docker-library
/
httpd
mirror of https://github.com/docker-library/httpd.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #88 from infosiftr/eol-2.2 

Remove EOL 2.2.x series
This commit is contained in:
yosifkit 2018-01-25 14:46:14 -08:00 committed by GitHub
parent 49d553ae79 faf2448bd3
commit f41acbdc17
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 0 additions and 271 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.travis.yml
View File

@ -4,8 +4,6 @@ services: docker
env:
- VERSION=2.4
- VERSION=2.4 VARIANT=alpine
- VERSION=2.2
- VERSION=2.2 VARIANT=alpine
install:
- git clone https://github.com/docker-library/official-images.git ~/official-images

121
2.2/Dockerfile
View File

@ -1,121 +0,0 @@
FROM debian:jessie
# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
#RUN groupadd -r www-data && useradd -r --create-home -g www-data www-data
ENV HTTPD_PREFIX /usr/local/apache2
ENV PATH $HTTPD_PREFIX/bin:$PATH
RUN mkdir -p "$HTTPD_PREFIX" \
&& chown www-data:www-data "$HTTPD_PREFIX"
WORKDIR $HTTPD_PREFIX
# install httpd runtime dependencies
# https://httpd.apache.org/docs/2.2/install.html#requirements
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
libapr1 \
libaprutil1 \
libaprutil1-ldap \
libapr1-dev \
libaprutil1-dev \
libpcre++0 \
libssl1.0.0 \
&& rm -r /var/lib/apt/lists/*
ENV HTTPD_VERSION 2.2.34
ENV HTTPD_SHA256 e53183d5dfac5740d768b4c9bea193b1099f4b06b57e5f28d7caaf9ea7498160
# https://httpd.apache.org/security/vulnerabilities_22.html
ENV HTTPD_PATCHES="CVE-2017-9798-patch-2.2.patch 42c610f8a8f8d4d08664db6d9857120c2c252c9b388d56f238718854e6013e46 2.2.x-mod_proxy-without-APR_HAS_THREADS.patch beb66a79a239f7e898311c5ed6a38c070c641ec56706a295b7e5caf3c55a7296"
ENV APACHE_DIST_URLS \
# https://issues.apache.org/jira/browse/INFRA-8753?focusedCommentId=14735394#comment-14735394
https://www.apache.org/dyn/closer.cgi?action=download&filename= \
# if the version is outdated (or we're grabbing the .asc file), we might have to pull from the dist/archive :/
https://www-us.apache.org/dist/ \
https://www.apache.org/dist/ \
https://archive.apache.org/dist/
# see https://httpd.apache.org/docs/2.2/install.html#requirements
RUN set -eux; \
\
buildDeps=' \
bzip2 \
ca-certificates \
dpkg-dev \
gcc \
libpcre++-dev \
libssl-dev \
make \
wget \
'; \
apt-get update; \
apt-get install -y --no-install-recommends -V $buildDeps; \
rm -r /var/lib/apt/lists/*; \
\
ddist() { \
local f="$1"; shift; \
local distFile="$1"; shift; \
local success=; \
local distUrl=; \
for distUrl in $APACHE_DIST_URLS; do \
if wget -O "$f" "$distUrl$distFile"; then \
success=1; \
break; \
fi; \
done; \
[ -n "$success" ]; \
}; \
\
ddist 'httpd.tar.bz2' "httpd/httpd-$HTTPD_VERSION.tar.bz2"; \
echo "$HTTPD_SHA256 *httpd.tar.bz2" | sha256sum -c -; \
\
# see https://httpd.apache.org/download.cgi#verify
ddist 'httpd.tar.bz2.asc' "httpd/httpd-$HTTPD_VERSION.tar.bz2.asc"; \
export GNUPGHOME="$(mktemp -d)"; \
gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B1B96F45DFBDCCF974019235193F180AB55D9977; \
gpg --batch --verify httpd.tar.bz2.asc httpd.tar.bz2; \
rm -rf "$GNUPGHOME" httpd.tar.bz2.asc; \
\
mkdir -p src; \
tar -xf httpd.tar.bz2 -C src --strip-components=1; \
rm httpd.tar.bz2; \
cd src; \
\
patches() { \
while [ "$#" -gt 0 ]; do \
local patchFile="$1"; shift; \
local patchSha256="$1"; shift; \
ddist "$patchFile" "httpd/patches/apply_to_$HTTPD_VERSION/$patchFile"; \
echo "$patchSha256 *$patchFile" | sha256sum -c -; \
patch -p0 < "$patchFile"; \
rm -f "$patchFile"; \
done; \
}; \
patches $HTTPD_PATCHES; \
\
gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \
./configure \
--build="$gnuArch" \
--prefix="$HTTPD_PREFIX" \
# https://httpd.apache.org/docs/2.2/programs/configure.html
# Caveat: --enable-mods-shared=all does not actually build all modules. To build all modules then, one might use:
--enable-mods-shared='all ssl ldap cache proxy authn_alias mem_cache file_cache authnz_ldap charset_lite dav_lock disk_cache' \
; \
make -j "$(nproc)"; \
make install; \
\
cd ..; \
rm -r src man manual; \
\
sed -ri \
-e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \
-e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \
"$HTTPD_PREFIX/conf/httpd.conf"; \
\
apt-get purge -y --auto-remove $buildDeps
COPY httpd-foreground /usr/local/bin/
EXPOSE 80
CMD ["httpd-foreground"]

134
2.2/alpine/Dockerfile
View File

@ -1,134 +0,0 @@
# this cannot upgrade to Alpine 3.5 due to https://github.com/libressl-portable/portable/issues/147
# given that 2.2.x is a "legacy branch", and is in security-fixes-only mode upstream, this should be reasonably fine
# "Minimal maintenance patches of 2.2.x are expected throughout this period, and users are strongly encouraged to promptly complete their transitions to the the 2.4.x flavour of httpd to benefit from a much larger assortment of minor security and bug fixes as well as new features."
# https://httpd.apache.org/
FROM alpine:3.4
# ensure www-data user exists
RUN set -x \
&& addgroup -g 82 -S www-data \
&& adduser -u 82 -D -S -G www-data www-data
# 82 is the standard uid/gid for "www-data" in Alpine
# http://git.alpinelinux.org/cgit/aports/tree/main/apache2/apache2.pre-install?h=v3.3.2
# http://git.alpinelinux.org/cgit/aports/tree/main/lighttpd/lighttpd.pre-install?h=v3.3.2
# http://git.alpinelinux.org/cgit/aports/tree/main/nginx-initscripts/nginx-initscripts.pre-install?h=v3.3.2
ENV HTTPD_PREFIX /usr/local/apache2
ENV PATH $HTTPD_PREFIX/bin:$PATH
RUN mkdir -p "$HTTPD_PREFIX" \
&& chown www-data:www-data "$HTTPD_PREFIX"
WORKDIR $HTTPD_PREFIX
ENV HTTPD_VERSION 2.2.34
ENV HTTPD_SHA256 e53183d5dfac5740d768b4c9bea193b1099f4b06b57e5f28d7caaf9ea7498160
# https://httpd.apache.org/security/vulnerabilities_22.html
ENV HTTPD_PATCHES="CVE-2017-9798-patch-2.2.patch 42c610f8a8f8d4d08664db6d9857120c2c252c9b388d56f238718854e6013e46 2.2.x-mod_proxy-without-APR_HAS_THREADS.patch beb66a79a239f7e898311c5ed6a38c070c641ec56706a295b7e5caf3c55a7296"
ENV APACHE_DIST_URLS \
# https://issues.apache.org/jira/browse/INFRA-8753?focusedCommentId=14735394#comment-14735394
https://www.apache.org/dyn/closer.cgi?action=download&filename= \
# if the version is outdated (or we're grabbing the .asc file), we might have to pull from the dist/archive :/
https://www-us.apache.org/dist/ \
https://www.apache.org/dist/ \
https://archive.apache.org/dist/
# see https://httpd.apache.org/docs/2.2/install.html#requirements
RUN set -eux; \
\
runDeps=' \
apr-dev \
apr-util-dev \
apr-util-ldap \
perl \
'; \
apk add --no-cache --virtual .build-deps \
$runDeps \
ca-certificates \
coreutils \
dpkg-dev dpkg \
gcc \
gnupg \
libc-dev \
make \
openssl \
openssl-dev \
pcre-dev \
tar \
# install GNU wget (Busybox wget in Alpine 3.4 gives us "wget: error getting response: Connection reset by peer" for some reason)
wget \
; \
\
ddist() { \
local f="$1"; shift; \
local distFile="$1"; shift; \
local success=; \
local distUrl=; \
for distUrl in $APACHE_DIST_URLS; do \
if wget -O "$f" "$distUrl$distFile"; then \
success=1; \
break; \
fi; \
done; \
[ -n "$success" ]; \
}; \
\
ddist 'httpd.tar.bz2' "httpd/httpd-$HTTPD_VERSION.tar.bz2"; \
echo "$HTTPD_SHA256 *httpd.tar.bz2" | sha256sum -c -; \
\
# see https://httpd.apache.org/download.cgi#verify
ddist 'httpd.tar.bz2.asc' "httpd/httpd-$HTTPD_VERSION.tar.bz2.asc"; \
export GNUPGHOME="$(mktemp -d)"; \
gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B1B96F45DFBDCCF974019235193F180AB55D9977; \
gpg --batch --verify httpd.tar.bz2.asc httpd.tar.bz2; \
rm -rf "$GNUPGHOME" httpd.tar.bz2.asc; \
\
mkdir -p src; \
tar -xf httpd.tar.bz2 -C src --strip-components=1; \
rm httpd.tar.bz2; \
cd src; \
\
patches() { \
while [ "$#" -gt 0 ]; do \
local patchFile="$1"; shift; \
local patchSha256="$1"; shift; \
ddist "$patchFile" "httpd/patches/apply_to_$HTTPD_VERSION/$patchFile"; \
echo "$patchSha256 *$patchFile" | sha256sum -c -; \
patch -p0 < "$patchFile"; \
rm -f "$patchFile"; \
done; \
}; \
patches $HTTPD_PATCHES; \
\
gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \
./configure \
--build="$gnuArch" \
--prefix="$HTTPD_PREFIX" \
# https://httpd.apache.org/docs/2.2/programs/configure.html
# Caveat: --enable-mods-shared=all does not actually build all modules. To build all modules then, one might use:
--enable-mods-shared='all ssl ldap cache proxy authn_alias mem_cache file_cache authnz_ldap charset_lite dav_lock disk_cache' \
; \
make -j "$(nproc)"; \
make install; \
\
cd ..; \
rm -r src man manual; \
\
sed -ri \
-e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \
-e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \
"$HTTPD_PREFIX/conf/httpd.conf"; \
\
runDeps="$runDeps $( \
scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \
| tr ',' '\n' \
| sort -u \
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
)"; \
apk add --virtual .httpd-rundeps $runDeps; \
apk del .build-deps
COPY httpd-foreground /usr/local/bin/
EXPOSE 80
CMD ["httpd-foreground"]

7
2.2/alpine/httpd-foreground
View File

@ -1,7 +0,0 @@
#!/bin/sh
set -e
# Apache gets grumpy about PID files pre-existing
rm -f /usr/local/apache2/logs/httpd.pid
exec httpd -DFOREGROUND

7
2.2/httpd-foreground
View File

@ -1,7 +0,0 @@
#!/bin/bash
set -e
# Apache gets grumpy about PID files pre-existing
rm -f /usr/local/apache2/logs/httpd.pid
exec httpd -DFOREGROUND