Revert "massive revert back to vanilla alpine as base image"

This reverts commit 0eb7156a16.

Dockerfile

@@ -1,24 +1,14 @@
-FROM alpine
+FROM php:7-fpm-alpine3.7
 
 LABEL maintainer="diego@passbolt.com"
 
 ARG PASSBOLT_VERSION="2.0.0-rc2"
 ARG PASSBOLT_URL="https://github.com/passbolt/passbolt_api/archive/v${PASSBOLT_VERSION}.tar.gz"
 
-ARG PHP_EXTENSIONS="php7-gd \
+ARG PHP_EXTENSIONS="gd \
-      php7-intl \
+      intl \
-      php7-pdo_mysql \
+      pdo_mysql \
-      php7-xsl \
+      xsl"
-      php7-redis \
-      php7-openssl \
-      php7-json \
-      php7-zlib \
-      php7-phar \
-      php7-mbstring \
-      php7-ctype \
-      php7-posix \
-      php7-mcrypt \
-      php7-iconv"
 
 ARG PHP_GNUPG_BUILD_DEPS="php7-dev \
       make \
@@ -30,43 +20,37 @@ ARG PHP_GNUPG_BUILD_DEPS="php7-dev \
       gpgme-dev \
       autoconf \
       zlib-dev \
-      file \
+      file"
-      php7-pear"
 
-ARG PECL_PASSBOLT_EXTENSIONS="gnupg"
+ARG PECL_PASSBOLT_EXTENSIONS="gnupg \
+      redis"
 
-WORKDIR /var/www/passbolt
 RUN apk add --no-cache $PHP_GNUPG_BUILD_DEPS \
-      $PHP_EXTENSIONS \
-      openssl \
       nginx \
-      php7-fpm \
       gpgme \
       gnupg1 \
       mysql-client \
+      libpng-dev \
+      icu-dev \
+      libxslt-dev \
+      libmcrypt-dev \
       supervisor \
-      php7 \
-      curl \
       git \
-    && pecl install $PECL_PASSBOLT_EXTENSIONS \
+    && pecl install $PECL_PASSBOLT_EXTENSIONS mcrypt-snapshot \
-    && echo "extension=gnupg.so" > /etc/php7/conf.d/20_gnupg.ini \
+    && docker-php-ext-install -j4 $PHP_EXTENSIONS \
+    && docker-php-ext-enable $PHP_EXTENSIONS $PECL_PASSBOLT_EXTENSIONS mcrypt \
     && apk del $PHP_GNUPG_BUILD_DEPS \
-    && php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" \
+    && curl -sS https://getcomposer.org/installer | php \
-    && php composer-setup.php \
+    && mv composer.phar /usr/local/bin/composer
-    && php -r "unlink('composer-setup.php');" \
+
-    && mv composer.phar /usr/local/bin/composer \
+WORKDIR /var/www/passbolt
-    && curl -sSL $PASSBOLT_URL | tar zxf - -C . --strip-components 1 \
+RUN curl -sSL $PASSBOLT_URL | tar zxf - -C . --strip-components 1 \
-    && composer install -n --no-dev --optimize-autoloader \
+    && composer install --no-dev --optimize-autoloader \
-    && apk del git \
+    && chown -R www-data:www-data . \
-    && chown -R nginx:nginx . \
     && chmod 775 $(find /var/www/passbolt/tmp -type d) \
     && chmod 664 $(find /var/www/passbolt/tmp -type f) \
     && chmod 775 $(find /var/www/passbolt/webroot/img/public -type d) \
-    && chmod 664 $(find /var/www/passbolt/webroot/img/public -type f) \
+    && chmod 664 $(find /var/www/passbolt/webroot/img/public -type f)
-    && sed -i 's/;daemonize = yes/daemonize = no/g' /etc/php7/php-fpm.conf \
-    && sed -i 's/;clear_env = no/clear_env = no/g' /etc/php7/php-fpm.d/www.conf \
-    && sed -i 's/user = nobody/user = nginx/g' /etc/php7/php-fpm.d/www.conf \
-    && sed -i 's/group = nobody/user = nginx/g' /etc/php7/php-fpm.d/www.conf
 
 COPY conf/passbolt.conf /etc/nginx/conf.d/default.conf
 COPY conf/supervisord.conf /etc/supervisord.conf

bin/docker-entrypoint.sh

@@ -24,16 +24,16 @@ gpg_gen_key() {
     Name-Email: $key_email
     Expire-Date: $expiration
 		%commit
-EOF" -ls /bin/sh nginx
+EOF" -ls /bin/sh www-data
 
-  su -c "gpg --armor --export-secret-keys $key_email > $gpg_private_key" -ls /bin/sh nginx
+  su -c "gpg --armor --export-secret-keys $key_email > $gpg_private_key" -ls /bin/sh www-data
-  su -c "gpg --armor --export $key_email > $gpg_public_key" -ls /bin/sh nginx
+  su -c "gpg --armor --export $key_email > $gpg_public_key" -ls /bin/sh www-data
 }
 
 gpg_import_key() {
-  key_id=$(su -m -c "gpg --with-colons $gpg_private_key | grep sec |cut -f5 -d:" -ls /bin/sh nginx)
+  key_id=$(su -m -c "gpg --with-colons $gpg_private_key | grep sec |cut -f5 -d:" -ls /bin/sh www-data)
-  su -c "gpg --batch --import $gpg_public_key" -ls /bin/sh nginx
+  su -c "gpg --batch --import $gpg_public_key" -ls /bin/sh www-data
-  su -c "gpg -K $key_id" -ls /bin/sh nginx || su -m -c "gpg --batch --import $gpg_private_key" -ls /bin/sh nginx
+  su -c "gpg -K $key_id" -ls /bin/sh www-data || su -m -c "gpg --batch --import $gpg_private_key" -ls /bin/sh www-data
 }
 
 gen_ssl_cert() {
@@ -52,16 +52,16 @@ install() {
   app_config="/var/www/passbolt/config/app.php"
 
   if [ ! -f "$app_config" ]; then
-    su -c 'cp /var/www/passbolt/config/app.default.php /var/www/passbolt/config/app.php' -s /bin/sh nginx
+    su -c 'cp /var/www/passbolt/config/app.default.php /var/www/passbolt/config/app.php' -s /bin/sh www-data
   fi
 
   if [ -z "$PASSBOLT_GPG_SERVER_KEY_FINGERPRINT" ]; then
-    gpg_auto_fingerprint="$(su -c "gpg --with-fingerprint $gpg_public_key | grep fingerprint | awk '{for(i=4;i<=NF;++i)printf \$i}'" -ls /bin/sh nginx)"
+    gpg_auto_fingerprint="$(su -c "gpg --with-fingerprint $gpg_public_key | grep fingerprint | awk '{for(i=4;i<=NF;++i)printf \$i}'" -ls /bin/sh www-data)"
     export PASSBOLT_GPG_SERVER_KEY_FINGERPRINT=$gpg_auto_fingerprint
   fi
 
   if [ "$tables" -eq 0 ]; then
-    su -c '/var/www/passbolt/bin/cake passbolt install --no-admin --force' -s /bin/sh nginx
+    su -c '/var/www/passbolt/bin/cake passbolt install --no-admin --force' -s /bin/sh www-data
   else
     echo "Enjoy! ☮"
   fi
@@ -77,7 +77,7 @@ email_cron_job() {
   echo "* * * * * run-parts $cron_task_dir" >> $root_crontab
   echo "#!/bin/sh" > $cron_task
   chmod +x $cron_task
-  echo "su -c \"$process_email\" -s /bin/sh nginx" >> $cron_task
+  echo "su -c \"$process_email\" -s /bin/sh www-data" >> $cron_task
 }
 
 if [ ! -f "$gpg_private_key" ] && [ ! -L "$gpg_private_key" ] || \

conf/supervisord.conf

@@ -20,8 +20,8 @@ supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
 [supervisorctl]
 serverurl=unix:///tmp/supervisor.sock ; use a unix:// URL  for a unix socket
 
-[program:php-fpm7]
+[program:php-fpm]
-command=php-fpm7
+command=php-fpm
 autostart=true
 priority=5
 

spec/docker_image/image_spec.rb

@@ -21,12 +21,12 @@ describe 'Dockerfile' do
   let(:passbolt_home)   { '/var/www/passbolt' }
   let(:passbolt_tmp)    { '/var/www/passbolt/tmp' }
   let(:passbolt_image)  { '/var/www/passbolt/webroot/img/public' }
-  let(:passbolt_owner)  { 'nginx' }
+  let(:passbolt_owner)  { 'www-data' }
   let(:exposed_ports)   { [ '80', '443' ] }
   let(:composer)        { '/usr/local/bin/composer'}
   let(:php_extensions)  { [
-    'gd', 'intl', 'json', 'mcrypt', 'mysqlnd', 'phar',
+    'curl', 'gd', 'intl', 'json', 'mcrypt', 'mysqlnd', 'xsl', 'phar',
-    'posix', 'libxml', 'xsl', 'zlib', 'ctype', 'pdo', 'gnupg', 'pdo_mysql'
+    'posix', 'xml', 'xsl', 'zlib', 'ctype', 'pdo', 'gnupg', 'pdo_mysql'
     ] }
 
   describe 'passbolt required php extensions' do
@@ -43,18 +43,6 @@ describe 'Dockerfile' do
     end
   end
 
-  describe 'openssl' do
-    it 'is installed' do
-      expect(package('openssl')).to be_installed
-    end
-  end
-
-  describe 'php7-fpm' do
-    it 'is installed' do
-      expect(package('php7-fpm')).to be_installed
-    end
-  end
-
   describe 'supervisor' do
     it 'is installed' do
       expect(package('supervisor')).to be_installed