From 76c393fd8ac537201fe4bc4f200b4b5daee03f24 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 4 Dec 2023 14:25:20 -0800 Subject: [PATCH] Update templating to use a single template This also converts us to just two variants and auto-detects the latest Alpine/Debian, since we don't have a good reason to support more than one of each Debian and Alpine. Additionally, this auto-scrapes the list of checksums and supported architectures for `gosu` from the upstream project (since if we're going to embed the version in `versions.json`, we might as well go all the way and pre-scrape whatever data we possibly can), and switches to use `gosu` consistently between variants (given the state of `su-exec`). --- 6.0/{alpine3.18 => alpine}/Dockerfile | 43 ++- 6.0/{bookworm => alpine}/docker-entrypoint.sh | 0 6.0/{bookworm => debian}/Dockerfile | 34 ++- .../debian}/docker-entrypoint.sh | 0 6.2/{alpine3.18 => alpine}/Dockerfile | 43 ++- .../alpine}/docker-entrypoint.sh | 0 6.2/{bookworm => debian}/Dockerfile | 34 ++- .../debian}/docker-entrypoint.sh | 0 7.0/{alpine3.18 => alpine}/Dockerfile | 43 ++- .../alpine}/docker-entrypoint.sh | 2 +- 7.0/{bookworm => debian}/Dockerfile | 34 ++- .../debian}/docker-entrypoint.sh | 2 +- 7.2/{alpine3.18 => alpine}/Dockerfile | 43 ++- .../alpine}/docker-entrypoint.sh | 2 +- 7.2/{bookworm => debian}/Dockerfile | 34 ++- .../docker-entrypoint.sh | 2 +- Dockerfile-alpine.template | 117 -------- Dockerfile.template | 148 +++++++++- apply-templates.sh | 41 +-- generate-stackbrew-library.sh | 68 +++-- versions.json | 256 +++++++++++++++--- versions.sh | 227 +++++++++------- 22 files changed, 797 insertions(+), 376 deletions(-) rename 6.0/{alpine3.18 => alpine}/Dockerfile (67%) rename 6.0/{bookworm => alpine}/docker-entrypoint.sh (100%) rename 6.0/{bookworm => debian}/Dockerfile (72%) rename {6.2/bookworm => 6.0/debian}/docker-entrypoint.sh (100%) rename 6.2/{alpine3.18 => alpine}/Dockerfile (67%) rename {7.0/bookworm => 6.2/alpine}/docker-entrypoint.sh (100%) rename 6.2/{bookworm => debian}/Dockerfile (72%) rename {7.2/bookworm => 6.2/debian}/docker-entrypoint.sh (100%) rename 7.0/{alpine3.18 => alpine}/Dockerfile (67%) rename {6.2/alpine3.18 => 7.0/alpine}/docker-entrypoint.sh (95%) rename 7.0/{bookworm => debian}/Dockerfile (72%) rename {6.0/alpine3.18 => 7.0/debian}/docker-entrypoint.sh (95%) rename 7.2/{alpine3.18 => alpine}/Dockerfile (67%) rename {7.0/alpine3.18 => 7.2/alpine}/docker-entrypoint.sh (95%) rename 7.2/{bookworm => debian}/Dockerfile (72%) rename 7.2/{alpine3.18 => debian}/docker-entrypoint.sh (95%) delete mode 100644 Dockerfile-alpine.template diff --git a/6.0/alpine3.18/Dockerfile b/6.0/alpine/Dockerfile similarity index 67% rename from 6.0/alpine3.18/Dockerfile rename to 6.0/alpine/Dockerfile index 44e098d1..ece116f8 100644 --- a/6.0/alpine3.18/Dockerfile +++ b/6.0/alpine/Dockerfile @@ -7,14 +7,47 @@ FROM alpine:3.18 # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added -RUN addgroup -S -g 1000 redis && adduser -S -G redis -u 999 redis +RUN set -eux; \ # alpine already has a gid 999, so we'll use the next id + addgroup -S -g 1000 redis; \ + adduser -S -G redis -u 999 redis -RUN apk add --no-cache \ -# grab su-exec for easy step-down from root - 'su-exec>=0.2' \ +# runtime dependencies +RUN set -eux; \ + apk add --no-cache \ # add tzdata for https://github.com/docker-library/redis/issues/138 - tzdata + tzdata \ + ; + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + apk add --no-cache --virtual .gosu-fetch gnupg; \ + arch="$(apk --print-arch)"; \ + case "$arch" in \ + 'x86_64') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-amd64'; sha256='bbc4136d03ab138b1ad66fa4fc051bafc6cc7ffae632b069a53657279a450de3' ;; \ + 'aarch64') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-arm64'; sha256='c3805a85d17f4454c23d7059bcb97e1ec1af272b90126e79ed002342de08389b' ;; \ + 'armhf') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-armhf'; sha256='e5866286277ff2a2159fb9196fea13e0a59d3f1091ea46ddb985160b94b6841b' ;; \ + 'x86') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-i386'; sha256='087dbb8fe479537e64f9c86fa49ff3b41dee1cbd28739a19aaef83dc8186b1ca' ;; \ + 'ppc64le') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-ppc64el'; sha256='1891acdcfa70046818ab6ed3c52b9d42fa10fbb7b340eb429c8c7849691dbd76' ;; \ + 'riscv64') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-riscv64'; sha256='38a6444b57adce135c42d5a3689f616fc7803ddc7a07ff6f946f2ebc67a26ba6' ;; \ + 's390x') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-s390x'; sha256='69873bab588192f760547ca1f75b27cfcf106e9f7403fee6fd0600bc914979d0' ;; \ + 'armv7') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-armhf'; sha256='e5866286277ff2a2159fb9196fea13e0a59d3f1091ea46ddb985160b94b6841b' ;; \ + *) echo >&2 "error: unsupported gosu architecture: '$arch'"; exit 1 ;; \ + esac; \ + wget -O /usr/local/bin/gosu.asc "$url.asc"; \ + wget -O /usr/local/bin/gosu "$url"; \ + echo "$sha256 */usr/local/bin/gosu" | sha256sum -c -; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apk del --no-network .gosu-fetch; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true ENV REDIS_VERSION 6.0.20 ENV REDIS_DOWNLOAD_URL http://download.redis.io/releases/redis-6.0.20.tar.gz diff --git a/6.0/bookworm/docker-entrypoint.sh b/6.0/alpine/docker-entrypoint.sh similarity index 100% rename from 6.0/bookworm/docker-entrypoint.sh rename to 6.0/alpine/docker-entrypoint.sh diff --git a/6.0/bookworm/Dockerfile b/6.0/debian/Dockerfile similarity index 72% rename from 6.0/bookworm/Dockerfile rename to 6.0/debian/Dockerfile index 2c486311..fe544bba 100644 --- a/6.0/bookworm/Dockerfile +++ b/6.0/debian/Dockerfile @@ -7,19 +7,43 @@ FROM debian:bookworm-slim # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added -RUN groupadd -r -g 999 redis && useradd -r -g redis -u 999 redis +RUN set -eux; \ + groupadd -r -g 999 redis; \ + useradd -r -g redis -u 999 redis + +# runtime dependencies +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ +# add tzdata explicitly for https://github.com/docker-library/redis/issues/138 (see also https://bugs.debian.org/837060 and related) + tzdata \ + ; \ + rm -rf /var/lib/apt/lists/* # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 +ENV GOSU_VERSION 1.17 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ apt-get install -y --no-install-recommends ca-certificates gnupg wget; \ rm -rf /var/lib/apt/lists/*; \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + arch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + case "$arch" in \ + 'amd64') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-amd64'; sha256='bbc4136d03ab138b1ad66fa4fc051bafc6cc7ffae632b069a53657279a450de3' ;; \ + 'arm64') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-arm64'; sha256='c3805a85d17f4454c23d7059bcb97e1ec1af272b90126e79ed002342de08389b' ;; \ + 'armel') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-armel'; sha256='f9969910fa141140438c998cfa02f603bf213b11afd466dcde8fa940e700945d' ;; \ + 'i386') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-i386'; sha256='087dbb8fe479537e64f9c86fa49ff3b41dee1cbd28739a19aaef83dc8186b1ca' ;; \ + 'mips64el') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-mips64el'; sha256='87140029d792595e660be0015341dfa1c02d1181459ae40df9f093e471d75b70' ;; \ + 'ppc64el') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-ppc64el'; sha256='1891acdcfa70046818ab6ed3c52b9d42fa10fbb7b340eb429c8c7849691dbd76' ;; \ + 'riscv64') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-riscv64'; sha256='38a6444b57adce135c42d5a3689f616fc7803ddc7a07ff6f946f2ebc67a26ba6' ;; \ + 's390x') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-s390x'; sha256='69873bab588192f760547ca1f75b27cfcf106e9f7403fee6fd0600bc914979d0' ;; \ + 'armhf') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-armhf'; sha256='e5866286277ff2a2159fb9196fea13e0a59d3f1091ea46ddb985160b94b6841b' ;; \ + *) echo >&2 "error: unsupported gosu architecture: '$arch'"; exit 1 ;; \ + esac; \ + wget -O /usr/local/bin/gosu.asc "$url.asc"; \ + wget -O /usr/local/bin/gosu "$url"; \ + echo "$sha256 */usr/local/bin/gosu" | sha256sum -c -; \ export GNUPGHOME="$(mktemp -d)"; \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ diff --git a/6.2/bookworm/docker-entrypoint.sh b/6.0/debian/docker-entrypoint.sh similarity index 100% rename from 6.2/bookworm/docker-entrypoint.sh rename to 6.0/debian/docker-entrypoint.sh diff --git a/6.2/alpine3.18/Dockerfile b/6.2/alpine/Dockerfile similarity index 67% rename from 6.2/alpine3.18/Dockerfile rename to 6.2/alpine/Dockerfile index 33b315a4..ec99b3cb 100644 --- a/6.2/alpine3.18/Dockerfile +++ b/6.2/alpine/Dockerfile @@ -7,14 +7,47 @@ FROM alpine:3.18 # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added -RUN addgroup -S -g 1000 redis && adduser -S -G redis -u 999 redis +RUN set -eux; \ # alpine already has a gid 999, so we'll use the next id + addgroup -S -g 1000 redis; \ + adduser -S -G redis -u 999 redis -RUN apk add --no-cache \ -# grab su-exec for easy step-down from root - 'su-exec>=0.2' \ +# runtime dependencies +RUN set -eux; \ + apk add --no-cache \ # add tzdata for https://github.com/docker-library/redis/issues/138 - tzdata + tzdata \ + ; + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + apk add --no-cache --virtual .gosu-fetch gnupg; \ + arch="$(apk --print-arch)"; \ + case "$arch" in \ + 'x86_64') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-amd64'; sha256='bbc4136d03ab138b1ad66fa4fc051bafc6cc7ffae632b069a53657279a450de3' ;; \ + 'aarch64') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-arm64'; sha256='c3805a85d17f4454c23d7059bcb97e1ec1af272b90126e79ed002342de08389b' ;; \ + 'armhf') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-armhf'; sha256='e5866286277ff2a2159fb9196fea13e0a59d3f1091ea46ddb985160b94b6841b' ;; \ + 'x86') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-i386'; sha256='087dbb8fe479537e64f9c86fa49ff3b41dee1cbd28739a19aaef83dc8186b1ca' ;; \ + 'ppc64le') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-ppc64el'; sha256='1891acdcfa70046818ab6ed3c52b9d42fa10fbb7b340eb429c8c7849691dbd76' ;; \ + 'riscv64') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-riscv64'; sha256='38a6444b57adce135c42d5a3689f616fc7803ddc7a07ff6f946f2ebc67a26ba6' ;; \ + 's390x') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-s390x'; sha256='69873bab588192f760547ca1f75b27cfcf106e9f7403fee6fd0600bc914979d0' ;; \ + 'armv7') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-armhf'; sha256='e5866286277ff2a2159fb9196fea13e0a59d3f1091ea46ddb985160b94b6841b' ;; \ + *) echo >&2 "error: unsupported gosu architecture: '$arch'"; exit 1 ;; \ + esac; \ + wget -O /usr/local/bin/gosu.asc "$url.asc"; \ + wget -O /usr/local/bin/gosu "$url"; \ + echo "$sha256 */usr/local/bin/gosu" | sha256sum -c -; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apk del --no-network .gosu-fetch; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true ENV REDIS_VERSION 6.2.14 ENV REDIS_DOWNLOAD_URL http://download.redis.io/releases/redis-6.2.14.tar.gz diff --git a/7.0/bookworm/docker-entrypoint.sh b/6.2/alpine/docker-entrypoint.sh similarity index 100% rename from 7.0/bookworm/docker-entrypoint.sh rename to 6.2/alpine/docker-entrypoint.sh diff --git a/6.2/bookworm/Dockerfile b/6.2/debian/Dockerfile similarity index 72% rename from 6.2/bookworm/Dockerfile rename to 6.2/debian/Dockerfile index 05bbebd0..d80c98c1 100644 --- a/6.2/bookworm/Dockerfile +++ b/6.2/debian/Dockerfile @@ -7,19 +7,43 @@ FROM debian:bookworm-slim # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added -RUN groupadd -r -g 999 redis && useradd -r -g redis -u 999 redis +RUN set -eux; \ + groupadd -r -g 999 redis; \ + useradd -r -g redis -u 999 redis + +# runtime dependencies +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ +# add tzdata explicitly for https://github.com/docker-library/redis/issues/138 (see also https://bugs.debian.org/837060 and related) + tzdata \ + ; \ + rm -rf /var/lib/apt/lists/* # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 +ENV GOSU_VERSION 1.17 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ apt-get install -y --no-install-recommends ca-certificates gnupg wget; \ rm -rf /var/lib/apt/lists/*; \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + arch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + case "$arch" in \ + 'amd64') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-amd64'; sha256='bbc4136d03ab138b1ad66fa4fc051bafc6cc7ffae632b069a53657279a450de3' ;; \ + 'arm64') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-arm64'; sha256='c3805a85d17f4454c23d7059bcb97e1ec1af272b90126e79ed002342de08389b' ;; \ + 'armel') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-armel'; sha256='f9969910fa141140438c998cfa02f603bf213b11afd466dcde8fa940e700945d' ;; \ + 'i386') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-i386'; sha256='087dbb8fe479537e64f9c86fa49ff3b41dee1cbd28739a19aaef83dc8186b1ca' ;; \ + 'mips64el') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-mips64el'; sha256='87140029d792595e660be0015341dfa1c02d1181459ae40df9f093e471d75b70' ;; \ + 'ppc64el') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-ppc64el'; sha256='1891acdcfa70046818ab6ed3c52b9d42fa10fbb7b340eb429c8c7849691dbd76' ;; \ + 'riscv64') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-riscv64'; sha256='38a6444b57adce135c42d5a3689f616fc7803ddc7a07ff6f946f2ebc67a26ba6' ;; \ + 's390x') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-s390x'; sha256='69873bab588192f760547ca1f75b27cfcf106e9f7403fee6fd0600bc914979d0' ;; \ + 'armhf') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-armhf'; sha256='e5866286277ff2a2159fb9196fea13e0a59d3f1091ea46ddb985160b94b6841b' ;; \ + *) echo >&2 "error: unsupported gosu architecture: '$arch'"; exit 1 ;; \ + esac; \ + wget -O /usr/local/bin/gosu.asc "$url.asc"; \ + wget -O /usr/local/bin/gosu "$url"; \ + echo "$sha256 */usr/local/bin/gosu" | sha256sum -c -; \ export GNUPGHOME="$(mktemp -d)"; \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ diff --git a/7.2/bookworm/docker-entrypoint.sh b/6.2/debian/docker-entrypoint.sh similarity index 100% rename from 7.2/bookworm/docker-entrypoint.sh rename to 6.2/debian/docker-entrypoint.sh diff --git a/7.0/alpine3.18/Dockerfile b/7.0/alpine/Dockerfile similarity index 67% rename from 7.0/alpine3.18/Dockerfile rename to 7.0/alpine/Dockerfile index be793eed..6776649b 100644 --- a/7.0/alpine3.18/Dockerfile +++ b/7.0/alpine/Dockerfile @@ -7,14 +7,47 @@ FROM alpine:3.18 # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added -RUN addgroup -S -g 1000 redis && adduser -S -G redis -u 999 redis +RUN set -eux; \ # alpine already has a gid 999, so we'll use the next id + addgroup -S -g 1000 redis; \ + adduser -S -G redis -u 999 redis -RUN apk add --no-cache \ -# grab su-exec for easy step-down from root - 'su-exec>=0.2' \ +# runtime dependencies +RUN set -eux; \ + apk add --no-cache \ # add tzdata for https://github.com/docker-library/redis/issues/138 - tzdata + tzdata \ + ; + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + apk add --no-cache --virtual .gosu-fetch gnupg; \ + arch="$(apk --print-arch)"; \ + case "$arch" in \ + 'x86_64') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-amd64'; sha256='bbc4136d03ab138b1ad66fa4fc051bafc6cc7ffae632b069a53657279a450de3' ;; \ + 'aarch64') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-arm64'; sha256='c3805a85d17f4454c23d7059bcb97e1ec1af272b90126e79ed002342de08389b' ;; \ + 'armhf') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-armhf'; sha256='e5866286277ff2a2159fb9196fea13e0a59d3f1091ea46ddb985160b94b6841b' ;; \ + 'x86') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-i386'; sha256='087dbb8fe479537e64f9c86fa49ff3b41dee1cbd28739a19aaef83dc8186b1ca' ;; \ + 'ppc64le') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-ppc64el'; sha256='1891acdcfa70046818ab6ed3c52b9d42fa10fbb7b340eb429c8c7849691dbd76' ;; \ + 'riscv64') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-riscv64'; sha256='38a6444b57adce135c42d5a3689f616fc7803ddc7a07ff6f946f2ebc67a26ba6' ;; \ + 's390x') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-s390x'; sha256='69873bab588192f760547ca1f75b27cfcf106e9f7403fee6fd0600bc914979d0' ;; \ + 'armv7') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-armhf'; sha256='e5866286277ff2a2159fb9196fea13e0a59d3f1091ea46ddb985160b94b6841b' ;; \ + *) echo >&2 "error: unsupported gosu architecture: '$arch'"; exit 1 ;; \ + esac; \ + wget -O /usr/local/bin/gosu.asc "$url.asc"; \ + wget -O /usr/local/bin/gosu "$url"; \ + echo "$sha256 */usr/local/bin/gosu" | sha256sum -c -; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apk del --no-network .gosu-fetch; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true ENV REDIS_VERSION 7.0.14 ENV REDIS_DOWNLOAD_URL http://download.redis.io/releases/redis-7.0.14.tar.gz diff --git a/6.2/alpine3.18/docker-entrypoint.sh b/7.0/alpine/docker-entrypoint.sh similarity index 95% rename from 6.2/alpine3.18/docker-entrypoint.sh rename to 7.0/alpine/docker-entrypoint.sh index b1105c86..30406a51 100755 --- a/6.2/alpine3.18/docker-entrypoint.sh +++ b/7.0/alpine/docker-entrypoint.sh @@ -10,7 +10,7 @@ fi # allow the container to be started with `--user` if [ "$1" = 'redis-server' -a "$(id -u)" = '0' ]; then find . \! -user redis -exec chown redis '{}' + - exec su-exec redis "$0" "$@" + exec gosu redis "$0" "$@" fi # set an appropriate umask (if one isn't set already) diff --git a/7.0/bookworm/Dockerfile b/7.0/debian/Dockerfile similarity index 72% rename from 7.0/bookworm/Dockerfile rename to 7.0/debian/Dockerfile index 1fc5422c..8b245111 100644 --- a/7.0/bookworm/Dockerfile +++ b/7.0/debian/Dockerfile @@ -7,19 +7,43 @@ FROM debian:bookworm-slim # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added -RUN groupadd -r -g 999 redis && useradd -r -g redis -u 999 redis +RUN set -eux; \ + groupadd -r -g 999 redis; \ + useradd -r -g redis -u 999 redis + +# runtime dependencies +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ +# add tzdata explicitly for https://github.com/docker-library/redis/issues/138 (see also https://bugs.debian.org/837060 and related) + tzdata \ + ; \ + rm -rf /var/lib/apt/lists/* # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 +ENV GOSU_VERSION 1.17 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ apt-get install -y --no-install-recommends ca-certificates gnupg wget; \ rm -rf /var/lib/apt/lists/*; \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + arch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + case "$arch" in \ + 'amd64') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-amd64'; sha256='bbc4136d03ab138b1ad66fa4fc051bafc6cc7ffae632b069a53657279a450de3' ;; \ + 'arm64') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-arm64'; sha256='c3805a85d17f4454c23d7059bcb97e1ec1af272b90126e79ed002342de08389b' ;; \ + 'armel') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-armel'; sha256='f9969910fa141140438c998cfa02f603bf213b11afd466dcde8fa940e700945d' ;; \ + 'i386') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-i386'; sha256='087dbb8fe479537e64f9c86fa49ff3b41dee1cbd28739a19aaef83dc8186b1ca' ;; \ + 'mips64el') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-mips64el'; sha256='87140029d792595e660be0015341dfa1c02d1181459ae40df9f093e471d75b70' ;; \ + 'ppc64el') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-ppc64el'; sha256='1891acdcfa70046818ab6ed3c52b9d42fa10fbb7b340eb429c8c7849691dbd76' ;; \ + 'riscv64') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-riscv64'; sha256='38a6444b57adce135c42d5a3689f616fc7803ddc7a07ff6f946f2ebc67a26ba6' ;; \ + 's390x') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-s390x'; sha256='69873bab588192f760547ca1f75b27cfcf106e9f7403fee6fd0600bc914979d0' ;; \ + 'armhf') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-armhf'; sha256='e5866286277ff2a2159fb9196fea13e0a59d3f1091ea46ddb985160b94b6841b' ;; \ + *) echo >&2 "error: unsupported gosu architecture: '$arch'"; exit 1 ;; \ + esac; \ + wget -O /usr/local/bin/gosu.asc "$url.asc"; \ + wget -O /usr/local/bin/gosu "$url"; \ + echo "$sha256 */usr/local/bin/gosu" | sha256sum -c -; \ export GNUPGHOME="$(mktemp -d)"; \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ diff --git a/6.0/alpine3.18/docker-entrypoint.sh b/7.0/debian/docker-entrypoint.sh similarity index 95% rename from 6.0/alpine3.18/docker-entrypoint.sh rename to 7.0/debian/docker-entrypoint.sh index b1105c86..30406a51 100755 --- a/6.0/alpine3.18/docker-entrypoint.sh +++ b/7.0/debian/docker-entrypoint.sh @@ -10,7 +10,7 @@ fi # allow the container to be started with `--user` if [ "$1" = 'redis-server' -a "$(id -u)" = '0' ]; then find . \! -user redis -exec chown redis '{}' + - exec su-exec redis "$0" "$@" + exec gosu redis "$0" "$@" fi # set an appropriate umask (if one isn't set already) diff --git a/7.2/alpine3.18/Dockerfile b/7.2/alpine/Dockerfile similarity index 67% rename from 7.2/alpine3.18/Dockerfile rename to 7.2/alpine/Dockerfile index cafa7665..5a729094 100644 --- a/7.2/alpine3.18/Dockerfile +++ b/7.2/alpine/Dockerfile @@ -7,14 +7,47 @@ FROM alpine:3.18 # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added -RUN addgroup -S -g 1000 redis && adduser -S -G redis -u 999 redis +RUN set -eux; \ # alpine already has a gid 999, so we'll use the next id + addgroup -S -g 1000 redis; \ + adduser -S -G redis -u 999 redis -RUN apk add --no-cache \ -# grab su-exec for easy step-down from root - 'su-exec>=0.2' \ +# runtime dependencies +RUN set -eux; \ + apk add --no-cache \ # add tzdata for https://github.com/docker-library/redis/issues/138 - tzdata + tzdata \ + ; + +# grab gosu for easy step-down from root +# https://github.com/tianon/gosu/releases +ENV GOSU_VERSION 1.17 +RUN set -eux; \ + apk add --no-cache --virtual .gosu-fetch gnupg; \ + arch="$(apk --print-arch)"; \ + case "$arch" in \ + 'x86_64') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-amd64'; sha256='bbc4136d03ab138b1ad66fa4fc051bafc6cc7ffae632b069a53657279a450de3' ;; \ + 'aarch64') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-arm64'; sha256='c3805a85d17f4454c23d7059bcb97e1ec1af272b90126e79ed002342de08389b' ;; \ + 'armhf') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-armhf'; sha256='e5866286277ff2a2159fb9196fea13e0a59d3f1091ea46ddb985160b94b6841b' ;; \ + 'x86') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-i386'; sha256='087dbb8fe479537e64f9c86fa49ff3b41dee1cbd28739a19aaef83dc8186b1ca' ;; \ + 'ppc64le') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-ppc64el'; sha256='1891acdcfa70046818ab6ed3c52b9d42fa10fbb7b340eb429c8c7849691dbd76' ;; \ + 'riscv64') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-riscv64'; sha256='38a6444b57adce135c42d5a3689f616fc7803ddc7a07ff6f946f2ebc67a26ba6' ;; \ + 's390x') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-s390x'; sha256='69873bab588192f760547ca1f75b27cfcf106e9f7403fee6fd0600bc914979d0' ;; \ + 'armv7') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-armhf'; sha256='e5866286277ff2a2159fb9196fea13e0a59d3f1091ea46ddb985160b94b6841b' ;; \ + *) echo >&2 "error: unsupported gosu architecture: '$arch'"; exit 1 ;; \ + esac; \ + wget -O /usr/local/bin/gosu.asc "$url.asc"; \ + wget -O /usr/local/bin/gosu "$url"; \ + echo "$sha256 */usr/local/bin/gosu" | sha256sum -c -; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + apk del --no-network .gosu-fetch; \ + chmod +x /usr/local/bin/gosu; \ + gosu --version; \ + gosu nobody true ENV REDIS_VERSION 7.2.3 ENV REDIS_DOWNLOAD_URL http://download.redis.io/releases/redis-7.2.3.tar.gz diff --git a/7.0/alpine3.18/docker-entrypoint.sh b/7.2/alpine/docker-entrypoint.sh similarity index 95% rename from 7.0/alpine3.18/docker-entrypoint.sh rename to 7.2/alpine/docker-entrypoint.sh index b1105c86..30406a51 100755 --- a/7.0/alpine3.18/docker-entrypoint.sh +++ b/7.2/alpine/docker-entrypoint.sh @@ -10,7 +10,7 @@ fi # allow the container to be started with `--user` if [ "$1" = 'redis-server' -a "$(id -u)" = '0' ]; then find . \! -user redis -exec chown redis '{}' + - exec su-exec redis "$0" "$@" + exec gosu redis "$0" "$@" fi # set an appropriate umask (if one isn't set already) diff --git a/7.2/bookworm/Dockerfile b/7.2/debian/Dockerfile similarity index 72% rename from 7.2/bookworm/Dockerfile rename to 7.2/debian/Dockerfile index b6cf53ea..b8e68eae 100644 --- a/7.2/bookworm/Dockerfile +++ b/7.2/debian/Dockerfile @@ -7,19 +7,43 @@ FROM debian:bookworm-slim # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added -RUN groupadd -r -g 999 redis && useradd -r -g redis -u 999 redis +RUN set -eux; \ + groupadd -r -g 999 redis; \ + useradd -r -g redis -u 999 redis + +# runtime dependencies +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ +# add tzdata explicitly for https://github.com/docker-library/redis/issues/138 (see also https://bugs.debian.org/837060 and related) + tzdata \ + ; \ + rm -rf /var/lib/apt/lists/* # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases -ENV GOSU_VERSION 1.16 +ENV GOSU_VERSION 1.17 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ apt-get install -y --no-install-recommends ca-certificates gnupg wget; \ rm -rf /var/lib/apt/lists/*; \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + arch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + case "$arch" in \ + 'amd64') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-amd64'; sha256='bbc4136d03ab138b1ad66fa4fc051bafc6cc7ffae632b069a53657279a450de3' ;; \ + 'arm64') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-arm64'; sha256='c3805a85d17f4454c23d7059bcb97e1ec1af272b90126e79ed002342de08389b' ;; \ + 'armel') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-armel'; sha256='f9969910fa141140438c998cfa02f603bf213b11afd466dcde8fa940e700945d' ;; \ + 'i386') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-i386'; sha256='087dbb8fe479537e64f9c86fa49ff3b41dee1cbd28739a19aaef83dc8186b1ca' ;; \ + 'mips64el') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-mips64el'; sha256='87140029d792595e660be0015341dfa1c02d1181459ae40df9f093e471d75b70' ;; \ + 'ppc64el') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-ppc64el'; sha256='1891acdcfa70046818ab6ed3c52b9d42fa10fbb7b340eb429c8c7849691dbd76' ;; \ + 'riscv64') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-riscv64'; sha256='38a6444b57adce135c42d5a3689f616fc7803ddc7a07ff6f946f2ebc67a26ba6' ;; \ + 's390x') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-s390x'; sha256='69873bab588192f760547ca1f75b27cfcf106e9f7403fee6fd0600bc914979d0' ;; \ + 'armhf') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-armhf'; sha256='e5866286277ff2a2159fb9196fea13e0a59d3f1091ea46ddb985160b94b6841b' ;; \ + *) echo >&2 "error: unsupported gosu architecture: '$arch'"; exit 1 ;; \ + esac; \ + wget -O /usr/local/bin/gosu.asc "$url.asc"; \ + wget -O /usr/local/bin/gosu "$url"; \ + echo "$sha256 */usr/local/bin/gosu" | sha256sum -c -; \ export GNUPGHOME="$(mktemp -d)"; \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ diff --git a/7.2/alpine3.18/docker-entrypoint.sh b/7.2/debian/docker-entrypoint.sh similarity index 95% rename from 7.2/alpine3.18/docker-entrypoint.sh rename to 7.2/debian/docker-entrypoint.sh index b1105c86..30406a51 100755 --- a/7.2/alpine3.18/docker-entrypoint.sh +++ b/7.2/debian/docker-entrypoint.sh @@ -10,7 +10,7 @@ fi # allow the container to be started with `--user` if [ "$1" = 'redis-server' -a "$(id -u)" = '0' ]; then find . \! -user redis -exec chown redis '{}' + - exec su-exec redis "$0" "$@" + exec gosu redis "$0" "$@" fi # set an appropriate umask (if one isn't set already) diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template deleted file mode 100644 index 3c7cc7c2..00000000 --- a/Dockerfile-alpine.template +++ /dev/null @@ -1,117 +0,0 @@ -{{ include ".template-helper-functions" -}} -FROM alpine:{{ env.variant | ltrimstr("alpine") }} - -# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added -RUN addgroup -S -g 1000 redis && adduser -S -G redis -u 999 redis -# alpine already has a gid 999, so we'll use the next id - -RUN apk add --no-cache \ -# grab su-exec for easy step-down from root - 'su-exec>=0.2' \ -# add tzdata for https://github.com/docker-library/redis/issues/138 - tzdata - -ENV REDIS_VERSION {{ .version }} -ENV REDIS_DOWNLOAD_URL {{ .downloadUrl }} -ENV REDIS_DOWNLOAD_SHA {{ .sha256 }} - -RUN set -eux; \ - \ - apk add --no-cache --virtual .build-deps \ - coreutils \ - dpkg-dev dpkg \ - gcc \ - linux-headers \ - make \ - musl-dev \ - openssl-dev \ -# install real "wget" to avoid: -# + wget -O redis.tar.gz https://download.redis.io/releases/redis-6.0.6.tar.gz -# Connecting to download.redis.io (45.60.121.1:80) -# wget: bad header line: XxhODalH: btu; path=/; Max-Age=900 - wget \ - ; \ - \ - wget -O redis.tar.gz "$REDIS_DOWNLOAD_URL"; \ - echo "$REDIS_DOWNLOAD_SHA *redis.tar.gz" | sha256sum -c -; \ - mkdir -p /usr/src/redis; \ - tar -xzf redis.tar.gz -C /usr/src/redis --strip-components=1; \ - rm redis.tar.gz; \ - \ -# disable Redis protected mode [1] as it is unnecessary in context of Docker -# (ports are not automatically exposed when running inside Docker, but rather explicitly by specifying -p / -P) -# [1]: https://github.com/redis/redis/commit/edd4d555df57dc84265fdfb4ef59a4678832f6da - grep -E '^ *createBoolConfig[(]"protected-mode",.*, *1 *,.*[)],$' /usr/src/redis/src/config.c; \ - sed -ri 's!^( *createBoolConfig[(]"protected-mode",.*, *)1( *,.*[)],)$!\10\2!' /usr/src/redis/src/config.c; \ - grep -E '^ *createBoolConfig[(]"protected-mode",.*, *0 *,.*[)],$' /usr/src/redis/src/config.c; \ -# for future reference, we modify this directly in the source instead of just supplying a default configuration flag because apparently "if you specify any argument to redis-server, [it assumes] you are going to specify everything" -# see also https://github.com/docker-library/redis/issues/4#issuecomment-50780840 -# (more exactly, this makes sure the default behavior of "save on SIGTERM" stays functional by default) - \ -# https://github.com/jemalloc/jemalloc/issues/467 -- we need to patch the "./configure" for the bundled jemalloc to match how Debian compiles, for compatibility -# (also, we do cross-builds, so we need to embed the appropriate "--build=xxx" values to that "./configure" invocation) - gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ - extraJemallocConfigureFlags="--build=$gnuArch"; \ -# https://salsa.debian.org/debian/jemalloc/-/blob/c0a88c37a551be7d12e4863435365c9a6a51525f/debian/rules#L8-23 - dpkgArch="$(dpkg --print-architecture)"; \ - case "${dpkgArch##*-}" in \ - amd64 | i386 | x32) extraJemallocConfigureFlags="$extraJemallocConfigureFlags --with-lg-page=12" ;; \ - *) extraJemallocConfigureFlags="$extraJemallocConfigureFlags --with-lg-page=16" ;; \ - esac; \ - extraJemallocConfigureFlags="$extraJemallocConfigureFlags --with-lg-hugepage=21"; \ - grep -F 'cd jemalloc && ./configure ' /usr/src/redis/deps/Makefile; \ - sed -ri 's!cd jemalloc && ./configure !&'"$extraJemallocConfigureFlags"' !' /usr/src/redis/deps/Makefile; \ - grep -F "cd jemalloc && ./configure $extraJemallocConfigureFlags " /usr/src/redis/deps/Makefile; \ - \ - export BUILD_TLS=yes; \ - make -C /usr/src/redis -j "$(nproc)" all; \ - make -C /usr/src/redis install; \ - \ -# TODO https://github.com/redis/redis/pull/3494 (deduplicate "redis-server" copies) - serverMd5="$(md5sum /usr/local/bin/redis-server | cut -d' ' -f1)"; export serverMd5; \ - find /usr/local/bin/redis* -maxdepth 0 \ - -type f -not -name redis-server \ - -exec sh -eux -c ' \ - md5="$(md5sum "$1" | cut -d" " -f1)"; \ - test "$md5" = "$serverMd5"; \ - ' -- '{}' ';' \ - -exec ln -svfT 'redis-server' '{}' ';' \ - ; \ - \ - rm -r /usr/src/redis; \ - \ - runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )"; \ - apk add --no-network --virtual .redis-rundeps $runDeps; \ - apk del --no-network .build-deps; \ - \ - redis-cli --version; \ - redis-server --version; \ - \ - echo {{ - { - name: "redis-server", - version: .version, - params: { - os_name: "alpine", - os_version: env.variant | ltrimstr("alpine") - }, - licenses: [ - "BSD-3-Clause" - ] - } | sbom | tostring | @sh - }} > /usr/local/redis.spdx.json - -RUN mkdir /data && chown redis:redis /data -VOLUME /data -WORKDIR /data - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -EXPOSE 6379 -CMD ["redis-server"] diff --git a/Dockerfile.template b/Dockerfile.template index b84cfe63..3ec5a226 100644 --- a/Dockerfile.template +++ b/Dockerfile.template @@ -1,38 +1,143 @@ {{ include ".template-helper-functions" -}} -FROM debian:{{ env.variant }}-slim +{{ if env.variant == "alpine" then ( -}} +FROM alpine:{{ .alpine.version }} +{{ ) else ( -}} +FROM debian:{{ .debian.version }}-slim +{{ ) end -}} # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added -RUN groupadd -r -g 999 redis && useradd -r -g redis -u 999 redis +{{ if env.variant == "alpine" then ( -}} +RUN set -eux; \ +# alpine already has a gid 999, so we'll use the next id + addgroup -S -g 1000 redis; \ + adduser -S -G redis -u 999 redis +{{ ) else ( -}} +RUN set -eux; \ + groupadd -r -g 999 redis; \ + useradd -r -g redis -u 999 redis +{{ ) end -}} + +# runtime dependencies +{{ if env.variant == "alpine" then ( -}} +RUN set -eux; \ + apk add --no-cache \ +# add tzdata for https://github.com/docker-library/redis/issues/138 + tzdata \ + ; +{{ ) else ( -}} +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ +# add tzdata explicitly for https://github.com/docker-library/redis/issues/138 (see also https://bugs.debian.org/837060 and related) + tzdata \ + ; \ + rm -rf /var/lib/apt/lists/* +{{ ) end -}} # grab gosu for easy step-down from root # https://github.com/tianon/gosu/releases ENV GOSU_VERSION {{ .gosu.version }} RUN set -eux; \ +{{ if env.variant == "alpine" then ( -}} + apk add --no-cache --virtual .gosu-fetch gnupg; \ + arch="$(apk --print-arch)"; \ +{{ ) else ( -}} savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ apt-get install -y --no-install-recommends ca-certificates gnupg wget; \ rm -rf /var/lib/apt/lists/*; \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + arch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ +{{ ) end -}} + case "$arch" in \ +{{ + [ + .gosu.arches + | to_entries[] + | ( + if env.variant == "alpine" then + { + # https://dl-cdn.alpinelinux.org/alpine/edge/main/ + # https://dl-cdn.alpinelinux.org/alpine/latest-stable/main/ + amd64: "x86_64", + arm32v6: "armhf", + arm32v7: "armv7", + arm64v8: "aarch64", + i386: "x86", + ppc64le: "ppc64le", + riscv64: "riscv64", + s390x: "s390x", + } + else + { + # https://salsa.debian.org/dpkg-team/dpkg/-/blob/main/data/cputable + # https://wiki.debian.org/ArchitectureSpecificsMemo#Architecture_baselines + # http://deb.debian.org/debian/dists/unstable/main/ + # http://deb.debian.org/debian/dists/stable/main/ + # https://deb.debian.org/debian-ports/dists/unstable/main/ + amd64: "amd64", + arm32v5: "armel", + arm32v7: "armhf", + arm64v8: "arm64", + i386: "i386", + mips64le: "mips64el", + ppc64le: "ppc64el", + riscv64: "riscv64", + s390x: "s390x", + } + end + )[.key] as $arch + | select($arch) + | .value + | ( +-}} + {{ $arch | @sh }}) url={{ .url | @sh }}; sha256={{ .sha256 | @sh }} ;; \ +{{ + ) + ] | add +-}} + *) echo >&2 "error: unsupported gosu architecture: '$arch'"; exit 1 ;; \ + esac; \ + wget -O /usr/local/bin/gosu.asc "$url.asc"; \ + wget -O /usr/local/bin/gosu "$url"; \ + echo "$sha256 */usr/local/bin/gosu" | sha256sum -c -; \ export GNUPGHOME="$(mktemp -d)"; \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ gpgconf --kill all; \ rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ +{{ if env.variant == "alpine" then ( -}} + apk del --no-network .gosu-fetch; \ +{{ ) else ( -}} apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ +{{ ) end -}} chmod +x /usr/local/bin/gosu; \ gosu --version; \ gosu nobody true ENV REDIS_VERSION {{ .version }} -ENV REDIS_DOWNLOAD_URL {{ .downloadUrl }} -ENV REDIS_DOWNLOAD_SHA {{ .sha256 }} +ENV REDIS_DOWNLOAD_URL {{ .url }} +ENV REDIS_DOWNLOAD_SHA {{ .sha256 // error("no sha256 for \(.version) (\(env.version))") }} RUN set -eux; \ \ +{{ if env.variant == "alpine" then ( -}} + apk add --no-cache --virtual .build-deps \ + coreutils \ + dpkg-dev dpkg \ + gcc \ + linux-headers \ + make \ + musl-dev \ + openssl-dev \ +# install real "wget" to avoid: +# + wget -O redis.tar.gz https://download.redis.io/releases/redis-6.0.6.tar.gz +# Connecting to download.redis.io (45.60.121.1:80) +# wget: bad header line: XxhODalH: btu; path=/; Max-Age=900 + wget \ + ; \ +{{ ) else ( -}} savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ apt-get install -y --no-install-recommends \ @@ -46,6 +151,7 @@ RUN set -eux; \ make \ ; \ rm -rf /var/lib/apt/lists/*; \ +{{ ) end -}} \ wget -O redis.tar.gz "$REDIS_DOWNLOAD_URL"; \ echo "$REDIS_DOWNLOAD_SHA *redis.tar.gz" | sha256sum -c -; \ @@ -95,6 +201,16 @@ RUN set -eux; \ \ rm -r /usr/src/redis; \ \ +{{ if env.variant == "alpine" then ( -}} + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + )"; \ + apk add --no-network --virtual .redis-rundeps $runDeps; \ + apk del --no-network .build-deps; \ +{{ ) else ( -}} apt-mark auto '.*' > /dev/null; \ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \ find /usr/local -type f -executable -exec ldd '{}' ';' \ @@ -106,6 +222,7 @@ RUN set -eux; \ | xargs -r apt-mark manual \ ; \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ +{{ ) end -}} \ redis-cli --version; \ redis-server --version; \ @@ -114,10 +231,19 @@ RUN set -eux; \ { name: "redis-server", version: .version, - params: { - os_name: "debian", - os_version: env.variant - }, + params: ( + if env.variant == "alpine" then + { + os_name: "alpine", + os_version: .alpine.version, + } + else + { + os_name: "debian", + os_version: .debian.version, + } + end + ), licenses: [ "BSD-3-Clause" ] diff --git a/apply-templates.sh b/apply-templates.sh index 3f3b692d..51656bf7 100755 --- a/apply-templates.sh +++ b/apply-templates.sh @@ -3,8 +3,6 @@ set -Eeuo pipefail [ -f versions.json ] # run "versions.sh" first -cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" - jqt='.jq-template.awk' if [ -n "${BASHBREW_SCRIPTS:-}" ]; then jqt="$BASHBREW_SCRIPTS/jq-template.awk" @@ -17,6 +15,7 @@ jqf='.template-helper-functions.jq' if [ -n "${BASHBREW_SCRIPTS:-}" ]; then jqf="$BASHBREW_SCRIPTS/template-helper-functions.jq" elif [ "$BASH_SOURCE" -nt "$jqf" ]; then + # https://github.com/docker-library/bashbrew/blob/master/scripts/template-helper-functions.jq wget -qO "$jqf" 'https://github.com/docker-library/bashbrew/raw/08c926140ad0af22de58c2a2656afda58082ba3e/scripts/template-helper-functions.jq' fi @@ -37,44 +36,22 @@ generated_warning() { } for version; do - export version - - if [ -d "$version" ]; then - rm -rf "$version" - fi - - if jq -e '.[env.version] | not' versions.json > /dev/null; then - echo "skipping $version ..." - continue - fi - - variants="$(jq -r '.[env.version].variants | map(@sh) | join(" ")' versions.json)" - eval "variants=( $variants )" + rm -rf "$version" - for variant in "${variants[@]}"; do - export variant + for variant in debian alpine; do + export version variant - echo "processing $version/$variant ..." + dir="$version/$variant" - dir="$version${variant:+/$variant}" + echo "processing $dir ..." mkdir -p "$dir" - cp -f docker-entrypoint.sh "$dir/" - - case "$variant" in - alpine*) - template='Dockerfile-alpine.template' - sed -i -e 's/gosu/su-exec/g' "$dir/docker-entrypoint.sh" - ;; - *) - template='Dockerfile.template' - ;; - esac - { generated_warning - gawk -f "$jqt" "$template" + gawk -f "$jqt" Dockerfile.template } > "$dir/Dockerfile" + + cp -a docker-entrypoint.sh "$dir/" done done diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 3ad3d694..90cef229 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -1,5 +1,5 @@ #!/usr/bin/env bash -set -eu +set -Eeuo pipefail declare -A aliases=( [7.2]='7 latest' @@ -43,7 +43,7 @@ getArches() { local repo="$1"; shift local officialImagesUrl='https://github.com/docker-library/official-images/raw/master/library/' - eval "declare -A -g parentRepoToArches=( $( + eval "declare -g -A parentRepoToArches=( $( find -name 'Dockerfile' -exec awk ' toupper($1) == "FROM" && $2 !~ /^('"$repo"'|scratch|.*\/.*)(:|$)/ { print "'"$officialImagesUrl"'" $2 @@ -73,51 +73,59 @@ join() { for version; do export version - variants="$(jq -r '.[env.version].variants | map(@sh) | join(" ")' versions.json)" - eval "variants=( $variants )" - - alpine="$(jq -r '.[env.version].alpine' versions.json)" - debian="$(jq -r '.[env.version].debian' versions.json)" - fullVersion="$(jq -r '.[env.version].version' versions.json)" versionAliases=() - while [ "$fullVersion" != "$version" -a "${fullVersion%[.]*}" != "$fullVersion" ]; do + while [ "$fullVersion" != "$version" ] && [ "${fullVersion%.*}" != "$fullVersion" ]; do versionAliases+=( $fullVersion ) - fullVersion="${fullVersion%[.]*}" + fullVersion="${fullVersion%.*}" done versionAliases+=( $version ${aliases[$version]:-} ) - for variant in "${variants[@]}"; do + for variant in debian alpine; do + export variant dir="$version/$variant" + commit="$(dirCommit "$dir")" - variantParent="$(awk 'toupper($1) == "FROM" { print $2 }' "$dir/Dockerfile")" - variantArches="${parentRepoToArches[$variantParent]}" - - variantAliases=( "${versionAliases[@]/%/-$variant}" ) - variantAliases=( "${variantAliases[@]//latest-/}" ) - - case "$variant" in - "$debian") - variantAliases=( - "${versionAliases[@]}" - "${variantAliases[@]}" - ) - ;; - alpine"$alpine") - variantAliases+=( "${versionAliases[@]/%/-alpine}" ) - variantAliases=( "${variantAliases[@]//latest-/}" ) - ;; - esac + if [ "$variant" = 'debian' ]; then + variantAliases=( "${versionAliases[@]}" ) + else + variantAliases=( "${versionAliases[@]/%/-$variant}" ) + variantAliases=( "${variantAliases[@]//latest-/}" ) + fi + + parent="$(awk 'toupper($1) == "FROM" { print $2 }' "$dir/Dockerfile")" + arches="${parentRepoToArches[$parent]}" + + suite="${parent#*:}" # "bookworm-slim", "bookworm" + suite="${suite%-slim}" # "bookworm" + if [ "$variant" = 'alpine' ]; then + suite="alpine$suite" # "alpine3.18" + fi + suiteAliases=( "${versionAliases[@]/%/-$suite}" ) + suiteAliases=( "${suiteAliases[@]//latest-/}" ) + variantAliases+=( "${suiteAliases[@]}" ) + + # calculate the intersection of parent image arches and gosu arches + arches="$(jq -r --arg arches "$arches" ' + ( + $arches + | gsub("^[[:space:]]+|[[:space:]]+$"; "") + | split("[[:space:]]+"; "") + ) as $parentArches + | .[env.version] + | $parentArches - ($parentArches - (.gosu.arches | keys)) + | join(", ") + ' versions.json)" echo cat <<-EOE Tags: $(join ', ' "${variantAliases[@]}") - Architectures: $(join ', ' $variantArches) + Architectures: $arches GitCommit: $commit Directory: $dir EOE diff --git a/versions.json b/versions.json index 75d1cef4..c0115d7c 100644 --- a/versions.json +++ b/versions.json @@ -1,58 +1,226 @@ { "6.0": { - "alpine": "3.18", - "debian": "bookworm", - "downloadUrl": "http://download.redis.io/releases/redis-6.0.20.tar.gz", - "gosu": { - "version": "1.16" - }, + "version": "6.0.20", + "url": "http://download.redis.io/releases/redis-6.0.20.tar.gz", "sha256": "173d4c5f44b5d7186da96c4adc5cb20e8018b50ec3a8dfe0d191dbbab53952f0", - "variants": [ - "bookworm", - "alpine3.18" - ], - "version": "6.0.20" + "debian": { + "version": "bookworm" + }, + "alpine": { + "version": "3.18" + }, + "gosu": { + "version": "1.17", + "arches": { + "amd64": { + "url": "https://github.com/tianon/gosu/releases/download/1.17/gosu-amd64", + "sha256": "bbc4136d03ab138b1ad66fa4fc051bafc6cc7ffae632b069a53657279a450de3" + }, + "arm64v8": { + "url": "https://github.com/tianon/gosu/releases/download/1.17/gosu-arm64", + "sha256": "c3805a85d17f4454c23d7059bcb97e1ec1af272b90126e79ed002342de08389b" + }, + "arm32v5": { + "url": "https://github.com/tianon/gosu/releases/download/1.17/gosu-armel", + "sha256": "f9969910fa141140438c998cfa02f603bf213b11afd466dcde8fa940e700945d" + }, + "arm32v6": { + "url": "https://github.com/tianon/gosu/releases/download/1.17/gosu-armhf", + "sha256": "e5866286277ff2a2159fb9196fea13e0a59d3f1091ea46ddb985160b94b6841b" + }, + "i386": { + "url": "https://github.com/tianon/gosu/releases/download/1.17/gosu-i386", + "sha256": "087dbb8fe479537e64f9c86fa49ff3b41dee1cbd28739a19aaef83dc8186b1ca" + }, + "mips64le": { + "url": "https://github.com/tianon/gosu/releases/download/1.17/gosu-mips64el", + "sha256": "87140029d792595e660be0015341dfa1c02d1181459ae40df9f093e471d75b70" + }, + "ppc64le": { + "url": "https://github.com/tianon/gosu/releases/download/1.17/gosu-ppc64el", + "sha256": "1891acdcfa70046818ab6ed3c52b9d42fa10fbb7b340eb429c8c7849691dbd76" + }, + "riscv64": { + "url": "https://github.com/tianon/gosu/releases/download/1.17/gosu-riscv64", + "sha256": "38a6444b57adce135c42d5a3689f616fc7803ddc7a07ff6f946f2ebc67a26ba6" + }, + "s390x": { + "url": "https://github.com/tianon/gosu/releases/download/1.17/gosu-s390x", + "sha256": "69873bab588192f760547ca1f75b27cfcf106e9f7403fee6fd0600bc914979d0" + }, + "arm32v7": { + "url": "https://github.com/tianon/gosu/releases/download/1.17/gosu-armhf", + "sha256": "e5866286277ff2a2159fb9196fea13e0a59d3f1091ea46ddb985160b94b6841b" + } + } + } }, "6.2": { - "alpine": "3.18", - "debian": "bookworm", - "downloadUrl": "http://download.redis.io/releases/redis-6.2.14.tar.gz", - "gosu": { - "version": "1.16" - }, + "version": "6.2.14", + "url": "http://download.redis.io/releases/redis-6.2.14.tar.gz", "sha256": "34e74856cbd66fdb3a684fb349d93961d8c7aa668b06f81fd93ff267d09bc277", - "variants": [ - "bookworm", - "alpine3.18" - ], - "version": "6.2.14" + "debian": { + "version": "bookworm" + }, + "alpine": { + "version": "3.18" + }, + "gosu": { + "version": "1.17", + "arches": { + "amd64": { + "url": "https://github.com/tianon/gosu/releases/download/1.17/gosu-amd64", + "sha256": "bbc4136d03ab138b1ad66fa4fc051bafc6cc7ffae632b069a53657279a450de3" + }, + "arm64v8": { + "url": "https://github.com/tianon/gosu/releases/download/1.17/gosu-arm64", + "sha256": "c3805a85d17f4454c23d7059bcb97e1ec1af272b90126e79ed002342de08389b" + }, + "arm32v5": { + "url": "https://github.com/tianon/gosu/releases/download/1.17/gosu-armel", + "sha256": "f9969910fa141140438c998cfa02f603bf213b11afd466dcde8fa940e700945d" + }, + "arm32v6": { + "url": "https://github.com/tianon/gosu/releases/download/1.17/gosu-armhf", + "sha256": "e5866286277ff2a2159fb9196fea13e0a59d3f1091ea46ddb985160b94b6841b" + }, + "i386": { + "url": "https://github.com/tianon/gosu/releases/download/1.17/gosu-i386", + "sha256": "087dbb8fe479537e64f9c86fa49ff3b41dee1cbd28739a19aaef83dc8186b1ca" + }, + "mips64le": { + "url": "https://github.com/tianon/gosu/releases/download/1.17/gosu-mips64el", + "sha256": "87140029d792595e660be0015341dfa1c02d1181459ae40df9f093e471d75b70" + }, + "ppc64le": { + "url": "https://github.com/tianon/gosu/releases/download/1.17/gosu-ppc64el", + "sha256": "1891acdcfa70046818ab6ed3c52b9d42fa10fbb7b340eb429c8c7849691dbd76" + }, + "riscv64": { + "url": "https://github.com/tianon/gosu/releases/download/1.17/gosu-riscv64", + "sha256": "38a6444b57adce135c42d5a3689f616fc7803ddc7a07ff6f946f2ebc67a26ba6" + }, + "s390x": { + "url": "https://github.com/tianon/gosu/releases/download/1.17/gosu-s390x", + "sha256": "69873bab588192f760547ca1f75b27cfcf106e9f7403fee6fd0600bc914979d0" + }, + "arm32v7": { + "url": "https://github.com/tianon/gosu/releases/download/1.17/gosu-armhf", + "sha256": "e5866286277ff2a2159fb9196fea13e0a59d3f1091ea46ddb985160b94b6841b" + } + } + } }, "7.0": { - "alpine": "3.18", - "debian": "bookworm", - "downloadUrl": "http://download.redis.io/releases/redis-7.0.14.tar.gz", - "gosu": { - "version": "1.16" - }, + "version": "7.0.14", + "url": "http://download.redis.io/releases/redis-7.0.14.tar.gz", "sha256": "7e1cdf347f4970ea39d5b7fdb19aedec4c21942e202de65bdeb782d38d2f299f", - "variants": [ - "bookworm", - "alpine3.18" - ], - "version": "7.0.14" + "debian": { + "version": "bookworm" + }, + "alpine": { + "version": "3.18" + }, + "gosu": { + "version": "1.17", + "arches": { + "amd64": { + "url": "https://github.com/tianon/gosu/releases/download/1.17/gosu-amd64", + "sha256": "bbc4136d03ab138b1ad66fa4fc051bafc6cc7ffae632b069a53657279a450de3" + }, + "arm64v8": { + "url": "https://github.com/tianon/gosu/releases/download/1.17/gosu-arm64", + "sha256": "c3805a85d17f4454c23d7059bcb97e1ec1af272b90126e79ed002342de08389b" + }, + "arm32v5": { + "url": "https://github.com/tianon/gosu/releases/download/1.17/gosu-armel", + "sha256": "f9969910fa141140438c998cfa02f603bf213b11afd466dcde8fa940e700945d" + }, + "arm32v6": { + "url": "https://github.com/tianon/gosu/releases/download/1.17/gosu-armhf", + "sha256": "e5866286277ff2a2159fb9196fea13e0a59d3f1091ea46ddb985160b94b6841b" + }, + "i386": { + "url": "https://github.com/tianon/gosu/releases/download/1.17/gosu-i386", + "sha256": "087dbb8fe479537e64f9c86fa49ff3b41dee1cbd28739a19aaef83dc8186b1ca" + }, + "mips64le": { + "url": "https://github.com/tianon/gosu/releases/download/1.17/gosu-mips64el", + "sha256": "87140029d792595e660be0015341dfa1c02d1181459ae40df9f093e471d75b70" + }, + "ppc64le": { + "url": "https://github.com/tianon/gosu/releases/download/1.17/gosu-ppc64el", + "sha256": "1891acdcfa70046818ab6ed3c52b9d42fa10fbb7b340eb429c8c7849691dbd76" + }, + "riscv64": { + "url": "https://github.com/tianon/gosu/releases/download/1.17/gosu-riscv64", + "sha256": "38a6444b57adce135c42d5a3689f616fc7803ddc7a07ff6f946f2ebc67a26ba6" + }, + "s390x": { + "url": "https://github.com/tianon/gosu/releases/download/1.17/gosu-s390x", + "sha256": "69873bab588192f760547ca1f75b27cfcf106e9f7403fee6fd0600bc914979d0" + }, + "arm32v7": { + "url": "https://github.com/tianon/gosu/releases/download/1.17/gosu-armhf", + "sha256": "e5866286277ff2a2159fb9196fea13e0a59d3f1091ea46ddb985160b94b6841b" + } + } + } }, "7.2": { - "alpine": "3.18", - "debian": "bookworm", - "downloadUrl": "http://download.redis.io/releases/redis-7.2.3.tar.gz", - "gosu": { - "version": "1.16" - }, + "version": "7.2.3", + "url": "http://download.redis.io/releases/redis-7.2.3.tar.gz", "sha256": "3e2b196d6eb4ddb9e743088bfc2915ccbb42d40f5a8a3edd8cb69c716ec34be7", - "variants": [ - "bookworm", - "alpine3.18" - ], - "version": "7.2.3" + "debian": { + "version": "bookworm" + }, + "alpine": { + "version": "3.18" + }, + "gosu": { + "version": "1.17", + "arches": { + "amd64": { + "url": "https://github.com/tianon/gosu/releases/download/1.17/gosu-amd64", + "sha256": "bbc4136d03ab138b1ad66fa4fc051bafc6cc7ffae632b069a53657279a450de3" + }, + "arm64v8": { + "url": "https://github.com/tianon/gosu/releases/download/1.17/gosu-arm64", + "sha256": "c3805a85d17f4454c23d7059bcb97e1ec1af272b90126e79ed002342de08389b" + }, + "arm32v5": { + "url": "https://github.com/tianon/gosu/releases/download/1.17/gosu-armel", + "sha256": "f9969910fa141140438c998cfa02f603bf213b11afd466dcde8fa940e700945d" + }, + "arm32v6": { + "url": "https://github.com/tianon/gosu/releases/download/1.17/gosu-armhf", + "sha256": "e5866286277ff2a2159fb9196fea13e0a59d3f1091ea46ddb985160b94b6841b" + }, + "i386": { + "url": "https://github.com/tianon/gosu/releases/download/1.17/gosu-i386", + "sha256": "087dbb8fe479537e64f9c86fa49ff3b41dee1cbd28739a19aaef83dc8186b1ca" + }, + "mips64le": { + "url": "https://github.com/tianon/gosu/releases/download/1.17/gosu-mips64el", + "sha256": "87140029d792595e660be0015341dfa1c02d1181459ae40df9f093e471d75b70" + }, + "ppc64le": { + "url": "https://github.com/tianon/gosu/releases/download/1.17/gosu-ppc64el", + "sha256": "1891acdcfa70046818ab6ed3c52b9d42fa10fbb7b340eb429c8c7849691dbd76" + }, + "riscv64": { + "url": "https://github.com/tianon/gosu/releases/download/1.17/gosu-riscv64", + "sha256": "38a6444b57adce135c42d5a3689f616fc7803ddc7a07ff6f946f2ebc67a26ba6" + }, + "s390x": { + "url": "https://github.com/tianon/gosu/releases/download/1.17/gosu-s390x", + "sha256": "69873bab588192f760547ca1f75b27cfcf106e9f7403fee6fd0600bc914979d0" + }, + "arm32v7": { + "url": "https://github.com/tianon/gosu/releases/download/1.17/gosu-armhf", + "sha256": "e5866286277ff2a2159fb9196fea13e0a59d3f1091ea46ddb985160b94b6841b" + } + } + } } } diff --git a/versions.sh b/versions.sh index 3aabc536..bfad7385 100755 --- a/versions.sh +++ b/versions.sh @@ -1,23 +1,85 @@ #!/usr/bin/env bash set -Eeuo pipefail -# we will support at most two entries in each of these lists, and both should be in descending order -supportedDebianSuites=( - bookworm -) -supportedAlpineVersions=( - 3.18 -) -defaultDebianSuite="${supportedDebianSuites[0]}" -declare -A debianSuites=( - #[7.2]='3.17' -) -defaultAlpineVersion="${supportedAlpineVersions[0]}" -declare -A alpineVersions=( - #[14]='3.16' -) - -gosuVersion='1.16' +alpine="$( + bashbrew cat --format '{{ .TagEntry.Tags | join "\n" }}' https://github.com/docker-library/official-images/raw/HEAD/library/alpine:latest \ + | grep -E '^[0-9]+[.][0-9]+$' +)" +[ "$(wc -l <<<"$alpine")" = 1 ] +export alpine + +debian="$( + bashbrew cat --format '{{ .TagEntry.Tags | join "\n" }}' https://github.com/docker-library/official-images/raw/HEAD/library/debian:latest \ + | grep -vE '^latest$|[0-9.-]' \ + | head -1 +)" +[ "$(wc -l <<<"$debian")" = 1 ] +export debian + +gosus="$( + git ls-remote --tags https://github.com/tianon/gosu.git \ + | cut -d/ -f3- \ + | cut -d^ -f1 \ + | grep -E '^[0-9]+' \ + | sort -urV +)" +gosu= +for possible in $gosus; do + urlBase="https://github.com/tianon/gosu/releases/download/$possible" + if shas="$(wget -qO- "$urlBase/SHA256SUMS")" && [ -n "$shas" ]; then + gosu="$(jq <<<"$shas" -csR --arg version "$possible" --arg urlBase "$urlBase" '{ + version: $version, + arches: ( + rtrimstr("\n") + | split("\n") + | map( + # this capture will naturally ignore the ".asc" file checksums + capture( + [ + "^(?[0-9a-f]{64})", + "( | [*])", + "(?", + "gosu-", + "(?[^_. -]+)", + ")$" + ] | join("") + ) + | { + ( + # convert dpkg arch into bashbrew arch + { + # https://salsa.debian.org/dpkg-team/dpkg/-/blob/main/data/cputable + # https://wiki.debian.org/ArchitectureSpecificsMemo#Architecture_baselines + # http://deb.debian.org/debian/dists/unstable/main/ + # http://deb.debian.org/debian/dists/stable/main/ + # https://deb.debian.org/debian-ports/dists/unstable/main/ + amd64: "amd64", + armel: "arm32v5", + armhf: "arm32v6", # https://github.com/tianon/gosu/blob/2dada3bb5dfbc1e7162a29907691b6f45995d54e/Dockerfile#L52-L53 + arm64: "arm64v8", + i386: "i386", + mips64el: "mips64le", + ppc64el: "ppc64le", + riscv64: "riscv64", + s390x: "s390x", + }[.dpkgArch] // empty + ): { + url: ($urlBase + "/" + .file), + sha256: .sha256, + }, + } + ) + | add + | if has("arm32v6") and (has("arm32v7") | not) then + .arm32v7 = .arm32v6 + else . end + ), + }')" + break + fi +done +[ -n "$gosu" ] +export gosu cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" @@ -30,95 +92,64 @@ else fi versions=( "${versions[@]%/}" ) -packagesBase='https://raw.githubusercontent.com/redis/redis-hashes/master/README' - -declare -A packages= - -fetch_package_list() { - local -; set +x # make sure running with "set -x" doesn't spam the terminal with the raw package lists - - # normal (GA) releases end up in the "main" component of upstream's repository - if [ -z "${packages}" ]; then - packages="$(curl -fsSL "$packagesBase")" - fi -} -get_version() { - local version="$1"; shift - - rcVersion="${version%-rc}" - - line="$( - awk ' - { gsub(/^redis-|[.]tar[.]gz$/, "", $2) } - $1 == "hash" && $2 ~ /^'"$rcVersion"'([.]|$)/ { print } - ' <<< "$packages" \ - | sort -rV \ - | head -1 - )" - - if [ -n "$line" ]; then - fullVersion="$(cut -d' ' -f2 <<<"$line")" - downloadUrl="$(cut -d' ' -f5 <<<"$line")" - shaHash="$(cut -d' ' -f4 <<<"$line")" - shaType="$(cut -d' ' -f3 <<<"$line")" - elif [ "$version" != "$rcVersion" ] && fullVersion="$( - git ls-remote --tags https://github.com/redis/redis.git "refs/tags/$rcVersion*" \ - | cut -d/ -f3 \ - | cut -d^ -f1 \ - | sort -urV \ - | head -1 - )" && [ -n "$fullVersion" ]; then - downloadUrl="https://github.com/redis/redis/archive/$fullVersion.tar.gz" - shaType='sha256' - shaHash="$(curl -fsSL "$downloadUrl" | "${shaType}sum" | cut -d' ' -f1)" - else - echo >&2 "error: full version for $version cannot be determined" - exit 1 - fi - [ "$shaType" = 'sha256' ] || [ "$shaType" = 'sha1' ] -} +packages="$( + wget -qO- 'https://github.com/redis/redis-hashes/raw/master/README' \ + | jq -csR ' + rtrimstr("\n") + | split("\n") + | map( + # this capture will naturally ignore comments and blank lines + capture( + [ + "^hash[[:space:]]+", + "(?redis-", + "(?([0-9.]+)(-rc[0-9]+)?)", + "[.][^[:space:]]+)[[:space:]]+", + "(?sha256|sha1)[[:space:]]+", # this filters us down to just the checksum types we are prepared to handle right now + "(?[0-9a-f]{64}|[0-9a-f]{40})[[:space:]]+", + "(?[^[:space:]]+)", + "$" + ] | join("") + ) + | { + version: .version, + url: .url, + (.type): .sum, + } + ) + ' +)" for version in "${versions[@]}"; do - export version - - versionAlpineVersion="${alpineVersions[$version]:-$defaultAlpineVersion}" - versionDebianSuite="${debianSuites[$version]:-$defaultDebianSuite}" - export versionAlpineVersion versionDebianSuite - - doc="$(jq -nc '{ - alpine: env.versionAlpineVersion, - debian: env.versionDebianSuite, - }')" - - fetch_package_list - get_version "$version" - - for suite in "${supportedDebianSuites[@]}"; do - export suite - doc="$(jq <<<"$doc" -c ' - .variants += [ env.suite ] - ')" - done - - for alpineVersion in "${supportedAlpineVersions[@]}"; do - doc="$(jq <<<"$doc" -c --arg v "$alpineVersion" ' - .variants += [ "alpine" + $v ] - ')" - done + export version rcVersion="${version%-rc}" + + doc="$( + jq <<<"$packages" -c ' + map( + select( + .version + | ( + startswith(env.rcVersion + ".") + or startswith(env.rcVersion + "-") + ) and ( + index("-") + | if env.version == env.rcVersion then not else . end + ) + ) + )[-1] + ' + )" + fullVersion="$(jq <<<"$doc" -r '.version')" echo "$version: $fullVersion" - export fullVersion shaType shaHash downloadUrl gosuVersion json="$(jq <<<"$json" -c --argjson doc "$doc" ' .[env.version] = ($doc + { - version: env.fullVersion, - downloadUrl: env.downloadUrl, - (env.shaType): env.shaHash, - "gosu": { - version: env.gosuVersion - } + debian: { version: env.debian }, + alpine: { version: env.alpine }, + gosu: (env.gosu | fromjson), }) ')" done -jq <<<"$json" -S . > versions.json +jq <<<"$json" . > versions.json