Skip to content
This repository has been archived by the owner on Jan 30, 2020. It is now read-only.

Commit

Permalink
Merge pull request #65 from infosiftr/suite-tags
Browse files Browse the repository at this point in the history 
Add arches supported by upstream percona (i386), add suite tags for `jessie` (so we can move to `stretch`)
  • Loading branch information
@tianon
tianon authored Jul 26, 2018
2 parents 01c136a + 2bc351a commit a5938c8
Show file tree
Hide file tree
Showing 7 changed files with 342 additions and 122 deletions.
44 changes: 44 additions & 0 deletions .architectures-lib
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
#!/usr/bin/env bash

hasBashbrewArch() {
local version="$1"; shift
local bashbrewArch="$1"; shift
local arches="$(grep 'bashbrew-architectures:' "$version/Dockerfile" | cut -d':' -f2)"
[[ " $arches " == *" $bashbrewArch "* ]]
}

_generateParentRepoToArches() {
local repo="$1"; shift
local officialImagesUrl='https://github.com/docker-library/official-images/raw/master/library/'

eval "declare -g -A parentRepoToArches=( $(
find -name 'Dockerfile' -exec awk '
toupper($1) == "FROM" && $2 !~ /^('"$repo"'|scratch|microsoft\/[^:]+)(:|$)/ {
print "'"$officialImagesUrl"'" $2
}
' '{}' + \
| sort -u \
| xargs bashbrew cat --format '[{{ .RepoName }}:{{ .TagName }}]="{{ join " " .TagEntry.Architectures }}"'
) )"
}
_generateParentRepoToArches 'percona'

parentArches() {
local version="$1"; shift # "1.8", etc

local parent="$(awk 'toupper($1) == "FROM" { print $2 }' "$version/Dockerfile")"
echo "${parentRepoToArches[$parent]:-}"
}
versionArches() {
local version="$1"; shift # "1.8", etc

local parentArches="$(parentArches "$version")"

local variantArches=()
for arch in $parentArches; do
if hasBashbrewArch "$version" "$arch"; then
variantArches+=( "$arch" )
fi
done
echo "${variantArches[*]}"
}
83 changes: 58 additions & 25 deletions 5.5/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,24 +4,52 @@ FROM debian:jessie
# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
RUN groupadd -r mysql && useradd -r -g mysql mysql

# https://bugs.debian.org/830696 (apt uses gpgv by default in newer releases, rather than gpg)
RUN set -ex; \
apt-get update; \
if ! which gpg; then \
apt-get install -y --no-install-recommends gnupg; \
fi; \
# Ubuntu includes "gnupg" (not "gnupg2", but still 2.x), but not dirmngr, and gnupg 2.x requires dirmngr
# so, if we're not running gnupg 1.x, explicitly install dirmngr too
if ! gpg --version | grep -q '^gpg (GnuPG) 1\.'; then \
apt-get install -y --no-install-recommends dirmngr; \
fi; \
rm -rf /var/lib/apt/lists/*

# add gosu for easy step-down from root
ENV GOSU_VERSION 1.7
RUN set -x \
&& apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \
&& wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
&& wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
&& export GNUPGHOME="$(mktemp -d)" \
&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
&& gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
&& rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \
&& chmod +x /usr/local/bin/gosu \
&& gosu nobody true \
&& apt-get purge -y --auto-remove ca-certificates wget
ENV GOSU_VERSION 1.10
RUN set -ex; \
\
fetchDeps=' \
ca-certificates \
wget \
'; \
apt-get update; \
apt-get install -y --no-install-recommends $fetchDeps; \
rm -rf /var/lib/apt/lists/*; \
\
dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
\
# verify the signature
export GNUPGHOME="$(mktemp -d)"; \
gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
command -v gpgconf > /dev/null && gpgconf --kill all || :; \
rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \
\
chmod +x /usr/local/bin/gosu; \
# verify that the binary works
gosu nobody true; \
\
apt-get purge -y --auto-remove $fetchDeps

RUN mkdir /docker-entrypoint-initdb.d

# install "pwgen" for randomizing passwords
# install "apt-transport-https" for Percona's repo (switched to https-only)
# install "pwgen" for randomizing passwords
RUN apt-get update && apt-get install -y --no-install-recommends \
apt-transport-https ca-certificates \
pwgen \
Expand All @@ -44,17 +72,20 @@ RUN set -ex; \
gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
done; \
gpg --export $GPG_KEYS > /etc/apt/trusted.gpg.d/percona.gpg; \
command -v gpgconf > /dev/null && gpgconf --kill all || :; \
rm -r "$GNUPGHOME"; \
apt-key list

RUN echo 'deb https://repo.percona.com/apt jessie main' > /etc/apt/sources.list.d/percona.list

# bashbrew-architectures: amd64 i386
ENV PERCONA_MAJOR 5.5
ENV PERCONA_VERSION 5.5.60-rel38.12-1.jessie

# the "/var/lib/mysql" stuff here is because the mysql-server postinst doesn't have an explicit way to disable the mysql_install_db codepath besides having a database already "configured" (ie, stuff in /var/lib/mysql/mysql)
# also, we set debconf keys to make APT a little quieter
RUN { \
RUN set -ex; \
{ \
for key in \
percona-server-server/root_password \
percona-server-server/root_password_again \
Expand All @@ -63,24 +94,26 @@ RUN { \
; do \
echo "percona-server-server-$PERCONA_MAJOR" "$key" password 'unused'; \
done; \
} | debconf-set-selections \
&& apt-get update \
&& apt-get install -y \
} | debconf-set-selections; \
apt-get update; \
apt-get install -y \
percona-server-server-$PERCONA_MAJOR=$PERCONA_VERSION \
&& rm -rf /var/lib/apt/lists/* \
; \
rm -rf /var/lib/apt/lists/*; \
# comment out any "user" entires in the MySQL config ("docker-entrypoint.sh" or "--user" will handle user switching)
&& sed -ri 's/^user\s/#&/' /etc/mysql/my.cnf \
sed -ri 's/^user\s/#&/' /etc/mysql/my.cnf; \
# purge and re-create /var/lib/mysql with appropriate ownership
&& rm -rf /var/lib/mysql && mkdir -p /var/lib/mysql /var/run/mysqld \
&& chown -R mysql:mysql /var/lib/mysql /var/run/mysqld \
rm -rf /var/lib/mysql; \
mkdir -p /var/lib/mysql /var/run/mysqld; \
chown -R mysql:mysql /var/lib/mysql /var/run/mysqld; \
# ensure that /var/run/mysqld (used for socket and lock files) is writable regardless of the UID our mysqld instance ends up having at runtime
&& chmod 777 /var/run/mysqld \
chmod 777 /var/run/mysqld; \
# comment out a few problematic configuration values
&& find /etc/mysql/ -name '*.cnf' -print0 \
find /etc/mysql/ -name '*.cnf' -print0 \
| xargs -0 grep -lZE '^(bind-address|log)' \
| xargs -rt -0 sed -Ei 's/^(bind-address|log)/#&/' \
| xargs -rt -0 sed -Ei 's/^(bind-address|log)/#&/'; \
# don't reverse lookup hostnames, they are usually another container
&& echo '[mysqld]\nskip-host-cache\nskip-name-resolve' > /etc/mysql/conf.d/docker.cnf
echo '[mysqld]\nskip-host-cache\nskip-name-resolve' > /etc/mysql/conf.d/docker.cnf

VOLUME ["/var/lib/mysql", "/var/log/mysql"]

Expand Down
83 changes: 58 additions & 25 deletions 5.6/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,24 +4,52 @@ FROM debian:jessie
# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
RUN groupadd -r mysql && useradd -r -g mysql mysql

# https://bugs.debian.org/830696 (apt uses gpgv by default in newer releases, rather than gpg)
RUN set -ex; \
apt-get update; \
if ! which gpg; then \
apt-get install -y --no-install-recommends gnupg; \
fi; \
# Ubuntu includes "gnupg" (not "gnupg2", but still 2.x), but not dirmngr, and gnupg 2.x requires dirmngr
# so, if we're not running gnupg 1.x, explicitly install dirmngr too
if ! gpg --version | grep -q '^gpg (GnuPG) 1\.'; then \
apt-get install -y --no-install-recommends dirmngr; \
fi; \
rm -rf /var/lib/apt/lists/*

# add gosu for easy step-down from root
ENV GOSU_VERSION 1.7
RUN set -x \
&& apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \
&& wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
&& wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
&& export GNUPGHOME="$(mktemp -d)" \
&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
&& gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
&& rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \
&& chmod +x /usr/local/bin/gosu \
&& gosu nobody true \
&& apt-get purge -y --auto-remove ca-certificates wget
ENV GOSU_VERSION 1.10
RUN set -ex; \
\
fetchDeps=' \
ca-certificates \
wget \
'; \
apt-get update; \
apt-get install -y --no-install-recommends $fetchDeps; \
rm -rf /var/lib/apt/lists/*; \
\
dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
\
# verify the signature
export GNUPGHOME="$(mktemp -d)"; \
gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
command -v gpgconf > /dev/null && gpgconf --kill all || :; \
rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \
\
chmod +x /usr/local/bin/gosu; \
# verify that the binary works
gosu nobody true; \
\
apt-get purge -y --auto-remove $fetchDeps

RUN mkdir /docker-entrypoint-initdb.d

# install "pwgen" for randomizing passwords
# install "apt-transport-https" for Percona's repo (switched to https-only)
# install "pwgen" for randomizing passwords
RUN apt-get update && apt-get install -y --no-install-recommends \
apt-transport-https ca-certificates \
pwgen \
Expand All @@ -44,17 +72,20 @@ RUN set -ex; \
gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
done; \
gpg --export $GPG_KEYS > /etc/apt/trusted.gpg.d/percona.gpg; \
command -v gpgconf > /dev/null && gpgconf --kill all || :; \
rm -r "$GNUPGHOME"; \
apt-key list

RUN echo 'deb https://repo.percona.com/apt jessie main' > /etc/apt/sources.list.d/percona.list

# bashbrew-architectures: amd64 i386
ENV PERCONA_MAJOR 5.6
ENV PERCONA_VERSION 5.6.40-84.0-1.jessie

# the "/var/lib/mysql" stuff here is because the mysql-server postinst doesn't have an explicit way to disable the mysql_install_db codepath besides having a database already "configured" (ie, stuff in /var/lib/mysql/mysql)
# also, we set debconf keys to make APT a little quieter
RUN { \
RUN set -ex; \
{ \
for key in \
percona-server-server/root_password \
percona-server-server/root_password_again \
Expand All @@ -63,24 +94,26 @@ RUN { \
; do \
echo "percona-server-server-$PERCONA_MAJOR" "$key" password 'unused'; \
done; \
} | debconf-set-selections \
&& apt-get update \
&& apt-get install -y \
} | debconf-set-selections; \
apt-get update; \
apt-get install -y \
percona-server-server-$PERCONA_MAJOR=$PERCONA_VERSION \
&& rm -rf /var/lib/apt/lists/* \
; \
rm -rf /var/lib/apt/lists/*; \
# comment out any "user" entires in the MySQL config ("docker-entrypoint.sh" or "--user" will handle user switching)
&& sed -ri 's/^user\s/#&/' /etc/mysql/my.cnf \
sed -ri 's/^user\s/#&/' /etc/mysql/my.cnf; \
# purge and re-create /var/lib/mysql with appropriate ownership
&& rm -rf /var/lib/mysql && mkdir -p /var/lib/mysql /var/run/mysqld \
&& chown -R mysql:mysql /var/lib/mysql /var/run/mysqld \
rm -rf /var/lib/mysql; \
mkdir -p /var/lib/mysql /var/run/mysqld; \
chown -R mysql:mysql /var/lib/mysql /var/run/mysqld; \
# ensure that /var/run/mysqld (used for socket and lock files) is writable regardless of the UID our mysqld instance ends up having at runtime
&& chmod 777 /var/run/mysqld \
chmod 777 /var/run/mysqld; \
# comment out a few problematic configuration values
&& find /etc/mysql/ -name '*.cnf' -print0 \
find /etc/mysql/ -name '*.cnf' -print0 \
| xargs -0 grep -lZE '^(bind-address|log)' \
| xargs -rt -0 sed -Ei 's/^(bind-address|log)/#&/' \
| xargs -rt -0 sed -Ei 's/^(bind-address|log)/#&/'; \
# don't reverse lookup hostnames, they are usually another container
&& echo '[mysqld]\nskip-host-cache\nskip-name-resolve' > /etc/mysql/conf.d/docker.cnf
echo '[mysqld]\nskip-host-cache\nskip-name-resolve' > /etc/mysql/conf.d/docker.cnf

VOLUME ["/var/lib/mysql", "/var/log/mysql"]

Expand Down
Loading

0 comments on commit a5938c8

Please sign in to comment.