Ubuntu Docker Images

Merge ~ubuntu-docker-images/ubuntu-docker-images/+git/apache2:2.4-21.04 into ~ubuntu-docker-images/ubuntu-docker-images/+git/apache2:edge

  1. Git
  2. lp:~ubuntu-docker-images/ubuntu-docker-images/+git/apache2
  3. 2.4-21.04
  4. Merge into edge
Proposed by Bryce Harrington
Status: Merged
Merge reported by: Bryce Harrington
Merged at revision: ff2d1e040250f9ccd560717704966759f71e29d2
Proposed branch: ~ubuntu-docker-images/ubuntu-docker-images/+git/apache2:2.4-21.04
Merge into: ~ubuntu-docker-images/ubuntu-docker-images/+git/apache2:edge
Diff against target: 312 lines (+19/-232)
4 files modified
Dockerfile (+13/-226)
HACKING.md (+1/-1)
README.md (+3/-3)
data/apache2.yaml (+2/-2)
Reviewer Review Type Date Requested Status
Sergio Durigan Junior Approve
Review via email: mp+398849@code.launchpad.net

Description of the change

Enforce consistency across Dockerfile's

Please review with an eye towards cross-package standardization of packaging.
Particular strategic questions that this MP poses includes:

  * Should images adhere to base dist images, or fully update to current?
  * Perform smoke checks, consistently
  * Perform a full-upgrade on container before installing on it
  * Use --no-install-recommends
  * Use set -eux consistently

To post a comment you must log in.
Revision history for this message
Bryce Harrington (bryce) wrote :

Sorry, I realized after pushing, that this work should have been done in side-branches, and proposed to merge into the 2.4-21.04 branch. Will remember to do that for next time.

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Thanks for the MP, Bryce. I'm leaving a comment about the usage of ";" instead of "&&".

Revision history for this message
Bryce Harrington (bryce) wrote :

Thanks, response with counter-argument inline.

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Thanks for the reply. OK, I see you've put a lot of thought into the matter! I really have no counter-counter argument here, and honestly my own comment was more of a cosmetic thing (because, as I said, I was concerned about the "feeling" that one might have when reading the code).

Having said that, I'd say this is OK and I'm +1 on the changes. Thanks.

review: Approve
~ubuntu-docker-images/ubuntu-docker-images/+git/apache2:2.4-21.04 updated
ff2d1e0... by Sergio Durigan Junior

Update README.md and HACKING.md

Signed-off-by: Sergio Durigan Junior <email address hidden>

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/Dockerfile b/Dockerfile
2index 8cdd1ca..7066d46 100644
3--- a/Dockerfile
4+++ b/Dockerfile
5@@ -1,235 +1,22 @@
6-FROM ubuntu:focal
7-
8-# ENV HTTPD_PREFIX /usr/local/apache2
9-# ENV PATH $HTTPD_PREFIX/bin:$PATH
10-# RUN mkdir -p "$HTTPD_PREFIX" \
11-# && chown www-data:www-data "$HTTPD_PREFIX"
12-# WORKDIR $HTTPD_PREFIX
13-
14-# install httpd runtime dependencies
15-# https://httpd.apache.org/docs/2.4/install.html#requirements
16-# RUN set -eux; \
17-# apt-get update; \
18-# apt-get install -y --no-install-recommends \
19-# libaprutil1-ldap \
20-# ; \
21-# rm -rf /var/lib/apt/lists/*
22-
23-# ENV HTTPD_VERSION 2.4.46
24-# ENV HTTPD_SHA256 740eddf6e1c641992b22359cabc66e6325868c3c5e2e3f98faf349b61ecf41ea
25-
26-# # https://httpd.apache.org/security/vulnerabilities_24.html
27-# ENV HTTPD_PATCHES=""
28-
29-# # see https://httpd.apache.org/docs/2.4/install.html#requirements
30-# RUN set -eux; \
31-# \
32-# # mod_http2 mod_lua mod_proxy_html mod_xml2enc
33-# # https://anonscm.debian.org/cgit/pkg-apache/apache2.git/tree/debian/control?id=adb6f181257af28ee67af15fc49d2699a0080d4c
34-# savedAptMark="$(apt-mark showmanual)"; \
35-# apt-get update; \
36-# apt-get install -y --no-install-recommends \
37-# bzip2 \
38-# ca-certificates \
39-# dirmngr \
40-# dpkg-dev \
41-# gcc \
42-# gnupg \
43-# libapr1-dev \
44-# libaprutil1-dev \
45-# libbrotli-dev \
46-# libcurl4-openssl-dev \
47-# libjansson-dev \
48-# liblua5.2-dev \
49-# libnghttp2-dev \
50-# libpcre3-dev \
51-# libssl-dev \
52-# libxml2-dev \
53-# make \
54-# wget \
55-# zlib1g-dev \
56-# ; \
57-# rm -r /var/lib/apt/lists/*; \
58-# \
59-# ddist() { \
60-# local f="$1"; shift; \
61-# local distFile="$1"; shift; \
62-# local success=; \
63-# local distUrl=; \
64-# for distUrl in \
65-# # https://issues.apache.org/jira/browse/INFRA-8753?focusedCommentId=14735394#comment-14735394
66-# 'https://www.apache.org/dyn/closer.cgi?action=download&filename=' \
67-# # if the version is outdated (or we're grabbing the .asc file), we might have to pull from the dist/archive :/
68-# https://www-us.apache.org/dist/ \
69-# https://www.apache.org/dist/ \
70-# https://archive.apache.org/dist/ \
71-# ; do \
72-# if wget -O "$f" "$distUrl$distFile" && [ -s "$f" ]; then \
73-# success=1; \
74-# break; \
75-# fi; \
76-# done; \
77-# [ -n "$success" ]; \
78-# }; \
79-# \
80-# ddist 'httpd.tar.bz2' "httpd/httpd-$HTTPD_VERSION.tar.bz2"; \
81-# echo "$HTTPD_SHA256 *httpd.tar.bz2" | sha256sum -c -; \
82-# \
83-# # see https://httpd.apache.org/download.cgi#verify
84-# ddist 'httpd.tar.bz2.asc' "httpd/httpd-$HTTPD_VERSION.tar.bz2.asc"; \
85-# export GNUPGHOME="$(mktemp -d)"; \
86-# # $ docker run --rm buildpack-deps:buster-curl bash -c 'wget -qO- https://downloads.apache.org/httpd/KEYS | gpg --batch --import &> /dev/null && gpg --batch --list-keys --with-fingerprint --with-colons' | awk -F: '$1 == "pub" && $2 == "-" { pub = 1 } pub && $1 == "fpr" { fpr = $10 } $1 == "sub" { pub = 0 } pub && fpr && $1 == "uid" && $2 == "-" { print "#", $10; print "\t\t" fpr " \\"; pub = 0 }'
87-# for key in \
88-# # Rodent of Unusual Size (DSA) <coar@ACM.Org>
89-# DE29FB3971E71543FD2DC049508EAEC5302DA568 \
90-# # Rodent of Unusual Size <coar@ACM.Org>
91-# 13155B0E9E634F42BF6C163FDDBA64BA2C312D2F \
92-# # Jim Jagielski <jim@apache.org>
93-# 8B39757B1D8A994DF2433ED58B3A601F08C975E5 \
94-# # Dean Gaudet <dgaudet@apache.org>
95-# 31EE1A81B8D066548156D37B7D6DBFD1F08E012A \
96-# # Cliff Woolley <jwoolley@apache.org>
97-# A10208FEC3152DD7C0C9B59B361522D782AB7BD1 \
98-# # Cliff Woolley <jwoolley@virginia.edu>
99-# 3DE024AFDA7A4B15CB6C14410F81AA8AB0D5F771 \
100-# # Graham Leggett <minfrin@apache.org>
101-# EB138C6AF0FC691001B16D93344A844D751D7F27 \
102-# # Roy T. Fielding <fielding@gbiv.com>
103-# CBA5A7C21EC143314C41393E5B968010E04F9A89 \
104-# # Justin R. Erenkrantz <jerenkrantz@apache.org>
105-# 3C016F2B764621BB549C66B516A96495E2226795 \
106-# # Aaron Bannert <abannert@kuci.org>
107-# 937FB3994A242BA9BF49E93021454AF0CC8B0F7E \
108-# # Brad Nicholes <bnicholes@novell.com>
109-# EAD1359A4C0F2D37472AAF28F55DF0293A4E7AC9 \
110-# # Sander Striker <striker@apache.org>
111-# 4C1EADADB4EF5007579C919C6635B6C0DE885DD3 \
112-# # Greg Stein <gstein@lyra.org>
113-# 01E475360FCCF1D0F24B9D145D414AE1E005C9CB \
114-# # Andre Malo <nd@apache.org>
115-# 92CCEF0AA7DD46AC3A0F498BCA6939748103A37E \
116-# # Erik Abele <erik@codefaktor.de>
117-# D395C7573A68B9796D38C258153FA0CD75A67692 \
118-# # Astrid Kessler (Kess) <kess@kess-net.de>
119-# FA39B617B61493FD283503E7EED1EA392261D073 \
120-# # Joe Schaefer <joe@sunstarsys.com>
121-# 984FB3350C1D5C7A3282255BB31B213D208F5064 \
122-# # Stas Bekman <stas@stason.org>
123-# FE7A49DAA875E890B4167F76CCB2EB46E76CF6D0 \
124-# # Paul Querna <chip@force-elite.com>
125-# 39F6691A0ECF0C50E8BB849CF78875F642721F00 \
126-# # Colm MacCarthaigh <colm.maccarthaigh@heanet.ie>
127-# 29A2BA848177B73878277FA475CAA2A3F39B3750 \
128-# # Ruediger Pluem <rpluem@apache.org>
129-# 120A8667241AEDD4A78B46104C042818311A3DE5 \
130-# # Nick Kew <nick@webthing.com>
131-# 453510BDA6C5855624E009236D0BC73A40581837 \
132-# # Philip M. Gollucci <pgollucci@p6m7g8.com>
133-# 0DE5C55C6BF3B2352DABB89E13249B4FEC88A0BF \
134-# # Bojan Smojver <bojan@rexursive.com>
135-# 7CDBED100806552182F98844E8E7E00B4DAA1988 \
136-# # Issac Goldstand <margol@beamartyr.net>
137-# A8BA9617EF3BCCAC3B29B869EDB105896F9522D8 \
138-# # "Guenter Knauf" ("CODE SIGNING KEY") <fuankg@apache.org>
139-# 3E6AC004854F3A7F03566B592FF06894E55B0D0E \
140-# # Jeff Trawick (CODE SIGNING KEY) <trawick@apache.org>
141-# 5B5181C2C0AB13E59DA3F7A3EC582EB639FF092C \
142-# # Jim Jagielski (Release Signing Key) <jim@apache.org>
143-# A93D62ECC3C8EA12DB220EC934EA76E6791485A8 \
144-# # Eric Covener <covener@apache.org>
145-# 65B2D44FE74BD5E3DE3AC3F082781DE46D5954FA \
146-# # Yann Ylavic <ylavic@apache.org>
147-# 8935926745E1CE7E3ED748F6EC99EE267EB5F61A \
148-# # Daniel Ruggeri (http\x3a//home.apache.org/~druggeri/) <druggeri@apache.org>
149-# B9E8213AEFB861AF35A41F2C995E35221AD84DFF \
150-# # Daniel Ruggeri (http\x3a//home.apache.org/~druggeri/) <druggeri@apache.org>
151-# E3480043595621FE56105F112AB12A7ADC55C003 \
152-# # Joe Orton (Release Signing Key) <jorton@apache.org>
153-# 93525CFCF6FDFFB3FD9700DD5A4B10AE43B56A27 \
154-# ; do \
155-# gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
156-# done; \
157-# gpg --batch --verify httpd.tar.bz2.asc httpd.tar.bz2; \
158-# command -v gpgconf && gpgconf --kill all || :; \
159-# rm -rf "$GNUPGHOME" httpd.tar.bz2.asc; \
160-# \
161-# mkdir -p src; \
162-# tar -xf httpd.tar.bz2 -C src --strip-components=1; \
163-# rm httpd.tar.bz2; \
164-# cd src; \
165-# \
166-# patches() { \
167-# while [ "$#" -gt 0 ]; do \
168-# local patchFile="$1"; shift; \
169-# local patchSha256="$1"; shift; \
170-# ddist "$patchFile" "httpd/patches/apply_to_$HTTPD_VERSION/$patchFile"; \
171-# echo "$patchSha256 *$patchFile" | sha256sum -c -; \
172-# patch -p0 < "$patchFile"; \
173-# rm -f "$patchFile"; \
174-# done; \
175-# }; \
176-# patches $HTTPD_PATCHES; \
177-# \
178-# gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \
179-# CFLAGS="$(dpkg-buildflags --get CFLAGS)"; \
180-# CPPFLAGS="$(dpkg-buildflags --get CPPFLAGS)"; \
181-# LDFLAGS="$(dpkg-buildflags --get LDFLAGS)"; \
182-# ./configure \
183-# --build="$gnuArch" \
184-# --prefix="$HTTPD_PREFIX" \
185-# --enable-mods-shared=reallyall \
186-# --enable-mpms-shared=all \
187-# # enable the same hardening flags as Debian
188-# # - https://salsa.debian.org/apache-team/apache2/blob/87db7de4e59683fb03e97900f078d06ef2292748/debian/rules#L19-21
189-# # - https://salsa.debian.org/apache-team/apache2/blob/87db7de4e59683fb03e97900f078d06ef2292748/debian/rules#L115
190-# --enable-pie \
191-# CFLAGS="-pipe $CFLAGS" \
192-# CPPFLAGS="$CPPFLAGS" \
193-# LDFLAGS="-Wl,--as-needed $LDFLAGS" \
194-# ; \
195-# make -j "$(nproc)"; \
196-# make install; \
197-# \
198-# cd ..; \
199-# rm -r src man manual; \
200-# \
201-# sed -ri \
202-# -e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \
203-# -e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \
204-# -e 's!^(\s*TransferLog)\s+\S+!\1 /proc/self/fd/1!g' \
205-# "$HTTPD_PREFIX/conf/httpd.conf" \
206-# "$HTTPD_PREFIX/conf/extra/httpd-ssl.conf" \
207-# ; \
208-# \
209-# # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
210-# apt-mark auto '.*' > /dev/null; \
211-# [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \
212-# find /usr/local -type f -executable -exec ldd '{}' ';' \
213-# | awk '/=>/ { print $(NF-1) }' \
214-# | sort -u \
215-# | xargs -r dpkg-query --search \
216-# | cut -d: -f1 \
217-# | sort -u \
218-# | xargs -r apt-mark manual \
219-# ; \
220-# apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
221-# \
222-# # smoke test
223-# httpd -v
224+FROM ubuntu:hirsute
225
226 ENV TZ UTC
227
228 RUN set -eux; \
229- apt-get update \
230- && DEBIAN_FRONTEND=noninteractive apt-get upgrade -y \
231-# Needed for generating random passwords.
232- && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y apache2 tzdata \
233- && rm -rf /var/lib/apt/lists/* \
234+# installation
235+ apt-get update; \
236+ DEBIAN_FRONTEND=noninteractive apt-get full-upgrade -y; \
237+ DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
238+ apache2 \
239+ tzdata \
240+ ; \
241+ DEBIAN_FRONTEND=noninteractive apt-get remove --purge --auto-remove -y; \
242+ rm -rf /var/lib/apt/lists/*; \
243 # smoke test
244- && apache2 -v \
245+ apache2 -v; \
246 # create manifest
247- && mkdir -p /usr/share/rocks \
248- && (echo "# os-release" && cat /etc/os-release && echo "# dpkg-query" && dpkg-query -f '${db:Status-Abbrev},${binary:Package},${Version},${source:Package},${Source:Version}\n' -W) > /usr/share/rocks/dpkg.query
249+ mkdir -p /usr/share/rocks; \
250+ (echo "# os-release" && cat /etc/os-release && echo "# dpkg-query" && dpkg-query -f '${db:Status-Abbrev},${binary:Package},${Version},${source:Package},${Source:Version}\n' -W) > /usr/share/rocks/dpkg.query
251
252 # https://httpd.apache.org/docs/2.4/stopping.html#gracefulstop
253 STOPSIGNAL SIGWINCH
254diff --git a/HACKING.md b/HACKING.md
255index 88f31ec..256cf0a 100644
256--- a/HACKING.md
257+++ b/HACKING.md
258@@ -1,7 +1,7 @@
259 # Contributing
260
261 In Ubuntu, Apache2 is available as a `.deb` package. For this reason,
262-this image was built by installing the Apache2 Ubuntu Focal package
263+this image was built by installing the Apache2 Ubuntu 21.04 package
264 inside a docker container.
265
266 In order to contribute to the Apache2 OCI image, do the following:
267diff --git a/README.md b/README.md
268index 2d96fd9..c49f2ad 100644
269--- a/README.md
270+++ b/README.md
271@@ -19,7 +19,7 @@ _Tags in italics are not available in ubuntu/apache2 but are shown here for comp
272
273 | Channel Tag | | | Currently | Architectures |
274 |---|---|---|---|---|
275-| **`2.4-20.04_beta`** &nbsp;&nbsp; | | | Apache2 2.4.41 on Ubuntu 20.04 LTS | `amd64`, `arm64`, `ppc64el`, `s390x` |
276+| **`2.4-21.04_beta`** &nbsp;&nbsp; | | | Apache2 2.4.46 on Ubuntu 21.04 | `amd64`, `arm64`, `ppc64el`, `s390x` |
277 | _`track_risk`_ |
278
279 Channel tag shows the most stable channel for that track ordered `stable`, `candidate`, `beta`, `edge`. More risky channels are always implicitly available. So if `beta` is listed, you can also pull `edge`. If `candidate` is listed, you can pull `beta` and `edge`. When `stable` is listed, all four are available. Images are guaranteed to progress through the sequence `edge`, `beta`, `candidate` before `stable`.
280@@ -30,7 +30,7 @@ Channel tag shows the most stable channel for that track ordered `stable`, `cand
281 Launch this image locally:
282
283 ```sh
284-docker run -d --name apache2-container -e TZ=UTC -p 8080:80 ubuntu/apache2:2.4-20.04_beta
285+docker run -d --name apache2-container -e TZ=UTC -p 8080:80 ubuntu/apache2:2.4-21.04_beta
286 ```
287 Access your Apache2 server at `http://localhost:8080`.
288
289@@ -65,7 +65,7 @@ Works with any Kubernetes; if you don't have one, we recommend you [install Micr
290
291 Download
292 [apache2.conf](https://git.launchpad.net/~canonical-server/ubuntu-docker-images/+git/apache2/plain/examples/config/apache2.conf), [index.html](https://git.launchpad.net/~canonical-server/ubuntu-docker-images/+git/apache2/plain/examples/config/html/index.html) and
293-[apache2-deployment.yml](https://git.launchpad.net/~canonical-server/ubuntu-docker-images/+git/apache2/plain/examples/apache2-deployment.yml) and set `containers.apache2.image` in `apache2-deployment.yml` to your chosen channel tag (e.g. `ubuntu/apache2:2.4-20.04_beta`), then:
294+[apache2-deployment.yml](https://git.launchpad.net/~canonical-server/ubuntu-docker-images/+git/apache2/plain/examples/apache2-deployment.yml) and set `containers.apache2.image` in `apache2-deployment.yml` to your chosen channel tag (e.g. `ubuntu/apache2:2.4-21.04_beta`), then:
295
296 ```sh
297 kubectl create configmap apache2-config --from-file=apache2=apache2.conf --from-file=apache2-site=index.html
298diff --git a/data/apache2.yaml b/data/apache2.yaml
299index e95c47f..5898835 100644
300--- a/data/apache2.yaml
301+++ b/data/apache2.yaml
302@@ -3,8 +3,8 @@ main: true
303 repo: apache2
304 description: >
305 The Apache HTTP Server Project's goal is to build a secure, efficient and extensible HTTP server as standards-compliant open source software. The result has long been the number one web server on the Internet. Read more on the [apache2 website](https://httpd.apache.org/).
306-version: 2.4.41
307-base: Ubuntu 20.04 LTS
308+version: 2.4.46
309+base: Ubuntu 21.04
310 architectures:
311 - amd64
312 - arm64

Subscribers

People subscribed via source and target branches

to all changes: