From a1aab3c0e98d827a20220281d825254164a6a7e1 Mon Sep 17 00:00:00 2001 From: William Desportes Date: Thu, 7 Nov 2024 22:53:20 +0100 Subject: [PATCH] Improve the docker layers (#251) * Improve build layers * Switch latest commit of wait-for-it.sh to avoid a security bug * Drop dirmngr ipv6 workaround * Use the same build process on Alpine for php extensions * Remove ldd check for Alpine * Move COPY before source and indent using tabs * Add a .editorconfig to make templates show up as Dockerfile --- .editorconfig | 18 ++++++++ .gitattributes | 1 + apache/Dockerfile | 69 +++++++++++++++---------------- fpm-alpine/Dockerfile | 44 ++++++++++++-------- fpm/Dockerfile | 69 +++++++++++++++---------------- templates/Dockerfile-alpine.templ | 46 +++++++++++++-------- templates/Dockerfile-debian.templ | 69 +++++++++++++++---------------- templates/travis.yml | 30 -------------- update.sh | 7 ---- 9 files changed, 175 insertions(+), 178 deletions(-) create mode 100644 .editorconfig create mode 100644 .gitattributes delete mode 100644 templates/travis.yml diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 000000000..2ec8e4a95 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,18 @@ +# EditorConfig is awesome: https://EditorConfig.org + +# top-most EditorConfig file +root = true + +[*] +indent_style = space +indent_size = 4 +end_of_line = lf +charset = utf-8 +trim_trailing_whitespace = true +insert_final_newline = true + +[templates/*.templ] +indent_style = tab + +[Dockerfile] +indent_style = tab diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 000000000..5505d7c4a --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +templates/*.templ linguist-language=Dockerfile diff --git a/apache/Dockerfile b/apache/Dockerfile index ef12381ba..e6bff6ceb 100644 --- a/apache/Dockerfile +++ b/apache/Dockerfile @@ -3,6 +3,7 @@ LABEL maintainer="Thomas Bruederli " LABEL org.opencontainers.image.source="https://github.com/roundcube/roundcubemail-docker" RUN set -ex; \ + if [ "apache" = "apache" ]; then a2enmod rewrite; fi; \ apt-get update; \ \ savedAptMark="$(apt-mark showmanual)"; \ @@ -21,7 +22,17 @@ RUN set -ex; \ libonig-dev \ libldap-common \ ; \ +# installto.sh & web install dependencies + fetchDeps="gnupg locales libc-l10n"; \ + installDeps="aspell aspell-en rsync unzip"; \ + apt-get install -y --no-install-recommends \ + $installDeps \ + $fetchDeps \ + ; \ \ +# Extract sources to avoid using pecl (https://github.com/docker-library/php/issues/374#issuecomment-690698974) + pecl bundle -d /usr/src/php/ext imagick; \ + pecl bundle -d /usr/src/php/ext redis; \ debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ docker-php-ext-configure gd --with-jpeg --with-freetype; \ docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \ @@ -35,13 +46,20 @@ RUN set -ex; \ pdo_sqlite \ zip \ pspell \ + imagick \ + redis \ ; \ - pecl install imagick redis; \ docker-php-ext-enable imagick opcache redis; \ + docker-php-source delete; \ +# Header files ".h" + rm -r /usr/local/include/php/ext; \ + rm -r /tmp/pear; \ +# Display installed modules + php -m; \ \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ - apt-mark manual $savedAptMark; \ + apt-mark manual $savedAptMark $installDeps $fetchDeps; \ extdir="$(php -r 'echo ini_get("extension_dir");')"; \ ldd "$extdir"/*.so \ | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ @@ -53,28 +71,20 @@ RUN set -ex; \ \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ - ldd "$extdir"/*.so | grep -qzv "=> not found" || (echo "Sanity check failed: missing libraries:"; ldd "$extdir"/*.so | grep " => not found"; exit 1); \ - ldd "$extdir"/*.so | grep -q "libzip.so.* => .*/libzip.so.*" || (echo "Sanity check failed: libzip.so is not referenced"; ldd "$extdir"/*.so; exit 1); \ - err="$(php --version 3>&1 1>&2 2>&3)"; \ - [ -z "$err" ] || (echo "Sanity check failed: php returned errors; $err"; exit 1;); - - -# installto.sh dependencies -RUN set -ex; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - aspell \ - aspell-en \ - rsync \ - unzip \ - ; \ - rm -rf /var/lib/apt/lists/* + ldd "$extdir"/*.so | grep -qzv "=> not found" || (echo "Sanity check failed: missing libraries:"; ldd "$extdir"/*.so | grep " => not found"; exit 1); \ + ldd "$extdir"/*.so | grep -q "libzip.so.* => .*/libzip.so.*" || (echo "Sanity check failed: libzip.so is not referenced"; ldd "$extdir"/*.so; exit 1); \ + err="$(php --version 3>&1 1>&2 2>&3)"; \ + [ -z "$err" ] || (echo "Sanity check failed: php returned errors; $err"; exit 1;); \ +# include the wait-for-it.sh script (latest commit) + curl -fL https://raw.githubusercontent.com/vishnubob/wait-for-it/81b1373f17855a4dc21156cfe1694c31d7d1792e/wait-for-it.sh -o /wait-for-it.sh; \ + chmod +x /wait-for-it.sh; COPY --from=composer:2 /usr/bin/composer /usr/bin/composer +# use custom PHP settings +COPY php.ini /usr/local/etc/php/conf.d/roundcube-defaults.ini -RUN a2enmod rewrite +COPY --chmod=0755 docker-entrypoint.sh / # Define Roundcubemail version ENV ROUNDCUBEMAIL_VERSION 1.6.9 @@ -84,14 +94,9 @@ ENV ROUNDCUBEMAIL_KEYID "F3E4 C04B B3DB 5D42 15C4 5F7F 5AB2 BAA1 41C4 F7D5" # Download package and extract to web volume RUN set -ex; \ - fetchDeps="gnupg dirmngr locales libc-l10n"; \ - apt-get -qq update; \ - apt-get install -y --no-install-recommends $fetchDeps; \ curl -o roundcubemail.tar.gz -fSL https://github.com/roundcube/roundcubemail/releases/download/${ROUNDCUBEMAIL_VERSION}/roundcubemail-${ROUNDCUBEMAIL_VERSION}-complete.tar.gz; \ curl -o roundcubemail.tar.gz.asc -fSL https://github.com/roundcube/roundcubemail/releases/download/${ROUNDCUBEMAIL_VERSION}/roundcubemail-${ROUNDCUBEMAIL_VERSION}-complete.tar.gz.asc; \ export GNUPGHOME="$(mktemp -d)"; \ - # workaround for "Cannot assign requested address", see e.g. https://github.com/inversepath/usbarmory-debian-base_image/issues/9 - echo "disable-ipv6" > "$GNUPGHOME/dirmngr.conf"; \ curl -fSL https://roundcube.net/download/pubkey.asc -o /tmp/pubkey.asc; \ LC_ALL=C.UTF-8 gpg -n --show-keys --with-fingerprint --keyid-format=long /tmp/pubkey.asc | if [ $(grep -c -o 'Key fingerprint') != 1 ]; then echo 'The key file should contain only one GPG key'; exit 1; fi; \ LC_ALL=C.UTF-8 gpg -n --show-keys --with-fingerprint --keyid-format=long /tmp/pubkey.asc | if [ $(grep -c -o "${ROUNDCUBEMAIL_KEYID}") != 1 ]; then echo 'The key ID should be the roundcube one'; exit 1; fi; \ @@ -103,17 +108,9 @@ RUN set -ex; \ tar -xf roundcubemail.tar.gz -C /usr/src/roundcubemail --strip-components=1 --no-same-owner; \ rm -r "$GNUPGHOME" roundcubemail.tar.gz.asc roundcubemail.tar.gz; \ rm -rf /usr/src/roundcubemail/installer; \ - chown -R www-data:www-data /usr/src/roundcubemail/logs - -# include the wait-for-it.sh script -RUN curl -fL https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh > /wait-for-it.sh && chmod +x /wait-for-it.sh - -# use custom PHP settings -COPY php.ini /usr/local/etc/php/conf.d/roundcube-defaults.ini - -COPY --chmod=0755 docker-entrypoint.sh / - -RUN mkdir -p /var/roundcube/config + chown -R www-data:www-data /usr/src/roundcubemail/logs; \ +# Create the config dir + mkdir -p /var/roundcube/config ENTRYPOINT ["/docker-entrypoint.sh"] CMD ["apache2-foreground"] diff --git a/fpm-alpine/Dockerfile b/fpm-alpine/Dockerfile index 8d2417dc6..e53feb615 100644 --- a/fpm-alpine/Dockerfile +++ b/fpm-alpine/Dockerfile @@ -2,8 +2,8 @@ FROM php:8.1-fpm-alpine LABEL maintainer="Thomas Bruederli " LABEL org.opencontainers.image.source="https://github.com/roundcube/roundcubemail-docker" -# entrypoint.sh and installto.sh dependencies RUN set -ex; \ + if [ "fpm-alpine" = "apache" ]; then a2enmod rewrite; fi; \ \ apk add --no-cache \ bash \ @@ -31,6 +31,9 @@ RUN set -ex; \ aspell-dev \ ; \ \ +# Extract sources to avoid using pecl (https://github.com/docker-library/php/issues/374#issuecomment-690698974) + pecl bundle -d /usr/src/php/ext imagick; \ + pecl bundle -d /usr/src/php/ext redis; \ docker-php-ext-configure gd --with-jpeg --with-freetype; \ docker-php-ext-configure ldap; \ docker-php-ext-install \ @@ -43,21 +46,38 @@ RUN set -ex; \ pdo_sqlite \ zip \ pspell \ + imagick \ + redis \ ; \ - pecl install imagick redis; \ docker-php-ext-enable imagick opcache redis; \ + docker-php-source delete; \ +# Header files ".h" + rm -r /usr/local/include/php/ext; \ + rm -r /tmp/pear; \ +# Display installed modules + php -m; \ \ + extdir="$(php -r 'echo ini_get("extension_dir");')"; \ runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \ + scanelf --needed --nobanner --format '%n#p' --recursive $extdir \ | tr ',' '\n' \ | sort -u \ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ )"; \ apk add --virtual .roundcubemail-phpext-rundeps imagemagick $runDeps; \ - apk del .build-deps + apk del .build-deps; \ + err="$(php --version 3>&1 1>&2 2>&3)"; \ + [ -z "$err" ] || (echo "Sanity check failed: php returned errors; $err"; exit 1;); \ +# include the wait-for-it.sh script (latest commit) + curl -fL https://raw.githubusercontent.com/vishnubob/wait-for-it/81b1373f17855a4dc21156cfe1694c31d7d1792e/wait-for-it.sh -o /wait-for-it.sh; \ + chmod +x /wait-for-it.sh; COPY --from=composer:2 /usr/bin/composer /usr/bin/composer +# use custom PHP settings +COPY php.ini /usr/local/etc/php/conf.d/roundcube-defaults.ini + +COPY --chmod=0755 docker-entrypoint.sh / # Define Roundcubemail version ENV ROUNDCUBEMAIL_VERSION 1.6.9 @@ -74,8 +94,6 @@ RUN set -ex; \ curl -o roundcubemail.tar.gz -fSL https://github.com/roundcube/roundcubemail/releases/download/${ROUNDCUBEMAIL_VERSION}/roundcubemail-${ROUNDCUBEMAIL_VERSION}-complete.tar.gz; \ curl -o roundcubemail.tar.gz.asc -fSL https://github.com/roundcube/roundcubemail/releases/download/${ROUNDCUBEMAIL_VERSION}/roundcubemail-${ROUNDCUBEMAIL_VERSION}-complete.tar.gz.asc; \ export GNUPGHOME="$(mktemp -d)"; \ - # workaround for "Cannot assign requested address", see e.g. https://github.com/inversepath/usbarmory-debian-base_image/issues/9 - echo "disable-ipv6" > "$GNUPGHOME/dirmngr.conf"; \ curl -fSL https://roundcube.net/download/pubkey.asc -o /tmp/pubkey.asc; \ LC_ALL=C.UTF-8 gpg -n --show-keys --with-fingerprint --keyid-format=long /tmp/pubkey.asc | if [ $(grep -c -o 'Key fingerprint') != 1 ]; then echo 'The key file should contain only one GPG key'; exit 1; fi; \ LC_ALL=C.UTF-8 gpg -n --show-keys --with-fingerprint --keyid-format=long /tmp/pubkey.asc | if [ $(grep -c -o "${ROUNDCUBEMAIL_KEYID}") != 1 ]; then echo 'The key ID should be the roundcube one'; exit 1; fi; \ @@ -88,17 +106,9 @@ RUN set -ex; \ rm -r "$GNUPGHOME" roundcubemail.tar.gz.asc roundcubemail.tar.gz; \ rm -rf /usr/src/roundcubemail/installer; \ chown -R www-data:www-data /usr/src/roundcubemail/logs; \ - apk del .fetch-deps - -# include the wait-for-it.sh script -RUN curl -fL https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh > /wait-for-it.sh && chmod +x /wait-for-it.sh - -# use custom PHP settings -COPY php.ini /usr/local/etc/php/conf.d/roundcube-defaults.ini - -COPY --chmod=0755 docker-entrypoint.sh / - -RUN mkdir -p /var/roundcube/config + apk del .fetch-deps; \ +# Create the config dir + mkdir -p /var/roundcube/config ENTRYPOINT ["/docker-entrypoint.sh"] CMD ["php-fpm"] diff --git a/fpm/Dockerfile b/fpm/Dockerfile index c03268c2f..55381ce3c 100644 --- a/fpm/Dockerfile +++ b/fpm/Dockerfile @@ -3,6 +3,7 @@ LABEL maintainer="Thomas Bruederli " LABEL org.opencontainers.image.source="https://github.com/roundcube/roundcubemail-docker" RUN set -ex; \ + if [ "fpm" = "apache" ]; then a2enmod rewrite; fi; \ apt-get update; \ \ savedAptMark="$(apt-mark showmanual)"; \ @@ -21,7 +22,17 @@ RUN set -ex; \ libonig-dev \ libldap-common \ ; \ +# installto.sh & web install dependencies + fetchDeps="gnupg locales libc-l10n"; \ + installDeps="aspell aspell-en rsync unzip"; \ + apt-get install -y --no-install-recommends \ + $installDeps \ + $fetchDeps \ + ; \ \ +# Extract sources to avoid using pecl (https://github.com/docker-library/php/issues/374#issuecomment-690698974) + pecl bundle -d /usr/src/php/ext imagick; \ + pecl bundle -d /usr/src/php/ext redis; \ debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ docker-php-ext-configure gd --with-jpeg --with-freetype; \ docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \ @@ -35,13 +46,20 @@ RUN set -ex; \ pdo_sqlite \ zip \ pspell \ + imagick \ + redis \ ; \ - pecl install imagick redis; \ docker-php-ext-enable imagick opcache redis; \ + docker-php-source delete; \ +# Header files ".h" + rm -r /usr/local/include/php/ext; \ + rm -r /tmp/pear; \ +# Display installed modules + php -m; \ \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ - apt-mark manual $savedAptMark; \ + apt-mark manual $savedAptMark $installDeps $fetchDeps; \ extdir="$(php -r 'echo ini_get("extension_dir");')"; \ ldd "$extdir"/*.so \ | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ @@ -53,26 +71,20 @@ RUN set -ex; \ \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ - ldd "$extdir"/*.so | grep -qzv "=> not found" || (echo "Sanity check failed: missing libraries:"; ldd "$extdir"/*.so | grep " => not found"; exit 1); \ - ldd "$extdir"/*.so | grep -q "libzip.so.* => .*/libzip.so.*" || (echo "Sanity check failed: libzip.so is not referenced"; ldd "$extdir"/*.so; exit 1); \ - err="$(php --version 3>&1 1>&2 2>&3)"; \ - [ -z "$err" ] || (echo "Sanity check failed: php returned errors; $err"; exit 1;); - - -# installto.sh dependencies -RUN set -ex; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - aspell \ - aspell-en \ - rsync \ - unzip \ - ; \ - rm -rf /var/lib/apt/lists/* + ldd "$extdir"/*.so | grep -qzv "=> not found" || (echo "Sanity check failed: missing libraries:"; ldd "$extdir"/*.so | grep " => not found"; exit 1); \ + ldd "$extdir"/*.so | grep -q "libzip.so.* => .*/libzip.so.*" || (echo "Sanity check failed: libzip.so is not referenced"; ldd "$extdir"/*.so; exit 1); \ + err="$(php --version 3>&1 1>&2 2>&3)"; \ + [ -z "$err" ] || (echo "Sanity check failed: php returned errors; $err"; exit 1;); \ +# include the wait-for-it.sh script (latest commit) + curl -fL https://raw.githubusercontent.com/vishnubob/wait-for-it/81b1373f17855a4dc21156cfe1694c31d7d1792e/wait-for-it.sh -o /wait-for-it.sh; \ + chmod +x /wait-for-it.sh; COPY --from=composer:2 /usr/bin/composer /usr/bin/composer +# use custom PHP settings +COPY php.ini /usr/local/etc/php/conf.d/roundcube-defaults.ini + +COPY --chmod=0755 docker-entrypoint.sh / # Define Roundcubemail version ENV ROUNDCUBEMAIL_VERSION 1.6.9 @@ -82,14 +94,9 @@ ENV ROUNDCUBEMAIL_KEYID "F3E4 C04B B3DB 5D42 15C4 5F7F 5AB2 BAA1 41C4 F7D5" # Download package and extract to web volume RUN set -ex; \ - fetchDeps="gnupg dirmngr locales libc-l10n"; \ - apt-get -qq update; \ - apt-get install -y --no-install-recommends $fetchDeps; \ curl -o roundcubemail.tar.gz -fSL https://github.com/roundcube/roundcubemail/releases/download/${ROUNDCUBEMAIL_VERSION}/roundcubemail-${ROUNDCUBEMAIL_VERSION}-complete.tar.gz; \ curl -o roundcubemail.tar.gz.asc -fSL https://github.com/roundcube/roundcubemail/releases/download/${ROUNDCUBEMAIL_VERSION}/roundcubemail-${ROUNDCUBEMAIL_VERSION}-complete.tar.gz.asc; \ export GNUPGHOME="$(mktemp -d)"; \ - # workaround for "Cannot assign requested address", see e.g. https://github.com/inversepath/usbarmory-debian-base_image/issues/9 - echo "disable-ipv6" > "$GNUPGHOME/dirmngr.conf"; \ curl -fSL https://roundcube.net/download/pubkey.asc -o /tmp/pubkey.asc; \ LC_ALL=C.UTF-8 gpg -n --show-keys --with-fingerprint --keyid-format=long /tmp/pubkey.asc | if [ $(grep -c -o 'Key fingerprint') != 1 ]; then echo 'The key file should contain only one GPG key'; exit 1; fi; \ LC_ALL=C.UTF-8 gpg -n --show-keys --with-fingerprint --keyid-format=long /tmp/pubkey.asc | if [ $(grep -c -o "${ROUNDCUBEMAIL_KEYID}") != 1 ]; then echo 'The key ID should be the roundcube one'; exit 1; fi; \ @@ -101,17 +108,9 @@ RUN set -ex; \ tar -xf roundcubemail.tar.gz -C /usr/src/roundcubemail --strip-components=1 --no-same-owner; \ rm -r "$GNUPGHOME" roundcubemail.tar.gz.asc roundcubemail.tar.gz; \ rm -rf /usr/src/roundcubemail/installer; \ - chown -R www-data:www-data /usr/src/roundcubemail/logs - -# include the wait-for-it.sh script -RUN curl -fL https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh > /wait-for-it.sh && chmod +x /wait-for-it.sh - -# use custom PHP settings -COPY php.ini /usr/local/etc/php/conf.d/roundcube-defaults.ini - -COPY --chmod=0755 docker-entrypoint.sh / - -RUN mkdir -p /var/roundcube/config + chown -R www-data:www-data /usr/src/roundcubemail/logs; \ +# Create the config dir + mkdir -p /var/roundcube/config ENTRYPOINT ["/docker-entrypoint.sh"] CMD ["php-fpm"] diff --git a/templates/Dockerfile-alpine.templ b/templates/Dockerfile-alpine.templ index 17787d494..bb207d111 100644 --- a/templates/Dockerfile-alpine.templ +++ b/templates/Dockerfile-alpine.templ @@ -2,8 +2,8 @@ FROM php:8.1-%%VARIANT%% LABEL maintainer="Thomas Bruederli " LABEL org.opencontainers.image.source="https://github.com/roundcube/roundcubemail-docker" -# entrypoint.sh and installto.sh dependencies RUN set -ex; \ + if [ "%%VARIANT%%" = "apache" ]; then a2enmod rewrite; fi; \ \ apk add --no-cache \ bash \ @@ -31,6 +31,9 @@ RUN set -ex; \ aspell-dev \ ; \ \ +# Extract sources to avoid using pecl (https://github.com/docker-library/php/issues/374#issuecomment-690698974) + pecl bundle -d /usr/src/php/ext imagick; \ + pecl bundle -d /usr/src/php/ext redis; \ docker-php-ext-configure gd --with-jpeg --with-freetype; \ docker-php-ext-configure ldap; \ docker-php-ext-install \ @@ -43,21 +46,38 @@ RUN set -ex; \ pdo_sqlite \ zip \ pspell \ + imagick \ + redis \ ; \ - pecl install imagick redis; \ docker-php-ext-enable imagick opcache redis; \ + docker-php-source delete; \ +# Header files ".h" + rm -r /usr/local/include/php/ext; \ + rm -r /tmp/pear; \ +# Display installed modules + php -m; \ \ + extdir="$(php -r 'echo ini_get("extension_dir");')"; \ runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \ + scanelf --needed --nobanner --format '%n#p' --recursive $extdir \ | tr ',' '\n' \ | sort -u \ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ )"; \ apk add --virtual .roundcubemail-phpext-rundeps imagemagick $runDeps; \ - apk del .build-deps + apk del .build-deps; \ + err="$(php --version 3>&1 1>&2 2>&3)"; \ + [ -z "$err" ] || (echo "Sanity check failed: php returned errors; $err"; exit 1;); \ +# include the wait-for-it.sh script (latest commit) + curl -fL https://raw.githubusercontent.com/vishnubob/wait-for-it/81b1373f17855a4dc21156cfe1694c31d7d1792e/wait-for-it.sh -o /wait-for-it.sh; \ + chmod +x /wait-for-it.sh; COPY --from=composer:2 /usr/bin/composer /usr/bin/composer -%%EXTRAS%% + +# use custom PHP settings +COPY php.ini /usr/local/etc/php/conf.d/roundcube-defaults.ini + +COPY --chmod=0755 docker-entrypoint.sh / # Define Roundcubemail version ENV ROUNDCUBEMAIL_VERSION %%VERSION%% @@ -74,8 +94,6 @@ RUN set -ex; \ curl -o roundcubemail.tar.gz -fSL https://github.com/roundcube/roundcubemail/releases/download/${ROUNDCUBEMAIL_VERSION}/roundcubemail-${ROUNDCUBEMAIL_VERSION}-complete.tar.gz; \ curl -o roundcubemail.tar.gz.asc -fSL https://github.com/roundcube/roundcubemail/releases/download/${ROUNDCUBEMAIL_VERSION}/roundcubemail-${ROUNDCUBEMAIL_VERSION}-complete.tar.gz.asc; \ export GNUPGHOME="$(mktemp -d)"; \ - # workaround for "Cannot assign requested address", see e.g. https://github.com/inversepath/usbarmory-debian-base_image/issues/9 - echo "disable-ipv6" > "$GNUPGHOME/dirmngr.conf"; \ curl -fSL https://roundcube.net/download/pubkey.asc -o /tmp/pubkey.asc; \ LC_ALL=C.UTF-8 gpg -n --show-keys --with-fingerprint --keyid-format=long /tmp/pubkey.asc | if [ $(grep -c -o 'Key fingerprint') != 1 ]; then echo 'The key file should contain only one GPG key'; exit 1; fi; \ LC_ALL=C.UTF-8 gpg -n --show-keys --with-fingerprint --keyid-format=long /tmp/pubkey.asc | if [ $(grep -c -o "${ROUNDCUBEMAIL_KEYID}") != 1 ]; then echo 'The key ID should be the roundcube one'; exit 1; fi; \ @@ -88,17 +106,9 @@ RUN set -ex; \ rm -r "$GNUPGHOME" roundcubemail.tar.gz.asc roundcubemail.tar.gz; \ rm -rf /usr/src/roundcubemail/installer; \ chown -R www-data:www-data /usr/src/roundcubemail/logs; \ - apk del .fetch-deps - -# include the wait-for-it.sh script -RUN curl -fL https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh > /wait-for-it.sh && chmod +x /wait-for-it.sh - -# use custom PHP settings -COPY php.ini /usr/local/etc/php/conf.d/roundcube-defaults.ini - -COPY --chmod=0755 docker-entrypoint.sh / - -RUN mkdir -p /var/roundcube/config + apk del .fetch-deps; \ +# Create the config dir + mkdir -p /var/roundcube/config ENTRYPOINT ["/docker-entrypoint.sh"] CMD ["%%CMD%%"] diff --git a/templates/Dockerfile-debian.templ b/templates/Dockerfile-debian.templ index d4886b96f..62c3eba37 100644 --- a/templates/Dockerfile-debian.templ +++ b/templates/Dockerfile-debian.templ @@ -3,6 +3,7 @@ LABEL maintainer="Thomas Bruederli " LABEL org.opencontainers.image.source="https://github.com/roundcube/roundcubemail-docker" RUN set -ex; \ + if [ "%%VARIANT%%" = "apache" ]; then a2enmod rewrite; fi; \ apt-get update; \ \ savedAptMark="$(apt-mark showmanual)"; \ @@ -21,7 +22,17 @@ RUN set -ex; \ libonig-dev \ libldap-common \ ; \ +# installto.sh & web install dependencies + fetchDeps="gnupg locales libc-l10n"; \ + installDeps="aspell aspell-en rsync unzip"; \ + apt-get install -y --no-install-recommends \ + $installDeps \ + $fetchDeps \ + ; \ \ +# Extract sources to avoid using pecl (https://github.com/docker-library/php/issues/374#issuecomment-690698974) + pecl bundle -d /usr/src/php/ext imagick; \ + pecl bundle -d /usr/src/php/ext redis; \ debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ docker-php-ext-configure gd --with-jpeg --with-freetype; \ docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \ @@ -35,13 +46,20 @@ RUN set -ex; \ pdo_sqlite \ zip \ pspell \ + imagick \ + redis \ ; \ - pecl install imagick redis; \ docker-php-ext-enable imagick opcache redis; \ + docker-php-source delete; \ +# Header files ".h" + rm -r /usr/local/include/php/ext; \ + rm -r /tmp/pear; \ +# Display installed modules + php -m; \ \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ - apt-mark manual $savedAptMark; \ + apt-mark manual $savedAptMark $installDeps $fetchDeps; \ extdir="$(php -r 'echo ini_get("extension_dir");')"; \ ldd "$extdir"/*.so \ | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ @@ -53,26 +71,20 @@ RUN set -ex; \ \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ - ldd "$extdir"/*.so | grep -qzv "=> not found" || (echo "Sanity check failed: missing libraries:"; ldd "$extdir"/*.so | grep " => not found"; exit 1); \ - ldd "$extdir"/*.so | grep -q "libzip.so.* => .*/libzip.so.*" || (echo "Sanity check failed: libzip.so is not referenced"; ldd "$extdir"/*.so; exit 1); \ - err="$(php --version 3>&1 1>&2 2>&3)"; \ - [ -z "$err" ] || (echo "Sanity check failed: php returned errors; $err"; exit 1;); + ldd "$extdir"/*.so | grep -qzv "=> not found" || (echo "Sanity check failed: missing libraries:"; ldd "$extdir"/*.so | grep " => not found"; exit 1); \ + ldd "$extdir"/*.so | grep -q "libzip.so.* => .*/libzip.so.*" || (echo "Sanity check failed: libzip.so is not referenced"; ldd "$extdir"/*.so; exit 1); \ + err="$(php --version 3>&1 1>&2 2>&3)"; \ + [ -z "$err" ] || (echo "Sanity check failed: php returned errors; $err"; exit 1;); \ +# include the wait-for-it.sh script (latest commit) + curl -fL https://raw.githubusercontent.com/vishnubob/wait-for-it/81b1373f17855a4dc21156cfe1694c31d7d1792e/wait-for-it.sh -o /wait-for-it.sh; \ + chmod +x /wait-for-it.sh; +COPY --from=composer:2 /usr/bin/composer /usr/bin/composer -# installto.sh dependencies -RUN set -ex; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - aspell \ - aspell-en \ - rsync \ - unzip \ - ; \ - rm -rf /var/lib/apt/lists/* +# use custom PHP settings +COPY php.ini /usr/local/etc/php/conf.d/roundcube-defaults.ini -COPY --from=composer:2 /usr/bin/composer /usr/bin/composer -%%EXTRAS%% +COPY --chmod=0755 docker-entrypoint.sh / # Define Roundcubemail version ENV ROUNDCUBEMAIL_VERSION %%VERSION%% @@ -82,14 +94,9 @@ ENV ROUNDCUBEMAIL_KEYID "F3E4 C04B B3DB 5D42 15C4 5F7F 5AB2 BAA1 41C4 F7D5" # Download package and extract to web volume RUN set -ex; \ - fetchDeps="gnupg dirmngr locales libc-l10n"; \ - apt-get -qq update; \ - apt-get install -y --no-install-recommends $fetchDeps; \ curl -o roundcubemail.tar.gz -fSL https://github.com/roundcube/roundcubemail/releases/download/${ROUNDCUBEMAIL_VERSION}/roundcubemail-${ROUNDCUBEMAIL_VERSION}-complete.tar.gz; \ curl -o roundcubemail.tar.gz.asc -fSL https://github.com/roundcube/roundcubemail/releases/download/${ROUNDCUBEMAIL_VERSION}/roundcubemail-${ROUNDCUBEMAIL_VERSION}-complete.tar.gz.asc; \ export GNUPGHOME="$(mktemp -d)"; \ - # workaround for "Cannot assign requested address", see e.g. https://github.com/inversepath/usbarmory-debian-base_image/issues/9 - echo "disable-ipv6" > "$GNUPGHOME/dirmngr.conf"; \ curl -fSL https://roundcube.net/download/pubkey.asc -o /tmp/pubkey.asc; \ LC_ALL=C.UTF-8 gpg -n --show-keys --with-fingerprint --keyid-format=long /tmp/pubkey.asc | if [ $(grep -c -o 'Key fingerprint') != 1 ]; then echo 'The key file should contain only one GPG key'; exit 1; fi; \ LC_ALL=C.UTF-8 gpg -n --show-keys --with-fingerprint --keyid-format=long /tmp/pubkey.asc | if [ $(grep -c -o "${ROUNDCUBEMAIL_KEYID}") != 1 ]; then echo 'The key ID should be the roundcube one'; exit 1; fi; \ @@ -101,17 +108,9 @@ RUN set -ex; \ tar -xf roundcubemail.tar.gz -C /usr/src/roundcubemail --strip-components=1 --no-same-owner; \ rm -r "$GNUPGHOME" roundcubemail.tar.gz.asc roundcubemail.tar.gz; \ rm -rf /usr/src/roundcubemail/installer; \ - chown -R www-data:www-data /usr/src/roundcubemail/logs - -# include the wait-for-it.sh script -RUN curl -fL https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh > /wait-for-it.sh && chmod +x /wait-for-it.sh - -# use custom PHP settings -COPY php.ini /usr/local/etc/php/conf.d/roundcube-defaults.ini - -COPY --chmod=0755 docker-entrypoint.sh / - -RUN mkdir -p /var/roundcube/config + chown -R www-data:www-data /usr/src/roundcubemail/logs; \ +# Create the config dir + mkdir -p /var/roundcube/config ENTRYPOINT ["/docker-entrypoint.sh"] CMD ["%%CMD%%"] diff --git a/templates/travis.yml b/templates/travis.yml deleted file mode 100644 index 4c829187f..000000000 --- a/templates/travis.yml +++ /dev/null @@ -1,30 +0,0 @@ -os: linux -dist: trusty - -services: docker - -language: bash - -branches: - only: - - master - -before_script: - - env | sort - - dir="${VARIANT}" - - echo "$DOCKER_PULL_PASSWORD" | docker login -u "$DOCKER_PULL_USERNAME" --password-stdin - -script: - - cd "$dir" - - docker-compose build - - docker images - - travis_retry docker-compose up -d && sleep 60 - - docker-compose ps - - docker-compose logs - - docker-compose ps "roundcubedb" | grep "Up" - - docker-compose ps "roundcubemail" | grep "Up" - -notifications: - email: false - -env:%%ENV%% diff --git a/update.sh b/update.sh index ba958551a..05b6b8faa 100755 --- a/update.sh +++ b/update.sh @@ -13,12 +13,6 @@ declare -A BASE=( [fpm-alpine]='alpine' ) -declare -A EXTRAS=( - [apache]='¬RUN a2enmod rewrite' - [fpm]='' - [fpm-alpine]='' -) - VERSION="${1:-$(curl -fsS https://roundcube.net/VERSION.txt)}" #set -x @@ -33,7 +27,6 @@ for variant in apache fpm fpm-alpine; do cp templates/php.ini "$dir/php.ini" sed -E -e ' s/%%VARIANT%%/'"$variant"'/; - s/%%EXTRAS%%/'"${EXTRAS[$variant]}"'/; s/%%VERSION%%/'"$VERSION"'/; s/%%CMD%%/'"${CMD[$variant]}"'/; ' $template | tr '¬' '\n' > "$dir/Dockerfile"