Fossil SCM
Referencing the new containers.md file from Dockerfile.in so we can remove a big redundant block comment from it. While in there, made a few style tweaks that will help the ongoing container document expansion.
Commit
be8f721d61ff60af3b392e0c50965e8a6c183d99de18ba6168d9804019136542
Parent
7129dc986832851…
1 file changed
+8
-9
+8
-9
| --- Dockerfile.in | ||
| +++ Dockerfile.in | ||
| @@ -1,5 +1,7 @@ | ||
| 1 | +# See www/containers.md for documentation on how to use this file. | |
| 2 | + | |
| 1 | 3 | # STAGE 1: Build a static Fossil binary atop Alpine Linux |
| 2 | 4 | |
| 3 | 5 | FROM alpine:latest AS builder |
| 4 | 6 | COPY tools/busybox-config /tmp/bbx/.config |
| 5 | 7 | ARG BBXVER="1_35_0" |
| @@ -7,11 +9,12 @@ | ||
| 7 | 9 | ARG FSLVER="@FOSSIL_CI_PFX@" |
| 8 | 10 | ENV FSLURL "https://fossil-scm.org/home/tarball/?r=${FSLVER}" |
| 9 | 11 | ADD $BBXURL /tmp/bbx/src.tar.gz |
| 10 | 12 | ADD $FSLURL /tmp/fsl/src.tar.gz |
| 11 | 13 | WORKDIR /tmp |
| 12 | -RUN apk update \ | |
| 14 | +RUN set -x \ | |
| 15 | + && apk update \ | |
| 13 | 16 | && apk upgrade --no-cache \ |
| 14 | 17 | && apk add --no-cache \ |
| 15 | 18 | gcc make moreutils \ |
| 16 | 19 | linux-headers musl-dev \ |
| 17 | 20 | openssl-dev openssl-libs-static \ |
| @@ -30,15 +33,16 @@ | ||
| 30 | 33 | ARG UID=499 |
| 31 | 34 | ENV PATH "/bin:/jail/bin" |
| 32 | 35 | COPY --from=builder /tmp/fossil bin/ |
| 33 | 36 | COPY --from=builder /tmp/bbx/busybox /bin/ |
| 34 | 37 | RUN [ "/bin/busybox", "--install", "/bin" ] |
| 35 | -RUN mkdir -m 700 dev museum \ | |
| 38 | +RUN set -x \ | |
| 39 | + && mkdir -m 700 dev museum \ | |
| 36 | 40 | && mknod -m 600 dev/null c 1 3 \ |
| 37 | 41 | && mknod -m 600 dev/urandom c 1 9 \ |
| 38 | - && echo 'root:x:0:0:Fossil Init:/:/bin/nologin' > /etc/passwd \ | |
| 39 | - && echo 'root:x:0:root' > /etc/group \ | |
| 42 | + && echo 'root:x:0:0:SysAdmin:/:/bin/nologin' > /etc/passwd \ | |
| 43 | + && echo 'root:x:0:root' > /etc/group \ | |
| 40 | 44 | && addgroup -g ${UID} fossil \ |
| 41 | 45 | && adduser -h `pwd` -g 'Fossil User' -G fossil -u ${UID} -S fossil \ |
| 42 | 46 | && echo -e '#!/bin/sh\nfossil sha1sum "$@"' > /bin/sha1sum \ |
| 43 | 47 | && echo -e '#!/bin/sh\nfossil sha3sum "$@"' > /bin/sha3sum \ |
| 44 | 48 | && echo -e '#!/bin/sh\nfossil sqlite3 --no-repository "$@"' > /bin/sqlite3 \ |
| @@ -46,19 +50,14 @@ | ||
| 46 | 50 | && chmod +x /bin/sha?sum /bin/sqlite3 \ |
| 47 | 51 | && chown fossil:fossil . museum |
| 48 | 52 | |
| 49 | 53 | # Now we can run the stripped-down environment in a chroot jail, while |
| 50 | 54 | # leaving open the option to debug it live via the Busybox shell. |
| 51 | -# | |
| 52 | -# Implicit: We don't set USER here on purpose because we want Fossil to | |
| 53 | -# start as root so it can chroot itself away inside /jail. Since that's | |
| 54 | -# owned by the special fossil user, it drops root privileges for that | |
| 55 | -# user, preventing exotic root-based hacks on Docker. | |
| 56 | 55 | |
| 57 | 56 | EXPOSE 8080/tcp |
| 58 | 57 | CMD [ \ |
| 59 | 58 | "bin/fossil", "server", \ |
| 60 | 59 | "--chroot", "/jail", \ |
| 61 | 60 | "--create", \ |
| 62 | 61 | "--jsmode", "bundled", \ |
| 63 | 62 | "--user", "admin", \ |
| 64 | 63 | "museum/repo.fossil"] |
| 65 | 64 |
| --- Dockerfile.in | |
| +++ Dockerfile.in | |
| @@ -1,5 +1,7 @@ | |
| 1 | # STAGE 1: Build a static Fossil binary atop Alpine Linux |
| 2 | |
| 3 | FROM alpine:latest AS builder |
| 4 | COPY tools/busybox-config /tmp/bbx/.config |
| 5 | ARG BBXVER="1_35_0" |
| @@ -7,11 +9,12 @@ | |
| 7 | ARG FSLVER="@FOSSIL_CI_PFX@" |
| 8 | ENV FSLURL "https://fossil-scm.org/home/tarball/?r=${FSLVER}" |
| 9 | ADD $BBXURL /tmp/bbx/src.tar.gz |
| 10 | ADD $FSLURL /tmp/fsl/src.tar.gz |
| 11 | WORKDIR /tmp |
| 12 | RUN apk update \ |
| 13 | && apk upgrade --no-cache \ |
| 14 | && apk add --no-cache \ |
| 15 | gcc make moreutils \ |
| 16 | linux-headers musl-dev \ |
| 17 | openssl-dev openssl-libs-static \ |
| @@ -30,15 +33,16 @@ | |
| 30 | ARG UID=499 |
| 31 | ENV PATH "/bin:/jail/bin" |
| 32 | COPY --from=builder /tmp/fossil bin/ |
| 33 | COPY --from=builder /tmp/bbx/busybox /bin/ |
| 34 | RUN [ "/bin/busybox", "--install", "/bin" ] |
| 35 | RUN mkdir -m 700 dev museum \ |
| 36 | && mknod -m 600 dev/null c 1 3 \ |
| 37 | && mknod -m 600 dev/urandom c 1 9 \ |
| 38 | && echo 'root:x:0:0:Fossil Init:/:/bin/nologin' > /etc/passwd \ |
| 39 | && echo 'root:x:0:root' > /etc/group \ |
| 40 | && addgroup -g ${UID} fossil \ |
| 41 | && adduser -h `pwd` -g 'Fossil User' -G fossil -u ${UID} -S fossil \ |
| 42 | && echo -e '#!/bin/sh\nfossil sha1sum "$@"' > /bin/sha1sum \ |
| 43 | && echo -e '#!/bin/sh\nfossil sha3sum "$@"' > /bin/sha3sum \ |
| 44 | && echo -e '#!/bin/sh\nfossil sqlite3 --no-repository "$@"' > /bin/sqlite3 \ |
| @@ -46,19 +50,14 @@ | |
| 46 | && chmod +x /bin/sha?sum /bin/sqlite3 \ |
| 47 | && chown fossil:fossil . museum |
| 48 | |
| 49 | # Now we can run the stripped-down environment in a chroot jail, while |
| 50 | # leaving open the option to debug it live via the Busybox shell. |
| 51 | # |
| 52 | # Implicit: We don't set USER here on purpose because we want Fossil to |
| 53 | # start as root so it can chroot itself away inside /jail. Since that's |
| 54 | # owned by the special fossil user, it drops root privileges for that |
| 55 | # user, preventing exotic root-based hacks on Docker. |
| 56 | |
| 57 | EXPOSE 8080/tcp |
| 58 | CMD [ \ |
| 59 | "bin/fossil", "server", \ |
| 60 | "--chroot", "/jail", \ |
| 61 | "--create", \ |
| 62 | "--jsmode", "bundled", \ |
| 63 | "--user", "admin", \ |
| 64 | "museum/repo.fossil"] |
| 65 |
| --- Dockerfile.in | |
| +++ Dockerfile.in | |
| @@ -1,5 +1,7 @@ | |
| 1 | # See www/containers.md for documentation on how to use this file. |
| 2 | |
| 3 | # STAGE 1: Build a static Fossil binary atop Alpine Linux |
| 4 | |
| 5 | FROM alpine:latest AS builder |
| 6 | COPY tools/busybox-config /tmp/bbx/.config |
| 7 | ARG BBXVER="1_35_0" |
| @@ -7,11 +9,12 @@ | |
| 9 | ARG FSLVER="@FOSSIL_CI_PFX@" |
| 10 | ENV FSLURL "https://fossil-scm.org/home/tarball/?r=${FSLVER}" |
| 11 | ADD $BBXURL /tmp/bbx/src.tar.gz |
| 12 | ADD $FSLURL /tmp/fsl/src.tar.gz |
| 13 | WORKDIR /tmp |
| 14 | RUN set -x \ |
| 15 | && apk update \ |
| 16 | && apk upgrade --no-cache \ |
| 17 | && apk add --no-cache \ |
| 18 | gcc make moreutils \ |
| 19 | linux-headers musl-dev \ |
| 20 | openssl-dev openssl-libs-static \ |
| @@ -30,15 +33,16 @@ | |
| 33 | ARG UID=499 |
| 34 | ENV PATH "/bin:/jail/bin" |
| 35 | COPY --from=builder /tmp/fossil bin/ |
| 36 | COPY --from=builder /tmp/bbx/busybox /bin/ |
| 37 | RUN [ "/bin/busybox", "--install", "/bin" ] |
| 38 | RUN set -x \ |
| 39 | && mkdir -m 700 dev museum \ |
| 40 | && mknod -m 600 dev/null c 1 3 \ |
| 41 | && mknod -m 600 dev/urandom c 1 9 \ |
| 42 | && echo 'root:x:0:0:SysAdmin:/:/bin/nologin' > /etc/passwd \ |
| 43 | && echo 'root:x:0:root' > /etc/group \ |
| 44 | && addgroup -g ${UID} fossil \ |
| 45 | && adduser -h `pwd` -g 'Fossil User' -G fossil -u ${UID} -S fossil \ |
| 46 | && echo -e '#!/bin/sh\nfossil sha1sum "$@"' > /bin/sha1sum \ |
| 47 | && echo -e '#!/bin/sh\nfossil sha3sum "$@"' > /bin/sha3sum \ |
| 48 | && echo -e '#!/bin/sh\nfossil sqlite3 --no-repository "$@"' > /bin/sqlite3 \ |
| @@ -46,19 +50,14 @@ | |
| 50 | && chmod +x /bin/sha?sum /bin/sqlite3 \ |
| 51 | && chown fossil:fossil . museum |
| 52 | |
| 53 | # Now we can run the stripped-down environment in a chroot jail, while |
| 54 | # leaving open the option to debug it live via the Busybox shell. |
| 55 | |
| 56 | EXPOSE 8080/tcp |
| 57 | CMD [ \ |
| 58 | "bin/fossil", "server", \ |
| 59 | "--chroot", "/jail", \ |
| 60 | "--create", \ |
| 61 | "--jsmode", "bundled", \ |
| 62 | "--user", "admin", \ |
| 63 | "museum/repo.fossil"] |
| 64 |