diff --git a/5.0/alpine3.20/Dockerfile b/5.0/alpine3.20/Dockerfile index a6f0e59..0a152db 100644 --- a/5.0/alpine3.20/Dockerfile +++ b/5.0/alpine3.20/Dockerfile @@ -14,23 +14,19 @@ RUN addgroup -S -g 1000 redmine && adduser -S -H -G redmine -u 999 redmine RUN set -eux; \ apk add --no-cache \ bash \ + breezy \ ca-certificates \ findutils \ - tini \ - tzdata \ - wget \ - \ - breezy \ + ghostscript \ + ghostscript-fonts \ git \ + imagemagick \ mercurial \ openssh-client \ subversion \ - \ -# we need "gsfonts" for generating PNGs of Gantt charts -# and "ghostscript" for creating PDF thumbnails (in 4.1+) - ghostscript \ - ghostscript-fonts \ - imagemagick \ + tini \ + tzdata \ + wget \ ; # grab gosu for easy step-down from root @@ -39,7 +35,6 @@ ENV GOSU_VERSION 1.17 RUN set -eux; \ \ apk add --no-cache --virtual .gosu-deps \ - ca-certificates \ dpkg \ gnupg \ ; \ @@ -101,7 +96,6 @@ RUN set -eux; \ # build for musl-libc, not glibc (see https://github.com/sparklemotion/nokogiri/issues/2075, https://github.com/rubygems/rubygems/issues/3174) ENV BUNDLE_FORCE_RUBY_PLATFORM 1 RUN set -eux; \ - \ apk add --no-cache --virtual .build-deps \ coreutils \ freetds-dev \ @@ -133,7 +127,6 @@ RUN set -eux; \ rm ./config/database.yml; \ # fix permissions for running as an arbitrary user chmod -R ugo=rwX Gemfile.lock "$GEM_HOME"; \ -# this requires coreutils because "chmod +X" in busybox will remove +x on files (and coreutils leaves files alone with +X) rm -rf ~redmine/.bundle; \ \ # https://github.com/naitoh/rbpdf/issues/31 diff --git a/5.0/alpine3.21/Dockerfile b/5.0/alpine3.21/Dockerfile index 073df21..29b104a 100644 --- a/5.0/alpine3.21/Dockerfile +++ b/5.0/alpine3.21/Dockerfile @@ -14,23 +14,19 @@ RUN addgroup -S -g 1000 redmine && adduser -S -H -G redmine -u 999 redmine RUN set -eux; \ apk add --no-cache \ bash \ + breezy \ ca-certificates \ findutils \ - tini \ - tzdata \ - wget \ - \ - breezy \ + ghostscript \ + ghostscript-fonts \ git \ + imagemagick \ mercurial \ openssh-client \ subversion \ - \ -# we need "gsfonts" for generating PNGs of Gantt charts -# and "ghostscript" for creating PDF thumbnails (in 4.1+) - ghostscript \ - ghostscript-fonts \ - imagemagick \ + tini \ + tzdata \ + wget \ ; # grab gosu for easy step-down from root @@ -39,7 +35,6 @@ ENV GOSU_VERSION 1.17 RUN set -eux; \ \ apk add --no-cache --virtual .gosu-deps \ - ca-certificates \ dpkg \ gnupg \ ; \ @@ -101,7 +96,6 @@ RUN set -eux; \ # build for musl-libc, not glibc (see https://github.com/sparklemotion/nokogiri/issues/2075, https://github.com/rubygems/rubygems/issues/3174) ENV BUNDLE_FORCE_RUBY_PLATFORM 1 RUN set -eux; \ - \ apk add --no-cache --virtual .build-deps \ coreutils \ freetds-dev \ @@ -136,7 +130,6 @@ RUN set -eux; \ rm ./config/database.yml; \ # fix permissions for running as an arbitrary user chmod -R ugo=rwX Gemfile.lock "$GEM_HOME"; \ -# this requires coreutils because "chmod +X" in busybox will remove +x on files (and coreutils leaves files alone with +X) rm -rf ~redmine/.bundle; \ \ # https://github.com/naitoh/rbpdf/issues/31 diff --git a/5.0/bookworm/Dockerfile b/5.0/bookworm/Dockerfile index 2b99658..8d0674c 100644 --- a/5.0/bookworm/Dockerfile +++ b/5.0/bookworm/Dockerfile @@ -13,29 +13,24 @@ RUN groupadd -r -g 999 redmine && useradd -r -g redmine -u 999 redmine RUN set -eux; \ apt-get update; \ apt-get install -y --no-install-recommends \ - ca-certificates \ - curl \ - wget \ - \ bzr \ + ca-certificates \ + ghostscript \ git \ + gsfonts \ + imagemagick \ mercurial \ openssh-client \ subversion \ - \ -# we need "gsfonts" for generating PNGs of Gantt charts -# and "ghostscript" for creating PDF thumbnails (in 4.1+) - ghostscript \ - gsfonts \ - imagemagick \ -# grab tini for signal processing and zombie killing tini \ + wget \ ; \ # allow imagemagick to use ghostscript for PDF -> PNG thumbnail conversion (4.1+) sed -ri 's/(rights)="none" (pattern="PDF")/\1="read" \2/' /etc/ImageMagick-6/policy.xml; \ rm -rf /var/lib/apt/lists/* # grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases ENV GOSU_VERSION 1.17 RUN set -eux; \ \ @@ -82,20 +77,22 @@ ENV REDMINE_DOWNLOAD_SHA256 cb0df0f6feb5a3198e59e36b239e9a1110011ed7078316bd1c80 ENV RAILS_LOG_TO_STDOUT true RUN set -eux; \ -# if we use wget here, we get certificate issues (https://github.com/docker-library/redmine/pull/249#issuecomment-984176479) - curl -fL -o redmine.tar.gz "$REDMINE_DOWNLOAD_URL"; \ + wget -O redmine.tar.gz "$REDMINE_DOWNLOAD_URL"; \ echo "$REDMINE_DOWNLOAD_SHA256 *redmine.tar.gz" | sha256sum -c -; \ tar -xf redmine.tar.gz --strip-components=1; \ # https://www.redmine.org/issues/42113 (aka https://github.com/rails/rails/issues/54260) # 5.1: https://github.com/redmine/redmine/commit/c7b1f00fc1b42fd9f77b8e6574dae453ced642b4 # 5.0: https://github.com/redmine/redmine/commit/f27570120b7a672249bfebfe4d62da506785e146 + savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ apt-get install -y --no-install-recommends patch; \ wget -O 42113.patch 'https://github.com/redmine/redmine/commit/c7b1f00fc1b42fd9f77b8e6574dae453ced642b4.patch?full_index=1'; \ echo 'e352699be3995ff6e3b0066a478e377922fa95ce9fe4729240cd98dcee3c8575 *42113.patch' | sha256sum -c -; \ patch -p1 < 42113.patch; \ rm 42113.patch; \ - apt-get purge -y --auto-remove patch; \ + apt-mark auto '.*' > /dev/null; \ + apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ rm redmine.tar.gz files/delete.me log/delete.me; \ mkdir -p log public/plugin_assets sqlite tmp/pdf tmp/pids; \ @@ -105,7 +102,6 @@ RUN set -eux; \ find log tmp -type d -exec chmod 1777 '{}' + RUN set -eux; \ - \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ apt-get install -y --no-install-recommends \ diff --git a/5.1/alpine3.20/Dockerfile b/5.1/alpine3.20/Dockerfile index 7892d99..8b465ef 100644 --- a/5.1/alpine3.20/Dockerfile +++ b/5.1/alpine3.20/Dockerfile @@ -14,23 +14,19 @@ RUN addgroup -S -g 1000 redmine && adduser -S -H -G redmine -u 999 redmine RUN set -eux; \ apk add --no-cache \ bash \ + breezy \ ca-certificates \ findutils \ - tini \ - tzdata \ - wget \ - \ - breezy \ + ghostscript \ + ghostscript-fonts \ git \ + imagemagick \ mercurial \ openssh-client \ subversion \ - \ -# we need "gsfonts" for generating PNGs of Gantt charts -# and "ghostscript" for creating PDF thumbnails (in 4.1+) - ghostscript \ - ghostscript-fonts \ - imagemagick \ + tini \ + tzdata \ + wget \ ; # grab gosu for easy step-down from root @@ -39,7 +35,6 @@ ENV GOSU_VERSION 1.17 RUN set -eux; \ \ apk add --no-cache --virtual .gosu-deps \ - ca-certificates \ dpkg \ gnupg \ ; \ @@ -101,7 +96,6 @@ RUN set -eux; \ # build for musl-libc, not glibc (see https://github.com/sparklemotion/nokogiri/issues/2075, https://github.com/rubygems/rubygems/issues/3174) ENV BUNDLE_FORCE_RUBY_PLATFORM 1 RUN set -eux; \ - \ apk add --no-cache --virtual .build-deps \ coreutils \ freetds-dev \ @@ -133,7 +127,6 @@ RUN set -eux; \ rm ./config/database.yml; \ # fix permissions for running as an arbitrary user chmod -R ugo=rwX Gemfile.lock "$GEM_HOME"; \ -# this requires coreutils because "chmod +X" in busybox will remove +x on files (and coreutils leaves files alone with +X) rm -rf ~redmine/.bundle; \ \ # https://github.com/naitoh/rbpdf/issues/31 diff --git a/5.1/alpine3.21/Dockerfile b/5.1/alpine3.21/Dockerfile index 2d593e9..5e6811f 100644 --- a/5.1/alpine3.21/Dockerfile +++ b/5.1/alpine3.21/Dockerfile @@ -14,23 +14,19 @@ RUN addgroup -S -g 1000 redmine && adduser -S -H -G redmine -u 999 redmine RUN set -eux; \ apk add --no-cache \ bash \ + breezy \ ca-certificates \ findutils \ - tini \ - tzdata \ - wget \ - \ - breezy \ + ghostscript \ + ghostscript-fonts \ git \ + imagemagick \ mercurial \ openssh-client \ subversion \ - \ -# we need "gsfonts" for generating PNGs of Gantt charts -# and "ghostscript" for creating PDF thumbnails (in 4.1+) - ghostscript \ - ghostscript-fonts \ - imagemagick \ + tini \ + tzdata \ + wget \ ; # grab gosu for easy step-down from root @@ -39,7 +35,6 @@ ENV GOSU_VERSION 1.17 RUN set -eux; \ \ apk add --no-cache --virtual .gosu-deps \ - ca-certificates \ dpkg \ gnupg \ ; \ @@ -101,7 +96,6 @@ RUN set -eux; \ # build for musl-libc, not glibc (see https://github.com/sparklemotion/nokogiri/issues/2075, https://github.com/rubygems/rubygems/issues/3174) ENV BUNDLE_FORCE_RUBY_PLATFORM 1 RUN set -eux; \ - \ apk add --no-cache --virtual .build-deps \ coreutils \ freetds-dev \ @@ -133,7 +127,6 @@ RUN set -eux; \ rm ./config/database.yml; \ # fix permissions for running as an arbitrary user chmod -R ugo=rwX Gemfile.lock "$GEM_HOME"; \ -# this requires coreutils because "chmod +X" in busybox will remove +x on files (and coreutils leaves files alone with +X) rm -rf ~redmine/.bundle; \ \ # https://github.com/naitoh/rbpdf/issues/31 diff --git a/5.1/bookworm/Dockerfile b/5.1/bookworm/Dockerfile index 2407bb3..92b0d6f 100644 --- a/5.1/bookworm/Dockerfile +++ b/5.1/bookworm/Dockerfile @@ -13,29 +13,24 @@ RUN groupadd -r -g 999 redmine && useradd -r -g redmine -u 999 redmine RUN set -eux; \ apt-get update; \ apt-get install -y --no-install-recommends \ - ca-certificates \ - curl \ - wget \ - \ bzr \ + ca-certificates \ + ghostscript \ git \ + gsfonts \ + imagemagick \ mercurial \ openssh-client \ subversion \ - \ -# we need "gsfonts" for generating PNGs of Gantt charts -# and "ghostscript" for creating PDF thumbnails (in 4.1+) - ghostscript \ - gsfonts \ - imagemagick \ -# grab tini for signal processing and zombie killing tini \ + wget \ ; \ # allow imagemagick to use ghostscript for PDF -> PNG thumbnail conversion (4.1+) sed -ri 's/(rights)="none" (pattern="PDF")/\1="read" \2/' /etc/ImageMagick-6/policy.xml; \ rm -rf /var/lib/apt/lists/* # grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases ENV GOSU_VERSION 1.17 RUN set -eux; \ \ @@ -82,20 +77,22 @@ ENV REDMINE_DOWNLOAD_SHA256 2c9739511712fc1381d9584fa005f911a3022e8366d1d6a53fec ENV RAILS_LOG_TO_STDOUT true RUN set -eux; \ -# if we use wget here, we get certificate issues (https://github.com/docker-library/redmine/pull/249#issuecomment-984176479) - curl -fL -o redmine.tar.gz "$REDMINE_DOWNLOAD_URL"; \ + wget -O redmine.tar.gz "$REDMINE_DOWNLOAD_URL"; \ echo "$REDMINE_DOWNLOAD_SHA256 *redmine.tar.gz" | sha256sum -c -; \ tar -xf redmine.tar.gz --strip-components=1; \ # https://www.redmine.org/issues/42113 (aka https://github.com/rails/rails/issues/54260) # 5.1: https://github.com/redmine/redmine/commit/c7b1f00fc1b42fd9f77b8e6574dae453ced642b4 # 5.0: https://github.com/redmine/redmine/commit/f27570120b7a672249bfebfe4d62da506785e146 + savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ apt-get install -y --no-install-recommends patch; \ wget -O 42113.patch 'https://github.com/redmine/redmine/commit/c7b1f00fc1b42fd9f77b8e6574dae453ced642b4.patch?full_index=1'; \ echo 'e352699be3995ff6e3b0066a478e377922fa95ce9fe4729240cd98dcee3c8575 *42113.patch' | sha256sum -c -; \ patch -p1 < 42113.patch; \ rm 42113.patch; \ - apt-get purge -y --auto-remove patch; \ + apt-mark auto '.*' > /dev/null; \ + apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ rm redmine.tar.gz files/delete.me log/delete.me; \ mkdir -p log public/plugin_assets sqlite tmp/pdf tmp/pids; \ @@ -105,7 +102,6 @@ RUN set -eux; \ find log tmp -type d -exec chmod 1777 '{}' + RUN set -eux; \ - \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ apt-get install -y --no-install-recommends \ diff --git a/6.0/alpine3.20/Dockerfile b/6.0/alpine3.20/Dockerfile index 06c975a..7e7c501 100644 --- a/6.0/alpine3.20/Dockerfile +++ b/6.0/alpine3.20/Dockerfile @@ -14,23 +14,19 @@ RUN addgroup -S -g 1000 redmine && adduser -S -H -G redmine -u 999 redmine RUN set -eux; \ apk add --no-cache \ bash \ + breezy \ ca-certificates \ findutils \ - tini \ - tzdata \ - wget \ - \ - breezy \ + ghostscript \ + ghostscript-fonts \ git \ + imagemagick \ mercurial \ openssh-client \ subversion \ - \ -# we need "gsfonts" for generating PNGs of Gantt charts -# and "ghostscript" for creating PDF thumbnails (in 4.1+) - ghostscript \ - ghostscript-fonts \ - imagemagick \ + tini \ + tzdata \ + wget \ ; # grab gosu for easy step-down from root @@ -39,7 +35,6 @@ ENV GOSU_VERSION 1.17 RUN set -eux; \ \ apk add --no-cache --virtual .gosu-deps \ - ca-certificates \ dpkg \ gnupg \ ; \ @@ -91,7 +86,6 @@ RUN set -eux; \ # build for musl-libc, not glibc (see https://github.com/sparklemotion/nokogiri/issues/2075, https://github.com/rubygems/rubygems/issues/3174) ENV BUNDLE_FORCE_RUBY_PLATFORM 1 RUN set -eux; \ - \ apk add --no-cache --virtual .build-deps \ coreutils \ freetds-dev \ @@ -123,7 +117,6 @@ RUN set -eux; \ rm ./config/database.yml; \ # fix permissions for running as an arbitrary user chmod -R ugo=rwX Gemfile.lock "$GEM_HOME"; \ -# this requires coreutils because "chmod +X" in busybox will remove +x on files (and coreutils leaves files alone with +X) rm -rf ~redmine/.bundle; \ \ # https://github.com/naitoh/rbpdf/issues/31 diff --git a/6.0/alpine3.21/Dockerfile b/6.0/alpine3.21/Dockerfile index 17c65ec..be3d49c 100644 --- a/6.0/alpine3.21/Dockerfile +++ b/6.0/alpine3.21/Dockerfile @@ -14,23 +14,19 @@ RUN addgroup -S -g 1000 redmine && adduser -S -H -G redmine -u 999 redmine RUN set -eux; \ apk add --no-cache \ bash \ + breezy \ ca-certificates \ findutils \ - tini \ - tzdata \ - wget \ - \ - breezy \ + ghostscript \ + ghostscript-fonts \ git \ + imagemagick \ mercurial \ openssh-client \ subversion \ - \ -# we need "gsfonts" for generating PNGs of Gantt charts -# and "ghostscript" for creating PDF thumbnails (in 4.1+) - ghostscript \ - ghostscript-fonts \ - imagemagick \ + tini \ + tzdata \ + wget \ ; # grab gosu for easy step-down from root @@ -39,7 +35,6 @@ ENV GOSU_VERSION 1.17 RUN set -eux; \ \ apk add --no-cache --virtual .gosu-deps \ - ca-certificates \ dpkg \ gnupg \ ; \ @@ -91,7 +86,6 @@ RUN set -eux; \ # build for musl-libc, not glibc (see https://github.com/sparklemotion/nokogiri/issues/2075, https://github.com/rubygems/rubygems/issues/3174) ENV BUNDLE_FORCE_RUBY_PLATFORM 1 RUN set -eux; \ - \ apk add --no-cache --virtual .build-deps \ coreutils \ freetds-dev \ @@ -123,7 +117,6 @@ RUN set -eux; \ rm ./config/database.yml; \ # fix permissions for running as an arbitrary user chmod -R ugo=rwX Gemfile.lock "$GEM_HOME"; \ -# this requires coreutils because "chmod +X" in busybox will remove +x on files (and coreutils leaves files alone with +X) rm -rf ~redmine/.bundle; \ \ # https://github.com/naitoh/rbpdf/issues/31 diff --git a/6.0/bookworm/Dockerfile b/6.0/bookworm/Dockerfile index e4cecdb..d96be5d 100644 --- a/6.0/bookworm/Dockerfile +++ b/6.0/bookworm/Dockerfile @@ -13,29 +13,24 @@ RUN groupadd -r -g 999 redmine && useradd -r -g redmine -u 999 redmine RUN set -eux; \ apt-get update; \ apt-get install -y --no-install-recommends \ - ca-certificates \ - curl \ - wget \ - \ bzr \ + ca-certificates \ + ghostscript \ git \ + gsfonts \ + imagemagick \ mercurial \ openssh-client \ subversion \ - \ -# we need "gsfonts" for generating PNGs of Gantt charts -# and "ghostscript" for creating PDF thumbnails (in 4.1+) - ghostscript \ - gsfonts \ - imagemagick \ -# grab tini for signal processing and zombie killing tini \ + wget \ ; \ # allow imagemagick to use ghostscript for PDF -> PNG thumbnail conversion (4.1+) sed -ri 's/(rights)="none" (pattern="PDF")/\1="read" \2/' /etc/ImageMagick-6/policy.xml; \ rm -rf /var/lib/apt/lists/* # grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases ENV GOSU_VERSION 1.17 RUN set -eux; \ \ @@ -82,8 +77,7 @@ ENV REDMINE_DOWNLOAD_SHA256 d06e8b1b0c0c9210d2ed6207d2a3f729c26a996255e47c3b0bd4 ENV RAILS_LOG_TO_STDOUT true RUN set -eux; \ -# if we use wget here, we get certificate issues (https://github.com/docker-library/redmine/pull/249#issuecomment-984176479) - curl -fL -o redmine.tar.gz "$REDMINE_DOWNLOAD_URL"; \ + wget -O redmine.tar.gz "$REDMINE_DOWNLOAD_URL"; \ echo "$REDMINE_DOWNLOAD_SHA256 *redmine.tar.gz" | sha256sum -c -; \ tar -xf redmine.tar.gz --strip-components=1; \ rm redmine.tar.gz files/delete.me log/delete.me; \ @@ -94,7 +88,6 @@ RUN set -eux; \ find log tmp -type d -exec chmod 1777 '{}' + RUN set -eux; \ - \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ apt-get install -y --no-install-recommends \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template deleted file mode 100644 index 38f8b5e..0000000 --- a/Dockerfile-alpine.template +++ /dev/null @@ -1,160 +0,0 @@ -FROM ruby:{{ .ruby.version }}-{{ env.variant }} - -# explicitly set uid/gid to guarantee that it won't change in the future -# the values 999:999 are identical to the current user/group id assigned -# alpine already has a gid 999, so we'll use the next id -RUN addgroup -S -g 1000 redmine && adduser -S -H -G redmine -u 999 redmine - -RUN set -eux; \ - apk add --no-cache \ - bash \ - ca-certificates \ - findutils \ - tini \ - tzdata \ - wget \ - \ - breezy \ - git \ - mercurial \ - openssh-client \ - subversion \ - \ -# we need "gsfonts" for generating PNGs of Gantt charts -# and "ghostscript" for creating PDF thumbnails (in 4.1+) - ghostscript \ - ghostscript-fonts \ - imagemagick \ - ; - -# grab gosu for easy step-down from root -# https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.17 -RUN set -eux; \ - \ - apk add --no-cache --virtual .gosu-deps \ - ca-certificates \ - dpkg \ - gnupg \ - ; \ - \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - \ - apk del --no-network .gosu-deps; \ - \ -# smoke test - chmod +x /usr/local/bin/gosu; \ - gosu --version; \ - gosu nobody true -{{ if env.version | IN("5.0", "5.1") then ( -}} -RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in Redmine 5.2+) -{{ ) else "" end -}} - -ENV RAILS_ENV production -WORKDIR /usr/src/redmine - -# https://github.com/docker-library/redmine/issues/138#issuecomment-438834176 -# (bundler needs this for running as an arbitrary user) -ENV HOME /home/redmine -RUN set -eux; \ - [ ! -d "$HOME" ]; \ - mkdir -p "$HOME"; \ - chown redmine:redmine "$HOME"; \ - chmod 1777 "$HOME" - -ENV REDMINE_VERSION {{ .version }} -ENV REDMINE_DOWNLOAD_URL {{ .downloadUrl }} -ENV REDMINE_DOWNLOAD_SHA256 {{ .sha256 }} -ENV RAILS_LOG_TO_STDOUT true - -RUN set -eux; \ - wget -O redmine.tar.gz "$REDMINE_DOWNLOAD_URL"; \ - echo "$REDMINE_DOWNLOAD_SHA256 *redmine.tar.gz" | sha256sum -c -; \ - tar -xf redmine.tar.gz --strip-components=1; \ -{{ if .version | IN("5.0.10", "5.1.5") then ( -}} - # https://www.redmine.org/issues/42113 (aka https://github.com/rails/rails/issues/54260) - # 5.1: https://github.com/redmine/redmine/commit/c7b1f00fc1b42fd9f77b8e6574dae453ced642b4 - # 5.0: https://github.com/redmine/redmine/commit/f27570120b7a672249bfebfe4d62da506785e146 - apk add --no-cache patch; \ - wget -O 42113.patch 'https://github.com/redmine/redmine/commit/c7b1f00fc1b42fd9f77b8e6574dae453ced642b4.patch?full_index=1'; \ - echo 'e352699be3995ff6e3b0066a478e377922fa95ce9fe4729240cd98dcee3c8575 *42113.patch' | sha256sum -c -; \ - patch -p1 < 42113.patch; \ - rm 42113.patch; \ - apk del --no-network patch; \ -{{ ) else "" end -}} - rm redmine.tar.gz files/delete.me log/delete.me; \ - mkdir -p log public/plugin_assets sqlite tmp/pdf tmp/pids; \ - chown -R redmine:redmine ./; \ -# fix permissions for running as an arbitrary user - chmod -R ugo=rwX config db sqlite; \ - find log tmp -type d -exec chmod 1777 '{}' + - -# build for musl-libc, not glibc (see https://github.com/sparklemotion/nokogiri/issues/2075, https://github.com/rubygems/rubygems/issues/3174) -ENV BUNDLE_FORCE_RUBY_PLATFORM 1 -RUN set -eux; \ - \ - apk add --no-cache --virtual .build-deps \ - coreutils \ - freetds-dev \ - gcc \ - make \ - mariadb-dev \ - musl-dev \ - patch \ - postgresql-dev \ - sqlite-dev \ - ttf2ufm \ - yaml-dev \ - zlib-dev \ - ; \ - \ - gosu redmine bundle config --local without 'development test'; \ -# https://github.com/redmine/redmine/commit/23dc108e70a0794f444803ac827a690085dcd557 -# ("gem puma" already exists in the Gemfile, but under "group :test" and we want it all the time) - puma="$(grep -E "^[[:space:]]*gem [:'\"]puma['\",[:space:]].*\$" Gemfile)"; \ - { echo; echo "$puma"; } | sed -re 's/^[[:space:]]+//' >> Gemfile; \ -# fill up "database.yml" with bogus entries so the redmine Gemfile will pre-install all database adapter dependencies -# https://github.com/redmine/redmine/blob/e9f9767089a4e3efbd73c35fc55c5c7eb85dd7d3/Gemfile#L50-L79 - echo '# the following entries only exist to force `bundle install` to pre-install all database adapter dependencies -- they can be safely removed/ignored' > ./config/database.yml; \ - for adapter in mysql2 postgresql sqlserver sqlite3; do \ - echo "$adapter:" >> ./config/database.yml; \ - echo " adapter: $adapter" >> ./config/database.yml; \ - done; \ -{{ if env.version == "5.0" and (env.variant | startswith("alpine")) and env.variant != "alpine3.20" then ( -}} - # Fix incompatibility with sqlite 1.4 in alpine 3.21 - grep -q 'sqlite3", "~> 1.4.0"' Gemfile; \ - sed -i -e 's/"sqlite3", "~> 1.4.0"/"sqlite3", "~> 1.5.0"/g' Gemfile; \ -{{ ) else "" end -}} - gosu redmine bundle install --jobs "$(nproc)"; \ - rm ./config/database.yml; \ -# fix permissions for running as an arbitrary user - chmod -R ugo=rwX Gemfile.lock "$GEM_HOME"; \ -# this requires coreutils because "chmod +X" in busybox will remove +x on files (and coreutils leaves files alone with +X) - rm -rf ~redmine/.bundle; \ - \ -# https://github.com/naitoh/rbpdf/issues/31 - rm /usr/local/bundle/gems/rbpdf-font-1.19.*/lib/fonts/ttf2ufm/ttf2ufm; \ - \ - runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/bundle/gems \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )"; \ - apk add --no-network --virtual .redmine-rundeps $runDeps; \ - apk del --no-network .build-deps - -VOLUME /usr/src/redmine/files - -COPY docker-entrypoint.sh / -ENTRYPOINT ["/docker-entrypoint.sh"] - -EXPOSE 3000 -CMD ["rails", "server", "-b", "0.0.0.0"] diff --git a/Dockerfile-debian.template b/Dockerfile.template similarity index 59% rename from Dockerfile-debian.template rename to Dockerfile.template index 4ed97fc..52f0a6f 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile.template @@ -1,44 +1,88 @@ +{{ + def is_alpine: + env.variant | startswith("alpine") +-}} +{{ if is_alpine then ( -}} +FROM ruby:{{ .ruby.version }}-{{ env.variant }} +{{ ) else ( -}} FROM ruby:{{ .ruby.version }}-slim-{{ env.variant }} +{{ ) end -}} # explicitly set uid/gid to guarantee that it won't change in the future # the values 999:999 are identical to the current user/group id assigned +{{ if is_alpine then ( -}} +# alpine already has a gid 999, so we'll use the next id +RUN addgroup -S -g 1000 redmine && adduser -S -H -G redmine -u 999 redmine +{{ ) else ( -}} RUN groupadd -r -g 999 redmine && useradd -r -g redmine -u 999 redmine +{{ ) end -}} +{{ + [ + # common packages + "ca-certificates", + "ghostscript", # for creating PDF thumbnails + "git", + "imagemagick", + "mercurial", + "openssh-client", + "subversion", + "tini", # grab tini for signal processing and zombie killing + "wget", + if is_alpine then + # alpine packages + "bash", + "breezy", + "findutils", + "ghostscript-fonts", # for generating PNGs of Gantt charts + "tzdata", + empty + else + # debian packages + "bzr", + "gsfonts", # for generating PNGs of Gantt charts + empty + end + ] | sort | ( +-}} RUN set -eux; \ +{{ if is_alpine then ( -}} + apk add --no-cache \ +{{ map( -}} + {{ . }} \ +{{ ) | add -}} + ; +{{ ) else ( -}} apt-get update; \ apt-get install -y --no-install-recommends \ - ca-certificates \ - curl \ - wget \ - \ - bzr \ - git \ - mercurial \ - openssh-client \ - subversion \ - \ -# we need "gsfonts" for generating PNGs of Gantt charts -# and "ghostscript" for creating PDF thumbnails (in 4.1+) - ghostscript \ - gsfonts \ - imagemagick \ -# grab tini for signal processing and zombie killing - tini \ +{{ map( -}} + {{ . }} \ +{{ ) | add -}} ; \ # allow imagemagick to use ghostscript for PDF -> PNG thumbnail conversion (4.1+) sed -ri 's/(rights)="none" (pattern="PDF")/\1="read" \2/' /etc/ImageMagick-6/policy.xml; \ rm -rf /var/lib/apt/lists/* +{{ ) end -}} +{{ ) -}} # grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases ENV GOSU_VERSION 1.17 RUN set -eux; \ \ +{{ if is_alpine then ( -}} + apk add --no-cache --virtual .gosu-deps \ + dpkg \ + gnupg \ + ; \ +{{ ) else ( -}} savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ apt-get install -y --no-install-recommends \ gnupg \ ; \ rm -rf /var/lib/apt/lists/*; \ +{{ ) end -}} \ dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ @@ -49,14 +93,21 @@ RUN set -eux; \ gpgconf --kill all; \ rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ \ +{{ if is_alpine then ( -}} + apk del --no-network .gosu-deps; \ +{{ ) else ( -}} apt-mark auto '.*' > /dev/null; \ apt-mark manual $savedAptMark > /dev/null; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ +{{ ) end -}} \ # smoke test chmod +x /usr/local/bin/gosu; \ gosu --version; \ gosu nobody true +{{ if is_alpine and (env.version | IN("5.0", "5.1")) then ( -}} +RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in Redmine 5.2+) +{{ ) else "" end -}} ENV RAILS_ENV production WORKDIR /usr/src/redmine @@ -76,22 +127,32 @@ ENV REDMINE_DOWNLOAD_SHA256 {{ .sha256 }} ENV RAILS_LOG_TO_STDOUT true RUN set -eux; \ -# if we use wget here, we get certificate issues (https://github.com/docker-library/redmine/pull/249#issuecomment-984176479) - curl -fL -o redmine.tar.gz "$REDMINE_DOWNLOAD_URL"; \ + wget -O redmine.tar.gz "$REDMINE_DOWNLOAD_URL"; \ echo "$REDMINE_DOWNLOAD_SHA256 *redmine.tar.gz" | sha256sum -c -; \ tar -xf redmine.tar.gz --strip-components=1; \ {{ if .version | IN("5.0.10", "5.1.5") then ( -}} # https://www.redmine.org/issues/42113 (aka https://github.com/rails/rails/issues/54260) # 5.1: https://github.com/redmine/redmine/commit/c7b1f00fc1b42fd9f77b8e6574dae453ced642b4 # 5.0: https://github.com/redmine/redmine/commit/f27570120b7a672249bfebfe4d62da506785e146 +{{ if is_alpine then ( -}} + apk add --no-cache patch; \ +{{ ) else ( -}} + savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ apt-get install -y --no-install-recommends patch; \ +{{ ) end -}} wget -O 42113.patch 'https://github.com/redmine/redmine/commit/c7b1f00fc1b42fd9f77b8e6574dae453ced642b4.patch?full_index=1'; \ echo 'e352699be3995ff6e3b0066a478e377922fa95ce9fe4729240cd98dcee3c8575 *42113.patch' | sha256sum -c -; \ patch -p1 < 42113.patch; \ rm 42113.patch; \ - apt-get purge -y --auto-remove patch; \ +{{ if is_alpine then ( -}} + apk del --no-network patch; \ +{{ ) else ( -}} + apt-mark auto '.*' > /dev/null; \ + apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ +{{ ) end -}} {{ ) else "" end -}} rm redmine.tar.gz files/delete.me log/delete.me; \ mkdir -p log public/plugin_assets sqlite tmp/pdf tmp/pids; \ @@ -100,25 +161,60 @@ RUN set -eux; \ chmod -R ugo=rwX config db sqlite; \ find log tmp -type d -exec chmod 1777 '{}' + +{{ if is_alpine then ( -}} +# build for musl-libc, not glibc (see https://github.com/sparklemotion/nokogiri/issues/2075, https://github.com/rubygems/rubygems/issues/3174) +ENV BUNDLE_FORCE_RUBY_PLATFORM 1 +{{ ) else "" end -}} +{{ + [ + # common packages + "freetds-dev", + "gcc", + "make", + "patch", + if is_alpine then + # alpine packages + "coreutils", # required because "chmod +X" in busybox will remove +x on files (and coreutils leaves files alone with +X) + "mariadb-dev", + "musl-dev", + "postgresql-dev", + "sqlite-dev", + "ttf2ufm", + "yaml-dev", + "zlib-dev", + empty + else + # debian packages + "default-libmysqlclient-dev", + "libpq-dev", + "libsqlite3-dev", + "libxml2-dev", + "libxslt-dev", + "libyaml-dev", + "pkgconf", + "xz-utils", + empty + end + ] | sort | ( +-}} RUN set -eux; \ - \ +{{ if is_alpine then ( -}} + apk add --no-cache --virtual .build-deps \ +{{ map( -}} + {{ . }} \ +{{ ) | add -}} + ; \ +{{ ) else ( -}} savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ apt-get install -y --no-install-recommends \ - default-libmysqlclient-dev \ - freetds-dev \ - gcc \ - libpq-dev \ - libsqlite3-dev \ - libxml2-dev \ - libxslt-dev \ - libyaml-dev \ - make \ - patch \ - pkgconf \ - xz-utils \ +{{ map( -}} + {{ . }} \ +{{ ) | add -}} ; \ rm -rf /var/lib/apt/lists/*; \ +{{ ) end -}} +{{ ) -}} \ gosu redmine bundle config --local without 'development test'; \ # https://github.com/redmine/redmine/commit/23dc108e70a0794f444803ac827a690085dcd557 @@ -132,14 +228,34 @@ RUN set -eux; \ echo "$adapter:" >> ./config/database.yml; \ echo " adapter: $adapter" >> ./config/database.yml; \ done; \ +{{ if env.version == "5.0" and is_alpine and env.variant != "alpine3.20" then ( -}} + # Fix incompatibility with sqlite 1.4 in alpine 3.21 + grep -q 'sqlite3", "~> 1.4.0"' Gemfile; \ + sed -i -e 's/"sqlite3", "~> 1.4.0"/"sqlite3", "~> 1.5.0"/g' Gemfile; \ +{{ ) else "" end -}} +{{ if is_alpine then "" else ( -}} # nokogiri's vendored libxml2 + libxslt do not build on mips64le, so use the apt packages when building gosu redmine bundle config build.nokogiri --use-system-libraries; \ +{{ ) end -}} gosu redmine bundle install --jobs "$(nproc)"; \ rm ./config/database.yml; \ # fix permissions for running as an arbitrary user chmod -R ugo=rwX Gemfile.lock "$GEM_HOME"; \ rm -rf ~redmine/.bundle; \ \ +{{ if is_alpine then ( -}} +# https://github.com/naitoh/rbpdf/issues/31 + rm /usr/local/bundle/gems/rbpdf-font-1.19.*/lib/fonts/ttf2ufm/ttf2ufm; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/bundle/gems \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + )"; \ + apk add --no-network --virtual .redmine-rundeps $runDeps; \ + apk del --no-network .build-deps +{{ ) else ( -}} # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \ @@ -152,6 +268,7 @@ RUN set -eux; \ | xargs -r apt-mark manual \ ; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false +{{ ) end -}} VOLUME /usr/src/redmine/files diff --git a/apply-templates.sh b/apply-templates.sh index 56e00b9..fa4f657 100755 --- a/apply-templates.sh +++ b/apply-templates.sh @@ -53,18 +53,9 @@ for version; do mkdir -p "$dir" - case "$variant" in - alpine*) - template='Dockerfile-alpine.template' - ;; - *) - template='Dockerfile-debian.template' - ;; - esac - { generated_warning - gawk -f "$jqt" "$template" + gawk -f "$jqt" Dockerfile.template } > "$dir/Dockerfile" cp -a docker-entrypoint.sh "$dir/"