Merge ~ubuntu-docker-images/ubuntu-docker-images/+git/apache2:2.4-21.04 into ~ubuntu-docker-images/ubuntu-docker-images/+git/apache2:edge
- Git
- lp:~ubuntu-docker-images/ubuntu-docker-images/+git/apache2
- 2.4-21.04
- Merge into edge
Status: | Merged |
---|---|
Merge reported by: | Bryce Harrington |
Merged at revision: | ff2d1e040250f9ccd560717704966759f71e29d2 |
Proposed branch: | ~ubuntu-docker-images/ubuntu-docker-images/+git/apache2:2.4-21.04 |
Merge into: | ~ubuntu-docker-images/ubuntu-docker-images/+git/apache2:edge |
Diff against target: |
312 lines (+19/-232) 4 files modified
Dockerfile (+13/-226) HACKING.md (+1/-1) README.md (+3/-3) data/apache2.yaml (+2/-2) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Sergio Durigan Junior | Approve | ||
Review via email:
|
Commit message
Description of the change
Enforce consistency across Dockerfile's
Please review with an eye towards cross-package standardization of packaging.
Particular strategic questions that this MP poses includes:
* Should images adhere to base dist images, or fully update to current?
* Perform smoke checks, consistently
* Perform a full-upgrade on container before installing on it
* Use --no-install-
* Use set -eux consistently
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Bryce Harrington (bryce) wrote : | # |
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Sergio Durigan Junior (sergiodj) wrote : | # |
Thanks for the MP, Bryce. I'm leaving a comment about the usage of ";" instead of "&&".
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Bryce Harrington (bryce) wrote : | # |
Thanks, response with counter-argument inline.
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Sergio Durigan Junior (sergiodj) wrote : | # |
Thanks for the reply. OK, I see you've put a lot of thought into the matter! I really have no counter-counter argument here, and honestly my own comment was more of a cosmetic thing (because, as I said, I was concerned about the "feeling" that one might have when reading the code).
Having said that, I'd say this is OK and I'm +1 on the changes. Thanks.
- ff2d1e0... by Sergio Durigan Junior
-
Update README.md and HACKING.md
Signed-off-by: Sergio Durigan Junior <email address hidden>
Preview Diff
1 | diff --git a/Dockerfile b/Dockerfile |
2 | index 8cdd1ca..7066d46 100644 |
3 | --- a/Dockerfile |
4 | +++ b/Dockerfile |
5 | @@ -1,235 +1,22 @@ |
6 | -FROM ubuntu:focal |
7 | - |
8 | -# ENV HTTPD_PREFIX /usr/local/apache2 |
9 | -# ENV PATH $HTTPD_PREFIX/bin:$PATH |
10 | -# RUN mkdir -p "$HTTPD_PREFIX" \ |
11 | -# && chown www-data:www-data "$HTTPD_PREFIX" |
12 | -# WORKDIR $HTTPD_PREFIX |
13 | - |
14 | -# install httpd runtime dependencies |
15 | -# https://httpd.apache.org/docs/2.4/install.html#requirements |
16 | -# RUN set -eux; \ |
17 | -# apt-get update; \ |
18 | -# apt-get install -y --no-install-recommends \ |
19 | -# libaprutil1-ldap \ |
20 | -# ; \ |
21 | -# rm -rf /var/lib/apt/lists/* |
22 | - |
23 | -# ENV HTTPD_VERSION 2.4.46 |
24 | -# ENV HTTPD_SHA256 740eddf6e1c641992b22359cabc66e6325868c3c5e2e3f98faf349b61ecf41ea |
25 | - |
26 | -# # https://httpd.apache.org/security/vulnerabilities_24.html |
27 | -# ENV HTTPD_PATCHES="" |
28 | - |
29 | -# # see https://httpd.apache.org/docs/2.4/install.html#requirements |
30 | -# RUN set -eux; \ |
31 | -# \ |
32 | -# # mod_http2 mod_lua mod_proxy_html mod_xml2enc |
33 | -# # https://anonscm.debian.org/cgit/pkg-apache/apache2.git/tree/debian/control?id=adb6f181257af28ee67af15fc49d2699a0080d4c |
34 | -# savedAptMark="$(apt-mark showmanual)"; \ |
35 | -# apt-get update; \ |
36 | -# apt-get install -y --no-install-recommends \ |
37 | -# bzip2 \ |
38 | -# ca-certificates \ |
39 | -# dirmngr \ |
40 | -# dpkg-dev \ |
41 | -# gcc \ |
42 | -# gnupg \ |
43 | -# libapr1-dev \ |
44 | -# libaprutil1-dev \ |
45 | -# libbrotli-dev \ |
46 | -# libcurl4-openssl-dev \ |
47 | -# libjansson-dev \ |
48 | -# liblua5.2-dev \ |
49 | -# libnghttp2-dev \ |
50 | -# libpcre3-dev \ |
51 | -# libssl-dev \ |
52 | -# libxml2-dev \ |
53 | -# make \ |
54 | -# wget \ |
55 | -# zlib1g-dev \ |
56 | -# ; \ |
57 | -# rm -r /var/lib/apt/lists/*; \ |
58 | -# \ |
59 | -# ddist() { \ |
60 | -# local f="$1"; shift; \ |
61 | -# local distFile="$1"; shift; \ |
62 | -# local success=; \ |
63 | -# local distUrl=; \ |
64 | -# for distUrl in \ |
65 | -# # https://issues.apache.org/jira/browse/INFRA-8753?focusedCommentId=14735394#comment-14735394 |
66 | -# 'https://www.apache.org/dyn/closer.cgi?action=download&filename=' \ |
67 | -# # if the version is outdated (or we're grabbing the .asc file), we might have to pull from the dist/archive :/ |
68 | -# https://www-us.apache.org/dist/ \ |
69 | -# https://www.apache.org/dist/ \ |
70 | -# https://archive.apache.org/dist/ \ |
71 | -# ; do \ |
72 | -# if wget -O "$f" "$distUrl$distFile" && [ -s "$f" ]; then \ |
73 | -# success=1; \ |
74 | -# break; \ |
75 | -# fi; \ |
76 | -# done; \ |
77 | -# [ -n "$success" ]; \ |
78 | -# }; \ |
79 | -# \ |
80 | -# ddist 'httpd.tar.bz2' "httpd/httpd-$HTTPD_VERSION.tar.bz2"; \ |
81 | -# echo "$HTTPD_SHA256 *httpd.tar.bz2" | sha256sum -c -; \ |
82 | -# \ |
83 | -# # see https://httpd.apache.org/download.cgi#verify |
84 | -# ddist 'httpd.tar.bz2.asc' "httpd/httpd-$HTTPD_VERSION.tar.bz2.asc"; \ |
85 | -# export GNUPGHOME="$(mktemp -d)"; \ |
86 | -# # $ docker run --rm buildpack-deps:buster-curl bash -c 'wget -qO- https://downloads.apache.org/httpd/KEYS | gpg --batch --import &> /dev/null && gpg --batch --list-keys --with-fingerprint --with-colons' | awk -F: '$1 == "pub" && $2 == "-" { pub = 1 } pub && $1 == "fpr" { fpr = $10 } $1 == "sub" { pub = 0 } pub && fpr && $1 == "uid" && $2 == "-" { print "#", $10; print "\t\t" fpr " \\"; pub = 0 }' |
87 | -# for key in \ |
88 | -# # Rodent of Unusual Size (DSA) <coar@ACM.Org> |
89 | -# DE29FB3971E71543FD2DC049508EAEC5302DA568 \ |
90 | -# # Rodent of Unusual Size <coar@ACM.Org> |
91 | -# 13155B0E9E634F42BF6C163FDDBA64BA2C312D2F \ |
92 | -# # Jim Jagielski <jim@apache.org> |
93 | -# 8B39757B1D8A994DF2433ED58B3A601F08C975E5 \ |
94 | -# # Dean Gaudet <dgaudet@apache.org> |
95 | -# 31EE1A81B8D066548156D37B7D6DBFD1F08E012A \ |
96 | -# # Cliff Woolley <jwoolley@apache.org> |
97 | -# A10208FEC3152DD7C0C9B59B361522D782AB7BD1 \ |
98 | -# # Cliff Woolley <jwoolley@virginia.edu> |
99 | -# 3DE024AFDA7A4B15CB6C14410F81AA8AB0D5F771 \ |
100 | -# # Graham Leggett <minfrin@apache.org> |
101 | -# EB138C6AF0FC691001B16D93344A844D751D7F27 \ |
102 | -# # Roy T. Fielding <fielding@gbiv.com> |
103 | -# CBA5A7C21EC143314C41393E5B968010E04F9A89 \ |
104 | -# # Justin R. Erenkrantz <jerenkrantz@apache.org> |
105 | -# 3C016F2B764621BB549C66B516A96495E2226795 \ |
106 | -# # Aaron Bannert <abannert@kuci.org> |
107 | -# 937FB3994A242BA9BF49E93021454AF0CC8B0F7E \ |
108 | -# # Brad Nicholes <bnicholes@novell.com> |
109 | -# EAD1359A4C0F2D37472AAF28F55DF0293A4E7AC9 \ |
110 | -# # Sander Striker <striker@apache.org> |
111 | -# 4C1EADADB4EF5007579C919C6635B6C0DE885DD3 \ |
112 | -# # Greg Stein <gstein@lyra.org> |
113 | -# 01E475360FCCF1D0F24B9D145D414AE1E005C9CB \ |
114 | -# # Andre Malo <nd@apache.org> |
115 | -# 92CCEF0AA7DD46AC3A0F498BCA6939748103A37E \ |
116 | -# # Erik Abele <erik@codefaktor.de> |
117 | -# D395C7573A68B9796D38C258153FA0CD75A67692 \ |
118 | -# # Astrid Kessler (Kess) <kess@kess-net.de> |
119 | -# FA39B617B61493FD283503E7EED1EA392261D073 \ |
120 | -# # Joe Schaefer <joe@sunstarsys.com> |
121 | -# 984FB3350C1D5C7A3282255BB31B213D208F5064 \ |
122 | -# # Stas Bekman <stas@stason.org> |
123 | -# FE7A49DAA875E890B4167F76CCB2EB46E76CF6D0 \ |
124 | -# # Paul Querna <chip@force-elite.com> |
125 | -# 39F6691A0ECF0C50E8BB849CF78875F642721F00 \ |
126 | -# # Colm MacCarthaigh <colm.maccarthaigh@heanet.ie> |
127 | -# 29A2BA848177B73878277FA475CAA2A3F39B3750 \ |
128 | -# # Ruediger Pluem <rpluem@apache.org> |
129 | -# 120A8667241AEDD4A78B46104C042818311A3DE5 \ |
130 | -# # Nick Kew <nick@webthing.com> |
131 | -# 453510BDA6C5855624E009236D0BC73A40581837 \ |
132 | -# # Philip M. Gollucci <pgollucci@p6m7g8.com> |
133 | -# 0DE5C55C6BF3B2352DABB89E13249B4FEC88A0BF \ |
134 | -# # Bojan Smojver <bojan@rexursive.com> |
135 | -# 7CDBED100806552182F98844E8E7E00B4DAA1988 \ |
136 | -# # Issac Goldstand <margol@beamartyr.net> |
137 | -# A8BA9617EF3BCCAC3B29B869EDB105896F9522D8 \ |
138 | -# # "Guenter Knauf" ("CODE SIGNING KEY") <fuankg@apache.org> |
139 | -# 3E6AC004854F3A7F03566B592FF06894E55B0D0E \ |
140 | -# # Jeff Trawick (CODE SIGNING KEY) <trawick@apache.org> |
141 | -# 5B5181C2C0AB13E59DA3F7A3EC582EB639FF092C \ |
142 | -# # Jim Jagielski (Release Signing Key) <jim@apache.org> |
143 | -# A93D62ECC3C8EA12DB220EC934EA76E6791485A8 \ |
144 | -# # Eric Covener <covener@apache.org> |
145 | -# 65B2D44FE74BD5E3DE3AC3F082781DE46D5954FA \ |
146 | -# # Yann Ylavic <ylavic@apache.org> |
147 | -# 8935926745E1CE7E3ED748F6EC99EE267EB5F61A \ |
148 | -# # Daniel Ruggeri (http\x3a//home.apache.org/~druggeri/) <druggeri@apache.org> |
149 | -# B9E8213AEFB861AF35A41F2C995E35221AD84DFF \ |
150 | -# # Daniel Ruggeri (http\x3a//home.apache.org/~druggeri/) <druggeri@apache.org> |
151 | -# E3480043595621FE56105F112AB12A7ADC55C003 \ |
152 | -# # Joe Orton (Release Signing Key) <jorton@apache.org> |
153 | -# 93525CFCF6FDFFB3FD9700DD5A4B10AE43B56A27 \ |
154 | -# ; do \ |
155 | -# gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ |
156 | -# done; \ |
157 | -# gpg --batch --verify httpd.tar.bz2.asc httpd.tar.bz2; \ |
158 | -# command -v gpgconf && gpgconf --kill all || :; \ |
159 | -# rm -rf "$GNUPGHOME" httpd.tar.bz2.asc; \ |
160 | -# \ |
161 | -# mkdir -p src; \ |
162 | -# tar -xf httpd.tar.bz2 -C src --strip-components=1; \ |
163 | -# rm httpd.tar.bz2; \ |
164 | -# cd src; \ |
165 | -# \ |
166 | -# patches() { \ |
167 | -# while [ "$#" -gt 0 ]; do \ |
168 | -# local patchFile="$1"; shift; \ |
169 | -# local patchSha256="$1"; shift; \ |
170 | -# ddist "$patchFile" "httpd/patches/apply_to_$HTTPD_VERSION/$patchFile"; \ |
171 | -# echo "$patchSha256 *$patchFile" | sha256sum -c -; \ |
172 | -# patch -p0 < "$patchFile"; \ |
173 | -# rm -f "$patchFile"; \ |
174 | -# done; \ |
175 | -# }; \ |
176 | -# patches $HTTPD_PATCHES; \ |
177 | -# \ |
178 | -# gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ |
179 | -# CFLAGS="$(dpkg-buildflags --get CFLAGS)"; \ |
180 | -# CPPFLAGS="$(dpkg-buildflags --get CPPFLAGS)"; \ |
181 | -# LDFLAGS="$(dpkg-buildflags --get LDFLAGS)"; \ |
182 | -# ./configure \ |
183 | -# --build="$gnuArch" \ |
184 | -# --prefix="$HTTPD_PREFIX" \ |
185 | -# --enable-mods-shared=reallyall \ |
186 | -# --enable-mpms-shared=all \ |
187 | -# # enable the same hardening flags as Debian |
188 | -# # - https://salsa.debian.org/apache-team/apache2/blob/87db7de4e59683fb03e97900f078d06ef2292748/debian/rules#L19-21 |
189 | -# # - https://salsa.debian.org/apache-team/apache2/blob/87db7de4e59683fb03e97900f078d06ef2292748/debian/rules#L115 |
190 | -# --enable-pie \ |
191 | -# CFLAGS="-pipe $CFLAGS" \ |
192 | -# CPPFLAGS="$CPPFLAGS" \ |
193 | -# LDFLAGS="-Wl,--as-needed $LDFLAGS" \ |
194 | -# ; \ |
195 | -# make -j "$(nproc)"; \ |
196 | -# make install; \ |
197 | -# \ |
198 | -# cd ..; \ |
199 | -# rm -r src man manual; \ |
200 | -# \ |
201 | -# sed -ri \ |
202 | -# -e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \ |
203 | -# -e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \ |
204 | -# -e 's!^(\s*TransferLog)\s+\S+!\1 /proc/self/fd/1!g' \ |
205 | -# "$HTTPD_PREFIX/conf/httpd.conf" \ |
206 | -# "$HTTPD_PREFIX/conf/extra/httpd-ssl.conf" \ |
207 | -# ; \ |
208 | -# \ |
209 | -# # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies |
210 | -# apt-mark auto '.*' > /dev/null; \ |
211 | -# [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \ |
212 | -# find /usr/local -type f -executable -exec ldd '{}' ';' \ |
213 | -# | awk '/=>/ { print $(NF-1) }' \ |
214 | -# | sort -u \ |
215 | -# | xargs -r dpkg-query --search \ |
216 | -# | cut -d: -f1 \ |
217 | -# | sort -u \ |
218 | -# | xargs -r apt-mark manual \ |
219 | -# ; \ |
220 | -# apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ |
221 | -# \ |
222 | -# # smoke test |
223 | -# httpd -v |
224 | +FROM ubuntu:hirsute |
225 | |
226 | ENV TZ UTC |
227 | |
228 | RUN set -eux; \ |
229 | - apt-get update \ |
230 | - && DEBIAN_FRONTEND=noninteractive apt-get upgrade -y \ |
231 | -# Needed for generating random passwords. |
232 | - && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y apache2 tzdata \ |
233 | - && rm -rf /var/lib/apt/lists/* \ |
234 | +# installation |
235 | + apt-get update; \ |
236 | + DEBIAN_FRONTEND=noninteractive apt-get full-upgrade -y; \ |
237 | + DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ |
238 | + apache2 \ |
239 | + tzdata \ |
240 | + ; \ |
241 | + DEBIAN_FRONTEND=noninteractive apt-get remove --purge --auto-remove -y; \ |
242 | + rm -rf /var/lib/apt/lists/*; \ |
243 | # smoke test |
244 | - && apache2 -v \ |
245 | + apache2 -v; \ |
246 | # create manifest |
247 | - && mkdir -p /usr/share/rocks \ |
248 | - && (echo "# os-release" && cat /etc/os-release && echo "# dpkg-query" && dpkg-query -f '${db:Status-Abbrev},${binary:Package},${Version},${source:Package},${Source:Version}\n' -W) > /usr/share/rocks/dpkg.query |
249 | + mkdir -p /usr/share/rocks; \ |
250 | + (echo "# os-release" && cat /etc/os-release && echo "# dpkg-query" && dpkg-query -f '${db:Status-Abbrev},${binary:Package},${Version},${source:Package},${Source:Version}\n' -W) > /usr/share/rocks/dpkg.query |
251 | |
252 | # https://httpd.apache.org/docs/2.4/stopping.html#gracefulstop |
253 | STOPSIGNAL SIGWINCH |
254 | diff --git a/HACKING.md b/HACKING.md |
255 | index 88f31ec..256cf0a 100644 |
256 | --- a/HACKING.md |
257 | +++ b/HACKING.md |
258 | @@ -1,7 +1,7 @@ |
259 | # Contributing |
260 | |
261 | In Ubuntu, Apache2 is available as a `.deb` package. For this reason, |
262 | -this image was built by installing the Apache2 Ubuntu Focal package |
263 | +this image was built by installing the Apache2 Ubuntu 21.04 package |
264 | inside a docker container. |
265 | |
266 | In order to contribute to the Apache2 OCI image, do the following: |
267 | diff --git a/README.md b/README.md |
268 | index 2d96fd9..c49f2ad 100644 |
269 | --- a/README.md |
270 | +++ b/README.md |
271 | @@ -19,7 +19,7 @@ _Tags in italics are not available in ubuntu/apache2 but are shown here for comp |
272 | |
273 | | Channel Tag | | | Currently | Architectures | |
274 | |---|---|---|---|---| |
275 | -| **`2.4-20.04_beta`** | | | Apache2 2.4.41 on Ubuntu 20.04 LTS | `amd64`, `arm64`, `ppc64el`, `s390x` | |
276 | +| **`2.4-21.04_beta`** | | | Apache2 2.4.46 on Ubuntu 21.04 | `amd64`, `arm64`, `ppc64el`, `s390x` | |
277 | | _`track_risk`_ | |
278 | |
279 | Channel tag shows the most stable channel for that track ordered `stable`, `candidate`, `beta`, `edge`. More risky channels are always implicitly available. So if `beta` is listed, you can also pull `edge`. If `candidate` is listed, you can pull `beta` and `edge`. When `stable` is listed, all four are available. Images are guaranteed to progress through the sequence `edge`, `beta`, `candidate` before `stable`. |
280 | @@ -30,7 +30,7 @@ Channel tag shows the most stable channel for that track ordered `stable`, `cand |
281 | Launch this image locally: |
282 | |
283 | ```sh |
284 | -docker run -d --name apache2-container -e TZ=UTC -p 8080:80 ubuntu/apache2:2.4-20.04_beta |
285 | +docker run -d --name apache2-container -e TZ=UTC -p 8080:80 ubuntu/apache2:2.4-21.04_beta |
286 | ``` |
287 | Access your Apache2 server at `http://localhost:8080`. |
288 | |
289 | @@ -65,7 +65,7 @@ Works with any Kubernetes; if you don't have one, we recommend you [install Micr |
290 | |
291 | Download |
292 | [apache2.conf](https://git.launchpad.net/~canonical-server/ubuntu-docker-images/+git/apache2/plain/examples/config/apache2.conf), [index.html](https://git.launchpad.net/~canonical-server/ubuntu-docker-images/+git/apache2/plain/examples/config/html/index.html) and |
293 | -[apache2-deployment.yml](https://git.launchpad.net/~canonical-server/ubuntu-docker-images/+git/apache2/plain/examples/apache2-deployment.yml) and set `containers.apache2.image` in `apache2-deployment.yml` to your chosen channel tag (e.g. `ubuntu/apache2:2.4-20.04_beta`), then: |
294 | +[apache2-deployment.yml](https://git.launchpad.net/~canonical-server/ubuntu-docker-images/+git/apache2/plain/examples/apache2-deployment.yml) and set `containers.apache2.image` in `apache2-deployment.yml` to your chosen channel tag (e.g. `ubuntu/apache2:2.4-21.04_beta`), then: |
295 | |
296 | ```sh |
297 | kubectl create configmap apache2-config --from-file=apache2=apache2.conf --from-file=apache2-site=index.html |
298 | diff --git a/data/apache2.yaml b/data/apache2.yaml |
299 | index e95c47f..5898835 100644 |
300 | --- a/data/apache2.yaml |
301 | +++ b/data/apache2.yaml |
302 | @@ -3,8 +3,8 @@ main: true |
303 | repo: apache2 |
304 | description: > |
305 | The Apache HTTP Server Project's goal is to build a secure, efficient and extensible HTTP server as standards-compliant open source software. The result has long been the number one web server on the Internet. Read more on the [apache2 website](https://httpd.apache.org/). |
306 | -version: 2.4.41 |
307 | -base: Ubuntu 20.04 LTS |
308 | +version: 2.4.46 |
309 | +base: Ubuntu 21.04 |
310 | architectures: |
311 | - amd64 |
312 | - arm64 |
Sorry, I realized after pushing, that this work should have been done in side-branches, and proposed to merge into the 2.4-21.04 branch. Will remember to do that for next time.