diff options
Diffstat (limited to '')
-rw-r--r-- | pkg/docker/Dockerfile.tmpl | 89 | ||||
-rw-r--r-- | pkg/docker/Makefile | 68 |
2 files changed, 157 insertions, 0 deletions
diff --git a/pkg/docker/Dockerfile.tmpl b/pkg/docker/Dockerfile.tmpl new file mode 100644 index 00000000..76722f88 --- /dev/null +++ b/pkg/docker/Dockerfile.tmpl @@ -0,0 +1,89 @@ +FROM debian:stretch-slim + +LABEL maintainer="NGINX Docker Maintainers <docker-maint@nginx.com>" + +ENV UNIT_VERSION @@UNIT_VERSION@@ + +RUN set -x \ + && apt-get update \ + && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ + && \ + NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + found=''; \ + for server in \ + ha.pool.sks-keyservers.net \ + hkp://keyserver.ubuntu.com:80 \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ + apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ + && dpkgArch="$(dpkg --print-architecture)" \ + && unitPackages=@@UNITPACKAGES@@ \ + && case "$dpkgArch" in \ + amd64|i386) \ +# arches officialy built by upstream + echo "deb https://packages.nginx.org/unit/debian/ stretch unit" >> /etc/apt/sources.list.d/unit.list \ + && apt-get update \ + ;; \ + *) \ +# we're on an architecture upstream doesn't officially build for +# let's build binaries from the published source packages + echo "deb-src https://packages.nginx.org/unit/debian/ stretch unit" >> /etc/apt/sources.list.d/unit.list \ + \ +# new directory for storing sources and .deb files + && tempDir="$(mktemp -d)" \ + && chmod 777 "$tempDir" \ +# (777 to ensure APT's "_apt" user can access it too) + \ +# save list of currently-installed packages so build dependencies can be cleanly removed later + && savedAptMark="$(apt-mark showmanual)" \ + \ +# build .deb files from upstream's source packages (which are verified by apt-get) + && apt-get update \ + && apt-get build-dep -y $unitPackages \ + && ( \ + cd "$tempDir" \ + && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ + apt-get source --compile $unitPackages \ + ) \ +# we don't remove APT lists here because they get re-downloaded and removed later + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies +# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) + && apt-mark showmanual | xargs apt-mark auto > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ + \ +# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) + && ls -lAFh "$tempDir" \ + && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ + && grep '^Package: ' "$tempDir/Packages" \ + && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ +# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") +# Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) +# ... +# E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) + && apt-get -o Acquire::GzipIndexes=false update \ + ;; \ + esac \ + \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + $unitPackages \ + curl \ + && apt-get remove --purge --auto-remove -y apt-transport-https ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/unit.list \ + \ +# if we have leftovers from building, let's purge them (including extra, unnecessary build deps) + && if [ -n "$tempDir" ]; then \ + apt-get purge -y --auto-remove \ + && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ + fi + +# forward log to docker log collector +RUN ln -sf /dev/stdout /var/log/unit.log + +STOPSIGNAL SIGTERM + +CMD ["unitd", "--no-daemon", "--control", "unix:/var/run/control.unit.sock"] diff --git a/pkg/docker/Makefile b/pkg/docker/Makefile new file mode 100644 index 00000000..904c4058 --- /dev/null +++ b/pkg/docker/Makefile @@ -0,0 +1,68 @@ +#!/usr/bin/make + +DEFAULT_VERSION := $(shell grep 'define NXT_VERSION' ../../src/nxt_main.h \ + | sed -e 's/^.*"\(.*\)".*/\1/') +DEFAULT_RELEASE := 1 + +VERSION ?= $(DEFAULT_VERSION) +RELEASE ?= $(DEFAULT_RELEASE) +CODENAME := stretch + +UNIT_VERSION = $(VERSION)-$(RELEASE)~$(CODENAME) + +MODULES = python2.7 python3.5 php7.0 go1.7-dev go1.8-dev full minimal + +MODULE_php7.0="unit=$${UNIT_VERSION} unit-php=$${UNIT_VERSION}" + +MODULE_python2.7="unit=$${UNIT_VERSION} unit-python2.7=$${UNIT_VERSION}" + +MODULE_python3.5="unit=$${UNIT_VERSION} unit-python3.5=$${UNIT_VERSION}" + +MODULE_go1.7-dev="unit=$${UNIT_VERSION} unit-go1.7=$${UNIT_VERSION} gcc" + +MODULE_go1.8-dev="unit=$${UNIT_VERSION} unit-go1.8=$${UNIT_VERSION} gcc" + +MODULE_full="unit=$${UNIT_VERSION} unit-php=$${UNIT_VERSION} unit-python2.7=$${UNIT_VERSION} unit-python3.5=$${UNIT_VERSION}" + +MODULE_minimal="unit=$${UNIT_VERSION}" + +export \ + MODULE_python2.7 \ + MODULE_python3.5 \ + MODULE_php7.0 \ + MODULE_go1.7-dev \ + MODULE_go1.8-dev \ + MODULE_full \ + MODULE_minimal + +default: + @echo "valid targets: all build dockerfiles push clean" + +dockerfiles: $(addprefix Dockerfile., $(MODULES)) +build: dockerfiles $(addprefix build-,$(MODULES)) +push: build $(addprefix push-,$(MODULES)) latest + +Dockerfile.%: ../../src/nxt_main.h + @echo "===> Building $@" + cat Dockerfile.tmpl | sed \ + -e 's,@@UNITPACKAGES@@,$(MODULE_$*),g' \ + -e 's,@@UNIT_VERSION@@,$(UNIT_VERSION),g' \ + > $@ + +build-%: Dockerfile.% + docker build -t unit:$(VERSION)-$* -f Dockerfile.$* . + +push-%: + docker tag unit:$(VERSION)-$* nginx/unit:$(VERSION)-$* + docker push nginx/unit:$(VERSION)-$* + +latest: + docker tag nginx/unit:$(VERSION)-full nginx/unit:latest + docker push nginx/unit:latest + +all: $(addprefix Dockerfile., $(MODULES)) + +clean: + rm -f $(addprefix Dockerfile., $(MODULES)) + +.PHONY: default all build dockerfiles latest push clean |