From 0eb7156a161bf9039fcee76ce849ba99111cf15a Mon Sep 17 00:00:00 2001 From: Diego Lendoiro Date: Tue, 27 Feb 2018 15:50:05 +0100 Subject: [PATCH] massive revert back to vanilla alpine as base image --- Dockerfile | 62 +++++++++++++++++++++------------ bin/docker-entrypoint.sh | 20 +++++------ conf/supervisord.conf | 4 +-- spec/docker_image/image_spec.rb | 18 ++++++++-- 4 files changed, 66 insertions(+), 38 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7409fe6..fac16f4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,14 +1,24 @@ -FROM php:7-fpm-alpine3.7 +FROM alpine LABEL maintainer="diego@passbolt.com" ARG PASSBOLT_VERSION="2.0.0-rc2" ARG PASSBOLT_URL="https://github.com/passbolt/passbolt_api/archive/v${PASSBOLT_VERSION}.tar.gz" -ARG PHP_EXTENSIONS="gd \ - intl \ - pdo_mysql \ - xsl" +ARG PHP_EXTENSIONS="php7-gd \ + php7-intl \ + php7-pdo_mysql \ + php7-xsl \ + php7-redis \ + php7-openssl \ + php7-json \ + php7-zlib \ + php7-phar \ + php7-mbstring \ + php7-ctype \ + php7-posix \ + php7-mcrypt \ + php7-iconv" ARG PHP_GNUPG_BUILD_DEPS="php7-dev \ make \ @@ -20,37 +30,43 @@ ARG PHP_GNUPG_BUILD_DEPS="php7-dev \ gpgme-dev \ autoconf \ zlib-dev \ - file" + file \ + php7-pear" -ARG PECL_PASSBOLT_EXTENSIONS="gnupg \ - redis" +ARG PECL_PASSBOLT_EXTENSIONS="gnupg" +WORKDIR /var/www/passbolt RUN apk add --no-cache $PHP_GNUPG_BUILD_DEPS \ + $PHP_EXTENSIONS \ + openssl \ nginx \ + php7-fpm \ gpgme \ gnupg1 \ mysql-client \ - libpng-dev \ - icu-dev \ - libxslt-dev \ - libmcrypt-dev \ supervisor \ + php7 \ + curl \ git \ - && pecl install $PECL_PASSBOLT_EXTENSIONS mcrypt-snapshot \ - && docker-php-ext-install -j4 $PHP_EXTENSIONS \ - && docker-php-ext-enable $PHP_EXTENSIONS $PECL_PASSBOLT_EXTENSIONS mcrypt \ + && pecl install $PECL_PASSBOLT_EXTENSIONS \ + && echo "extension=gnupg.so" > /etc/php7/conf.d/20_gnupg.ini \ && apk del $PHP_GNUPG_BUILD_DEPS \ - && curl -sS https://getcomposer.org/installer | php \ - && mv composer.phar /usr/local/bin/composer - -WORKDIR /var/www/passbolt -RUN curl -sSL $PASSBOLT_URL | tar zxf - -C . --strip-components 1 \ - && composer install --no-dev --optimize-autoloader \ - && chown -R www-data:www-data . \ + && php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" \ + && php composer-setup.php \ + && php -r "unlink('composer-setup.php');" \ + && mv composer.phar /usr/local/bin/composer \ + && curl -sSL $PASSBOLT_URL | tar zxf - -C . --strip-components 1 \ + && composer install -n --no-dev --optimize-autoloader \ + && apk del git \ + && chown -R nginx:nginx . \ && chmod 775 $(find /var/www/passbolt/tmp -type d) \ && chmod 664 $(find /var/www/passbolt/tmp -type f) \ && chmod 775 $(find /var/www/passbolt/webroot/img/public -type d) \ - && chmod 664 $(find /var/www/passbolt/webroot/img/public -type f) + && chmod 664 $(find /var/www/passbolt/webroot/img/public -type f) \ + && sed -i 's/;daemonize = yes/daemonize = no/g' /etc/php7/php-fpm.conf \ + && sed -i 's/;clear_env = no/clear_env = no/g' /etc/php7/php-fpm.d/www.conf \ + && sed -i 's/user = nobody/user = nginx/g' /etc/php7/php-fpm.d/www.conf \ + && sed -i 's/group = nobody/user = nginx/g' /etc/php7/php-fpm.d/www.conf COPY conf/passbolt.conf /etc/nginx/conf.d/default.conf COPY conf/supervisord.conf /etc/supervisord.conf diff --git a/bin/docker-entrypoint.sh b/bin/docker-entrypoint.sh index a13ec1b..211f5d4 100755 --- a/bin/docker-entrypoint.sh +++ b/bin/docker-entrypoint.sh @@ -24,16 +24,16 @@ gpg_gen_key() { Name-Email: $key_email Expire-Date: $expiration %commit -EOF" -ls /bin/sh www-data +EOF" -ls /bin/sh nginx - su -c "gpg --armor --export-secret-keys $key_email > $gpg_private_key" -ls /bin/sh www-data - su -c "gpg --armor --export $key_email > $gpg_public_key" -ls /bin/sh www-data + su -c "gpg --armor --export-secret-keys $key_email > $gpg_private_key" -ls /bin/sh nginx + su -c "gpg --armor --export $key_email > $gpg_public_key" -ls /bin/sh nginx } gpg_import_key() { - key_id=$(su -m -c "gpg --with-colons $gpg_private_key | grep sec |cut -f5 -d:" -ls /bin/sh www-data) - su -c "gpg --batch --import $gpg_public_key" -ls /bin/sh www-data - su -c "gpg -K $key_id" -ls /bin/sh www-data || su -m -c "gpg --batch --import $gpg_private_key" -ls /bin/sh www-data + key_id=$(su -m -c "gpg --with-colons $gpg_private_key | grep sec |cut -f5 -d:" -ls /bin/sh nginx) + su -c "gpg --batch --import $gpg_public_key" -ls /bin/sh nginx + su -c "gpg -K $key_id" -ls /bin/sh nginx || su -m -c "gpg --batch --import $gpg_private_key" -ls /bin/sh nginx } gen_ssl_cert() { @@ -52,16 +52,16 @@ install() { app_config="/var/www/passbolt/config/app.php" if [ ! -f "$app_config" ]; then - su -c 'cp /var/www/passbolt/config/app.default.php /var/www/passbolt/config/app.php' -s /bin/sh www-data + su -c 'cp /var/www/passbolt/config/app.default.php /var/www/passbolt/config/app.php' -s /bin/sh nginx fi if [ -z "$PASSBOLT_GPG_SERVER_KEY_FINGERPRINT" ]; then - gpg_auto_fingerprint="$(su -c "gpg --with-fingerprint $gpg_public_key | grep fingerprint | awk '{for(i=4;i<=NF;++i)printf \$i}'" -ls /bin/sh www-data)" + gpg_auto_fingerprint="$(su -c "gpg --with-fingerprint $gpg_public_key | grep fingerprint | awk '{for(i=4;i<=NF;++i)printf \$i}'" -ls /bin/sh nginx)" export PASSBOLT_GPG_SERVER_KEY_FINGERPRINT=$gpg_auto_fingerprint fi if [ "$tables" -eq 0 ]; then - su -c '/var/www/passbolt/bin/cake passbolt install --no-admin --force' -s /bin/sh www-data + su -c '/var/www/passbolt/bin/cake passbolt install --no-admin --force' -s /bin/sh nginx else echo "Enjoy! ☮" fi @@ -77,7 +77,7 @@ email_cron_job() { echo "* * * * * run-parts $cron_task_dir" >> $root_crontab echo "#!/bin/sh" > $cron_task chmod +x $cron_task - echo "su -c \"$process_email\" -s /bin/sh www-data" >> $cron_task + echo "su -c \"$process_email\" -s /bin/sh nginx" >> $cron_task } if [ ! -f "$gpg_private_key" ] && [ ! -L "$gpg_private_key" ] || \ diff --git a/conf/supervisord.conf b/conf/supervisord.conf index 9cd1f5a..ec8c5b5 100644 --- a/conf/supervisord.conf +++ b/conf/supervisord.conf @@ -20,8 +20,8 @@ supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface [supervisorctl] serverurl=unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket -[program:php-fpm] -command=php-fpm +[program:php-fpm7] +command=php-fpm7 autostart=true priority=5 diff --git a/spec/docker_image/image_spec.rb b/spec/docker_image/image_spec.rb index ef89ec5..1652ca8 100644 --- a/spec/docker_image/image_spec.rb +++ b/spec/docker_image/image_spec.rb @@ -21,12 +21,12 @@ describe 'Dockerfile' do let(:passbolt_home) { '/var/www/passbolt' } let(:passbolt_tmp) { '/var/www/passbolt/tmp' } let(:passbolt_image) { '/var/www/passbolt/webroot/img/public' } - let(:passbolt_owner) { 'www-data' } + let(:passbolt_owner) { 'nginx' } let(:exposed_ports) { [ '80', '443' ] } let(:composer) { '/usr/local/bin/composer'} let(:php_extensions) { [ - 'curl', 'gd', 'intl', 'json', 'mcrypt', 'mysqlnd', 'xsl', 'phar', - 'posix', 'xml', 'xsl', 'zlib', 'ctype', 'pdo', 'gnupg', 'pdo_mysql' + 'gd', 'intl', 'json', 'mcrypt', 'mysqlnd', 'phar', + 'posix', 'libxml', 'xsl', 'zlib', 'ctype', 'pdo', 'gnupg', 'pdo_mysql' ] } describe 'passbolt required php extensions' do @@ -43,6 +43,18 @@ describe 'Dockerfile' do end end + describe 'openssl' do + it 'is installed' do + expect(package('openssl')).to be_installed + end + end + + describe 'php7-fpm' do + it 'is installed' do + expect(package('php7-fpm')).to be_installed + end + end + describe 'supervisor' do it 'is installed' do expect(package('supervisor')).to be_installed