Skip to content

Commit a5a4a99

Browse files
alessfgalessfg
committed
Update mainline NGINX to 1.25.1
* Update mainline NGINX Debian release to bookworm * Add option to use a "local" resolver * Use no-network option for `apk del`
1 parent 8a38711 commit a5a4a99

19 files changed

+106
-44
lines changed

Dockerfile-alpine-perl.template

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -65,12 +65,12 @@ RUN set -x \
6565
&& abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \
6666
" \
6767
&& cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \
68-
&& apk del .build-deps \
68+
&& apk del --no-network .build-deps \
6969
&& apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \
7070
;; \
7171
esac \
7272
# remove checksum deps
73-
&& apk del .checksum-deps \
73+
&& apk del --no-network .checksum-deps \
7474
# if we have leftovers from building, let's purge them (including extra, unnecessary build deps)
7575
&& if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \
7676
&& if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \

Dockerfile-alpine-slim.template

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -70,12 +70,12 @@ RUN set -x \
7070
&& abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \
7171
" \
7272
&& cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \
73-
&& apk del .build-deps \
73+
&& apk del --no-network .build-deps \
7474
&& apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \
7575
;; \
7676
esac \
7777
# remove checksum deps
78-
&& apk del .checksum-deps \
78+
&& apk del --no-network .checksum-deps \
7979
# if we have leftovers from building, let's purge them (including extra, unnecessary build deps)
8080
&& if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \
8181
&& if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \
@@ -95,7 +95,7 @@ RUN set -x \
9595
| sort -u \
9696
)" \
9797
&& apk add --no-cache $runDeps \
98-
&& apk del .gettext \
98+
&& apk del --no-network .gettext \
9999
&& mv /tmp/envsubst /usr/local/bin/ \
100100
# Bring in tzdata so users could set the timezones through the environment
101101
# variables
@@ -119,6 +119,7 @@ RUN sed -i 's,listen 80;,listen 8080;,' /etc/nginx/conf.d/default.co
119119

120120
COPY docker-entrypoint.sh /
121121
COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d
122+
COPY 15-local-resolvers.envsh /docker-entrypoint.d
122123
COPY 20-envsubst-on-templates.sh /docker-entrypoint.d
123124
COPY 30-tune-worker-processes.sh /docker-entrypoint.d
124125
ENTRYPOINT ["/docker-entrypoint.sh"]

Dockerfile-alpine.template

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -70,12 +70,12 @@ RUN set -x \
7070
&& abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \
7171
" \
7272
&& cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \
73-
&& apk del .build-deps \
73+
&& apk del --no-network .build-deps \
7474
&& apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \
7575
;; \
7676
esac \
7777
# remove checksum deps
78-
&& apk del .checksum-deps \
78+
&& apk del --no-network .checksum-deps \
7979
# if we have leftovers from building, let's purge them (including extra, unnecessary build deps)
8080
&& if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \
8181
&& if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \

Dockerfile-debian.template

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,8 +12,8 @@ ARG GID=101
1212

1313
RUN set -x \
1414
# create nginx user/group first, to be consistent throughout docker variants
15-
&& addgroup --system --gid $GID nginx || true \
16-
&& adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid $UID nginx || true \
15+
&& groupadd --system --gid $GID nginx || true \
16+
&& useradd --system --gid nginx --no-create-home --home /nonexistent --comment "nginx user" --shell /bin/false --uid $UID nginx || true \
1717
&& apt-get update \
1818
&& apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \
1919
&& \
@@ -112,6 +112,7 @@ RUN sed -i 's,listen 80;,listen 8080;,' /etc/nginx/conf.d/default.co
112112

113113
COPY docker-entrypoint.sh /
114114
COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d
115+
COPY 15-local-resolvers.envsh /docker-entrypoint.d
115116
COPY 20-envsubst-on-templates.sh /docker-entrypoint.d
116117
COPY 30-tune-worker-processes.sh /docker-entrypoint.d
117118
ENTRYPOINT ["/docker-entrypoint.sh"]

entrypoint/15-local-resolvers.envsh

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
#!/bin/sh
2+
# vim:sw=2:ts=2:sts=2:et
3+
4+
set -eu
5+
6+
LC_ALL=C
7+
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
8+
9+
[ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0
10+
11+
export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf)

mainline/alpine-perl/Dockerfile

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
#
44
# PLEASE DO NOT EDIT IT DIRECTLY.
55
#
6-
ARG IMAGE=nginxinc/nginx-unprivileged:1.25.0-alpine
6+
ARG IMAGE=nginxinc/nginx-unprivileged:1.25.1-alpine
77
FROM $IMAGE
88

99
ARG UID=101
@@ -61,7 +61,7 @@ RUN set -x \
6161
export HOME=${tempDir} \
6262
&& cd ${tempDir} \
6363
&& curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \
64-
&& PKGOSSCHECKSUM=\"18bee4bd498e0b8da765e8cd2d824e1027d40fd95d55fd59339cdb5d5e0e633795f4196c76045e86027cdfc6ab05a3cc0d39b25bd0a967f1edd47910d813262a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \
64+
&& PKGOSSCHECKSUM=\"dd08a5c2b441817d58ffc91ade0d927a21bc9854c768391e92a005997a2961bcda64ca6a5cfce98d5394ac2787c8f4839b150f206835a8a7db944625651f9fd8 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \
6565
&& if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \
6666
echo \"pkg-oss tarball checksum verification succeeded!\"; \
6767
else \
@@ -76,12 +76,12 @@ RUN set -x \
7676
&& abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \
7777
" \
7878
&& cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \
79-
&& apk del .build-deps \
79+
&& apk del --no-network .build-deps \
8080
&& apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \
8181
;; \
8282
esac \
8383
# remove checksum deps
84-
&& apk del .checksum-deps \
84+
&& apk del --no-network .checksum-deps \
8585
# if we have leftovers from building, let's purge them (including extra, unnecessary build deps)
8686
&& if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \
8787
&& if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \

mainline/alpine-slim/15-local-resolvers.envsh

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
#!/bin/sh
2+
# vim:sw=2:ts=2:sts=2:et
3+
4+
set -eu
5+
6+
LC_ALL=C
7+
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
8+
9+
[ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0
10+
11+
export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf)

mainline/alpine-slim/Dockerfile

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ FROM $IMAGE
88

99
LABEL maintainer="NGINX Docker Maintainers <[email protected]>"
1010

11-
ENV NGINX_VERSION 1.25.0
11+
ENV NGINX_VERSION 1.25.1
1212
ENV PKG_RELEASE 1
1313

1414
ARG UID=101
@@ -61,7 +61,7 @@ RUN set -x \
6161
export HOME=${tempDir} \
6262
&& cd ${tempDir} \
6363
&& curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \
64-
&& PKGOSSCHECKSUM=\"18bee4bd498e0b8da765e8cd2d824e1027d40fd95d55fd59339cdb5d5e0e633795f4196c76045e86027cdfc6ab05a3cc0d39b25bd0a967f1edd47910d813262a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \
64+
&& PKGOSSCHECKSUM=\"dd08a5c2b441817d58ffc91ade0d927a21bc9854c768391e92a005997a2961bcda64ca6a5cfce98d5394ac2787c8f4839b150f206835a8a7db944625651f9fd8 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \
6565
&& if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \
6666
echo \"pkg-oss tarball checksum verification succeeded!\"; \
6767
else \
@@ -76,12 +76,12 @@ RUN set -x \
7676
&& abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \
7777
" \
7878
&& cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \
79-
&& apk del .build-deps \
79+
&& apk del --no-network .build-deps \
8080
&& apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \
8181
;; \
8282
esac \
8383
# remove checksum deps
84-
&& apk del .checksum-deps \
84+
&& apk del --no-network .checksum-deps \
8585
# if we have leftovers from building, let's purge them (including extra, unnecessary build deps)
8686
&& if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \
8787
&& if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \
@@ -101,7 +101,7 @@ RUN set -x \
101101
| sort -u \
102102
)" \
103103
&& apk add --no-cache $runDeps \
104-
&& apk del .gettext \
104+
&& apk del --no-network .gettext \
105105
&& mv /tmp/envsubst /usr/local/bin/ \
106106
# Bring in tzdata so users could set the timezones through the environment
107107
# variables
@@ -125,6 +125,7 @@ RUN sed -i 's,listen 80;,listen 8080;,' /etc/nginx/conf.d/default.co
125125

126126
COPY docker-entrypoint.sh /
127127
COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d
128+
COPY 15-local-resolvers.envsh /docker-entrypoint.d
128129
COPY 20-envsubst-on-templates.sh /docker-entrypoint.d
129130
COPY 30-tune-worker-processes.sh /docker-entrypoint.d
130131
ENTRYPOINT ["/docker-entrypoint.sh"]

mainline/alpine/Dockerfile

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
#
44
# PLEASE DO NOT EDIT IT DIRECTLY.
55
#
6-
ARG IMAGE=nginxinc/nginx-unprivileged:1.25.0-alpine-slim
6+
ARG IMAGE=nginxinc/nginx-unprivileged:1.25.1-alpine-slim
77
FROM $IMAGE
88

99
ENV NJS_VERSION 0.7.12
@@ -65,7 +65,7 @@ RUN set -x \
6565
export HOME=${tempDir} \
6666
&& cd ${tempDir} \
6767
&& curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \
68-
&& PKGOSSCHECKSUM=\"18bee4bd498e0b8da765e8cd2d824e1027d40fd95d55fd59339cdb5d5e0e633795f4196c76045e86027cdfc6ab05a3cc0d39b25bd0a967f1edd47910d813262a *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \
68+
&& PKGOSSCHECKSUM=\"dd08a5c2b441817d58ffc91ade0d927a21bc9854c768391e92a005997a2961bcda64ca6a5cfce98d5394ac2787c8f4839b150f206835a8a7db944625651f9fd8 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \
6969
&& if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \
7070
echo \"pkg-oss tarball checksum verification succeeded!\"; \
7171
else \
@@ -80,12 +80,12 @@ RUN set -x \
8080
&& abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \
8181
" \
8282
&& cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \
83-
&& apk del .build-deps \
83+
&& apk del --no-network .build-deps \
8484
&& apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \
8585
;; \
8686
esac \
8787
# remove checksum deps
88-
&& apk del .checksum-deps \
88+
&& apk del --no-network .checksum-deps \
8989
# if we have leftovers from building, let's purge them (including extra, unnecessary build deps)
9090
&& if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \
9191
&& if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \

mainline/debian-perl/Dockerfile

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
#
44
# PLEASE DO NOT EDIT IT DIRECTLY.
55
#
6-
ARG IMAGE=nginxinc/nginx-unprivileged:1.25.0
6+
ARG IMAGE=nginxinc/nginx-unprivileged:1.25.1
77
FROM $IMAGE
88

99
ARG UID=101
@@ -42,13 +42,13 @@ RUN set -x \
4242
&& case "$dpkgArch" in \
4343
amd64|arm64) \
4444
# arches officialy built by upstream
45-
echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \
45+
echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \
4646
&& apt-get update \
4747
;; \
4848
*) \
4949
# we're on an architecture upstream doesn't officially build for
5050
# let's build binaries from the published source packages
51-
echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \
51+
echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \
5252
\
5353
# new directory for storing sources and .deb files
5454
&& tempDir="$(mktemp -d)" \

0 commit comments

Comments
 (0)