jonny/x86_64-alpine-php
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request '3.11.6' (#1) from 3.11.6 into master

Browse Source 
Reviewed-on: #1
This commit is contained in:
Jonny Ervine 2020-07-20 15:29:22 +00:00
commit 5c9d27188c
7 changed files with 614 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

232
Dockerfile Normal file
View File

@ -0,0 +1,232 @@
#
# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh"
#
# PLEASE DO NOT EDIT IT DIRECTLY.
#
FROM harbor.ervine.dev/library/x86_64/alpine/alpine-3.12
# dependencies required for running "phpize"
# these get automatically installed and removed by "docker-php-ext-*" (unless they're already installed)
ENV PHPIZE_DEPS \
autoconf \
dpkg-dev dpkg \
file \
g++ \
gcc \
libc-dev \
libzip-dev \
make \
pkgconf \
re2c
# persistent / runtime deps
RUN apk add --no-cache \
ca-certificates \
curl \
tar \
xz \
# https://github.com/docker-library/php/issues/494
openssl
# ensure www-data user exists
RUN set -eux; \
addgroup -g 82 -S www-data; \
adduser -u 82 -D -S -G www-data www-data
# 82 is the standard uid/gid for "www-data" in Alpine
# https://git.alpinelinux.org/aports/tree/main/apache2/apache2.pre-install?h=3.9-stable
# https://git.alpinelinux.org/aports/tree/main/lighttpd/lighttpd.pre-install?h=3.9-stable
# https://git.alpinelinux.org/aports/tree/main/nginx/nginx.pre-install?h=3.9-stable
ENV PHP_INI_DIR /usr/local/etc/php
RUN set -eux; \
mkdir -p "$PHP_INI_DIR/conf.d"; \
# allow running as an arbitrary user (https://github.com/docker-library/php/issues/743)
[ ! -d /var/www/html ]; \
mkdir -p /var/www/html; \
chown www-data:www-data /var/www/html; \
chmod 777 /var/www/html
ENV PHP_EXTRA_CONFIGURE_ARGS --enable-fpm --with-fpm-user=www-data --with-fpm-group=www-data --disable-cgi
# Apply stack smash protection to functions using local buffers and alloca()
# Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64)
# Enable optimization (-O2)
# Enable linker optimization (this sorts the hash buckets to improve cache locality, and is non-default)
# Adds GNU HASH segments to generated executables (this is used if present, and is much faster than sysv hash; in this configuration, sysv hash is also generated)
# https://github.com/docker-library/php/issues/272
ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2"
ENV PHP_CPPFLAGS="$PHP_CFLAGS"
ENV PHP_LDFLAGS="-Wl,-O1 -Wl,--hash-style=both -pie"
ENV GPG_KEYS CBAF69F173A0FEA4B537F470D66C9593118BCCB6 F38252826ACD957EF380D39F2F7956BC5DA04B5D
ENV PHP_VERSION 7.3.9
ENV PHP_URL="https://www.php.net/get/php-7.3.9.tar.xz/from/this/mirror" PHP_ASC_URL="https://www.php.net/get/php-7.3.9.tar.xz.asc/from/this/mirror"
ENV PHP_SHA256="4007f24a39822bef2805b75c625551d30be9eeed329d52eb0838fa5c1b91c1fd" PHP_MD5=""
RUN set -eux; \
\
apk add --no-cache --virtual .fetch-deps gnupg; \
\
mkdir -p /usr/src; \
cd /usr/src; \
\
curl -fsSL -o php.tar.xz "$PHP_URL"; \
\
if [ -n "$PHP_SHA256" ]; then \
echo "$PHP_SHA256 *php.tar.xz" | sha256sum -c -; \
fi; \
if [ -n "$PHP_MD5" ]; then \
echo "$PHP_MD5 *php.tar.xz" | md5sum -c -; \
fi; \
\
if [ -n "$PHP_ASC_URL" ]; then \
curl -fsSL -o php.tar.xz.asc "$PHP_ASC_URL"; \
export GNUPGHOME="$(mktemp -d)"; \
for key in $GPG_KEYS; do \
gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
done; \
gpg --batch --verify php.tar.xz.asc php.tar.xz; \
gpgconf --kill all; \
rm -rf "$GNUPGHOME"; \
fi; \
\
apk del --no-network .fetch-deps
COPY docker-php-source /usr/local/bin/
RUN set -eux; \
apk add --no-cache --virtual .build-deps \
$PHPIZE_DEPS \
argon2-dev \
coreutils \
curl-dev \
libedit-dev \
libsodium-dev \
libxml2-dev \
openssl-dev \
sqlite-dev \
; \
\
export CFLAGS="$PHP_CFLAGS" \
CPPFLAGS="$PHP_CPPFLAGS" \
LDFLAGS="$PHP_LDFLAGS" \
; \
docker-php-source extract; \
cd /usr/src/php; \
gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \
./configure \
--build="$gnuArch" \
--with-config-file-path="$PHP_INI_DIR" \
--with-config-file-scan-dir="$PHP_INI_DIR/conf.d" \
\
# make sure invalid --configure-flags are fatal errors intead of just warnings
--enable-option-checking=fatal \
\
# https://github.com/docker-library/php/issues/439
--with-mhash \
\
# --enable-ftp is included here because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236)
--enable-ftp \
# --enable-mbstring is included here because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195)
--enable-mbstring \
# --enable-mysqlnd is included here because it's harder to compile after the fact than extensions are (since it's a plugin for several extensions, not an extension in itself)
--enable-mysqlnd \
# https://wiki.php.net/rfc/argon2_password_hash (7.2+)
--with-password-argon2 \
# https://wiki.php.net/rfc/libsodium
--with-sodium=shared \
\
--with-curl \
--with-libedit \
--with-openssl \
--with-zlib \
\
# bundled pcre does not support JIT on s390x
# https://manpages.debian.org/stretch/libpcre3-dev/pcrejit.3.en.html#AVAILABILITY_OF_JIT_SUPPORT
$(test "$gnuArch" = 's390x-linux-musl' && echo '--without-pcre-jit') \
\
${PHP_EXTRA_CONFIGURE_ARGS:-} \
; \
make -j "$(nproc)"; \
find -type f -name '*.a' -delete; \
make install; \
find /usr/local/bin /usr/local/sbin -type f -perm +0111 -exec strip --strip-all '{}' + || true; \
make clean; \
\
# https://github.com/docker-library/php/issues/692 (copy default example "php.ini" files somewhere easily discoverable)
cp -v php.ini-* "$PHP_INI_DIR/"; \
\
cd /; \
docker-php-source delete; \
\
runDeps="$( \
scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \
| tr ',' '\n' \
| sort -u \
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
)"; \
apk add --no-cache $runDeps; \
\
apk del --no-network .build-deps; \
\
# update pecl channel definitions https://github.com/docker-library/php/issues/443
pecl update-channels; \
rm -rf /tmp/pear ~/.pearrc; \
# smoke test
php --version
COPY docker-php-ext-* docker-php-entrypoint /usr/local/bin/
# sodium was built as a shared module (so that it can be replaced later if so desired), so let's enable it too (https://github.com/docker-library/php/issues/598)
RUN docker-php-ext-enable sodium
ENTRYPOINT ["docker-php-entrypoint"]
WORKDIR /var/www/html
RUN set -eux; \
cd /usr/local/etc; \
if [ -d php-fpm.d ]; then \
# for some reason, upstream's php-fpm.conf.default has "include=NONE/etc/php-fpm.d/*.conf"
sed 's!=NONE/!=!g' php-fpm.conf.default | tee php-fpm.conf > /dev/null; \
cp php-fpm.d/www.conf.default php-fpm.d/www.conf; \
else \
# PHP 5.x doesn't use "include=" by default, so we'll create our own simple config that mimics PHP 7+ for consistency
mkdir php-fpm.d; \
cp php-fpm.conf.default php-fpm.d/www.conf; \
{ \
echo '[global]'; \
echo 'include=etc/php-fpm.d/*.conf'; \
} | tee php-fpm.conf; \
fi; \
{ \
echo '[global]'; \
echo 'error_log = /proc/self/fd/2'; \
echo; echo '; https://github.com/docker-library/php/pull/725#issuecomment-443540114'; echo 'log_limit = 8192'; \
echo; \
echo '[www]'; \
echo '; if we send this to /proc/self/fd/1, it never appears'; \
echo 'access.log = /proc/self/fd/2'; \
echo; \
echo 'clear_env = no'; \
echo; \
echo '; Ensure worker stdout and stderr are sent to the main error log.'; \
echo 'catch_workers_output = yes'; \
echo 'decorate_workers_output = no'; \
} | tee php-fpm.d/docker.conf; \
{ \
echo '[global]'; \
echo 'daemonize = no'; \
echo; \
echo '[www]'; \
echo 'listen = 9000'; \
} | tee php-fpm.d/zz-docker.conf
# Override stop signal to stop process gracefully
# https://github.com/php/php-src/blob/17baa87faddc2550def3ae7314236826bc1b1398/sapi/fpm/php-fpm.8.in#L163
STOPSIGNAL SIGQUIT
EXPOSE 9000
CMD ["php-fpm"]

34
Jenkinsfile vendored Normal file
View File

@ -0,0 +1,34 @@
podTemplate(yaml: """
kind: Pod
spec:
containers:
- name: kaniko
image: gcr.io/kaniko-project/executor:debug-539ddefcae3fd6b411a95982a830d987f4214251
imagePullPolicy: Always
command:
- /busybox/cat
tty: true
volumeMounts:
- name: jenkins-docker-cfg
mountPath: /kaniko/.docker
volumes:
- name: jenkins-docker-cfg
projected:
sources:
- secret:
name: regcred
items:
- key: .dockerconfigjson
path: config.json
"""
) {
node(POD_LABEL) {
stage('Build with Kaniko') {
git url: 'ssh://git@git.ervine.org/jonny/x86_64-alpine-php.git', credentialsId: 'jenkins-to-git'
container('kaniko') {
sh '/kaniko/executor -f `pwd`/Dockerfile -c `pwd` --cache=true --destination=harbor.ervine.dev/library/x86_64/alpine/php-source:latest --destination=harbor.ervine.dev/library/x86_64/alpine/php-source:3.12.0'
}
}
}
}

9
docker-php-entrypoint Executable file
View File

@ -0,0 +1,9 @@
#!/bin/sh
set -e
# first arg is `-f` or `--some-option`
if [ "${1#-}" != "$1" ]; then
set -- php-fpm "$@"
fi
exec "$@"

69
docker-php-ext-configure Executable file
View File

@ -0,0 +1,69 @@
#!/bin/sh
set -e
# prefer user supplied CFLAGS, but default to our PHP_CFLAGS
: ${CFLAGS:=$PHP_CFLAGS}
: ${CPPFLAGS:=$PHP_CPPFLAGS}
: ${LDFLAGS:=$PHP_LDFLAGS}
export CFLAGS CPPFLAGS LDFLAGS
srcExists=
if [ -d /usr/src/php ]; then
srcExists=1
fi
docker-php-source extract
if [ -z "$srcExists" ]; then
touch /usr/src/php/.docker-delete-me
fi
cd /usr/src/php/ext
usage() {
echo "usage: $0 ext-name [configure flags]"
echo " ie: $0 gd --with-jpeg-dir=/usr/local/something"
echo
echo 'Possible values for ext-name:'
find . \
-mindepth 2 \
-maxdepth 2 \
-type f \
-name 'config.m4' \
| xargs -n1 dirname \
| xargs -n1 basename \
| sort \
| xargs
echo
echo 'Some of the above modules are already compiled into PHP; please check'
echo 'the output of "php -i" to see which modules are already loaded.'
}
ext="$1"
if [ -z "$ext" ] || [ ! -d "$ext" ]; then
usage >&2
exit 1
fi
shift
pm='unknown'
if [ -e /lib/apk/db/installed ]; then
pm='apk'
fi
if [ "$pm" = 'apk' ]; then
if \
[ -n "$PHPIZE_DEPS" ] \
&& ! apk info --installed .phpize-deps > /dev/null \
&& ! apk info --installed .phpize-deps-configure > /dev/null \
; then
apk add --no-cache --virtual .phpize-deps-configure $PHPIZE_DEPS
fi
fi
if command -v dpkg-architecture > /dev/null; then
gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"
set -- --build="$gnuArch" "$@"
fi
cd "$ext"
phpize
./configure "$@"

114
docker-php-ext-enable Executable file
View File

@ -0,0 +1,114 @@
#!/bin/sh
set -e
extDir="$(php -r 'echo ini_get("extension_dir");')"
cd "$extDir"
usage() {
echo "usage: $0 [options] module-name [module-name ...]"
echo " ie: $0 gd mysqli"
echo " $0 pdo pdo_mysql"
echo " $0 --ini-name 0-apc.ini apcu apc"
echo
echo 'Possible values for module-name:'
find -maxdepth 1 \
-type f \
-name '*.so' \
-exec basename '{}' ';' \
| sort \
| xargs
echo
echo 'Some of the above modules are already compiled into PHP; please check'
echo 'the output of "php -i" to see which modules are already loaded.'
}
opts="$(getopt -o 'h?' --long 'help,ini-name:' -- "$@" || { usage >&2 && false; })"
eval set -- "$opts"
iniName=
while true; do
flag="$1"
shift
case "$flag" in
--help|-h|'-?') usage && exit 0 ;;
--ini-name) iniName="$1" && shift ;;
--) break ;;
*)
{
echo "error: unknown flag: $flag"
usage
} >&2
exit 1
;;
esac
done
modules=
for module; do
if [ -z "$module" ]; then
continue
fi
if [ -f "$module.so" ] && ! [ -f "$module" ]; then
# allow ".so" to be optional
module="$module.so"
fi
if ! [ -f "$module" ]; then
echo >&2 "error: '$module' does not exist"
echo >&2
usage >&2
exit 1
fi
modules="$modules $module"
done
if [ -z "$modules" ]; then
usage >&2
exit 1
fi
pm='unknown'
if [ -e /lib/apk/db/installed ]; then
pm='apk'
fi
apkDel=
if [ "$pm" = 'apk' ]; then
if \
[ -n "$PHPIZE_DEPS" ] \
&& ! apk info --installed .phpize-deps > /dev/null \
&& ! apk info --installed .phpize-deps-configure > /dev/null \
; then
apk add --no-cache --virtual '.docker-php-ext-enable-deps' binutils
apkDel='.docker-php-ext-enable-deps'
fi
fi
for module in $modules; do
if readelf --wide --syms "$module" | grep -q ' zend_extension_entry$'; then
# https://wiki.php.net/internals/extensions#loading_zend_extensions
absModule="$(readlink -f "$module")"
line="zend_extension=$absModule"
else
line="extension=$module"
fi
ext="$(basename "$module")"
ext="${ext%.*}"
if php -r 'exit(extension_loaded("'"$ext"'") ? 0 : 1);'; then
# this isn't perfect, but it's better than nothing
# (for example, 'opcache.so' presents inside PHP as 'Zend OPcache', not 'opcache')
echo >&2
echo >&2 "warning: $ext ($module) is already loaded!"
echo >&2
continue
fi
ini="/usr/local/etc/php/conf.d/${iniName:-"docker-php-ext-$ext.ini"}"
if ! grep -q "$line" "$ini" 2>/dev/null; then
echo "$line" >> "$ini"
fi
done
if [ "$pm" = 'apk' ] && [ -n "$apkDel" ]; then
apk del $apkDel
fi

122
docker-php-ext-install Executable file
View File

@ -0,0 +1,122 @@
#!/bin/sh
set -e
# prefer user supplied CFLAGS, but default to our PHP_CFLAGS
: ${CFLAGS:=$PHP_CFLAGS}
: ${CPPFLAGS:=$PHP_CPPFLAGS}
: ${LDFLAGS:=$PHP_LDFLAGS}
export CFLAGS CPPFLAGS LDFLAGS
srcExists=
if [ -d /usr/src/php ]; then
srcExists=1
fi
docker-php-source extract
if [ -z "$srcExists" ]; then
touch /usr/src/php/.docker-delete-me
fi
cd /usr/src/php/ext
usage() {
echo "usage: $0 [-jN] ext-name [ext-name ...]"
echo " ie: $0 gd mysqli"
echo " $0 pdo pdo_mysql"
echo " $0 -j5 gd mbstring mysqli pdo pdo_mysql shmop"
echo
echo 'if custom ./configure arguments are necessary, see docker-php-ext-configure'
echo
echo 'Possible values for ext-name:'
find . \
-mindepth 2 \
-maxdepth 2 \
-type f \
-name 'config.m4' \
| xargs -n1 dirname \
| xargs -n1 basename \
| sort \
| xargs
echo
echo 'Some of the above modules are already compiled into PHP; please check'
echo 'the output of "php -i" to see which modules are already loaded.'
}
opts="$(getopt -o 'h?j:' --long 'help,jobs:' -- "$@" || { usage >&2 && false; })"
eval set -- "$opts"
j=1
while true; do
flag="$1"
shift
case "$flag" in
--help|-h|'-?') usage && exit 0 ;;
--jobs|-j) j="$1" && shift ;;
--) break ;;
*)
{
echo "error: unknown flag: $flag"
usage
} >&2
exit 1
;;
esac
done
exts=
for ext; do
if [ -z "$ext" ]; then
continue
fi
if [ ! -d "$ext" ]; then
echo >&2 "error: $PWD/$ext does not exist"
echo >&2
usage >&2
exit 1
fi
exts="$exts $ext"
done
if [ -z "$exts" ]; then
usage >&2
exit 1
fi
pm='unknown'
if [ -e /lib/apk/db/installed ]; then
pm='apk'
fi
apkDel=
if [ "$pm" = 'apk' ]; then
if [ -n "$PHPIZE_DEPS" ]; then
if apk info --installed .phpize-deps-configure > /dev/null; then
apkDel='.phpize-deps-configure'
elif ! apk info --installed .phpize-deps > /dev/null; then
apk add --no-cache --virtual .phpize-deps $PHPIZE_DEPS
apkDel='.phpize-deps'
fi
fi
fi
popDir="$PWD"
for ext in $exts; do
cd "$ext"
[ -e Makefile ] || docker-php-ext-configure "$ext"
make -j"$j"
make -j"$j" install
find modules \
-maxdepth 1 \
-name '*.so' \
-exec basename '{}' ';' \
| xargs -r docker-php-ext-enable
make -j"$j" clean
cd "$popDir"
done
if [ "$pm" = 'apk' ] && [ -n "$apkDel" ]; then
apk del $apkDel
fi
if [ -e /usr/src/php/.docker-delete-me ]; then
docker-php-source delete
fi

34
docker-php-source Executable file
View File

@ -0,0 +1,34 @@
#!/bin/sh
set -e
dir=/usr/src/php
usage() {
echo "usage: $0 COMMAND"
echo
echo "Manage php source tarball lifecycle."
echo
echo "Commands:"
echo " extract extract php source tarball into directory $dir if not already done."
echo " delete delete extracted php source located into $dir if not already done."
echo
}
case "$1" in
extract)
mkdir -p "$dir"
if [ ! -f "$dir/.docker-extracted" ]; then
tar -Jxf /usr/src/php.tar.xz -C "$dir" --strip-components=1
touch "$dir/.docker-extracted"
fi
;;
delete)
rm -rf "$dir"
;;
*)
usage
exit 1
;;
esac