diff --git a/Dockerfile-ubuntu.template b/Dockerfile-ubuntu.template new file mode 100644 index 000000000..d8c3b2a56 --- /dev/null +++ b/Dockerfile-ubuntu.template @@ -0,0 +1,109 @@ +FROM ubuntu:%%UBUNTU_VERSION%% + +LABEL maintainer="NGINX Docker Maintainers " + +ENV NGINX_VERSION %%NGINX_VERSION%% +ENV NJS_VERSION %%NJS_VERSION%% +ENV PKG_RELEASE %%PKG_RELEASE%% + +RUN set -x \ +# create nginx user/group first, to be consistent throughout docker variants + && groupadd --system --gid 101 nginx \ + && useradd --system --gid nginx --no-create-home --home /nonexistent --comment "nginx user" --shell /bin/false --uid 101 nginx \ + && apt-get update \ + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \ + && \ + NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; \ + export GNUPGHOME="$(mktemp -d)"; \ + found=''; \ + for server in \ + hkp://keyserver.ubuntu.com:80 \ + pgp.mit.edu \ + ; do \ + echo " Fetching GPG key $NGINX_GPGKEY from $server"; \ + gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; \ + rm -rf "$GNUPGHOME"; \ + apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ + && dpkgArch="$(dpkg --print-architecture)" \ + && nginxPackages="%%PACKAGES%% + " \ + && case "$dpkgArch" in \ + amd64|arm64) \ +# arches officialy built by upstream + echo "deb [signed-by=$NGINX_GPGKEY_PATH] %%PACKAGEREPO%% %%UBUNTU_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ + && apt-get update \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published source packages + echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] %%PACKAGEREPO%% %%UBUNTU_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \ + \ +# new directory for storing sources and .deb files + && tempDir="$(mktemp -d)" \ + && chmod 777 "$tempDir" \ +# (777 to ensure APT's "_apt" user can access it too) + \ +# save list of currently-installed packages so build dependencies can be cleanly removed later + && savedAptMark="$(apt-mark showmanual)" \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + && apt-get update \ + && apt-get build-dep -y %%BUILDTARGET%% \ + && ( \ + cd "$tempDir" \ + && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile %%BUILDTARGET%% \ + ) \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + && apt-mark showmanual | xargs apt-mark auto > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + && ls -lAFh "$tempDir" \ + && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ + && grep '^Package: ' "$tempDir/Packages" \ + && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + && apt-get -o Acquire::GzipIndexes=false update \ + ;; \ + esac \ + \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + $nginxPackages \ + gettext-base \ + curl \ + && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \ + \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then \ + apt-get purge -y --auto-remove \ + && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi \ +# forward request and error logs to docker log collector + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ +# create a docker-entrypoint.d directory + && mkdir /docker-entrypoint.d + +COPY docker-entrypoint.sh / +COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d +COPY 15-local-resolvers.envsh /docker-entrypoint.d +COPY 20-envsubst-on-templates.sh /docker-entrypoint.d +COPY 30-tune-worker-processes.sh /docker-entrypoint.d +ENTRYPOINT ["/docker-entrypoint.sh"] + +EXPOSE 80 + +STOPSIGNAL SIGQUIT + +CMD ["nginx", "-g", "daemon off;"] diff --git a/update.sh b/update.sh index 31d9a37c9..f0b439078 100755 --- a/update.sh +++ b/update.sh @@ -29,14 +29,19 @@ declare -A pkg=( [stable]=1 ) +declare -A alpine=( + [mainline]='3.18' + [stable]='3.18' +) + declare -A debian=( [mainline]='bookworm' [stable]='bullseye' ) -declare -A alpine=( - [mainline]='3.18' - [stable]='3.18' +declare -A ubuntu=( + [mainline]='lunar' + [stable]='jammy' ) # When we bump njs version in a stable release we don't move the tag in the @@ -73,6 +78,9 @@ get_packages() { debian*:*) sep="+" ;; + ubuntu*:*) + sep="+" + ;; esac case "$distro" in @@ -83,6 +91,11 @@ get_packages() { echo -n ' \\\n' case "$distro" in + ubuntu) + for p in nginx; do + echo -n ' '"$p"'=${NGINX_VERSION}-'"$r"'${PKG_RELEASE} \\' + done + ;; *-slim) for p in nginx; do echo -n ' '"$p"'=${NGINX_VERSION}-'"$r"'${PKG_RELEASE} \\' @@ -119,6 +132,7 @@ get_packagever() { local suffix= [ "${distro}" = "debian" ] && suffix="~${debianver}" + [ "${distro}" = "ubuntu" ] && suffix="~${ubuntuver}" echo ${pkg[$branch]}${suffix} } @@ -141,6 +155,9 @@ get_buildtarget() { debian-perl) echo "nginx-module-perl=\${NGINX_VERSION}-\${PKG_RELEASE}" ;; + ubuntu) + echo "\$nginxPackages" + ;; esac } @@ -157,12 +174,16 @@ __EOF__ for branch in "${branches[@]}"; do for variant in \ alpine{,-perl,-slim} \ - debian{,-perl}; do + debian{,-perl} \ + ubuntu; do echo "$branch: $variant dockerfiles" dir="$branch/$variant" variant="$(basename "$variant")" - [ -d "$dir" ] || continue + if [ ! -d "$dir" ]; then + echo " Wrning: $dir not found, skipping" + continue + fi template="Dockerfile-${variant}.template" { @@ -171,6 +192,7 @@ for branch in "${branches[@]}"; do } >"$dir/Dockerfile" debianver="${debian[$branch]}" + ubuntuver="${ubuntu[$branch]}" alpinever="${alpine[$branch]}" nginxver="${nginx[$branch]}" njsver="${njs[${branch}]}" @@ -185,6 +207,7 @@ for branch in "${branches[@]}"; do sed -i.bak \ -e 's,%%ALPINE_VERSION%%,'"$alpinever"',' \ -e 's,%%DEBIAN_VERSION%%,'"$debianver"',' \ + -e 's,%%UBUNTU_VERSION%%,'"$ubuntuver"',' \ -e 's,%%NGINX_VERSION%%,'"$nginxver"',' \ -e 's,%%NJS_VERSION%%,'"$njsver"',' \ -e 's,%%PKG_RELEASE%%,'"$packagever"',' \ @@ -199,7 +222,8 @@ for branch in "${branches[@]}"; do for variant in \ alpine-slim \ - debian; do \ + debian \ + ubuntu; do \ echo "$branch: $variant entrypoint scripts" dir="$branch/$variant" cp -a entrypoint/*.sh "$dir/"