diff --git a/.asf.yaml b/.asf.yaml new file mode 100644 index 0000000..be0b311 --- /dev/null +++ b/.asf.yaml @@ -0,0 +1,18 @@ +github: + description: "Semi-official Apache CouchDB Docker images" + homepage: https://github.com/apache/couchdb-docker + labels: + - apache + - couchdb + - erlang + - network-client + - http + - cplusplus + - big-data + - cloud + - database + - network-server + - javascript + protected_branches: + main + diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b72f9be --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +*~ +*.swp diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index ba445ff..0000000 --- a/.travis.yml +++ /dev/null @@ -1,23 +0,0 @@ -sudo: required - -language: minimal - -# Avoid double build on PRs (See https://github.com/travis-ci/travis-ci/issues/1147) -branches: - only: - - master - -services: - - docker - -env: - - RELEASES=2.3.1 - - RELEASES=2.3.1-ubi - - RELEASES=3.0.1 - - RELEASES=3.1.1 - - RELEASES=3.1.1-ubi - - RELEASES=dev - - RELEASES=dev-cluster - -script: - - for rel in $RELEASES; do docker build -t couchdb:$rel $rel; docker run -d --name $rel -e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password -p 5984:5984 couchdb:$rel && sleep 10 && curl http://admin:password@localhost:5984/ && docker kill $rel; done diff --git a/1.7.2-couchperuser/Dockerfile b/1.7.2-couchperuser/Dockerfile deleted file mode 100644 index 76eaab4..0000000 --- a/1.7.2-couchperuser/Dockerfile +++ /dev/null @@ -1,27 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -FROM apache/couchdb:1.7.2 - -MAINTAINER CouchDB Developers dev@couchdb.apache.org - -ENV COUCHPERUSER_SHA 5d28db3272eea9619d4391b33aae6030f0319ecc54aa2a2f2b6c6a8d448f03f2 -RUN apt-get update && apt-get install -y rebar make \ - && mkdir -p /usr/local/lib/couchdb/plugins/couchperuser \ - && cd /usr/local/lib/couchdb/plugins \ - && curl -L -o couchperuser.tar.gz https://github.com/etrepum/couchperuser/archive/1.1.0.tar.gz \ - && echo "$COUCHPERUSER_SHA *couchperuser.tar.gz" | sha256sum -c - \ - && tar -xzf couchperuser.tar.gz -C couchperuser --strip-components=1 \ - && rm couchperuser.tar.gz \ - && cd couchperuser \ - && make \ - && apt-get purge -y --auto-remove rebar make diff --git a/1.7.2-couchperuser/docker-entrypoint.sh b/1.7.2-couchperuser/docker-entrypoint.sh deleted file mode 100755 index ba4dac3..0000000 --- a/1.7.2-couchperuser/docker-entrypoint.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -set -e - -if [ "$1" = 'couchdb' ]; then - # we need to set the permissions here because docker mounts volumes as root - chown -R couchdb:couchdb \ - /usr/local/var/lib/couchdb \ - /usr/local/var/log/couchdb \ - /usr/local/var/run/couchdb \ - /usr/local/etc/couchdb - - chmod -R 0770 \ - /usr/local/var/lib/couchdb \ - /usr/local/var/log/couchdb \ - /usr/local/var/run/couchdb \ - /usr/local/etc/couchdb - - chmod 664 /usr/local/etc/couchdb/*.ini - chmod 775 /usr/local/etc/couchdb/*.d - exec gosu couchdb "$@" -fi - -exec "$@" diff --git a/1.7.2/Dockerfile b/1.7.2/Dockerfile deleted file mode 100644 index 5e6054c..0000000 --- a/1.7.2/Dockerfile +++ /dev/null @@ -1,123 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -FROM debian:jessie - -MAINTAINER CouchDB Developers dev@couchdb.apache.org - -# Install instructions from https://cwiki.apache.org/confluence/display/COUCHDB/Debian - -RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb - -RUN apt-get update -y && apt-get install -y --no-install-recommends \ - ca-certificates \ - curl \ - erlang-nox \ - libicu52 \ - libmozjs185-1.0 \ - libnspr4 \ - libnspr4-0d \ - && rm -rf /var/lib/apt/lists/* - -ENV GOSU_VERSION 1.10 -ENV TINI_VERSION 0.16.1 -RUN set -ex; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends wget; \ - rm -rf /var/lib/apt/lists/*; \ - \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - \ -# install gosu - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$%7BGOSU_VERSION%7D/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - chmod +x /usr/local/bin/gosu; \ - gosu nobody true; \ - \ -# install tini - wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch"; \ - wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7; \ - gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ - rm -r "$GNUPGHOME" /usr/local/bin/tini.asc; \ - chmod +x /usr/local/bin/tini; \ - tini --version; \ - \ - apt-get purge -y --auto-remove wget - -# https://www.apache.org/dist/couchdb/KEYS -ENV GPG_KEYS \ - 15DD4F3B8AACA54740EB78C7B7B7C53943ECCEE1 \ - 1CFBFA43C19B6DF4A0CA3934669C02FFDF3CEBA3 \ - 25BBBAC113C1BFD5AA594A4C9F96B92930380381 \ - 4BFCA2B99BADC6F9F105BEC9C5E32E2D6B065BFB \ - 5D680346FAA3E51B29DBCB681015F68F9DA248BC \ - 7BCCEB868313DDA925DF1805ECA5BCB7BB9656B0 \ - C3F4DFAEAD621E1C94523AEEC376457E61D50B88 \ - D2B17F9DA23C0A10991AF2E3D9EE01E47852AEE4 \ - E0AF0A194D55C84E4A19A801CDB0C0F904F4EE9B -RUN set -xe \ - && for key in $GPG_KEYS; do \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ - done - -ENV COUCHDB_VERSION 1.7.2 - -# download dependencies, compile and install couchdb, -# set correct permissions, expose couchdb to the outside and disable logging to disk -RUN buildDeps=' \ - gcc \ - g++ \ - erlang-dev \ - libcurl4-openssl-dev \ - libicu-dev \ - libmozjs185-dev \ - libnspr4-dev \ - make \ - ' \ - && apt-get update && apt-get install -y --no-install-recommends $buildDeps \ - && curl -fSL https://archive.apache.org/dist/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ - && curl -fSL https://archive.apache.org/dist/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz.asc -o couchdb.tar.gz.asc \ - && gpg --batch --verify couchdb.tar.gz.asc couchdb.tar.gz \ - && mkdir -p /usr/src/couchdb \ - && tar -xzf couchdb.tar.gz -C /usr/src/couchdb --strip-components=1 \ - && cd /usr/src/couchdb \ - && ./configure --with-js-lib=/usr/lib --with-js-include=/usr/include/mozjs \ - && make && make install \ - && apt-get purge -y --auto-remove $buildDeps \ - && rm -rf /var/lib/apt/lists/* /usr/src/couchdb /couchdb.tar.gz* \ - && chown -R couchdb:couchdb \ - /usr/local/lib/couchdb /usr/local/etc/couchdb \ - /usr/local/var/lib/couchdb /usr/local/var/log/couchdb /usr/local/var/run/couchdb \ - && chmod -R g+rw \ - /usr/local/lib/couchdb /usr/local/etc/couchdb \ - /usr/local/var/lib/couchdb /usr/local/var/log/couchdb /usr/local/var/run/couchdb \ - && mkdir -p /var/lib/couchdb \ - && sed -e 's/^bind_address = .*$/bind_address = 0.0.0.0/' -i /usr/local/etc/couchdb/default.ini \ - && sed -e 's!/usr/local/var/log/couchdb/couch.log$!/dev/null!' -i /usr/local/etc/couchdb/default.ini - -COPY ./docker-entrypoint.sh / - -# Define mountable directories. -VOLUME ["/usr/local/var/lib/couchdb"] - -EXPOSE 5984 -WORKDIR /var/lib/couchdb - -ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] -CMD ["couchdb"] diff --git a/1.7.2/docker-entrypoint.sh b/1.7.2/docker-entrypoint.sh deleted file mode 100755 index db5a60e..0000000 --- a/1.7.2/docker-entrypoint.sh +++ /dev/null @@ -1,86 +0,0 @@ -#!/bin/bash -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -set -e - -if [ "$1" = 'couchdb' ]; then - # we need to set the permissions here because docker mounts volumes as root - chown -R couchdb:couchdb \ - /usr/local/var/lib/couchdb \ - /usr/local/var/log/couchdb \ - /usr/local/var/run/couchdb \ - /usr/local/etc/couchdb - - chmod -R 0770 \ - /usr/local/var/lib/couchdb \ - /usr/local/var/log/couchdb \ - /usr/local/var/run/couchdb \ - /usr/local/etc/couchdb - - chmod 664 /usr/local/etc/couchdb/*.ini - chmod 775 /usr/local/etc/couchdb/*.d - - if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then - # Create admin - printf "[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" > /usr/local/etc/couchdb/local.d/docker.ini - chown couchdb:couchdb /usr/local/etc/couchdb/local.d/docker.ini - fi - - if [ -f /usr/local/etc/couchdb/local.d/bind_address.ini ]; then - if ! grep -Fq "port =" /usr/local/etc/couchdb/local.d/bind_address.ini; then - vport=$(printf "[httpd]\\\nport = %s" ${COUCHDB_HTTP_PORT:=5984}) - if grep -qF '[httpd]' /usr/local/etc/couchdb/local.d/bind_address.ini; then - sed -i -e "s/\\[httpd\\]/$vport/g" /usr/local/etc/couchdb/local.d/bind_address.ini - else - printf "$vport" >> /usr/local/etc/couchdb/local.d/bind_address.ini - fi - - fi - - if ! grep -Fq "bind_address =" /usr/local/etc/couchdb/local.d/bind_address.ini; then - vaddress=$(printf "[httpd]\\\nbind_address = %s" ${COUCHDB_HTTP_BIND_ADDRESS:=0.0.0.0}) - if grep -qF '[httpd]' /usr/local/etc/couchdb/local.d/bind_address.ini; then - sed -i -e "s/\\[httpd\\]/$vaddress/g" /usr/local/etc/couchdb/local.d/bind_address.ini - else - printf "$vaddress" >> /usr/local/etc/couchdb/local.d/bind_address.ini - fi - - fi - - else - printf "[httpd]\nport = %s\nbind_address = %s\n" ${COUCHDB_HTTP_PORT:=5984} ${COUCHDB_HTTP_BIND_ADDRESS:=0.0.0.0} > /usr/local/etc/couchdb/local.d/bind_address.ini - fi - - chown couchdb:couchdb /usr/local/etc/couchdb/local.d/bind_address.ini - - # if we don't find an [admins] section followed by a non-comment, display a warning - if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /usr/local/etc/couchdb; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: CouchDB is running in Admin Party mode. - This will allow anyone with access to the - CouchDB port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - Use "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" - to set it in "docker run". - **************************************************** - EOWARN - fi - - exec gosu couchdb "$@" -fi - -exec "$@" diff --git a/2.3.1-ubi/Dockerfile b/2.3.1-ubi/Dockerfile index 442bd45..7daba2a 100644 --- a/2.3.1-ubi/Dockerfile +++ b/2.3.1-ubi/Dockerfile @@ -31,7 +31,7 @@ LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" \ io.openshift.min-cpu="1" COPY imeyer_runit.repo /etc/yum.repos.d/imeyer_runit.repo -COPY bintray-apache-couchdb-rpm.repo /etc/yum.repos.d/bintray-apache-couchdb-rpm.repo +COPY couchdb.repo /etc/yum.repos.d/couchdb.repo ENV COUCHDB_VERSION 2.3.1 @@ -55,28 +55,10 @@ RUN set -ex; \ microdnf clean all; \ rm -rf /var/cache/yum -# https://docs.couchdb.org/en/stable/install/unix.html -# ENV GPG_COUCH_KEY \ -# # gpg: key D401AB61: public key "Bintray (by JFrog) imported -# 8756C4F765C9AC3CB6B85D62379CE192D401AB61 -# RUN set -xe; \ -# export GNUPGHOME="$(mktemp -d)"; \ -# echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ -# for server in $(shuf -e pgpkeys.mit.edu \ -# ha.pool.sks-keyservers.net \ -# hkp://p80.pool.sks-keyservers.net:80 \ -# pgp.mit.edu) ; do \ -# gpg --batch --keyserver $server --recv-keys $GPG_COUCH_KEY && break || : ; \ -# done; \ -# gpg --batch --export $GPG_COUCH_KEY > /etc/apt/trusted.gpg.d/couchdb.gpg; \ -# command -v gpgconf && gpgconf --kill all || :; \ -# rm -rf "$GNUPGHOME"; \ -# apt-key list - # Install CouchDB RUN set -xe; \ microdnf update --disableplugin=subscription-manager -y && rm -rf /var/cache/yum; \ - microdnf install --enablerepo=bintray-apache-couchdb-rpm -y couchdb-2.3.1; \ + microdnf install --enablerepo=couchdb -y couchdb-${COUCHDB_VERSION}; \ microdnf clean all; \ rm -rf /var/cache/yum; \ # remove defaults that force writing logs to file diff --git a/2.3.1-ubi/bintray-apache-couchdb-rpm.repo b/2.3.1-ubi/bintray-apache-couchdb-rpm.repo deleted file mode 100644 index e131b6a..0000000 --- a/2.3.1-ubi/bintray-apache-couchdb-rpm.repo +++ /dev/null @@ -1,6 +0,0 @@ -[bintray-apache-couchdb-rpm] -name=bintray--apache-couchdb-rpm -baseurl=http://apache.bintray.com/couchdb-rpm/el8/x86_64 -gpgcheck=0 -repo_gpgcheck=0 -enabled=1 diff --git a/2.3.1-ubi/couchdb.repo b/2.3.1-ubi/couchdb.repo new file mode 100644 index 0000000..b4f33d7 --- /dev/null +++ b/2.3.1-ubi/couchdb.repo @@ -0,0 +1,7 @@ +[couchdb] +name=couchdb +baseurl=https://apache.jfrog.io/artifactory/couchdb-rpm/el$releasever/$basearch/ +gpgkey=https://couchdb.apache.org/repo/keys.asc https://couchdb.apache.org/repo/rpm-package-key.asc +gpgcheck=1 +repo_gpgcheck=1 +enabled=1 diff --git a/2.3.1/Dockerfile b/2.3.1/Dockerfile index f8ad0c9..f083992 100644 --- a/2.3.1/Dockerfile +++ b/2.3.1/Dockerfile @@ -10,7 +10,7 @@ # License for the specific language governing permissions and limitations under # the License. -FROM debian:stretch-slim +FROM debian:buster-slim LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" @@ -30,79 +30,44 @@ RUN set -ex; \ # grab gosu for easy step-down from root and tini for signal handling and zombie reaping # see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 -ENV GOSU_VERSION 1.11 -ENV TINI_VERSION 0.18.0 -RUN set -ex; \ - \ +RUN set -eux; \ apt-get update; \ - apt-get install -y --no-install-recommends wget; \ + apt-get install -y --no-install-recommends gosu tini; \ rm -rf /var/lib/apt/lists/*; \ - \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - \ -# install gosu - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$%7BGOSU_VERSION%7D/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ - for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ - done; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - chmod +x /usr/local/bin/gosu; \ gosu nobody true; \ - \ -# install tini - wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch"; \ - wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ - for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ - done; \ - gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ - rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \ - chmod +x /usr/local/bin/tini; \ - apt-get purge -y --auto-remove wget; \ tini --version # http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages ENV GPG_COUCH_KEY \ -# gpg: key D401AB61: public key "Bintray (by JFrog) imported - 8756C4F765C9AC3CB6B85D62379CE192D401AB61 -RUN set -xe; \ +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + 390EF70BB1EA12B2773962950EE62FB37A00258D +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ export GNUPGHOME="$(mktemp -d)"; \ - echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ - for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys $GPG_COUCH_KEY && break || : ; \ - done; \ - gpg --batch --export $GPG_COUCH_KEY > /etc/apt/trusted.gpg.d/couchdb.gpg; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ command -v gpgconf && gpgconf --kill all || :; \ rm -rf "$GNUPGHOME"; \ - apt-key list + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* -ENV COUCHDB_VERSION 2.3.1 +ENV COUCHDB_VERSION 2.3.1-1 -RUN echo "deb https://apache.bintray.com/couchdb-deb stretch main" > /etc/apt/sources.list.d/couchdb.list +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null # https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian -RUN set -xe; \ +RUN set -eux; \ apt-get update; \ \ echo "couchdb couchdb/mode select none" | debconf-set-selections; \ # we DO want recommends this time DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ - couchdb="$COUCHDB_VERSION"~stretch \ + couchdb="$COUCHDB_VERSION"~buster \ ; \ # Undo symlinks to /var/log and /var/lib rmdir /var/lib/couchdb /var/log/couchdb; \ diff --git a/3.1.1-ubi-clouseau/bintray-apache-couchdb-rpm.repo b/3.1.1-ubi-clouseau/bintray-apache-couchdb-rpm.repo deleted file mode 100644 index e131b6a..0000000 --- a/3.1.1-ubi-clouseau/bintray-apache-couchdb-rpm.repo +++ /dev/null @@ -1,6 +0,0 @@ -[bintray-apache-couchdb-rpm] -name=bintray--apache-couchdb-rpm -baseurl=http://apache.bintray.com/couchdb-rpm/el8/x86_64 -gpgcheck=0 -repo_gpgcheck=0 -enabled=1 diff --git a/3.1.1-ubi/bintray-apache-couchdb-rpm.repo b/3.1.1-ubi/bintray-apache-couchdb-rpm.repo deleted file mode 100644 index e131b6a..0000000 --- a/3.1.1-ubi/bintray-apache-couchdb-rpm.repo +++ /dev/null @@ -1,6 +0,0 @@ -[bintray-apache-couchdb-rpm] -name=bintray--apache-couchdb-rpm -baseurl=http://apache.bintray.com/couchdb-rpm/el8/x86_64 -gpgcheck=0 -repo_gpgcheck=0 -enabled=1 diff --git a/3.1.1-ubi-clouseau/Dockerfile b/3.1.2-ubi-clouseau/Dockerfile similarity index 83% rename from 3.1.1-ubi-clouseau/Dockerfile rename to 3.1.2-ubi-clouseau/Dockerfile index 7d918a9..7853bad 100644 --- a/3.1.1-ubi-clouseau/Dockerfile +++ b/3.1.2-ubi-clouseau/Dockerfile @@ -35,7 +35,7 @@ ARG CLOUSEAU_VERSION LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" \ name="Apache CouchDB" \ - version="3.1.1" \ + version="3.1.2" \ summary="Apache CouchDB based on Red Hat UBI" \ description="Red Hat OpenShift-compatible container that runs Apache CouchDB" \ release=${RELEASE} \ @@ -49,9 +49,9 @@ LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" \ io.openshift.min-cpu="1" COPY imeyer_runit.repo /etc/yum.repos.d/imeyer_runit.repo -COPY bintray-apache-couchdb-rpm.repo /etc/yum.repos.d/bintray-apache-couchdb-rpm.repo +COPY couchdb.repo /etc/yum.repos.d/couchdb.repo -ENV COUCHDB_VERSION 3.1.1 \ +ENV COUCHDB_VERSION=3.1.2 \ CLOUSEAU_VERSION=${CLOUSEAU_VERSION} \ JAVA_MAJOR_VERSION=8 \ JAVA_HOME=/usr/lib/jvm/jre-1.8.0 \ @@ -78,28 +78,10 @@ RUN set -ex; \ microdnf clean all; \ rm -rf /var/cache/yum -# https://docs.couchdb.org/en/stable/install/unix.html -# ENV GPG_COUCH_KEY \ -# # gpg: key D401AB61: public key "Bintray (by JFrog) imported -# 8756C4F765C9AC3CB6B85D62379CE192D401AB61 -# RUN set -xe; \ -# export GNUPGHOME="$(mktemp -d)"; \ -# echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ -# for server in $(shuf -e pgpkeys.mit.edu \ -# ha.pool.sks-keyservers.net \ -# hkp://p80.pool.sks-keyservers.net:80 \ -# pgp.mit.edu) ; do \ -# gpg --batch --keyserver $server --recv-keys $GPG_COUCH_KEY && break || : ; \ -# done; \ -# gpg --batch --export $GPG_COUCH_KEY > /etc/apt/trusted.gpg.d/couchdb.gpg; \ -# command -v gpgconf && gpgconf --kill all || :; \ -# rm -rf "$GNUPGHOME"; \ -# apt-key list - # Install CouchDB RUN set -xe; \ microdnf update --disableplugin=subscription-manager -y && rm -rf /var/cache/yum; \ - microdnf install --enablerepo=bintray-apache-couchdb-rpm -y couchdb-3.1.1; \ + microdnf install --enablerepo=couchdb -y couchdb-${COUCHDB_VERSION}; \ microdnf clean all; \ rm -rf /var/cache/yum; \ # remove defaults that force writing logs to file diff --git a/3.1.2-ubi-clouseau/couchdb.repo b/3.1.2-ubi-clouseau/couchdb.repo new file mode 100644 index 0000000..b4f33d7 --- /dev/null +++ b/3.1.2-ubi-clouseau/couchdb.repo @@ -0,0 +1,7 @@ +[couchdb] +name=couchdb +baseurl=https://apache.jfrog.io/artifactory/couchdb-rpm/el$releasever/$basearch/ +gpgkey=https://couchdb.apache.org/repo/keys.asc https://couchdb.apache.org/repo/rpm-package-key.asc +gpgcheck=1 +repo_gpgcheck=1 +enabled=1 diff --git a/3.1.1-ubi-clouseau/imeyer_runit.repo b/3.1.2-ubi-clouseau/imeyer_runit.repo similarity index 100% rename from 3.1.1-ubi-clouseau/imeyer_runit.repo rename to 3.1.2-ubi-clouseau/imeyer_runit.repo diff --git a/3.1.1-ubi-clouseau/licenses/LICENSE b/3.1.2-ubi-clouseau/licenses/LICENSE similarity index 100% rename from 3.1.1-ubi-clouseau/licenses/LICENSE rename to 3.1.2-ubi-clouseau/licenses/LICENSE diff --git a/3.0.1/10-docker-default.ini b/3.1.2-ubi-clouseau/resources/10-docker-default.ini similarity index 100% rename from 3.0.1/10-docker-default.ini rename to 3.1.2-ubi-clouseau/resources/10-docker-default.ini diff --git a/3.1.1-ubi-clouseau/resources/clouseau/clouseau.ini b/3.1.2-ubi-clouseau/resources/clouseau/clouseau.ini similarity index 100% rename from 3.1.1-ubi-clouseau/resources/clouseau/clouseau.ini rename to 3.1.2-ubi-clouseau/resources/clouseau/clouseau.ini diff --git a/3.1.1-ubi-clouseau/resources/clouseau/clouseau.sh b/3.1.2-ubi-clouseau/resources/clouseau/clouseau.sh similarity index 100% rename from 3.1.1-ubi-clouseau/resources/clouseau/clouseau.sh rename to 3.1.2-ubi-clouseau/resources/clouseau/clouseau.sh diff --git a/3.1.1-ubi-clouseau/resources/clouseau/log4j.properties b/3.1.2-ubi-clouseau/resources/clouseau/log4j.properties similarity index 100% rename from 3.1.1-ubi-clouseau/resources/clouseau/log4j.properties rename to 3.1.2-ubi-clouseau/resources/clouseau/log4j.properties diff --git a/3.1.1-ubi-clouseau/resources/docker-entrypoint.sh b/3.1.2-ubi-clouseau/resources/docker-entrypoint.sh similarity index 100% rename from 3.1.1-ubi-clouseau/resources/docker-entrypoint.sh rename to 3.1.2-ubi-clouseau/resources/docker-entrypoint.sh diff --git a/3.1.1-ubi-clouseau/resources/pre_stop b/3.1.2-ubi-clouseau/resources/pre_stop similarity index 100% rename from 3.1.1-ubi-clouseau/resources/pre_stop rename to 3.1.2-ubi-clouseau/resources/pre_stop diff --git a/3.1.1-ubi-clouseau/resources/run b/3.1.2-ubi-clouseau/resources/run similarity index 100% rename from 3.1.1-ubi-clouseau/resources/run rename to 3.1.2-ubi-clouseau/resources/run diff --git a/3.1.1-ubi-clouseau/resources/run_clouseau b/3.1.2-ubi-clouseau/resources/run_clouseau similarity index 100% rename from 3.1.1-ubi-clouseau/resources/run_clouseau rename to 3.1.2-ubi-clouseau/resources/run_clouseau diff --git a/3.0.1/vm.args b/3.1.2-ubi-clouseau/resources/vm.args similarity index 100% rename from 3.0.1/vm.args rename to 3.1.2-ubi-clouseau/resources/vm.args diff --git a/3.1.1-ubi/Dockerfile b/3.1.2-ubi/Dockerfile similarity index 75% rename from 3.1.1-ubi/Dockerfile rename to 3.1.2-ubi/Dockerfile index 6e6146c..592fe42 100644 --- a/3.1.1-ubi/Dockerfile +++ b/3.1.2-ubi/Dockerfile @@ -17,7 +17,7 @@ ARG BUILD_DATE LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" \ name="Apache CouchDB" \ - version="3.1.1" \ + version="3.1.2" \ summary="Apache CouchDB based on Red Hat UBI" \ description="Red Hat OpenShift-compatible container that runs Apache CouchDB" \ release=${RELEASE} \ @@ -31,9 +31,9 @@ LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" \ io.openshift.min-cpu="1" COPY imeyer_runit.repo /etc/yum.repos.d/imeyer_runit.repo -COPY bintray-apache-couchdb-rpm.repo /etc/yum.repos.d/bintray-apache-couchdb-rpm.repo +COPY couchdb.repo /etc/yum.repos.d/couchdb.repo -ENV COUCHDB_VERSION 3.1.1 +ENV COUCHDB_VERSION 3.1.2 # Add CouchDB user account to make sure the IDs are assigned consistently # CouchDB user added to root group for OpenShift support @@ -55,28 +55,10 @@ RUN set -ex; \ microdnf clean all; \ rm -rf /var/cache/yum -# https://docs.couchdb.org/en/stable/install/unix.html -# ENV GPG_COUCH_KEY \ -# # gpg: key D401AB61: public key "Bintray (by JFrog) imported -# 8756C4F765C9AC3CB6B85D62379CE192D401AB61 -# RUN set -xe; \ -# export GNUPGHOME="$(mktemp -d)"; \ -# echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ -# for server in $(shuf -e pgpkeys.mit.edu \ -# ha.pool.sks-keyservers.net \ -# hkp://p80.pool.sks-keyservers.net:80 \ -# pgp.mit.edu) ; do \ -# gpg --batch --keyserver $server --recv-keys $GPG_COUCH_KEY && break || : ; \ -# done; \ -# gpg --batch --export $GPG_COUCH_KEY > /etc/apt/trusted.gpg.d/couchdb.gpg; \ -# command -v gpgconf && gpgconf --kill all || :; \ -# rm -rf "$GNUPGHOME"; \ -# apt-key list - # Install CouchDB RUN set -xe; \ microdnf update --disableplugin=subscription-manager -y && rm -rf /var/cache/yum; \ - microdnf install --enablerepo=bintray-apache-couchdb-rpm -y couchdb-3.1.1; \ + microdnf install --enablerepo=couchdb -y couchdb-${COUCHDB_VERSION}; \ microdnf clean all; \ rm -rf /var/cache/yum; \ # remove defaults that force writing logs to file @@ -85,8 +67,8 @@ RUN set -xe; \ find /opt/couchdb \! \( -user couchdb -group 0 \) -exec chown -f couchdb:0 '{}' +; \ # Setup directories and permissions for config. Technically these could be 555 and 444 respectively # but we keep them as 775 and 664 for consistency with the dockerfile_entrypoint. - find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ - find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ + find /opt/couchdb/etc -type d ! -perm 0775 -exec chmod -f 0775 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0664 -exec chmod -f 0664 '{}' +; \ # Setup directories and permissions for data. chmod 777 /opt/couchdb/data diff --git a/3.1.2-ubi/couchdb.repo b/3.1.2-ubi/couchdb.repo new file mode 100644 index 0000000..b4f33d7 --- /dev/null +++ b/3.1.2-ubi/couchdb.repo @@ -0,0 +1,7 @@ +[couchdb] +name=couchdb +baseurl=https://apache.jfrog.io/artifactory/couchdb-rpm/el$releasever/$basearch/ +gpgkey=https://couchdb.apache.org/repo/keys.asc https://couchdb.apache.org/repo/rpm-package-key.asc +gpgcheck=1 +repo_gpgcheck=1 +enabled=1 diff --git a/3.1.1-ubi/imeyer_runit.repo b/3.1.2-ubi/imeyer_runit.repo similarity index 100% rename from 3.1.1-ubi/imeyer_runit.repo rename to 3.1.2-ubi/imeyer_runit.repo diff --git a/3.1.1-ubi/licenses/LICENSE b/3.1.2-ubi/licenses/LICENSE similarity index 100% rename from 3.1.1-ubi/licenses/LICENSE rename to 3.1.2-ubi/licenses/LICENSE diff --git a/3.1.1-ubi-clouseau/resources/10-docker-default.ini b/3.1.2-ubi/resources/10-docker-default.ini similarity index 100% rename from 3.1.1-ubi-clouseau/resources/10-docker-default.ini rename to 3.1.2-ubi/resources/10-docker-default.ini diff --git a/3.1.1-ubi/resources/docker-entrypoint.sh b/3.1.2-ubi/resources/docker-entrypoint.sh similarity index 100% rename from 3.1.1-ubi/resources/docker-entrypoint.sh rename to 3.1.2-ubi/resources/docker-entrypoint.sh diff --git a/3.1.1-ubi/resources/run b/3.1.2-ubi/resources/run similarity index 100% rename from 3.1.1-ubi/resources/run rename to 3.1.2-ubi/resources/run diff --git a/3.1.1-ubi-clouseau/resources/vm.args b/3.1.2-ubi/resources/vm.args similarity index 100% rename from 3.1.1-ubi-clouseau/resources/vm.args rename to 3.1.2-ubi/resources/vm.args diff --git a/3.1.1-ubi/resources/10-docker-default.ini b/3.1.2/10-docker-default.ini similarity index 100% rename from 3.1.1-ubi/resources/10-docker-default.ini rename to 3.1.2/10-docker-default.ini diff --git a/3.0.1/Dockerfile b/3.1.2/Dockerfile similarity index 58% rename from 3.0.1/Dockerfile rename to 3.1.2/Dockerfile index 84f78a4..0260c6e 100644 --- a/3.0.1/Dockerfile +++ b/3.1.2/Dockerfile @@ -30,73 +30,38 @@ RUN set -ex; \ # grab gosu for easy step-down from root and tini for signal handling and zombie reaping # see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 -ENV GOSU_VERSION 1.11 -ENV TINI_VERSION 0.18.0 -RUN set -ex; \ - \ +RUN set -eux; \ apt-get update; \ - apt-get install -y --no-install-recommends wget; \ + apt-get install -y --no-install-recommends gosu tini; \ rm -rf /var/lib/apt/lists/*; \ - \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - \ -# install gosu - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$%7BGOSU_VERSION%7D/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ - for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ - done; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - chmod +x /usr/local/bin/gosu; \ gosu nobody true; \ - \ -# install tini - wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch"; \ - wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ - for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ - done; \ - gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ - rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \ - chmod +x /usr/local/bin/tini; \ - apt-get purge -y --auto-remove wget; \ tini --version # http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages ENV GPG_COUCH_KEY \ -# gpg: key D401AB61: public key "Bintray (by JFrog) imported - 8756C4F765C9AC3CB6B85D62379CE192D401AB61 -RUN set -xe; \ +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + 390EF70BB1EA12B2773962950EE62FB37A00258D +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ export GNUPGHOME="$(mktemp -d)"; \ - echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ - for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys $GPG_COUCH_KEY && break || : ; \ - done; \ - gpg --batch --export $GPG_COUCH_KEY > /etc/apt/trusted.gpg.d/couchdb.gpg; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ command -v gpgconf && gpgconf --kill all || :; \ rm -rf "$GNUPGHOME"; \ - apt-key list + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* -ENV COUCHDB_VERSION 3.0.1 +ENV COUCHDB_VERSION 3.1.2 -RUN echo "deb https://apache.bintray.com/couchdb-deb buster main" > /etc/apt/sources.list.d/couchdb.list +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null # https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian -RUN set -xe; \ +RUN set -eux; \ apt-get update; \ \ echo "couchdb couchdb/mode select none" | debconf-set-selections; \ diff --git a/3.0.1/docker-entrypoint.sh b/3.1.2/docker-entrypoint.sh similarity index 100% rename from 3.0.1/docker-entrypoint.sh rename to 3.1.2/docker-entrypoint.sh diff --git a/3.1.1-ubi/resources/vm.args b/3.1.2/vm.args similarity index 100% rename from 3.1.1-ubi/resources/vm.args rename to 3.1.2/vm.args diff --git a/3.1.1/10-docker-default.ini b/3.2.3/10-docker-default.ini similarity index 100% rename from 3.1.1/10-docker-default.ini rename to 3.2.3/10-docker-default.ini diff --git a/3.1.1/Dockerfile b/3.2.3/Dockerfile similarity index 55% rename from 3.1.1/Dockerfile rename to 3.2.3/Dockerfile index 8e5ec26..d1d4d4f 100644 --- a/3.1.1/Dockerfile +++ b/3.2.3/Dockerfile @@ -10,7 +10,7 @@ # License for the specific language governing permissions and limitations under # the License. -FROM debian:buster-slim +FROM debian:bullseye-slim LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" @@ -28,81 +28,45 @@ RUN set -ex; \ ; \ rm -rf /var/lib/apt/lists/* -# grab gosu for easy step-down from root and tini for signal handling and zombie reaping +# grab tini for signal handling and zombie reaping # see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 -ENV GOSU_VERSION 1.11 -ENV TINI_VERSION 0.18.0 -RUN set -ex; \ - \ +RUN set -eux; \ apt-get update; \ - apt-get install -y --no-install-recommends wget; \ + apt-get install -y --no-install-recommends tini; \ rm -rf /var/lib/apt/lists/*; \ - \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - \ -# install gosu - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$%7BGOSU_VERSION%7D/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ - for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ - done; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - chmod +x /usr/local/bin/gosu; \ - gosu nobody true; \ - \ -# install tini - wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch"; \ - wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ - for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ - done; \ - gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ - rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \ - chmod +x /usr/local/bin/tini; \ - apt-get purge -y --auto-remove wget; \ tini --version # http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages ENV GPG_COUCH_KEY \ -# gpg: key D401AB61: public key "Bintray (by JFrog) imported - 8756C4F765C9AC3CB6B85D62379CE192D401AB61 -RUN set -xe; \ +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + 390EF70BB1EA12B2773962950EE62FB37A00258D +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ export GNUPGHOME="$(mktemp -d)"; \ - echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ - for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys $GPG_COUCH_KEY && break || : ; \ - done; \ - gpg --batch --export $GPG_COUCH_KEY > /etc/apt/trusted.gpg.d/couchdb.gpg; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ command -v gpgconf && gpgconf --kill all || :; \ rm -rf "$GNUPGHOME"; \ - apt-key list + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* -ENV COUCHDB_VERSION 3.1.1 +ENV COUCHDB_VERSION 3.2.3 -RUN echo "deb https://apache.bintray.com/couchdb-deb buster main" > /etc/apt/sources.list.d/couchdb.list +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null # https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian -RUN set -xe; \ +RUN set -eux; \ apt-get update; \ \ echo "couchdb couchdb/mode select none" | debconf-set-selections; \ # we DO want recommends this time DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ - couchdb="$COUCHDB_VERSION"~buster \ + couchdb="$COUCHDB_VERSION"~bullseye \ ; \ # Undo symlinks to /var/log and /var/lib rmdir /var/lib/couchdb /var/log/couchdb; \ diff --git a/3.1.1/docker-entrypoint.sh b/3.2.3/docker-entrypoint.sh similarity index 85% rename from 3.1.1/docker-entrypoint.sh rename to 3.2.3/docker-entrypoint.sh index acf3675..a8544c7 100755 --- a/3.1.1/docker-entrypoint.sh +++ b/3.2.3/docker-entrypoint.sh @@ -72,11 +72,26 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then if [ "$COUCHDB_SECRET" ]; then # Set secret only if not already present - if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini fi fi + if [ "$COUCHDB_ERLANG_COOKIE" ]; then + cookieFile='/opt/couchdb/.erlang.cookie' + if [ -e "$cookieFile" ]; then + if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then + echo >&2 + echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" + echo >&2 + fi + else + echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" + fi + chown couchdb:couchdb "$cookieFile" + chmod 600 "$cookieFile" + fi + if [ "$(id -u)" = '0' ]; then chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true fi @@ -99,7 +114,8 @@ EOWARN fi if [ "$(id -u)" = '0' ]; then - exec gosu couchdb "$@" + export HOME=$(echo ~couchdb) + exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@" fi fi diff --git a/3.1.1/vm.args b/3.2.3/vm.args similarity index 60% rename from 3.1.1/vm.args rename to 3.2.3/vm.args index 0425756..d606217 100644 --- a/3.1.1/vm.args +++ b/3.2.3/vm.args @@ -18,11 +18,18 @@ -kernel error_logger silent -sasl sasl_error_logger false -# Use kernel poll functionality if supported by emulator -+K true +# This will toggle to true in Erlang 25+. However since we don't use global +# any longer, and have our own auto-connection module, we can keep the +# existing global behavior to avoid surprises. See +# https://github.com/erlang/otp/issues/6470#issuecomment-1337421210 for more +# information about possible increased coordination and messages being sent on +# disconnections when this setting is enabled. +# +-kernel prevent_overlapping_partitions false -# Start a pool of asynchronous IO threads -+A 16 +# Increase the pool of dirty IO schedulers from 10 to 16 +# Dirty IO schedulers are used for file IO. ++SDio 16 # Comment this line out to enable the interactive Erlang shell on startup +Bd -noinput diff --git a/3.3.3/10-docker-default.ini b/3.3.3/10-docker-default.ini new file mode 100644 index 0000000..1aa633c --- /dev/null +++ b/3.3.3/10-docker-default.ini @@ -0,0 +1,8 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any diff --git a/3.3.3/Dockerfile b/3.3.3/Dockerfile new file mode 100644 index 0000000..6d86dfb --- /dev/null +++ b/3.3.3/Dockerfile @@ -0,0 +1,104 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:bookworm-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends tini; \ + rm -rf /var/lib/apt/lists/*; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +ENV GPG_COUCH_KEY \ +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + 390EF70BB1EA12B2773962950EE62FB37A00258D +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* + +ENV COUCHDB_VERSION 3.3.3 + +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb couchdb/mode select none" | debconf-set-selections; \ +# we DO want recommends this time + DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ + couchdb="$COUCHDB_VERSION-1"~bookworm \ + ; \ +# Undo symlinks to /var/log and /var/lib + rmdir /var/lib/couchdb /var/log/couchdb; \ + rm /opt/couchdb/data /opt/couchdb/var/log; \ + mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ + chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ + chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ +# Remove file that sets logging to a file + rm /opt/couchdb/etc/default.d/10-filelog.ini; \ +# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ +# Setup directories and permissions for config. Technically these could be 555 and 444 respectively +# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ +# only local.d needs to be writable for the docker_entrypoint.sh + chmod -f 0777 /opt/couchdb/etc/local.d; \ +# apt clean-up + rm -rf /var/lib/apt/lists/*; + +# Add configuration +COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ + +COPY docker-entrypoint.sh /usr/local/bin +RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] + +VOLUME /opt/couchdb/data + +# 5984: Main CouchDB endpoint +# 4369: Erlang portmap daemon (epmd) +# 9100: CouchDB cluster communication port +EXPOSE 5984 4369 9100 +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.3.3/docker-entrypoint.sh b/3.3.3/docker-entrypoint.sh new file mode 100755 index 0000000..a8544c7 --- /dev/null +++ b/3.3.3/docker-entrypoint.sh @@ -0,0 +1,122 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # this is where runtime configuration changes will be written. + # we need to explicitly touch it here in case /opt/couchdb/etc has + # been mounted as an external volume, in which case it won't exist. + # If running as the couchdb user (i.e. container starts as root), + # write permissions will be granted below. + touch /opt/couchdb/etc/local.d/docker.ini + + # if user is root, assume running under the couchdb user (default) + # and ensure it is able to access files and directories that may be mounted externally + if [ "$(id -u)" = '0' ]; then + # Check that we own everything in /opt/couchdb and fix if necessary. We also + # add the `-f` flag in all the following invocations because there may be + # cases where some of these ownership and permissions issues are non-fatal + # (e.g. a config file owned by root with o+r is actually fine), and we don't + # to be too aggressive about crashing here ... + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + + + # Ensure that data files have the correct permissions. We were previously + # preventing any access to these files outside of couchdb:couchdb, but it + # turns out that CouchDB itself does not set such restrictive permissions + # when it creates the files. The approach taken here ensures that the + # contents of the datadir have the same permissions as they had when they + # were initially created. This should minimize any startup delay. + find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + + # Do the same thing for configuration files and directories. Technically + # CouchDB only needs read access to the configuration files as all online + # changes will be applied to the "docker.ini" file below, but we set 644 + # for the sake of consistency. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + fi + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_SECRET" ]; then + # Set secret only if not already present + if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_ERLANG_COOKIE" ]; then + cookieFile='/opt/couchdb/.erlang.cookie' + if [ -e "$cookieFile" ]; then + if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then + echo >&2 + echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" + echo >&2 + fi + else + echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" + fi + chown couchdb:couchdb "$cookieFile" + chmod 600 "$cookieFile" + fi + + if [ "$(id -u)" = '0' ]; then + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + fi + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' +************************************************************* +ERROR: CouchDB 3.0+ will no longer run in "Admin Party" + mode. You *MUST* specify an admin user and + password, either via your own .ini file mapped + into the container at /opt/couchdb/etc/local.ini + or inside /opt/couchdb/etc/local.d, or with + "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it via "docker run". +************************************************************* +EOWARN + exit 1 + fi + + if [ "$(id -u)" = '0' ]; then + export HOME=$(echo ~couchdb) + exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@" + fi +fi + +exec "$@" diff --git a/3.3.3/vm.args b/3.3.3/vm.args new file mode 100644 index 0000000..aeee1e4 --- /dev/null +++ b/3.3.3/vm.args @@ -0,0 +1,47 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# This will toggle to true in Erlang 25+. However since we don't use global +# any longer, and have our own auto-connection module, we can keep the +# existing global behavior to avoid surprises. See +# https://github.com/erlang/otp/issues/6470#issuecomment-1337421210 for more +# information about possible increased coordination and messages being sent on +# disconnections when this setting is enabled. +# +-kernel prevent_overlapping_partitions false + +# Increase the pool of dirty IO schedulers from 10 to 16 +# Dirty IO schedulers are used for file IO. ++SDio 16 + +# Increase distribution buffer size from default of 1MB to 32MB. The default is +# usually a bit low on busy clusters. Has no effect for single-node setups. +# The unit is in kilobytes. ++zdbbl 32768 + +# When running on Docker, Kubernetes or an OS using CFS (Completely Fair +# Scheduler) with CPU quota limits set, disable busy waiting for schedulers to +# avoid busy waiting consuming too much of Erlang VM's CPU time-slice shares. ++sbwt none ++sbwtdcpu none ++sbwtdio none + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput diff --git a/3.4.1-nouveau/Dockerfile b/3.4.1-nouveau/Dockerfile new file mode 100644 index 0000000..ffcb96b --- /dev/null +++ b/3.4.1-nouveau/Dockerfile @@ -0,0 +1,88 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:bookworm-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r nouveau && useradd -u 5984 -d /opt/nouveau -g nouveau nouveau + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# Nouveau wants a JRE/JDK +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + openjdk-17-jre-headless \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends tini; \ + rm -rf /var/lib/apt/lists/*; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + +ENV GPG_COUCH_KEY 390EF70BB1EA12B2773962950EE62FB37A00258D + +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* + +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ bookworm main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb-nouveau couchdb-nouveau/enable select false" | debconf-set-selections; \ + DEBIAN_FRONTEND=noninteractive COUCHDB_NOUVEAU_ENABLE=1 apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages --no-install-recommends \ + couchdb-nouveau=3.4.1~bookworm; \ + rm -rf /var/lib/apt/lists/*; \ + chown -R nouveau:nouveau /opt/nouveau + +COPY --chown=nouveau:nouveau nouveau.yaml /opt/nouveau/etc/nouveau.yaml + +VOLUME /opt/nouveau/data + +# 5987: Nouveau App +# 5988: Nouveau Admin +EXPOSE 5987 5988 + +# TODO: re-add tini +CMD ["/usr/bin/java", "-server", "-Djava.awt.headless=true", "-Xmx2g", "-jar", "/opt/nouveau/lib/nouveau-1.0-SNAPSHOT.jar", "server", "/opt/nouveau/etc/nouveau.yaml"] diff --git a/3.4.1-nouveau/nouveau.yaml b/3.4.1-nouveau/nouveau.yaml new file mode 100644 index 0000000..5750942 --- /dev/null +++ b/3.4.1-nouveau/nouveau.yaml @@ -0,0 +1,27 @@ +maxIndexesOpen: 3000 +commitIntervalSeconds: 30 +idleSeconds: 60 +rootDir: ./data/nouveau + +logging: + level: INFO + +server: + applicationConnectors: + - type: http + bindHost: 0.0.0.0 + port: 5987 + useDateHeader: false + adminConnectors: + - type: http + bindHost: 0.0.0.0 + port: 5988 + useDateHeader: false + gzip: + includedMethods: + - GET + - POST + requestLog: + appenders: + - type: console + target: stderr diff --git a/3.4.1/10-docker-default.ini b/3.4.1/10-docker-default.ini new file mode 100644 index 0000000..1aa633c --- /dev/null +++ b/3.4.1/10-docker-default.ini @@ -0,0 +1,8 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any diff --git a/3.4.1/Dockerfile b/3.4.1/Dockerfile new file mode 100644 index 0000000..2314c8d --- /dev/null +++ b/3.4.1/Dockerfile @@ -0,0 +1,104 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:bookworm-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends tini; \ + rm -rf /var/lib/apt/lists/*; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +ENV GPG_COUCH_KEY \ +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + 390EF70BB1EA12B2773962950EE62FB37A00258D +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* + +ENV COUCHDB_VERSION 3.4.1 + +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb couchdb/mode select none" | debconf-set-selections; \ +# we DO want recommends this time + DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ + couchdb="$COUCHDB_VERSION"~bookworm \ + ; \ +# Undo symlinks to /var/log and /var/lib + rmdir /var/lib/couchdb /var/log/couchdb; \ + rm /opt/couchdb/data /opt/couchdb/var/log; \ + mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ + chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ + chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ +# Remove file that sets logging to a file + rm /opt/couchdb/etc/default.d/10-filelog.ini; \ +# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ +# Setup directories and permissions for config. Technically these could be 555 and 444 respectively +# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ +# only local.d needs to be writable for the docker_entrypoint.sh + chmod -f 0777 /opt/couchdb/etc/local.d; \ +# apt clean-up + rm -rf /var/lib/apt/lists/*; + +# Add configuration +COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ + +COPY docker-entrypoint.sh /usr/local/bin +RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] + +VOLUME /opt/couchdb/data + +# 5984: Main CouchDB endpoint +# 4369: Erlang portmap daemon (epmd) +# 9100: CouchDB cluster communication port +EXPOSE 5984 4369 9100 +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.4.1/docker-entrypoint.sh b/3.4.1/docker-entrypoint.sh new file mode 100755 index 0000000..a8544c7 --- /dev/null +++ b/3.4.1/docker-entrypoint.sh @@ -0,0 +1,122 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # this is where runtime configuration changes will be written. + # we need to explicitly touch it here in case /opt/couchdb/etc has + # been mounted as an external volume, in which case it won't exist. + # If running as the couchdb user (i.e. container starts as root), + # write permissions will be granted below. + touch /opt/couchdb/etc/local.d/docker.ini + + # if user is root, assume running under the couchdb user (default) + # and ensure it is able to access files and directories that may be mounted externally + if [ "$(id -u)" = '0' ]; then + # Check that we own everything in /opt/couchdb and fix if necessary. We also + # add the `-f` flag in all the following invocations because there may be + # cases where some of these ownership and permissions issues are non-fatal + # (e.g. a config file owned by root with o+r is actually fine), and we don't + # to be too aggressive about crashing here ... + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + + + # Ensure that data files have the correct permissions. We were previously + # preventing any access to these files outside of couchdb:couchdb, but it + # turns out that CouchDB itself does not set such restrictive permissions + # when it creates the files. The approach taken here ensures that the + # contents of the datadir have the same permissions as they had when they + # were initially created. This should minimize any startup delay. + find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + + # Do the same thing for configuration files and directories. Technically + # CouchDB only needs read access to the configuration files as all online + # changes will be applied to the "docker.ini" file below, but we set 644 + # for the sake of consistency. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + fi + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_SECRET" ]; then + # Set secret only if not already present + if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_ERLANG_COOKIE" ]; then + cookieFile='/opt/couchdb/.erlang.cookie' + if [ -e "$cookieFile" ]; then + if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then + echo >&2 + echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" + echo >&2 + fi + else + echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" + fi + chown couchdb:couchdb "$cookieFile" + chmod 600 "$cookieFile" + fi + + if [ "$(id -u)" = '0' ]; then + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + fi + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' +************************************************************* +ERROR: CouchDB 3.0+ will no longer run in "Admin Party" + mode. You *MUST* specify an admin user and + password, either via your own .ini file mapped + into the container at /opt/couchdb/etc/local.ini + or inside /opt/couchdb/etc/local.d, or with + "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it via "docker run". +************************************************************* +EOWARN + exit 1 + fi + + if [ "$(id -u)" = '0' ]; then + export HOME=$(echo ~couchdb) + exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@" + fi +fi + +exec "$@" diff --git a/3.4.1/vm.args b/3.4.1/vm.args new file mode 100644 index 0000000..aeee1e4 --- /dev/null +++ b/3.4.1/vm.args @@ -0,0 +1,47 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# This will toggle to true in Erlang 25+. However since we don't use global +# any longer, and have our own auto-connection module, we can keep the +# existing global behavior to avoid surprises. See +# https://github.com/erlang/otp/issues/6470#issuecomment-1337421210 for more +# information about possible increased coordination and messages being sent on +# disconnections when this setting is enabled. +# +-kernel prevent_overlapping_partitions false + +# Increase the pool of dirty IO schedulers from 10 to 16 +# Dirty IO schedulers are used for file IO. ++SDio 16 + +# Increase distribution buffer size from default of 1MB to 32MB. The default is +# usually a bit low on busy clusters. Has no effect for single-node setups. +# The unit is in kilobytes. ++zdbbl 32768 + +# When running on Docker, Kubernetes or an OS using CFS (Completely Fair +# Scheduler) with CPU quota limits set, disable busy waiting for schedulers to +# avoid busy waiting consuming too much of Erlang VM's CPU time-slice shares. ++sbwt none ++sbwtdcpu none ++sbwtdio none + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput diff --git a/3.4.2-nouveau/Dockerfile b/3.4.2-nouveau/Dockerfile new file mode 100644 index 0000000..36b4b98 --- /dev/null +++ b/3.4.2-nouveau/Dockerfile @@ -0,0 +1,88 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:bookworm-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r nouveau && useradd -u 5984 -d /opt/nouveau -g nouveau nouveau + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# Nouveau wants a JRE/JDK +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + openjdk-17-jre-headless \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends tini; \ + rm -rf /var/lib/apt/lists/*; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + +ENV GPG_COUCH_KEY 390EF70BB1EA12B2773962950EE62FB37A00258D + +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* + +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ bookworm main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb-nouveau couchdb-nouveau/enable select false" | debconf-set-selections; \ + DEBIAN_FRONTEND=noninteractive COUCHDB_NOUVEAU_ENABLE=1 apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages --no-install-recommends \ + couchdb-nouveau=3.4.2~bookworm; \ + rm -rf /var/lib/apt/lists/*; \ + chown -R nouveau:nouveau /opt/nouveau + +COPY --chown=nouveau:nouveau nouveau.yaml /opt/nouveau/etc/nouveau.yaml + +VOLUME /opt/nouveau/data + +# 5987: Nouveau App +# 5988: Nouveau Admin +EXPOSE 5987 5988 + +# TODO: re-add tini +CMD ["/usr/bin/java", "-server", "-Djava.awt.headless=true", "-Xmx2g", "-jar", "/opt/nouveau/lib/nouveau-1.0-SNAPSHOT.jar", "server", "/opt/nouveau/etc/nouveau.yaml"] diff --git a/3.4.2-nouveau/nouveau.yaml b/3.4.2-nouveau/nouveau.yaml new file mode 100644 index 0000000..5750942 --- /dev/null +++ b/3.4.2-nouveau/nouveau.yaml @@ -0,0 +1,27 @@ +maxIndexesOpen: 3000 +commitIntervalSeconds: 30 +idleSeconds: 60 +rootDir: ./data/nouveau + +logging: + level: INFO + +server: + applicationConnectors: + - type: http + bindHost: 0.0.0.0 + port: 5987 + useDateHeader: false + adminConnectors: + - type: http + bindHost: 0.0.0.0 + port: 5988 + useDateHeader: false + gzip: + includedMethods: + - GET + - POST + requestLog: + appenders: + - type: console + target: stderr diff --git a/3.4.2/10-docker-default.ini b/3.4.2/10-docker-default.ini new file mode 100644 index 0000000..1aa633c --- /dev/null +++ b/3.4.2/10-docker-default.ini @@ -0,0 +1,8 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any diff --git a/3.4.2/Dockerfile b/3.4.2/Dockerfile new file mode 100644 index 0000000..95688b0 --- /dev/null +++ b/3.4.2/Dockerfile @@ -0,0 +1,104 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:bookworm-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends tini; \ + rm -rf /var/lib/apt/lists/*; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +ENV GPG_COUCH_KEY \ +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + 390EF70BB1EA12B2773962950EE62FB37A00258D +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* + +ENV COUCHDB_VERSION 3.4.2 + +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb couchdb/mode select none" | debconf-set-selections; \ +# we DO want recommends this time + DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ + couchdb="$COUCHDB_VERSION"~bookworm \ + ; \ +# Undo symlinks to /var/log and /var/lib + rmdir /var/lib/couchdb /var/log/couchdb; \ + rm /opt/couchdb/data /opt/couchdb/var/log; \ + mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ + chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ + chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ +# Remove file that sets logging to a file + rm /opt/couchdb/etc/default.d/10-filelog.ini; \ +# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ +# Setup directories and permissions for config. Technically these could be 555 and 444 respectively +# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ +# only local.d needs to be writable for the docker_entrypoint.sh + chmod -f 0777 /opt/couchdb/etc/local.d; \ +# apt clean-up + rm -rf /var/lib/apt/lists/*; + +# Add configuration +COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ + +COPY docker-entrypoint.sh /usr/local/bin +RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] + +VOLUME /opt/couchdb/data + +# 5984: Main CouchDB endpoint +# 4369: Erlang portmap daemon (epmd) +# 9100: CouchDB cluster communication port +EXPOSE 5984 4369 9100 +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.4.2/docker-entrypoint.sh b/3.4.2/docker-entrypoint.sh new file mode 100755 index 0000000..a8544c7 --- /dev/null +++ b/3.4.2/docker-entrypoint.sh @@ -0,0 +1,122 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # this is where runtime configuration changes will be written. + # we need to explicitly touch it here in case /opt/couchdb/etc has + # been mounted as an external volume, in which case it won't exist. + # If running as the couchdb user (i.e. container starts as root), + # write permissions will be granted below. + touch /opt/couchdb/etc/local.d/docker.ini + + # if user is root, assume running under the couchdb user (default) + # and ensure it is able to access files and directories that may be mounted externally + if [ "$(id -u)" = '0' ]; then + # Check that we own everything in /opt/couchdb and fix if necessary. We also + # add the `-f` flag in all the following invocations because there may be + # cases where some of these ownership and permissions issues are non-fatal + # (e.g. a config file owned by root with o+r is actually fine), and we don't + # to be too aggressive about crashing here ... + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + + + # Ensure that data files have the correct permissions. We were previously + # preventing any access to these files outside of couchdb:couchdb, but it + # turns out that CouchDB itself does not set such restrictive permissions + # when it creates the files. The approach taken here ensures that the + # contents of the datadir have the same permissions as they had when they + # were initially created. This should minimize any startup delay. + find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + + # Do the same thing for configuration files and directories. Technically + # CouchDB only needs read access to the configuration files as all online + # changes will be applied to the "docker.ini" file below, but we set 644 + # for the sake of consistency. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + fi + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_SECRET" ]; then + # Set secret only if not already present + if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_ERLANG_COOKIE" ]; then + cookieFile='/opt/couchdb/.erlang.cookie' + if [ -e "$cookieFile" ]; then + if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then + echo >&2 + echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" + echo >&2 + fi + else + echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" + fi + chown couchdb:couchdb "$cookieFile" + chmod 600 "$cookieFile" + fi + + if [ "$(id -u)" = '0' ]; then + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + fi + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' +************************************************************* +ERROR: CouchDB 3.0+ will no longer run in "Admin Party" + mode. You *MUST* specify an admin user and + password, either via your own .ini file mapped + into the container at /opt/couchdb/etc/local.ini + or inside /opt/couchdb/etc/local.d, or with + "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it via "docker run". +************************************************************* +EOWARN + exit 1 + fi + + if [ "$(id -u)" = '0' ]; then + export HOME=$(echo ~couchdb) + exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@" + fi +fi + +exec "$@" diff --git a/3.4.2/vm.args b/3.4.2/vm.args new file mode 100644 index 0000000..aeee1e4 --- /dev/null +++ b/3.4.2/vm.args @@ -0,0 +1,47 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# This will toggle to true in Erlang 25+. However since we don't use global +# any longer, and have our own auto-connection module, we can keep the +# existing global behavior to avoid surprises. See +# https://github.com/erlang/otp/issues/6470#issuecomment-1337421210 for more +# information about possible increased coordination and messages being sent on +# disconnections when this setting is enabled. +# +-kernel prevent_overlapping_partitions false + +# Increase the pool of dirty IO schedulers from 10 to 16 +# Dirty IO schedulers are used for file IO. ++SDio 16 + +# Increase distribution buffer size from default of 1MB to 32MB. The default is +# usually a bit low on busy clusters. Has no effect for single-node setups. +# The unit is in kilobytes. ++zdbbl 32768 + +# When running on Docker, Kubernetes or an OS using CFS (Completely Fair +# Scheduler) with CPU quota limits set, disable busy waiting for schedulers to +# avoid busy waiting consuming too much of Erlang VM's CPU time-slice shares. ++sbwt none ++sbwtdcpu none ++sbwtdio none + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput diff --git a/3.4.3-nouveau/Dockerfile b/3.4.3-nouveau/Dockerfile new file mode 100644 index 0000000..343940b --- /dev/null +++ b/3.4.3-nouveau/Dockerfile @@ -0,0 +1,88 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:bookworm-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r nouveau && useradd -u 5984 -d /opt/nouveau -g nouveau nouveau + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# Nouveau wants a JRE/JDK +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + openjdk-17-jre-headless \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends tini; \ + rm -rf /var/lib/apt/lists/*; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + +ENV GPG_COUCH_KEY 390EF70BB1EA12B2773962950EE62FB37A00258D + +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* + +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ bookworm main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb-nouveau couchdb-nouveau/enable select false" | debconf-set-selections; \ + DEBIAN_FRONTEND=noninteractive COUCHDB_NOUVEAU_ENABLE=1 apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages --no-install-recommends \ + couchdb-nouveau=3.4.3~bookworm; \ + rm -rf /var/lib/apt/lists/*; \ + chown -R nouveau:nouveau /opt/nouveau + +COPY --chown=nouveau:nouveau nouveau.yaml /opt/nouveau/etc/nouveau.yaml + +VOLUME /opt/nouveau/data + +# 5987: Nouveau App +# 5988: Nouveau Admin +EXPOSE 5987 5988 + +# TODO: re-add tini +CMD ["/usr/bin/java", "-server", "-Djava.awt.headless=true", "-Xmx2g", "-jar", "/opt/nouveau/lib/nouveau-1.0-SNAPSHOT.jar", "server", "/opt/nouveau/etc/nouveau.yaml"] diff --git a/3.4.3-nouveau/nouveau.yaml b/3.4.3-nouveau/nouveau.yaml new file mode 100644 index 0000000..5750942 --- /dev/null +++ b/3.4.3-nouveau/nouveau.yaml @@ -0,0 +1,27 @@ +maxIndexesOpen: 3000 +commitIntervalSeconds: 30 +idleSeconds: 60 +rootDir: ./data/nouveau + +logging: + level: INFO + +server: + applicationConnectors: + - type: http + bindHost: 0.0.0.0 + port: 5987 + useDateHeader: false + adminConnectors: + - type: http + bindHost: 0.0.0.0 + port: 5988 + useDateHeader: false + gzip: + includedMethods: + - GET + - POST + requestLog: + appenders: + - type: console + target: stderr diff --git a/3.4.3/10-docker-default.ini b/3.4.3/10-docker-default.ini new file mode 100644 index 0000000..1aa633c --- /dev/null +++ b/3.4.3/10-docker-default.ini @@ -0,0 +1,8 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any diff --git a/3.4.3/Dockerfile b/3.4.3/Dockerfile new file mode 100644 index 0000000..e60b209 --- /dev/null +++ b/3.4.3/Dockerfile @@ -0,0 +1,104 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:bookworm-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends tini; \ + rm -rf /var/lib/apt/lists/*; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +ENV GPG_COUCH_KEY \ +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + 390EF70BB1EA12B2773962950EE62FB37A00258D +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* + +ENV COUCHDB_VERSION 3.4.3 + +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb couchdb/mode select none" | debconf-set-selections; \ +# we DO want recommends this time + DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ + couchdb="$COUCHDB_VERSION"~bookworm \ + ; \ +# Undo symlinks to /var/log and /var/lib + rmdir /var/lib/couchdb /var/log/couchdb; \ + rm /opt/couchdb/data /opt/couchdb/var/log; \ + mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ + chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ + chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ +# Remove file that sets logging to a file + rm /opt/couchdb/etc/default.d/10-filelog.ini; \ +# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ +# Setup directories and permissions for config. Technically these could be 555 and 444 respectively +# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ +# only local.d needs to be writable for the docker_entrypoint.sh + chmod -f 0777 /opt/couchdb/etc/local.d; \ +# apt clean-up + rm -rf /var/lib/apt/lists/*; + +# Add configuration +COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ + +COPY docker-entrypoint.sh /usr/local/bin +RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] + +VOLUME /opt/couchdb/data + +# 5984: Main CouchDB endpoint +# 4369: Erlang portmap daemon (epmd) +# 9100: CouchDB cluster communication port +EXPOSE 5984 4369 9100 +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.4.3/docker-entrypoint.sh b/3.4.3/docker-entrypoint.sh new file mode 100755 index 0000000..a8544c7 --- /dev/null +++ b/3.4.3/docker-entrypoint.sh @@ -0,0 +1,122 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # this is where runtime configuration changes will be written. + # we need to explicitly touch it here in case /opt/couchdb/etc has + # been mounted as an external volume, in which case it won't exist. + # If running as the couchdb user (i.e. container starts as root), + # write permissions will be granted below. + touch /opt/couchdb/etc/local.d/docker.ini + + # if user is root, assume running under the couchdb user (default) + # and ensure it is able to access files and directories that may be mounted externally + if [ "$(id -u)" = '0' ]; then + # Check that we own everything in /opt/couchdb and fix if necessary. We also + # add the `-f` flag in all the following invocations because there may be + # cases where some of these ownership and permissions issues are non-fatal + # (e.g. a config file owned by root with o+r is actually fine), and we don't + # to be too aggressive about crashing here ... + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + + + # Ensure that data files have the correct permissions. We were previously + # preventing any access to these files outside of couchdb:couchdb, but it + # turns out that CouchDB itself does not set such restrictive permissions + # when it creates the files. The approach taken here ensures that the + # contents of the datadir have the same permissions as they had when they + # were initially created. This should minimize any startup delay. + find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + + # Do the same thing for configuration files and directories. Technically + # CouchDB only needs read access to the configuration files as all online + # changes will be applied to the "docker.ini" file below, but we set 644 + # for the sake of consistency. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + fi + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_SECRET" ]; then + # Set secret only if not already present + if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_ERLANG_COOKIE" ]; then + cookieFile='/opt/couchdb/.erlang.cookie' + if [ -e "$cookieFile" ]; then + if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then + echo >&2 + echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" + echo >&2 + fi + else + echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" + fi + chown couchdb:couchdb "$cookieFile" + chmod 600 "$cookieFile" + fi + + if [ "$(id -u)" = '0' ]; then + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + fi + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' +************************************************************* +ERROR: CouchDB 3.0+ will no longer run in "Admin Party" + mode. You *MUST* specify an admin user and + password, either via your own .ini file mapped + into the container at /opt/couchdb/etc/local.ini + or inside /opt/couchdb/etc/local.d, or with + "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it via "docker run". +************************************************************* +EOWARN + exit 1 + fi + + if [ "$(id -u)" = '0' ]; then + export HOME=$(echo ~couchdb) + exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@" + fi +fi + +exec "$@" diff --git a/3.4.3/vm.args b/3.4.3/vm.args new file mode 100644 index 0000000..aeee1e4 --- /dev/null +++ b/3.4.3/vm.args @@ -0,0 +1,47 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# This will toggle to true in Erlang 25+. However since we don't use global +# any longer, and have our own auto-connection module, we can keep the +# existing global behavior to avoid surprises. See +# https://github.com/erlang/otp/issues/6470#issuecomment-1337421210 for more +# information about possible increased coordination and messages being sent on +# disconnections when this setting is enabled. +# +-kernel prevent_overlapping_partitions false + +# Increase the pool of dirty IO schedulers from 10 to 16 +# Dirty IO schedulers are used for file IO. ++SDio 16 + +# Increase distribution buffer size from default of 1MB to 32MB. The default is +# usually a bit low on busy clusters. Has no effect for single-node setups. +# The unit is in kilobytes. ++zdbbl 32768 + +# When running on Docker, Kubernetes or an OS using CFS (Completely Fair +# Scheduler) with CPU quota limits set, disable busy waiting for schedulers to +# avoid busy waiting consuming too much of Erlang VM's CPU time-slice shares. ++sbwt none ++sbwtdcpu none ++sbwtdio none + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput diff --git a/3.5.0-nouveau/Dockerfile b/3.5.0-nouveau/Dockerfile new file mode 100644 index 0000000..1215edb --- /dev/null +++ b/3.5.0-nouveau/Dockerfile @@ -0,0 +1,88 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:bookworm-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r nouveau && useradd -u 5984 -d /opt/nouveau -g nouveau nouveau + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# Nouveau wants a JRE/JDK +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + openjdk-17-jre-headless \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends tini; \ + rm -rf /var/lib/apt/lists/*; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + +ENV GPG_COUCH_KEY 390EF70BB1EA12B2773962950EE62FB37A00258D + +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* + +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ bookworm main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb-nouveau couchdb-nouveau/enable select false" | debconf-set-selections; \ + DEBIAN_FRONTEND=noninteractive COUCHDB_NOUVEAU_ENABLE=1 apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages --no-install-recommends \ + couchdb-nouveau=3.5.0~bookworm; \ + rm -rf /var/lib/apt/lists/*; \ + chown -R nouveau:nouveau /opt/nouveau + +COPY --chown=nouveau:nouveau nouveau.yaml /opt/nouveau/etc/nouveau.yaml + +VOLUME /opt/nouveau/data + +# 5987: Nouveau App +# 5988: Nouveau Admin +EXPOSE 5987 5988 + +# TODO: re-add tini +CMD ["/usr/bin/java", "-server", "-Djava.awt.headless=true", "-Xmx2g", "-jar", "/opt/nouveau/lib/nouveau-1.0-SNAPSHOT.jar", "server", "/opt/nouveau/etc/nouveau.yaml"] diff --git a/3.5.0-nouveau/nouveau.yaml b/3.5.0-nouveau/nouveau.yaml new file mode 100644 index 0000000..5750942 --- /dev/null +++ b/3.5.0-nouveau/nouveau.yaml @@ -0,0 +1,27 @@ +maxIndexesOpen: 3000 +commitIntervalSeconds: 30 +idleSeconds: 60 +rootDir: ./data/nouveau + +logging: + level: INFO + +server: + applicationConnectors: + - type: http + bindHost: 0.0.0.0 + port: 5987 + useDateHeader: false + adminConnectors: + - type: http + bindHost: 0.0.0.0 + port: 5988 + useDateHeader: false + gzip: + includedMethods: + - GET + - POST + requestLog: + appenders: + - type: console + target: stderr diff --git a/3.5.0/10-docker-default.ini b/3.5.0/10-docker-default.ini new file mode 100644 index 0000000..1aa633c --- /dev/null +++ b/3.5.0/10-docker-default.ini @@ -0,0 +1,8 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any diff --git a/3.5.0/Dockerfile b/3.5.0/Dockerfile new file mode 100644 index 0000000..efdcb69 --- /dev/null +++ b/3.5.0/Dockerfile @@ -0,0 +1,104 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:bookworm-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends tini; \ + rm -rf /var/lib/apt/lists/*; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +ENV GPG_COUCH_KEY \ +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + 390EF70BB1EA12B2773962950EE62FB37A00258D +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* + +ENV COUCHDB_VERSION 3.5.0 + +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb couchdb/mode select none" | debconf-set-selections; \ +# we DO want recommends this time + DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ + couchdb="$COUCHDB_VERSION"~bookworm \ + ; \ +# Undo symlinks to /var/log and /var/lib + rmdir /var/lib/couchdb /var/log/couchdb; \ + rm /opt/couchdb/data /opt/couchdb/var/log; \ + mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ + chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ + chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ +# Remove file that sets logging to a file + rm /opt/couchdb/etc/default.d/10-filelog.ini; \ +# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ +# Setup directories and permissions for config. Technically these could be 555 and 444 respectively +# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ +# only local.d needs to be writable for the docker_entrypoint.sh + chmod -f 0777 /opt/couchdb/etc/local.d; \ +# apt clean-up + rm -rf /var/lib/apt/lists/*; + +# Add configuration +COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ + +COPY docker-entrypoint.sh /usr/local/bin +RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] + +VOLUME /opt/couchdb/data + +# 5984: Main CouchDB endpoint +# 4369: Erlang portmap daemon (epmd) +# 9100: CouchDB cluster communication port +EXPOSE 5984 4369 9100 +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.5.0/docker-entrypoint.sh b/3.5.0/docker-entrypoint.sh new file mode 100755 index 0000000..a8544c7 --- /dev/null +++ b/3.5.0/docker-entrypoint.sh @@ -0,0 +1,122 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # this is where runtime configuration changes will be written. + # we need to explicitly touch it here in case /opt/couchdb/etc has + # been mounted as an external volume, in which case it won't exist. + # If running as the couchdb user (i.e. container starts as root), + # write permissions will be granted below. + touch /opt/couchdb/etc/local.d/docker.ini + + # if user is root, assume running under the couchdb user (default) + # and ensure it is able to access files and directories that may be mounted externally + if [ "$(id -u)" = '0' ]; then + # Check that we own everything in /opt/couchdb and fix if necessary. We also + # add the `-f` flag in all the following invocations because there may be + # cases where some of these ownership and permissions issues are non-fatal + # (e.g. a config file owned by root with o+r is actually fine), and we don't + # to be too aggressive about crashing here ... + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + + + # Ensure that data files have the correct permissions. We were previously + # preventing any access to these files outside of couchdb:couchdb, but it + # turns out that CouchDB itself does not set such restrictive permissions + # when it creates the files. The approach taken here ensures that the + # contents of the datadir have the same permissions as they had when they + # were initially created. This should minimize any startup delay. + find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + + # Do the same thing for configuration files and directories. Technically + # CouchDB only needs read access to the configuration files as all online + # changes will be applied to the "docker.ini" file below, but we set 644 + # for the sake of consistency. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + fi + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_SECRET" ]; then + # Set secret only if not already present + if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_ERLANG_COOKIE" ]; then + cookieFile='/opt/couchdb/.erlang.cookie' + if [ -e "$cookieFile" ]; then + if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then + echo >&2 + echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" + echo >&2 + fi + else + echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" + fi + chown couchdb:couchdb "$cookieFile" + chmod 600 "$cookieFile" + fi + + if [ "$(id -u)" = '0' ]; then + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + fi + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' +************************************************************* +ERROR: CouchDB 3.0+ will no longer run in "Admin Party" + mode. You *MUST* specify an admin user and + password, either via your own .ini file mapped + into the container at /opt/couchdb/etc/local.ini + or inside /opt/couchdb/etc/local.d, or with + "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it via "docker run". +************************************************************* +EOWARN + exit 1 + fi + + if [ "$(id -u)" = '0' ]; then + export HOME=$(echo ~couchdb) + exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@" + fi +fi + +exec "$@" diff --git a/3.5.0/vm.args b/3.5.0/vm.args new file mode 100644 index 0000000..aeee1e4 --- /dev/null +++ b/3.5.0/vm.args @@ -0,0 +1,47 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# This will toggle to true in Erlang 25+. However since we don't use global +# any longer, and have our own auto-connection module, we can keep the +# existing global behavior to avoid surprises. See +# https://github.com/erlang/otp/issues/6470#issuecomment-1337421210 for more +# information about possible increased coordination and messages being sent on +# disconnections when this setting is enabled. +# +-kernel prevent_overlapping_partitions false + +# Increase the pool of dirty IO schedulers from 10 to 16 +# Dirty IO schedulers are used for file IO. ++SDio 16 + +# Increase distribution buffer size from default of 1MB to 32MB. The default is +# usually a bit low on busy clusters. Has no effect for single-node setups. +# The unit is in kilobytes. ++zdbbl 32768 + +# When running on Docker, Kubernetes or an OS using CFS (Completely Fair +# Scheduler) with CPU quota limits set, disable busy waiting for schedulers to +# avoid busy waiting consuming too much of Erlang VM's CPU time-slice shares. ++sbwt none ++sbwtdcpu none ++sbwtdio none + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput diff --git a/README.md b/README.md index 048d141..452368c 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# Semi-official Apache CouchDB Docker images [![Build Status](https://travis-ci.org/apache/couchdb-docker.svg?branch=master)](https://travis-ci.org/apache/couchdb-docker) +# Semi-official Apache CouchDB Docker images ## Available tags @@ -9,12 +9,24 @@ There may be more tags available, but these tags should always exist: - `2`: The very latest CouchDB 2.x single node release (capable of running in a cluster) As of this writing, the latest numbered tags available are: -- `3.1.1` +- `3.5.0` +- `3.4.3` +- `3.4.2` +- `3.4.1` +- `3.3.3` +- `3.3.2` +- `3.3.1` +- `3.3.0` +- `3.2.3` +- `3.2.2` +- `3.2.1` +- `3.2.0` +- `3.1.2` - `2.3.1` # How to use this image -The most up-to-date instructions on using this image are always available at https://github.com/apache/couchdb-docker/blob/master/README.md . +The most up-to-date instructions on using this image are always available at https://github.com/apache/couchdb-docker/blob/main/README.md . ## Start a CouchDB instance @@ -50,7 +62,14 @@ If you intend to network this CouchDB instance with others in a cluster, you wil Start your multiple CouchDB instances, then follow the Setup Wizard in the [official CouchDB documentation](http://docs.couchdb.org/en/stable/setup/cluster.html) to complete the process. -For a CouchDB cluster you need to provide the `NODENAME` setting as well as the erlang cookie. Settings to Erlang can be made with the environment variable `ERL_FLAGS`, e.g. `ERL_FLAGS=-setcookie "brumbrum"`. +For a CouchDB cluster you need to provide the `NODENAME` setting as well as the +Erlang distribution cookie. The current version of this image allows the Erlang +cookie to be set directly using the `COUCHDB_ERLANG_COOKIE` environment +variable. The contents of that environment variable will be written to +`/opt/couchdb/.erlang.cookie` with the proper permissions. Previously one would +need to provide the `-setcookie` flag in the environment variable `ERL_FLAGS`, +e.g. `ERL_FLAGS=-setcookie "brumbrum"`. + By default, this image exposes the `epmd` port `4369` and the Erlang cluster communication port `9100` (i.e. `inet_dist_listen_min` and `inet_dist_listen_max` are both 9100). Further information can be found [here](http://docs.couchdb.org/en/stable/cluster/setup.html). @@ -91,6 +110,17 @@ In addition, a few environment variables are provided to set very common paramet * `NODENAME` will set the name of the CouchDB node inside the container to `couchdb@${NODENAME}`, in the file `/opt/couchdb/etc/vm.args`. This is used for clustering purposes and can be ignored for single-node setups. * Erlang Environment Variables like `ERL_FLAGS` will be used by Erlang itself. For a complete list have a look [here](http://erlang.org/doc/man/erl.html#environment-variables) +## Configure CouchDB Nouveau + +Using the `couchdb:3.4-nouveau` image with `couchdb:3.4` container, there are additional configurations required to set the communication between the containers. CouchDB by default communicates with Nouveau at `http://localhost:5987`, which would now be running in a different container. To enable the communication, the CouchDB container should know the location of Nouveau location and enable the configuration. This can be done by puting following configuration file at `/opt/couchdb/etc/local.d/nouveau.ini` in the CouchDB container. + +```ini +[nouveau] +enable = true +url = http://couchdb-nouveau:5987 +``` + +**Note:** Replace the location in the URL. # Caveats @@ -190,10 +220,10 @@ docker run --name my-couchdb --user myuser -v /home/couchdb/data:/opt/couchdb/da # Development images -This repository provides definitions to run the very latest (`master` branch) +This repository provides definitions to run the very latest (`main` branch) CouchDB code: -* `dev` runs a single node off of the `master` branch, similar to the other +* `dev` runs a single node off of the `main` branch, similar to the other officially released images. * `dev-cluster` demonstrates the CouchDB clustering features by creating a local cluster of a default three nodes inside the container, with a proxy in @@ -252,25 +282,26 @@ Also, read the next section to ensure you push all of the tags necessary. # Image uploading for CouchDB release managers -Taking a hypothetical example of CouchDB 2.9.7, here's all of the tags you'd want: +Taking a hypothetical example of CouchDB 3.3.1 with 3.3.1 as the latest release: ```bash -docker build -t apache/couchdb:2.9.7 2.9.7 -docker tag apache/couchdb:2.9.7 apache/couchdb:latest -docker tag apache/couchdb:2.9.7 apache/couchdb:2.9 -docker tag apache/couchdb:2.9.7 apache/couchdb:2 -docker login -docker push apache/couchdb:2.9.7 -docker push apache/couchdb:2.9 -docker push apache/couchdb:2 -docker push apache/couchdb:latest +./build.sh buildx 3.3.1 +./build.sh buildx 3.3.1 as 3.3 +./build.sh buildx 3.3.1 as 3 +./build.sh buildx 3.3.1 as latest + +./build.sh buildx 3.2.2 +./build.sh buildx 3.2.2 as 3.2 ``` Obviously don't create/push the `latest` or `2` tags if this is a maintenance branch superceded by a newer one. -The `build.sh` utility can help you do this quickly, see its usage help for -more details. +To see full build logs, export `PROGRESS_NO_TRUNC=1` and use `--progress +plain` as an option to `docker build`. + +To rebuild all Dockerfile steps without caching (so you can inspect the +build log e.g.), use the `--no-cache` option of `docker build`. ## Feedback, Issues, Contributing @@ -288,5 +319,5 @@ use GitHub Issues, do not report anything on Docker's website. [1]: http://mail-archives.apache.org/mod_mbox/couchdb-user/ [2]: http://mail-archives.apache.org/mod_mbox/couchdb-dev/ -[3]: https://github.com/apache/couchdb/blob/master/CONTRIBUTING.md +[3]: https://github.com/apache/couchdb/blob/main/CONTRIBUTING.md [4]: http://www.apache.org/dev/release-distribution.html#unreleased diff --git a/build.sh b/build.sh index 70bea97..ab8f775 100755 --- a/build.sh +++ b/build.sh @@ -21,6 +21,8 @@ # architecture Docker containers on an x86_64 host. # # For more reading: +# https://github.com/moby/buildkit/issues/1943 +# https://github.com/tonistiigi/binfmt # https://github.com/multiarch/qemu-user-static # https://lobradov.github.io/Building-docker-multiarch-images/ # https://github.com/jessfraz/irssi/blob/master/.travis.yml @@ -29,52 +31,20 @@ set -e -PROMPT="Are you sure (y/n)? " -QEMU="YES" -PLATFORMS="amd64 arm64v8 ppc64le" -BUILDX_PLATFORMS="linux/amd64,linux/arm64/v8,linux/ppc64le" - -prompt() { - if [ -z "${PROMPT}" ] - then - return - fi - if [ "$1" ] - then - echo "$1" - fi - read -p "${PROMPT}" - if [[ $REPLY =~ ^[Yy]$ ]] - then - return - else - exit 0 - fi -} - -update_qemu() { - # necessary locally after every reboot, not sure why....update related maybe? - # basically harmless to run everytime, except for elevated privs necessary. - # disable with -n flag - docker rmi multiarch/qemu-user-static >/dev/null 2>&1 || true - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes - docker rmi multiarch/qemu-user-static -} +BUILDX_PLATFORMS="linux/amd64,linux/arm64/v8,linux/s390x" +# Temporarily disable ppc64le because https://github.com/apache/couchdb-pkg/commit/365d07ce43d9d6d9c3377dd08dc8fc5f656a11bf clean() { echo $# if [ $# -eq 0 ] then regex="*" - ADD_PROMPT="This will remove *ALL* local apache/couchdb Docker images!" elif [ $# -eq 1 ] then regex=$1 - ADD_PROMPT="This will remove *ALL* apache/couchdb images matching regex '${1}' !" else usage fi - prompt "${ADD_PROMPT}" docker images --filter=reference="apache/couchdb:${regex}" | tr -s ' ' | cut -d ' ' -f 2 | while read tag do @@ -86,58 +56,6 @@ clean() { done } -# Builds a specific version -build() { - VERSION=$1 - ARCH=${2:-amd64} - FROMIMG="$(awk '$1 == toupper("FROM") { print $2 }' $VERSION/Dockerfile)" - CURRARCH=$(docker run --rm -t ${FROMIMG} uname -m) - - if [ ${CURRARCH} != ${ARCH} ] - then - docker rmi ${FROMIMG} - docker pull "${ARCH}/${FROMIMG}" - docker tag "${ARCH}/${FROMIMG}" "${FROMIMG}" - fi - docker build -t apache/couchdb:${ARCH}-${VERSION} ${VERSION} - echo "CouchDB ${VERSION} for ${ARCH} built as apache/couchdb:${ARCH}-${VERSION}." -} - -# Builds all platforms for a specific version, local only -# We can't do this with docker buildx, see https://github.com/docker/buildx/issues/166#issuecomment-562729523 -build-all() { - VERSION=$1 - for ARCH in ${PLATFORMS}; do - echo "Starting ${ARCH} at $(date)..." - build $1 ${ARCH} - echo "" - done -} - -# Push locally built versions using above technique -push() { - if [ $2 ] - then - tag_as=$2 - else - tag_as=$1 - fi - docker manifest create apache/couchdb:$tag_as \ - apache/couchdb:amd64-$1 \ - apache/couchdb:arm64v8-$1 \ - apache/couchdb:ppc64le-$1 - - docker manifest annotate apache/couchdb:$tag_as \ - apache/couchdb:arm64v8-$1 --os linux --arch arm64 --variant v8 - - docker manifest annotate apache/couchdb:$tag_as \ - apache/couchdb:ppc64le-$1 --os linux --arch ppc64le - - docker manifest push --purge apache/couchdb:$tag_as - - docker manifest inspect apache/couchdb:$tag_as -} - # Builds all platforms for a specific version and pushes to the registry buildx() { if [ $2 ] @@ -146,48 +64,24 @@ buildx() { else tag_as=$1 fi - docker buildx rm apache-couchdb >/dev/null 2>&1 || true - docker buildx create --name apache-couchdb - docker buildx use apache-couchdb - docker buildx inspect --bootstrap echo "Starting buildx build at $(date)..." docker buildx build --platform ${BUILDX_PLATFORMS} --tag apache/couchdb:$tag_as --push $1 echo "" + + echo "Starting buildx nouveau build at $(date)..." + docker buildx build --platform ${BUILDX_PLATFORMS} --tag apache/couchdb:${tag_as}-nouveau --push $1-nouveau + echo "" } usage() { cat << EOF $0 <-f> <-n> [OPTIONS] -Options: - -f Skip confirmation prompt. - -n Do not install QEMU and binfmt_misc - (build commands only) - General commands: clean Removes ALL local apache/couchdb images (!!) clean Removes ALL local images with matching tags. -\`docker build\` commands: - version #.#.# [all] Builds all platforms for supplied version - Each platform is tagged -. - - version #.#.# Builds only the specified version and arch. - - push #.#.# [as ] Pushes locally-built versions as a multi-arch - manifest. If \`as \` is specified, - pushes the manifest using that tag instead. - -Example workflow: - $0 clean *2.9.7* - $0 version 2.9.7 all - - $0 push 2.9.7 - $0 push 2.9.7 as 2.9 - $0 push 2.9.7 as 2 - $0 push 2.9.7 as latest - \`docker buildx\` commands: buildx #.#.# Builds *and pushes* all platforms for supplied version, using docker buildx. Built images must @@ -207,12 +101,6 @@ Example workflow: docker manifest inspect apache/couchdb:2.9.7 docker pull <--platform linux/other-arch> apache/couchdb:2.9.7 (for testing) - -NOTE: Requires Docker 19.03+ with experimental features enabled. - Add { "experimental" : "true" } to /etc/docker/daemon.json, then - add { "experimental": "enabled" } to ~/.docker/config.json, then - restart the Docker daemon. - EOF exit 0 } @@ -227,14 +115,6 @@ do set -f key="$1" case $key in - -f|--force) - unset PROMPT - shift - ;; - -n|--no-qemu) - unset QEMU - shift - ;; *) POSITIONAL+=("$1") shift @@ -253,51 +133,8 @@ case "$1" in clean $* set +f ;; - version) - # builds a specific version using docker build - # validate/reinstall QEMU - if [ ${QEMU} ] - then - update_qemu - fi - shift - if [ $# -lt 1 -o $# -gt 3 ] - then - usage - fi - # version #.#.# all - if [ "$2" = "all" ] - then - # build all the platforms and test them locally - build-all $1 - else - # build a specific platform locally - build $1 $2 - fi - ;; - push) - # pushes already built local versions as manifest - shift - if [ $# -ne 1 -a $# -ne 3 ] - then - usage - fi - if [ $# -eq 1 ] - then - push $1 - elif [ $2 = "as" ] - then - push $1 $3 - else - usage - fi - ;; buildx) # builds and pushes using docker buildx - if [ ${QEMU} ] - then - update_qemu - fi shift if [ $# -ne 1 -a $# -ne 3 ] then diff --git a/dev-cluster/Dockerfile b/dev-cluster/Dockerfile index 70e3bfb..71ca4b0 100644 --- a/dev-cluster/Dockerfile +++ b/dev-cluster/Dockerfile @@ -30,46 +30,13 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ openssl && \ rm -rf /var/lib/apt/lists/* -# grab gosu for easy step-down from root and tini for signal handling +# grab tini for signal handling # see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 -ENV GOSU_VERSION 1.10 -ENV TINI_VERSION 0.16.1 -RUN set -ex; \ - apt-get update; \ - apt-get install -y --no-install-recommends wget; \ - rm -rf /var/lib/apt/lists/*; \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ -# install gosu - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$%7BGOSU_VERSION%7D/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - for server in $(shuf -e ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - keyserver.ubuntu.com \ - hkp://keyserver.ubuntu.com:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver "$server" --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ - done; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - chmod +x /usr/local/bin/gosu; \ - gosu nobody true; \ -# install tini - wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch"; \ - wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - for server in $(shuf -e ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - keyserver.ubuntu.com \ - hkp://keyserver.ubuntu.com:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver "$server" --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ - done; \ - gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ - rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \ - chmod +x /usr/local/bin/tini; \ - tini --version; \ - apt-get purge -y --auto-remove wget +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends tini; \ + rm -rf /var/lib/apt/lists/*; \ + tini --version RUN apt-get update -y && apt-get install -y --no-install-recommends \ apt-transport-https \ @@ -108,7 +75,7 @@ RUN git clone $clone_url /usr/src/couchdb WORKDIR /usr/src/couchdb RUN ./configure -c --spidermonkey-version 60 -ARG checkout_branch=master +ARG checkout_branch=main ARG configure_options="-c --spidermonkey-version 60" WORKDIR /usr/src/couchdb/ diff --git a/dev/Dockerfile b/dev/Dockerfile index a32bb34..44e90f1 100644 --- a/dev/Dockerfile +++ b/dev/Dockerfile @@ -12,7 +12,7 @@ # Base layer containing dependencies needed at runtime. This layer will be # cached after the initial build. -FROM debian:buster as runtime +FROM debian:bookworm-slim as runtime MAINTAINER CouchDB Developers dev@couchdb.apache.org @@ -25,112 +25,58 @@ RUN apt-get update -y && apt-get install -y \ curl \ dirmngr \ gnupg \ - libicu63 \ - libssl1.1 \ + libicu72 \ + libssl3 \ openssl \ - && echo "deb https://apache.bintray.com/couchdb-deb buster main" \ - | tee /etc/apt/sources.list.d/couchdb.list \ - && cat /etc/apt/sources.list.d/couchdb.list \ - && for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys 8756C4F765C9AC3CB6B85D62379CE192D401AB61 && break || : ; \ - done \ - && gpg -a --export 8756C4F765C9AC3CB6B85D62379CE192D401AB61 > /etc/apt/trusted.gpg.d/couchdb.gpg.asc \ - && apt-get update -y && apt-get install -y --no-install-recommends libmozjs-60-0 \ + && apt-get update -y && apt-get install -y --no-install-recommends libmozjs-78-0 \ && rm -rf /var/lib/apt/lists/* -# grab gosu for easy step-down from root and tini for signal handling +# grab tini for signal handling # see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 -ENV GOSU_VERSION 1.10 -ENV TINI_VERSION 0.16.1 -RUN set -ex; \ +RUN set -eux; \ apt-get update; \ - apt-get install -y --no-install-recommends wget; \ + apt-get install -y --no-install-recommends tini; \ rm -rf /var/lib/apt/lists/*; \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ -# install gosu - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$%7BGOSU_VERSION%7D/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ - for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ - done; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - chmod +x /usr/local/bin/gosu; \ - gosu nobody true; \ - \ -# install tini - wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch"; \ - wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ - for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ - done; \ - gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ - rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \ - chmod +x /usr/local/bin/tini; \ - tini --version; \ - \ - apt-get purge -y --auto-remove wget + tini --version # Dependencies only needed during build time. This layer will also be cached FROM runtime AS build_dependencies -RUN apt-get update -y && apt-get install -y --no-install-recommends \ +RUN set -eux; \ + apt-get update -y && apt-get install -y --no-install-recommends \ build-essential \ - libmozjs-60-dev \ + libmozjs-78-dev \ erlang-nox \ erlang-reltool \ erlang-dev \ + erlang-dialyzer \ git \ libcurl4-openssl-dev \ libicu-dev \ python3 \ libpython3-dev \ python3-pip \ - python3-sphinx \ - python3-setuptools - -RUN pip3 install --upgrade \ - sphinx_rtd_theme \ - nose \ - requests \ - hypothesis - -# Node is special -RUN set -ex; \ - curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -; \ - echo 'deb https://deb.nodesource.com/node_10.x buster main' > /etc/apt/sources.list.d/nodesource.list; \ - echo 'deb-src https://deb.nodesource.com/node_10.x buster main' >> /etc/apt/sources.list.d/nodesource.list; \ - apt-get update -y && apt-get install -y nodejs; \ - npm install -g grunt-cli + python3.11-venv \ + nodejs \ + npm \ + grunt + +ARG spidermonkey_version=78 # Clone CouchDB source code including all dependencies ARG clone_url=https://github.com/apache/couchdb.git RUN git clone $clone_url /usr/src/couchdb WORKDIR /usr/src/couchdb -RUN ./configure +RUN ./configure --spidermonkey-version $spidermonkey_version # This layer performs the actual build of a relocatable, self-contained # release of CouchDB. It pulls down the latest changes from the remote # origin (because the layer above will be cached) and switches to the -# branch specified in the build_arg (defaults to master) +# branch specified in the build_arg (defaults to main) FROM build_dependencies AS build -ARG checkout_branch=master +ARG checkout_branch=main ARG configure_options -ARG spidermonkey_version=60 WORKDIR /usr/src/couchdb/ RUN git fetch origin \ diff --git a/dev/docker-entrypoint.sh b/dev/docker-entrypoint.sh index 7390bd4..7239912 100755 --- a/dev/docker-entrypoint.sh +++ b/dev/docker-entrypoint.sh @@ -64,11 +64,26 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then if [ "$COUCHDB_SECRET" ]; then # Set secret only if not already present - if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini fi fi + if [ "$COUCHDB_ERLANG_COOKIE" ]; then + cookieFile='/opt/couchdb/.erlang.cookie' + if [ -e "$cookieFile" ]; then + if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then + echo >&2 + echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" + echo >&2 + fi + else + echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" + fi + chown couchdb:couchdb "$cookieFile" + chmod 600 "$cookieFile" + fi + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true # if we don't find an [admins] section followed by a non-comment, display a warning @@ -88,8 +103,8 @@ EOWARN exit 1 fi - - exec gosu couchdb "$@" + export HOME=$(echo ~couchdb) + exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@" fi exec "$@" diff --git a/md b/md deleted file mode 100644 index dacb248..0000000 --- a/md +++ /dev/null @@ -1,4 +0,0 @@ -[?25l[?2004h[?25h[?1049h[?1h=[?2004h[?12h[?12l[?25l"README" [New File]~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ [?25h[?25l-- VISUAL --[?25h[?25l[?25h[?25lType :qa! and press to abandon all changes and exit Vim[?25h[?25l[?25h -[?2004l[?1l>[?1049l[?2004l[?2004h[?1049h[?1h=[?2004h[?12h[?12l[?25l~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ [?25h[?2004l[?1l>[?1049lVim: Caught deadly signal TERM -Vim: Finished. - \ No newline at end of file diff --git a/nouveau-compose/README.md b/nouveau-compose/README.md new file mode 100644 index 0000000..bfe27f4 --- /dev/null +++ b/nouveau-compose/README.md @@ -0,0 +1,55 @@ +standard `docker-compose.yml`. + +```shell +mkdir -p ./config/couchdb +``` + +**./config/couchdb/nouveau.ini** +```ini +[nouveau] +enable = true +url = http://couchdb-nouveau:5987 +``` + +**docker-compose.yml** +*This yaml expose 5984 to the host network, if you already using the 5984 change it on the yaml +```yaml +services: + couchdb: + image: couchdb:3.4.1 + restart: unless-stopped + ports: + - 5984:5984 + environment: + - ERL_FLAGS=-setcookie monster + - COUCHDB_CREATE_DATABASE=yes + depends_on: + - couchdb-nouveau + volumes: + - couchdb:/opt/couchdb/data + - ./config/couchdb/nouveau.ini:/opt/couchdb/etc/local.d/nouveau.ini + healthcheck: + test: ["CMD-SHELL", "curl --fail -s http://couchdb:5984/_up"] + interval: 30s + timeout: 5s + retries: 5 + + couchdb-nouveau: + image: couchdb:3.4.1-nouveau +# ports: +# - "5987:5987" +# - "5988:5988" + +networks: + default: + name: couchdb-net +``` + +```shell +docker-compose up +``` + +Check it http://127.0.0.1:5984 + +The _trick_ is the `./config/couchdb/nouveau.ini` defines the `couchdb-nouveau` to be running on docker network service named `couchdb-nouveau`. So the port (5987) mapped to the nouveau container. + diff --git a/pull-all-couchdbdev-docker b/pull-all-couchdbdev-docker deleted file mode 100755 index cfbb8af..0000000 --- a/pull-all-couchdbdev-docker +++ /dev/null @@ -1,99 +0,0 @@ -#!/bin/bash - -DOCKER_ORG="couchdbdev" - -# These are the images that are currently being used, so don't `docker rmi` them on cleanup. -KEEP_IMAGES=( -debian-buster-erlang-all -ppc64ledebian-buster-erlang-20.3.8.25-1 -arm64v8debian-buster-erlang-20.3.8.25-1 -centos-8-erlang-20.3.8.25-1 -centos-7-erlang-20.3.8.25-1 -centos-6-erlang-20.3.8.25-1 -ubuntu-focal-erlang-20.3.8.25-1 -ubuntu-bionic-erlang-20.3.8.25-1 -ubuntu-xenial-erlang-20.3.8.25-1 -debian-buster-erlang-20.3.8.25-1 -debian-stretch-erlang-20.3.8.25-1 -ppc64le-debian-buster-erlang-20.3.8.25-1 -arm64v8-debian-buster-erlang-20.3.8.25-1 -debian-stretch-erlang-19.3.6 -centos-7-erlang-19.3.6 -centos-6-erlang-19.3.6 -) - -# Base images are used for building old libmozjs, primarily. -BASE_IMAGES=( -aarch64-debian-stretch-base -arm64v8-debian-buster-base -centos-6-base -centos-7-base -centos-8-base -debian-buster-base -debian-jessie-base -debian-stretch-base -ppc64le-debian-buster-base -ubuntu-bionic-base -ubuntu-trusty-base -ubuntu-xenial-base -) -# These images layer in the rest of the CouchDB build chain, and 1 or more Erlang versions. -IMAGES=( -aarch64-debian-stretch-erlang-20.3.8.20 -#arm64v8-debian-buster-erlang-20.3.8.22-1 -#arm64v8-debian-buster-erlang-20.3.8.24-1 -arm64v8-debian-buster-erlang-20.3.8.25-1 -arm64v8-debian-stretch-erlang-20.3.8.22-1 -centos-6-erlang-19.3.6 -#centos-6-erlang-20.3.8.22-1 -#centos-6-erlang-20.3.8.24-1 -centos-6-erlang-20.3.8.25-1 -centos-7-erlang-19.3.6 -#centos-7-erlang-20.3.8.22-1 -#centos-7-erlang-20.3.8.24-1 -centos-7-erlang-20.3.8.25-1 -#centos-8-erlang-20.3.8.22-1 -#centos-8-erlang-20.3.8.24-1 -centos-8-erlang-20.3.8.25-1 -#debian-buster-erlang-20.3.8.22-1 -#debian-buster-erlang-20.3.8.24-1 -debian-buster-erlang-20.3.8.25-1 -debian-buster-erlang-all -debian-jessie-erlang-17.5.3 -debian-jessie-erlang-19.3.6 -debian-stretch-erlang-19.3.6 -#debian-stretch-erlang-20.3.8.22-1 -#debian-stretch-erlang-20.3.8.24-1 -debian-stretch-erlang-20.3.8.25-1 -#ppc64le-debian-buster-erlang-20.3.8.24-1 -ppc64le-debian-buster-erlang-20.3.8.25-1 -#ppc64le-debian-stretch-erlang-20.3.8.20 -#ppc64le-debian-stretch-erlang-20.3.8.22-1 -ppc64le-debian-stretch-erlang-20.3.8.24-1 -s390x-debian-buster-erlang-20.3.8.25-1 -ubuntu-12.04-erlang-18.3 -ubuntu-bionic-erlang-19.3.6 -#ubuntu-bionic-erlang-20.3.8.22-1 -#ubuntu-bionic-erlang-20.3.8.24-1 -ubuntu-bionic-erlang-20.3.8.25-1 -ubuntu-focal-erlang-20.3.8.25-1 -ubuntu-trusty-erlang-19.3.6 -ubuntu-trusty-erlang-default -ubuntu-xenial-erlang-19.3.6 -#ubuntu-xenial-erlang-20.3.8.22-1 -#ubuntu-xenial-erlang-20.3.8.24-1 -ubuntu-xenial-erlang-20.3.8.25-1 -) - -for image in ${IMAGES[*]} ${BASE_IMAGES[*]} -do - echo docker pull couchdbdev/${image} - docker pull couchdbdev/${image} - # We don't want to delete the current working set of images. - if ! printf '%s\n' "${KEEP_IMAGES[@]}" | grep -q -P "^${image}$"; then - echo docker rmi couchdbdev/$image - docker rmi couchdbdev/$image - fi -done - -docker system prune -f