in nginx-module-acme; do + echo -n ' '"$p"'=${NGINX_VERSION}'"$sep"'${ACME_VERSION}-'"$r"'${PKG_RELEASE} \\'"$bn" done for p in $otel; do echo -n ' '"$p"'=${NGINX_VERSION}'"$sep"'${OTEL_VERSION}-'"$r"'${PKG_RELEASE} \\' @@ -180,10 +189,10 @@ get_buildtarget() { echo base ;; alpine) - echo module-geoip module-image-filter module-njs module-xslt + echo module-geoip module-image-filter module-njs module-xslt module-acme ;; debian) - echo base module-geoip module-image-filter module-njs module-xslt + echo base module-geoip module-image-filter module-njs module-xslt module-acme ;; *-perl) echo module-perl @@ -225,6 +234,7 @@ for branch in "${branches[@]}"; do nginxver="${nginx[$branch]}" njsver="${njs[${branch}]}" otelver="${otel[${branch}]}" + acmever="${acme[${branch}]}" revver="${rev[${branch}]}" pkgosschecksumver="${pkgosschecksum[${branch}]}" @@ -243,6 +253,7 @@ for branch in "${branches[@]}"; do -e 's,%%NJS_VERSION%%,'"$njsver"',' \ -e 's,%%NJS_RELEASE%%,'"$njspkgver"',' \ -e 's,%%OTEL_VERSION%%,'"$otelver"',' \ + -e 's,%%ACME_VERSION%%,'"$acmever"',' \ -e 's,%%PKG_RELEASE%%,'"$packagever"',' \ -e 's,%%PACKAGES%%,'"$packages"',' \ -e 's,%%PACKAGEREPO%%,'"$packagerepo"',' \ From a306285ea2e4267c63ca539c66e8bc242bdce917 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 6 Jan 2026 16:48:20 -0800 Subject: [PATCH 304/306] Regenerated dockerfiles --- mainline/alpine-otel/Dockerfile | 1 + mainline/alpine-perl/Dockerfile | 1 + mainline/alpine/Dockerfile | 6 +++++- mainline/debian-otel/Dockerfile | 1 + mainline/debian-perl/Dockerfile | 1 + mainline/debian/Dockerfile | 8 ++++++-- stable/alpine-otel/Dockerfile | 1 + stable/alpine-perl/Dockerfile | 1 + stable/alpine/Dockerfile | 6 +++++- stable/debian-otel/Dockerfile | 1 + stable/debian-perl/Dockerfile | 1 + stable/debian/Dockerfile | 8 ++++++-- 12 files changed, 30 insertions(+), 6 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index 52a5d70f3..30fb8b330 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -15,6 +15,7 @@ RUN set -x \ nginx-module-geoip=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ + nginx-module-acme=${NGINX_VERSION}.${ACME_VERSION}-r${PKG_RELEASE} \ nginx-module-otel=${NGINX_VERSION}.${OTEL_VERSION}-r${PKG_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 4f708e845..f252053c7 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -14,6 +14,7 @@ RUN set -x \ nginx-module-image-filter=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-perl=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ + nginx-module-acme=${NGINX_VERSION}.${ACME_VERSION}-r${PKG_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks && apk add --no-cache --virtual .checksum-deps \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index 3f4d280bc..a5f40fdab 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -7,6 +7,7 @@ FROM nginx:1.29.4-alpine-slim ENV NJS_VERSION 0.9.4 ENV NJS_RELEASE 1 +ENV ACME_VERSION 0.3.1 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -16,6 +17,7 @@ RUN set -x \ nginx-module-geoip=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ + nginx-module-acme=${NGINX_VERSION}.${ACME_VERSION}-r${PKG_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks && apk add --no-cache --virtual .checksum-deps \ @@ -47,6 +49,8 @@ RUN set -x \ alpine-sdk \ findutils \ curl \ + cargo \ + clang-libclang \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ @@ -61,7 +65,7 @@ RUN set -x \ && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ - && make module-geoip module-image-filter module-njs module-xslt \ + && make module-geoip module-image-filter module-njs module-xslt module-acme \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index 7db184555..f84bba936 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -16,6 +16,7 @@ RUN set -x; \ nginx-module-geoip=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ + nginx-module-acme=${NGINX_VERSION}+${ACME_VERSION}-${PKG_RELEASE} \ nginx-module-otel=${NGINX_VERSION}+${OTEL_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index f1187a144..df15ccd88 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -15,6 +15,7 @@ RUN set -x; \ nginx-module-image-filter=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ + nginx-module-acme=${NGINX_VERSION}+${ACME_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ amd64|arm64) \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 140b570b7..a52d03e83 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -10,6 +10,7 @@ LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.29.4 ENV NJS_VERSION 0.9.4 ENV NJS_RELEASE 1~trixie +ENV ACME_VERSION 0.3.1 ENV PKG_RELEASE 1~trixie ENV DYNPKG_RELEASE 1~trixie @@ -44,6 +45,7 @@ RUN set -x \ nginx-module-geoip=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ + nginx-module-acme=${NGINX_VERSION}+${ACME_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ amd64|arm64) \ @@ -65,6 +67,7 @@ RUN set -x \ # build .deb files from upstream's packaging sources && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y \ + cargo \ curl \ devscripts \ equivs \ @@ -74,6 +77,7 @@ RUN set -x \ xsltproc \ && ( \ cd "$tempDir" \ + && export CARGO_HOME="$tempDir/.cargo" \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ @@ -87,12 +91,12 @@ RUN set -x \ && tar xzvf ${REVISION}.tar.gz \ && cd pkg-oss-${REVISION} \ && cd debian \ - && for target in base module-geoip module-image-filter module-njs module-xslt; do \ + && for target in base module-geoip module-image-filter module-njs module-xslt module-acme; do \ make rules-$target; \ mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \ debuild-$target/nginx-$NGINX_VERSION/debian/control; \ done \ - && make base module-geoip module-image-filter module-njs module-xslt \ + && make base module-geoip module-image-filter module-njs module-xslt module-acme \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ diff --git a/stable/alpine-otel/Dockerfile b/stable/alpine-otel/Dockerfile index d2a2ee7cd..68d66ca1b 100644 --- a/stable/alpine-otel/Dockerfile +++ b/stable/alpine-otel/Dockerfile @@ -15,6 +15,7 @@ RUN set -x \ nginx-module-geoip=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ + nginx-module-acme=${NGINX_VERSION}.${ACME_VERSION}-r${PKG_RELEASE} \ nginx-module-otel=${NGINX_VERSION}.${OTEL_VERSION}-r${PKG_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 16817ea9a..9b7594623 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -14,6 +14,7 @@ RUN set -x \ nginx-module-image-filter=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-perl=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ + nginx-module-acme=${NGINX_VERSION}.${ACME_VERSION}-r${PKG_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks && apk add --no-cache --virtual .checksum-deps \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 74510b8c4..1b6e4263f 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -7,6 +7,7 @@ FROM nginx:1.28.1-alpine-slim ENV NJS_VERSION 0.9.4 ENV NJS_RELEASE 1 +ENV ACME_VERSION 0.3.1 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -16,6 +17,7 @@ RUN set -x \ nginx-module-geoip=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ + nginx-module-acme=${NGINX_VERSION}.${ACME_VERSION}-r${PKG_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks && apk add --no-cache --virtual .checksum-deps \ @@ -47,6 +49,8 @@ RUN set -x \ alpine-sdk \ findutils \ curl \ + cargo \ + clang-libclang \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ @@ -61,7 +65,7 @@ RUN set -x \ && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ - && make module-geoip module-image-filter module-njs module-xslt \ + && make module-geoip module-image-filter module-njs module-xslt module-acme \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ diff --git a/stable/debian-otel/Dockerfile b/stable/debian-otel/Dockerfile index 35e7cb05a..736a98c1d 100644 --- a/stable/debian-otel/Dockerfile +++ b/stable/debian-otel/Dockerfile @@ -16,6 +16,7 @@ RUN set -x; \ nginx-module-geoip=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ + nginx-module-acme=${NGINX_VERSION}+${ACME_VERSION}-${PKG_RELEASE} \ nginx-module-otel=${NGINX_VERSION}+${OTEL_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index 7b0daea7a..44cb19dbf 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -15,6 +15,7 @@ RUN set -x; \ nginx-module-image-filter=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ + nginx-module-acme=${NGINX_VERSION}+${ACME_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ amd64|arm64) \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index c51dc2888..d1838e529 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -10,6 +10,7 @@ LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.28.1 ENV NJS_VERSION 0.9.4 ENV NJS_RELEASE 1~trixie +ENV ACME_VERSION 0.3.1 ENV PKG_RELEASE 1~trixie ENV DYNPKG_RELEASE 1~trixie @@ -44,6 +45,7 @@ RUN set -x \ nginx-module-geoip=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ + nginx-module-acme=${NGINX_VERSION}+${ACME_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ amd64|arm64) \ @@ -65,6 +67,7 @@ RUN set -x \ # build .deb files from upstream's packaging sources && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y \ + cargo \ curl \ devscripts \ equivs \ @@ -74,6 +77,7 @@ RUN set -x \ xsltproc \ && ( \ cd "$tempDir" \ + && export CARGO_HOME="$tempDir/.cargo" \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ @@ -87,12 +91,12 @@ RUN set -x \ && tar xzvf ${REVISION}.tar.gz \ && cd pkg-oss-${REVISION} \ && cd debian \ - && for target in base module-geoip module-image-filter module-njs module-xslt; do \ + && for target in base module-geoip module-image-filter module-njs module-xslt module-acme; do \ make rules-$target; \ mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \ debuild-$target/nginx-$NGINX_VERSION/debian/control; \ done \ - && make base module-geoip module-image-filter module-njs module-xslt \ + && make base module-geoip module-image-filter module-njs module-xslt module-acme \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ From d99874fdbcfd64e189d81f34958b4c1196a9664a Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 12 Jan 2026 19:32:24 -0800 Subject: [PATCH 305/306] alpine: skip acme module on arm32v6 (armhf) DOI infra seems to struggle with building Rust-based acme module for this specific target. --- Dockerfile-alpine.template | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 8d5c77c95..f7d989d04 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -54,12 +54,15 @@ RUN set -x \ && tar xzvf %%REVISION%%.tar.gz \ && cd pkg-oss-%%REVISION%% \ && cd alpine \ - && make %%BUILDTARGET%% \ + && export BUILDTARGET=\"%%BUILDTARGET%%\" \ + && if [ \"\$(apk --print-arch)\" = \"armhf\" ]; then BUILDTARGET=\"\$( echo \$BUILDTARGET | sed 's,module-acme,,' )\"; fi \ + && make \$BUILDTARGET \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ && apk del --no-network .build-deps \ + && if [ "$apkArch" = "armhf" ]; then nginxPackages="$( echo $nginxPackages | sed 's,nginx-module-acme=.*,,')"; fi \ && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ From 3a5661a6374fd9e0752cf82bbd61fdcf5df59e54 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Mon, 12 Jan 2026 19:33:11 -0800 Subject: [PATCH 306/306] Regenerated Dockerfiles --- mainline/alpine/Dockerfile | 5 ++++- stable/alpine/Dockerfile | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index a5f40fdab..c698757d0 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -65,12 +65,15 @@ RUN set -x \ && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ - && make module-geoip module-image-filter module-njs module-xslt module-acme \ + && export BUILDTARGET=\"module-geoip module-image-filter module-njs module-xslt module-acme\" \ + && if [ \"\$(apk --print-arch)\" = \"armhf\" ]; then BUILDTARGET=\"\$( echo \$BUILDTARGET | sed 's,module-acme,,' )\"; fi \ + && make \$BUILDTARGET \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ && apk del --no-network .build-deps \ + && if [ "$apkArch" = "armhf" ]; then nginxPackages="$( echo $nginxPackages | sed 's,nginx-module-acme=.*,,')"; fi \ && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index 1b6e4263f..e2b97c7fe 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -65,12 +65,15 @@ RUN set -x \ && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ - && make module-geoip module-image-filter module-njs module-xslt module-acme \ + && export BUILDTARGET=\"module-geoip module-image-filter module-njs module-xslt module-acme\" \ + && if [ \"\$(apk --print-arch)\" = \"armhf\" ]; then BUILDTARGET=\"\$( echo \$BUILDTARGET | sed 's,module-acme,,' )\"; fi \ + && make \$BUILDTARGET \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \ && apk del --no-network .build-deps \ + && if [ "$apkArch" = "armhf" ]; then nginxPackages="$( echo $nginxPackages | sed 's,nginx-module-acme=.*,,')"; fi \ && apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \ ;; \ esac \