massive revert back to vanilla alpine as base image

Dockerfile

@@ -1,14 +1,24 @@
-FROM php:7-fpm-alpine3.7
+FROM alpine
 
 LABEL maintainer="diego@passbolt.com"
 
 ARG PASSBOLT_VERSION="2.0.0-rc2"
 ARG PASSBOLT_URL="https://github.com/passbolt/passbolt_api/archive/v${PASSBOLT_VERSION}.tar.gz"
 
-ARG PHP_EXTENSIONS="gd \
+ARG PHP_EXTENSIONS="php7-gd \
-      intl \
+      php7-intl \
-      pdo_mysql \
+      php7-pdo_mysql \
-      xsl"
+      php7-xsl \
+      php7-redis \
+      php7-openssl \
+      php7-json \
+      php7-zlib \
+      php7-phar \
+      php7-mbstring \
+      php7-ctype \
+      php7-posix \
+      php7-mcrypt \
+      php7-iconv"
 
 ARG PHP_GNUPG_BUILD_DEPS="php7-dev \
       make \
@@ -20,37 +30,43 @@ ARG PHP_GNUPG_BUILD_DEPS="php7-dev \
       gpgme-dev \
       autoconf \
       zlib-dev \
-      file"
+      file \
+      php7-pear"
 
-ARG PECL_PASSBOLT_EXTENSIONS="gnupg \
+ARG PECL_PASSBOLT_EXTENSIONS="gnupg"
-      redis"
 
+WORKDIR /var/www/passbolt
 RUN apk add --no-cache $PHP_GNUPG_BUILD_DEPS \
+      $PHP_EXTENSIONS \
+      openssl \
       nginx \
+      php7-fpm \
       gpgme \
       gnupg1 \
       mysql-client \
-      libpng-dev \
-      icu-dev \
-      libxslt-dev \
-      libmcrypt-dev \
       supervisor \
+      php7 \
+      curl \
       git \
-    && pecl install $PECL_PASSBOLT_EXTENSIONS mcrypt-snapshot \
+    && pecl install $PECL_PASSBOLT_EXTENSIONS \
-    && docker-php-ext-install -j4 $PHP_EXTENSIONS \
+    && echo "extension=gnupg.so" > /etc/php7/conf.d/20_gnupg.ini \
-    && docker-php-ext-enable $PHP_EXTENSIONS $PECL_PASSBOLT_EXTENSIONS mcrypt \
     && apk del $PHP_GNUPG_BUILD_DEPS \
-    && curl -sS https://getcomposer.org/installer | php \
+    && php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" \
-    && mv composer.phar /usr/local/bin/composer
+    && php composer-setup.php \
-
+    && php -r "unlink('composer-setup.php');" \
-WORKDIR /var/www/passbolt
+    && mv composer.phar /usr/local/bin/composer \
-RUN curl -sSL $PASSBOLT_URL | tar zxf - -C . --strip-components 1 \
+    && curl -sSL $PASSBOLT_URL | tar zxf - -C . --strip-components 1 \
-    && composer install --no-dev --optimize-autoloader \
+    && composer install -n --no-dev --optimize-autoloader \
-    && chown -R www-data:www-data . \
+    && apk del git \
+    && chown -R nginx:nginx . \
     && chmod 775 $(find /var/www/passbolt/tmp -type d) \
     && chmod 664 $(find /var/www/passbolt/tmp -type f) \
     && chmod 775 $(find /var/www/passbolt/webroot/img/public -type d) \
-    && chmod 664 $(find /var/www/passbolt/webroot/img/public -type f)
+    && chmod 664 $(find /var/www/passbolt/webroot/img/public -type f) \
+    && sed -i 's/;daemonize = yes/daemonize = no/g' /etc/php7/php-fpm.conf \
+    && sed -i 's/;clear_env = no/clear_env = no/g' /etc/php7/php-fpm.d/www.conf \
+    && sed -i 's/user = nobody/user = nginx/g' /etc/php7/php-fpm.d/www.conf \
+    && sed -i 's/group = nobody/user = nginx/g' /etc/php7/php-fpm.d/www.conf
 
 COPY conf/passbolt.conf /etc/nginx/conf.d/default.conf
 COPY conf/supervisord.conf /etc/supervisord.conf

bin/docker-entrypoint.sh

@@ -24,16 +24,16 @@ gpg_gen_key() {
     Name-Email: $key_email
     Expire-Date: $expiration
 		%commit
-EOF" -ls /bin/sh www-data
+EOF" -ls /bin/sh nginx
 
-  su -c "gpg --armor --export-secret-keys $key_email > $gpg_private_key" -ls /bin/sh www-data
+  su -c "gpg --armor --export-secret-keys $key_email > $gpg_private_key" -ls /bin/sh nginx
-  su -c "gpg --armor --export $key_email > $gpg_public_key" -ls /bin/sh www-data
+  su -c "gpg --armor --export $key_email > $gpg_public_key" -ls /bin/sh nginx
 }
 
 gpg_import_key() {
-  key_id=$(su -m -c "gpg --with-colons $gpg_private_key | grep sec |cut -f5 -d:" -ls /bin/sh www-data)
+  key_id=$(su -m -c "gpg --with-colons $gpg_private_key | grep sec |cut -f5 -d:" -ls /bin/sh nginx)
-  su -c "gpg --batch --import $gpg_public_key" -ls /bin/sh www-data
+  su -c "gpg --batch --import $gpg_public_key" -ls /bin/sh nginx
-  su -c "gpg -K $key_id" -ls /bin/sh www-data || su -m -c "gpg --batch --import $gpg_private_key" -ls /bin/sh www-data
+  su -c "gpg -K $key_id" -ls /bin/sh nginx || su -m -c "gpg --batch --import $gpg_private_key" -ls /bin/sh nginx
 }
 
 gen_ssl_cert() {
@@ -52,16 +52,16 @@ install() {
   app_config="/var/www/passbolt/config/app.php"
 
   if [ ! -f "$app_config" ]; then
-    su -c 'cp /var/www/passbolt/config/app.default.php /var/www/passbolt/config/app.php' -s /bin/sh www-data
+    su -c 'cp /var/www/passbolt/config/app.default.php /var/www/passbolt/config/app.php' -s /bin/sh nginx
   fi
 
   if [ -z "$PASSBOLT_GPG_SERVER_KEY_FINGERPRINT" ]; then
-    gpg_auto_fingerprint="$(su -c "gpg --with-fingerprint $gpg_public_key | grep fingerprint | awk '{for(i=4;i<=NF;++i)printf \$i}'" -ls /bin/sh www-data)"
+    gpg_auto_fingerprint="$(su -c "gpg --with-fingerprint $gpg_public_key | grep fingerprint | awk '{for(i=4;i<=NF;++i)printf \$i}'" -ls /bin/sh nginx)"
     export PASSBOLT_GPG_SERVER_KEY_FINGERPRINT=$gpg_auto_fingerprint
   fi
 
   if [ "$tables" -eq 0 ]; then
-    su -c '/var/www/passbolt/bin/cake passbolt install --no-admin --force' -s /bin/sh www-data
+    su -c '/var/www/passbolt/bin/cake passbolt install --no-admin --force' -s /bin/sh nginx
   else
     echo "Enjoy! ☮"
   fi
@@ -77,7 +77,7 @@ email_cron_job() {
   echo "* * * * * run-parts $cron_task_dir" >> $root_crontab
   echo "#!/bin/sh" > $cron_task
   chmod +x $cron_task
-  echo "su -c \"$process_email\" -s /bin/sh www-data" >> $cron_task
+  echo "su -c \"$process_email\" -s /bin/sh nginx" >> $cron_task
 }
 
 if [ ! -f "$gpg_private_key" ] && [ ! -L "$gpg_private_key" ] || \

conf/supervisord.conf

@@ -20,8 +20,8 @@ supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
 [supervisorctl]
 serverurl=unix:///tmp/supervisor.sock ; use a unix:// URL  for a unix socket
 
-[program:php-fpm]
+[program:php-fpm7]
-command=php-fpm
+command=php-fpm7
 autostart=true
 priority=5
 

spec/docker_image/image_spec.rb

@@ -21,12 +21,12 @@ describe 'Dockerfile' do
   let(:passbolt_home)   { '/var/www/passbolt' }
   let(:passbolt_tmp)    { '/var/www/passbolt/tmp' }
   let(:passbolt_image)  { '/var/www/passbolt/webroot/img/public' }
-  let(:passbolt_owner)  { 'www-data' }
+  let(:passbolt_owner)  { 'nginx' }
   let(:exposed_ports)   { [ '80', '443' ] }
   let(:composer)        { '/usr/local/bin/composer'}
   let(:php_extensions)  { [
-    'curl', 'gd', 'intl', 'json', 'mcrypt', 'mysqlnd', 'xsl', 'phar',
+    'gd', 'intl', 'json', 'mcrypt', 'mysqlnd', 'phar',
-    'posix', 'xml', 'xsl', 'zlib', 'ctype', 'pdo', 'gnupg', 'pdo_mysql'
+    'posix', 'libxml', 'xsl', 'zlib', 'ctype', 'pdo', 'gnupg', 'pdo_mysql'
     ] }
 
   describe 'passbolt required php extensions' do
@@ -43,6 +43,18 @@ describe 'Dockerfile' do
     end
   end
 
+  describe 'openssl' do
+    it 'is installed' do
+      expect(package('openssl')).to be_installed
+    end
+  end
+
+  describe 'php7-fpm' do
+    it 'is installed' do
+      expect(package('php7-fpm')).to be_installed
+    end
+  end
+
   describe 'supervisor' do
     it 'is installed' do
       expect(package('supervisor')).to be_installed