1c1 < FROM debian:buster-slim --- > FROM openjdk:11-jdk as BUILDER 5c5,41 < ENV UNIT_VERSION 1.21.0-1~buster --- > RUN set -ex \ > && apt-get update \ > && apt-get install --no-install-recommends --no-install-suggests -y ca-certificates mercurial build-essential libssl-dev libpcre2-dev \ > && mkdir -p /usr/lib/unit/modules /usr/lib/unit/debug-modules \ > && hg clone https://hg.nginx.org/unit \ > && cd unit \ > && hg up 1.21.0 \ > && NCPU="$(getconf _NPROCESSORS_ONLN)" \ > && DEB_HOST_MULTIARCH="$(dpkg-architecture -q DEB_HOST_MULTIARCH)" \ > && CC_OPT="$(DEB_BUILD_MAINT_OPTIONS="hardening=+all,-pie" DEB_CFLAGS_MAINT_APPEND="-Wp,-D_FORTIFY_SOURCE=2 -fPIC" dpkg-buildflags --get CFLAGS)" \ > && LD_OPT="$(DEB_BUILD_MAINT_OPTIONS="hardening=+all,-pie" DEB_LDFLAGS_MAINT_APPEND="-Wl,--as-needed -pie" dpkg-buildflags --get LDFLAGS)" \ > && CONFIGURE_ARGS="--prefix=/usr \ > --state=/var/lib/unit \ > --control=unix:/var/run/control.unit.sock \ > --pid=/var/run/unit.pid \ > --log=/var/log/unit.log \ > --tmp=/var/tmp \ > --user=unit \ > --group=unit \ > --openssl \ > --libdir=/usr/lib/$DEB_HOST_MULTIARCH" \ > && ./configure $CONFIGURE_ARGS --cc-opt="$CC_OPT" --ld-opt="$LD_OPT" --modules=/usr/lib/unit/debug-modules --debug \ > && make -j $NCPU unitd \ > && install -pm755 build/unitd /usr/sbin/unitd-debug \ > && make clean \ > && ./configure $CONFIGURE_ARGS --cc-opt="$CC_OPT" --ld-opt="$LD_OPT" --modules=/usr/lib/unit/modules \ > && make -j $NCPU unitd \ > && install -pm755 build/unitd /usr/sbin/unitd \ > && make clean \ > && ./configure $CONFIGURE_ARGS --cc-opt="$CC_OPT" --modules=/usr/lib/unit/debug-modules --debug \ > && ./configure java --jars=/usr/share/unit-jsc-common/ \ > && make -j $NCPU java-shared-install java-install \ > && make clean \ > && ./configure $CONFIGURE_ARGS --cc-opt="$CC_OPT" --modules=/usr/lib/unit/modules \ > && ./configure java --jars=/usr/share/unit-jsc-common/ \ > && make -j $NCPU java-shared-install java-install \ > && ldd /usr/sbin/unitd | awk '/=>/{print $(NF-1)}' | while read n; do dpkg-query -S $n; done | sed 's/^\([^:]\+\):.*$/\1/' | sort | uniq > /requirements.apt 6a43,49 > FROM openjdk:11-jdk > COPY docker-entrypoint.sh /usr/local/bin/ > COPY --from=BUILDER /usr/sbin/unitd /usr/sbin/unitd > COPY --from=BUILDER /usr/sbin/unitd-debug /usr/sbin/unitd-debug > COPY --from=BUILDER /usr/lib/unit/ /usr/lib/unit/ > COPY --from=BUILDER /requirements.apt /requirements.apt > COPY --from=BUILDER /usr/share/unit-jsc-common/ /usr/share/unit-jsc-common/ 8,84c51,67 < && apt-get update \ < && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 apt-transport-https ca-certificates \ < && \ < NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ < found=''; \ < for server in \ < ha.pool.sks-keyservers.net \ < hkp://keyserver.ubuntu.com:80 \ < hkp://p80.pool.sks-keyservers.net:80 \ < pgp.mit.edu \ < ; do \ < echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ < apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ < done; \ < test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ < apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \ < # work-around debian bug 863199 < && mkdir -p /usr/share/man/man1 \ < && dpkgArch="$(dpkg --print-architecture)" \ < && unitPackages="unit=${UNIT_VERSION} unit-jsc11=${UNIT_VERSION}" \ < && case "$dpkgArch" in \ < amd64|i386) \ < # arches officialy built by upstream < echo "deb https://packages.nginx.org/unit/debian/ buster unit" >> /etc/apt/sources.list.d/unit.list \ < && apt-get update \ < ;; \ < *) \ < # we're on an architecture upstream doesn't officially build for < # let's build binaries from the published source packages < echo "deb-src https://packages.nginx.org/unit/debian/ buster unit" >> /etc/apt/sources.list.d/unit.list \ < \ < # new directory for storing sources and .deb files < && tempDir="$(mktemp -d)" \ < && chmod 777 "$tempDir" \ < # (777 to ensure APT's "_apt" user can access it too) < \ < # save list of currently-installed packages so build dependencies can be cleanly removed later < && savedAptMark="$(apt-mark showmanual)" \ < \ < # build .deb files from upstream's source packages (which are verified by apt-get) < && apt-get update \ < && apt-get build-dep -y $unitPackages \ < && ( \ < cd "$tempDir" \ < && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \ < apt-get source --compile $unitPackages \ < ) \ < # we don't remove APT lists here because they get re-downloaded and removed later < \ < # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies < # (which is done after we install the built packages so we don't have to redownload any overlapping dependencies) < && apt-mark showmanual | xargs apt-mark auto > /dev/null \ < && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \ < \ < # create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be) < && ls -lAFh "$tempDir" \ < && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \ < && grep '^Package: ' "$tempDir/Packages" \ < && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \ < # work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes") < # Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) < # ... < # E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied) < && apt-get -o Acquire::GzipIndexes=false update \ < ;; \ < esac \ < \ < && apt-get install --no-install-recommends --no-install-suggests -y \ < $unitPackages \ < curl \ < && apt-get remove --purge --auto-remove -y apt-transport-https && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/unit.list \ < \ < # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) < && if [ -n "$tempDir" ]; then \ < apt-get purge -y --auto-remove \ < && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \ < fi --- > && mkdir -p /var/lib/unit/ \ > && mkdir /docker-entrypoint.d/ \ > && addgroup --system unit \ > && adduser \ > --system \ > --disabled-login \ > --ingroup unit \ > --no-create-home \ > --home /nonexistent \ > --gecos "unit user" \ > --shell /bin/false \ > unit \ > && apt update \ > && apt --no-install-recommends --no-install-suggests -y install $(cat /requirements.apt) \ > && apt-get clean && rm -rf /var/lib/apt/lists/* \ > && rm -f /requirements.apt \ > && ln -sf /dev/stdout /var/log/unit.log 86,88d68 < # forward log to docker log collector < RUN ln -sf /dev/stdout /var/log/unit.log < 91,92d70 < COPY docker-entrypoint.sh /usr/local/bin/ < RUN mkdir /docker-entrypoint.d/