From 3f083adb73b7cc8913a805606346f60c8100555e Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Thu, 29 Oct 2020 14:17:23 -0400 Subject: [PATCH 01/53] Move pull-all-couchdbdev-docker to couchdb-ci --- pull-all-couchdbdev-docker | 99 -------------------------------------- 1 file changed, 99 deletions(-) delete mode 100755 pull-all-couchdbdev-docker diff --git a/pull-all-couchdbdev-docker b/pull-all-couchdbdev-docker deleted file mode 100755 index cfbb8af..0000000 --- a/pull-all-couchdbdev-docker +++ /dev/null @@ -1,99 +0,0 @@ -#!/bin/bash - -DOCKER_ORG="couchdbdev" - -# These are the images that are currently being used, so don't `docker rmi` them on cleanup. -KEEP_IMAGES=( -debian-buster-erlang-all -ppc64ledebian-buster-erlang-20.3.8.25-1 -arm64v8debian-buster-erlang-20.3.8.25-1 -centos-8-erlang-20.3.8.25-1 -centos-7-erlang-20.3.8.25-1 -centos-6-erlang-20.3.8.25-1 -ubuntu-focal-erlang-20.3.8.25-1 -ubuntu-bionic-erlang-20.3.8.25-1 -ubuntu-xenial-erlang-20.3.8.25-1 -debian-buster-erlang-20.3.8.25-1 -debian-stretch-erlang-20.3.8.25-1 -ppc64le-debian-buster-erlang-20.3.8.25-1 -arm64v8-debian-buster-erlang-20.3.8.25-1 -debian-stretch-erlang-19.3.6 -centos-7-erlang-19.3.6 -centos-6-erlang-19.3.6 -) - -# Base images are used for building old libmozjs, primarily. -BASE_IMAGES=( -aarch64-debian-stretch-base -arm64v8-debian-buster-base -centos-6-base -centos-7-base -centos-8-base -debian-buster-base -debian-jessie-base -debian-stretch-base -ppc64le-debian-buster-base -ubuntu-bionic-base -ubuntu-trusty-base -ubuntu-xenial-base -) -# These images layer in the rest of the CouchDB build chain, and 1 or more Erlang versions. -IMAGES=( -aarch64-debian-stretch-erlang-20.3.8.20 -#arm64v8-debian-buster-erlang-20.3.8.22-1 -#arm64v8-debian-buster-erlang-20.3.8.24-1 -arm64v8-debian-buster-erlang-20.3.8.25-1 -arm64v8-debian-stretch-erlang-20.3.8.22-1 -centos-6-erlang-19.3.6 -#centos-6-erlang-20.3.8.22-1 -#centos-6-erlang-20.3.8.24-1 -centos-6-erlang-20.3.8.25-1 -centos-7-erlang-19.3.6 -#centos-7-erlang-20.3.8.22-1 -#centos-7-erlang-20.3.8.24-1 -centos-7-erlang-20.3.8.25-1 -#centos-8-erlang-20.3.8.22-1 -#centos-8-erlang-20.3.8.24-1 -centos-8-erlang-20.3.8.25-1 -#debian-buster-erlang-20.3.8.22-1 -#debian-buster-erlang-20.3.8.24-1 -debian-buster-erlang-20.3.8.25-1 -debian-buster-erlang-all -debian-jessie-erlang-17.5.3 -debian-jessie-erlang-19.3.6 -debian-stretch-erlang-19.3.6 -#debian-stretch-erlang-20.3.8.22-1 -#debian-stretch-erlang-20.3.8.24-1 -debian-stretch-erlang-20.3.8.25-1 -#ppc64le-debian-buster-erlang-20.3.8.24-1 -ppc64le-debian-buster-erlang-20.3.8.25-1 -#ppc64le-debian-stretch-erlang-20.3.8.20 -#ppc64le-debian-stretch-erlang-20.3.8.22-1 -ppc64le-debian-stretch-erlang-20.3.8.24-1 -s390x-debian-buster-erlang-20.3.8.25-1 -ubuntu-12.04-erlang-18.3 -ubuntu-bionic-erlang-19.3.6 -#ubuntu-bionic-erlang-20.3.8.22-1 -#ubuntu-bionic-erlang-20.3.8.24-1 -ubuntu-bionic-erlang-20.3.8.25-1 -ubuntu-focal-erlang-20.3.8.25-1 -ubuntu-trusty-erlang-19.3.6 -ubuntu-trusty-erlang-default -ubuntu-xenial-erlang-19.3.6 -#ubuntu-xenial-erlang-20.3.8.22-1 -#ubuntu-xenial-erlang-20.3.8.24-1 -ubuntu-xenial-erlang-20.3.8.25-1 -) - -for image in ${IMAGES[*]} ${BASE_IMAGES[*]} -do - echo docker pull couchdbdev/${image} - docker pull couchdbdev/${image} - # We don't want to delete the current working set of images. - if ! printf '%s\n' "${KEEP_IMAGES[@]}" | grep -q -P "^${image}$"; then - echo docker rmi couchdbdev/$image - docker rmi couchdbdev/$image - fi -done - -docker system prune -f From 03af73d79440c44c386848b6ceac1434cf5af357 Mon Sep 17 00:00:00 2001 From: Amit Phulera Date: Mon, 11 Jan 2021 22:44:30 +0530 Subject: [PATCH 02/53] Update dev to use `main` branch rather than master (#195) --- dev-cluster/Dockerfile | 2 +- dev/Dockerfile | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/dev-cluster/Dockerfile b/dev-cluster/Dockerfile index 70e3bfb..62883f2 100644 --- a/dev-cluster/Dockerfile +++ b/dev-cluster/Dockerfile @@ -108,7 +108,7 @@ RUN git clone $clone_url /usr/src/couchdb WORKDIR /usr/src/couchdb RUN ./configure -c --spidermonkey-version 60 -ARG checkout_branch=master +ARG checkout_branch=main ARG configure_options="-c --spidermonkey-version 60" WORKDIR /usr/src/couchdb/ diff --git a/dev/Dockerfile b/dev/Dockerfile index a32bb34..782d233 100644 --- a/dev/Dockerfile +++ b/dev/Dockerfile @@ -125,10 +125,10 @@ RUN ./configure # This layer performs the actual build of a relocatable, self-contained # release of CouchDB. It pulls down the latest changes from the remote # origin (because the layer above will be cached) and switches to the -# branch specified in the build_arg (defaults to master) +# branch specified in the build_arg (defaults to main) FROM build_dependencies AS build -ARG checkout_branch=master +ARG checkout_branch=main ARG configure_options ARG spidermonkey_version=60 From b674b6c651acedcdce18e30108dbe994a55d8da0 Mon Sep 17 00:00:00 2001 From: Glynn Bird Date: Tue, 16 Mar 2021 20:50:07 +0000 Subject: [PATCH 03/53] protect main branch with .asf.yaml config (#193) --- .asf.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 .asf.yaml diff --git a/.asf.yaml b/.asf.yaml new file mode 100644 index 0000000..be0b311 --- /dev/null +++ b/.asf.yaml @@ -0,0 +1,18 @@ +github: + description: "Semi-official Apache CouchDB Docker images" + homepage: https://github.com/apache/couchdb-docker + labels: + - apache + - couchdb + - erlang + - network-client + - http + - cplusplus + - big-data + - cloud + - database + - network-server + - javascript + protected_branches: + main + From e3ca492e13f65ffd72593ac3d7c43c737787e2b2 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Tue, 16 Mar 2021 18:29:54 -0400 Subject: [PATCH 04/53] Drop ppc64le until suitable CI replacement identified (#199) --- build.sh | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/build.sh b/build.sh index 70bea97..b0291dc 100755 --- a/build.sh +++ b/build.sh @@ -31,8 +31,8 @@ set -e PROMPT="Are you sure (y/n)? " QEMU="YES" -PLATFORMS="amd64 arm64v8 ppc64le" -BUILDX_PLATFORMS="linux/amd64,linux/arm64/v8,linux/ppc64le" +PLATFORMS="amd64 arm64v8" +BUILDX_PLATFORMS="linux/amd64,linux/arm64/v8" prompt() { if [ -z "${PROMPT}" ] @@ -124,15 +124,11 @@ push() { fi docker manifest create apache/couchdb:$tag_as \ apache/couchdb:amd64-$1 \ - apache/couchdb:arm64v8-$1 \ - apache/couchdb:ppc64le-$1 + apache/couchdb:arm64v8-$1 docker manifest annotate apache/couchdb:$tag_as \ apache/couchdb:arm64v8-$1 --os linux --arch arm64 --variant v8 - docker manifest annotate apache/couchdb:$tag_as \ - apache/couchdb:ppc64le-$1 --os linux --arch ppc64le - docker manifest push --purge apache/couchdb:$tag_as docker manifest inspect apache/couchdb:$tag_as From 44dc5167b74c5db49cbbeab808494cf37ac615c9 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Tue, 23 Mar 2021 11:27:27 -0400 Subject: [PATCH 05/53] Multiple build system improvements (#200) --- .gitignore | 2 + .travis.yml | 1 - 1.7.2-couchperuser/Dockerfile | 27 ----- 1.7.2-couchperuser/docker-entrypoint.sh | 35 ------ 1.7.2/Dockerfile | 123 --------------------- 1.7.2/docker-entrypoint.sh | 86 --------------- 2.3.1/Dockerfile | 49 ++------- 3.0.1/10-docker-default.ini | 8 -- 3.0.1/Dockerfile | 140 ------------------------ 3.0.1/docker-entrypoint.sh | 106 ------------------ 3.0.1/vm.args | 28 ----- 3.1.1/Dockerfile | 42 +------ build.sh | 38 +++++-- dev-cluster/Dockerfile | 44 +------- dev/Dockerfile | 39 +------ md | 4 - 16 files changed, 53 insertions(+), 719 deletions(-) create mode 100644 .gitignore delete mode 100644 1.7.2-couchperuser/Dockerfile delete mode 100755 1.7.2-couchperuser/docker-entrypoint.sh delete mode 100644 1.7.2/Dockerfile delete mode 100755 1.7.2/docker-entrypoint.sh delete mode 100644 3.0.1/10-docker-default.ini delete mode 100644 3.0.1/Dockerfile delete mode 100755 3.0.1/docker-entrypoint.sh delete mode 100644 3.0.1/vm.args delete mode 100644 md diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b72f9be --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +*~ +*.swp diff --git a/.travis.yml b/.travis.yml index ba445ff..9c0a4d4 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,7 +13,6 @@ services: env: - RELEASES=2.3.1 - RELEASES=2.3.1-ubi - - RELEASES=3.0.1 - RELEASES=3.1.1 - RELEASES=3.1.1-ubi - RELEASES=dev diff --git a/1.7.2-couchperuser/Dockerfile b/1.7.2-couchperuser/Dockerfile deleted file mode 100644 index 76eaab4..0000000 --- a/1.7.2-couchperuser/Dockerfile +++ /dev/null @@ -1,27 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -FROM apache/couchdb:1.7.2 - -MAINTAINER CouchDB Developers dev@couchdb.apache.org - -ENV COUCHPERUSER_SHA 5d28db3272eea9619d4391b33aae6030f0319ecc54aa2a2f2b6c6a8d448f03f2 -RUN apt-get update && apt-get install -y rebar make \ - && mkdir -p /usr/local/lib/couchdb/plugins/couchperuser \ - && cd /usr/local/lib/couchdb/plugins \ - && curl -L -o couchperuser.tar.gz https://github.com/etrepum/couchperuser/archive/1.1.0.tar.gz \ - && echo "$COUCHPERUSER_SHA *couchperuser.tar.gz" | sha256sum -c - \ - && tar -xzf couchperuser.tar.gz -C couchperuser --strip-components=1 \ - && rm couchperuser.tar.gz \ - && cd couchperuser \ - && make \ - && apt-get purge -y --auto-remove rebar make diff --git a/1.7.2-couchperuser/docker-entrypoint.sh b/1.7.2-couchperuser/docker-entrypoint.sh deleted file mode 100755 index ba4dac3..0000000 --- a/1.7.2-couchperuser/docker-entrypoint.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -set -e - -if [ "$1" = 'couchdb' ]; then - # we need to set the permissions here because docker mounts volumes as root - chown -R couchdb:couchdb \ - /usr/local/var/lib/couchdb \ - /usr/local/var/log/couchdb \ - /usr/local/var/run/couchdb \ - /usr/local/etc/couchdb - - chmod -R 0770 \ - /usr/local/var/lib/couchdb \ - /usr/local/var/log/couchdb \ - /usr/local/var/run/couchdb \ - /usr/local/etc/couchdb - - chmod 664 /usr/local/etc/couchdb/*.ini - chmod 775 /usr/local/etc/couchdb/*.d - exec gosu couchdb "$@" -fi - -exec "$@" diff --git a/1.7.2/Dockerfile b/1.7.2/Dockerfile deleted file mode 100644 index 5e6054c..0000000 --- a/1.7.2/Dockerfile +++ /dev/null @@ -1,123 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -FROM debian:jessie - -MAINTAINER CouchDB Developers dev@couchdb.apache.org - -# Install instructions from https://cwiki.apache.org/confluence/display/COUCHDB/Debian - -RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb - -RUN apt-get update -y && apt-get install -y --no-install-recommends \ - ca-certificates \ - curl \ - erlang-nox \ - libicu52 \ - libmozjs185-1.0 \ - libnspr4 \ - libnspr4-0d \ - && rm -rf /var/lib/apt/lists/* - -ENV GOSU_VERSION 1.10 -ENV TINI_VERSION 0.16.1 -RUN set -ex; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends wget; \ - rm -rf /var/lib/apt/lists/*; \ - \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - \ -# install gosu - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$%7BGOSU_VERSION%7D/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - chmod +x /usr/local/bin/gosu; \ - gosu nobody true; \ - \ -# install tini - wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch"; \ - wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7; \ - gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ - rm -r "$GNUPGHOME" /usr/local/bin/tini.asc; \ - chmod +x /usr/local/bin/tini; \ - tini --version; \ - \ - apt-get purge -y --auto-remove wget - -# https://www.apache.org/dist/couchdb/KEYS -ENV GPG_KEYS \ - 15DD4F3B8AACA54740EB78C7B7B7C53943ECCEE1 \ - 1CFBFA43C19B6DF4A0CA3934669C02FFDF3CEBA3 \ - 25BBBAC113C1BFD5AA594A4C9F96B92930380381 \ - 4BFCA2B99BADC6F9F105BEC9C5E32E2D6B065BFB \ - 5D680346FAA3E51B29DBCB681015F68F9DA248BC \ - 7BCCEB868313DDA925DF1805ECA5BCB7BB9656B0 \ - C3F4DFAEAD621E1C94523AEEC376457E61D50B88 \ - D2B17F9DA23C0A10991AF2E3D9EE01E47852AEE4 \ - E0AF0A194D55C84E4A19A801CDB0C0F904F4EE9B -RUN set -xe \ - && for key in $GPG_KEYS; do \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ - done - -ENV COUCHDB_VERSION 1.7.2 - -# download dependencies, compile and install couchdb, -# set correct permissions, expose couchdb to the outside and disable logging to disk -RUN buildDeps=' \ - gcc \ - g++ \ - erlang-dev \ - libcurl4-openssl-dev \ - libicu-dev \ - libmozjs185-dev \ - libnspr4-dev \ - make \ - ' \ - && apt-get update && apt-get install -y --no-install-recommends $buildDeps \ - && curl -fSL https://archive.apache.org/dist/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \ - && curl -fSL https://archive.apache.org/dist/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz.asc -o couchdb.tar.gz.asc \ - && gpg --batch --verify couchdb.tar.gz.asc couchdb.tar.gz \ - && mkdir -p /usr/src/couchdb \ - && tar -xzf couchdb.tar.gz -C /usr/src/couchdb --strip-components=1 \ - && cd /usr/src/couchdb \ - && ./configure --with-js-lib=/usr/lib --with-js-include=/usr/include/mozjs \ - && make && make install \ - && apt-get purge -y --auto-remove $buildDeps \ - && rm -rf /var/lib/apt/lists/* /usr/src/couchdb /couchdb.tar.gz* \ - && chown -R couchdb:couchdb \ - /usr/local/lib/couchdb /usr/local/etc/couchdb \ - /usr/local/var/lib/couchdb /usr/local/var/log/couchdb /usr/local/var/run/couchdb \ - && chmod -R g+rw \ - /usr/local/lib/couchdb /usr/local/etc/couchdb \ - /usr/local/var/lib/couchdb /usr/local/var/log/couchdb /usr/local/var/run/couchdb \ - && mkdir -p /var/lib/couchdb \ - && sed -e 's/^bind_address = .*$/bind_address = 0.0.0.0/' -i /usr/local/etc/couchdb/default.ini \ - && sed -e 's!/usr/local/var/log/couchdb/couch.log$!/dev/null!' -i /usr/local/etc/couchdb/default.ini - -COPY ./docker-entrypoint.sh / - -# Define mountable directories. -VOLUME ["/usr/local/var/lib/couchdb"] - -EXPOSE 5984 -WORKDIR /var/lib/couchdb - -ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] -CMD ["couchdb"] diff --git a/1.7.2/docker-entrypoint.sh b/1.7.2/docker-entrypoint.sh deleted file mode 100755 index db5a60e..0000000 --- a/1.7.2/docker-entrypoint.sh +++ /dev/null @@ -1,86 +0,0 @@ -#!/bin/bash -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -set -e - -if [ "$1" = 'couchdb' ]; then - # we need to set the permissions here because docker mounts volumes as root - chown -R couchdb:couchdb \ - /usr/local/var/lib/couchdb \ - /usr/local/var/log/couchdb \ - /usr/local/var/run/couchdb \ - /usr/local/etc/couchdb - - chmod -R 0770 \ - /usr/local/var/lib/couchdb \ - /usr/local/var/log/couchdb \ - /usr/local/var/run/couchdb \ - /usr/local/etc/couchdb - - chmod 664 /usr/local/etc/couchdb/*.ini - chmod 775 /usr/local/etc/couchdb/*.d - - if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then - # Create admin - printf "[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" > /usr/local/etc/couchdb/local.d/docker.ini - chown couchdb:couchdb /usr/local/etc/couchdb/local.d/docker.ini - fi - - if [ -f /usr/local/etc/couchdb/local.d/bind_address.ini ]; then - if ! grep -Fq "port =" /usr/local/etc/couchdb/local.d/bind_address.ini; then - vport=$(printf "[httpd]\\\nport = %s" ${COUCHDB_HTTP_PORT:=5984}) - if grep -qF '[httpd]' /usr/local/etc/couchdb/local.d/bind_address.ini; then - sed -i -e "s/\\[httpd\\]/$vport/g" /usr/local/etc/couchdb/local.d/bind_address.ini - else - printf "$vport" >> /usr/local/etc/couchdb/local.d/bind_address.ini - fi - - fi - - if ! grep -Fq "bind_address =" /usr/local/etc/couchdb/local.d/bind_address.ini; then - vaddress=$(printf "[httpd]\\\nbind_address = %s" ${COUCHDB_HTTP_BIND_ADDRESS:=0.0.0.0}) - if grep -qF '[httpd]' /usr/local/etc/couchdb/local.d/bind_address.ini; then - sed -i -e "s/\\[httpd\\]/$vaddress/g" /usr/local/etc/couchdb/local.d/bind_address.ini - else - printf "$vaddress" >> /usr/local/etc/couchdb/local.d/bind_address.ini - fi - - fi - - else - printf "[httpd]\nport = %s\nbind_address = %s\n" ${COUCHDB_HTTP_PORT:=5984} ${COUCHDB_HTTP_BIND_ADDRESS:=0.0.0.0} > /usr/local/etc/couchdb/local.d/bind_address.ini - fi - - chown couchdb:couchdb /usr/local/etc/couchdb/local.d/bind_address.ini - - # if we don't find an [admins] section followed by a non-comment, display a warning - if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /usr/local/etc/couchdb; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' - **************************************************** - WARNING: CouchDB is running in Admin Party mode. - This will allow anyone with access to the - CouchDB port to access your database. In - Docker's default configuration, this is - effectively any other container on the same - system. - Use "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" - to set it in "docker run". - **************************************************** - EOWARN - fi - - exec gosu couchdb "$@" -fi - -exec "$@" diff --git a/2.3.1/Dockerfile b/2.3.1/Dockerfile index f8ad0c9..9d5706c 100644 --- a/2.3.1/Dockerfile +++ b/2.3.1/Dockerfile @@ -10,7 +10,7 @@ # License for the specific language governing permissions and limitations under # the License. -FROM debian:stretch-slim +FROM debian:buster-slim LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" @@ -30,47 +30,11 @@ RUN set -ex; \ # grab gosu for easy step-down from root and tini for signal handling and zombie reaping # see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 -ENV GOSU_VERSION 1.11 -ENV TINI_VERSION 0.18.0 -RUN set -ex; \ - \ +RUN set -eux; \ apt-get update; \ - apt-get install -y --no-install-recommends wget; \ + apt-get install -y --no-install-recommends gosu tini; \ rm -rf /var/lib/apt/lists/*; \ - \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - \ -# install gosu - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$%7BGOSU_VERSION%7D/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ - for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ - done; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - chmod +x /usr/local/bin/gosu; \ gosu nobody true; \ - \ -# install tini - wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch"; \ - wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ - for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ - done; \ - gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ - rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \ - chmod +x /usr/local/bin/tini; \ - apt-get purge -y --auto-remove wget; \ tini --version # http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages @@ -83,6 +47,7 @@ RUN set -xe; \ for server in $(shuf -e pgpkeys.mit.edu \ ha.pool.sks-keyservers.net \ hkp://p80.pool.sks-keyservers.net:80 \ + hkps://hkps.pool.sks-keyservers.net \ pgp.mit.edu) ; do \ gpg --batch --keyserver $server --recv-keys $GPG_COUCH_KEY && break || : ; \ done; \ @@ -91,9 +56,9 @@ RUN set -xe; \ rm -rf "$GNUPGHOME"; \ apt-key list -ENV COUCHDB_VERSION 2.3.1 +ENV COUCHDB_VERSION 2.3.1-1 -RUN echo "deb https://apache.bintray.com/couchdb-deb stretch main" > /etc/apt/sources.list.d/couchdb.list +RUN echo "deb https://apache.bintray.com/couchdb-deb buster main" > /etc/apt/sources.list.d/couchdb.list # https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian RUN set -xe; \ @@ -102,7 +67,7 @@ RUN set -xe; \ echo "couchdb couchdb/mode select none" | debconf-set-selections; \ # we DO want recommends this time DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ - couchdb="$COUCHDB_VERSION"~stretch \ + couchdb="$COUCHDB_VERSION"~buster \ ; \ # Undo symlinks to /var/log and /var/lib rmdir /var/lib/couchdb /var/log/couchdb; \ diff --git a/3.0.1/10-docker-default.ini b/3.0.1/10-docker-default.ini deleted file mode 100644 index 1aa633c..0000000 --- a/3.0.1/10-docker-default.ini +++ /dev/null @@ -1,8 +0,0 @@ -; CouchDB Configuration Settings - -; Custom settings should be made in this file. They will override settings -; in default.ini, but unlike changes made to default.ini, this file won't be -; overwritten on server upgrade. - -[chttpd] -bind_address = any diff --git a/3.0.1/Dockerfile b/3.0.1/Dockerfile deleted file mode 100644 index 84f78a4..0000000 --- a/3.0.1/Dockerfile +++ /dev/null @@ -1,140 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -FROM debian:buster-slim - -LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" - -# Add CouchDB user account to make sure the IDs are assigned consistently -RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb - -# be sure GPG and apt-transport-https are available and functional -RUN set -ex; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - apt-transport-https \ - ca-certificates \ - dirmngr \ - gnupg \ - ; \ - rm -rf /var/lib/apt/lists/* - -# grab gosu for easy step-down from root and tini for signal handling and zombie reaping -# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 -ENV GOSU_VERSION 1.11 -ENV TINI_VERSION 0.18.0 -RUN set -ex; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends wget; \ - rm -rf /var/lib/apt/lists/*; \ - \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - \ -# install gosu - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$%7BGOSU_VERSION%7D/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ - for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ - done; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - chmod +x /usr/local/bin/gosu; \ - gosu nobody true; \ - \ -# install tini - wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch"; \ - wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ - for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ - done; \ - gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ - rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \ - chmod +x /usr/local/bin/tini; \ - apt-get purge -y --auto-remove wget; \ - tini --version - -# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages -ENV GPG_COUCH_KEY \ -# gpg: key D401AB61: public key "Bintray (by JFrog) imported - 8756C4F765C9AC3CB6B85D62379CE192D401AB61 -RUN set -xe; \ - export GNUPGHOME="$(mktemp -d)"; \ - echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ - for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys $GPG_COUCH_KEY && break || : ; \ - done; \ - gpg --batch --export $GPG_COUCH_KEY > /etc/apt/trusted.gpg.d/couchdb.gpg; \ - command -v gpgconf && gpgconf --kill all || :; \ - rm -rf "$GNUPGHOME"; \ - apt-key list - -ENV COUCHDB_VERSION 3.0.1 - -RUN echo "deb https://apache.bintray.com/couchdb-deb buster main" > /etc/apt/sources.list.d/couchdb.list - -# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian -RUN set -xe; \ - apt-get update; \ - \ - echo "couchdb couchdb/mode select none" | debconf-set-selections; \ -# we DO want recommends this time - DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ - couchdb="$COUCHDB_VERSION"~buster \ - ; \ -# Undo symlinks to /var/log and /var/lib - rmdir /var/lib/couchdb /var/log/couchdb; \ - rm /opt/couchdb/data /opt/couchdb/var/log; \ - mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ - chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ - chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ -# Remove file that sets logging to a file - rm /opt/couchdb/etc/default.d/10-filelog.ini; \ -# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh - find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ -# Setup directories and permissions for config. Technically these could be 555 and 444 respectively -# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. - find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ - find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ -# only local.d needs to be writable for the docker_entrypoint.sh - chmod -f 0777 /opt/couchdb/etc/local.d; \ -# apt clean-up - rm -rf /var/lib/apt/lists/*; - -# Add configuration -COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ -COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ - -COPY docker-entrypoint.sh /usr/local/bin -RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat -ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] - -VOLUME /opt/couchdb/data - -# 5984: Main CouchDB endpoint -# 4369: Erlang portmap daemon (epmd) -# 9100: CouchDB cluster communication port -EXPOSE 5984 4369 9100 -CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.0.1/docker-entrypoint.sh b/3.0.1/docker-entrypoint.sh deleted file mode 100755 index acf3675..0000000 --- a/3.0.1/docker-entrypoint.sh +++ /dev/null @@ -1,106 +0,0 @@ -#!/bin/bash -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -set -e - -# first arg is `-something` or `+something` -if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then - set -- /opt/couchdb/bin/couchdb "$@" -fi - -# first arg is the bare word `couchdb` -if [ "$1" = 'couchdb' ]; then - shift - set -- /opt/couchdb/bin/couchdb "$@" -fi - -if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then - # this is where runtime configuration changes will be written. - # we need to explicitly touch it here in case /opt/couchdb/etc has - # been mounted as an external volume, in which case it won't exist. - # If running as the couchdb user (i.e. container starts as root), - # write permissions will be granted below. - touch /opt/couchdb/etc/local.d/docker.ini - - # if user is root, assume running under the couchdb user (default) - # and ensure it is able to access files and directories that may be mounted externally - if [ "$(id -u)" = '0' ]; then - # Check that we own everything in /opt/couchdb and fix if necessary. We also - # add the `-f` flag in all the following invocations because there may be - # cases where some of these ownership and permissions issues are non-fatal - # (e.g. a config file owned by root with o+r is actually fine), and we don't - # to be too aggressive about crashing here ... - find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + - - # Ensure that data files have the correct permissions. We were previously - # preventing any access to these files outside of couchdb:couchdb, but it - # turns out that CouchDB itself does not set such restrictive permissions - # when it creates the files. The approach taken here ensures that the - # contents of the datadir have the same permissions as they had when they - # were initially created. This should minimize any startup delay. - find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + - find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + - - # Do the same thing for configuration files and directories. Technically - # CouchDB only needs read access to the configuration files as all online - # changes will be applied to the "docker.ini" file below, but we set 644 - # for the sake of consistency. - find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + - find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + - fi - - if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then - echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args - fi - - if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then - # Create admin only if not already present - if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini - fi - fi - - if [ "$COUCHDB_SECRET" ]; then - # Set secret only if not already present - if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini - fi - fi - - if [ "$(id -u)" = '0' ]; then - chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true - fi - - # if we don't find an [admins] section followed by a non-comment, display a warning - if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' -************************************************************* -ERROR: CouchDB 3.0+ will no longer run in "Admin Party" - mode. You *MUST* specify an admin user and - password, either via your own .ini file mapped - into the container at /opt/couchdb/etc/local.ini - or inside /opt/couchdb/etc/local.d, or with - "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" - to set it via "docker run". -************************************************************* -EOWARN - exit 1 - fi - - if [ "$(id -u)" = '0' ]; then - exec gosu couchdb "$@" - fi -fi - -exec "$@" diff --git a/3.0.1/vm.args b/3.0.1/vm.args deleted file mode 100644 index 0425756..0000000 --- a/3.0.1/vm.args +++ /dev/null @@ -1,28 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -# Ensure that the Erlang VM listens on a known port --kernel inet_dist_listen_min 9100 --kernel inet_dist_listen_max 9100 - -# Tell kernel and SASL not to log anything --kernel error_logger silent --sasl sasl_error_logger false - -# Use kernel poll functionality if supported by emulator -+K true - -# Start a pool of asynchronous IO threads -+A 16 - -# Comment this line out to enable the interactive Erlang shell on startup -+Bd -noinput diff --git a/3.1.1/Dockerfile b/3.1.1/Dockerfile index 8e5ec26..06280ee 100644 --- a/3.1.1/Dockerfile +++ b/3.1.1/Dockerfile @@ -30,49 +30,14 @@ RUN set -ex; \ # grab gosu for easy step-down from root and tini for signal handling and zombie reaping # see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 -ENV GOSU_VERSION 1.11 -ENV TINI_VERSION 0.18.0 -RUN set -ex; \ - \ +RUN set -eux; \ apt-get update; \ - apt-get install -y --no-install-recommends wget; \ + apt-get install -y --no-install-recommends gosu tini; \ rm -rf /var/lib/apt/lists/*; \ - \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - \ -# install gosu - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$%7BGOSU_VERSION%7D/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ - for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ - done; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - chmod +x /usr/local/bin/gosu; \ gosu nobody true; \ - \ -# install tini - wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch"; \ - wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ - for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ - done; \ - gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ - rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \ - chmod +x /usr/local/bin/tini; \ - apt-get purge -y --auto-remove wget; \ tini --version + # http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages ENV GPG_COUCH_KEY \ # gpg: key D401AB61: public key "Bintray (by JFrog) imported @@ -83,6 +48,7 @@ RUN set -xe; \ for server in $(shuf -e pgpkeys.mit.edu \ ha.pool.sks-keyservers.net \ hkp://p80.pool.sks-keyservers.net:80 \ + hkps://hkps.pool.sks-keyservers.net \ pgp.mit.edu) ; do \ gpg --batch --keyserver $server --recv-keys $GPG_COUCH_KEY && break || : ; \ done; \ diff --git a/build.sh b/build.sh index b0291dc..09a3020 100755 --- a/build.sh +++ b/build.sh @@ -21,6 +21,8 @@ # architecture Docker containers on an x86_64 host. # # For more reading: +# https://github.com/moby/buildkit/issues/1943 +# https://github.com/tonistiigi/binfmt # https://github.com/multiarch/qemu-user-static # https://lobradov.github.io/Building-docker-multiarch-images/ # https://github.com/jessfraz/irssi/blob/master/.travis.yml @@ -56,9 +58,26 @@ update_qemu() { # necessary locally after every reboot, not sure why....update related maybe? # basically harmless to run everytime, except for elevated privs necessary. # disable with -n flag - docker rmi multiarch/qemu-user-static >/dev/null 2>&1 || true - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes - docker rmi multiarch/qemu-user-static + # NOTE multiarch/qemu-user-static broken as of Jan 2021 + # docker rmi multiarch/qemu-user-static >/dev/null 2>&1 || true + # docker run --rm --privileged multiarch/qemu-user-static --reset -p yes + # docker rmi multiarch/qemu-user-static + # use tonistiigi/binfmt instead. + # this requires bash 4.*, sorry jan! + echo "Uninstalling all qemu emulators..." + readarray -t platforms < <(docker run --privileged tonistiigi/binfmt | jq -c '.emulators[] | select(. | contains("qemu"))') + for plat in "${platforms[@]}"; do + plat="${plat//\"}" + docker run --privileged tonistiigi/binfmt --uninstall $plat >/dev/null 2>&1 + done + + echo "Reinstalling all qemu emulators with latest version..." + docker run --privileged --rm tonistiigi/binfmt --install all + + echo "Proving all emulators work..." + docker run --rm arm32v7/alpine uname -a + docker run --rm arm64v8/alpine uname -a + docker run --rm tonistiigi/debian:riscv uname -a } clean() { @@ -143,7 +162,10 @@ buildx() { tag_as=$1 fi docker buildx rm apache-couchdb >/dev/null 2>&1 || true - docker buildx create --name apache-couchdb + + + echo "Creating the buildx environment..." + docker buildx create --name apache-couchdb --driver docker-container --use docker buildx use apache-couchdb docker buildx inspect --bootstrap @@ -290,15 +312,15 @@ case "$1" in ;; buildx) # builds and pushes using docker buildx - if [ ${QEMU} ] - then - update_qemu - fi shift if [ $# -ne 1 -a $# -ne 3 ] then usage fi + if [ ${QEMU} ] + then + update_qemu + fi if [ $# -eq 1 ] then buildx $1 diff --git a/dev-cluster/Dockerfile b/dev-cluster/Dockerfile index 62883f2..f599fec 100644 --- a/dev-cluster/Dockerfile +++ b/dev-cluster/Dockerfile @@ -32,44 +32,12 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ # grab gosu for easy step-down from root and tini for signal handling # see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 -ENV GOSU_VERSION 1.10 -ENV TINI_VERSION 0.16.1 -RUN set -ex; \ - apt-get update; \ - apt-get install -y --no-install-recommends wget; \ - rm -rf /var/lib/apt/lists/*; \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ -# install gosu - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$%7BGOSU_VERSION%7D/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - for server in $(shuf -e ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - keyserver.ubuntu.com \ - hkp://keyserver.ubuntu.com:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver "$server" --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ - done; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - chmod +x /usr/local/bin/gosu; \ - gosu nobody true; \ -# install tini - wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch"; \ - wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - for server in $(shuf -e ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - keyserver.ubuntu.com \ - hkp://keyserver.ubuntu.com:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver "$server" --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ - done; \ - gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ - rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \ - chmod +x /usr/local/bin/tini; \ - tini --version; \ - apt-get purge -y --auto-remove wget +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends gosu tini; \ + rm -rf /var/lib/apt/lists/*; \ + gosu nobody true; \ + tini --version RUN apt-get update -y && apt-get install -y --no-install-recommends \ apt-transport-https \ diff --git a/dev/Dockerfile b/dev/Dockerfile index 782d233..b493e97 100644 --- a/dev/Dockerfile +++ b/dev/Dockerfile @@ -34,6 +34,7 @@ RUN apt-get update -y && apt-get install -y \ && for server in $(shuf -e pgpkeys.mit.edu \ ha.pool.sks-keyservers.net \ hkp://p80.pool.sks-keyservers.net:80 \ + hkps://hkps.pool.sks-keyservers.net \ pgp.mit.edu) ; do \ gpg --batch --keyserver $server --recv-keys 8756C4F765C9AC3CB6B85D62379CE192D401AB61 && break || : ; \ done \ @@ -47,42 +48,10 @@ ENV GOSU_VERSION 1.10 ENV TINI_VERSION 0.16.1 RUN set -ex; \ apt-get update; \ - apt-get install -y --no-install-recommends wget; \ + apt-get install -y --no-install-recommends gosu tini; \ rm -rf /var/lib/apt/lists/*; \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ -# install gosu - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$%7BGOSU_VERSION%7D/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ - for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ - done; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - chmod +x /usr/local/bin/gosu; \ - gosu nobody true; \ - \ -# install tini - wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch"; \ - wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v$%7BTINI_VERSION%7D/tini-$dpkgArch.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ - for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ - done; \ - gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ - rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \ - chmod +x /usr/local/bin/tini; \ - tini --version; \ - \ - apt-get purge -y --auto-remove wget + gosu nobody true; \ + tini --version # Dependencies only needed during build time. This layer will also be cached FROM runtime AS build_dependencies diff --git a/md b/md deleted file mode 100644 index dacb248..0000000 --- a/md +++ /dev/null @@ -1,4 +0,0 @@ -[?25l[?2004h[?25h[?1049h[?1h=[?2004h[?12h[?12l[?25l"README" [New File]~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ [?25h[?25l-- VISUAL --[?25h[?25l[?25h[?25lType :qa! and press to abandon all changes and exit Vim[?25h[?25l[?25h -[?2004l[?1l>[?1049l[?2004l[?2004h[?1049h[?1h=[?2004h[?12h[?12l[?25l~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ [?25h[?2004l[?1l>[?1049lVim: Caught deadly signal TERM -Vim: Finished. - \ No newline at end of file From a727920c8db0050c48a06809f3cd4a9ec18c81ed Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Mon, 5 Jul 2021 23:03:51 +0000 Subject: [PATCH 06/53] Update with jfrog artifactory repo (#202) --- .travis.yml | 7 ++-- 2.3.1-ubi/Dockerfile | 22 ++----------- 2.3.1-ubi/bintray-apache-couchdb-rpm.repo | 6 ---- 2.3.1-ubi/couchdb.repo | 7 ++++ 2.3.1/Dockerfile | 30 +++++++++-------- 3.1.1-ubi-clouseau/Dockerfile | 24 ++------------ .../bintray-apache-couchdb-rpm.repo | 6 ---- 3.1.1-ubi-clouseau/couchdb.repo | 7 ++++ 3.1.1-ubi/Dockerfile | 26 +++------------ 3.1.1-ubi/bintray-apache-couchdb-rpm.repo | 6 ---- 3.1.1-ubi/couchdb.repo | 7 ++++ 3.1.1/Dockerfile | 31 +++++++++--------- build.sh | 16 ++++++++-- dev/Dockerfile | 32 +++++++++---------- 14 files changed, 95 insertions(+), 132 deletions(-) delete mode 100644 2.3.1-ubi/bintray-apache-couchdb-rpm.repo create mode 100644 2.3.1-ubi/couchdb.repo delete mode 100644 3.1.1-ubi-clouseau/bintray-apache-couchdb-rpm.repo create mode 100644 3.1.1-ubi-clouseau/couchdb.repo delete mode 100644 3.1.1-ubi/bintray-apache-couchdb-rpm.repo create mode 100644 3.1.1-ubi/couchdb.repo diff --git a/.travis.yml b/.travis.yml index 9c0a4d4..4bf6261 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,7 +5,7 @@ language: minimal # Avoid double build on PRs (See https://github.com/travis-ci/travis-ci/issues/1147) branches: only: - - master + - main services: - docker @@ -15,8 +15,9 @@ env: - RELEASES=2.3.1-ubi - RELEASES=3.1.1 - RELEASES=3.1.1-ubi - - RELEASES=dev - - RELEASES=dev-cluster +# Needs updating for fdb +# - RELEASES=dev +# - RELEASES=dev-cluster script: - for rel in $RELEASES; do docker build -t couchdb:$rel $rel; docker run -d --name $rel -e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password -p 5984:5984 couchdb:$rel && sleep 10 && curl http://admin:password@localhost:5984/ && docker kill $rel; done diff --git a/2.3.1-ubi/Dockerfile b/2.3.1-ubi/Dockerfile index 442bd45..7daba2a 100644 --- a/2.3.1-ubi/Dockerfile +++ b/2.3.1-ubi/Dockerfile @@ -31,7 +31,7 @@ LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" \ io.openshift.min-cpu="1" COPY imeyer_runit.repo /etc/yum.repos.d/imeyer_runit.repo -COPY bintray-apache-couchdb-rpm.repo /etc/yum.repos.d/bintray-apache-couchdb-rpm.repo +COPY couchdb.repo /etc/yum.repos.d/couchdb.repo ENV COUCHDB_VERSION 2.3.1 @@ -55,28 +55,10 @@ RUN set -ex; \ microdnf clean all; \ rm -rf /var/cache/yum -# https://docs.couchdb.org/en/stable/install/unix.html -# ENV GPG_COUCH_KEY \ -# # gpg: key D401AB61: public key "Bintray (by JFrog) imported -# 8756C4F765C9AC3CB6B85D62379CE192D401AB61 -# RUN set -xe; \ -# export GNUPGHOME="$(mktemp -d)"; \ -# echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ -# for server in $(shuf -e pgpkeys.mit.edu \ -# ha.pool.sks-keyservers.net \ -# hkp://p80.pool.sks-keyservers.net:80 \ -# pgp.mit.edu) ; do \ -# gpg --batch --keyserver $server --recv-keys $GPG_COUCH_KEY && break || : ; \ -# done; \ -# gpg --batch --export $GPG_COUCH_KEY > /etc/apt/trusted.gpg.d/couchdb.gpg; \ -# command -v gpgconf && gpgconf --kill all || :; \ -# rm -rf "$GNUPGHOME"; \ -# apt-key list - # Install CouchDB RUN set -xe; \ microdnf update --disableplugin=subscription-manager -y && rm -rf /var/cache/yum; \ - microdnf install --enablerepo=bintray-apache-couchdb-rpm -y couchdb-2.3.1; \ + microdnf install --enablerepo=couchdb -y couchdb-${COUCHDB_VERSION}; \ microdnf clean all; \ rm -rf /var/cache/yum; \ # remove defaults that force writing logs to file diff --git a/2.3.1-ubi/bintray-apache-couchdb-rpm.repo b/2.3.1-ubi/bintray-apache-couchdb-rpm.repo deleted file mode 100644 index e131b6a..0000000 --- a/2.3.1-ubi/bintray-apache-couchdb-rpm.repo +++ /dev/null @@ -1,6 +0,0 @@ -[bintray-apache-couchdb-rpm] -name=bintray--apache-couchdb-rpm -baseurl=http://apache.bintray.com/couchdb-rpm/el8/x86_64 -gpgcheck=0 -repo_gpgcheck=0 -enabled=1 diff --git a/2.3.1-ubi/couchdb.repo b/2.3.1-ubi/couchdb.repo new file mode 100644 index 0000000..b4f33d7 --- /dev/null +++ b/2.3.1-ubi/couchdb.repo @@ -0,0 +1,7 @@ +[couchdb] +name=couchdb +baseurl=https://apache.jfrog.io/artifactory/couchdb-rpm/el$releasever/$basearch/ +gpgkey=https://couchdb.apache.org/repo/keys.asc https://couchdb.apache.org/repo/rpm-package-key.asc +gpgcheck=1 +repo_gpgcheck=1 +enabled=1 diff --git a/2.3.1/Dockerfile b/2.3.1/Dockerfile index 9d5706c..75d0c24 100644 --- a/2.3.1/Dockerfile +++ b/2.3.1/Dockerfile @@ -39,29 +39,31 @@ RUN set -eux; \ # http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages ENV GPG_COUCH_KEY \ -# gpg: key D401AB61: public key "Bintray (by JFrog) imported - 8756C4F765C9AC3CB6B85D62379CE192D401AB61 -RUN set -xe; \ +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + 390EF70BB1EA12B2773962950EE62FB37A00258D +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ export GNUPGHOME="$(mktemp -d)"; \ echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ - for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - hkps://hkps.pool.sks-keyservers.net \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys $GPG_COUCH_KEY && break || : ; \ - done; \ - gpg --batch --export $GPG_COUCH_KEY > /etc/apt/trusted.gpg.d/couchdb.gpg; \ + curl https://couchdb.apache.org/repo/keys.asc | \ + gpg --dearmor | \ + tee /usr/share/keyrings/couchdb-archive-keyring.gpg >/dev/null 2>&1; \ + gpg --show-keys /usr/share/keyrings/couchdb-archive-keyring.gpg | grep -q ${GPG_COUCH_KEY}; \ command -v gpgconf && gpgconf --kill all || :; \ rm -rf "$GNUPGHOME"; \ - apt-key list + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* ENV COUCHDB_VERSION 2.3.1-1 -RUN echo "deb https://apache.bintray.com/couchdb-deb buster main" > /etc/apt/sources.list.d/couchdb.list +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null # https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian -RUN set -xe; \ +RUN set -eux; \ apt-get update; \ \ echo "couchdb couchdb/mode select none" | debconf-set-selections; \ diff --git a/3.1.1-ubi-clouseau/Dockerfile b/3.1.1-ubi-clouseau/Dockerfile index 7d918a9..fe304af 100644 --- a/3.1.1-ubi-clouseau/Dockerfile +++ b/3.1.1-ubi-clouseau/Dockerfile @@ -49,9 +49,9 @@ LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" \ io.openshift.min-cpu="1" COPY imeyer_runit.repo /etc/yum.repos.d/imeyer_runit.repo -COPY bintray-apache-couchdb-rpm.repo /etc/yum.repos.d/bintray-apache-couchdb-rpm.repo +COPY couchdb.repo /etc/yum.repos.d/couchdb.repo -ENV COUCHDB_VERSION 3.1.1 \ +ENV COUCHDB_VERSION=3.1.1 \ CLOUSEAU_VERSION=${CLOUSEAU_VERSION} \ JAVA_MAJOR_VERSION=8 \ JAVA_HOME=/usr/lib/jvm/jre-1.8.0 \ @@ -78,28 +78,10 @@ RUN set -ex; \ microdnf clean all; \ rm -rf /var/cache/yum -# https://docs.couchdb.org/en/stable/install/unix.html -# ENV GPG_COUCH_KEY \ -# # gpg: key D401AB61: public key "Bintray (by JFrog) imported -# 8756C4F765C9AC3CB6B85D62379CE192D401AB61 -# RUN set -xe; \ -# export GNUPGHOME="$(mktemp -d)"; \ -# echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ -# for server in $(shuf -e pgpkeys.mit.edu \ -# ha.pool.sks-keyservers.net \ -# hkp://p80.pool.sks-keyservers.net:80 \ -# pgp.mit.edu) ; do \ -# gpg --batch --keyserver $server --recv-keys $GPG_COUCH_KEY && break || : ; \ -# done; \ -# gpg --batch --export $GPG_COUCH_KEY > /etc/apt/trusted.gpg.d/couchdb.gpg; \ -# command -v gpgconf && gpgconf --kill all || :; \ -# rm -rf "$GNUPGHOME"; \ -# apt-key list - # Install CouchDB RUN set -xe; \ microdnf update --disableplugin=subscription-manager -y && rm -rf /var/cache/yum; \ - microdnf install --enablerepo=bintray-apache-couchdb-rpm -y couchdb-3.1.1; \ + microdnf install --enablerepo=couchdb -y couchdb-${COUCHDB_VERSION}; \ microdnf clean all; \ rm -rf /var/cache/yum; \ # remove defaults that force writing logs to file diff --git a/3.1.1-ubi-clouseau/bintray-apache-couchdb-rpm.repo b/3.1.1-ubi-clouseau/bintray-apache-couchdb-rpm.repo deleted file mode 100644 index e131b6a..0000000 --- a/3.1.1-ubi-clouseau/bintray-apache-couchdb-rpm.repo +++ /dev/null @@ -1,6 +0,0 @@ -[bintray-apache-couchdb-rpm] -name=bintray--apache-couchdb-rpm -baseurl=http://apache.bintray.com/couchdb-rpm/el8/x86_64 -gpgcheck=0 -repo_gpgcheck=0 -enabled=1 diff --git a/3.1.1-ubi-clouseau/couchdb.repo b/3.1.1-ubi-clouseau/couchdb.repo new file mode 100644 index 0000000..b4f33d7 --- /dev/null +++ b/3.1.1-ubi-clouseau/couchdb.repo @@ -0,0 +1,7 @@ +[couchdb] +name=couchdb +baseurl=https://apache.jfrog.io/artifactory/couchdb-rpm/el$releasever/$basearch/ +gpgkey=https://couchdb.apache.org/repo/keys.asc https://couchdb.apache.org/repo/rpm-package-key.asc +gpgcheck=1 +repo_gpgcheck=1 +enabled=1 diff --git a/3.1.1-ubi/Dockerfile b/3.1.1-ubi/Dockerfile index 6e6146c..055cd0c 100644 --- a/3.1.1-ubi/Dockerfile +++ b/3.1.1-ubi/Dockerfile @@ -31,7 +31,7 @@ LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" \ io.openshift.min-cpu="1" COPY imeyer_runit.repo /etc/yum.repos.d/imeyer_runit.repo -COPY bintray-apache-couchdb-rpm.repo /etc/yum.repos.d/bintray-apache-couchdb-rpm.repo +COPY couchdb.repo /etc/yum.repos.d/couchdb.repo ENV COUCHDB_VERSION 3.1.1 @@ -55,28 +55,10 @@ RUN set -ex; \ microdnf clean all; \ rm -rf /var/cache/yum -# https://docs.couchdb.org/en/stable/install/unix.html -# ENV GPG_COUCH_KEY \ -# # gpg: key D401AB61: public key "Bintray (by JFrog) imported -# 8756C4F765C9AC3CB6B85D62379CE192D401AB61 -# RUN set -xe; \ -# export GNUPGHOME="$(mktemp -d)"; \ -# echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ -# for server in $(shuf -e pgpkeys.mit.edu \ -# ha.pool.sks-keyservers.net \ -# hkp://p80.pool.sks-keyservers.net:80 \ -# pgp.mit.edu) ; do \ -# gpg --batch --keyserver $server --recv-keys $GPG_COUCH_KEY && break || : ; \ -# done; \ -# gpg --batch --export $GPG_COUCH_KEY > /etc/apt/trusted.gpg.d/couchdb.gpg; \ -# command -v gpgconf && gpgconf --kill all || :; \ -# rm -rf "$GNUPGHOME"; \ -# apt-key list - # Install CouchDB RUN set -xe; \ microdnf update --disableplugin=subscription-manager -y && rm -rf /var/cache/yum; \ - microdnf install --enablerepo=bintray-apache-couchdb-rpm -y couchdb-3.1.1; \ + microdnf install --enablerepo=couchdb -y couchdb-${COUCHDB_VERSION}; \ microdnf clean all; \ rm -rf /var/cache/yum; \ # remove defaults that force writing logs to file @@ -85,8 +67,8 @@ RUN set -xe; \ find /opt/couchdb \! \( -user couchdb -group 0 \) -exec chown -f couchdb:0 '{}' +; \ # Setup directories and permissions for config. Technically these could be 555 and 444 respectively # but we keep them as 775 and 664 for consistency with the dockerfile_entrypoint. - find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ - find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ + find /opt/couchdb/etc -type d ! -perm 0775 -exec chmod -f 0775 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0664 -exec chmod -f 0664 '{}' +; \ # Setup directories and permissions for data. chmod 777 /opt/couchdb/data diff --git a/3.1.1-ubi/bintray-apache-couchdb-rpm.repo b/3.1.1-ubi/bintray-apache-couchdb-rpm.repo deleted file mode 100644 index e131b6a..0000000 --- a/3.1.1-ubi/bintray-apache-couchdb-rpm.repo +++ /dev/null @@ -1,6 +0,0 @@ -[bintray-apache-couchdb-rpm] -name=bintray--apache-couchdb-rpm -baseurl=http://apache.bintray.com/couchdb-rpm/el8/x86_64 -gpgcheck=0 -repo_gpgcheck=0 -enabled=1 diff --git a/3.1.1-ubi/couchdb.repo b/3.1.1-ubi/couchdb.repo new file mode 100644 index 0000000..b4f33d7 --- /dev/null +++ b/3.1.1-ubi/couchdb.repo @@ -0,0 +1,7 @@ +[couchdb] +name=couchdb +baseurl=https://apache.jfrog.io/artifactory/couchdb-rpm/el$releasever/$basearch/ +gpgkey=https://couchdb.apache.org/repo/keys.asc https://couchdb.apache.org/repo/rpm-package-key.asc +gpgcheck=1 +repo_gpgcheck=1 +enabled=1 diff --git a/3.1.1/Dockerfile b/3.1.1/Dockerfile index 06280ee..4677c45 100644 --- a/3.1.1/Dockerfile +++ b/3.1.1/Dockerfile @@ -37,32 +37,33 @@ RUN set -eux; \ gosu nobody true; \ tini --version - # http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages ENV GPG_COUCH_KEY \ -# gpg: key D401AB61: public key "Bintray (by JFrog) imported - 8756C4F765C9AC3CB6B85D62379CE192D401AB61 -RUN set -xe; \ +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + 390EF70BB1EA12B2773962950EE62FB37A00258D +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ export GNUPGHOME="$(mktemp -d)"; \ echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ - for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - hkps://hkps.pool.sks-keyservers.net \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys $GPG_COUCH_KEY && break || : ; \ - done; \ - gpg --batch --export $GPG_COUCH_KEY > /etc/apt/trusted.gpg.d/couchdb.gpg; \ + curl https://couchdb.apache.org/repo/keys.asc | \ + gpg --dearmor | \ + tee /usr/share/keyrings/couchdb-archive-keyring.gpg >/dev/null 2>&1; \ + gpg --show-keys /usr/share/keyrings/couchdb-archive-keyring.gpg | grep -q ${GPG_COUCH_KEY}; \ command -v gpgconf && gpgconf --kill all || :; \ rm -rf "$GNUPGHOME"; \ - apt-key list + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* ENV COUCHDB_VERSION 3.1.1 -RUN echo "deb https://apache.bintray.com/couchdb-deb buster main" > /etc/apt/sources.list.d/couchdb.list +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null # https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian -RUN set -xe; \ +RUN set -eux; \ apt-get update; \ \ echo "couchdb couchdb/mode select none" | debconf-set-selections; \ diff --git a/build.sh b/build.sh index 09a3020..44a4f58 100755 --- a/build.sh +++ b/build.sh @@ -109,11 +109,21 @@ clean() { build() { VERSION=$1 ARCH=${2:-amd64} - FROMIMG="$(awk '$1 == toupper("FROM") { print $2 }' $VERSION/Dockerfile)" - CURRARCH=$(docker run --rm -t ${FROMIMG} uname -m) + FROMIMG="$(awk '$1 == toupper("FROM") { print $2; exit; }' $VERSION/Dockerfile)" + echo ${FROMIMG} + CURRARCH="$(docker run --rm -t ${FROMIMG} uname -m | sed -e 's/[[:space:]]*$//')" + if [ "${CURRARCH}" == "x86_64" ] + then + CURRARCH="amd64" + fi - if [ ${CURRARCH} != ${ARCH} ] + if [ "${CURRARCH}" != "${ARCH}" ] then + if [[ "${FROMIMG}" == *"redhat.com"* ]] + then + echo "Script does not handle multiarch for ubi images. Please fix me!" + exit 1 + fi docker rmi ${FROMIMG} docker pull "${ARCH}/${FROMIMG}" docker tag "${ARCH}/${FROMIMG}" "${FROMIMG}" diff --git a/dev/Dockerfile b/dev/Dockerfile index b493e97..104de9d 100644 --- a/dev/Dockerfile +++ b/dev/Dockerfile @@ -28,17 +28,6 @@ RUN apt-get update -y && apt-get install -y \ libicu63 \ libssl1.1 \ openssl \ - && echo "deb https://apache.bintray.com/couchdb-deb buster main" \ - | tee /etc/apt/sources.list.d/couchdb.list \ - && cat /etc/apt/sources.list.d/couchdb.list \ - && for server in $(shuf -e pgpkeys.mit.edu \ - ha.pool.sks-keyservers.net \ - hkp://p80.pool.sks-keyservers.net:80 \ - hkps://hkps.pool.sks-keyservers.net \ - pgp.mit.edu) ; do \ - gpg --batch --keyserver $server --recv-keys 8756C4F765C9AC3CB6B85D62379CE192D401AB61 && break || : ; \ - done \ - && gpg -a --export 8756C4F765C9AC3CB6B85D62379CE192D401AB61 > /etc/apt/trusted.gpg.d/couchdb.gpg.asc \ && apt-get update -y && apt-get install -y --no-install-recommends libmozjs-60-0 \ && rm -rf /var/lib/apt/lists/* @@ -46,7 +35,7 @@ RUN apt-get update -y && apt-get install -y \ # see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 ENV GOSU_VERSION 1.10 ENV TINI_VERSION 0.16.1 -RUN set -ex; \ +RUN set -eux; \ apt-get update; \ apt-get install -y --no-install-recommends gosu tini; \ rm -rf /var/lib/apt/lists/*; \ @@ -56,12 +45,14 @@ RUN set -ex; \ # Dependencies only needed during build time. This layer will also be cached FROM runtime AS build_dependencies -RUN apt-get update -y && apt-get install -y --no-install-recommends \ +RUN set -eux; \ + apt-get update -y && apt-get install -y --no-install-recommends \ build-essential \ libmozjs-60-dev \ erlang-nox \ erlang-reltool \ erlang-dev \ + erlang-dialyzer \ git \ libcurl4-openssl-dev \ libicu-dev \ @@ -69,16 +60,25 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ libpython3-dev \ python3-pip \ python3-sphinx \ - python3-setuptools + python3-setuptools \ + wget -RUN pip3 install --upgrade \ +RUN set -eux; \ + pip3 install --upgrade \ sphinx_rtd_theme \ nose \ requests \ hypothesis +RUN set -eux; \ + wget https://www.foundationdb.org/downloads/6.3.9/ubuntu/installers/foundationdb-clients_6.3.9-1_amd64.deb; \ + wget https://www.foundationdb.org/downloads/6.3.9/ubuntu/installers/foundationdb-server_6.3.9-1_amd64.deb; \ + dpkg -i ./foundationdb*deb; \ + pkill -f fdb || true; pkill -f foundation || true; \ + rm -rf ./foundationdb*deb + # Node is special -RUN set -ex; \ +RUN set -eux; \ curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -; \ echo 'deb https://deb.nodesource.com/node_10.x buster main' > /etc/apt/sources.list.d/nodesource.list; \ echo 'deb-src https://deb.nodesource.com/node_10.x buster main' >> /etc/apt/sources.list.d/nodesource.list; \ From 4993111e388d203d2200a3dd88449517db548c05 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Wed, 7 Jul 2021 22:18:55 +0000 Subject: [PATCH 07/53] Incorporate downstream Dockerfile feedback (#203) --- 2.3.1/Dockerfile | 8 +++----- 3.1.1/Dockerfile | 8 +++----- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/2.3.1/Dockerfile b/2.3.1/Dockerfile index 75d0c24..f083992 100644 --- a/2.3.1/Dockerfile +++ b/2.3.1/Dockerfile @@ -45,11 +45,9 @@ RUN set -eux; \ apt-get update; \ apt-get install -y curl; \ export GNUPGHOME="$(mktemp -d)"; \ - echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ - curl https://couchdb.apache.org/repo/keys.asc | \ - gpg --dearmor | \ - tee /usr/share/keyrings/couchdb-archive-keyring.gpg >/dev/null 2>&1; \ - gpg --show-keys /usr/share/keyrings/couchdb-archive-keyring.gpg | grep -q ${GPG_COUCH_KEY}; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ command -v gpgconf && gpgconf --kill all || :; \ rm -rf "$GNUPGHOME"; \ apt-key list; \ diff --git a/3.1.1/Dockerfile b/3.1.1/Dockerfile index 4677c45..75b4b29 100644 --- a/3.1.1/Dockerfile +++ b/3.1.1/Dockerfile @@ -45,11 +45,9 @@ RUN set -eux; \ apt-get update; \ apt-get install -y curl; \ export GNUPGHOME="$(mktemp -d)"; \ - echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ - curl https://couchdb.apache.org/repo/keys.asc | \ - gpg --dearmor | \ - tee /usr/share/keyrings/couchdb-archive-keyring.gpg >/dev/null 2>&1; \ - gpg --show-keys /usr/share/keyrings/couchdb-archive-keyring.gpg | grep -q ${GPG_COUCH_KEY}; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ command -v gpgconf && gpgconf --kill all || :; \ rm -rf "$GNUPGHOME"; \ apt-key list; \ From ee358e62d72bdd72fd69d67ba7fbc80580502270 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Fri, 1 Oct 2021 05:45:33 +0000 Subject: [PATCH 08/53] v3.1.2 release (#207) --- .travis.yml | 4 ++-- {3.1.1-ubi-clouseau => 3.1.2-ubi-clouseau}/Dockerfile | 4 ++-- {3.1.1-ubi-clouseau => 3.1.2-ubi-clouseau}/couchdb.repo | 0 {3.1.1-ubi-clouseau => 3.1.2-ubi-clouseau}/imeyer_runit.repo | 0 {3.1.1-ubi-clouseau => 3.1.2-ubi-clouseau}/licenses/LICENSE | 0 .../resources/10-docker-default.ini | 0 .../resources/clouseau/clouseau.ini | 0 .../resources/clouseau/clouseau.sh | 0 .../resources/clouseau/log4j.properties | 0 .../resources/docker-entrypoint.sh | 0 {3.1.1-ubi-clouseau => 3.1.2-ubi-clouseau}/resources/pre_stop | 0 {3.1.1-ubi-clouseau => 3.1.2-ubi-clouseau}/resources/run | 0 .../resources/run_clouseau | 0 {3.1.1-ubi-clouseau => 3.1.2-ubi-clouseau}/resources/vm.args | 0 {3.1.1-ubi => 3.1.2-ubi}/Dockerfile | 4 ++-- {3.1.1-ubi => 3.1.2-ubi}/couchdb.repo | 0 {3.1.1-ubi => 3.1.2-ubi}/imeyer_runit.repo | 0 {3.1.1-ubi => 3.1.2-ubi}/licenses/LICENSE | 0 {3.1.1-ubi => 3.1.2-ubi}/resources/10-docker-default.ini | 0 {3.1.1-ubi => 3.1.2-ubi}/resources/docker-entrypoint.sh | 0 {3.1.1-ubi => 3.1.2-ubi}/resources/run | 0 {3.1.1-ubi => 3.1.2-ubi}/resources/vm.args | 0 {3.1.1 => 3.1.2}/10-docker-default.ini | 0 {3.1.1 => 3.1.2}/Dockerfile | 2 +- {3.1.1 => 3.1.2}/docker-entrypoint.sh | 0 {3.1.1 => 3.1.2}/vm.args | 0 26 files changed, 7 insertions(+), 7 deletions(-) rename {3.1.1-ubi-clouseau => 3.1.2-ubi-clouseau}/Dockerfile (99%) rename {3.1.1-ubi-clouseau => 3.1.2-ubi-clouseau}/couchdb.repo (100%) rename {3.1.1-ubi-clouseau => 3.1.2-ubi-clouseau}/imeyer_runit.repo (100%) rename {3.1.1-ubi-clouseau => 3.1.2-ubi-clouseau}/licenses/LICENSE (100%) rename {3.1.1-ubi-clouseau => 3.1.2-ubi-clouseau}/resources/10-docker-default.ini (100%) rename {3.1.1-ubi-clouseau => 3.1.2-ubi-clouseau}/resources/clouseau/clouseau.ini (100%) rename {3.1.1-ubi-clouseau => 3.1.2-ubi-clouseau}/resources/clouseau/clouseau.sh (100%) rename {3.1.1-ubi-clouseau => 3.1.2-ubi-clouseau}/resources/clouseau/log4j.properties (100%) rename {3.1.1-ubi-clouseau => 3.1.2-ubi-clouseau}/resources/docker-entrypoint.sh (100%) rename {3.1.1-ubi-clouseau => 3.1.2-ubi-clouseau}/resources/pre_stop (100%) rename {3.1.1-ubi-clouseau => 3.1.2-ubi-clouseau}/resources/run (100%) rename {3.1.1-ubi-clouseau => 3.1.2-ubi-clouseau}/resources/run_clouseau (100%) rename {3.1.1-ubi-clouseau => 3.1.2-ubi-clouseau}/resources/vm.args (100%) rename {3.1.1-ubi => 3.1.2-ubi}/Dockerfile (98%) rename {3.1.1-ubi => 3.1.2-ubi}/couchdb.repo (100%) rename {3.1.1-ubi => 3.1.2-ubi}/imeyer_runit.repo (100%) rename {3.1.1-ubi => 3.1.2-ubi}/licenses/LICENSE (100%) rename {3.1.1-ubi => 3.1.2-ubi}/resources/10-docker-default.ini (100%) rename {3.1.1-ubi => 3.1.2-ubi}/resources/docker-entrypoint.sh (100%) rename {3.1.1-ubi => 3.1.2-ubi}/resources/run (100%) rename {3.1.1-ubi => 3.1.2-ubi}/resources/vm.args (100%) rename {3.1.1 => 3.1.2}/10-docker-default.ini (100%) rename {3.1.1 => 3.1.2}/Dockerfile (99%) rename {3.1.1 => 3.1.2}/docker-entrypoint.sh (100%) rename {3.1.1 => 3.1.2}/vm.args (100%) diff --git a/.travis.yml b/.travis.yml index 4bf6261..5b7db66 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,8 +13,8 @@ services: env: - RELEASES=2.3.1 - RELEASES=2.3.1-ubi - - RELEASES=3.1.1 - - RELEASES=3.1.1-ubi + - RELEASES=3.1.2 + - RELEASES=3.1.2-ubi # Needs updating for fdb # - RELEASES=dev # - RELEASES=dev-cluster diff --git a/3.1.1-ubi-clouseau/Dockerfile b/3.1.2-ubi-clouseau/Dockerfile similarity index 99% rename from 3.1.1-ubi-clouseau/Dockerfile rename to 3.1.2-ubi-clouseau/Dockerfile index fe304af..7853bad 100644 --- a/3.1.1-ubi-clouseau/Dockerfile +++ b/3.1.2-ubi-clouseau/Dockerfile @@ -35,7 +35,7 @@ ARG CLOUSEAU_VERSION LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" \ name="Apache CouchDB" \ - version="3.1.1" \ + version="3.1.2" \ summary="Apache CouchDB based on Red Hat UBI" \ description="Red Hat OpenShift-compatible container that runs Apache CouchDB" \ release=${RELEASE} \ @@ -51,7 +51,7 @@ LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" \ COPY imeyer_runit.repo /etc/yum.repos.d/imeyer_runit.repo COPY couchdb.repo /etc/yum.repos.d/couchdb.repo -ENV COUCHDB_VERSION=3.1.1 \ +ENV COUCHDB_VERSION=3.1.2 \ CLOUSEAU_VERSION=${CLOUSEAU_VERSION} \ JAVA_MAJOR_VERSION=8 \ JAVA_HOME=/usr/lib/jvm/jre-1.8.0 \ diff --git a/3.1.1-ubi-clouseau/couchdb.repo b/3.1.2-ubi-clouseau/couchdb.repo similarity index 100% rename from 3.1.1-ubi-clouseau/couchdb.repo rename to 3.1.2-ubi-clouseau/couchdb.repo diff --git a/3.1.1-ubi-clouseau/imeyer_runit.repo b/3.1.2-ubi-clouseau/imeyer_runit.repo similarity index 100% rename from 3.1.1-ubi-clouseau/imeyer_runit.repo rename to 3.1.2-ubi-clouseau/imeyer_runit.repo diff --git a/3.1.1-ubi-clouseau/licenses/LICENSE b/3.1.2-ubi-clouseau/licenses/LICENSE similarity index 100% rename from 3.1.1-ubi-clouseau/licenses/LICENSE rename to 3.1.2-ubi-clouseau/licenses/LICENSE diff --git a/3.1.1-ubi-clouseau/resources/10-docker-default.ini b/3.1.2-ubi-clouseau/resources/10-docker-default.ini similarity index 100% rename from 3.1.1-ubi-clouseau/resources/10-docker-default.ini rename to 3.1.2-ubi-clouseau/resources/10-docker-default.ini diff --git a/3.1.1-ubi-clouseau/resources/clouseau/clouseau.ini b/3.1.2-ubi-clouseau/resources/clouseau/clouseau.ini similarity index 100% rename from 3.1.1-ubi-clouseau/resources/clouseau/clouseau.ini rename to 3.1.2-ubi-clouseau/resources/clouseau/clouseau.ini diff --git a/3.1.1-ubi-clouseau/resources/clouseau/clouseau.sh b/3.1.2-ubi-clouseau/resources/clouseau/clouseau.sh similarity index 100% rename from 3.1.1-ubi-clouseau/resources/clouseau/clouseau.sh rename to 3.1.2-ubi-clouseau/resources/clouseau/clouseau.sh diff --git a/3.1.1-ubi-clouseau/resources/clouseau/log4j.properties b/3.1.2-ubi-clouseau/resources/clouseau/log4j.properties similarity index 100% rename from 3.1.1-ubi-clouseau/resources/clouseau/log4j.properties rename to 3.1.2-ubi-clouseau/resources/clouseau/log4j.properties diff --git a/3.1.1-ubi-clouseau/resources/docker-entrypoint.sh b/3.1.2-ubi-clouseau/resources/docker-entrypoint.sh similarity index 100% rename from 3.1.1-ubi-clouseau/resources/docker-entrypoint.sh rename to 3.1.2-ubi-clouseau/resources/docker-entrypoint.sh diff --git a/3.1.1-ubi-clouseau/resources/pre_stop b/3.1.2-ubi-clouseau/resources/pre_stop similarity index 100% rename from 3.1.1-ubi-clouseau/resources/pre_stop rename to 3.1.2-ubi-clouseau/resources/pre_stop diff --git a/3.1.1-ubi-clouseau/resources/run b/3.1.2-ubi-clouseau/resources/run similarity index 100% rename from 3.1.1-ubi-clouseau/resources/run rename to 3.1.2-ubi-clouseau/resources/run diff --git a/3.1.1-ubi-clouseau/resources/run_clouseau b/3.1.2-ubi-clouseau/resources/run_clouseau similarity index 100% rename from 3.1.1-ubi-clouseau/resources/run_clouseau rename to 3.1.2-ubi-clouseau/resources/run_clouseau diff --git a/3.1.1-ubi-clouseau/resources/vm.args b/3.1.2-ubi-clouseau/resources/vm.args similarity index 100% rename from 3.1.1-ubi-clouseau/resources/vm.args rename to 3.1.2-ubi-clouseau/resources/vm.args diff --git a/3.1.1-ubi/Dockerfile b/3.1.2-ubi/Dockerfile similarity index 98% rename from 3.1.1-ubi/Dockerfile rename to 3.1.2-ubi/Dockerfile index 055cd0c..592fe42 100644 --- a/3.1.1-ubi/Dockerfile +++ b/3.1.2-ubi/Dockerfile @@ -17,7 +17,7 @@ ARG BUILD_DATE LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" \ name="Apache CouchDB" \ - version="3.1.1" \ + version="3.1.2" \ summary="Apache CouchDB based on Red Hat UBI" \ description="Red Hat OpenShift-compatible container that runs Apache CouchDB" \ release=${RELEASE} \ @@ -33,7 +33,7 @@ LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" \ COPY imeyer_runit.repo /etc/yum.repos.d/imeyer_runit.repo COPY couchdb.repo /etc/yum.repos.d/couchdb.repo -ENV COUCHDB_VERSION 3.1.1 +ENV COUCHDB_VERSION 3.1.2 # Add CouchDB user account to make sure the IDs are assigned consistently # CouchDB user added to root group for OpenShift support diff --git a/3.1.1-ubi/couchdb.repo b/3.1.2-ubi/couchdb.repo similarity index 100% rename from 3.1.1-ubi/couchdb.repo rename to 3.1.2-ubi/couchdb.repo diff --git a/3.1.1-ubi/imeyer_runit.repo b/3.1.2-ubi/imeyer_runit.repo similarity index 100% rename from 3.1.1-ubi/imeyer_runit.repo rename to 3.1.2-ubi/imeyer_runit.repo diff --git a/3.1.1-ubi/licenses/LICENSE b/3.1.2-ubi/licenses/LICENSE similarity index 100% rename from 3.1.1-ubi/licenses/LICENSE rename to 3.1.2-ubi/licenses/LICENSE diff --git a/3.1.1-ubi/resources/10-docker-default.ini b/3.1.2-ubi/resources/10-docker-default.ini similarity index 100% rename from 3.1.1-ubi/resources/10-docker-default.ini rename to 3.1.2-ubi/resources/10-docker-default.ini diff --git a/3.1.1-ubi/resources/docker-entrypoint.sh b/3.1.2-ubi/resources/docker-entrypoint.sh similarity index 100% rename from 3.1.1-ubi/resources/docker-entrypoint.sh rename to 3.1.2-ubi/resources/docker-entrypoint.sh diff --git a/3.1.1-ubi/resources/run b/3.1.2-ubi/resources/run similarity index 100% rename from 3.1.1-ubi/resources/run rename to 3.1.2-ubi/resources/run diff --git a/3.1.1-ubi/resources/vm.args b/3.1.2-ubi/resources/vm.args similarity index 100% rename from 3.1.1-ubi/resources/vm.args rename to 3.1.2-ubi/resources/vm.args diff --git a/3.1.1/10-docker-default.ini b/3.1.2/10-docker-default.ini similarity index 100% rename from 3.1.1/10-docker-default.ini rename to 3.1.2/10-docker-default.ini diff --git a/3.1.1/Dockerfile b/3.1.2/Dockerfile similarity index 99% rename from 3.1.1/Dockerfile rename to 3.1.2/Dockerfile index 75b4b29..0260c6e 100644 --- a/3.1.1/Dockerfile +++ b/3.1.2/Dockerfile @@ -54,7 +54,7 @@ RUN set -eux; \ apt purge -y --autoremove curl; \ rm -rf /var/lib/apt/lists/* -ENV COUCHDB_VERSION 3.1.1 +ENV COUCHDB_VERSION 3.1.2 RUN . /etc/os-release; \ echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ diff --git a/3.1.1/docker-entrypoint.sh b/3.1.2/docker-entrypoint.sh similarity index 100% rename from 3.1.1/docker-entrypoint.sh rename to 3.1.2/docker-entrypoint.sh diff --git a/3.1.1/vm.args b/3.1.2/vm.args similarity index 100% rename from 3.1.1/vm.args rename to 3.1.2/vm.args From c2dc5a84add2d673bce151e0aa8174d09d227d22 Mon Sep 17 00:00:00 2001 From: Joan Touzet Date: Fri, 8 Oct 2021 23:07:37 +0000 Subject: [PATCH 09/53] Version 3.2.0 (#208) --- .travis.yml | 1 + 3.2.0/10-docker-default.ini | 8 +++ 3.2.0/Dockerfile | 105 +++++++++++++++++++++++++++++++++++ 3.2.0/docker-entrypoint.sh | 106 ++++++++++++++++++++++++++++++++++++ 3.2.0/vm.args | 28 ++++++++++ README.md | 3 +- 6 files changed, 250 insertions(+), 1 deletion(-) create mode 100644 3.2.0/10-docker-default.ini create mode 100644 3.2.0/Dockerfile create mode 100755 3.2.0/docker-entrypoint.sh create mode 100644 3.2.0/vm.args diff --git a/.travis.yml b/.travis.yml index 5b7db66..3199eca 100644 --- a/.travis.yml +++ b/.travis.yml @@ -15,6 +15,7 @@ env: - RELEASES=2.3.1-ubi - RELEASES=3.1.2 - RELEASES=3.1.2-ubi + - RELEASES=3.2.0 # Needs updating for fdb # - RELEASES=dev # - RELEASES=dev-cluster diff --git a/3.2.0/10-docker-default.ini b/3.2.0/10-docker-default.ini new file mode 100644 index 0000000..1aa633c --- /dev/null +++ b/3.2.0/10-docker-default.ini @@ -0,0 +1,8 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any diff --git a/3.2.0/Dockerfile b/3.2.0/Dockerfile new file mode 100644 index 0000000..159be0f --- /dev/null +++ b/3.2.0/Dockerfile @@ -0,0 +1,105 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:buster-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root and tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends gosu tini; \ + rm -rf /var/lib/apt/lists/*; \ + gosu nobody true; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +ENV GPG_COUCH_KEY \ +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + 390EF70BB1EA12B2773962950EE62FB37A00258D +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* + +ENV COUCHDB_VERSION 3.2.0 + +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb couchdb/mode select none" | debconf-set-selections; \ +# we DO want recommends this time + DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ + couchdb="$COUCHDB_VERSION"~buster \ + ; \ +# Undo symlinks to /var/log and /var/lib + rmdir /var/lib/couchdb /var/log/couchdb; \ + rm /opt/couchdb/data /opt/couchdb/var/log; \ + mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ + chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ + chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ +# Remove file that sets logging to a file + rm /opt/couchdb/etc/default.d/10-filelog.ini; \ +# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ +# Setup directories and permissions for config. Technically these could be 555 and 444 respectively +# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ +# only local.d needs to be writable for the docker_entrypoint.sh + chmod -f 0777 /opt/couchdb/etc/local.d; \ +# apt clean-up + rm -rf /var/lib/apt/lists/*; + +# Add configuration +COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ + +COPY docker-entrypoint.sh /usr/local/bin +RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] + +VOLUME /opt/couchdb/data + +# 5984: Main CouchDB endpoint +# 4369: Erlang portmap daemon (epmd) +# 9100: CouchDB cluster communication port +EXPOSE 5984 4369 9100 +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.2.0/docker-entrypoint.sh b/3.2.0/docker-entrypoint.sh new file mode 100755 index 0000000..acf3675 --- /dev/null +++ b/3.2.0/docker-entrypoint.sh @@ -0,0 +1,106 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # this is where runtime configuration changes will be written. + # we need to explicitly touch it here in case /opt/couchdb/etc has + # been mounted as an external volume, in which case it won't exist. + # If running as the couchdb user (i.e. container starts as root), + # write permissions will be granted below. + touch /opt/couchdb/etc/local.d/docker.ini + + # if user is root, assume running under the couchdb user (default) + # and ensure it is able to access files and directories that may be mounted externally + if [ "$(id -u)" = '0' ]; then + # Check that we own everything in /opt/couchdb and fix if necessary. We also + # add the `-f` flag in all the following invocations because there may be + # cases where some of these ownership and permissions issues are non-fatal + # (e.g. a config file owned by root with o+r is actually fine), and we don't + # to be too aggressive about crashing here ... + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + + + # Ensure that data files have the correct permissions. We were previously + # preventing any access to these files outside of couchdb:couchdb, but it + # turns out that CouchDB itself does not set such restrictive permissions + # when it creates the files. The approach taken here ensures that the + # contents of the datadir have the same permissions as they had when they + # were initially created. This should minimize any startup delay. + find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + + # Do the same thing for configuration files and directories. Technically + # CouchDB only needs read access to the configuration files as all online + # changes will be applied to the "docker.ini" file below, but we set 644 + # for the sake of consistency. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + fi + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_SECRET" ]; then + # Set secret only if not already present + if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$(id -u)" = '0' ]; then + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + fi + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' +************************************************************* +ERROR: CouchDB 3.0+ will no longer run in "Admin Party" + mode. You *MUST* specify an admin user and + password, either via your own .ini file mapped + into the container at /opt/couchdb/etc/local.ini + or inside /opt/couchdb/etc/local.d, or with + "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it via "docker run". +************************************************************* +EOWARN + exit 1 + fi + + if [ "$(id -u)" = '0' ]; then + exec gosu couchdb "$@" + fi +fi + +exec "$@" diff --git a/3.2.0/vm.args b/3.2.0/vm.args new file mode 100644 index 0000000..0425756 --- /dev/null +++ b/3.2.0/vm.args @@ -0,0 +1,28 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# Use kernel poll functionality if supported by emulator ++K true + +# Start a pool of asynchronous IO threads ++A 16 + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput diff --git a/README.md b/README.md index 048d141..2606633 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,8 @@ There may be more tags available, but these tags should always exist: - `2`: The very latest CouchDB 2.x single node release (capable of running in a cluster) As of this writing, the latest numbered tags available are: -- `3.1.1` +- `3.2.0` +- `3.1.2` - `2.3.1` # How to use this image From a0e807f609cde6628c2cffb85416b0de747b65cc Mon Sep 17 00:00:00 2001 From: Dr Doug Cowie Date: Tue, 19 Oct 2021 18:56:07 +0100 Subject: [PATCH 10/53] Updated UBI + Clouseau for CouchDB 3.2.0 (#209) Adds a new entry for CouchDB 3.2.0 built on UBI, with Clouseau. This is a direct copy of 3.1.2-ubi-clouseau with CouchDB version bumped to 3.2.0 --- 3.2.0-ubi-clouseau/Dockerfile | 131 ++++++++++++ 3.2.0-ubi-clouseau/couchdb.repo | 7 + 3.2.0-ubi-clouseau/imeyer_runit.repo | 10 + 3.2.0-ubi-clouseau/licenses/LICENSE | 202 ++++++++++++++++++ .../resources/10-docker-default.ini | 8 + .../resources/clouseau/clouseau.ini | 6 + .../resources/clouseau/clouseau.sh | 13 ++ .../resources/clouseau/log4j.properties | 5 + .../resources/docker-entrypoint.sh | 185 ++++++++++++++++ 3.2.0-ubi-clouseau/resources/pre_stop | 30 +++ 3.2.0-ubi-clouseau/resources/run | 1 + 3.2.0-ubi-clouseau/resources/run_clouseau | 1 + 3.2.0-ubi-clouseau/resources/vm.args | 28 +++ 13 files changed, 627 insertions(+) create mode 100644 3.2.0-ubi-clouseau/Dockerfile create mode 100644 3.2.0-ubi-clouseau/couchdb.repo create mode 100644 3.2.0-ubi-clouseau/imeyer_runit.repo create mode 100644 3.2.0-ubi-clouseau/licenses/LICENSE create mode 100644 3.2.0-ubi-clouseau/resources/10-docker-default.ini create mode 100644 3.2.0-ubi-clouseau/resources/clouseau/clouseau.ini create mode 100644 3.2.0-ubi-clouseau/resources/clouseau/clouseau.sh create mode 100644 3.2.0-ubi-clouseau/resources/clouseau/log4j.properties create mode 100755 3.2.0-ubi-clouseau/resources/docker-entrypoint.sh create mode 100644 3.2.0-ubi-clouseau/resources/pre_stop create mode 100644 3.2.0-ubi-clouseau/resources/run create mode 100644 3.2.0-ubi-clouseau/resources/run_clouseau create mode 100644 3.2.0-ubi-clouseau/resources/vm.args diff --git a/3.2.0-ubi-clouseau/Dockerfile b/3.2.0-ubi-clouseau/Dockerfile new file mode 100644 index 0000000..16abfe6 --- /dev/null +++ b/3.2.0-ubi-clouseau/Dockerfile @@ -0,0 +1,131 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +ARG CLOUSEAU_VERSION=2.17.0 + +FROM registry.access.redhat.com/ubi8/ubi-minimal as builder + +ARG CLOUSEAU_VERSION + +WORKDIR /usr/src + +# Fetch and extract clouseau +RUN set -xe; \ + microdnf update -y && rm -rf /var/cache/yum && \ + microdnf install -y unzip wget && \ + wget https://github.com/cloudant-labs/clouseau/releases/download/${CLOUSEAU_VERSION}/clouseau-${CLOUSEAU_VERSION}-dist.zip && \ + unzip clouseau-2.17.0-dist.zip && \ + microdnf clean all; \ + rm -rf /var/cache/yum + +FROM registry.access.redhat.com/ubi8/ubi-minimal + +ARG RELEASE +ARG BUILD_DATE +ARG CLOUSEAU_VERSION + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" \ + name="Apache CouchDB" \ + version="3.2.0" \ + summary="Apache CouchDB based on Red Hat UBI" \ + description="Red Hat OpenShift-compatible container that runs Apache CouchDB" \ + release=${RELEASE} \ + usage="https://github.com/apache/couchdb-docker" \ + build-date=${BUILD_DATE} \ + io.k8s.display-name="Apache CouchDB" \ + io.k8s.description="Red Hat OpenShift-compatible container that runs Apache CouchDB" \ + io.openshift.tags="database couchdb apache rhel8" \ + io.openshift.expose-services="5984/http,4369/epmd,9100/erlang" \ + io.openshift.min-memory="1Gi" \ + io.openshift.min-cpu="1" + +COPY imeyer_runit.repo /etc/yum.repos.d/imeyer_runit.repo +COPY couchdb.repo /etc/yum.repos.d/couchdb.repo + +ENV COUCHDB_VERSION=3.2.0 \ + CLOUSEAU_VERSION=${CLOUSEAU_VERSION} \ + JAVA_MAJOR_VERSION=8 \ + JAVA_HOME=/usr/lib/jvm/jre-1.8.0 \ + CLASSPATH=${APP_ROOT}/lib/* + +# Add CouchDB user account to make sure the IDs are assigned consistently +# CouchDB user added to root group for OpenShift support +RUN set -ex; \ +# be sure GPG and apt-transport-https are available and functional + microdnf update -y && rm -rf /var/cache/yum; \ + microdnf install -y \ + java-1.8.0-openjdk-headless \ + ca-certificates \ + gnupg \ + findutils \ + shadow-utils; \ +# Add CouchDB User and Group (group required by rpm) + useradd -u 5984 -d /opt/couchdb -g root couchdb; \ + groupadd -g 5984 couchdb; \ +# Install runit + microdnf update --disableplugin=subscription-manager -y && rm -rf /var/cache/yum; \ + microdnf install --enablerepo=imeyer_runit -y runit; \ +# Clean up + microdnf clean all; \ + rm -rf /var/cache/yum + +# Install CouchDB +RUN set -xe; \ + microdnf update --disableplugin=subscription-manager -y && rm -rf /var/cache/yum; \ + microdnf install --enablerepo=couchdb -y couchdb-${COUCHDB_VERSION}; \ + microdnf clean all; \ + rm -rf /var/cache/yum; \ +# remove defaults that force writing logs to file + rm /opt/couchdb/etc/default.d/10-filelog.ini; \ +# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh + find /opt/couchdb \! \( -user couchdb -group 0 \) -exec chown -f couchdb:0 '{}' +; \ +# Setup directories and permissions for config. Technically these could be 555 and 444 respectively +# but we keep them as 775 and 664 for consistency with the dockerfile_entrypoint. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ +# Setup directories and permissions for data. + chmod 777 /opt/couchdb/data + +# Copy Clouseau jar and set directory permissions +COPY resources/clouseau/clouseau.ini resources/clouseau/log4j.properties /opt/couchdb-search/etc/ +COPY --from=builder /usr/src/clouseau-${CLOUSEAU_VERSION}/*.jar /opt/couchdb-search/lib/ + +RUN install -d -m 0755 -o couchdb -g 0 -p /opt/couchdb-search/etc /opt/couchdb-search/lib /opt/couchdb/data/search_indexes && \ + find -L /opt/couchdb-search \! \( -user couchdb -group 0 \) -exec chown -f couchdb:0 '{}' +; \ + find -L /opt/couchdb-search -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ + find -L /opt/couchdb-search -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; + +# Add the License +COPY licenses /licenses + +# Add configuration +COPY --chown=couchdb:0 resources/10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY --chown=couchdb:0 resources/vm.args /opt/couchdb/etc/ +COPY --chown=couchdb:0 resources/docker-entrypoint.sh /usr/local/bin +COPY --chown=couchdb:0 resources/run /etc/service/couchdb/ +COPY --chown=couchdb:0 resources/run_clouseau /etc/service/couchdb-search/run + +# set permissions on runit scripts +RUN chmod -R 777 /etc/service/couchdb; \ + chmod -R 777 /etc/service/couchdb-search; \ + chmod 777 /usr/local/bin/docker-entrypoint.sh; \ +# symlink to root folder + ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh + +ENTRYPOINT ["/docker-entrypoint.sh"] +VOLUME /opt/couchdb/data + +# 5984: Main CouchDB endpoint +# 4369: Erlang portmap daemon (epmd) +# 9100: CouchDB cluster communication port +EXPOSE 5984 4369 9100 +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.2.0-ubi-clouseau/couchdb.repo b/3.2.0-ubi-clouseau/couchdb.repo new file mode 100644 index 0000000..b4f33d7 --- /dev/null +++ b/3.2.0-ubi-clouseau/couchdb.repo @@ -0,0 +1,7 @@ +[couchdb] +name=couchdb +baseurl=https://apache.jfrog.io/artifactory/couchdb-rpm/el$releasever/$basearch/ +gpgkey=https://couchdb.apache.org/repo/keys.asc https://couchdb.apache.org/repo/rpm-package-key.asc +gpgcheck=1 +repo_gpgcheck=1 +enabled=1 diff --git a/3.2.0-ubi-clouseau/imeyer_runit.repo b/3.2.0-ubi-clouseau/imeyer_runit.repo new file mode 100644 index 0000000..ab4aa4c --- /dev/null +++ b/3.2.0-ubi-clouseau/imeyer_runit.repo @@ -0,0 +1,10 @@ +[imeyer_runit] +name=imeyer_runit +baseurl=https://packagecloud.io/imeyer/runit/el/7/x86_64 +repo_gpgcheck=1 +gpgcheck=0 +enabled=1 +gpgkey=https://packagecloud.io/imeyer/runit/gpgkey +sslverify=1 +sslcacert=/etc/pki/tls/certs/ca-bundle.crt +metadata_expire=300 diff --git a/3.2.0-ubi-clouseau/licenses/LICENSE b/3.2.0-ubi-clouseau/licenses/LICENSE new file mode 100644 index 0000000..f6cd2bc --- /dev/null +++ b/3.2.0-ubi-clouseau/licenses/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/3.2.0-ubi-clouseau/resources/10-docker-default.ini b/3.2.0-ubi-clouseau/resources/10-docker-default.ini new file mode 100644 index 0000000..1aa633c --- /dev/null +++ b/3.2.0-ubi-clouseau/resources/10-docker-default.ini @@ -0,0 +1,8 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any diff --git a/3.2.0-ubi-clouseau/resources/clouseau/clouseau.ini b/3.2.0-ubi-clouseau/resources/clouseau/clouseau.ini new file mode 100644 index 0000000..81084e1 --- /dev/null +++ b/3.2.0-ubi-clouseau/resources/clouseau/clouseau.ini @@ -0,0 +1,6 @@ +[clouseau] +name=clouseau@127.0.0.1 + +dir=/opt/couchdb/data/search_indexes + +max_indexes_open=500 diff --git a/3.2.0-ubi-clouseau/resources/clouseau/clouseau.sh b/3.2.0-ubi-clouseau/resources/clouseau/clouseau.sh new file mode 100644 index 0000000..4f8b300 --- /dev/null +++ b/3.2.0-ubi-clouseau/resources/clouseau/clouseau.sh @@ -0,0 +1,13 @@ +# chmod 0600 /opt/couchdb-search/etc/jmxremote.password + +exec -c "java -server \ + -Xmx2G \ + -Dsun.net.inetaddr.ttl=30 \ + -Dsun.net.inetaddr.negative.ttl=30 \ + -Dlog4j.configuration=file:/opt/couchdb-search/etc/log4j.properties \ + -XX:OnOutOfMemoryError="kill -9 %p" \ + -XX:+UseConcMarkSweepGC \ + -XX:+CMSParallelRemarkEnabled \ + -classpath '/opt/couchdb-search/lib/*' \ + com.cloudant.clouseau.Main \ + /opt/couchdb-search/etc/clouseau.ini" diff --git a/3.2.0-ubi-clouseau/resources/clouseau/log4j.properties b/3.2.0-ubi-clouseau/resources/clouseau/log4j.properties new file mode 100644 index 0000000..e7a0f7c --- /dev/null +++ b/3.2.0-ubi-clouseau/resources/clouseau/log4j.properties @@ -0,0 +1,5 @@ +log4j.rootLogger=info, CONSOLE + +log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender +log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout +log4j.appender.CONSOLE.layout.ConversionPattern=%d{ISO8601} %c [%p] %m%n diff --git a/3.2.0-ubi-clouseau/resources/docker-entrypoint.sh b/3.2.0-ubi-clouseau/resources/docker-entrypoint.sh new file mode 100755 index 0000000..094a8f9 --- /dev/null +++ b/3.2.0-ubi-clouseau/resources/docker-entrypoint.sh @@ -0,0 +1,185 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. +set -e + +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # this is where runtime configuration changes will be written. + # we need to explicitly touch it here in case /opt/couchdb/etc has + # been mounted as an external volume, in which case it won't exist. + # If running as the couchdb user (i.e. container starts as root), + # write permissions will be granted below. + touch /opt/couchdb/etc/local.d/docker.ini + + # if user is root, assume running under the couchdb user (default) + # and ensure it is able to access files and directories that may be mounted externally + if [ "$(id -u)" = '0' ]; then + # Check that we own everything in /opt/couchdb and fix if necessary. We also + # add the `-f` flag in all the following invocations because there may be + # cases where some of these ownership and permissions issues are non-fatal + # (e.g. a config file owned by root with o+r is actually fine), and we don't + # to be too aggressive about crashing here ... + find /opt/couchdb \! \( -user couchdb -group 0 \) -exec chown -f couchdb:0 '{}' + + + # Ensure that data files have the correct permissions. We were previously + # preventing any access to these files outside of couchdb:couchdb, but it + # turns out that CouchDB itself does not set such restrictive permissions + # when it creates the files. The approach taken here ensures that the + # contents of the datadir have the same permissions as they had when they + # were initially created. This should minimize any startup delay. + find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + + # Do the same thing for configuration files and directories. Technically + # CouchDB only needs read access to the configuration files as all online + # changes will be applied to the "docker.ini" file below, but we set 644 + # for the sake of consistency. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + + # also for clouseau + find -L /opt/couchdb-search \! \( -user couchdb -group 0 \) -exec chown -f couchdb:0 '{}' + + find -L /opt/couchdb-search -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find -L /opt/couchdb-search -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + fi + + # if erlang cookie passed in, set in clouseau.ini + kCOOKIE_REGEX='setcookie ([^ ]+)' + cookie='monster' + if [[ $ERL_FLAGS =~ $kCOOKIE_REGEX ]]; then + cookie="${BASH_REMATCH[1]}" + else + ERL_FLAGS="$ERL_FLAGS -setcookie $cookie" + fi + + if ! grep "cookie" /opt/couchdb-search/etc/clouseau.ini; then + echo "cookie=$cookie" >> /opt/couchdb-search/etc/clouseau.ini + fi + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + # a node name is required for clouseau/distributed erlang. + # set if not specified via ERL_FLAGS or vm.args + kNAME_REGEX='\-name ([^ ]+)' + if ! [[ $ERL_FLAGS =~ $kNAME_REGEX ]]; then + echo "No name found in ERL_FLAGS $ERL_FLAGS" + nodename=${NODENAME:=127.0.0.1} + if ! grep -e '-name' /opt/couchdb/etc/vm.args; then + echo "No -name found in vm.args. Using couchdb@$nodename" + echo "-name couchdb@$nodename" >> /opt/couchdb/etc/vm.args + fi + fi + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini; then + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_SECRET" ]; then + # Set secret only if not already present + if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini; then + printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$(id -u)" = '0' ]; then + chown -f couchdb:0 /opt/couchdb/etc/local.d/docker.ini || true + fi + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' +************************************************************* +ERROR: CouchDB 3.0+ will no longer run in "Admin Party" + mode. You *MUST* specify an admin user and + password, either via your own .ini file mapped + into the container at /opt/couchdb/etc/local.ini + or inside /opt/couchdb/etc/local.d, or with + "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it via "docker run". +************************************************************* +EOWARN + exit 1 + fi + + if [ "$(id -u)" = '0' ]; then + # Run as CouchDB user + cat > /etc/service/couchdb/run <<-EOF + #!/bin/sh + export HOME=/opt/couchdb + exec 2>&1 + exec chpst -u couchdb env ERL_FLAGS="$ERL_FLAGS" $@ + EOF + + cat > /etc/service/couchdb-search/run <<-EOF + #!/bin/sh + export HOME=/opt/couchdb-search + exec 2>&1 + exec chpst -u couchdb java -server \ + -Xmx2G \ + -Dsun.net.inetaddr.ttl=30 \ + -Dsun.net.inetaddr.negative.ttl=30 \ + -Dlog4j.configuration=file:/opt/couchdb-search/etc/log4j.properties \ + -XX:OnOutOfMemoryError="kill -9 %p" \ + -XX:+UseConcMarkSweepGC \ + -XX:+CMSParallelRemarkEnabled \ + -classpath '/opt/couchdb-search/lib/*' \ + com.cloudant.clouseau.Main \ + /opt/couchdb-search/etc/clouseau.ini + EOF + else + # Write out runit scripts to start as the ambient uid + cat > /etc/service/couchdb/run <<-EOF + #!/bin/sh + export HOME=/opt/couchdb + exec 2>&1 + exec chpst env ERL_FLAGS="$ERL_FLAGS" $@ + EOF + + cat > /etc/service/couchdb-search/run <<-EOF + #!/bin/sh + export HOME=/opt/couchdb-search + exec 2>&1 + exec chpst java -server \ + -Xmx2G \ + -Dsun.net.inetaddr.ttl=30 \ + -Dsun.net.inetaddr.negative.ttl=30 \ + -Dlog4j.configuration=file:/opt/couchdb-search/etc/log4j.properties \ + -XX:OnOutOfMemoryError="kill -9 %p" \ + -XX:+UseConcMarkSweepGC \ + -XX:+CMSParallelRemarkEnabled \ + -classpath '/opt/couchdb-search/lib/*' \ + com.cloudant.clouseau.Main \ + /opt/couchdb-search/etc/clouseau.ini + EOF + fi + + exec /sbin/runsvdir-start +fi + +exec "$@" diff --git a/3.2.0-ubi-clouseau/resources/pre_stop b/3.2.0-ubi-clouseau/resources/pre_stop new file mode 100644 index 0000000..2fbd60a --- /dev/null +++ b/3.2.0-ubi-clouseau/resources/pre_stop @@ -0,0 +1,30 @@ +#!/bin/bash + +if [ -z "$1" ]; then + terminationPeriod=300 +else + terminationPeriod=$1 +fi + +timeToSleep=5 +numIterations=$(awk -v var1=$terminationPeriod -v var2=$timeToSleep 'BEGIN { print ( var1 / var2 ) }') + +# Mark each runsv service as down, which will send each process a TERM +for file in /conf/service/*/supervise/control; do + echo "d" > $file; +done + +# Allow the processes time to terminate gracefully +i="0" +while [ $i -lt $numIterations ]; do + numServices=$(find /conf/service/* -maxdepth 0 -type d | wc -l) + numDownServices=$(grep -r "^down$" /conf/service/*/supervise/stat | wc -l) + if [ $numServices -ne $numDownServices ]; then + sleep $timeToSleep + i=$[$i+1] + else + exit 0 + fi +done + +exit 1 diff --git a/3.2.0-ubi-clouseau/resources/run b/3.2.0-ubi-clouseau/resources/run new file mode 100644 index 0000000..7d1d6b8 --- /dev/null +++ b/3.2.0-ubi-clouseau/resources/run @@ -0,0 +1 @@ +# populated in dockerfile entrypoint so that ERL_FLAGS are propagated diff --git a/3.2.0-ubi-clouseau/resources/run_clouseau b/3.2.0-ubi-clouseau/resources/run_clouseau new file mode 100644 index 0000000..9c18b33 --- /dev/null +++ b/3.2.0-ubi-clouseau/resources/run_clouseau @@ -0,0 +1 @@ +# populated in dockerfile entrypoint diff --git a/3.2.0-ubi-clouseau/resources/vm.args b/3.2.0-ubi-clouseau/resources/vm.args new file mode 100644 index 0000000..0425756 --- /dev/null +++ b/3.2.0-ubi-clouseau/resources/vm.args @@ -0,0 +1,28 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# Use kernel poll functionality if supported by emulator ++K true + +# Start a pool of asynchronous IO threads ++A 16 + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput From 5e0a54ced383627836c4fcc3d6a4e65e72e7890c Mon Sep 17 00:00:00 2001 From: Nick Vatamaniuc Date: Sat, 13 Nov 2021 23:54:49 -0500 Subject: [PATCH 11/53] Version 3.2.1 Docker images pushed as 3.2.1, 3.2, 3 and latest ``` ./build.sh push 3.2.1 Created manifest list docker.io/apache/couchdb:3.2.1 sha256:baa32c5386eb440b17df45abad6ec76322890cc8272a76f78fbd48e3a70f5618 { "schemaVersion": 2, "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json", "manifests": [ { "mediaType": "application/vnd.docker.distribution.manifest.v2+json", "size": 2617, "digest": "sha256:932d61826a5ce5502ebdcfc69f36480286af026bd5c3a136682562bc733ab18c", "platform": { "architecture": "amd64", "os": "linux" } }, { "mediaType": "application/vnd.docker.distribution.manifest.v2+json", "size": 2617, "digest": "sha256:41973db85158829fa9a7a56ce7660e7a10c74f813cf720e95e32169b60c46251", "platform": { "architecture": "arm64", "os": "linux", "variant": "v8" } } ] } ``` --- .travis.yml | 1 + 3.2.1/10-docker-default.ini | 8 +++ 3.2.1/Dockerfile | 105 +++++++++++++++++++++++++++++++++++ 3.2.1/docker-entrypoint.sh | 106 ++++++++++++++++++++++++++++++++++++ 3.2.1/vm.args | 28 ++++++++++ README.md | 1 + 6 files changed, 249 insertions(+) create mode 100644 3.2.1/10-docker-default.ini create mode 100644 3.2.1/Dockerfile create mode 100755 3.2.1/docker-entrypoint.sh create mode 100644 3.2.1/vm.args diff --git a/.travis.yml b/.travis.yml index 3199eca..0dacda0 100644 --- a/.travis.yml +++ b/.travis.yml @@ -16,6 +16,7 @@ env: - RELEASES=3.1.2 - RELEASES=3.1.2-ubi - RELEASES=3.2.0 + - RELEASES=3.2.1 # Needs updating for fdb # - RELEASES=dev # - RELEASES=dev-cluster diff --git a/3.2.1/10-docker-default.ini b/3.2.1/10-docker-default.ini new file mode 100644 index 0000000..1aa633c --- /dev/null +++ b/3.2.1/10-docker-default.ini @@ -0,0 +1,8 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any diff --git a/3.2.1/Dockerfile b/3.2.1/Dockerfile new file mode 100644 index 0000000..61b43b7 --- /dev/null +++ b/3.2.1/Dockerfile @@ -0,0 +1,105 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:buster-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root and tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends gosu tini; \ + rm -rf /var/lib/apt/lists/*; \ + gosu nobody true; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +ENV GPG_COUCH_KEY \ +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + 390EF70BB1EA12B2773962950EE62FB37A00258D +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* + +ENV COUCHDB_VERSION 3.2.1 + +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb couchdb/mode select none" | debconf-set-selections; \ +# we DO want recommends this time + DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ + couchdb="$COUCHDB_VERSION"~buster \ + ; \ +# Undo symlinks to /var/log and /var/lib + rmdir /var/lib/couchdb /var/log/couchdb; \ + rm /opt/couchdb/data /opt/couchdb/var/log; \ + mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ + chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ + chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ +# Remove file that sets logging to a file + rm /opt/couchdb/etc/default.d/10-filelog.ini; \ +# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ +# Setup directories and permissions for config. Technically these could be 555 and 444 respectively +# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ +# only local.d needs to be writable for the docker_entrypoint.sh + chmod -f 0777 /opt/couchdb/etc/local.d; \ +# apt clean-up + rm -rf /var/lib/apt/lists/*; + +# Add configuration +COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ + +COPY docker-entrypoint.sh /usr/local/bin +RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] + +VOLUME /opt/couchdb/data + +# 5984: Main CouchDB endpoint +# 4369: Erlang portmap daemon (epmd) +# 9100: CouchDB cluster communication port +EXPOSE 5984 4369 9100 +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.2.1/docker-entrypoint.sh b/3.2.1/docker-entrypoint.sh new file mode 100755 index 0000000..acf3675 --- /dev/null +++ b/3.2.1/docker-entrypoint.sh @@ -0,0 +1,106 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # this is where runtime configuration changes will be written. + # we need to explicitly touch it here in case /opt/couchdb/etc has + # been mounted as an external volume, in which case it won't exist. + # If running as the couchdb user (i.e. container starts as root), + # write permissions will be granted below. + touch /opt/couchdb/etc/local.d/docker.ini + + # if user is root, assume running under the couchdb user (default) + # and ensure it is able to access files and directories that may be mounted externally + if [ "$(id -u)" = '0' ]; then + # Check that we own everything in /opt/couchdb and fix if necessary. We also + # add the `-f` flag in all the following invocations because there may be + # cases where some of these ownership and permissions issues are non-fatal + # (e.g. a config file owned by root with o+r is actually fine), and we don't + # to be too aggressive about crashing here ... + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + + + # Ensure that data files have the correct permissions. We were previously + # preventing any access to these files outside of couchdb:couchdb, but it + # turns out that CouchDB itself does not set such restrictive permissions + # when it creates the files. The approach taken here ensures that the + # contents of the datadir have the same permissions as they had when they + # were initially created. This should minimize any startup delay. + find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + + # Do the same thing for configuration files and directories. Technically + # CouchDB only needs read access to the configuration files as all online + # changes will be applied to the "docker.ini" file below, but we set 644 + # for the sake of consistency. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + fi + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_SECRET" ]; then + # Set secret only if not already present + if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$(id -u)" = '0' ]; then + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + fi + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' +************************************************************* +ERROR: CouchDB 3.0+ will no longer run in "Admin Party" + mode. You *MUST* specify an admin user and + password, either via your own .ini file mapped + into the container at /opt/couchdb/etc/local.ini + or inside /opt/couchdb/etc/local.d, or with + "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it via "docker run". +************************************************************* +EOWARN + exit 1 + fi + + if [ "$(id -u)" = '0' ]; then + exec gosu couchdb "$@" + fi +fi + +exec "$@" diff --git a/3.2.1/vm.args b/3.2.1/vm.args new file mode 100644 index 0000000..0425756 --- /dev/null +++ b/3.2.1/vm.args @@ -0,0 +1,28 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# Use kernel poll functionality if supported by emulator ++K true + +# Start a pool of asynchronous IO threads ++A 16 + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput diff --git a/README.md b/README.md index 2606633..66110e0 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,7 @@ There may be more tags available, but these tags should always exist: - `2`: The very latest CouchDB 2.x single node release (capable of running in a cluster) As of this writing, the latest numbered tags available are: +- `3.2.1` - `3.2.0` - `3.1.2` - `2.3.1` From c2c672efb39b6269c8e020bfd6c90c92af586bba Mon Sep 17 00:00:00 2001 From: Tobias Gesellchen Date: Thu, 3 Feb 2022 23:49:42 +0100 Subject: [PATCH 12/53] fix(entrypoint): move secret from [couch_httpd_auth] to [chttpd_auth] section for CouchDB 3.2.x --- 3.2.0-ubi-clouseau/resources/docker-entrypoint.sh | 4 ++-- 3.2.0/docker-entrypoint.sh | 4 ++-- 3.2.1/docker-entrypoint.sh | 4 ++-- dev/docker-entrypoint.sh | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/3.2.0-ubi-clouseau/resources/docker-entrypoint.sh b/3.2.0-ubi-clouseau/resources/docker-entrypoint.sh index 094a8f9..0592c68 100755 --- a/3.2.0-ubi-clouseau/resources/docker-entrypoint.sh +++ b/3.2.0-ubi-clouseau/resources/docker-entrypoint.sh @@ -101,8 +101,8 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then if [ "$COUCHDB_SECRET" ]; then # Set secret only if not already present - if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini; then - printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini; then + printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini fi fi diff --git a/3.2.0/docker-entrypoint.sh b/3.2.0/docker-entrypoint.sh index acf3675..4b8b4f4 100755 --- a/3.2.0/docker-entrypoint.sh +++ b/3.2.0/docker-entrypoint.sh @@ -72,8 +72,8 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then if [ "$COUCHDB_SECRET" ]; then # Set secret only if not already present - if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini fi fi diff --git a/3.2.1/docker-entrypoint.sh b/3.2.1/docker-entrypoint.sh index acf3675..4b8b4f4 100755 --- a/3.2.1/docker-entrypoint.sh +++ b/3.2.1/docker-entrypoint.sh @@ -72,8 +72,8 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then if [ "$COUCHDB_SECRET" ]; then # Set secret only if not already present - if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini fi fi diff --git a/dev/docker-entrypoint.sh b/dev/docker-entrypoint.sh index 7390bd4..4c1f9bf 100755 --- a/dev/docker-entrypoint.sh +++ b/dev/docker-entrypoint.sh @@ -64,8 +64,8 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then if [ "$COUCHDB_SECRET" ]; then # Set secret only if not already present - if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini fi fi From efa6e93389c0d1b7980894f9059fb3a5775864b1 Mon Sep 17 00:00:00 2001 From: Adam Kocoloski Date: Tue, 8 Feb 2022 18:50:23 -0500 Subject: [PATCH 13/53] Listen for COUCHDB_ERLANG_COOKIE and write it down --- 3.2.1/docker-entrypoint.sh | 15 +++++++++++++++ README.md | 9 ++++++++- dev/docker-entrypoint.sh | 15 +++++++++++++++ 3 files changed, 38 insertions(+), 1 deletion(-) diff --git a/3.2.1/docker-entrypoint.sh b/3.2.1/docker-entrypoint.sh index 4b8b4f4..8d6456d 100755 --- a/3.2.1/docker-entrypoint.sh +++ b/3.2.1/docker-entrypoint.sh @@ -77,6 +77,21 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then fi fi + if [ "$COUCHDB_ERLANG_COOKIE" ]; then + cookieFile='/opt/couchdb/.erlang.cookie' + if [ -e "$cookieFile" ]; then + if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then + echo >&2 + echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" + echo >&2 + fi + else + echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" + fi + chown couchdb:couchdb "$cookieFile" + chmod 600 "$cookieFile" + fi + if [ "$(id -u)" = '0' ]; then chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true fi diff --git a/README.md b/README.md index 66110e0..db30db5 100644 --- a/README.md +++ b/README.md @@ -52,7 +52,14 @@ If you intend to network this CouchDB instance with others in a cluster, you wil Start your multiple CouchDB instances, then follow the Setup Wizard in the [official CouchDB documentation](http://docs.couchdb.org/en/stable/setup/cluster.html) to complete the process. -For a CouchDB cluster you need to provide the `NODENAME` setting as well as the erlang cookie. Settings to Erlang can be made with the environment variable `ERL_FLAGS`, e.g. `ERL_FLAGS=-setcookie "brumbrum"`. +For a CouchDB cluster you need to provide the `NODENAME` setting as well as the +Erlang distribution cookie. The current version of this image allows the Erlang +cookie to be set directly using the `COUCHDB_ERLANG_COOKIE` environment +variable. The contents of that environment variable will be written to +`/opt/couchdb/.erlang.cookie` with the proper permissions. Previously one would +need to provide the `-setcookie` flag in the environment variable `ERL_FLAGS`, +e.g. `ERL_FLAGS=-setcookie "brumbrum"`. + By default, this image exposes the `epmd` port `4369` and the Erlang cluster communication port `9100` (i.e. `inet_dist_listen_min` and `inet_dist_listen_max` are both 9100). Further information can be found [here](http://docs.couchdb.org/en/stable/cluster/setup.html). diff --git a/dev/docker-entrypoint.sh b/dev/docker-entrypoint.sh index 4c1f9bf..95691c2 100755 --- a/dev/docker-entrypoint.sh +++ b/dev/docker-entrypoint.sh @@ -69,6 +69,21 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then fi fi + if [ "$COUCHDB_ERLANG_COOKIE" ]; then + cookieFile='/opt/couchdb/.erlang.cookie' + if [ -e "$cookieFile" ]; then + if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then + echo >&2 + echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" + echo >&2 + fi + else + echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" + fi + chown couchdb:couchdb "$cookieFile" + chmod 600 "$cookieFile" + fi + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true # if we don't find an [admins] section followed by a non-comment, display a warning From beb5062a64fc293d6cb7f9df39b4f04336d6a695 Mon Sep 17 00:00:00 2001 From: Adam Kocoloski Date: Fri, 25 Feb 2022 15:53:16 -0500 Subject: [PATCH 14/53] Revert "Drop ppc64le until suitable CI replacement identified (#199)" This reverts commit e3ca492, since ppc64le machines are back in the CI matrix. --- build.sh | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/build.sh b/build.sh index 44a4f58..e3f7cf2 100755 --- a/build.sh +++ b/build.sh @@ -33,8 +33,8 @@ set -e PROMPT="Are you sure (y/n)? " QEMU="YES" -PLATFORMS="amd64 arm64v8" -BUILDX_PLATFORMS="linux/amd64,linux/arm64/v8" +PLATFORMS="amd64 arm64v8 ppc64le" +BUILDX_PLATFORMS="linux/amd64,linux/arm64/v8,linux/ppc64le" prompt() { if [ -z "${PROMPT}" ] @@ -153,11 +153,15 @@ push() { fi docker manifest create apache/couchdb:$tag_as \ apache/couchdb:amd64-$1 \ - apache/couchdb:arm64v8-$1 + apache/couchdb:arm64v8-$1 \ + apache/couchdb:ppc64le-$1 docker manifest annotate apache/couchdb:$tag_as \ apache/couchdb:arm64v8-$1 --os linux --arch arm64 --variant v8 + docker manifest annotate apache/couchdb:$tag_as \ + apache/couchdb:ppc64le-$1 --os linux --arch ppc64le + docker manifest push --purge apache/couchdb:$tag_as docker manifest inspect apache/couchdb:$tag_as From 4dc3a6b1f2bd8d46489cad5828912f0a64bf0b36 Mon Sep 17 00:00:00 2001 From: Adam Kocoloski Date: Fri, 25 Feb 2022 16:47:28 -0500 Subject: [PATCH 15/53] Update Debian / Erlang / SpiderMonkey versions Debian: 10 -> 11 Erlang: 20 -> 23 SpiderMonkey: 60 -> 78 (implicit in Debian upgrade) --- 3.2.1/Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/3.2.1/Dockerfile b/3.2.1/Dockerfile index 61b43b7..27e9d9c 100644 --- a/3.2.1/Dockerfile +++ b/3.2.1/Dockerfile @@ -10,7 +10,7 @@ # License for the specific language governing permissions and limitations under # the License. -FROM debian:buster-slim +FROM debian:bullseye-slim LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" @@ -54,7 +54,7 @@ RUN set -eux; \ apt purge -y --autoremove curl; \ rm -rf /var/lib/apt/lists/* -ENV COUCHDB_VERSION 3.2.1 +ENV COUCHDB_VERSION 3.2.1-1 RUN . /etc/os-release; \ echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ @@ -67,7 +67,7 @@ RUN set -eux; \ echo "couchdb couchdb/mode select none" | debconf-set-selections; \ # we DO want recommends this time DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ - couchdb="$COUCHDB_VERSION"~buster \ + couchdb="$COUCHDB_VERSION"~bullseye \ ; \ # Undo symlinks to /var/log and /var/lib rmdir /var/lib/couchdb /var/log/couchdb; \ From ac414ba37361d8be8ca5b0424d4f9f4faf830a3a Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Mon, 18 Apr 2022 17:30:48 +0200 Subject: [PATCH 16/53] feat: 3.2.2 --- .travis.yml | 1 + 3.2.2/10-docker-default.ini | 8 +++ 3.2.2/Dockerfile | 105 +++++++++++++++++++++++++++++++ 3.2.2/docker-entrypoint.sh | 121 ++++++++++++++++++++++++++++++++++++ 3.2.2/vm.args | 28 +++++++++ README.md | 1 + 6 files changed, 264 insertions(+) create mode 100644 3.2.2/10-docker-default.ini create mode 100644 3.2.2/Dockerfile create mode 100755 3.2.2/docker-entrypoint.sh create mode 100644 3.2.2/vm.args diff --git a/.travis.yml b/.travis.yml index 0dacda0..1956522 100644 --- a/.travis.yml +++ b/.travis.yml @@ -17,6 +17,7 @@ env: - RELEASES=3.1.2-ubi - RELEASES=3.2.0 - RELEASES=3.2.1 + - RELEASES=3.2.2 # Needs updating for fdb # - RELEASES=dev # - RELEASES=dev-cluster diff --git a/3.2.2/10-docker-default.ini b/3.2.2/10-docker-default.ini new file mode 100644 index 0000000..1aa633c --- /dev/null +++ b/3.2.2/10-docker-default.ini @@ -0,0 +1,8 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any diff --git a/3.2.2/Dockerfile b/3.2.2/Dockerfile new file mode 100644 index 0000000..27e9d9c --- /dev/null +++ b/3.2.2/Dockerfile @@ -0,0 +1,105 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:bullseye-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root and tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends gosu tini; \ + rm -rf /var/lib/apt/lists/*; \ + gosu nobody true; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +ENV GPG_COUCH_KEY \ +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + 390EF70BB1EA12B2773962950EE62FB37A00258D +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* + +ENV COUCHDB_VERSION 3.2.1-1 + +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb couchdb/mode select none" | debconf-set-selections; \ +# we DO want recommends this time + DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ + couchdb="$COUCHDB_VERSION"~bullseye \ + ; \ +# Undo symlinks to /var/log and /var/lib + rmdir /var/lib/couchdb /var/log/couchdb; \ + rm /opt/couchdb/data /opt/couchdb/var/log; \ + mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ + chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ + chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ +# Remove file that sets logging to a file + rm /opt/couchdb/etc/default.d/10-filelog.ini; \ +# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ +# Setup directories and permissions for config. Technically these could be 555 and 444 respectively +# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ +# only local.d needs to be writable for the docker_entrypoint.sh + chmod -f 0777 /opt/couchdb/etc/local.d; \ +# apt clean-up + rm -rf /var/lib/apt/lists/*; + +# Add configuration +COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ + +COPY docker-entrypoint.sh /usr/local/bin +RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] + +VOLUME /opt/couchdb/data + +# 5984: Main CouchDB endpoint +# 4369: Erlang portmap daemon (epmd) +# 9100: CouchDB cluster communication port +EXPOSE 5984 4369 9100 +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.2.2/docker-entrypoint.sh b/3.2.2/docker-entrypoint.sh new file mode 100755 index 0000000..8d6456d --- /dev/null +++ b/3.2.2/docker-entrypoint.sh @@ -0,0 +1,121 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # this is where runtime configuration changes will be written. + # we need to explicitly touch it here in case /opt/couchdb/etc has + # been mounted as an external volume, in which case it won't exist. + # If running as the couchdb user (i.e. container starts as root), + # write permissions will be granted below. + touch /opt/couchdb/etc/local.d/docker.ini + + # if user is root, assume running under the couchdb user (default) + # and ensure it is able to access files and directories that may be mounted externally + if [ "$(id -u)" = '0' ]; then + # Check that we own everything in /opt/couchdb and fix if necessary. We also + # add the `-f` flag in all the following invocations because there may be + # cases where some of these ownership and permissions issues are non-fatal + # (e.g. a config file owned by root with o+r is actually fine), and we don't + # to be too aggressive about crashing here ... + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + + + # Ensure that data files have the correct permissions. We were previously + # preventing any access to these files outside of couchdb:couchdb, but it + # turns out that CouchDB itself does not set such restrictive permissions + # when it creates the files. The approach taken here ensures that the + # contents of the datadir have the same permissions as they had when they + # were initially created. This should minimize any startup delay. + find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + + # Do the same thing for configuration files and directories. Technically + # CouchDB only needs read access to the configuration files as all online + # changes will be applied to the "docker.ini" file below, but we set 644 + # for the sake of consistency. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + fi + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_SECRET" ]; then + # Set secret only if not already present + if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_ERLANG_COOKIE" ]; then + cookieFile='/opt/couchdb/.erlang.cookie' + if [ -e "$cookieFile" ]; then + if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then + echo >&2 + echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" + echo >&2 + fi + else + echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" + fi + chown couchdb:couchdb "$cookieFile" + chmod 600 "$cookieFile" + fi + + if [ "$(id -u)" = '0' ]; then + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + fi + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' +************************************************************* +ERROR: CouchDB 3.0+ will no longer run in "Admin Party" + mode. You *MUST* specify an admin user and + password, either via your own .ini file mapped + into the container at /opt/couchdb/etc/local.ini + or inside /opt/couchdb/etc/local.d, or with + "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it via "docker run". +************************************************************* +EOWARN + exit 1 + fi + + if [ "$(id -u)" = '0' ]; then + exec gosu couchdb "$@" + fi +fi + +exec "$@" diff --git a/3.2.2/vm.args b/3.2.2/vm.args new file mode 100644 index 0000000..0425756 --- /dev/null +++ b/3.2.2/vm.args @@ -0,0 +1,28 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# Use kernel poll functionality if supported by emulator ++K true + +# Start a pool of asynchronous IO threads ++A 16 + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput diff --git a/README.md b/README.md index db30db5..b84f80a 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,7 @@ There may be more tags available, but these tags should always exist: - `2`: The very latest CouchDB 2.x single node release (capable of running in a cluster) As of this writing, the latest numbered tags available are: +- `3.2.2` - `3.2.1` - `3.2.0` - `3.1.2` From 9af532fbd94692c0de3ff277418cc46ff4d90bad Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Wed, 20 Apr 2022 08:31:00 +0200 Subject: [PATCH 17/53] fix: bump version --- 3.2.2/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/3.2.2/Dockerfile b/3.2.2/Dockerfile index 27e9d9c..7276407 100644 --- a/3.2.2/Dockerfile +++ b/3.2.2/Dockerfile @@ -54,7 +54,7 @@ RUN set -eux; \ apt purge -y --autoremove curl; \ rm -rf /var/lib/apt/lists/* -ENV COUCHDB_VERSION 3.2.1-1 +ENV COUCHDB_VERSION 3.2.2 RUN . /etc/os-release; \ echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ From d925a07137f156bbe2f512c181ad63f1da93a312 Mon Sep 17 00:00:00 2001 From: Nick Vatamaniuc Date: Tue, 24 May 2022 01:22:09 -0400 Subject: [PATCH 18/53] Bump 3.2.2 version to fix CVE-2022-1292 --- 3.2.2/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/3.2.2/Dockerfile b/3.2.2/Dockerfile index 7276407..62177b5 100644 --- a/3.2.2/Dockerfile +++ b/3.2.2/Dockerfile @@ -54,7 +54,7 @@ RUN set -eux; \ apt purge -y --autoremove curl; \ rm -rf /var/lib/apt/lists/* -ENV COUCHDB_VERSION 3.2.2 +ENV COUCHDB_VERSION 3.2.2-1 RUN . /etc/os-release; \ echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ From 7bb0dcc588ab375712e94135de89b553ab607ab8 Mon Sep 17 00:00:00 2001 From: Robert Newson Date: Thu, 21 Jul 2022 11:16:37 +0100 Subject: [PATCH 19/53] remove unnecessary bash 4 requirement --- build.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/build.sh b/build.sh index e3f7cf2..e0ca3af 100755 --- a/build.sh +++ b/build.sh @@ -63,10 +63,8 @@ update_qemu() { # docker run --rm --privileged multiarch/qemu-user-static --reset -p yes # docker rmi multiarch/qemu-user-static # use tonistiigi/binfmt instead. - # this requires bash 4.*, sorry jan! echo "Uninstalling all qemu emulators..." - readarray -t platforms < <(docker run --privileged tonistiigi/binfmt | jq -c '.emulators[] | select(. | contains("qemu"))') - for plat in "${platforms[@]}"; do + for plat in $(docker run --privileged tonistiigi/binfmt | jq -c '.emulators[] | select(. | contains("qemu"))'); do plat="${plat//\"}" docker run --privileged tonistiigi/binfmt --uninstall $plat >/dev/null 2>&1 done From 678607699a9223d258e1e8c5420e8fbd11738be3 Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Tue, 3 Jan 2023 11:35:09 +0100 Subject: [PATCH 20/53] release 3.3.0 --- .travis.yml | 1 + README.md | 1 + 2 files changed, 2 insertions(+) diff --git a/.travis.yml b/.travis.yml index 1956522..c9b101e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -18,6 +18,7 @@ env: - RELEASES=3.2.0 - RELEASES=3.2.1 - RELEASES=3.2.2 + - RELEASES=3.3.0 # Needs updating for fdb # - RELEASES=dev # - RELEASES=dev-cluster diff --git a/README.md b/README.md index b84f80a..4822114 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,7 @@ There may be more tags available, but these tags should always exist: - `2`: The very latest CouchDB 2.x single node release (capable of running in a cluster) As of this writing, the latest numbered tags available are: +- `3.3.0` - `3.2.2` - `3.2.1` - `3.2.0` From ddf05bfbd733fad5b854f79f377c69d035c00327 Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Tue, 3 Jan 2023 14:34:28 +0100 Subject: [PATCH 21/53] fix missing files --- 3.3.0/10-docker-default.ini | 8 +++ 3.3.0/Dockerfile | 105 +++++++++++++++++++++++++++++++ 3.3.0/docker-entrypoint.sh | 121 ++++++++++++++++++++++++++++++++++++ 3.3.0/vm.args | 28 +++++++++ 4 files changed, 262 insertions(+) create mode 100644 3.3.0/10-docker-default.ini create mode 100644 3.3.0/Dockerfile create mode 100755 3.3.0/docker-entrypoint.sh create mode 100644 3.3.0/vm.args diff --git a/3.3.0/10-docker-default.ini b/3.3.0/10-docker-default.ini new file mode 100644 index 0000000..1aa633c --- /dev/null +++ b/3.3.0/10-docker-default.ini @@ -0,0 +1,8 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any diff --git a/3.3.0/Dockerfile b/3.3.0/Dockerfile new file mode 100644 index 0000000..ffb943b --- /dev/null +++ b/3.3.0/Dockerfile @@ -0,0 +1,105 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:bullseye-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root and tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends gosu tini; \ + rm -rf /var/lib/apt/lists/*; \ + gosu nobody true; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +ENV GPG_COUCH_KEY \ +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + 390EF70BB1EA12B2773962950EE62FB37A00258D +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* + +ENV COUCHDB_VERSION 3.3.0 + +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb couchdb/mode select none" | debconf-set-selections; \ +# we DO want recommends this time + DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ + couchdb="$COUCHDB_VERSION"~bullseye \ + ; \ +# Undo symlinks to /var/log and /var/lib + rmdir /var/lib/couchdb /var/log/couchdb; \ + rm /opt/couchdb/data /opt/couchdb/var/log; \ + mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ + chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ + chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ +# Remove file that sets logging to a file + rm /opt/couchdb/etc/default.d/10-filelog.ini; \ +# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ +# Setup directories and permissions for config. Technically these could be 555 and 444 respectively +# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ +# only local.d needs to be writable for the docker_entrypoint.sh + chmod -f 0777 /opt/couchdb/etc/local.d; \ +# apt clean-up + rm -rf /var/lib/apt/lists/*; + +# Add configuration +COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ + +COPY docker-entrypoint.sh /usr/local/bin +RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] + +VOLUME /opt/couchdb/data + +# 5984: Main CouchDB endpoint +# 4369: Erlang portmap daemon (epmd) +# 9100: CouchDB cluster communication port +EXPOSE 5984 4369 9100 +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.3.0/docker-entrypoint.sh b/3.3.0/docker-entrypoint.sh new file mode 100755 index 0000000..8d6456d --- /dev/null +++ b/3.3.0/docker-entrypoint.sh @@ -0,0 +1,121 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # this is where runtime configuration changes will be written. + # we need to explicitly touch it here in case /opt/couchdb/etc has + # been mounted as an external volume, in which case it won't exist. + # If running as the couchdb user (i.e. container starts as root), + # write permissions will be granted below. + touch /opt/couchdb/etc/local.d/docker.ini + + # if user is root, assume running under the couchdb user (default) + # and ensure it is able to access files and directories that may be mounted externally + if [ "$(id -u)" = '0' ]; then + # Check that we own everything in /opt/couchdb and fix if necessary. We also + # add the `-f` flag in all the following invocations because there may be + # cases where some of these ownership and permissions issues are non-fatal + # (e.g. a config file owned by root with o+r is actually fine), and we don't + # to be too aggressive about crashing here ... + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + + + # Ensure that data files have the correct permissions. We were previously + # preventing any access to these files outside of couchdb:couchdb, but it + # turns out that CouchDB itself does not set such restrictive permissions + # when it creates the files. The approach taken here ensures that the + # contents of the datadir have the same permissions as they had when they + # were initially created. This should minimize any startup delay. + find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + + # Do the same thing for configuration files and directories. Technically + # CouchDB only needs read access to the configuration files as all online + # changes will be applied to the "docker.ini" file below, but we set 644 + # for the sake of consistency. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + fi + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_SECRET" ]; then + # Set secret only if not already present + if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_ERLANG_COOKIE" ]; then + cookieFile='/opt/couchdb/.erlang.cookie' + if [ -e "$cookieFile" ]; then + if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then + echo >&2 + echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" + echo >&2 + fi + else + echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" + fi + chown couchdb:couchdb "$cookieFile" + chmod 600 "$cookieFile" + fi + + if [ "$(id -u)" = '0' ]; then + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + fi + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' +************************************************************* +ERROR: CouchDB 3.0+ will no longer run in "Admin Party" + mode. You *MUST* specify an admin user and + password, either via your own .ini file mapped + into the container at /opt/couchdb/etc/local.ini + or inside /opt/couchdb/etc/local.d, or with + "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it via "docker run". +************************************************************* +EOWARN + exit 1 + fi + + if [ "$(id -u)" = '0' ]; then + exec gosu couchdb "$@" + fi +fi + +exec "$@" diff --git a/3.3.0/vm.args b/3.3.0/vm.args new file mode 100644 index 0000000..0425756 --- /dev/null +++ b/3.3.0/vm.args @@ -0,0 +1,28 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# Use kernel poll functionality if supported by emulator ++K true + +# Start a pool of asynchronous IO threads ++A 16 + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput From 41b7e8df5ad77c628cc6edb8419d4ade96ccba55 Mon Sep 17 00:00:00 2001 From: Nick Vatamaniuc Date: Tue, 10 Jan 2023 22:41:32 -0500 Subject: [PATCH 22/53] release 3.3.1 --- .travis.yml | 2 + 3.3.1/10-docker-default.ini | 8 +++ 3.3.1/Dockerfile | 105 +++++++++++++++++++++++++++++++ 3.3.1/docker-entrypoint.sh | 121 ++++++++++++++++++++++++++++++++++++ 3.3.1/vm.args | 35 +++++++++++ README.md | 1 + 6 files changed, 272 insertions(+) create mode 100644 3.3.1/10-docker-default.ini create mode 100644 3.3.1/Dockerfile create mode 100755 3.3.1/docker-entrypoint.sh create mode 100644 3.3.1/vm.args diff --git a/.travis.yml b/.travis.yml index c9b101e..ba13811 100644 --- a/.travis.yml +++ b/.travis.yml @@ -19,6 +19,8 @@ env: - RELEASES=3.2.1 - RELEASES=3.2.2 - RELEASES=3.3.0 + - RELEASES=3.3.1 + # Needs updating for fdb # - RELEASES=dev # - RELEASES=dev-cluster diff --git a/3.3.1/10-docker-default.ini b/3.3.1/10-docker-default.ini new file mode 100644 index 0000000..1aa633c --- /dev/null +++ b/3.3.1/10-docker-default.ini @@ -0,0 +1,8 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any diff --git a/3.3.1/Dockerfile b/3.3.1/Dockerfile new file mode 100644 index 0000000..ead4e5c --- /dev/null +++ b/3.3.1/Dockerfile @@ -0,0 +1,105 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:bullseye-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab gosu for easy step-down from root and tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends gosu tini; \ + rm -rf /var/lib/apt/lists/*; \ + gosu nobody true; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +ENV GPG_COUCH_KEY \ +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + 390EF70BB1EA12B2773962950EE62FB37A00258D +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* + +ENV COUCHDB_VERSION 3.3.1 + +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb couchdb/mode select none" | debconf-set-selections; \ +# we DO want recommends this time + DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ + couchdb="$COUCHDB_VERSION"~bullseye \ + ; \ +# Undo symlinks to /var/log and /var/lib + rmdir /var/lib/couchdb /var/log/couchdb; \ + rm /opt/couchdb/data /opt/couchdb/var/log; \ + mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ + chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ + chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ +# Remove file that sets logging to a file + rm /opt/couchdb/etc/default.d/10-filelog.ini; \ +# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ +# Setup directories and permissions for config. Technically these could be 555 and 444 respectively +# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ +# only local.d needs to be writable for the docker_entrypoint.sh + chmod -f 0777 /opt/couchdb/etc/local.d; \ +# apt clean-up + rm -rf /var/lib/apt/lists/*; + +# Add configuration +COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ + +COPY docker-entrypoint.sh /usr/local/bin +RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] + +VOLUME /opt/couchdb/data + +# 5984: Main CouchDB endpoint +# 4369: Erlang portmap daemon (epmd) +# 9100: CouchDB cluster communication port +EXPOSE 5984 4369 9100 +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.3.1/docker-entrypoint.sh b/3.3.1/docker-entrypoint.sh new file mode 100755 index 0000000..8d6456d --- /dev/null +++ b/3.3.1/docker-entrypoint.sh @@ -0,0 +1,121 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # this is where runtime configuration changes will be written. + # we need to explicitly touch it here in case /opt/couchdb/etc has + # been mounted as an external volume, in which case it won't exist. + # If running as the couchdb user (i.e. container starts as root), + # write permissions will be granted below. + touch /opt/couchdb/etc/local.d/docker.ini + + # if user is root, assume running under the couchdb user (default) + # and ensure it is able to access files and directories that may be mounted externally + if [ "$(id -u)" = '0' ]; then + # Check that we own everything in /opt/couchdb and fix if necessary. We also + # add the `-f` flag in all the following invocations because there may be + # cases where some of these ownership and permissions issues are non-fatal + # (e.g. a config file owned by root with o+r is actually fine), and we don't + # to be too aggressive about crashing here ... + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + + + # Ensure that data files have the correct permissions. We were previously + # preventing any access to these files outside of couchdb:couchdb, but it + # turns out that CouchDB itself does not set such restrictive permissions + # when it creates the files. The approach taken here ensures that the + # contents of the datadir have the same permissions as they had when they + # were initially created. This should minimize any startup delay. + find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + + # Do the same thing for configuration files and directories. Technically + # CouchDB only needs read access to the configuration files as all online + # changes will be applied to the "docker.ini" file below, but we set 644 + # for the sake of consistency. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + fi + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_SECRET" ]; then + # Set secret only if not already present + if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_ERLANG_COOKIE" ]; then + cookieFile='/opt/couchdb/.erlang.cookie' + if [ -e "$cookieFile" ]; then + if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then + echo >&2 + echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" + echo >&2 + fi + else + echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" + fi + chown couchdb:couchdb "$cookieFile" + chmod 600 "$cookieFile" + fi + + if [ "$(id -u)" = '0' ]; then + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + fi + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' +************************************************************* +ERROR: CouchDB 3.0+ will no longer run in "Admin Party" + mode. You *MUST* specify an admin user and + password, either via your own .ini file mapped + into the container at /opt/couchdb/etc/local.ini + or inside /opt/couchdb/etc/local.d, or with + "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it via "docker run". +************************************************************* +EOWARN + exit 1 + fi + + if [ "$(id -u)" = '0' ]; then + exec gosu couchdb "$@" + fi +fi + +exec "$@" diff --git a/3.3.1/vm.args b/3.3.1/vm.args new file mode 100644 index 0000000..d606217 --- /dev/null +++ b/3.3.1/vm.args @@ -0,0 +1,35 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# This will toggle to true in Erlang 25+. However since we don't use global +# any longer, and have our own auto-connection module, we can keep the +# existing global behavior to avoid surprises. See +# https://github.com/erlang/otp/issues/6470#issuecomment-1337421210 for more +# information about possible increased coordination and messages being sent on +# disconnections when this setting is enabled. +# +-kernel prevent_overlapping_partitions false + +# Increase the pool of dirty IO schedulers from 10 to 16 +# Dirty IO schedulers are used for file IO. ++SDio 16 + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput diff --git a/README.md b/README.md index 4822114..0459fef 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,7 @@ There may be more tags available, but these tags should always exist: - `2`: The very latest CouchDB 2.x single node release (capable of running in a cluster) As of this writing, the latest numbered tags available are: +- `3.3.1` - `3.3.0` - `3.2.2` - `3.2.1` From 9453eee94963f813dceab78fd25a33a4d6ee0fa8 Mon Sep 17 00:00:00 2001 From: Nick Vatamaniuc Date: Tue, 24 Jan 2023 17:43:27 -0500 Subject: [PATCH 23/53] Remove Travis --- .travis.yml | 29 ----------------------------- README.md | 2 +- 2 files changed, 1 insertion(+), 30 deletions(-) delete mode 100644 .travis.yml diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index ba13811..0000000 --- a/.travis.yml +++ /dev/null @@ -1,29 +0,0 @@ -sudo: required - -language: minimal - -# Avoid double build on PRs (See https://github.com/travis-ci/travis-ci/issues/1147) -branches: - only: - - main - -services: - - docker - -env: - - RELEASES=2.3.1 - - RELEASES=2.3.1-ubi - - RELEASES=3.1.2 - - RELEASES=3.1.2-ubi - - RELEASES=3.2.0 - - RELEASES=3.2.1 - - RELEASES=3.2.2 - - RELEASES=3.3.0 - - RELEASES=3.3.1 - -# Needs updating for fdb -# - RELEASES=dev -# - RELEASES=dev-cluster - -script: - - for rel in $RELEASES; do docker build -t couchdb:$rel $rel; docker run -d --name $rel -e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password -p 5984:5984 couchdb:$rel && sleep 10 && curl http://admin:password@localhost:5984/ && docker kill $rel; done diff --git a/README.md b/README.md index 0459fef..6f20dfc 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# Semi-official Apache CouchDB Docker images [![Build Status](https://travis-ci.org/apache/couchdb-docker.svg?branch=master)](https://travis-ci.org/apache/couchdb-docker) +# Semi-official Apache CouchDB Docker images ## Available tags From bf802ba20229b0eeee79034d3a9606a3b5ce4b8d Mon Sep 17 00:00:00 2001 From: Robert Newson Date: Fri, 17 Mar 2023 11:07:31 +0000 Subject: [PATCH 24/53] replace gosu with setpriv in supported images --- 3.2.2/Dockerfile | 5 ++--- 3.2.2/docker-entrypoint.sh | 2 +- 3.3.1/Dockerfile | 5 ++--- 3.3.1/docker-entrypoint.sh | 2 +- dev-cluster/Dockerfile | 5 ++--- dev/Dockerfile | 6 ++---- dev/docker-entrypoint.sh | 2 +- 7 files changed, 11 insertions(+), 16 deletions(-) diff --git a/3.2.2/Dockerfile b/3.2.2/Dockerfile index 62177b5..587d152 100644 --- a/3.2.2/Dockerfile +++ b/3.2.2/Dockerfile @@ -28,13 +28,12 @@ RUN set -ex; \ ; \ rm -rf /var/lib/apt/lists/* -# grab gosu for easy step-down from root and tini for signal handling and zombie reaping +# grab tini for signal handling and zombie reaping # see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 RUN set -eux; \ apt-get update; \ - apt-get install -y --no-install-recommends gosu tini; \ + apt-get install -y --no-install-recommends tini; \ rm -rf /var/lib/apt/lists/*; \ - gosu nobody true; \ tini --version # http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages diff --git a/3.2.2/docker-entrypoint.sh b/3.2.2/docker-entrypoint.sh index 8d6456d..e691a66 100755 --- a/3.2.2/docker-entrypoint.sh +++ b/3.2.2/docker-entrypoint.sh @@ -114,7 +114,7 @@ EOWARN fi if [ "$(id -u)" = '0' ]; then - exec gosu couchdb "$@" + exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@" fi fi diff --git a/3.3.1/Dockerfile b/3.3.1/Dockerfile index ead4e5c..90369c9 100644 --- a/3.3.1/Dockerfile +++ b/3.3.1/Dockerfile @@ -28,13 +28,12 @@ RUN set -ex; \ ; \ rm -rf /var/lib/apt/lists/* -# grab gosu for easy step-down from root and tini for signal handling and zombie reaping +# grab tini for signal handling and zombie reaping # see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 RUN set -eux; \ apt-get update; \ - apt-get install -y --no-install-recommends gosu tini; \ + apt-get install -y --no-install-recommends tini; \ rm -rf /var/lib/apt/lists/*; \ - gosu nobody true; \ tini --version # http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages diff --git a/3.3.1/docker-entrypoint.sh b/3.3.1/docker-entrypoint.sh index 8d6456d..e691a66 100755 --- a/3.3.1/docker-entrypoint.sh +++ b/3.3.1/docker-entrypoint.sh @@ -114,7 +114,7 @@ EOWARN fi if [ "$(id -u)" = '0' ]; then - exec gosu couchdb "$@" + exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@" fi fi diff --git a/dev-cluster/Dockerfile b/dev-cluster/Dockerfile index f599fec..71ca4b0 100644 --- a/dev-cluster/Dockerfile +++ b/dev-cluster/Dockerfile @@ -30,13 +30,12 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ openssl && \ rm -rf /var/lib/apt/lists/* -# grab gosu for easy step-down from root and tini for signal handling +# grab tini for signal handling # see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 RUN set -eux; \ apt-get update; \ - apt-get install -y --no-install-recommends gosu tini; \ + apt-get install -y --no-install-recommends tini; \ rm -rf /var/lib/apt/lists/*; \ - gosu nobody true; \ tini --version RUN apt-get update -y && apt-get install -y --no-install-recommends \ diff --git a/dev/Dockerfile b/dev/Dockerfile index 104de9d..1b7675c 100644 --- a/dev/Dockerfile +++ b/dev/Dockerfile @@ -31,15 +31,13 @@ RUN apt-get update -y && apt-get install -y \ && apt-get update -y && apt-get install -y --no-install-recommends libmozjs-60-0 \ && rm -rf /var/lib/apt/lists/* -# grab gosu for easy step-down from root and tini for signal handling +# grab tini for signal handling # see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 -ENV GOSU_VERSION 1.10 ENV TINI_VERSION 0.16.1 RUN set -eux; \ apt-get update; \ - apt-get install -y --no-install-recommends gosu tini; \ + apt-get install -y --no-install-recommends tini; \ rm -rf /var/lib/apt/lists/*; \ - gosu nobody true; \ tini --version # Dependencies only needed during build time. This layer will also be cached diff --git a/dev/docker-entrypoint.sh b/dev/docker-entrypoint.sh index 95691c2..0db874a 100755 --- a/dev/docker-entrypoint.sh +++ b/dev/docker-entrypoint.sh @@ -104,7 +104,7 @@ EOWARN fi - exec gosu couchdb "$@" + exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@" fi exec "$@" From 5132ed9b0508388997a56907be6624f7b6fca86f Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Fri, 17 Mar 2023 12:34:25 +0100 Subject: [PATCH 25/53] doc: add debugging info --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 6f20dfc..70072d7 100644 --- a/README.md +++ b/README.md @@ -284,6 +284,12 @@ branch superceded by a newer one. The `build.sh` utility can help you do this quickly, see its usage help for more details. +To see full build logs, export `PROGRESS_NO_TRUNC=1` and use `--progress +plain` as an option to `docker build`. + +To rebuild all Dockerfile steps without caching (so you can inspect the +build log e.g.), use the `--no-cache` option of `docker build`. + ## Feedback, Issues, Contributing General feedback is welcome at our [user][1] or [developer][2] mailing lists. From ff67658960990eaaa1fe75007ac92c5444bc05f2 Mon Sep 17 00:00:00 2001 From: Will Holley Date: Fri, 24 Mar 2023 13:52:55 +0000 Subject: [PATCH 26/53] fix: set $HOME when stepping down from root Ticket: https://github.com/apache/couchdb-docker/issues/236 Why: In https://github.com/apache/couchdb-docker/pull/234 we moved from using `gosu` to `setpriv` to step down from the root user to the couchdb user. There is a behavioural difference between and `gosu` and `setpriv` in that `gosu` will [set the $HOME environment variable](https://github.com/tianon/gosu/blob/master/setup-user.go#L45) to that of the target user. Without this behaviour, `couchdb` includes the root user home directory (`/root`) in various search paths and crashes because it doesn't have read permissions. How: Explicitly set `$HOME` to the `couchdb` user home directory before we execute as the `couchdb` user, replicating the `gosu` behaviour. --- 3.2.2/docker-entrypoint.sh | 1 + 3.3.1/docker-entrypoint.sh | 1 + dev/docker-entrypoint.sh | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/3.2.2/docker-entrypoint.sh b/3.2.2/docker-entrypoint.sh index e691a66..a8544c7 100755 --- a/3.2.2/docker-entrypoint.sh +++ b/3.2.2/docker-entrypoint.sh @@ -114,6 +114,7 @@ EOWARN fi if [ "$(id -u)" = '0' ]; then + export HOME=$(echo ~couchdb) exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@" fi fi diff --git a/3.3.1/docker-entrypoint.sh b/3.3.1/docker-entrypoint.sh index e691a66..a8544c7 100755 --- a/3.3.1/docker-entrypoint.sh +++ b/3.3.1/docker-entrypoint.sh @@ -114,6 +114,7 @@ EOWARN fi if [ "$(id -u)" = '0' ]; then + export HOME=$(echo ~couchdb) exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@" fi fi diff --git a/dev/docker-entrypoint.sh b/dev/docker-entrypoint.sh index 0db874a..7239912 100755 --- a/dev/docker-entrypoint.sh +++ b/dev/docker-entrypoint.sh @@ -103,7 +103,7 @@ EOWARN exit 1 fi - + export HOME=$(echo ~couchdb) exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@" fi From a29d12f0dd4d73f1dcefb07212af4b9ba3185d9e Mon Sep 17 00:00:00 2001 From: Nick Vatamaniuc Date: Tue, 28 Mar 2023 14:31:19 -0400 Subject: [PATCH 27/53] Update release instructions for 3.3.x release series * Use `build.sh buildx` otherwise we risk pushing only the architecture image for the host where build and push is run. * Update readme file with buildx instructions example * master -> main references --- README.md | 29 ++++++++++++----------------- 1 file changed, 12 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index 70072d7..4bfb33e 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ As of this writing, the latest numbered tags available are: # How to use this image -The most up-to-date instructions on using this image are always available at https://github.com/apache/couchdb-docker/blob/master/README.md . +The most up-to-date instructions on using this image are always available at https://github.com/apache/couchdb-docker/blob/main/README.md . ## Start a CouchDB instance @@ -202,10 +202,10 @@ docker run --name my-couchdb --user myuser -v /home/couchdb/data:/opt/couchdb/da # Development images -This repository provides definitions to run the very latest (`master` branch) +This repository provides definitions to run the very latest (`main` branch) CouchDB code: -* `dev` runs a single node off of the `master` branch, similar to the other +* `dev` runs a single node off of the `main` branch, similar to the other officially released images. * `dev-cluster` demonstrates the CouchDB clustering features by creating a local cluster of a default three nodes inside the container, with a proxy in @@ -264,26 +264,21 @@ Also, read the next section to ensure you push all of the tags necessary. # Image uploading for CouchDB release managers -Taking a hypothetical example of CouchDB 2.9.7, here's all of the tags you'd want: +Taking a hypothetical example of CouchDB 3.3.1 with 3.3.1 as the latest release: ```bash -docker build -t apache/couchdb:2.9.7 2.9.7 -docker tag apache/couchdb:2.9.7 apache/couchdb:latest -docker tag apache/couchdb:2.9.7 apache/couchdb:2.9 -docker tag apache/couchdb:2.9.7 apache/couchdb:2 -docker login -docker push apache/couchdb:2.9.7 -docker push apache/couchdb:2.9 -docker push apache/couchdb:2 -docker push apache/couchdb:latest +./build.sh buildx 3.3.1 +./build.sh buildx 3.3.1 as 3.3 +./build.sh buildx 3.3.1 as 3 +./build.sh buildx 3.3.1 as latest + +./build.sh buildx 3.2.2 +./build.sh buildx 3.2.2 as 3.2 ``` Obviously don't create/push the `latest` or `2` tags if this is a maintenance branch superceded by a newer one. -The `build.sh` utility can help you do this quickly, see its usage help for -more details. - To see full build logs, export `PROGRESS_NO_TRUNC=1` and use `--progress plain` as an option to `docker build`. @@ -306,5 +301,5 @@ use GitHub Issues, do not report anything on Docker's website. [1]: http://mail-archives.apache.org/mod_mbox/couchdb-user/ [2]: http://mail-archives.apache.org/mod_mbox/couchdb-dev/ -[3]: https://github.com/apache/couchdb/blob/master/CONTRIBUTING.md +[3]: https://github.com/apache/couchdb/blob/main/CONTRIBUTING.md [4]: http://www.apache.org/dev/release-distribution.html#unreleased From 72a0aebfa3248b3df64a70049f0fb1f90c042a49 Mon Sep 17 00:00:00 2001 From: Nick Vatamaniuc Date: Tue, 25 Apr 2023 03:47:18 -0400 Subject: [PATCH 28/53] 3.3.2 and 3.2.3 releases --- 3.2.3/10-docker-default.ini | 8 +++ 3.2.3/Dockerfile | 104 ++++++++++++++++++++++++++++++ 3.2.3/docker-entrypoint.sh | 122 ++++++++++++++++++++++++++++++++++++ 3.2.3/vm.args | 35 +++++++++++ 3.3.2/10-docker-default.ini | 8 +++ 3.3.2/Dockerfile | 104 ++++++++++++++++++++++++++++++ 3.3.2/docker-entrypoint.sh | 122 ++++++++++++++++++++++++++++++++++++ 3.3.2/vm.args | 35 +++++++++++ 8 files changed, 538 insertions(+) create mode 100644 3.2.3/10-docker-default.ini create mode 100644 3.2.3/Dockerfile create mode 100755 3.2.3/docker-entrypoint.sh create mode 100644 3.2.3/vm.args create mode 100644 3.3.2/10-docker-default.ini create mode 100644 3.3.2/Dockerfile create mode 100755 3.3.2/docker-entrypoint.sh create mode 100644 3.3.2/vm.args diff --git a/3.2.3/10-docker-default.ini b/3.2.3/10-docker-default.ini new file mode 100644 index 0000000..1aa633c --- /dev/null +++ b/3.2.3/10-docker-default.ini @@ -0,0 +1,8 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any diff --git a/3.2.3/Dockerfile b/3.2.3/Dockerfile new file mode 100644 index 0000000..d1d4d4f --- /dev/null +++ b/3.2.3/Dockerfile @@ -0,0 +1,104 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:bullseye-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends tini; \ + rm -rf /var/lib/apt/lists/*; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +ENV GPG_COUCH_KEY \ +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + 390EF70BB1EA12B2773962950EE62FB37A00258D +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* + +ENV COUCHDB_VERSION 3.2.3 + +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb couchdb/mode select none" | debconf-set-selections; \ +# we DO want recommends this time + DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ + couchdb="$COUCHDB_VERSION"~bullseye \ + ; \ +# Undo symlinks to /var/log and /var/lib + rmdir /var/lib/couchdb /var/log/couchdb; \ + rm /opt/couchdb/data /opt/couchdb/var/log; \ + mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ + chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ + chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ +# Remove file that sets logging to a file + rm /opt/couchdb/etc/default.d/10-filelog.ini; \ +# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ +# Setup directories and permissions for config. Technically these could be 555 and 444 respectively +# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ +# only local.d needs to be writable for the docker_entrypoint.sh + chmod -f 0777 /opt/couchdb/etc/local.d; \ +# apt clean-up + rm -rf /var/lib/apt/lists/*; + +# Add configuration +COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ + +COPY docker-entrypoint.sh /usr/local/bin +RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] + +VOLUME /opt/couchdb/data + +# 5984: Main CouchDB endpoint +# 4369: Erlang portmap daemon (epmd) +# 9100: CouchDB cluster communication port +EXPOSE 5984 4369 9100 +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.2.3/docker-entrypoint.sh b/3.2.3/docker-entrypoint.sh new file mode 100755 index 0000000..a8544c7 --- /dev/null +++ b/3.2.3/docker-entrypoint.sh @@ -0,0 +1,122 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # this is where runtime configuration changes will be written. + # we need to explicitly touch it here in case /opt/couchdb/etc has + # been mounted as an external volume, in which case it won't exist. + # If running as the couchdb user (i.e. container starts as root), + # write permissions will be granted below. + touch /opt/couchdb/etc/local.d/docker.ini + + # if user is root, assume running under the couchdb user (default) + # and ensure it is able to access files and directories that may be mounted externally + if [ "$(id -u)" = '0' ]; then + # Check that we own everything in /opt/couchdb and fix if necessary. We also + # add the `-f` flag in all the following invocations because there may be + # cases where some of these ownership and permissions issues are non-fatal + # (e.g. a config file owned by root with o+r is actually fine), and we don't + # to be too aggressive about crashing here ... + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + + + # Ensure that data files have the correct permissions. We were previously + # preventing any access to these files outside of couchdb:couchdb, but it + # turns out that CouchDB itself does not set such restrictive permissions + # when it creates the files. The approach taken here ensures that the + # contents of the datadir have the same permissions as they had when they + # were initially created. This should minimize any startup delay. + find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + + # Do the same thing for configuration files and directories. Technically + # CouchDB only needs read access to the configuration files as all online + # changes will be applied to the "docker.ini" file below, but we set 644 + # for the sake of consistency. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + fi + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_SECRET" ]; then + # Set secret only if not already present + if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_ERLANG_COOKIE" ]; then + cookieFile='/opt/couchdb/.erlang.cookie' + if [ -e "$cookieFile" ]; then + if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then + echo >&2 + echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" + echo >&2 + fi + else + echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" + fi + chown couchdb:couchdb "$cookieFile" + chmod 600 "$cookieFile" + fi + + if [ "$(id -u)" = '0' ]; then + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + fi + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' +************************************************************* +ERROR: CouchDB 3.0+ will no longer run in "Admin Party" + mode. You *MUST* specify an admin user and + password, either via your own .ini file mapped + into the container at /opt/couchdb/etc/local.ini + or inside /opt/couchdb/etc/local.d, or with + "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it via "docker run". +************************************************************* +EOWARN + exit 1 + fi + + if [ "$(id -u)" = '0' ]; then + export HOME=$(echo ~couchdb) + exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@" + fi +fi + +exec "$@" diff --git a/3.2.3/vm.args b/3.2.3/vm.args new file mode 100644 index 0000000..d606217 --- /dev/null +++ b/3.2.3/vm.args @@ -0,0 +1,35 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# This will toggle to true in Erlang 25+. However since we don't use global +# any longer, and have our own auto-connection module, we can keep the +# existing global behavior to avoid surprises. See +# https://github.com/erlang/otp/issues/6470#issuecomment-1337421210 for more +# information about possible increased coordination and messages being sent on +# disconnections when this setting is enabled. +# +-kernel prevent_overlapping_partitions false + +# Increase the pool of dirty IO schedulers from 10 to 16 +# Dirty IO schedulers are used for file IO. ++SDio 16 + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput diff --git a/3.3.2/10-docker-default.ini b/3.3.2/10-docker-default.ini new file mode 100644 index 0000000..1aa633c --- /dev/null +++ b/3.3.2/10-docker-default.ini @@ -0,0 +1,8 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any diff --git a/3.3.2/Dockerfile b/3.3.2/Dockerfile new file mode 100644 index 0000000..56393e8 --- /dev/null +++ b/3.3.2/Dockerfile @@ -0,0 +1,104 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:bullseye-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends tini; \ + rm -rf /var/lib/apt/lists/*; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +ENV GPG_COUCH_KEY \ +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + 390EF70BB1EA12B2773962950EE62FB37A00258D +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* + +ENV COUCHDB_VERSION 3.3.2 + +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb couchdb/mode select none" | debconf-set-selections; \ +# we DO want recommends this time + DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ + couchdb="$COUCHDB_VERSION"~bullseye \ + ; \ +# Undo symlinks to /var/log and /var/lib + rmdir /var/lib/couchdb /var/log/couchdb; \ + rm /opt/couchdb/data /opt/couchdb/var/log; \ + mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ + chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ + chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ +# Remove file that sets logging to a file + rm /opt/couchdb/etc/default.d/10-filelog.ini; \ +# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ +# Setup directories and permissions for config. Technically these could be 555 and 444 respectively +# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ +# only local.d needs to be writable for the docker_entrypoint.sh + chmod -f 0777 /opt/couchdb/etc/local.d; \ +# apt clean-up + rm -rf /var/lib/apt/lists/*; + +# Add configuration +COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ + +COPY docker-entrypoint.sh /usr/local/bin +RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] + +VOLUME /opt/couchdb/data + +# 5984: Main CouchDB endpoint +# 4369: Erlang portmap daemon (epmd) +# 9100: CouchDB cluster communication port +EXPOSE 5984 4369 9100 +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.3.2/docker-entrypoint.sh b/3.3.2/docker-entrypoint.sh new file mode 100755 index 0000000..a8544c7 --- /dev/null +++ b/3.3.2/docker-entrypoint.sh @@ -0,0 +1,122 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # this is where runtime configuration changes will be written. + # we need to explicitly touch it here in case /opt/couchdb/etc has + # been mounted as an external volume, in which case it won't exist. + # If running as the couchdb user (i.e. container starts as root), + # write permissions will be granted below. + touch /opt/couchdb/etc/local.d/docker.ini + + # if user is root, assume running under the couchdb user (default) + # and ensure it is able to access files and directories that may be mounted externally + if [ "$(id -u)" = '0' ]; then + # Check that we own everything in /opt/couchdb and fix if necessary. We also + # add the `-f` flag in all the following invocations because there may be + # cases where some of these ownership and permissions issues are non-fatal + # (e.g. a config file owned by root with o+r is actually fine), and we don't + # to be too aggressive about crashing here ... + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + + + # Ensure that data files have the correct permissions. We were previously + # preventing any access to these files outside of couchdb:couchdb, but it + # turns out that CouchDB itself does not set such restrictive permissions + # when it creates the files. The approach taken here ensures that the + # contents of the datadir have the same permissions as they had when they + # were initially created. This should minimize any startup delay. + find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + + # Do the same thing for configuration files and directories. Technically + # CouchDB only needs read access to the configuration files as all online + # changes will be applied to the "docker.ini" file below, but we set 644 + # for the sake of consistency. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + fi + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_SECRET" ]; then + # Set secret only if not already present + if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_ERLANG_COOKIE" ]; then + cookieFile='/opt/couchdb/.erlang.cookie' + if [ -e "$cookieFile" ]; then + if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then + echo >&2 + echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" + echo >&2 + fi + else + echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" + fi + chown couchdb:couchdb "$cookieFile" + chmod 600 "$cookieFile" + fi + + if [ "$(id -u)" = '0' ]; then + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + fi + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' +************************************************************* +ERROR: CouchDB 3.0+ will no longer run in "Admin Party" + mode. You *MUST* specify an admin user and + password, either via your own .ini file mapped + into the container at /opt/couchdb/etc/local.ini + or inside /opt/couchdb/etc/local.d, or with + "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it via "docker run". +************************************************************* +EOWARN + exit 1 + fi + + if [ "$(id -u)" = '0' ]; then + export HOME=$(echo ~couchdb) + exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@" + fi +fi + +exec "$@" diff --git a/3.3.2/vm.args b/3.3.2/vm.args new file mode 100644 index 0000000..d606217 --- /dev/null +++ b/3.3.2/vm.args @@ -0,0 +1,35 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# This will toggle to true in Erlang 25+. However since we don't use global +# any longer, and have our own auto-connection module, we can keep the +# existing global behavior to avoid surprises. See +# https://github.com/erlang/otp/issues/6470#issuecomment-1337421210 for more +# information about possible increased coordination and messages being sent on +# disconnections when this setting is enabled. +# +-kernel prevent_overlapping_partitions false + +# Increase the pool of dirty IO schedulers from 10 to 16 +# Dirty IO schedulers are used for file IO. ++SDio 16 + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput From b616800e739db18c19e6a8b4131528157f945bcd Mon Sep 17 00:00:00 2001 From: Kun-Lu Date: Thu, 18 May 2023 17:01:28 -0400 Subject: [PATCH 29/53] Add s390x support to docker image Signed-off-by: Kun-Lu --- build.sh | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/build.sh b/build.sh index e0ca3af..0c1df9a 100755 --- a/build.sh +++ b/build.sh @@ -33,8 +33,8 @@ set -e PROMPT="Are you sure (y/n)? " QEMU="YES" -PLATFORMS="amd64 arm64v8 ppc64le" -BUILDX_PLATFORMS="linux/amd64,linux/arm64/v8,linux/ppc64le" +PLATFORMS="amd64 arm64v8 ppc64le s390x" +BUILDX_PLATFORMS="linux/amd64,linux/arm64/v8,linux/ppc64le,linux/s390x" prompt() { if [ -z "${PROMPT}" ] @@ -75,6 +75,7 @@ update_qemu() { echo "Proving all emulators work..." docker run --rm arm32v7/alpine uname -a docker run --rm arm64v8/alpine uname -a + docker run --rm s390x/alpine uname -a docker run --rm tonistiigi/debian:riscv uname -a } @@ -152,13 +153,17 @@ push() { docker manifest create apache/couchdb:$tag_as \ apache/couchdb:amd64-$1 \ apache/couchdb:arm64v8-$1 \ - apache/couchdb:ppc64le-$1 + apache/couchdb:ppc64le-$1 \ + apache/couchdb:s390x-$1 docker manifest annotate apache/couchdb:$tag_as \ apache/couchdb:arm64v8-$1 --os linux --arch arm64 --variant v8 docker manifest annotate apache/couchdb:$tag_as \ apache/couchdb:ppc64le-$1 --os linux --arch ppc64le + + docker manifest annotate apache/couchdb:$tag_as \ + apache/couchdb:s390x-$1 --os linux --arch s390x docker manifest push --purge apache/couchdb:$tag_as From ac3e8dcb665fc61cc5d0955f63c959e5175e5812 Mon Sep 17 00:00:00 2001 From: Gabor Pali Date: Thu, 29 Jun 2023 17:40:12 +0200 Subject: [PATCH 30/53] Unbreak build This change fixes the build and includes the following improvements: - Move to Debian Bookworm because that is the release that includes OTP 25 out-of-the-box, which is required by `main`. - Use a "slim" base image. - Update SpiderMonkey to 78 and make it possible to build the image natively on `arm64` (such as Apple M1). - Avoid explicit `pip3 install` because that is not endorsed by Debian packaging. The Python package versions available in Bookworm shall suffice. - Remove installation of extra FoundationDB packages -- they seem to be gone, which breaks the build for every platform. - Bump Node.js to 18, the latest recommend version. This is also included in Bookworm. Base the installation of NPM and Grunt on Debian packages. - Chase changes in the `configure` script. --- dev/Dockerfile | 43 +++++++++++-------------------------------- 1 file changed, 11 insertions(+), 32 deletions(-) diff --git a/dev/Dockerfile b/dev/Dockerfile index 1b7675c..44e90f1 100644 --- a/dev/Dockerfile +++ b/dev/Dockerfile @@ -12,7 +12,7 @@ # Base layer containing dependencies needed at runtime. This layer will be # cached after the initial build. -FROM debian:buster as runtime +FROM debian:bookworm-slim as runtime MAINTAINER CouchDB Developers dev@couchdb.apache.org @@ -25,15 +25,14 @@ RUN apt-get update -y && apt-get install -y \ curl \ dirmngr \ gnupg \ - libicu63 \ - libssl1.1 \ + libicu72 \ + libssl3 \ openssl \ - && apt-get update -y && apt-get install -y --no-install-recommends libmozjs-60-0 \ + && apt-get update -y && apt-get install -y --no-install-recommends libmozjs-78-0 \ && rm -rf /var/lib/apt/lists/* # grab tini for signal handling # see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 -ENV TINI_VERSION 0.16.1 RUN set -eux; \ apt-get update; \ apt-get install -y --no-install-recommends tini; \ @@ -46,7 +45,7 @@ FROM runtime AS build_dependencies RUN set -eux; \ apt-get update -y && apt-get install -y --no-install-recommends \ build-essential \ - libmozjs-60-dev \ + libmozjs-78-dev \ erlang-nox \ erlang-reltool \ erlang-dev \ @@ -57,37 +56,18 @@ RUN set -eux; \ python3 \ libpython3-dev \ python3-pip \ - python3-sphinx \ - python3-setuptools \ - wget + python3.11-venv \ + nodejs \ + npm \ + grunt -RUN set -eux; \ - pip3 install --upgrade \ - sphinx_rtd_theme \ - nose \ - requests \ - hypothesis - -RUN set -eux; \ - wget https://www.foundationdb.org/downloads/6.3.9/ubuntu/installers/foundationdb-clients_6.3.9-1_amd64.deb; \ - wget https://www.foundationdb.org/downloads/6.3.9/ubuntu/installers/foundationdb-server_6.3.9-1_amd64.deb; \ - dpkg -i ./foundationdb*deb; \ - pkill -f fdb || true; pkill -f foundation || true; \ - rm -rf ./foundationdb*deb - -# Node is special -RUN set -eux; \ - curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -; \ - echo 'deb https://deb.nodesource.com/node_10.x buster main' > /etc/apt/sources.list.d/nodesource.list; \ - echo 'deb-src https://deb.nodesource.com/node_10.x buster main' >> /etc/apt/sources.list.d/nodesource.list; \ - apt-get update -y && apt-get install -y nodejs; \ - npm install -g grunt-cli +ARG spidermonkey_version=78 # Clone CouchDB source code including all dependencies ARG clone_url=https://github.com/apache/couchdb.git RUN git clone $clone_url /usr/src/couchdb WORKDIR /usr/src/couchdb -RUN ./configure +RUN ./configure --spidermonkey-version $spidermonkey_version # This layer performs the actual build of a relocatable, self-contained # release of CouchDB. It pulls down the latest changes from the remote @@ -97,7 +77,6 @@ FROM build_dependencies AS build ARG checkout_branch=main ARG configure_options -ARG spidermonkey_version=60 WORKDIR /usr/src/couchdb/ RUN git fetch origin \ From 58910ed097489dc588b2a87592406f8faa1bdadf Mon Sep 17 00:00:00 2001 From: Nick Vatamaniuc Date: Tue, 5 Dec 2023 12:46:09 -0500 Subject: [PATCH 31/53] Release 3.3.3 --- 3.3.3/10-docker-default.ini | 8 +++ 3.3.3/Dockerfile | 104 ++++++++++++++++++++++++++++++ 3.3.3/docker-entrypoint.sh | 122 ++++++++++++++++++++++++++++++++++++ 3.3.3/vm.args | 47 ++++++++++++++ 4 files changed, 281 insertions(+) create mode 100644 3.3.3/10-docker-default.ini create mode 100644 3.3.3/Dockerfile create mode 100755 3.3.3/docker-entrypoint.sh create mode 100644 3.3.3/vm.args diff --git a/3.3.3/10-docker-default.ini b/3.3.3/10-docker-default.ini new file mode 100644 index 0000000..1aa633c --- /dev/null +++ b/3.3.3/10-docker-default.ini @@ -0,0 +1,8 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any diff --git a/3.3.3/Dockerfile b/3.3.3/Dockerfile new file mode 100644 index 0000000..16bdf32 --- /dev/null +++ b/3.3.3/Dockerfile @@ -0,0 +1,104 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:bullseye-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends tini; \ + rm -rf /var/lib/apt/lists/*; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +ENV GPG_COUCH_KEY \ +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + 390EF70BB1EA12B2773962950EE62FB37A00258D +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* + +ENV COUCHDB_VERSION 3.3.3 + +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb couchdb/mode select none" | debconf-set-selections; \ +# we DO want recommends this time + DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ + couchdb="$COUCHDB_VERSION"~bullseye \ + ; \ +# Undo symlinks to /var/log and /var/lib + rmdir /var/lib/couchdb /var/log/couchdb; \ + rm /opt/couchdb/data /opt/couchdb/var/log; \ + mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ + chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ + chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ +# Remove file that sets logging to a file + rm /opt/couchdb/etc/default.d/10-filelog.ini; \ +# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ +# Setup directories and permissions for config. Technically these could be 555 and 444 respectively +# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ +# only local.d needs to be writable for the docker_entrypoint.sh + chmod -f 0777 /opt/couchdb/etc/local.d; \ +# apt clean-up + rm -rf /var/lib/apt/lists/*; + +# Add configuration +COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ + +COPY docker-entrypoint.sh /usr/local/bin +RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] + +VOLUME /opt/couchdb/data + +# 5984: Main CouchDB endpoint +# 4369: Erlang portmap daemon (epmd) +# 9100: CouchDB cluster communication port +EXPOSE 5984 4369 9100 +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.3.3/docker-entrypoint.sh b/3.3.3/docker-entrypoint.sh new file mode 100755 index 0000000..a8544c7 --- /dev/null +++ b/3.3.3/docker-entrypoint.sh @@ -0,0 +1,122 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # this is where runtime configuration changes will be written. + # we need to explicitly touch it here in case /opt/couchdb/etc has + # been mounted as an external volume, in which case it won't exist. + # If running as the couchdb user (i.e. container starts as root), + # write permissions will be granted below. + touch /opt/couchdb/etc/local.d/docker.ini + + # if user is root, assume running under the couchdb user (default) + # and ensure it is able to access files and directories that may be mounted externally + if [ "$(id -u)" = '0' ]; then + # Check that we own everything in /opt/couchdb and fix if necessary. We also + # add the `-f` flag in all the following invocations because there may be + # cases where some of these ownership and permissions issues are non-fatal + # (e.g. a config file owned by root with o+r is actually fine), and we don't + # to be too aggressive about crashing here ... + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + + + # Ensure that data files have the correct permissions. We were previously + # preventing any access to these files outside of couchdb:couchdb, but it + # turns out that CouchDB itself does not set such restrictive permissions + # when it creates the files. The approach taken here ensures that the + # contents of the datadir have the same permissions as they had when they + # were initially created. This should minimize any startup delay. + find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + + # Do the same thing for configuration files and directories. Technically + # CouchDB only needs read access to the configuration files as all online + # changes will be applied to the "docker.ini" file below, but we set 644 + # for the sake of consistency. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + fi + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_SECRET" ]; then + # Set secret only if not already present + if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_ERLANG_COOKIE" ]; then + cookieFile='/opt/couchdb/.erlang.cookie' + if [ -e "$cookieFile" ]; then + if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then + echo >&2 + echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" + echo >&2 + fi + else + echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" + fi + chown couchdb:couchdb "$cookieFile" + chmod 600 "$cookieFile" + fi + + if [ "$(id -u)" = '0' ]; then + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + fi + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' +************************************************************* +ERROR: CouchDB 3.0+ will no longer run in "Admin Party" + mode. You *MUST* specify an admin user and + password, either via your own .ini file mapped + into the container at /opt/couchdb/etc/local.ini + or inside /opt/couchdb/etc/local.d, or with + "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it via "docker run". +************************************************************* +EOWARN + exit 1 + fi + + if [ "$(id -u)" = '0' ]; then + export HOME=$(echo ~couchdb) + exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@" + fi +fi + +exec "$@" diff --git a/3.3.3/vm.args b/3.3.3/vm.args new file mode 100644 index 0000000..aeee1e4 --- /dev/null +++ b/3.3.3/vm.args @@ -0,0 +1,47 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# This will toggle to true in Erlang 25+. However since we don't use global +# any longer, and have our own auto-connection module, we can keep the +# existing global behavior to avoid surprises. See +# https://github.com/erlang/otp/issues/6470#issuecomment-1337421210 for more +# information about possible increased coordination and messages being sent on +# disconnections when this setting is enabled. +# +-kernel prevent_overlapping_partitions false + +# Increase the pool of dirty IO schedulers from 10 to 16 +# Dirty IO schedulers are used for file IO. ++SDio 16 + +# Increase distribution buffer size from default of 1MB to 32MB. The default is +# usually a bit low on busy clusters. Has no effect for single-node setups. +# The unit is in kilobytes. ++zdbbl 32768 + +# When running on Docker, Kubernetes or an OS using CFS (Completely Fair +# Scheduler) with CPU quota limits set, disable busy waiting for schedulers to +# avoid busy waiting consuming too much of Erlang VM's CPU time-slice shares. ++sbwt none ++sbwtdcpu none ++sbwtdio none + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput From a2135f7306bac8891e86d319f672c4fd9d6faa87 Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Sat, 11 May 2024 15:25:08 +0200 Subject: [PATCH 32/53] feat: wip Dockerfile for just Nouveau --- 3.4.0-nouveau/Dockerfile | 80 ++++++++++++++++++++++++++++++++++++++ 3.4.0-nouveau/nouveau.yaml | 27 +++++++++++++ 2 files changed, 107 insertions(+) create mode 100644 3.4.0-nouveau/Dockerfile create mode 100644 3.4.0-nouveau/nouveau.yaml diff --git a/3.4.0-nouveau/Dockerfile b/3.4.0-nouveau/Dockerfile new file mode 100644 index 0000000..d3bc29a --- /dev/null +++ b/3.4.0-nouveau/Dockerfile @@ -0,0 +1,80 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:bullseye-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r nouveau && useradd -u 5984 -d /opt/nouveau -g nouveau nouveau + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends tini; \ + rm -rf /var/lib/apt/lists/*; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +ENV GPG_COUCH_KEY \ +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + 390EF70BB1EA12B2773962950EE62FB37A00258D +#RUN set -eux; \ +# apt-get update; \ +# apt-get install -y curl; \ +# export GNUPGHOME="$(mktemp -d)"; \ +# curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ +# gpg --batch --import keys.asc; \ +# gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ +# command -v gpgconf && gpgconf --kill all || :; \ +# rm -rf "$GNUPGHOME"; \ +# apt-key list; \ +# apt purge -y --autoremove curl; \ +# rm -rf /var/lib/apt/lists/* + +# until the .deb is available on jFrog, get it from here and place it next to the Dockerfile +# https://clients.neighbourhood.ie/couchdb/couchdb-nouveau_3.3.3-022ffd1~debian-bookworm_amd64.deb +COPY --chown=nouveau:nouveau couchdb-nouveau_3.3.3-022ffd1~debian-bookworm_amd64.deb /root/couchdb-nouveau_3.3.3-022ffd1~debian-bookworm_amd64.deb + +#RUN . /etc/os-release; \ +# echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ +# tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb-nouveau couchdb-nouveau/enable select false" | debconf-set-selections; \ + DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ + /root/couchdb-nouveau_3.3.3-022ffd1~debian-bookworm_amd64.deb; + + +COPY --chown=nouveau:nouveau nouveau.yaml /opt/nouveau/etc/nouveau.yaml + +VOLUME /opt/nouveau/data + +# 5987: Nouveau App +# 5988: Nouveau Admin +EXPOSE 5987 5988 +CMD ["tini", "/opt/nouveau/bin/nouveau", "server", "/opt/nouveau/etc/nouveau.yaml"] diff --git a/3.4.0-nouveau/nouveau.yaml b/3.4.0-nouveau/nouveau.yaml new file mode 100644 index 0000000..5750942 --- /dev/null +++ b/3.4.0-nouveau/nouveau.yaml @@ -0,0 +1,27 @@ +maxIndexesOpen: 3000 +commitIntervalSeconds: 30 +idleSeconds: 60 +rootDir: ./data/nouveau + +logging: + level: INFO + +server: + applicationConnectors: + - type: http + bindHost: 0.0.0.0 + port: 5987 + useDateHeader: false + adminConnectors: + - type: http + bindHost: 0.0.0.0 + port: 5988 + useDateHeader: false + gzip: + includedMethods: + - GET + - POST + requestLog: + appenders: + - type: console + target: stderr From d5b081701406e1acd508d5de0927c49e04c40097 Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Mon, 9 Sep 2024 17:09:01 +0200 Subject: [PATCH 33/53] update to bookworm to match CouchDB --- 3.4.0-nouveau/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/3.4.0-nouveau/Dockerfile b/3.4.0-nouveau/Dockerfile index d3bc29a..32311a5 100644 --- a/3.4.0-nouveau/Dockerfile +++ b/3.4.0-nouveau/Dockerfile @@ -10,7 +10,7 @@ # License for the specific language governing permissions and limitations under # the License. -FROM debian:bullseye-slim +FROM debian:bookworm-slim LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" From 7b313d4d90a3f911d708a60e6410e690c84e9c7f Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Sun, 22 Sep 2024 11:07:29 +0200 Subject: [PATCH 34/53] fix: update dockerfile to release packages --- 3.4.0-nouveau/Dockerfile | 36 ++++++++++++++++-------------------- 1 file changed, 16 insertions(+), 20 deletions(-) diff --git a/3.4.0-nouveau/Dockerfile b/3.4.0-nouveau/Dockerfile index 32311a5..f1c700b 100644 --- a/3.4.0-nouveau/Dockerfile +++ b/3.4.0-nouveau/Dockerfile @@ -40,26 +40,22 @@ RUN set -eux; \ ENV GPG_COUCH_KEY \ # gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) 390EF70BB1EA12B2773962950EE62FB37A00258D -#RUN set -eux; \ -# apt-get update; \ -# apt-get install -y curl; \ -# export GNUPGHOME="$(mktemp -d)"; \ -# curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ -# gpg --batch --import keys.asc; \ -# gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ -# command -v gpgconf && gpgconf --kill all || :; \ -# rm -rf "$GNUPGHOME"; \ -# apt-key list; \ -# apt purge -y --autoremove curl; \ -# rm -rf /var/lib/apt/lists/* - -# until the .deb is available on jFrog, get it from here and place it next to the Dockerfile -# https://clients.neighbourhood.ie/couchdb/couchdb-nouveau_3.3.3-022ffd1~debian-bookworm_amd64.deb -COPY --chown=nouveau:nouveau couchdb-nouveau_3.3.3-022ffd1~debian-bookworm_amd64.deb /root/couchdb-nouveau_3.3.3-022ffd1~debian-bookworm_amd64.deb +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* -#RUN . /etc/os-release; \ -# echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ -# tee /etc/apt/sources.list.d/couchdb.list >/dev/null +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null # https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian RUN set -eux; \ @@ -67,7 +63,7 @@ RUN set -eux; \ \ echo "couchdb-nouveau couchdb-nouveau/enable select false" | debconf-set-selections; \ DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ - /root/couchdb-nouveau_3.3.3-022ffd1~debian-bookworm_amd64.deb; + couchdb="$COUCHDB_VERSION"~wookworm; COPY --chown=nouveau:nouveau nouveau.yaml /opt/nouveau/etc/nouveau.yaml From aef9d337171ae8aebe3b8ef9f3968b8a78000976 Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Wed, 25 Sep 2024 09:27:12 +0200 Subject: [PATCH 35/53] make nouveau launch correctly --- 3.4.0-nouveau/Dockerfile | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/3.4.0-nouveau/Dockerfile b/3.4.0-nouveau/Dockerfile index f1c700b..0486a44 100644 --- a/3.4.0-nouveau/Dockerfile +++ b/3.4.0-nouveau/Dockerfile @@ -28,6 +28,13 @@ RUN set -ex; \ ; \ rm -rf /var/lib/apt/lists/* +# Nouveau wants a JRE/JDK +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + openjdk-17-jre-headless \ + ; + # grab tini for signal handling and zombie reaping # see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 RUN set -eux; \ @@ -37,9 +44,10 @@ RUN set -eux; \ tini --version # http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages -ENV GPG_COUCH_KEY \ # gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) - 390EF70BB1EA12B2773962950EE62FB37A00258D + +ENV GPG_COUCH_KEY 390EF70BB1EA12B2773962950EE62FB37A00258D + RUN set -eux; \ apt-get update; \ apt-get install -y curl; \ @@ -54,7 +62,7 @@ RUN set -eux; \ rm -rf /var/lib/apt/lists/* RUN . /etc/os-release; \ - echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couch-dev-deb/ bookworm main" | \ tee /etc/apt/sources.list.d/couchdb.list >/dev/null # https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian @@ -62,10 +70,10 @@ RUN set -eux; \ apt-get update; \ \ echo "couchdb-nouveau couchdb-nouveau/enable select false" | debconf-set-selections; \ - DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ - couchdb="$COUCHDB_VERSION"~wookworm; - + DEBIAN_FRONTEND=noninteractive COUCHDB_NOUVEAU_ENABLE=1 apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages --no-install-recommends \ + couchdb-nouveau=3.4.1~bookworm; +RUN chown -R nouveau:nouveau /opt/nouveau COPY --chown=nouveau:nouveau nouveau.yaml /opt/nouveau/etc/nouveau.yaml VOLUME /opt/nouveau/data @@ -73,4 +81,6 @@ VOLUME /opt/nouveau/data # 5987: Nouveau App # 5988: Nouveau Admin EXPOSE 5987 5988 -CMD ["tini", "/opt/nouveau/bin/nouveau", "server", "/opt/nouveau/etc/nouveau.yaml"] + +# TODO: re-add tini +CMD ["/usr/bin/java", "-server", "-Djava.awt.headless=true", "-Xmx2g", "-jar", "/opt/nouveau/lib/nouveau-1.0-SNAPSHOT.jar", "server", "/opt/nouveau/etc/nouveau.yaml"] From aea8274c755f8f51b50bb05744fd2ae50f297e8f Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Wed, 25 Sep 2024 09:27:50 +0200 Subject: [PATCH 36/53] we did not release 3.4.0, so nouveau appears first in 3.4.1 --- {3.4.0-nouveau => 3.4.1-nouveau}/Dockerfile | 0 {3.4.0-nouveau => 3.4.1-nouveau}/nouveau.yaml | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename {3.4.0-nouveau => 3.4.1-nouveau}/Dockerfile (100%) rename {3.4.0-nouveau => 3.4.1-nouveau}/nouveau.yaml (100%) diff --git a/3.4.0-nouveau/Dockerfile b/3.4.1-nouveau/Dockerfile similarity index 100% rename from 3.4.0-nouveau/Dockerfile rename to 3.4.1-nouveau/Dockerfile diff --git a/3.4.0-nouveau/nouveau.yaml b/3.4.1-nouveau/nouveau.yaml similarity index 100% rename from 3.4.0-nouveau/nouveau.yaml rename to 3.4.1-nouveau/nouveau.yaml From 939a5f59997201da3f6c601cde177d180383a49d Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Wed, 25 Sep 2024 09:29:34 +0200 Subject: [PATCH 37/53] add 3.4.1 docker definition --- 3.4.1/10-docker-default.ini | 8 +++ 3.4.1/Dockerfile | 104 ++++++++++++++++++++++++++++++ 3.4.1/docker-entrypoint.sh | 122 ++++++++++++++++++++++++++++++++++++ 3.4.1/vm.args | 47 ++++++++++++++ 4 files changed, 281 insertions(+) create mode 100644 3.4.1/10-docker-default.ini create mode 100644 3.4.1/Dockerfile create mode 100755 3.4.1/docker-entrypoint.sh create mode 100644 3.4.1/vm.args diff --git a/3.4.1/10-docker-default.ini b/3.4.1/10-docker-default.ini new file mode 100644 index 0000000..1aa633c --- /dev/null +++ b/3.4.1/10-docker-default.ini @@ -0,0 +1,8 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any diff --git a/3.4.1/Dockerfile b/3.4.1/Dockerfile new file mode 100644 index 0000000..7a1c063 --- /dev/null +++ b/3.4.1/Dockerfile @@ -0,0 +1,104 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:bullseye-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends tini; \ + rm -rf /var/lib/apt/lists/*; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +ENV GPG_COUCH_KEY \ +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + 390EF70BB1EA12B2773962950EE62FB37A00258D +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* + +ENV COUCHDB_VERSION 3.4.1 + +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb couchdb/mode select none" | debconf-set-selections; \ +# we DO want recommends this time + DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ + couchdb="$COUCHDB_VERSION"~bullseye \ + ; \ +# Undo symlinks to /var/log and /var/lib + rmdir /var/lib/couchdb /var/log/couchdb; \ + rm /opt/couchdb/data /opt/couchdb/var/log; \ + mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ + chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ + chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ +# Remove file that sets logging to a file + rm /opt/couchdb/etc/default.d/10-filelog.ini; \ +# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ +# Setup directories and permissions for config. Technically these could be 555 and 444 respectively +# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ +# only local.d needs to be writable for the docker_entrypoint.sh + chmod -f 0777 /opt/couchdb/etc/local.d; \ +# apt clean-up + rm -rf /var/lib/apt/lists/*; + +# Add configuration +COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ + +COPY docker-entrypoint.sh /usr/local/bin +RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] + +VOLUME /opt/couchdb/data + +# 5984: Main CouchDB endpoint +# 4369: Erlang portmap daemon (epmd) +# 9100: CouchDB cluster communication port +EXPOSE 5984 4369 9100 +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.4.1/docker-entrypoint.sh b/3.4.1/docker-entrypoint.sh new file mode 100755 index 0000000..a8544c7 --- /dev/null +++ b/3.4.1/docker-entrypoint.sh @@ -0,0 +1,122 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # this is where runtime configuration changes will be written. + # we need to explicitly touch it here in case /opt/couchdb/etc has + # been mounted as an external volume, in which case it won't exist. + # If running as the couchdb user (i.e. container starts as root), + # write permissions will be granted below. + touch /opt/couchdb/etc/local.d/docker.ini + + # if user is root, assume running under the couchdb user (default) + # and ensure it is able to access files and directories that may be mounted externally + if [ "$(id -u)" = '0' ]; then + # Check that we own everything in /opt/couchdb and fix if necessary. We also + # add the `-f` flag in all the following invocations because there may be + # cases where some of these ownership and permissions issues are non-fatal + # (e.g. a config file owned by root with o+r is actually fine), and we don't + # to be too aggressive about crashing here ... + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + + + # Ensure that data files have the correct permissions. We were previously + # preventing any access to these files outside of couchdb:couchdb, but it + # turns out that CouchDB itself does not set such restrictive permissions + # when it creates the files. The approach taken here ensures that the + # contents of the datadir have the same permissions as they had when they + # were initially created. This should minimize any startup delay. + find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + + # Do the same thing for configuration files and directories. Technically + # CouchDB only needs read access to the configuration files as all online + # changes will be applied to the "docker.ini" file below, but we set 644 + # for the sake of consistency. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + fi + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_SECRET" ]; then + # Set secret only if not already present + if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_ERLANG_COOKIE" ]; then + cookieFile='/opt/couchdb/.erlang.cookie' + if [ -e "$cookieFile" ]; then + if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then + echo >&2 + echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" + echo >&2 + fi + else + echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" + fi + chown couchdb:couchdb "$cookieFile" + chmod 600 "$cookieFile" + fi + + if [ "$(id -u)" = '0' ]; then + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + fi + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' +************************************************************* +ERROR: CouchDB 3.0+ will no longer run in "Admin Party" + mode. You *MUST* specify an admin user and + password, either via your own .ini file mapped + into the container at /opt/couchdb/etc/local.ini + or inside /opt/couchdb/etc/local.d, or with + "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it via "docker run". +************************************************************* +EOWARN + exit 1 + fi + + if [ "$(id -u)" = '0' ]; then + export HOME=$(echo ~couchdb) + exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@" + fi +fi + +exec "$@" diff --git a/3.4.1/vm.args b/3.4.1/vm.args new file mode 100644 index 0000000..aeee1e4 --- /dev/null +++ b/3.4.1/vm.args @@ -0,0 +1,47 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# This will toggle to true in Erlang 25+. However since we don't use global +# any longer, and have our own auto-connection module, we can keep the +# existing global behavior to avoid surprises. See +# https://github.com/erlang/otp/issues/6470#issuecomment-1337421210 for more +# information about possible increased coordination and messages being sent on +# disconnections when this setting is enabled. +# +-kernel prevent_overlapping_partitions false + +# Increase the pool of dirty IO schedulers from 10 to 16 +# Dirty IO schedulers are used for file IO. ++SDio 16 + +# Increase distribution buffer size from default of 1MB to 32MB. The default is +# usually a bit low on busy clusters. Has no effect for single-node setups. +# The unit is in kilobytes. ++zdbbl 32768 + +# When running on Docker, Kubernetes or an OS using CFS (Completely Fair +# Scheduler) with CPU quota limits set, disable busy waiting for schedulers to +# avoid busy waiting consuming too much of Erlang VM's CPU time-slice shares. ++sbwt none ++sbwtdcpu none ++sbwtdio none + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput From 2d907fa29fc40b0ffeb6c6ed8ff716e328af8cb9 Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Wed, 25 Sep 2024 09:31:49 +0200 Subject: [PATCH 38/53] point to release repo --- 3.4.1-nouveau/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/3.4.1-nouveau/Dockerfile b/3.4.1-nouveau/Dockerfile index 0486a44..b07d77a 100644 --- a/3.4.1-nouveau/Dockerfile +++ b/3.4.1-nouveau/Dockerfile @@ -62,7 +62,7 @@ RUN set -eux; \ rm -rf /var/lib/apt/lists/* RUN . /etc/os-release; \ - echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couch-dev-deb/ bookworm main" | \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ bookworm main" | \ tee /etc/apt/sources.list.d/couchdb.list >/dev/null # https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian From 3526bff051ed044a4a61da5f5d1e4e522e3f9bd3 Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Fri, 27 Sep 2024 10:06:20 +0200 Subject: [PATCH 39/53] fix: update from bullseye to bookworm --- 3.4.1/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/3.4.1/Dockerfile b/3.4.1/Dockerfile index 7a1c063..2314c8d 100644 --- a/3.4.1/Dockerfile +++ b/3.4.1/Dockerfile @@ -10,7 +10,7 @@ # License for the specific language governing permissions and limitations under # the License. -FROM debian:bullseye-slim +FROM debian:bookworm-slim LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" @@ -66,7 +66,7 @@ RUN set -eux; \ echo "couchdb couchdb/mode select none" | debconf-set-selections; \ # we DO want recommends this time DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ - couchdb="$COUCHDB_VERSION"~bullseye \ + couchdb="$COUCHDB_VERSION"~bookworm \ ; \ # Undo symlinks to /var/log and /var/lib rmdir /var/lib/couchdb /var/log/couchdb; \ From cd3336b4ee1238427a78949651dc68b95a02dec4 Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Fri, 27 Sep 2024 10:09:18 +0200 Subject: [PATCH 40/53] doc: update readme --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 4bfb33e..b1ea30e 100644 --- a/README.md +++ b/README.md @@ -9,8 +9,12 @@ There may be more tags available, but these tags should always exist: - `2`: The very latest CouchDB 2.x single node release (capable of running in a cluster) As of this writing, the latest numbered tags available are: +- `3.4.1` +- `3.3.3` +- `3.3.2` - `3.3.1` - `3.3.0` +- `3.2.3` - `3.2.2` - `3.2.1` - `3.2.0` From af3a869863414b54f50e0ae720f7a15eaf552a98 Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Fri, 27 Sep 2024 10:32:22 +0200 Subject: [PATCH 41/53] fix: temporarily disable ppc64le because of https://github.com/apache/couchdb-pkg/commit/365d07ce43d9d6d9c3377dd08dc8fc5f656a11bf --- build.sh | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/build.sh b/build.sh index 0c1df9a..a494d8e 100755 --- a/build.sh +++ b/build.sh @@ -33,8 +33,12 @@ set -e PROMPT="Are you sure (y/n)? " QEMU="YES" -PLATFORMS="amd64 arm64v8 ppc64le s390x" -BUILDX_PLATFORMS="linux/amd64,linux/arm64/v8,linux/ppc64le,linux/s390x" +PLATFORMS="amd64 arm64v8 s390x" +BUILDX_PLATFORMS="linux/amd64,linux/arm64/v8,linux/s390x" +# Temporarily disable ppc64le because https://github.com/apache/couchdb-pkg/commit/365d07ce43d9d6d9c3377dd08dc8fc5f656a11bf +# See also lines 163, 170, 171 +# PLATFORMS="amd64 arm64v8 ppc64le s390x" +# BUILDX_PLATFORMS="linux/amd64,linux/arm64/v8,linux/ppc64le,linux/s390x" prompt() { if [ -z "${PROMPT}" ] @@ -153,14 +157,18 @@ push() { docker manifest create apache/couchdb:$tag_as \ apache/couchdb:amd64-$1 \ apache/couchdb:arm64v8-$1 \ - apache/couchdb:ppc64le-$1 \ +# Temporarily disable ppc64le because https://github.com/apache/couchdb-pkg/commit/365d07ce43d9d6d9c3377dd08dc8fc5f656a11bf +# See also line 38 +# apache/couchdb:ppc64le-$1 \ apache/couchdb:s390x-$1 docker manifest annotate apache/couchdb:$tag_as \ apache/couchdb:arm64v8-$1 --os linux --arch arm64 --variant v8 - docker manifest annotate apache/couchdb:$tag_as \ - apache/couchdb:ppc64le-$1 --os linux --arch ppc64le + # Temporarily disable ppc64le because https://github.com/apache/couchdb-pkg/commit/365d07ce43d9d6d9c3377dd08dc8fc5f656a11bf + # See also line 38 + # docker manifest annotate apache/couchdb:$tag_as \ + # apache/couchdb:ppc64le-$1 --os linux --arch ppc64le docker manifest annotate apache/couchdb:$tag_as \ apache/couchdb:s390x-$1 --os linux --arch s390x From ad64a8a405759d40ee9e82f40a1a32387a2a4be5 Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Fri, 27 Sep 2024 12:06:45 +0200 Subject: [PATCH 42/53] feat: add -nouveau branch to buildx subcommand only --- build.sh | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/build.sh b/build.sh index a494d8e..bd2908e 100755 --- a/build.sh +++ b/build.sh @@ -188,7 +188,6 @@ buildx() { fi docker buildx rm apache-couchdb >/dev/null 2>&1 || true - echo "Creating the buildx environment..." docker buildx create --name apache-couchdb --driver docker-container --use docker buildx use apache-couchdb @@ -197,6 +196,18 @@ buildx() { echo "Starting buildx build at $(date)..." docker buildx build --platform ${BUILDX_PLATFORMS} --tag apache/couchdb:$tag_as --push $1 echo "" + + # build nouveau + docker buildx rm apache-couchdb-nouveau >/dev/null 2>&1 || true + + echo "Creating the buildx nouveau environment..." + docker buildx create --name apache-couchdb-nouveau --driver docker-container --use + docker buildx use apache-couchdb-nouveau + docker buildx inspect --bootstrap + + echo "Starting buildx nouveau build at $(date)..." + docker buildx build --platform ${BUILDX_PLATFORMS} --tag apache/couchdb-nouveau:$tag_as --push $1-nouveau + echo "" } usage() { From 820386cb4da9a1f94a0a0cb155ccf57ca8dd6d74 Mon Sep 17 00:00:00 2001 From: Nick Vatamaniuc Date: Fri, 27 Sep 2024 15:34:05 -0400 Subject: [PATCH 43/53] To simplfy things go with the $vsn-nouveau scheme This avoid creating a separate apache repo and separate official image as well. --- build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.sh b/build.sh index bd2908e..0b14039 100755 --- a/build.sh +++ b/build.sh @@ -206,7 +206,7 @@ buildx() { docker buildx inspect --bootstrap echo "Starting buildx nouveau build at $(date)..." - docker buildx build --platform ${BUILDX_PLATFORMS} --tag apache/couchdb-nouveau:$tag_as --push $1-nouveau + docker buildx build --platform ${BUILDX_PLATFORMS} --tag apache/couchdb:${tag_as}-nouveau --push $1-nouveau echo "" } From 6fd92e0669859e6041b3b2bf7ca94758d66782b8 Mon Sep 17 00:00:00 2001 From: Nick Vatamaniuc Date: Fri, 27 Sep 2024 16:45:07 -0400 Subject: [PATCH 44/53] Cleanup minor patch versions This our standard cleanup to leave only the highest patch versions after a whlie (remove 3.2.0, 3.2.1, 3.2.2 and leave 3.2.3 if 3.2.3 is the highest 3.2.x release). We were kindly reminded to do this by the official docker image maintainers. --- 3.2.0-ubi-clouseau/Dockerfile | 131 ------------ 3.2.0-ubi-clouseau/couchdb.repo | 7 - 3.2.0-ubi-clouseau/imeyer_runit.repo | 10 - 3.2.0-ubi-clouseau/licenses/LICENSE | 202 ------------------ .../resources/10-docker-default.ini | 8 - .../resources/clouseau/clouseau.ini | 6 - .../resources/clouseau/clouseau.sh | 13 -- .../resources/clouseau/log4j.properties | 5 - .../resources/docker-entrypoint.sh | 185 ---------------- 3.2.0-ubi-clouseau/resources/pre_stop | 30 --- 3.2.0-ubi-clouseau/resources/run | 1 - 3.2.0-ubi-clouseau/resources/run_clouseau | 1 - 3.2.0-ubi-clouseau/resources/vm.args | 28 --- 3.2.0/10-docker-default.ini | 8 - 3.2.0/Dockerfile | 105 --------- 3.2.0/docker-entrypoint.sh | 106 --------- 3.2.0/vm.args | 28 --- 3.2.1/10-docker-default.ini | 8 - 3.2.1/Dockerfile | 105 --------- 3.2.1/docker-entrypoint.sh | 121 ----------- 3.2.1/vm.args | 28 --- 3.2.2/10-docker-default.ini | 8 - 3.2.2/Dockerfile | 104 --------- 3.2.2/docker-entrypoint.sh | 122 ----------- 3.2.2/vm.args | 28 --- 3.3.0/10-docker-default.ini | 8 - 3.3.0/Dockerfile | 105 --------- 3.3.0/docker-entrypoint.sh | 121 ----------- 3.3.0/vm.args | 28 --- 3.3.1/10-docker-default.ini | 8 - 3.3.1/Dockerfile | 104 --------- 3.3.1/docker-entrypoint.sh | 122 ----------- 3.3.1/vm.args | 35 --- 3.3.2/10-docker-default.ini | 8 - 3.3.2/Dockerfile | 104 --------- 3.3.2/docker-entrypoint.sh | 122 ----------- 3.3.2/vm.args | 35 --- 37 files changed, 2198 deletions(-) delete mode 100644 3.2.0-ubi-clouseau/Dockerfile delete mode 100644 3.2.0-ubi-clouseau/couchdb.repo delete mode 100644 3.2.0-ubi-clouseau/imeyer_runit.repo delete mode 100644 3.2.0-ubi-clouseau/licenses/LICENSE delete mode 100644 3.2.0-ubi-clouseau/resources/10-docker-default.ini delete mode 100644 3.2.0-ubi-clouseau/resources/clouseau/clouseau.ini delete mode 100644 3.2.0-ubi-clouseau/resources/clouseau/clouseau.sh delete mode 100644 3.2.0-ubi-clouseau/resources/clouseau/log4j.properties delete mode 100755 3.2.0-ubi-clouseau/resources/docker-entrypoint.sh delete mode 100644 3.2.0-ubi-clouseau/resources/pre_stop delete mode 100644 3.2.0-ubi-clouseau/resources/run delete mode 100644 3.2.0-ubi-clouseau/resources/run_clouseau delete mode 100644 3.2.0-ubi-clouseau/resources/vm.args delete mode 100644 3.2.0/10-docker-default.ini delete mode 100644 3.2.0/Dockerfile delete mode 100755 3.2.0/docker-entrypoint.sh delete mode 100644 3.2.0/vm.args delete mode 100644 3.2.1/10-docker-default.ini delete mode 100644 3.2.1/Dockerfile delete mode 100755 3.2.1/docker-entrypoint.sh delete mode 100644 3.2.1/vm.args delete mode 100644 3.2.2/10-docker-default.ini delete mode 100644 3.2.2/Dockerfile delete mode 100755 3.2.2/docker-entrypoint.sh delete mode 100644 3.2.2/vm.args delete mode 100644 3.3.0/10-docker-default.ini delete mode 100644 3.3.0/Dockerfile delete mode 100755 3.3.0/docker-entrypoint.sh delete mode 100644 3.3.0/vm.args delete mode 100644 3.3.1/10-docker-default.ini delete mode 100644 3.3.1/Dockerfile delete mode 100755 3.3.1/docker-entrypoint.sh delete mode 100644 3.3.1/vm.args delete mode 100644 3.3.2/10-docker-default.ini delete mode 100644 3.3.2/Dockerfile delete mode 100755 3.3.2/docker-entrypoint.sh delete mode 100644 3.3.2/vm.args diff --git a/3.2.0-ubi-clouseau/Dockerfile b/3.2.0-ubi-clouseau/Dockerfile deleted file mode 100644 index 16abfe6..0000000 --- a/3.2.0-ubi-clouseau/Dockerfile +++ /dev/null @@ -1,131 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -ARG CLOUSEAU_VERSION=2.17.0 - -FROM registry.access.redhat.com/ubi8/ubi-minimal as builder - -ARG CLOUSEAU_VERSION - -WORKDIR /usr/src - -# Fetch and extract clouseau -RUN set -xe; \ - microdnf update -y && rm -rf /var/cache/yum && \ - microdnf install -y unzip wget && \ - wget https://github.com/cloudant-labs/clouseau/releases/download/${CLOUSEAU_VERSION}/clouseau-${CLOUSEAU_VERSION}-dist.zip && \ - unzip clouseau-2.17.0-dist.zip && \ - microdnf clean all; \ - rm -rf /var/cache/yum - -FROM registry.access.redhat.com/ubi8/ubi-minimal - -ARG RELEASE -ARG BUILD_DATE -ARG CLOUSEAU_VERSION - -LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" \ - name="Apache CouchDB" \ - version="3.2.0" \ - summary="Apache CouchDB based on Red Hat UBI" \ - description="Red Hat OpenShift-compatible container that runs Apache CouchDB" \ - release=${RELEASE} \ - usage="https://github.com/apache/couchdb-docker" \ - build-date=${BUILD_DATE} \ - io.k8s.display-name="Apache CouchDB" \ - io.k8s.description="Red Hat OpenShift-compatible container that runs Apache CouchDB" \ - io.openshift.tags="database couchdb apache rhel8" \ - io.openshift.expose-services="5984/http,4369/epmd,9100/erlang" \ - io.openshift.min-memory="1Gi" \ - io.openshift.min-cpu="1" - -COPY imeyer_runit.repo /etc/yum.repos.d/imeyer_runit.repo -COPY couchdb.repo /etc/yum.repos.d/couchdb.repo - -ENV COUCHDB_VERSION=3.2.0 \ - CLOUSEAU_VERSION=${CLOUSEAU_VERSION} \ - JAVA_MAJOR_VERSION=8 \ - JAVA_HOME=/usr/lib/jvm/jre-1.8.0 \ - CLASSPATH=${APP_ROOT}/lib/* - -# Add CouchDB user account to make sure the IDs are assigned consistently -# CouchDB user added to root group for OpenShift support -RUN set -ex; \ -# be sure GPG and apt-transport-https are available and functional - microdnf update -y && rm -rf /var/cache/yum; \ - microdnf install -y \ - java-1.8.0-openjdk-headless \ - ca-certificates \ - gnupg \ - findutils \ - shadow-utils; \ -# Add CouchDB User and Group (group required by rpm) - useradd -u 5984 -d /opt/couchdb -g root couchdb; \ - groupadd -g 5984 couchdb; \ -# Install runit - microdnf update --disableplugin=subscription-manager -y && rm -rf /var/cache/yum; \ - microdnf install --enablerepo=imeyer_runit -y runit; \ -# Clean up - microdnf clean all; \ - rm -rf /var/cache/yum - -# Install CouchDB -RUN set -xe; \ - microdnf update --disableplugin=subscription-manager -y && rm -rf /var/cache/yum; \ - microdnf install --enablerepo=couchdb -y couchdb-${COUCHDB_VERSION}; \ - microdnf clean all; \ - rm -rf /var/cache/yum; \ -# remove defaults that force writing logs to file - rm /opt/couchdb/etc/default.d/10-filelog.ini; \ -# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh - find /opt/couchdb \! \( -user couchdb -group 0 \) -exec chown -f couchdb:0 '{}' +; \ -# Setup directories and permissions for config. Technically these could be 555 and 444 respectively -# but we keep them as 775 and 664 for consistency with the dockerfile_entrypoint. - find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ - find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ -# Setup directories and permissions for data. - chmod 777 /opt/couchdb/data - -# Copy Clouseau jar and set directory permissions -COPY resources/clouseau/clouseau.ini resources/clouseau/log4j.properties /opt/couchdb-search/etc/ -COPY --from=builder /usr/src/clouseau-${CLOUSEAU_VERSION}/*.jar /opt/couchdb-search/lib/ - -RUN install -d -m 0755 -o couchdb -g 0 -p /opt/couchdb-search/etc /opt/couchdb-search/lib /opt/couchdb/data/search_indexes && \ - find -L /opt/couchdb-search \! \( -user couchdb -group 0 \) -exec chown -f couchdb:0 '{}' +; \ - find -L /opt/couchdb-search -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ - find -L /opt/couchdb-search -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; - -# Add the License -COPY licenses /licenses - -# Add configuration -COPY --chown=couchdb:0 resources/10-docker-default.ini /opt/couchdb/etc/default.d/ -COPY --chown=couchdb:0 resources/vm.args /opt/couchdb/etc/ -COPY --chown=couchdb:0 resources/docker-entrypoint.sh /usr/local/bin -COPY --chown=couchdb:0 resources/run /etc/service/couchdb/ -COPY --chown=couchdb:0 resources/run_clouseau /etc/service/couchdb-search/run - -# set permissions on runit scripts -RUN chmod -R 777 /etc/service/couchdb; \ - chmod -R 777 /etc/service/couchdb-search; \ - chmod 777 /usr/local/bin/docker-entrypoint.sh; \ -# symlink to root folder - ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh - -ENTRYPOINT ["/docker-entrypoint.sh"] -VOLUME /opt/couchdb/data - -# 5984: Main CouchDB endpoint -# 4369: Erlang portmap daemon (epmd) -# 9100: CouchDB cluster communication port -EXPOSE 5984 4369 9100 -CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.2.0-ubi-clouseau/couchdb.repo b/3.2.0-ubi-clouseau/couchdb.repo deleted file mode 100644 index b4f33d7..0000000 --- a/3.2.0-ubi-clouseau/couchdb.repo +++ /dev/null @@ -1,7 +0,0 @@ -[couchdb] -name=couchdb -baseurl=https://apache.jfrog.io/artifactory/couchdb-rpm/el$releasever/$basearch/ -gpgkey=https://couchdb.apache.org/repo/keys.asc https://couchdb.apache.org/repo/rpm-package-key.asc -gpgcheck=1 -repo_gpgcheck=1 -enabled=1 diff --git a/3.2.0-ubi-clouseau/imeyer_runit.repo b/3.2.0-ubi-clouseau/imeyer_runit.repo deleted file mode 100644 index ab4aa4c..0000000 --- a/3.2.0-ubi-clouseau/imeyer_runit.repo +++ /dev/null @@ -1,10 +0,0 @@ -[imeyer_runit] -name=imeyer_runit -baseurl=https://packagecloud.io/imeyer/runit/el/7/x86_64 -repo_gpgcheck=1 -gpgcheck=0 -enabled=1 -gpgkey=https://packagecloud.io/imeyer/runit/gpgkey -sslverify=1 -sslcacert=/etc/pki/tls/certs/ca-bundle.crt -metadata_expire=300 diff --git a/3.2.0-ubi-clouseau/licenses/LICENSE b/3.2.0-ubi-clouseau/licenses/LICENSE deleted file mode 100644 index f6cd2bc..0000000 --- a/3.2.0-ubi-clouseau/licenses/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/3.2.0-ubi-clouseau/resources/10-docker-default.ini b/3.2.0-ubi-clouseau/resources/10-docker-default.ini deleted file mode 100644 index 1aa633c..0000000 --- a/3.2.0-ubi-clouseau/resources/10-docker-default.ini +++ /dev/null @@ -1,8 +0,0 @@ -; CouchDB Configuration Settings - -; Custom settings should be made in this file. They will override settings -; in default.ini, but unlike changes made to default.ini, this file won't be -; overwritten on server upgrade. - -[chttpd] -bind_address = any diff --git a/3.2.0-ubi-clouseau/resources/clouseau/clouseau.ini b/3.2.0-ubi-clouseau/resources/clouseau/clouseau.ini deleted file mode 100644 index 81084e1..0000000 --- a/3.2.0-ubi-clouseau/resources/clouseau/clouseau.ini +++ /dev/null @@ -1,6 +0,0 @@ -[clouseau] -name=clouseau@127.0.0.1 - -dir=/opt/couchdb/data/search_indexes - -max_indexes_open=500 diff --git a/3.2.0-ubi-clouseau/resources/clouseau/clouseau.sh b/3.2.0-ubi-clouseau/resources/clouseau/clouseau.sh deleted file mode 100644 index 4f8b300..0000000 --- a/3.2.0-ubi-clouseau/resources/clouseau/clouseau.sh +++ /dev/null @@ -1,13 +0,0 @@ -# chmod 0600 /opt/couchdb-search/etc/jmxremote.password - -exec -c "java -server \ - -Xmx2G \ - -Dsun.net.inetaddr.ttl=30 \ - -Dsun.net.inetaddr.negative.ttl=30 \ - -Dlog4j.configuration=file:/opt/couchdb-search/etc/log4j.properties \ - -XX:OnOutOfMemoryError="kill -9 %p" \ - -XX:+UseConcMarkSweepGC \ - -XX:+CMSParallelRemarkEnabled \ - -classpath '/opt/couchdb-search/lib/*' \ - com.cloudant.clouseau.Main \ - /opt/couchdb-search/etc/clouseau.ini" diff --git a/3.2.0-ubi-clouseau/resources/clouseau/log4j.properties b/3.2.0-ubi-clouseau/resources/clouseau/log4j.properties deleted file mode 100644 index e7a0f7c..0000000 --- a/3.2.0-ubi-clouseau/resources/clouseau/log4j.properties +++ /dev/null @@ -1,5 +0,0 @@ -log4j.rootLogger=info, CONSOLE - -log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender -log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout -log4j.appender.CONSOLE.layout.ConversionPattern=%d{ISO8601} %c [%p] %m%n diff --git a/3.2.0-ubi-clouseau/resources/docker-entrypoint.sh b/3.2.0-ubi-clouseau/resources/docker-entrypoint.sh deleted file mode 100755 index 0592c68..0000000 --- a/3.2.0-ubi-clouseau/resources/docker-entrypoint.sh +++ /dev/null @@ -1,185 +0,0 @@ -#!/bin/bash -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. -set -e - -# first arg is `-something` or `+something` -if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then - set -- /opt/couchdb/bin/couchdb "$@" -fi - -# first arg is the bare word `couchdb` -if [ "$1" = 'couchdb' ]; then - shift - set -- /opt/couchdb/bin/couchdb "$@" -fi - -if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then - # this is where runtime configuration changes will be written. - # we need to explicitly touch it here in case /opt/couchdb/etc has - # been mounted as an external volume, in which case it won't exist. - # If running as the couchdb user (i.e. container starts as root), - # write permissions will be granted below. - touch /opt/couchdb/etc/local.d/docker.ini - - # if user is root, assume running under the couchdb user (default) - # and ensure it is able to access files and directories that may be mounted externally - if [ "$(id -u)" = '0' ]; then - # Check that we own everything in /opt/couchdb and fix if necessary. We also - # add the `-f` flag in all the following invocations because there may be - # cases where some of these ownership and permissions issues are non-fatal - # (e.g. a config file owned by root with o+r is actually fine), and we don't - # to be too aggressive about crashing here ... - find /opt/couchdb \! \( -user couchdb -group 0 \) -exec chown -f couchdb:0 '{}' + - - # Ensure that data files have the correct permissions. We were previously - # preventing any access to these files outside of couchdb:couchdb, but it - # turns out that CouchDB itself does not set such restrictive permissions - # when it creates the files. The approach taken here ensures that the - # contents of the datadir have the same permissions as they had when they - # were initially created. This should minimize any startup delay. - find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + - find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + - - # Do the same thing for configuration files and directories. Technically - # CouchDB only needs read access to the configuration files as all online - # changes will be applied to the "docker.ini" file below, but we set 644 - # for the sake of consistency. - find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + - find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + - - # also for clouseau - find -L /opt/couchdb-search \! \( -user couchdb -group 0 \) -exec chown -f couchdb:0 '{}' + - find -L /opt/couchdb-search -type d ! -perm 0755 -exec chmod -f 0755 '{}' + - find -L /opt/couchdb-search -type f ! -perm 0644 -exec chmod -f 0644 '{}' + - fi - - # if erlang cookie passed in, set in clouseau.ini - kCOOKIE_REGEX='setcookie ([^ ]+)' - cookie='monster' - if [[ $ERL_FLAGS =~ $kCOOKIE_REGEX ]]; then - cookie="${BASH_REMATCH[1]}" - else - ERL_FLAGS="$ERL_FLAGS -setcookie $cookie" - fi - - if ! grep "cookie" /opt/couchdb-search/etc/clouseau.ini; then - echo "cookie=$cookie" >> /opt/couchdb-search/etc/clouseau.ini - fi - - if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then - echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args - fi - - # a node name is required for clouseau/distributed erlang. - # set if not specified via ERL_FLAGS or vm.args - kNAME_REGEX='\-name ([^ ]+)' - if ! [[ $ERL_FLAGS =~ $kNAME_REGEX ]]; then - echo "No name found in ERL_FLAGS $ERL_FLAGS" - nodename=${NODENAME:=127.0.0.1} - if ! grep -e '-name' /opt/couchdb/etc/vm.args; then - echo "No -name found in vm.args. Using couchdb@$nodename" - echo "-name couchdb@$nodename" >> /opt/couchdb/etc/vm.args - fi - fi - - if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then - # Create admin only if not already present - if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini; then - printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini - fi - fi - - if [ "$COUCHDB_SECRET" ]; then - # Set secret only if not already present - if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini; then - printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini - fi - fi - - if [ "$(id -u)" = '0' ]; then - chown -f couchdb:0 /opt/couchdb/etc/local.d/docker.ini || true - fi - - # if we don't find an [admins] section followed by a non-comment, display a warning - if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' -************************************************************* -ERROR: CouchDB 3.0+ will no longer run in "Admin Party" - mode. You *MUST* specify an admin user and - password, either via your own .ini file mapped - into the container at /opt/couchdb/etc/local.ini - or inside /opt/couchdb/etc/local.d, or with - "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" - to set it via "docker run". -************************************************************* -EOWARN - exit 1 - fi - - if [ "$(id -u)" = '0' ]; then - # Run as CouchDB user - cat > /etc/service/couchdb/run <<-EOF - #!/bin/sh - export HOME=/opt/couchdb - exec 2>&1 - exec chpst -u couchdb env ERL_FLAGS="$ERL_FLAGS" $@ - EOF - - cat > /etc/service/couchdb-search/run <<-EOF - #!/bin/sh - export HOME=/opt/couchdb-search - exec 2>&1 - exec chpst -u couchdb java -server \ - -Xmx2G \ - -Dsun.net.inetaddr.ttl=30 \ - -Dsun.net.inetaddr.negative.ttl=30 \ - -Dlog4j.configuration=file:/opt/couchdb-search/etc/log4j.properties \ - -XX:OnOutOfMemoryError="kill -9 %p" \ - -XX:+UseConcMarkSweepGC \ - -XX:+CMSParallelRemarkEnabled \ - -classpath '/opt/couchdb-search/lib/*' \ - com.cloudant.clouseau.Main \ - /opt/couchdb-search/etc/clouseau.ini - EOF - else - # Write out runit scripts to start as the ambient uid - cat > /etc/service/couchdb/run <<-EOF - #!/bin/sh - export HOME=/opt/couchdb - exec 2>&1 - exec chpst env ERL_FLAGS="$ERL_FLAGS" $@ - EOF - - cat > /etc/service/couchdb-search/run <<-EOF - #!/bin/sh - export HOME=/opt/couchdb-search - exec 2>&1 - exec chpst java -server \ - -Xmx2G \ - -Dsun.net.inetaddr.ttl=30 \ - -Dsun.net.inetaddr.negative.ttl=30 \ - -Dlog4j.configuration=file:/opt/couchdb-search/etc/log4j.properties \ - -XX:OnOutOfMemoryError="kill -9 %p" \ - -XX:+UseConcMarkSweepGC \ - -XX:+CMSParallelRemarkEnabled \ - -classpath '/opt/couchdb-search/lib/*' \ - com.cloudant.clouseau.Main \ - /opt/couchdb-search/etc/clouseau.ini - EOF - fi - - exec /sbin/runsvdir-start -fi - -exec "$@" diff --git a/3.2.0-ubi-clouseau/resources/pre_stop b/3.2.0-ubi-clouseau/resources/pre_stop deleted file mode 100644 index 2fbd60a..0000000 --- a/3.2.0-ubi-clouseau/resources/pre_stop +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -if [ -z "$1" ]; then - terminationPeriod=300 -else - terminationPeriod=$1 -fi - -timeToSleep=5 -numIterations=$(awk -v var1=$terminationPeriod -v var2=$timeToSleep 'BEGIN { print ( var1 / var2 ) }') - -# Mark each runsv service as down, which will send each process a TERM -for file in /conf/service/*/supervise/control; do - echo "d" > $file; -done - -# Allow the processes time to terminate gracefully -i="0" -while [ $i -lt $numIterations ]; do - numServices=$(find /conf/service/* -maxdepth 0 -type d | wc -l) - numDownServices=$(grep -r "^down$" /conf/service/*/supervise/stat | wc -l) - if [ $numServices -ne $numDownServices ]; then - sleep $timeToSleep - i=$[$i+1] - else - exit 0 - fi -done - -exit 1 diff --git a/3.2.0-ubi-clouseau/resources/run b/3.2.0-ubi-clouseau/resources/run deleted file mode 100644 index 7d1d6b8..0000000 --- a/3.2.0-ubi-clouseau/resources/run +++ /dev/null @@ -1 +0,0 @@ -# populated in dockerfile entrypoint so that ERL_FLAGS are propagated diff --git a/3.2.0-ubi-clouseau/resources/run_clouseau b/3.2.0-ubi-clouseau/resources/run_clouseau deleted file mode 100644 index 9c18b33..0000000 --- a/3.2.0-ubi-clouseau/resources/run_clouseau +++ /dev/null @@ -1 +0,0 @@ -# populated in dockerfile entrypoint diff --git a/3.2.0-ubi-clouseau/resources/vm.args b/3.2.0-ubi-clouseau/resources/vm.args deleted file mode 100644 index 0425756..0000000 --- a/3.2.0-ubi-clouseau/resources/vm.args +++ /dev/null @@ -1,28 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -# Ensure that the Erlang VM listens on a known port --kernel inet_dist_listen_min 9100 --kernel inet_dist_listen_max 9100 - -# Tell kernel and SASL not to log anything --kernel error_logger silent --sasl sasl_error_logger false - -# Use kernel poll functionality if supported by emulator -+K true - -# Start a pool of asynchronous IO threads -+A 16 - -# Comment this line out to enable the interactive Erlang shell on startup -+Bd -noinput diff --git a/3.2.0/10-docker-default.ini b/3.2.0/10-docker-default.ini deleted file mode 100644 index 1aa633c..0000000 --- a/3.2.0/10-docker-default.ini +++ /dev/null @@ -1,8 +0,0 @@ -; CouchDB Configuration Settings - -; Custom settings should be made in this file. They will override settings -; in default.ini, but unlike changes made to default.ini, this file won't be -; overwritten on server upgrade. - -[chttpd] -bind_address = any diff --git a/3.2.0/Dockerfile b/3.2.0/Dockerfile deleted file mode 100644 index 159be0f..0000000 --- a/3.2.0/Dockerfile +++ /dev/null @@ -1,105 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -FROM debian:buster-slim - -LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" - -# Add CouchDB user account to make sure the IDs are assigned consistently -RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb - -# be sure GPG and apt-transport-https are available and functional -RUN set -ex; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - apt-transport-https \ - ca-certificates \ - dirmngr \ - gnupg \ - ; \ - rm -rf /var/lib/apt/lists/* - -# grab gosu for easy step-down from root and tini for signal handling and zombie reaping -# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends gosu tini; \ - rm -rf /var/lib/apt/lists/*; \ - gosu nobody true; \ - tini --version - -# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages -ENV GPG_COUCH_KEY \ -# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) - 390EF70BB1EA12B2773962950EE62FB37A00258D -RUN set -eux; \ - apt-get update; \ - apt-get install -y curl; \ - export GNUPGHOME="$(mktemp -d)"; \ - curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ - gpg --batch --import keys.asc; \ - gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ - command -v gpgconf && gpgconf --kill all || :; \ - rm -rf "$GNUPGHOME"; \ - apt-key list; \ - apt purge -y --autoremove curl; \ - rm -rf /var/lib/apt/lists/* - -ENV COUCHDB_VERSION 3.2.0 - -RUN . /etc/os-release; \ - echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ - tee /etc/apt/sources.list.d/couchdb.list >/dev/null - -# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian -RUN set -eux; \ - apt-get update; \ - \ - echo "couchdb couchdb/mode select none" | debconf-set-selections; \ -# we DO want recommends this time - DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ - couchdb="$COUCHDB_VERSION"~buster \ - ; \ -# Undo symlinks to /var/log and /var/lib - rmdir /var/lib/couchdb /var/log/couchdb; \ - rm /opt/couchdb/data /opt/couchdb/var/log; \ - mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ - chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ - chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ -# Remove file that sets logging to a file - rm /opt/couchdb/etc/default.d/10-filelog.ini; \ -# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh - find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ -# Setup directories and permissions for config. Technically these could be 555 and 444 respectively -# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. - find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ - find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ -# only local.d needs to be writable for the docker_entrypoint.sh - chmod -f 0777 /opt/couchdb/etc/local.d; \ -# apt clean-up - rm -rf /var/lib/apt/lists/*; - -# Add configuration -COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ -COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ - -COPY docker-entrypoint.sh /usr/local/bin -RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat -ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] - -VOLUME /opt/couchdb/data - -# 5984: Main CouchDB endpoint -# 4369: Erlang portmap daemon (epmd) -# 9100: CouchDB cluster communication port -EXPOSE 5984 4369 9100 -CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.2.0/docker-entrypoint.sh b/3.2.0/docker-entrypoint.sh deleted file mode 100755 index 4b8b4f4..0000000 --- a/3.2.0/docker-entrypoint.sh +++ /dev/null @@ -1,106 +0,0 @@ -#!/bin/bash -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -set -e - -# first arg is `-something` or `+something` -if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then - set -- /opt/couchdb/bin/couchdb "$@" -fi - -# first arg is the bare word `couchdb` -if [ "$1" = 'couchdb' ]; then - shift - set -- /opt/couchdb/bin/couchdb "$@" -fi - -if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then - # this is where runtime configuration changes will be written. - # we need to explicitly touch it here in case /opt/couchdb/etc has - # been mounted as an external volume, in which case it won't exist. - # If running as the couchdb user (i.e. container starts as root), - # write permissions will be granted below. - touch /opt/couchdb/etc/local.d/docker.ini - - # if user is root, assume running under the couchdb user (default) - # and ensure it is able to access files and directories that may be mounted externally - if [ "$(id -u)" = '0' ]; then - # Check that we own everything in /opt/couchdb and fix if necessary. We also - # add the `-f` flag in all the following invocations because there may be - # cases where some of these ownership and permissions issues are non-fatal - # (e.g. a config file owned by root with o+r is actually fine), and we don't - # to be too aggressive about crashing here ... - find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + - - # Ensure that data files have the correct permissions. We were previously - # preventing any access to these files outside of couchdb:couchdb, but it - # turns out that CouchDB itself does not set such restrictive permissions - # when it creates the files. The approach taken here ensures that the - # contents of the datadir have the same permissions as they had when they - # were initially created. This should minimize any startup delay. - find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + - find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + - - # Do the same thing for configuration files and directories. Technically - # CouchDB only needs read access to the configuration files as all online - # changes will be applied to the "docker.ini" file below, but we set 644 - # for the sake of consistency. - find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + - find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + - fi - - if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then - echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args - fi - - if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then - # Create admin only if not already present - if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini - fi - fi - - if [ "$COUCHDB_SECRET" ]; then - # Set secret only if not already present - if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini - fi - fi - - if [ "$(id -u)" = '0' ]; then - chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true - fi - - # if we don't find an [admins] section followed by a non-comment, display a warning - if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' -************************************************************* -ERROR: CouchDB 3.0+ will no longer run in "Admin Party" - mode. You *MUST* specify an admin user and - password, either via your own .ini file mapped - into the container at /opt/couchdb/etc/local.ini - or inside /opt/couchdb/etc/local.d, or with - "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" - to set it via "docker run". -************************************************************* -EOWARN - exit 1 - fi - - if [ "$(id -u)" = '0' ]; then - exec gosu couchdb "$@" - fi -fi - -exec "$@" diff --git a/3.2.0/vm.args b/3.2.0/vm.args deleted file mode 100644 index 0425756..0000000 --- a/3.2.0/vm.args +++ /dev/null @@ -1,28 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -# Ensure that the Erlang VM listens on a known port --kernel inet_dist_listen_min 9100 --kernel inet_dist_listen_max 9100 - -# Tell kernel and SASL not to log anything --kernel error_logger silent --sasl sasl_error_logger false - -# Use kernel poll functionality if supported by emulator -+K true - -# Start a pool of asynchronous IO threads -+A 16 - -# Comment this line out to enable the interactive Erlang shell on startup -+Bd -noinput diff --git a/3.2.1/10-docker-default.ini b/3.2.1/10-docker-default.ini deleted file mode 100644 index 1aa633c..0000000 --- a/3.2.1/10-docker-default.ini +++ /dev/null @@ -1,8 +0,0 @@ -; CouchDB Configuration Settings - -; Custom settings should be made in this file. They will override settings -; in default.ini, but unlike changes made to default.ini, this file won't be -; overwritten on server upgrade. - -[chttpd] -bind_address = any diff --git a/3.2.1/Dockerfile b/3.2.1/Dockerfile deleted file mode 100644 index 27e9d9c..0000000 --- a/3.2.1/Dockerfile +++ /dev/null @@ -1,105 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -FROM debian:bullseye-slim - -LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" - -# Add CouchDB user account to make sure the IDs are assigned consistently -RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb - -# be sure GPG and apt-transport-https are available and functional -RUN set -ex; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - apt-transport-https \ - ca-certificates \ - dirmngr \ - gnupg \ - ; \ - rm -rf /var/lib/apt/lists/* - -# grab gosu for easy step-down from root and tini for signal handling and zombie reaping -# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends gosu tini; \ - rm -rf /var/lib/apt/lists/*; \ - gosu nobody true; \ - tini --version - -# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages -ENV GPG_COUCH_KEY \ -# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) - 390EF70BB1EA12B2773962950EE62FB37A00258D -RUN set -eux; \ - apt-get update; \ - apt-get install -y curl; \ - export GNUPGHOME="$(mktemp -d)"; \ - curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ - gpg --batch --import keys.asc; \ - gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ - command -v gpgconf && gpgconf --kill all || :; \ - rm -rf "$GNUPGHOME"; \ - apt-key list; \ - apt purge -y --autoremove curl; \ - rm -rf /var/lib/apt/lists/* - -ENV COUCHDB_VERSION 3.2.1-1 - -RUN . /etc/os-release; \ - echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ - tee /etc/apt/sources.list.d/couchdb.list >/dev/null - -# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian -RUN set -eux; \ - apt-get update; \ - \ - echo "couchdb couchdb/mode select none" | debconf-set-selections; \ -# we DO want recommends this time - DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ - couchdb="$COUCHDB_VERSION"~bullseye \ - ; \ -# Undo symlinks to /var/log and /var/lib - rmdir /var/lib/couchdb /var/log/couchdb; \ - rm /opt/couchdb/data /opt/couchdb/var/log; \ - mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ - chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ - chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ -# Remove file that sets logging to a file - rm /opt/couchdb/etc/default.d/10-filelog.ini; \ -# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh - find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ -# Setup directories and permissions for config. Technically these could be 555 and 444 respectively -# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. - find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ - find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ -# only local.d needs to be writable for the docker_entrypoint.sh - chmod -f 0777 /opt/couchdb/etc/local.d; \ -# apt clean-up - rm -rf /var/lib/apt/lists/*; - -# Add configuration -COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ -COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ - -COPY docker-entrypoint.sh /usr/local/bin -RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat -ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] - -VOLUME /opt/couchdb/data - -# 5984: Main CouchDB endpoint -# 4369: Erlang portmap daemon (epmd) -# 9100: CouchDB cluster communication port -EXPOSE 5984 4369 9100 -CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.2.1/docker-entrypoint.sh b/3.2.1/docker-entrypoint.sh deleted file mode 100755 index 8d6456d..0000000 --- a/3.2.1/docker-entrypoint.sh +++ /dev/null @@ -1,121 +0,0 @@ -#!/bin/bash -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -set -e - -# first arg is `-something` or `+something` -if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then - set -- /opt/couchdb/bin/couchdb "$@" -fi - -# first arg is the bare word `couchdb` -if [ "$1" = 'couchdb' ]; then - shift - set -- /opt/couchdb/bin/couchdb "$@" -fi - -if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then - # this is where runtime configuration changes will be written. - # we need to explicitly touch it here in case /opt/couchdb/etc has - # been mounted as an external volume, in which case it won't exist. - # If running as the couchdb user (i.e. container starts as root), - # write permissions will be granted below. - touch /opt/couchdb/etc/local.d/docker.ini - - # if user is root, assume running under the couchdb user (default) - # and ensure it is able to access files and directories that may be mounted externally - if [ "$(id -u)" = '0' ]; then - # Check that we own everything in /opt/couchdb and fix if necessary. We also - # add the `-f` flag in all the following invocations because there may be - # cases where some of these ownership and permissions issues are non-fatal - # (e.g. a config file owned by root with o+r is actually fine), and we don't - # to be too aggressive about crashing here ... - find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + - - # Ensure that data files have the correct permissions. We were previously - # preventing any access to these files outside of couchdb:couchdb, but it - # turns out that CouchDB itself does not set such restrictive permissions - # when it creates the files. The approach taken here ensures that the - # contents of the datadir have the same permissions as they had when they - # were initially created. This should minimize any startup delay. - find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + - find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + - - # Do the same thing for configuration files and directories. Technically - # CouchDB only needs read access to the configuration files as all online - # changes will be applied to the "docker.ini" file below, but we set 644 - # for the sake of consistency. - find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + - find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + - fi - - if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then - echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args - fi - - if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then - # Create admin only if not already present - if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini - fi - fi - - if [ "$COUCHDB_SECRET" ]; then - # Set secret only if not already present - if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini - fi - fi - - if [ "$COUCHDB_ERLANG_COOKIE" ]; then - cookieFile='/opt/couchdb/.erlang.cookie' - if [ -e "$cookieFile" ]; then - if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then - echo >&2 - echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" - echo >&2 - fi - else - echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" - fi - chown couchdb:couchdb "$cookieFile" - chmod 600 "$cookieFile" - fi - - if [ "$(id -u)" = '0' ]; then - chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true - fi - - # if we don't find an [admins] section followed by a non-comment, display a warning - if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' -************************************************************* -ERROR: CouchDB 3.0+ will no longer run in "Admin Party" - mode. You *MUST* specify an admin user and - password, either via your own .ini file mapped - into the container at /opt/couchdb/etc/local.ini - or inside /opt/couchdb/etc/local.d, or with - "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" - to set it via "docker run". -************************************************************* -EOWARN - exit 1 - fi - - if [ "$(id -u)" = '0' ]; then - exec gosu couchdb "$@" - fi -fi - -exec "$@" diff --git a/3.2.1/vm.args b/3.2.1/vm.args deleted file mode 100644 index 0425756..0000000 --- a/3.2.1/vm.args +++ /dev/null @@ -1,28 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -# Ensure that the Erlang VM listens on a known port --kernel inet_dist_listen_min 9100 --kernel inet_dist_listen_max 9100 - -# Tell kernel and SASL not to log anything --kernel error_logger silent --sasl sasl_error_logger false - -# Use kernel poll functionality if supported by emulator -+K true - -# Start a pool of asynchronous IO threads -+A 16 - -# Comment this line out to enable the interactive Erlang shell on startup -+Bd -noinput diff --git a/3.2.2/10-docker-default.ini b/3.2.2/10-docker-default.ini deleted file mode 100644 index 1aa633c..0000000 --- a/3.2.2/10-docker-default.ini +++ /dev/null @@ -1,8 +0,0 @@ -; CouchDB Configuration Settings - -; Custom settings should be made in this file. They will override settings -; in default.ini, but unlike changes made to default.ini, this file won't be -; overwritten on server upgrade. - -[chttpd] -bind_address = any diff --git a/3.2.2/Dockerfile b/3.2.2/Dockerfile deleted file mode 100644 index 587d152..0000000 --- a/3.2.2/Dockerfile +++ /dev/null @@ -1,104 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -FROM debian:bullseye-slim - -LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" - -# Add CouchDB user account to make sure the IDs are assigned consistently -RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb - -# be sure GPG and apt-transport-https are available and functional -RUN set -ex; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - apt-transport-https \ - ca-certificates \ - dirmngr \ - gnupg \ - ; \ - rm -rf /var/lib/apt/lists/* - -# grab tini for signal handling and zombie reaping -# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends tini; \ - rm -rf /var/lib/apt/lists/*; \ - tini --version - -# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages -ENV GPG_COUCH_KEY \ -# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) - 390EF70BB1EA12B2773962950EE62FB37A00258D -RUN set -eux; \ - apt-get update; \ - apt-get install -y curl; \ - export GNUPGHOME="$(mktemp -d)"; \ - curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ - gpg --batch --import keys.asc; \ - gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ - command -v gpgconf && gpgconf --kill all || :; \ - rm -rf "$GNUPGHOME"; \ - apt-key list; \ - apt purge -y --autoremove curl; \ - rm -rf /var/lib/apt/lists/* - -ENV COUCHDB_VERSION 3.2.2-1 - -RUN . /etc/os-release; \ - echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ - tee /etc/apt/sources.list.d/couchdb.list >/dev/null - -# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian -RUN set -eux; \ - apt-get update; \ - \ - echo "couchdb couchdb/mode select none" | debconf-set-selections; \ -# we DO want recommends this time - DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ - couchdb="$COUCHDB_VERSION"~bullseye \ - ; \ -# Undo symlinks to /var/log and /var/lib - rmdir /var/lib/couchdb /var/log/couchdb; \ - rm /opt/couchdb/data /opt/couchdb/var/log; \ - mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ - chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ - chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ -# Remove file that sets logging to a file - rm /opt/couchdb/etc/default.d/10-filelog.ini; \ -# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh - find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ -# Setup directories and permissions for config. Technically these could be 555 and 444 respectively -# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. - find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ - find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ -# only local.d needs to be writable for the docker_entrypoint.sh - chmod -f 0777 /opt/couchdb/etc/local.d; \ -# apt clean-up - rm -rf /var/lib/apt/lists/*; - -# Add configuration -COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ -COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ - -COPY docker-entrypoint.sh /usr/local/bin -RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat -ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] - -VOLUME /opt/couchdb/data - -# 5984: Main CouchDB endpoint -# 4369: Erlang portmap daemon (epmd) -# 9100: CouchDB cluster communication port -EXPOSE 5984 4369 9100 -CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.2.2/docker-entrypoint.sh b/3.2.2/docker-entrypoint.sh deleted file mode 100755 index a8544c7..0000000 --- a/3.2.2/docker-entrypoint.sh +++ /dev/null @@ -1,122 +0,0 @@ -#!/bin/bash -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -set -e - -# first arg is `-something` or `+something` -if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then - set -- /opt/couchdb/bin/couchdb "$@" -fi - -# first arg is the bare word `couchdb` -if [ "$1" = 'couchdb' ]; then - shift - set -- /opt/couchdb/bin/couchdb "$@" -fi - -if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then - # this is where runtime configuration changes will be written. - # we need to explicitly touch it here in case /opt/couchdb/etc has - # been mounted as an external volume, in which case it won't exist. - # If running as the couchdb user (i.e. container starts as root), - # write permissions will be granted below. - touch /opt/couchdb/etc/local.d/docker.ini - - # if user is root, assume running under the couchdb user (default) - # and ensure it is able to access files and directories that may be mounted externally - if [ "$(id -u)" = '0' ]; then - # Check that we own everything in /opt/couchdb and fix if necessary. We also - # add the `-f` flag in all the following invocations because there may be - # cases where some of these ownership and permissions issues are non-fatal - # (e.g. a config file owned by root with o+r is actually fine), and we don't - # to be too aggressive about crashing here ... - find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + - - # Ensure that data files have the correct permissions. We were previously - # preventing any access to these files outside of couchdb:couchdb, but it - # turns out that CouchDB itself does not set such restrictive permissions - # when it creates the files. The approach taken here ensures that the - # contents of the datadir have the same permissions as they had when they - # were initially created. This should minimize any startup delay. - find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + - find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + - - # Do the same thing for configuration files and directories. Technically - # CouchDB only needs read access to the configuration files as all online - # changes will be applied to the "docker.ini" file below, but we set 644 - # for the sake of consistency. - find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + - find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + - fi - - if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then - echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args - fi - - if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then - # Create admin only if not already present - if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini - fi - fi - - if [ "$COUCHDB_SECRET" ]; then - # Set secret only if not already present - if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini - fi - fi - - if [ "$COUCHDB_ERLANG_COOKIE" ]; then - cookieFile='/opt/couchdb/.erlang.cookie' - if [ -e "$cookieFile" ]; then - if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then - echo >&2 - echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" - echo >&2 - fi - else - echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" - fi - chown couchdb:couchdb "$cookieFile" - chmod 600 "$cookieFile" - fi - - if [ "$(id -u)" = '0' ]; then - chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true - fi - - # if we don't find an [admins] section followed by a non-comment, display a warning - if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' -************************************************************* -ERROR: CouchDB 3.0+ will no longer run in "Admin Party" - mode. You *MUST* specify an admin user and - password, either via your own .ini file mapped - into the container at /opt/couchdb/etc/local.ini - or inside /opt/couchdb/etc/local.d, or with - "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" - to set it via "docker run". -************************************************************* -EOWARN - exit 1 - fi - - if [ "$(id -u)" = '0' ]; then - export HOME=$(echo ~couchdb) - exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@" - fi -fi - -exec "$@" diff --git a/3.2.2/vm.args b/3.2.2/vm.args deleted file mode 100644 index 0425756..0000000 --- a/3.2.2/vm.args +++ /dev/null @@ -1,28 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -# Ensure that the Erlang VM listens on a known port --kernel inet_dist_listen_min 9100 --kernel inet_dist_listen_max 9100 - -# Tell kernel and SASL not to log anything --kernel error_logger silent --sasl sasl_error_logger false - -# Use kernel poll functionality if supported by emulator -+K true - -# Start a pool of asynchronous IO threads -+A 16 - -# Comment this line out to enable the interactive Erlang shell on startup -+Bd -noinput diff --git a/3.3.0/10-docker-default.ini b/3.3.0/10-docker-default.ini deleted file mode 100644 index 1aa633c..0000000 --- a/3.3.0/10-docker-default.ini +++ /dev/null @@ -1,8 +0,0 @@ -; CouchDB Configuration Settings - -; Custom settings should be made in this file. They will override settings -; in default.ini, but unlike changes made to default.ini, this file won't be -; overwritten on server upgrade. - -[chttpd] -bind_address = any diff --git a/3.3.0/Dockerfile b/3.3.0/Dockerfile deleted file mode 100644 index ffb943b..0000000 --- a/3.3.0/Dockerfile +++ /dev/null @@ -1,105 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -FROM debian:bullseye-slim - -LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" - -# Add CouchDB user account to make sure the IDs are assigned consistently -RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb - -# be sure GPG and apt-transport-https are available and functional -RUN set -ex; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - apt-transport-https \ - ca-certificates \ - dirmngr \ - gnupg \ - ; \ - rm -rf /var/lib/apt/lists/* - -# grab gosu for easy step-down from root and tini for signal handling and zombie reaping -# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends gosu tini; \ - rm -rf /var/lib/apt/lists/*; \ - gosu nobody true; \ - tini --version - -# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages -ENV GPG_COUCH_KEY \ -# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) - 390EF70BB1EA12B2773962950EE62FB37A00258D -RUN set -eux; \ - apt-get update; \ - apt-get install -y curl; \ - export GNUPGHOME="$(mktemp -d)"; \ - curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ - gpg --batch --import keys.asc; \ - gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ - command -v gpgconf && gpgconf --kill all || :; \ - rm -rf "$GNUPGHOME"; \ - apt-key list; \ - apt purge -y --autoremove curl; \ - rm -rf /var/lib/apt/lists/* - -ENV COUCHDB_VERSION 3.3.0 - -RUN . /etc/os-release; \ - echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ - tee /etc/apt/sources.list.d/couchdb.list >/dev/null - -# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian -RUN set -eux; \ - apt-get update; \ - \ - echo "couchdb couchdb/mode select none" | debconf-set-selections; \ -# we DO want recommends this time - DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ - couchdb="$COUCHDB_VERSION"~bullseye \ - ; \ -# Undo symlinks to /var/log and /var/lib - rmdir /var/lib/couchdb /var/log/couchdb; \ - rm /opt/couchdb/data /opt/couchdb/var/log; \ - mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ - chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ - chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ -# Remove file that sets logging to a file - rm /opt/couchdb/etc/default.d/10-filelog.ini; \ -# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh - find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ -# Setup directories and permissions for config. Technically these could be 555 and 444 respectively -# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. - find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ - find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ -# only local.d needs to be writable for the docker_entrypoint.sh - chmod -f 0777 /opt/couchdb/etc/local.d; \ -# apt clean-up - rm -rf /var/lib/apt/lists/*; - -# Add configuration -COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ -COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ - -COPY docker-entrypoint.sh /usr/local/bin -RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat -ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] - -VOLUME /opt/couchdb/data - -# 5984: Main CouchDB endpoint -# 4369: Erlang portmap daemon (epmd) -# 9100: CouchDB cluster communication port -EXPOSE 5984 4369 9100 -CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.3.0/docker-entrypoint.sh b/3.3.0/docker-entrypoint.sh deleted file mode 100755 index 8d6456d..0000000 --- a/3.3.0/docker-entrypoint.sh +++ /dev/null @@ -1,121 +0,0 @@ -#!/bin/bash -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -set -e - -# first arg is `-something` or `+something` -if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then - set -- /opt/couchdb/bin/couchdb "$@" -fi - -# first arg is the bare word `couchdb` -if [ "$1" = 'couchdb' ]; then - shift - set -- /opt/couchdb/bin/couchdb "$@" -fi - -if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then - # this is where runtime configuration changes will be written. - # we need to explicitly touch it here in case /opt/couchdb/etc has - # been mounted as an external volume, in which case it won't exist. - # If running as the couchdb user (i.e. container starts as root), - # write permissions will be granted below. - touch /opt/couchdb/etc/local.d/docker.ini - - # if user is root, assume running under the couchdb user (default) - # and ensure it is able to access files and directories that may be mounted externally - if [ "$(id -u)" = '0' ]; then - # Check that we own everything in /opt/couchdb and fix if necessary. We also - # add the `-f` flag in all the following invocations because there may be - # cases where some of these ownership and permissions issues are non-fatal - # (e.g. a config file owned by root with o+r is actually fine), and we don't - # to be too aggressive about crashing here ... - find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + - - # Ensure that data files have the correct permissions. We were previously - # preventing any access to these files outside of couchdb:couchdb, but it - # turns out that CouchDB itself does not set such restrictive permissions - # when it creates the files. The approach taken here ensures that the - # contents of the datadir have the same permissions as they had when they - # were initially created. This should minimize any startup delay. - find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + - find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + - - # Do the same thing for configuration files and directories. Technically - # CouchDB only needs read access to the configuration files as all online - # changes will be applied to the "docker.ini" file below, but we set 644 - # for the sake of consistency. - find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + - find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + - fi - - if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then - echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args - fi - - if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then - # Create admin only if not already present - if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini - fi - fi - - if [ "$COUCHDB_SECRET" ]; then - # Set secret only if not already present - if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini - fi - fi - - if [ "$COUCHDB_ERLANG_COOKIE" ]; then - cookieFile='/opt/couchdb/.erlang.cookie' - if [ -e "$cookieFile" ]; then - if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then - echo >&2 - echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" - echo >&2 - fi - else - echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" - fi - chown couchdb:couchdb "$cookieFile" - chmod 600 "$cookieFile" - fi - - if [ "$(id -u)" = '0' ]; then - chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true - fi - - # if we don't find an [admins] section followed by a non-comment, display a warning - if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' -************************************************************* -ERROR: CouchDB 3.0+ will no longer run in "Admin Party" - mode. You *MUST* specify an admin user and - password, either via your own .ini file mapped - into the container at /opt/couchdb/etc/local.ini - or inside /opt/couchdb/etc/local.d, or with - "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" - to set it via "docker run". -************************************************************* -EOWARN - exit 1 - fi - - if [ "$(id -u)" = '0' ]; then - exec gosu couchdb "$@" - fi -fi - -exec "$@" diff --git a/3.3.0/vm.args b/3.3.0/vm.args deleted file mode 100644 index 0425756..0000000 --- a/3.3.0/vm.args +++ /dev/null @@ -1,28 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -# Ensure that the Erlang VM listens on a known port --kernel inet_dist_listen_min 9100 --kernel inet_dist_listen_max 9100 - -# Tell kernel and SASL not to log anything --kernel error_logger silent --sasl sasl_error_logger false - -# Use kernel poll functionality if supported by emulator -+K true - -# Start a pool of asynchronous IO threads -+A 16 - -# Comment this line out to enable the interactive Erlang shell on startup -+Bd -noinput diff --git a/3.3.1/10-docker-default.ini b/3.3.1/10-docker-default.ini deleted file mode 100644 index 1aa633c..0000000 --- a/3.3.1/10-docker-default.ini +++ /dev/null @@ -1,8 +0,0 @@ -; CouchDB Configuration Settings - -; Custom settings should be made in this file. They will override settings -; in default.ini, but unlike changes made to default.ini, this file won't be -; overwritten on server upgrade. - -[chttpd] -bind_address = any diff --git a/3.3.1/Dockerfile b/3.3.1/Dockerfile deleted file mode 100644 index 90369c9..0000000 --- a/3.3.1/Dockerfile +++ /dev/null @@ -1,104 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -FROM debian:bullseye-slim - -LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" - -# Add CouchDB user account to make sure the IDs are assigned consistently -RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb - -# be sure GPG and apt-transport-https are available and functional -RUN set -ex; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - apt-transport-https \ - ca-certificates \ - dirmngr \ - gnupg \ - ; \ - rm -rf /var/lib/apt/lists/* - -# grab tini for signal handling and zombie reaping -# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends tini; \ - rm -rf /var/lib/apt/lists/*; \ - tini --version - -# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages -ENV GPG_COUCH_KEY \ -# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) - 390EF70BB1EA12B2773962950EE62FB37A00258D -RUN set -eux; \ - apt-get update; \ - apt-get install -y curl; \ - export GNUPGHOME="$(mktemp -d)"; \ - curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ - gpg --batch --import keys.asc; \ - gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ - command -v gpgconf && gpgconf --kill all || :; \ - rm -rf "$GNUPGHOME"; \ - apt-key list; \ - apt purge -y --autoremove curl; \ - rm -rf /var/lib/apt/lists/* - -ENV COUCHDB_VERSION 3.3.1 - -RUN . /etc/os-release; \ - echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ - tee /etc/apt/sources.list.d/couchdb.list >/dev/null - -# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian -RUN set -eux; \ - apt-get update; \ - \ - echo "couchdb couchdb/mode select none" | debconf-set-selections; \ -# we DO want recommends this time - DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ - couchdb="$COUCHDB_VERSION"~bullseye \ - ; \ -# Undo symlinks to /var/log and /var/lib - rmdir /var/lib/couchdb /var/log/couchdb; \ - rm /opt/couchdb/data /opt/couchdb/var/log; \ - mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ - chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ - chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ -# Remove file that sets logging to a file - rm /opt/couchdb/etc/default.d/10-filelog.ini; \ -# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh - find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ -# Setup directories and permissions for config. Technically these could be 555 and 444 respectively -# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. - find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ - find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ -# only local.d needs to be writable for the docker_entrypoint.sh - chmod -f 0777 /opt/couchdb/etc/local.d; \ -# apt clean-up - rm -rf /var/lib/apt/lists/*; - -# Add configuration -COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ -COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ - -COPY docker-entrypoint.sh /usr/local/bin -RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat -ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] - -VOLUME /opt/couchdb/data - -# 5984: Main CouchDB endpoint -# 4369: Erlang portmap daemon (epmd) -# 9100: CouchDB cluster communication port -EXPOSE 5984 4369 9100 -CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.3.1/docker-entrypoint.sh b/3.3.1/docker-entrypoint.sh deleted file mode 100755 index a8544c7..0000000 --- a/3.3.1/docker-entrypoint.sh +++ /dev/null @@ -1,122 +0,0 @@ -#!/bin/bash -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -set -e - -# first arg is `-something` or `+something` -if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then - set -- /opt/couchdb/bin/couchdb "$@" -fi - -# first arg is the bare word `couchdb` -if [ "$1" = 'couchdb' ]; then - shift - set -- /opt/couchdb/bin/couchdb "$@" -fi - -if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then - # this is where runtime configuration changes will be written. - # we need to explicitly touch it here in case /opt/couchdb/etc has - # been mounted as an external volume, in which case it won't exist. - # If running as the couchdb user (i.e. container starts as root), - # write permissions will be granted below. - touch /opt/couchdb/etc/local.d/docker.ini - - # if user is root, assume running under the couchdb user (default) - # and ensure it is able to access files and directories that may be mounted externally - if [ "$(id -u)" = '0' ]; then - # Check that we own everything in /opt/couchdb and fix if necessary. We also - # add the `-f` flag in all the following invocations because there may be - # cases where some of these ownership and permissions issues are non-fatal - # (e.g. a config file owned by root with o+r is actually fine), and we don't - # to be too aggressive about crashing here ... - find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + - - # Ensure that data files have the correct permissions. We were previously - # preventing any access to these files outside of couchdb:couchdb, but it - # turns out that CouchDB itself does not set such restrictive permissions - # when it creates the files. The approach taken here ensures that the - # contents of the datadir have the same permissions as they had when they - # were initially created. This should minimize any startup delay. - find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + - find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + - - # Do the same thing for configuration files and directories. Technically - # CouchDB only needs read access to the configuration files as all online - # changes will be applied to the "docker.ini" file below, but we set 644 - # for the sake of consistency. - find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + - find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + - fi - - if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then - echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args - fi - - if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then - # Create admin only if not already present - if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini - fi - fi - - if [ "$COUCHDB_SECRET" ]; then - # Set secret only if not already present - if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini - fi - fi - - if [ "$COUCHDB_ERLANG_COOKIE" ]; then - cookieFile='/opt/couchdb/.erlang.cookie' - if [ -e "$cookieFile" ]; then - if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then - echo >&2 - echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" - echo >&2 - fi - else - echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" - fi - chown couchdb:couchdb "$cookieFile" - chmod 600 "$cookieFile" - fi - - if [ "$(id -u)" = '0' ]; then - chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true - fi - - # if we don't find an [admins] section followed by a non-comment, display a warning - if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' -************************************************************* -ERROR: CouchDB 3.0+ will no longer run in "Admin Party" - mode. You *MUST* specify an admin user and - password, either via your own .ini file mapped - into the container at /opt/couchdb/etc/local.ini - or inside /opt/couchdb/etc/local.d, or with - "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" - to set it via "docker run". -************************************************************* -EOWARN - exit 1 - fi - - if [ "$(id -u)" = '0' ]; then - export HOME=$(echo ~couchdb) - exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@" - fi -fi - -exec "$@" diff --git a/3.3.1/vm.args b/3.3.1/vm.args deleted file mode 100644 index d606217..0000000 --- a/3.3.1/vm.args +++ /dev/null @@ -1,35 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -# Ensure that the Erlang VM listens on a known port --kernel inet_dist_listen_min 9100 --kernel inet_dist_listen_max 9100 - -# Tell kernel and SASL not to log anything --kernel error_logger silent --sasl sasl_error_logger false - -# This will toggle to true in Erlang 25+. However since we don't use global -# any longer, and have our own auto-connection module, we can keep the -# existing global behavior to avoid surprises. See -# https://github.com/erlang/otp/issues/6470#issuecomment-1337421210 for more -# information about possible increased coordination and messages being sent on -# disconnections when this setting is enabled. -# --kernel prevent_overlapping_partitions false - -# Increase the pool of dirty IO schedulers from 10 to 16 -# Dirty IO schedulers are used for file IO. -+SDio 16 - -# Comment this line out to enable the interactive Erlang shell on startup -+Bd -noinput diff --git a/3.3.2/10-docker-default.ini b/3.3.2/10-docker-default.ini deleted file mode 100644 index 1aa633c..0000000 --- a/3.3.2/10-docker-default.ini +++ /dev/null @@ -1,8 +0,0 @@ -; CouchDB Configuration Settings - -; Custom settings should be made in this file. They will override settings -; in default.ini, but unlike changes made to default.ini, this file won't be -; overwritten on server upgrade. - -[chttpd] -bind_address = any diff --git a/3.3.2/Dockerfile b/3.3.2/Dockerfile deleted file mode 100644 index 56393e8..0000000 --- a/3.3.2/Dockerfile +++ /dev/null @@ -1,104 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -FROM debian:bullseye-slim - -LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" - -# Add CouchDB user account to make sure the IDs are assigned consistently -RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb - -# be sure GPG and apt-transport-https are available and functional -RUN set -ex; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - apt-transport-https \ - ca-certificates \ - dirmngr \ - gnupg \ - ; \ - rm -rf /var/lib/apt/lists/* - -# grab tini for signal handling and zombie reaping -# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends tini; \ - rm -rf /var/lib/apt/lists/*; \ - tini --version - -# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages -ENV GPG_COUCH_KEY \ -# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) - 390EF70BB1EA12B2773962950EE62FB37A00258D -RUN set -eux; \ - apt-get update; \ - apt-get install -y curl; \ - export GNUPGHOME="$(mktemp -d)"; \ - curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ - gpg --batch --import keys.asc; \ - gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ - command -v gpgconf && gpgconf --kill all || :; \ - rm -rf "$GNUPGHOME"; \ - apt-key list; \ - apt purge -y --autoremove curl; \ - rm -rf /var/lib/apt/lists/* - -ENV COUCHDB_VERSION 3.3.2 - -RUN . /etc/os-release; \ - echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ - tee /etc/apt/sources.list.d/couchdb.list >/dev/null - -# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian -RUN set -eux; \ - apt-get update; \ - \ - echo "couchdb couchdb/mode select none" | debconf-set-selections; \ -# we DO want recommends this time - DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ - couchdb="$COUCHDB_VERSION"~bullseye \ - ; \ -# Undo symlinks to /var/log and /var/lib - rmdir /var/lib/couchdb /var/log/couchdb; \ - rm /opt/couchdb/data /opt/couchdb/var/log; \ - mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ - chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ - chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ -# Remove file that sets logging to a file - rm /opt/couchdb/etc/default.d/10-filelog.ini; \ -# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh - find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ -# Setup directories and permissions for config. Technically these could be 555 and 444 respectively -# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. - find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ - find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ -# only local.d needs to be writable for the docker_entrypoint.sh - chmod -f 0777 /opt/couchdb/etc/local.d; \ -# apt clean-up - rm -rf /var/lib/apt/lists/*; - -# Add configuration -COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ -COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ - -COPY docker-entrypoint.sh /usr/local/bin -RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat -ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] - -VOLUME /opt/couchdb/data - -# 5984: Main CouchDB endpoint -# 4369: Erlang portmap daemon (epmd) -# 9100: CouchDB cluster communication port -EXPOSE 5984 4369 9100 -CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.3.2/docker-entrypoint.sh b/3.3.2/docker-entrypoint.sh deleted file mode 100755 index a8544c7..0000000 --- a/3.3.2/docker-entrypoint.sh +++ /dev/null @@ -1,122 +0,0 @@ -#!/bin/bash -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -set -e - -# first arg is `-something` or `+something` -if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then - set -- /opt/couchdb/bin/couchdb "$@" -fi - -# first arg is the bare word `couchdb` -if [ "$1" = 'couchdb' ]; then - shift - set -- /opt/couchdb/bin/couchdb "$@" -fi - -if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then - # this is where runtime configuration changes will be written. - # we need to explicitly touch it here in case /opt/couchdb/etc has - # been mounted as an external volume, in which case it won't exist. - # If running as the couchdb user (i.e. container starts as root), - # write permissions will be granted below. - touch /opt/couchdb/etc/local.d/docker.ini - - # if user is root, assume running under the couchdb user (default) - # and ensure it is able to access files and directories that may be mounted externally - if [ "$(id -u)" = '0' ]; then - # Check that we own everything in /opt/couchdb and fix if necessary. We also - # add the `-f` flag in all the following invocations because there may be - # cases where some of these ownership and permissions issues are non-fatal - # (e.g. a config file owned by root with o+r is actually fine), and we don't - # to be too aggressive about crashing here ... - find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + - - # Ensure that data files have the correct permissions. We were previously - # preventing any access to these files outside of couchdb:couchdb, but it - # turns out that CouchDB itself does not set such restrictive permissions - # when it creates the files. The approach taken here ensures that the - # contents of the datadir have the same permissions as they had when they - # were initially created. This should minimize any startup delay. - find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + - find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + - - # Do the same thing for configuration files and directories. Technically - # CouchDB only needs read access to the configuration files as all online - # changes will be applied to the "docker.ini" file below, but we set 644 - # for the sake of consistency. - find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + - find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + - fi - - if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then - echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args - fi - - if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then - # Create admin only if not already present - if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini - fi - fi - - if [ "$COUCHDB_SECRET" ]; then - # Set secret only if not already present - if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini - fi - fi - - if [ "$COUCHDB_ERLANG_COOKIE" ]; then - cookieFile='/opt/couchdb/.erlang.cookie' - if [ -e "$cookieFile" ]; then - if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then - echo >&2 - echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" - echo >&2 - fi - else - echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" - fi - chown couchdb:couchdb "$cookieFile" - chmod 600 "$cookieFile" - fi - - if [ "$(id -u)" = '0' ]; then - chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true - fi - - # if we don't find an [admins] section followed by a non-comment, display a warning - if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOWARN' -************************************************************* -ERROR: CouchDB 3.0+ will no longer run in "Admin Party" - mode. You *MUST* specify an admin user and - password, either via your own .ini file mapped - into the container at /opt/couchdb/etc/local.ini - or inside /opt/couchdb/etc/local.d, or with - "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" - to set it via "docker run". -************************************************************* -EOWARN - exit 1 - fi - - if [ "$(id -u)" = '0' ]; then - export HOME=$(echo ~couchdb) - exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@" - fi -fi - -exec "$@" diff --git a/3.3.2/vm.args b/3.3.2/vm.args deleted file mode 100644 index d606217..0000000 --- a/3.3.2/vm.args +++ /dev/null @@ -1,35 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. - -# Ensure that the Erlang VM listens on a known port --kernel inet_dist_listen_min 9100 --kernel inet_dist_listen_max 9100 - -# Tell kernel and SASL not to log anything --kernel error_logger silent --sasl sasl_error_logger false - -# This will toggle to true in Erlang 25+. However since we don't use global -# any longer, and have our own auto-connection module, we can keep the -# existing global behavior to avoid surprises. See -# https://github.com/erlang/otp/issues/6470#issuecomment-1337421210 for more -# information about possible increased coordination and messages being sent on -# disconnections when this setting is enabled. -# --kernel prevent_overlapping_partitions false - -# Increase the pool of dirty IO schedulers from 10 to 16 -# Dirty IO schedulers are used for file IO. -+SDio 16 - -# Comment this line out to enable the interactive Erlang shell on startup -+Bd -noinput From 9c8ab9e38be7b99c6452765c27a04a9c999207b5 Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Sat, 28 Sep 2024 12:00:44 +0200 Subject: [PATCH 45/53] feat: use bookworm for 3.3.3 and update to 3.3.3-1 variant --- 3.3.3/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/3.3.3/Dockerfile b/3.3.3/Dockerfile index 16bdf32..6d86dfb 100644 --- a/3.3.3/Dockerfile +++ b/3.3.3/Dockerfile @@ -10,7 +10,7 @@ # License for the specific language governing permissions and limitations under # the License. -FROM debian:bullseye-slim +FROM debian:bookworm-slim LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" @@ -66,7 +66,7 @@ RUN set -eux; \ echo "couchdb couchdb/mode select none" | debconf-set-selections; \ # we DO want recommends this time DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ - couchdb="$COUCHDB_VERSION"~bullseye \ + couchdb="$COUCHDB_VERSION-1"~bookworm \ ; \ # Undo symlinks to /var/log and /var/lib rmdir /var/lib/couchdb /var/log/couchdb; \ From 5ff2c69df1cf1d0c8fa39e5dce4d37f18d8caefd Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Fri, 4 Oct 2024 13:54:15 +0200 Subject: [PATCH 46/53] fix: do not create an extra layer just for the chown --- 3.4.1-nouveau/Dockerfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/3.4.1-nouveau/Dockerfile b/3.4.1-nouveau/Dockerfile index b07d77a..648dc51 100644 --- a/3.4.1-nouveau/Dockerfile +++ b/3.4.1-nouveau/Dockerfile @@ -71,9 +71,10 @@ RUN set -eux; \ \ echo "couchdb-nouveau couchdb-nouveau/enable select false" | debconf-set-selections; \ DEBIAN_FRONTEND=noninteractive COUCHDB_NOUVEAU_ENABLE=1 apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages --no-install-recommends \ - couchdb-nouveau=3.4.1~bookworm; + couchdb-nouveau=3.4.1~bookworm; \ + rm -rf /var/lib/apt/lists/*; \ + chown -R nouveau:nouveau /opt/nouveau -RUN chown -R nouveau:nouveau /opt/nouveau COPY --chown=nouveau:nouveau nouveau.yaml /opt/nouveau/etc/nouveau.yaml VOLUME /opt/nouveau/data From e748fc4a483c1a651758df4900258701570d2533 Mon Sep 17 00:00:00 2001 From: Nick Vatamaniuc Date: Fri, 4 Oct 2024 18:48:36 -0400 Subject: [PATCH 47/53] One more place we forgot to cleanup the apt repo --- 3.4.1-nouveau/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/3.4.1-nouveau/Dockerfile b/3.4.1-nouveau/Dockerfile index 648dc51..ffcb96b 100644 --- a/3.4.1-nouveau/Dockerfile +++ b/3.4.1-nouveau/Dockerfile @@ -33,7 +33,8 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends \ openjdk-17-jre-headless \ - ; + ; \ + rm -rf /var/lib/apt/lists/* # grab tini for signal handling and zombie reaping # see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 From c44f447edc42377636a1e65a81dcaf3b457d6c83 Mon Sep 17 00:00:00 2001 From: Gaurav Mishra Date: Tue, 8 Oct 2024 17:23:39 +0530 Subject: [PATCH 48/53] docs(nouveau): add additional nouveau ini config Signed-off-by: Gaurav Mishra --- README.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/README.md b/README.md index b1ea30e..a9161de 100644 --- a/README.md +++ b/README.md @@ -107,6 +107,17 @@ In addition, a few environment variables are provided to set very common paramet * `NODENAME` will set the name of the CouchDB node inside the container to `couchdb@${NODENAME}`, in the file `/opt/couchdb/etc/vm.args`. This is used for clustering purposes and can be ignored for single-node setups. * Erlang Environment Variables like `ERL_FLAGS` will be used by Erlang itself. For a complete list have a look [here](http://erlang.org/doc/man/erl.html#environment-variables) +## Configure CouchDB Nouveau + +Using the `couchdb:3.4-nouveau` image with `couchdb:3.4` container, there are additional configurations required to set the communication between the containers. CouchDB by default communicates with Nouveau at `http://localhost:5987`, which would now be running in a different container. To enable the communication, the CouchDB container should know the location of Nouveau location and enable the configuration. This can be done by puting following configuration file at `/opt/couchdb/etc/local.d/nouveau.ini` in the CouchDB container. + +```ini +[nouveau] +enable = true +url = http://couchdb-nouveau:5987 +``` + +**Note:** Replace the location in the URL. # Caveats From 50ced4111eaaa75672378ffb8b09d019eff7de75 Mon Sep 17 00:00:00 2001 From: Gaurav Mishra Date: Tue, 8 Oct 2024 17:37:12 +0530 Subject: [PATCH 49/53] docs(nouveau): add compose example with nouveau Signed-off-by: Gaurav Mishra --- nouveau-compose/README.md | 55 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 nouveau-compose/README.md diff --git a/nouveau-compose/README.md b/nouveau-compose/README.md new file mode 100644 index 0000000..bfe27f4 --- /dev/null +++ b/nouveau-compose/README.md @@ -0,0 +1,55 @@ +standard `docker-compose.yml`. + +```shell +mkdir -p ./config/couchdb +``` + +**./config/couchdb/nouveau.ini** +```ini +[nouveau] +enable = true +url = http://couchdb-nouveau:5987 +``` + +**docker-compose.yml** +*This yaml expose 5984 to the host network, if you already using the 5984 change it on the yaml +```yaml +services: + couchdb: + image: couchdb:3.4.1 + restart: unless-stopped + ports: + - 5984:5984 + environment: + - ERL_FLAGS=-setcookie monster + - COUCHDB_CREATE_DATABASE=yes + depends_on: + - couchdb-nouveau + volumes: + - couchdb:/opt/couchdb/data + - ./config/couchdb/nouveau.ini:/opt/couchdb/etc/local.d/nouveau.ini + healthcheck: + test: ["CMD-SHELL", "curl --fail -s http://couchdb:5984/_up"] + interval: 30s + timeout: 5s + retries: 5 + + couchdb-nouveau: + image: couchdb:3.4.1-nouveau +# ports: +# - "5987:5987" +# - "5988:5988" + +networks: + default: + name: couchdb-net +``` + +```shell +docker-compose up +``` + +Check it http://127.0.0.1:5984 + +The _trick_ is the `./config/couchdb/nouveau.ini` defines the `couchdb-nouveau` to be running on docker network service named `couchdb-nouveau`. So the port (5987) mapped to the nouveau container. + From 734c61f2a9421637ff58be225665477be52dd4b7 Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Tue, 22 Oct 2024 11:31:15 +0200 Subject: [PATCH 50/53] feat: add 3.4.2 and 3.4.2-nouveau --- 3.4.2-nouveau/Dockerfile | 88 ++++++++++++++++++++++++++ 3.4.2-nouveau/nouveau.yaml | 27 ++++++++ 3.4.2/10-docker-default.ini | 8 +++ 3.4.2/Dockerfile | 104 ++++++++++++++++++++++++++++++ 3.4.2/docker-entrypoint.sh | 122 ++++++++++++++++++++++++++++++++++++ 3.4.2/vm.args | 47 ++++++++++++++ README.md | 1 + 7 files changed, 397 insertions(+) create mode 100644 3.4.2-nouveau/Dockerfile create mode 100644 3.4.2-nouveau/nouveau.yaml create mode 100644 3.4.2/10-docker-default.ini create mode 100644 3.4.2/Dockerfile create mode 100755 3.4.2/docker-entrypoint.sh create mode 100644 3.4.2/vm.args diff --git a/3.4.2-nouveau/Dockerfile b/3.4.2-nouveau/Dockerfile new file mode 100644 index 0000000..36b4b98 --- /dev/null +++ b/3.4.2-nouveau/Dockerfile @@ -0,0 +1,88 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:bookworm-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r nouveau && useradd -u 5984 -d /opt/nouveau -g nouveau nouveau + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# Nouveau wants a JRE/JDK +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + openjdk-17-jre-headless \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends tini; \ + rm -rf /var/lib/apt/lists/*; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + +ENV GPG_COUCH_KEY 390EF70BB1EA12B2773962950EE62FB37A00258D + +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* + +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ bookworm main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb-nouveau couchdb-nouveau/enable select false" | debconf-set-selections; \ + DEBIAN_FRONTEND=noninteractive COUCHDB_NOUVEAU_ENABLE=1 apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages --no-install-recommends \ + couchdb-nouveau=3.4.2~bookworm; \ + rm -rf /var/lib/apt/lists/*; \ + chown -R nouveau:nouveau /opt/nouveau + +COPY --chown=nouveau:nouveau nouveau.yaml /opt/nouveau/etc/nouveau.yaml + +VOLUME /opt/nouveau/data + +# 5987: Nouveau App +# 5988: Nouveau Admin +EXPOSE 5987 5988 + +# TODO: re-add tini +CMD ["/usr/bin/java", "-server", "-Djava.awt.headless=true", "-Xmx2g", "-jar", "/opt/nouveau/lib/nouveau-1.0-SNAPSHOT.jar", "server", "/opt/nouveau/etc/nouveau.yaml"] diff --git a/3.4.2-nouveau/nouveau.yaml b/3.4.2-nouveau/nouveau.yaml new file mode 100644 index 0000000..5750942 --- /dev/null +++ b/3.4.2-nouveau/nouveau.yaml @@ -0,0 +1,27 @@ +maxIndexesOpen: 3000 +commitIntervalSeconds: 30 +idleSeconds: 60 +rootDir: ./data/nouveau + +logging: + level: INFO + +server: + applicationConnectors: + - type: http + bindHost: 0.0.0.0 + port: 5987 + useDateHeader: false + adminConnectors: + - type: http + bindHost: 0.0.0.0 + port: 5988 + useDateHeader: false + gzip: + includedMethods: + - GET + - POST + requestLog: + appenders: + - type: console + target: stderr diff --git a/3.4.2/10-docker-default.ini b/3.4.2/10-docker-default.ini new file mode 100644 index 0000000..1aa633c --- /dev/null +++ b/3.4.2/10-docker-default.ini @@ -0,0 +1,8 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any diff --git a/3.4.2/Dockerfile b/3.4.2/Dockerfile new file mode 100644 index 0000000..95688b0 --- /dev/null +++ b/3.4.2/Dockerfile @@ -0,0 +1,104 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:bookworm-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends tini; \ + rm -rf /var/lib/apt/lists/*; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +ENV GPG_COUCH_KEY \ +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + 390EF70BB1EA12B2773962950EE62FB37A00258D +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* + +ENV COUCHDB_VERSION 3.4.2 + +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb couchdb/mode select none" | debconf-set-selections; \ +# we DO want recommends this time + DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ + couchdb="$COUCHDB_VERSION"~bookworm \ + ; \ +# Undo symlinks to /var/log and /var/lib + rmdir /var/lib/couchdb /var/log/couchdb; \ + rm /opt/couchdb/data /opt/couchdb/var/log; \ + mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ + chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ + chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ +# Remove file that sets logging to a file + rm /opt/couchdb/etc/default.d/10-filelog.ini; \ +# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ +# Setup directories and permissions for config. Technically these could be 555 and 444 respectively +# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ +# only local.d needs to be writable for the docker_entrypoint.sh + chmod -f 0777 /opt/couchdb/etc/local.d; \ +# apt clean-up + rm -rf /var/lib/apt/lists/*; + +# Add configuration +COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ + +COPY docker-entrypoint.sh /usr/local/bin +RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] + +VOLUME /opt/couchdb/data + +# 5984: Main CouchDB endpoint +# 4369: Erlang portmap daemon (epmd) +# 9100: CouchDB cluster communication port +EXPOSE 5984 4369 9100 +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.4.2/docker-entrypoint.sh b/3.4.2/docker-entrypoint.sh new file mode 100755 index 0000000..a8544c7 --- /dev/null +++ b/3.4.2/docker-entrypoint.sh @@ -0,0 +1,122 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # this is where runtime configuration changes will be written. + # we need to explicitly touch it here in case /opt/couchdb/etc has + # been mounted as an external volume, in which case it won't exist. + # If running as the couchdb user (i.e. container starts as root), + # write permissions will be granted below. + touch /opt/couchdb/etc/local.d/docker.ini + + # if user is root, assume running under the couchdb user (default) + # and ensure it is able to access files and directories that may be mounted externally + if [ "$(id -u)" = '0' ]; then + # Check that we own everything in /opt/couchdb and fix if necessary. We also + # add the `-f` flag in all the following invocations because there may be + # cases where some of these ownership and permissions issues are non-fatal + # (e.g. a config file owned by root with o+r is actually fine), and we don't + # to be too aggressive about crashing here ... + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + + + # Ensure that data files have the correct permissions. We were previously + # preventing any access to these files outside of couchdb:couchdb, but it + # turns out that CouchDB itself does not set such restrictive permissions + # when it creates the files. The approach taken here ensures that the + # contents of the datadir have the same permissions as they had when they + # were initially created. This should minimize any startup delay. + find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + + # Do the same thing for configuration files and directories. Technically + # CouchDB only needs read access to the configuration files as all online + # changes will be applied to the "docker.ini" file below, but we set 644 + # for the sake of consistency. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + fi + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_SECRET" ]; then + # Set secret only if not already present + if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_ERLANG_COOKIE" ]; then + cookieFile='/opt/couchdb/.erlang.cookie' + if [ -e "$cookieFile" ]; then + if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then + echo >&2 + echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" + echo >&2 + fi + else + echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" + fi + chown couchdb:couchdb "$cookieFile" + chmod 600 "$cookieFile" + fi + + if [ "$(id -u)" = '0' ]; then + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + fi + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' +************************************************************* +ERROR: CouchDB 3.0+ will no longer run in "Admin Party" + mode. You *MUST* specify an admin user and + password, either via your own .ini file mapped + into the container at /opt/couchdb/etc/local.ini + or inside /opt/couchdb/etc/local.d, or with + "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it via "docker run". +************************************************************* +EOWARN + exit 1 + fi + + if [ "$(id -u)" = '0' ]; then + export HOME=$(echo ~couchdb) + exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@" + fi +fi + +exec "$@" diff --git a/3.4.2/vm.args b/3.4.2/vm.args new file mode 100644 index 0000000..aeee1e4 --- /dev/null +++ b/3.4.2/vm.args @@ -0,0 +1,47 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# This will toggle to true in Erlang 25+. However since we don't use global +# any longer, and have our own auto-connection module, we can keep the +# existing global behavior to avoid surprises. See +# https://github.com/erlang/otp/issues/6470#issuecomment-1337421210 for more +# information about possible increased coordination and messages being sent on +# disconnections when this setting is enabled. +# +-kernel prevent_overlapping_partitions false + +# Increase the pool of dirty IO schedulers from 10 to 16 +# Dirty IO schedulers are used for file IO. ++SDio 16 + +# Increase distribution buffer size from default of 1MB to 32MB. The default is +# usually a bit low on busy clusters. Has no effect for single-node setups. +# The unit is in kilobytes. ++zdbbl 32768 + +# When running on Docker, Kubernetes or an OS using CFS (Completely Fair +# Scheduler) with CPU quota limits set, disable busy waiting for schedulers to +# avoid busy waiting consuming too much of Erlang VM's CPU time-slice shares. ++sbwt none ++sbwtdcpu none ++sbwtdio none + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput diff --git a/README.md b/README.md index a9161de..7af8459 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,7 @@ There may be more tags available, but these tags should always exist: - `2`: The very latest CouchDB 2.x single node release (capable of running in a cluster) As of this writing, the latest numbered tags available are: +- `3.4.2` - `3.4.1` - `3.3.3` - `3.3.2` From 8a7dfc18fe8a9ba55a1c544ee3416f945dbb94ad Mon Sep 17 00:00:00 2001 From: Nick Vatamaniuc Date: Mon, 17 Mar 2025 17:23:16 -0400 Subject: [PATCH 51/53] Add 3.4.3 and 3.4.3-nouveau --- 3.4.3-nouveau/Dockerfile | 88 ++++++++++++++++++++++++++ 3.4.3-nouveau/nouveau.yaml | 27 ++++++++ 3.4.3/10-docker-default.ini | 8 +++ 3.4.3/Dockerfile | 104 ++++++++++++++++++++++++++++++ 3.4.3/docker-entrypoint.sh | 122 ++++++++++++++++++++++++++++++++++++ 3.4.3/vm.args | 47 ++++++++++++++ README.md | 1 + 7 files changed, 397 insertions(+) create mode 100644 3.4.3-nouveau/Dockerfile create mode 100644 3.4.3-nouveau/nouveau.yaml create mode 100644 3.4.3/10-docker-default.ini create mode 100644 3.4.3/Dockerfile create mode 100755 3.4.3/docker-entrypoint.sh create mode 100644 3.4.3/vm.args diff --git a/3.4.3-nouveau/Dockerfile b/3.4.3-nouveau/Dockerfile new file mode 100644 index 0000000..343940b --- /dev/null +++ b/3.4.3-nouveau/Dockerfile @@ -0,0 +1,88 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:bookworm-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r nouveau && useradd -u 5984 -d /opt/nouveau -g nouveau nouveau + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# Nouveau wants a JRE/JDK +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + openjdk-17-jre-headless \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends tini; \ + rm -rf /var/lib/apt/lists/*; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + +ENV GPG_COUCH_KEY 390EF70BB1EA12B2773962950EE62FB37A00258D + +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* + +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ bookworm main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb-nouveau couchdb-nouveau/enable select false" | debconf-set-selections; \ + DEBIAN_FRONTEND=noninteractive COUCHDB_NOUVEAU_ENABLE=1 apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages --no-install-recommends \ + couchdb-nouveau=3.4.3~bookworm; \ + rm -rf /var/lib/apt/lists/*; \ + chown -R nouveau:nouveau /opt/nouveau + +COPY --chown=nouveau:nouveau nouveau.yaml /opt/nouveau/etc/nouveau.yaml + +VOLUME /opt/nouveau/data + +# 5987: Nouveau App +# 5988: Nouveau Admin +EXPOSE 5987 5988 + +# TODO: re-add tini +CMD ["/usr/bin/java", "-server", "-Djava.awt.headless=true", "-Xmx2g", "-jar", "/opt/nouveau/lib/nouveau-1.0-SNAPSHOT.jar", "server", "/opt/nouveau/etc/nouveau.yaml"] diff --git a/3.4.3-nouveau/nouveau.yaml b/3.4.3-nouveau/nouveau.yaml new file mode 100644 index 0000000..5750942 --- /dev/null +++ b/3.4.3-nouveau/nouveau.yaml @@ -0,0 +1,27 @@ +maxIndexesOpen: 3000 +commitIntervalSeconds: 30 +idleSeconds: 60 +rootDir: ./data/nouveau + +logging: + level: INFO + +server: + applicationConnectors: + - type: http + bindHost: 0.0.0.0 + port: 5987 + useDateHeader: false + adminConnectors: + - type: http + bindHost: 0.0.0.0 + port: 5988 + useDateHeader: false + gzip: + includedMethods: + - GET + - POST + requestLog: + appenders: + - type: console + target: stderr diff --git a/3.4.3/10-docker-default.ini b/3.4.3/10-docker-default.ini new file mode 100644 index 0000000..1aa633c --- /dev/null +++ b/3.4.3/10-docker-default.ini @@ -0,0 +1,8 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any diff --git a/3.4.3/Dockerfile b/3.4.3/Dockerfile new file mode 100644 index 0000000..e60b209 --- /dev/null +++ b/3.4.3/Dockerfile @@ -0,0 +1,104 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:bookworm-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends tini; \ + rm -rf /var/lib/apt/lists/*; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +ENV GPG_COUCH_KEY \ +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + 390EF70BB1EA12B2773962950EE62FB37A00258D +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* + +ENV COUCHDB_VERSION 3.4.3 + +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb couchdb/mode select none" | debconf-set-selections; \ +# we DO want recommends this time + DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ + couchdb="$COUCHDB_VERSION"~bookworm \ + ; \ +# Undo symlinks to /var/log and /var/lib + rmdir /var/lib/couchdb /var/log/couchdb; \ + rm /opt/couchdb/data /opt/couchdb/var/log; \ + mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ + chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ + chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ +# Remove file that sets logging to a file + rm /opt/couchdb/etc/default.d/10-filelog.ini; \ +# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ +# Setup directories and permissions for config. Technically these could be 555 and 444 respectively +# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ +# only local.d needs to be writable for the docker_entrypoint.sh + chmod -f 0777 /opt/couchdb/etc/local.d; \ +# apt clean-up + rm -rf /var/lib/apt/lists/*; + +# Add configuration +COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ + +COPY docker-entrypoint.sh /usr/local/bin +RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] + +VOLUME /opt/couchdb/data + +# 5984: Main CouchDB endpoint +# 4369: Erlang portmap daemon (epmd) +# 9100: CouchDB cluster communication port +EXPOSE 5984 4369 9100 +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.4.3/docker-entrypoint.sh b/3.4.3/docker-entrypoint.sh new file mode 100755 index 0000000..a8544c7 --- /dev/null +++ b/3.4.3/docker-entrypoint.sh @@ -0,0 +1,122 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # this is where runtime configuration changes will be written. + # we need to explicitly touch it here in case /opt/couchdb/etc has + # been mounted as an external volume, in which case it won't exist. + # If running as the couchdb user (i.e. container starts as root), + # write permissions will be granted below. + touch /opt/couchdb/etc/local.d/docker.ini + + # if user is root, assume running under the couchdb user (default) + # and ensure it is able to access files and directories that may be mounted externally + if [ "$(id -u)" = '0' ]; then + # Check that we own everything in /opt/couchdb and fix if necessary. We also + # add the `-f` flag in all the following invocations because there may be + # cases where some of these ownership and permissions issues are non-fatal + # (e.g. a config file owned by root with o+r is actually fine), and we don't + # to be too aggressive about crashing here ... + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + + + # Ensure that data files have the correct permissions. We were previously + # preventing any access to these files outside of couchdb:couchdb, but it + # turns out that CouchDB itself does not set such restrictive permissions + # when it creates the files. The approach taken here ensures that the + # contents of the datadir have the same permissions as they had when they + # were initially created. This should minimize any startup delay. + find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + + # Do the same thing for configuration files and directories. Technically + # CouchDB only needs read access to the configuration files as all online + # changes will be applied to the "docker.ini" file below, but we set 644 + # for the sake of consistency. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + fi + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_SECRET" ]; then + # Set secret only if not already present + if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_ERLANG_COOKIE" ]; then + cookieFile='/opt/couchdb/.erlang.cookie' + if [ -e "$cookieFile" ]; then + if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then + echo >&2 + echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" + echo >&2 + fi + else + echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" + fi + chown couchdb:couchdb "$cookieFile" + chmod 600 "$cookieFile" + fi + + if [ "$(id -u)" = '0' ]; then + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + fi + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' +************************************************************* +ERROR: CouchDB 3.0+ will no longer run in "Admin Party" + mode. You *MUST* specify an admin user and + password, either via your own .ini file mapped + into the container at /opt/couchdb/etc/local.ini + or inside /opt/couchdb/etc/local.d, or with + "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it via "docker run". +************************************************************* +EOWARN + exit 1 + fi + + if [ "$(id -u)" = '0' ]; then + export HOME=$(echo ~couchdb) + exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@" + fi +fi + +exec "$@" diff --git a/3.4.3/vm.args b/3.4.3/vm.args new file mode 100644 index 0000000..aeee1e4 --- /dev/null +++ b/3.4.3/vm.args @@ -0,0 +1,47 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# This will toggle to true in Erlang 25+. However since we don't use global +# any longer, and have our own auto-connection module, we can keep the +# existing global behavior to avoid surprises. See +# https://github.com/erlang/otp/issues/6470#issuecomment-1337421210 for more +# information about possible increased coordination and messages being sent on +# disconnections when this setting is enabled. +# +-kernel prevent_overlapping_partitions false + +# Increase the pool of dirty IO schedulers from 10 to 16 +# Dirty IO schedulers are used for file IO. ++SDio 16 + +# Increase distribution buffer size from default of 1MB to 32MB. The default is +# usually a bit low on busy clusters. Has no effect for single-node setups. +# The unit is in kilobytes. ++zdbbl 32768 + +# When running on Docker, Kubernetes or an OS using CFS (Completely Fair +# Scheduler) with CPU quota limits set, disable busy waiting for schedulers to +# avoid busy waiting consuming too much of Erlang VM's CPU time-slice shares. ++sbwt none ++sbwtdcpu none ++sbwtdio none + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput diff --git a/README.md b/README.md index 7af8459..4f40ba8 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,7 @@ There may be more tags available, but these tags should always exist: - `2`: The very latest CouchDB 2.x single node release (capable of running in a cluster) As of this writing, the latest numbered tags available are: +- `3.4.3` - `3.4.2` - `3.4.1` - `3.3.3` From d9ab5e527fc912b0a308f88b5fcc6bafcb3ee7fd Mon Sep 17 00:00:00 2001 From: Nick Vatamaniuc Date: Fri, 21 Mar 2025 19:15:15 -0400 Subject: [PATCH 52/53] Clean up unused bits from build.sh We only use buildx Remove auto buildx setup. That breaks users' buildx contexts and leaves it modified. Docker nowadays setups setup buildx fairly well and there is no need to do all the experimental stuff. --- build.sh | 217 ------------------------------------------------------- 1 file changed, 217 deletions(-) diff --git a/build.sh b/build.sh index 0b14039..ab8f775 100755 --- a/build.sh +++ b/build.sh @@ -31,72 +31,20 @@ set -e -PROMPT="Are you sure (y/n)? " -QEMU="YES" -PLATFORMS="amd64 arm64v8 s390x" BUILDX_PLATFORMS="linux/amd64,linux/arm64/v8,linux/s390x" # Temporarily disable ppc64le because https://github.com/apache/couchdb-pkg/commit/365d07ce43d9d6d9c3377dd08dc8fc5f656a11bf -# See also lines 163, 170, 171 -# PLATFORMS="amd64 arm64v8 ppc64le s390x" -# BUILDX_PLATFORMS="linux/amd64,linux/arm64/v8,linux/ppc64le,linux/s390x" - -prompt() { - if [ -z "${PROMPT}" ] - then - return - fi - if [ "$1" ] - then - echo "$1" - fi - read -p "${PROMPT}" - if [[ $REPLY =~ ^[Yy]$ ]] - then - return - else - exit 0 - fi -} - -update_qemu() { - # necessary locally after every reboot, not sure why....update related maybe? - # basically harmless to run everytime, except for elevated privs necessary. - # disable with -n flag - # NOTE multiarch/qemu-user-static broken as of Jan 2021 - # docker rmi multiarch/qemu-user-static >/dev/null 2>&1 || true - # docker run --rm --privileged multiarch/qemu-user-static --reset -p yes - # docker rmi multiarch/qemu-user-static - # use tonistiigi/binfmt instead. - echo "Uninstalling all qemu emulators..." - for plat in $(docker run --privileged tonistiigi/binfmt | jq -c '.emulators[] | select(. | contains("qemu"))'); do - plat="${plat//\"}" - docker run --privileged tonistiigi/binfmt --uninstall $plat >/dev/null 2>&1 - done - - echo "Reinstalling all qemu emulators with latest version..." - docker run --privileged --rm tonistiigi/binfmt --install all - - echo "Proving all emulators work..." - docker run --rm arm32v7/alpine uname -a - docker run --rm arm64v8/alpine uname -a - docker run --rm s390x/alpine uname -a - docker run --rm tonistiigi/debian:riscv uname -a -} clean() { echo $# if [ $# -eq 0 ] then regex="*" - ADD_PROMPT="This will remove *ALL* local apache/couchdb Docker images!" elif [ $# -eq 1 ] then regex=$1 - ADD_PROMPT="This will remove *ALL* apache/couchdb images matching regex '${1}' !" else usage fi - prompt "${ADD_PROMPT}" docker images --filter=reference="apache/couchdb:${regex}" | tr -s ' ' | cut -d ' ' -f 2 | while read tag do @@ -108,76 +56,6 @@ clean() { done } -# Builds a specific version -build() { - VERSION=$1 - ARCH=${2:-amd64} - FROMIMG="$(awk '$1 == toupper("FROM") { print $2; exit; }' $VERSION/Dockerfile)" - echo ${FROMIMG} - CURRARCH="$(docker run --rm -t ${FROMIMG} uname -m | sed -e 's/[[:space:]]*$//')" - if [ "${CURRARCH}" == "x86_64" ] - then - CURRARCH="amd64" - fi - - if [ "${CURRARCH}" != "${ARCH}" ] - then - if [[ "${FROMIMG}" == *"redhat.com"* ]] - then - echo "Script does not handle multiarch for ubi images. Please fix me!" - exit 1 - fi - docker rmi ${FROMIMG} - docker pull "${ARCH}/${FROMIMG}" - docker tag "${ARCH}/${FROMIMG}" "${FROMIMG}" - fi - docker build -t apache/couchdb:${ARCH}-${VERSION} ${VERSION} - echo "CouchDB ${VERSION} for ${ARCH} built as apache/couchdb:${ARCH}-${VERSION}." -} - -# Builds all platforms for a specific version, local only -# We can't do this with docker buildx, see https://github.com/docker/buildx/issues/166#issuecomment-562729523 -build-all() { - VERSION=$1 - for ARCH in ${PLATFORMS}; do - echo "Starting ${ARCH} at $(date)..." - build $1 ${ARCH} - echo "" - done -} - -# Push locally built versions using above technique -push() { - if [ $2 ] - then - tag_as=$2 - else - tag_as=$1 - fi - docker manifest create apache/couchdb:$tag_as \ - apache/couchdb:amd64-$1 \ - apache/couchdb:arm64v8-$1 \ -# Temporarily disable ppc64le because https://github.com/apache/couchdb-pkg/commit/365d07ce43d9d6d9c3377dd08dc8fc5f656a11bf -# See also line 38 -# apache/couchdb:ppc64le-$1 \ - apache/couchdb:s390x-$1 - - docker manifest annotate apache/couchdb:$tag_as \ - apache/couchdb:arm64v8-$1 --os linux --arch arm64 --variant v8 - - # Temporarily disable ppc64le because https://github.com/apache/couchdb-pkg/commit/365d07ce43d9d6d9c3377dd08dc8fc5f656a11bf - # See also line 38 - # docker manifest annotate apache/couchdb:$tag_as \ - # apache/couchdb:ppc64le-$1 --os linux --arch ppc64le - - docker manifest annotate apache/couchdb:$tag_as \ - apache/couchdb:s390x-$1 --os linux --arch s390x - - docker manifest push --purge apache/couchdb:$tag_as - - docker manifest inspect apache/couchdb:$tag_as -} - # Builds all platforms for a specific version and pushes to the registry buildx() { if [ $2 ] @@ -186,25 +64,11 @@ buildx() { else tag_as=$1 fi - docker buildx rm apache-couchdb >/dev/null 2>&1 || true - - echo "Creating the buildx environment..." - docker buildx create --name apache-couchdb --driver docker-container --use - docker buildx use apache-couchdb - docker buildx inspect --bootstrap echo "Starting buildx build at $(date)..." docker buildx build --platform ${BUILDX_PLATFORMS} --tag apache/couchdb:$tag_as --push $1 echo "" - # build nouveau - docker buildx rm apache-couchdb-nouveau >/dev/null 2>&1 || true - - echo "Creating the buildx nouveau environment..." - docker buildx create --name apache-couchdb-nouveau --driver docker-container --use - docker buildx use apache-couchdb-nouveau - docker buildx inspect --bootstrap - echo "Starting buildx nouveau build at $(date)..." docker buildx build --platform ${BUILDX_PLATFORMS} --tag apache/couchdb:${tag_as}-nouveau --push $1-nouveau echo "" @@ -214,34 +78,10 @@ usage() { cat << EOF $0 <-f> <-n> [OPTIONS] -Options: - -f Skip confirmation prompt. - -n Do not install QEMU and binfmt_misc - (build commands only) - General commands: clean Removes ALL local apache/couchdb images (!!) clean Removes ALL local images with matching tags. -\`docker build\` commands: - version #.#.# [all] Builds all platforms for supplied version - Each platform is tagged -. - - version #.#.# Builds only the specified version and arch. - - push #.#.# [as ] Pushes locally-built versions as a multi-arch - manifest. If \`as \` is specified, - pushes the manifest using that tag instead. - -Example workflow: - $0 clean *2.9.7* - $0 version 2.9.7 all - - $0 push 2.9.7 - $0 push 2.9.7 as 2.9 - $0 push 2.9.7 as 2 - $0 push 2.9.7 as latest - \`docker buildx\` commands: buildx #.#.# Builds *and pushes* all platforms for supplied version, using docker buildx. Built images must @@ -261,12 +101,6 @@ Example workflow: docker manifest inspect apache/couchdb:2.9.7 docker pull <--platform linux/other-arch> apache/couchdb:2.9.7 (for testing) - -NOTE: Requires Docker 19.03+ with experimental features enabled. - Add { "experimental" : "true" } to /etc/docker/daemon.json, then - add { "experimental": "enabled" } to ~/.docker/config.json, then - restart the Docker daemon. - EOF exit 0 } @@ -281,14 +115,6 @@ do set -f key="$1" case $key in - -f|--force) - unset PROMPT - shift - ;; - -n|--no-qemu) - unset QEMU - shift - ;; *) POSITIONAL+=("$1") shift @@ -307,45 +133,6 @@ case "$1" in clean $* set +f ;; - version) - # builds a specific version using docker build - # validate/reinstall QEMU - if [ ${QEMU} ] - then - update_qemu - fi - shift - if [ $# -lt 1 -o $# -gt 3 ] - then - usage - fi - # version #.#.# all - if [ "$2" = "all" ] - then - # build all the platforms and test them locally - build-all $1 - else - # build a specific platform locally - build $1 $2 - fi - ;; - push) - # pushes already built local versions as manifest - shift - if [ $# -ne 1 -a $# -ne 3 ] - then - usage - fi - if [ $# -eq 1 ] - then - push $1 - elif [ $2 = "as" ] - then - push $1 $3 - else - usage - fi - ;; buildx) # builds and pushes using docker buildx shift @@ -353,10 +140,6 @@ case "$1" in then usage fi - if [ ${QEMU} ] - then - update_qemu - fi if [ $# -eq 1 ] then buildx $1 From 2660034027fec97097f88afcc6f8a4416c364b24 Mon Sep 17 00:00:00 2001 From: Nick Vatamaniuc Date: Mon, 5 May 2025 21:57:41 -0400 Subject: [PATCH 53/53] New release 3.5.0 --- 3.5.0-nouveau/Dockerfile | 88 ++++++++++++++++++++++++++ 3.5.0-nouveau/nouveau.yaml | 27 ++++++++ 3.5.0/10-docker-default.ini | 8 +++ 3.5.0/Dockerfile | 104 ++++++++++++++++++++++++++++++ 3.5.0/docker-entrypoint.sh | 122 ++++++++++++++++++++++++++++++++++++ 3.5.0/vm.args | 47 ++++++++++++++ README.md | 1 + 7 files changed, 397 insertions(+) create mode 100644 3.5.0-nouveau/Dockerfile create mode 100644 3.5.0-nouveau/nouveau.yaml create mode 100644 3.5.0/10-docker-default.ini create mode 100644 3.5.0/Dockerfile create mode 100755 3.5.0/docker-entrypoint.sh create mode 100644 3.5.0/vm.args diff --git a/3.5.0-nouveau/Dockerfile b/3.5.0-nouveau/Dockerfile new file mode 100644 index 0000000..1215edb --- /dev/null +++ b/3.5.0-nouveau/Dockerfile @@ -0,0 +1,88 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:bookworm-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r nouveau && useradd -u 5984 -d /opt/nouveau -g nouveau nouveau + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# Nouveau wants a JRE/JDK +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + openjdk-17-jre-headless \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends tini; \ + rm -rf /var/lib/apt/lists/*; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + +ENV GPG_COUCH_KEY 390EF70BB1EA12B2773962950EE62FB37A00258D + +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* + +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ bookworm main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb-nouveau couchdb-nouveau/enable select false" | debconf-set-selections; \ + DEBIAN_FRONTEND=noninteractive COUCHDB_NOUVEAU_ENABLE=1 apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages --no-install-recommends \ + couchdb-nouveau=3.5.0~bookworm; \ + rm -rf /var/lib/apt/lists/*; \ + chown -R nouveau:nouveau /opt/nouveau + +COPY --chown=nouveau:nouveau nouveau.yaml /opt/nouveau/etc/nouveau.yaml + +VOLUME /opt/nouveau/data + +# 5987: Nouveau App +# 5988: Nouveau Admin +EXPOSE 5987 5988 + +# TODO: re-add tini +CMD ["/usr/bin/java", "-server", "-Djava.awt.headless=true", "-Xmx2g", "-jar", "/opt/nouveau/lib/nouveau-1.0-SNAPSHOT.jar", "server", "/opt/nouveau/etc/nouveau.yaml"] diff --git a/3.5.0-nouveau/nouveau.yaml b/3.5.0-nouveau/nouveau.yaml new file mode 100644 index 0000000..5750942 --- /dev/null +++ b/3.5.0-nouveau/nouveau.yaml @@ -0,0 +1,27 @@ +maxIndexesOpen: 3000 +commitIntervalSeconds: 30 +idleSeconds: 60 +rootDir: ./data/nouveau + +logging: + level: INFO + +server: + applicationConnectors: + - type: http + bindHost: 0.0.0.0 + port: 5987 + useDateHeader: false + adminConnectors: + - type: http + bindHost: 0.0.0.0 + port: 5988 + useDateHeader: false + gzip: + includedMethods: + - GET + - POST + requestLog: + appenders: + - type: console + target: stderr diff --git a/3.5.0/10-docker-default.ini b/3.5.0/10-docker-default.ini new file mode 100644 index 0000000..1aa633c --- /dev/null +++ b/3.5.0/10-docker-default.ini @@ -0,0 +1,8 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[chttpd] +bind_address = any diff --git a/3.5.0/Dockerfile b/3.5.0/Dockerfile new file mode 100644 index 0000000..efdcb69 --- /dev/null +++ b/3.5.0/Dockerfile @@ -0,0 +1,104 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM debian:bookworm-slim + +LABEL maintainer="CouchDB Developers dev@couchdb.apache.org" + +# Add CouchDB user account to make sure the IDs are assigned consistently +RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb + +# be sure GPG and apt-transport-https are available and functional +RUN set -ex; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + ; \ + rm -rf /var/lib/apt/lists/* + +# grab tini for signal handling and zombie reaping +# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends tini; \ + rm -rf /var/lib/apt/lists/*; \ + tini --version + +# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages +ENV GPG_COUCH_KEY \ +# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) + 390EF70BB1EA12B2773962950EE62FB37A00258D +RUN set -eux; \ + apt-get update; \ + apt-get install -y curl; \ + export GNUPGHOME="$(mktemp -d)"; \ + curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \ + gpg --batch --import keys.asc; \ + gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -rf "$GNUPGHOME"; \ + apt-key list; \ + apt purge -y --autoremove curl; \ + rm -rf /var/lib/apt/lists/* + +ENV COUCHDB_VERSION 3.5.0 + +RUN . /etc/os-release; \ + echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \ + tee /etc/apt/sources.list.d/couchdb.list >/dev/null + +# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian +RUN set -eux; \ + apt-get update; \ + \ + echo "couchdb couchdb/mode select none" | debconf-set-selections; \ +# we DO want recommends this time + DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ + couchdb="$COUCHDB_VERSION"~bookworm \ + ; \ +# Undo symlinks to /var/log and /var/lib + rmdir /var/lib/couchdb /var/log/couchdb; \ + rm /opt/couchdb/data /opt/couchdb/var/log; \ + mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \ + chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \ + chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \ +# Remove file that sets logging to a file + rm /opt/couchdb/etc/default.d/10-filelog.ini; \ +# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \ +# Setup directories and permissions for config. Technically these could be 555 and 444 respectively +# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \ +# only local.d needs to be writable for the docker_entrypoint.sh + chmod -f 0777 /opt/couchdb/etc/local.d; \ +# apt clean-up + rm -rf /var/lib/apt/lists/*; + +# Add configuration +COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/ +COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/ + +COPY docker-entrypoint.sh /usr/local/bin +RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat +ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"] + +VOLUME /opt/couchdb/data + +# 5984: Main CouchDB endpoint +# 4369: Erlang portmap daemon (epmd) +# 9100: CouchDB cluster communication port +EXPOSE 5984 4369 9100 +CMD ["/opt/couchdb/bin/couchdb"] diff --git a/3.5.0/docker-entrypoint.sh b/3.5.0/docker-entrypoint.sh new file mode 100755 index 0000000..a8544c7 --- /dev/null +++ b/3.5.0/docker-entrypoint.sh @@ -0,0 +1,122 @@ +#!/bin/bash +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +set -e + +# first arg is `-something` or `+something` +if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then + set -- /opt/couchdb/bin/couchdb "$@" +fi + +# first arg is the bare word `couchdb` +if [ "$1" = 'couchdb' ]; then + shift + set -- /opt/couchdb/bin/couchdb "$@" +fi + +if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then + # this is where runtime configuration changes will be written. + # we need to explicitly touch it here in case /opt/couchdb/etc has + # been mounted as an external volume, in which case it won't exist. + # If running as the couchdb user (i.e. container starts as root), + # write permissions will be granted below. + touch /opt/couchdb/etc/local.d/docker.ini + + # if user is root, assume running under the couchdb user (default) + # and ensure it is able to access files and directories that may be mounted externally + if [ "$(id -u)" = '0' ]; then + # Check that we own everything in /opt/couchdb and fix if necessary. We also + # add the `-f` flag in all the following invocations because there may be + # cases where some of these ownership and permissions issues are non-fatal + # (e.g. a config file owned by root with o+r is actually fine), and we don't + # to be too aggressive about crashing here ... + find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' + + + # Ensure that data files have the correct permissions. We were previously + # preventing any access to these files outside of couchdb:couchdb, but it + # turns out that CouchDB itself does not set such restrictive permissions + # when it creates the files. The approach taken here ensures that the + # contents of the datadir have the same permissions as they had when they + # were initially created. This should minimize any startup delay. + find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + + # Do the same thing for configuration files and directories. Technically + # CouchDB only needs read access to the configuration files as all online + # changes will be applied to the "docker.ini" file below, but we set 644 + # for the sake of consistency. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' + + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' + + fi + + if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then + echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args + fi + + if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then + # Create admin only if not already present + if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_SECRET" ]; then + # Set secret only if not already present + if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini + fi + fi + + if [ "$COUCHDB_ERLANG_COOKIE" ]; then + cookieFile='/opt/couchdb/.erlang.cookie' + if [ -e "$cookieFile" ]; then + if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then + echo >&2 + echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE" + echo >&2 + fi + else + echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile" + fi + chown couchdb:couchdb "$cookieFile" + chmod 600 "$cookieFile" + fi + + if [ "$(id -u)" = '0' ]; then + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true + fi + + # if we don't find an [admins] section followed by a non-comment, display a warning + if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then + # The - option suppresses leading tabs but *not* spaces. :) + cat >&2 <<-'EOWARN' +************************************************************* +ERROR: CouchDB 3.0+ will no longer run in "Admin Party" + mode. You *MUST* specify an admin user and + password, either via your own .ini file mapped + into the container at /opt/couchdb/etc/local.ini + or inside /opt/couchdb/etc/local.d, or with + "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password" + to set it via "docker run". +************************************************************* +EOWARN + exit 1 + fi + + if [ "$(id -u)" = '0' ]; then + export HOME=$(echo ~couchdb) + exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@" + fi +fi + +exec "$@" diff --git a/3.5.0/vm.args b/3.5.0/vm.args new file mode 100644 index 0000000..aeee1e4 --- /dev/null +++ b/3.5.0/vm.args @@ -0,0 +1,47 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +# Ensure that the Erlang VM listens on a known port +-kernel inet_dist_listen_min 9100 +-kernel inet_dist_listen_max 9100 + +# Tell kernel and SASL not to log anything +-kernel error_logger silent +-sasl sasl_error_logger false + +# This will toggle to true in Erlang 25+. However since we don't use global +# any longer, and have our own auto-connection module, we can keep the +# existing global behavior to avoid surprises. See +# https://github.com/erlang/otp/issues/6470#issuecomment-1337421210 for more +# information about possible increased coordination and messages being sent on +# disconnections when this setting is enabled. +# +-kernel prevent_overlapping_partitions false + +# Increase the pool of dirty IO schedulers from 10 to 16 +# Dirty IO schedulers are used for file IO. ++SDio 16 + +# Increase distribution buffer size from default of 1MB to 32MB. The default is +# usually a bit low on busy clusters. Has no effect for single-node setups. +# The unit is in kilobytes. ++zdbbl 32768 + +# When running on Docker, Kubernetes or an OS using CFS (Completely Fair +# Scheduler) with CPU quota limits set, disable busy waiting for schedulers to +# avoid busy waiting consuming too much of Erlang VM's CPU time-slice shares. ++sbwt none ++sbwtdcpu none ++sbwtdio none + +# Comment this line out to enable the interactive Erlang shell on startup ++Bd -noinput diff --git a/README.md b/README.md index 4f40ba8..452368c 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,7 @@ There may be more tags available, but these tags should always exist: - `2`: The very latest CouchDB 2.x single node release (capable of running in a cluster) As of this writing, the latest numbered tags available are: +- `3.5.0` - `3.4.3` - `3.4.2` - `3.4.1`