From 610717f0bc2b7bde103f571c228e81c7363e6fce Mon Sep 17 00:00:00 2001 From: Misty Stanley-Jones Date: Mon, 14 Nov 2016 10:43:58 -0800 Subject: [PATCH 1/3] Add support for passing a file path as the value for WORDPRESS_DB_PASSWORD Allows use of Docker secrets to store these credentials. If the secret has been granted to the container, the password will be available within the container as an unencrypted string in /run/secrets/. Signed-off-by: Misty Stanley-Jones --- docker-entrypoint.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 4f55ae3ae3..65720ebb3e 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -10,7 +10,12 @@ if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then fi : ${WORDPRESS_DB_PASSWORD:=$MYSQL_ENV_MYSQL_PASSWORD} : ${WORDPRESS_DB_NAME:=${MYSQL_ENV_MYSQL_DATABASE:-wordpress}} - + # If the value of WORDPRESS_DB_PASSWORD is a file that exists within + # the container, read the contents of that file (useful if using + # Docker-managed secrets) + if [ -f "$WORDPRESS_DB_PASSWORD" ]; then + WORDPRESS_DB_PASSWORD="$(cat $WORDPRESS_DB_PASSWORD)" + fi if [ -z "$WORDPRESS_DB_PASSWORD" ]; then echo >&2 'error: missing required WORDPRESS_DB_PASSWORD environment variable' echo >&2 ' Did you forget to -e WORDPRESS_DB_PASSWORD=... ?' From 15dab9a7be1b2e4e872460a7775bf9eb7da81b95 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 17 Nov 2016 09:38:26 -0800 Subject: [PATCH 2/3] Add a "file_env" helper function and convert the rest of the file to use it for every user-specified value --- docker-entrypoint.sh | 48 +++++++++++++++++++++--------- php5.6/apache/docker-entrypoint.sh | 43 ++++++++++++++++++++------ php5.6/fpm/docker-entrypoint.sh | 43 ++++++++++++++++++++------ php7.0/apache/docker-entrypoint.sh | 43 ++++++++++++++++++++------ php7.0/fpm/docker-entrypoint.sh | 43 ++++++++++++++++++++------ 5 files changed, 170 insertions(+), 50 deletions(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 65720ebb3e..84ad00dda2 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -1,21 +1,38 @@ #!/bin/bash set -e +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var}" ] && [ "${!fileVar}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var}" ]; then + val="${!var}" + elif [ "${!fileVar}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then - : "${WORDPRESS_DB_HOST:=mysql}" + file_env 'WORDPRESS_DB_HOST' 'mysql' # if we're linked to MySQL and thus have credentials already, let's use them - : ${WORDPRESS_DB_USER:=${MYSQL_ENV_MYSQL_USER:-root}} + file_env 'WORDPRESS_DB_USER' "${MYSQL_ENV_MYSQL_USER:-root}" if [ "$WORDPRESS_DB_USER" = 'root' ]; then - : ${WORDPRESS_DB_PASSWORD:=$MYSQL_ENV_MYSQL_ROOT_PASSWORD} + file_env 'WORDPRESS_DB_PASSWORD' "$MYSQL_ENV_MYSQL_ROOT_PASSWORD" + else + file_env 'WORDPRESS_DB_PASSWORD' "$MYSQL_ENV_MYSQL_PASSWORD" fi - : ${WORDPRESS_DB_PASSWORD:=$MYSQL_ENV_MYSQL_PASSWORD} - : ${WORDPRESS_DB_NAME:=${MYSQL_ENV_MYSQL_DATABASE:-wordpress}} - # If the value of WORDPRESS_DB_PASSWORD is a file that exists within - # the container, read the contents of that file (useful if using - # Docker-managed secrets) - if [ -f "$WORDPRESS_DB_PASSWORD" ]; then - WORDPRESS_DB_PASSWORD="$(cat $WORDPRESS_DB_PASSWORD)" - fi + file_env 'WORDPRESS_DB_NAME' "${MYSQL_ENV_MYSQL_DATABASE:-wordpress}" if [ -z "$WORDPRESS_DB_PASSWORD" ]; then echo >&2 'error: missing required WORDPRESS_DB_PASSWORD environment variable' echo >&2 ' Did you forget to -e WORDPRESS_DB_PASSWORD=... ?' @@ -110,9 +127,10 @@ EOPHP NONCE_SALT ) for unique in "${UNIQUES[@]}"; do - eval unique_value=\$WORDPRESS_$unique - if [ "$unique_value" ]; then - set_config "$unique" "$unique_value" + uniqVar="WORDPRESS_$unique" + file_env "$uniqVar" + if [ "${!uniqVar}" ]; then + set_config "$unique" "${!uniqVar}" else # if not specified, let's generate a random value current_set="$(sed -rn -e "s/define\((([\'\"])$unique\2\s*,\s*)(['\"])(.*)\3\);/\4/p" wp-config.php)" @@ -122,10 +140,12 @@ EOPHP fi done + file_env 'WORDPRESS_TABLE_PREFIX' if [ "$WORDPRESS_TABLE_PREFIX" ]; then set_config '$table_prefix' "$WORDPRESS_TABLE_PREFIX" fi + file_env 'WORDPRESS_DEBUG' if [ "$WORDPRESS_DEBUG" ]; then set_config 'WP_DEBUG' 1 boolean fi diff --git a/php5.6/apache/docker-entrypoint.sh b/php5.6/apache/docker-entrypoint.sh index 4f55ae3ae3..84ad00dda2 100755 --- a/php5.6/apache/docker-entrypoint.sh +++ b/php5.6/apache/docker-entrypoint.sh @@ -1,16 +1,38 @@ #!/bin/bash set -e +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var}" ] && [ "${!fileVar}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var}" ]; then + val="${!var}" + elif [ "${!fileVar}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then - : "${WORDPRESS_DB_HOST:=mysql}" + file_env 'WORDPRESS_DB_HOST' 'mysql' # if we're linked to MySQL and thus have credentials already, let's use them - : ${WORDPRESS_DB_USER:=${MYSQL_ENV_MYSQL_USER:-root}} + file_env 'WORDPRESS_DB_USER' "${MYSQL_ENV_MYSQL_USER:-root}" if [ "$WORDPRESS_DB_USER" = 'root' ]; then - : ${WORDPRESS_DB_PASSWORD:=$MYSQL_ENV_MYSQL_ROOT_PASSWORD} + file_env 'WORDPRESS_DB_PASSWORD' "$MYSQL_ENV_MYSQL_ROOT_PASSWORD" + else + file_env 'WORDPRESS_DB_PASSWORD' "$MYSQL_ENV_MYSQL_PASSWORD" fi - : ${WORDPRESS_DB_PASSWORD:=$MYSQL_ENV_MYSQL_PASSWORD} - : ${WORDPRESS_DB_NAME:=${MYSQL_ENV_MYSQL_DATABASE:-wordpress}} - + file_env 'WORDPRESS_DB_NAME' "${MYSQL_ENV_MYSQL_DATABASE:-wordpress}" if [ -z "$WORDPRESS_DB_PASSWORD" ]; then echo >&2 'error: missing required WORDPRESS_DB_PASSWORD environment variable' echo >&2 ' Did you forget to -e WORDPRESS_DB_PASSWORD=... ?' @@ -105,9 +127,10 @@ EOPHP NONCE_SALT ) for unique in "${UNIQUES[@]}"; do - eval unique_value=\$WORDPRESS_$unique - if [ "$unique_value" ]; then - set_config "$unique" "$unique_value" + uniqVar="WORDPRESS_$unique" + file_env "$uniqVar" + if [ "${!uniqVar}" ]; then + set_config "$unique" "${!uniqVar}" else # if not specified, let's generate a random value current_set="$(sed -rn -e "s/define\((([\'\"])$unique\2\s*,\s*)(['\"])(.*)\3\);/\4/p" wp-config.php)" @@ -117,10 +140,12 @@ EOPHP fi done + file_env 'WORDPRESS_TABLE_PREFIX' if [ "$WORDPRESS_TABLE_PREFIX" ]; then set_config '$table_prefix' "$WORDPRESS_TABLE_PREFIX" fi + file_env 'WORDPRESS_DEBUG' if [ "$WORDPRESS_DEBUG" ]; then set_config 'WP_DEBUG' 1 boolean fi diff --git a/php5.6/fpm/docker-entrypoint.sh b/php5.6/fpm/docker-entrypoint.sh index 4f55ae3ae3..84ad00dda2 100755 --- a/php5.6/fpm/docker-entrypoint.sh +++ b/php5.6/fpm/docker-entrypoint.sh @@ -1,16 +1,38 @@ #!/bin/bash set -e +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var}" ] && [ "${!fileVar}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var}" ]; then + val="${!var}" + elif [ "${!fileVar}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then - : "${WORDPRESS_DB_HOST:=mysql}" + file_env 'WORDPRESS_DB_HOST' 'mysql' # if we're linked to MySQL and thus have credentials already, let's use them - : ${WORDPRESS_DB_USER:=${MYSQL_ENV_MYSQL_USER:-root}} + file_env 'WORDPRESS_DB_USER' "${MYSQL_ENV_MYSQL_USER:-root}" if [ "$WORDPRESS_DB_USER" = 'root' ]; then - : ${WORDPRESS_DB_PASSWORD:=$MYSQL_ENV_MYSQL_ROOT_PASSWORD} + file_env 'WORDPRESS_DB_PASSWORD' "$MYSQL_ENV_MYSQL_ROOT_PASSWORD" + else + file_env 'WORDPRESS_DB_PASSWORD' "$MYSQL_ENV_MYSQL_PASSWORD" fi - : ${WORDPRESS_DB_PASSWORD:=$MYSQL_ENV_MYSQL_PASSWORD} - : ${WORDPRESS_DB_NAME:=${MYSQL_ENV_MYSQL_DATABASE:-wordpress}} - + file_env 'WORDPRESS_DB_NAME' "${MYSQL_ENV_MYSQL_DATABASE:-wordpress}" if [ -z "$WORDPRESS_DB_PASSWORD" ]; then echo >&2 'error: missing required WORDPRESS_DB_PASSWORD environment variable' echo >&2 ' Did you forget to -e WORDPRESS_DB_PASSWORD=... ?' @@ -105,9 +127,10 @@ EOPHP NONCE_SALT ) for unique in "${UNIQUES[@]}"; do - eval unique_value=\$WORDPRESS_$unique - if [ "$unique_value" ]; then - set_config "$unique" "$unique_value" + uniqVar="WORDPRESS_$unique" + file_env "$uniqVar" + if [ "${!uniqVar}" ]; then + set_config "$unique" "${!uniqVar}" else # if not specified, let's generate a random value current_set="$(sed -rn -e "s/define\((([\'\"])$unique\2\s*,\s*)(['\"])(.*)\3\);/\4/p" wp-config.php)" @@ -117,10 +140,12 @@ EOPHP fi done + file_env 'WORDPRESS_TABLE_PREFIX' if [ "$WORDPRESS_TABLE_PREFIX" ]; then set_config '$table_prefix' "$WORDPRESS_TABLE_PREFIX" fi + file_env 'WORDPRESS_DEBUG' if [ "$WORDPRESS_DEBUG" ]; then set_config 'WP_DEBUG' 1 boolean fi diff --git a/php7.0/apache/docker-entrypoint.sh b/php7.0/apache/docker-entrypoint.sh index 4f55ae3ae3..84ad00dda2 100755 --- a/php7.0/apache/docker-entrypoint.sh +++ b/php7.0/apache/docker-entrypoint.sh @@ -1,16 +1,38 @@ #!/bin/bash set -e +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var}" ] && [ "${!fileVar}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var}" ]; then + val="${!var}" + elif [ "${!fileVar}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then - : "${WORDPRESS_DB_HOST:=mysql}" + file_env 'WORDPRESS_DB_HOST' 'mysql' # if we're linked to MySQL and thus have credentials already, let's use them - : ${WORDPRESS_DB_USER:=${MYSQL_ENV_MYSQL_USER:-root}} + file_env 'WORDPRESS_DB_USER' "${MYSQL_ENV_MYSQL_USER:-root}" if [ "$WORDPRESS_DB_USER" = 'root' ]; then - : ${WORDPRESS_DB_PASSWORD:=$MYSQL_ENV_MYSQL_ROOT_PASSWORD} + file_env 'WORDPRESS_DB_PASSWORD' "$MYSQL_ENV_MYSQL_ROOT_PASSWORD" + else + file_env 'WORDPRESS_DB_PASSWORD' "$MYSQL_ENV_MYSQL_PASSWORD" fi - : ${WORDPRESS_DB_PASSWORD:=$MYSQL_ENV_MYSQL_PASSWORD} - : ${WORDPRESS_DB_NAME:=${MYSQL_ENV_MYSQL_DATABASE:-wordpress}} - + file_env 'WORDPRESS_DB_NAME' "${MYSQL_ENV_MYSQL_DATABASE:-wordpress}" if [ -z "$WORDPRESS_DB_PASSWORD" ]; then echo >&2 'error: missing required WORDPRESS_DB_PASSWORD environment variable' echo >&2 ' Did you forget to -e WORDPRESS_DB_PASSWORD=... ?' @@ -105,9 +127,10 @@ EOPHP NONCE_SALT ) for unique in "${UNIQUES[@]}"; do - eval unique_value=\$WORDPRESS_$unique - if [ "$unique_value" ]; then - set_config "$unique" "$unique_value" + uniqVar="WORDPRESS_$unique" + file_env "$uniqVar" + if [ "${!uniqVar}" ]; then + set_config "$unique" "${!uniqVar}" else # if not specified, let's generate a random value current_set="$(sed -rn -e "s/define\((([\'\"])$unique\2\s*,\s*)(['\"])(.*)\3\);/\4/p" wp-config.php)" @@ -117,10 +140,12 @@ EOPHP fi done + file_env 'WORDPRESS_TABLE_PREFIX' if [ "$WORDPRESS_TABLE_PREFIX" ]; then set_config '$table_prefix' "$WORDPRESS_TABLE_PREFIX" fi + file_env 'WORDPRESS_DEBUG' if [ "$WORDPRESS_DEBUG" ]; then set_config 'WP_DEBUG' 1 boolean fi diff --git a/php7.0/fpm/docker-entrypoint.sh b/php7.0/fpm/docker-entrypoint.sh index 4f55ae3ae3..84ad00dda2 100755 --- a/php7.0/fpm/docker-entrypoint.sh +++ b/php7.0/fpm/docker-entrypoint.sh @@ -1,16 +1,38 @@ #!/bin/bash set -e +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var}" ] && [ "${!fileVar}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var}" ]; then + val="${!var}" + elif [ "${!fileVar}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then - : "${WORDPRESS_DB_HOST:=mysql}" + file_env 'WORDPRESS_DB_HOST' 'mysql' # if we're linked to MySQL and thus have credentials already, let's use them - : ${WORDPRESS_DB_USER:=${MYSQL_ENV_MYSQL_USER:-root}} + file_env 'WORDPRESS_DB_USER' "${MYSQL_ENV_MYSQL_USER:-root}" if [ "$WORDPRESS_DB_USER" = 'root' ]; then - : ${WORDPRESS_DB_PASSWORD:=$MYSQL_ENV_MYSQL_ROOT_PASSWORD} + file_env 'WORDPRESS_DB_PASSWORD' "$MYSQL_ENV_MYSQL_ROOT_PASSWORD" + else + file_env 'WORDPRESS_DB_PASSWORD' "$MYSQL_ENV_MYSQL_PASSWORD" fi - : ${WORDPRESS_DB_PASSWORD:=$MYSQL_ENV_MYSQL_PASSWORD} - : ${WORDPRESS_DB_NAME:=${MYSQL_ENV_MYSQL_DATABASE:-wordpress}} - + file_env 'WORDPRESS_DB_NAME' "${MYSQL_ENV_MYSQL_DATABASE:-wordpress}" if [ -z "$WORDPRESS_DB_PASSWORD" ]; then echo >&2 'error: missing required WORDPRESS_DB_PASSWORD environment variable' echo >&2 ' Did you forget to -e WORDPRESS_DB_PASSWORD=... ?' @@ -105,9 +127,10 @@ EOPHP NONCE_SALT ) for unique in "${UNIQUES[@]}"; do - eval unique_value=\$WORDPRESS_$unique - if [ "$unique_value" ]; then - set_config "$unique" "$unique_value" + uniqVar="WORDPRESS_$unique" + file_env "$uniqVar" + if [ "${!uniqVar}" ]; then + set_config "$unique" "${!uniqVar}" else # if not specified, let's generate a random value current_set="$(sed -rn -e "s/define\((([\'\"])$unique\2\s*,\s*)(['\"])(.*)\3\);/\4/p" wp-config.php)" @@ -117,10 +140,12 @@ EOPHP fi done + file_env 'WORDPRESS_TABLE_PREFIX' if [ "$WORDPRESS_TABLE_PREFIX" ]; then set_config '$table_prefix' "$WORDPRESS_TABLE_PREFIX" fi + file_env 'WORDPRESS_DEBUG' if [ "$WORDPRESS_DEBUG" ]; then set_config 'WP_DEBUG' 1 boolean fi From 8ab70dd61a996d58c0addf4867a768efe649bf65 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 17 Nov 2016 09:48:27 -0800 Subject: [PATCH 3/3] Add "set -u" for further accidental mistake protection --- docker-entrypoint.sh | 12 ++++++------ php5.6/apache/docker-entrypoint.sh | 12 ++++++------ php5.6/fpm/docker-entrypoint.sh | 12 ++++++------ php7.0/apache/docker-entrypoint.sh | 12 ++++++------ php7.0/fpm/docker-entrypoint.sh | 12 ++++++------ 5 files changed, 30 insertions(+), 30 deletions(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 84ad00dda2..b8c8efb686 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -1,5 +1,5 @@ #!/bin/bash -set -e +set -eu # usage: file_env VAR [DEFAULT] # ie: file_env 'XYZ_DB_PASSWORD' 'example' @@ -9,14 +9,14 @@ file_env() { local var="$1" local fileVar="${var}_FILE" local def="${2:-}" - if [ "${!var}" ] && [ "${!fileVar}" ]; then + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then echo >&2 "error: both $var and $fileVar are set (but are exclusive)" exit 1 fi local val="$def" - if [ "${!var}" ]; then + if [ "${!var:-}" ]; then val="${!var}" - elif [ "${!fileVar}" ]; then + elif [ "${!fileVar:-}" ]; then val="$(< "${!fileVar}")" fi export "$var"="$val" @@ -28,9 +28,9 @@ if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then # if we're linked to MySQL and thus have credentials already, let's use them file_env 'WORDPRESS_DB_USER' "${MYSQL_ENV_MYSQL_USER:-root}" if [ "$WORDPRESS_DB_USER" = 'root' ]; then - file_env 'WORDPRESS_DB_PASSWORD' "$MYSQL_ENV_MYSQL_ROOT_PASSWORD" + file_env 'WORDPRESS_DB_PASSWORD' "${MYSQL_ENV_MYSQL_ROOT_PASSWORD:-}" else - file_env 'WORDPRESS_DB_PASSWORD' "$MYSQL_ENV_MYSQL_PASSWORD" + file_env 'WORDPRESS_DB_PASSWORD' "${MYSQL_ENV_MYSQL_PASSWORD:-}" fi file_env 'WORDPRESS_DB_NAME' "${MYSQL_ENV_MYSQL_DATABASE:-wordpress}" if [ -z "$WORDPRESS_DB_PASSWORD" ]; then diff --git a/php5.6/apache/docker-entrypoint.sh b/php5.6/apache/docker-entrypoint.sh index 84ad00dda2..b8c8efb686 100755 --- a/php5.6/apache/docker-entrypoint.sh +++ b/php5.6/apache/docker-entrypoint.sh @@ -1,5 +1,5 @@ #!/bin/bash -set -e +set -eu # usage: file_env VAR [DEFAULT] # ie: file_env 'XYZ_DB_PASSWORD' 'example' @@ -9,14 +9,14 @@ file_env() { local var="$1" local fileVar="${var}_FILE" local def="${2:-}" - if [ "${!var}" ] && [ "${!fileVar}" ]; then + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then echo >&2 "error: both $var and $fileVar are set (but are exclusive)" exit 1 fi local val="$def" - if [ "${!var}" ]; then + if [ "${!var:-}" ]; then val="${!var}" - elif [ "${!fileVar}" ]; then + elif [ "${!fileVar:-}" ]; then val="$(< "${!fileVar}")" fi export "$var"="$val" @@ -28,9 +28,9 @@ if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then # if we're linked to MySQL and thus have credentials already, let's use them file_env 'WORDPRESS_DB_USER' "${MYSQL_ENV_MYSQL_USER:-root}" if [ "$WORDPRESS_DB_USER" = 'root' ]; then - file_env 'WORDPRESS_DB_PASSWORD' "$MYSQL_ENV_MYSQL_ROOT_PASSWORD" + file_env 'WORDPRESS_DB_PASSWORD' "${MYSQL_ENV_MYSQL_ROOT_PASSWORD:-}" else - file_env 'WORDPRESS_DB_PASSWORD' "$MYSQL_ENV_MYSQL_PASSWORD" + file_env 'WORDPRESS_DB_PASSWORD' "${MYSQL_ENV_MYSQL_PASSWORD:-}" fi file_env 'WORDPRESS_DB_NAME' "${MYSQL_ENV_MYSQL_DATABASE:-wordpress}" if [ -z "$WORDPRESS_DB_PASSWORD" ]; then diff --git a/php5.6/fpm/docker-entrypoint.sh b/php5.6/fpm/docker-entrypoint.sh index 84ad00dda2..b8c8efb686 100755 --- a/php5.6/fpm/docker-entrypoint.sh +++ b/php5.6/fpm/docker-entrypoint.sh @@ -1,5 +1,5 @@ #!/bin/bash -set -e +set -eu # usage: file_env VAR [DEFAULT] # ie: file_env 'XYZ_DB_PASSWORD' 'example' @@ -9,14 +9,14 @@ file_env() { local var="$1" local fileVar="${var}_FILE" local def="${2:-}" - if [ "${!var}" ] && [ "${!fileVar}" ]; then + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then echo >&2 "error: both $var and $fileVar are set (but are exclusive)" exit 1 fi local val="$def" - if [ "${!var}" ]; then + if [ "${!var:-}" ]; then val="${!var}" - elif [ "${!fileVar}" ]; then + elif [ "${!fileVar:-}" ]; then val="$(< "${!fileVar}")" fi export "$var"="$val" @@ -28,9 +28,9 @@ if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then # if we're linked to MySQL and thus have credentials already, let's use them file_env 'WORDPRESS_DB_USER' "${MYSQL_ENV_MYSQL_USER:-root}" if [ "$WORDPRESS_DB_USER" = 'root' ]; then - file_env 'WORDPRESS_DB_PASSWORD' "$MYSQL_ENV_MYSQL_ROOT_PASSWORD" + file_env 'WORDPRESS_DB_PASSWORD' "${MYSQL_ENV_MYSQL_ROOT_PASSWORD:-}" else - file_env 'WORDPRESS_DB_PASSWORD' "$MYSQL_ENV_MYSQL_PASSWORD" + file_env 'WORDPRESS_DB_PASSWORD' "${MYSQL_ENV_MYSQL_PASSWORD:-}" fi file_env 'WORDPRESS_DB_NAME' "${MYSQL_ENV_MYSQL_DATABASE:-wordpress}" if [ -z "$WORDPRESS_DB_PASSWORD" ]; then diff --git a/php7.0/apache/docker-entrypoint.sh b/php7.0/apache/docker-entrypoint.sh index 84ad00dda2..b8c8efb686 100755 --- a/php7.0/apache/docker-entrypoint.sh +++ b/php7.0/apache/docker-entrypoint.sh @@ -1,5 +1,5 @@ #!/bin/bash -set -e +set -eu # usage: file_env VAR [DEFAULT] # ie: file_env 'XYZ_DB_PASSWORD' 'example' @@ -9,14 +9,14 @@ file_env() { local var="$1" local fileVar="${var}_FILE" local def="${2:-}" - if [ "${!var}" ] && [ "${!fileVar}" ]; then + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then echo >&2 "error: both $var and $fileVar are set (but are exclusive)" exit 1 fi local val="$def" - if [ "${!var}" ]; then + if [ "${!var:-}" ]; then val="${!var}" - elif [ "${!fileVar}" ]; then + elif [ "${!fileVar:-}" ]; then val="$(< "${!fileVar}")" fi export "$var"="$val" @@ -28,9 +28,9 @@ if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then # if we're linked to MySQL and thus have credentials already, let's use them file_env 'WORDPRESS_DB_USER' "${MYSQL_ENV_MYSQL_USER:-root}" if [ "$WORDPRESS_DB_USER" = 'root' ]; then - file_env 'WORDPRESS_DB_PASSWORD' "$MYSQL_ENV_MYSQL_ROOT_PASSWORD" + file_env 'WORDPRESS_DB_PASSWORD' "${MYSQL_ENV_MYSQL_ROOT_PASSWORD:-}" else - file_env 'WORDPRESS_DB_PASSWORD' "$MYSQL_ENV_MYSQL_PASSWORD" + file_env 'WORDPRESS_DB_PASSWORD' "${MYSQL_ENV_MYSQL_PASSWORD:-}" fi file_env 'WORDPRESS_DB_NAME' "${MYSQL_ENV_MYSQL_DATABASE:-wordpress}" if [ -z "$WORDPRESS_DB_PASSWORD" ]; then diff --git a/php7.0/fpm/docker-entrypoint.sh b/php7.0/fpm/docker-entrypoint.sh index 84ad00dda2..b8c8efb686 100755 --- a/php7.0/fpm/docker-entrypoint.sh +++ b/php7.0/fpm/docker-entrypoint.sh @@ -1,5 +1,5 @@ #!/bin/bash -set -e +set -eu # usage: file_env VAR [DEFAULT] # ie: file_env 'XYZ_DB_PASSWORD' 'example' @@ -9,14 +9,14 @@ file_env() { local var="$1" local fileVar="${var}_FILE" local def="${2:-}" - if [ "${!var}" ] && [ "${!fileVar}" ]; then + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then echo >&2 "error: both $var and $fileVar are set (but are exclusive)" exit 1 fi local val="$def" - if [ "${!var}" ]; then + if [ "${!var:-}" ]; then val="${!var}" - elif [ "${!fileVar}" ]; then + elif [ "${!fileVar:-}" ]; then val="$(< "${!fileVar}")" fi export "$var"="$val" @@ -28,9 +28,9 @@ if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then # if we're linked to MySQL and thus have credentials already, let's use them file_env 'WORDPRESS_DB_USER' "${MYSQL_ENV_MYSQL_USER:-root}" if [ "$WORDPRESS_DB_USER" = 'root' ]; then - file_env 'WORDPRESS_DB_PASSWORD' "$MYSQL_ENV_MYSQL_ROOT_PASSWORD" + file_env 'WORDPRESS_DB_PASSWORD' "${MYSQL_ENV_MYSQL_ROOT_PASSWORD:-}" else - file_env 'WORDPRESS_DB_PASSWORD' "$MYSQL_ENV_MYSQL_PASSWORD" + file_env 'WORDPRESS_DB_PASSWORD' "${MYSQL_ENV_MYSQL_PASSWORD:-}" fi file_env 'WORDPRESS_DB_NAME' "${MYSQL_ENV_MYSQL_DATABASE:-wordpress}" if [ -z "$WORDPRESS_DB_PASSWORD" ]; then