kocolosk commented on a change in pull request #150: Ubi with runit URL: https://github.com/apache/couchdb-docker/pull/150#discussion_r330019898
########## File path: 2.3.1-ubi7/Dockerfile ########## @@ -0,0 +1,122 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +FROM registry.access.redhat.com/ubi7/ubi + +ARG RELEASE +ARG BUILD_DATE + +LABEL maintainer="CouchDB Developers d...@couchdb.apache.org" \ + name="Apache CouchDB" \ + version="2.3.1" \ + summary="Apache CouchDB based on Red Hat UBI" \ + description="Red Hat OpenShift-compatible container that runs Apache CouchDB" \ + release=${RELEASE} \ + usage="https://github.com/apache/couchdb-docker"; \ + build-date=${BUILD_DATE} \ + io.k8s.display-name="Apache CouchDB" \ + io.k8s.description="Red Hat OpenShift-compatible container that runs Apache CouchDB" \ + io.openshift.tags="database couchdb apache rhel7" \ + io.openshift.expose-services="5984/http,4369/epmd,9100/erlang" \ + io.openshift.min-memory="1Gi" \ + io.openshift.min-cpu="1" + +COPY imeyer_runit.repo /etc/yum.repos.d/imeyer_runit.repo +COPY bintray-apache-couchdb-rpm.repo /etc/yum.repos.d/bintray-apache-couchdb-rpm.repo + +ENV COUCHDB_VERSION 2.3.1 + +# Add CouchDB user account to make sure the IDs are assigned consistently +# CouchDB user added to root group for OpenShift support +RUN set -ex; \ + useradd -u 5984 -d /opt/couchdb -g root couchdb; \ +# be sure GPG and apt-transport-https are available and functional + yum update --disableplugin=subscription-manager -y && rm -rf /var/cache/yum; \ + yum install -y \ + ca-certificates \ + gnupg \ + pygpgme; \ +# install wget + yum update --disableplugin=subscription-manager -y && rm -rf /var/cache/yum; \ + yum history new; \ + yum install -y wget; \ +# Enable EPEL repositories (needed for python-progressbar dependency) + wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm; \ +# Remove wget + yum -y history undo 1; \ + yum install -y epel-release-latest-7.noarch.rpm; \ + rm epel-release-latest-7.noarch.rpm; \ +# Install runit + yum update --disableplugin=subscription-manager -y && rm -rf /var/cache/yum; \ + yum install --enablerepo=imeyer_runit -y runit; \ +# Clean up + yum clean all; \ + rm -rf /var/cache/yum + +# https://docs.couchdb.org/en/stable/install/unix.html +# ENV GPG_COUCH_KEY \ +# # gpg: key D401AB61: public key "Bintray (by JFrog) <bint...@bintray.com> imported +# 8756C4F765C9AC3CB6B85D62379CE192D401AB61 +# RUN set -xe; \ +# export GNUPGHOME="$(mktemp -d)"; \ +# echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \ +# for server in $(shuf -e pgpkeys.mit.edu \ +# ha.pool.sks-keyservers.net \ +# hkp://p80.pool.sks-keyservers.net:80 \ +# pgp.mit.edu) ; do \ +# gpg --batch --keyserver $server --recv-keys $GPG_COUCH_KEY && break || : ; \ +# done; \ +# gpg --batch --export $GPG_COUCH_KEY > /etc/apt/trusted.gpg.d/couchdb.gpg; \ +# command -v gpgconf && gpgconf --kill all || :; \ +# rm -rf "$GNUPGHOME"; \ +# apt-key list + +# Install CouchDB +RUN set -xe; \ + yum update --disableplugin=subscription-manager -y && rm -rf /var/cache/yum; \ + yum install --enablerepo=bintray-apache-couchdb-rpm -y couchdb; \ + yum clean all; \ + rm -rf /var/cache/yum; \ +# remove defaults that force writing logs to file + rm /opt/couchdb/etc/default.d/10-filelog.ini; \ +# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh + find /opt/couchdb \! \( -user couchdb -group 0 \) -exec chown -f couchdb:0 '{}' +; \ +# Setup directories and permissions for config. Technically these could be 555 and 444 respectively +# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint. + find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0775 '{}' +; \ + find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0664 '{}' +; \ Review comment: Should the check here be looking for 0775 / 0664 instead of 0755 / 0644? Looks like it might have been an oversight in the switch to the root group. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
