diff --git a/.travis.yml b/.travis.yml index 5451eac..6bf8bdd 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,8 +4,6 @@ services: docker env: - VERSION=2.4 - VERSION=2.4 VARIANT=alpine - - VERSION=2.2 - - VERSION=2.2 VARIANT=alpine install: - git clone https://github.com/docker-library/official-images.git ~/official-images diff --git a/2.2/Dockerfile b/2.2/Dockerfile deleted file mode 100644 index 4c6933e..0000000 --- a/2.2/Dockerfile +++ /dev/null @@ -1,121 +0,0 @@ -FROM debian:jessie - -# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added -#RUN groupadd -r www-data && useradd -r --create-home -g www-data www-data - -ENV HTTPD_PREFIX /usr/local/apache2 -ENV PATH $HTTPD_PREFIX/bin:$PATH -RUN mkdir -p "$HTTPD_PREFIX" \ - && chown www-data:www-data "$HTTPD_PREFIX" -WORKDIR $HTTPD_PREFIX - -# install httpd runtime dependencies -# https://httpd.apache.org/docs/2.2/install.html#requirements -RUN apt-get update \ - && apt-get install -y --no-install-recommends \ - libapr1 \ - libaprutil1 \ - libaprutil1-ldap \ - libapr1-dev \ - libaprutil1-dev \ - libpcre++0 \ - libssl1.0.0 \ - && rm -r /var/lib/apt/lists/* - -ENV HTTPD_VERSION 2.2.34 -ENV HTTPD_SHA256 e53183d5dfac5740d768b4c9bea193b1099f4b06b57e5f28d7caaf9ea7498160 - -# https://httpd.apache.org/security/vulnerabilities_22.html -ENV HTTPD_PATCHES="CVE-2017-9798-patch-2.2.patch 42c610f8a8f8d4d08664db6d9857120c2c252c9b388d56f238718854e6013e46 2.2.x-mod_proxy-without-APR_HAS_THREADS.patch beb66a79a239f7e898311c5ed6a38c070c641ec56706a295b7e5caf3c55a7296" - -ENV APACHE_DIST_URLS \ -# https://issues.apache.org/jira/browse/INFRA-8753?focusedCommentId=14735394#comment-14735394 - https://www.apache.org/dyn/closer.cgi?action=download&filename= \ -# if the version is outdated (or we're grabbing the .asc file), we might have to pull from the dist/archive :/ - https://www-us.apache.org/dist/ \ - https://www.apache.org/dist/ \ - https://archive.apache.org/dist/ - -# see https://httpd.apache.org/docs/2.2/install.html#requirements -RUN set -eux; \ - \ - buildDeps=' \ - bzip2 \ - ca-certificates \ - dpkg-dev \ - gcc \ - libpcre++-dev \ - libssl-dev \ - make \ - wget \ - '; \ - apt-get update; \ - apt-get install -y --no-install-recommends -V $buildDeps; \ - rm -r /var/lib/apt/lists/*; \ - \ - ddist() { \ - local f="$1"; shift; \ - local distFile="$1"; shift; \ - local success=; \ - local distUrl=; \ - for distUrl in $APACHE_DIST_URLS; do \ - if wget -O "$f" "$distUrl$distFile"; then \ - success=1; \ - break; \ - fi; \ - done; \ - [ -n "$success" ]; \ - }; \ - \ - ddist 'httpd.tar.bz2' "httpd/httpd-$HTTPD_VERSION.tar.bz2"; \ - echo "$HTTPD_SHA256 *httpd.tar.bz2" | sha256sum -c -; \ - \ -# see https://httpd.apache.org/download.cgi#verify - ddist 'httpd.tar.bz2.asc' "httpd/httpd-$HTTPD_VERSION.tar.bz2.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B1B96F45DFBDCCF974019235193F180AB55D9977; \ - gpg --batch --verify httpd.tar.bz2.asc httpd.tar.bz2; \ - rm -rf "$GNUPGHOME" httpd.tar.bz2.asc; \ - \ - mkdir -p src; \ - tar -xf httpd.tar.bz2 -C src --strip-components=1; \ - rm httpd.tar.bz2; \ - cd src; \ - \ - patches() { \ - while [ "$#" -gt 0 ]; do \ - local patchFile="$1"; shift; \ - local patchSha256="$1"; shift; \ - ddist "$patchFile" "httpd/patches/apply_to_$HTTPD_VERSION/$patchFile"; \ - echo "$patchSha256 *$patchFile" | sha256sum -c -; \ - patch -p0 < "$patchFile"; \ - rm -f "$patchFile"; \ - done; \ - }; \ - patches $HTTPD_PATCHES; \ - \ - gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ - ./configure \ - --build="$gnuArch" \ - --prefix="$HTTPD_PREFIX" \ -# https://httpd.apache.org/docs/2.2/programs/configure.html -# Caveat: --enable-mods-shared=all does not actually build all modules. To build all modules then, one might use: - --enable-mods-shared='all ssl ldap cache proxy authn_alias mem_cache file_cache authnz_ldap charset_lite dav_lock disk_cache' \ - ; \ - make -j "$(nproc)"; \ - make install; \ - \ - cd ..; \ - rm -r src man manual; \ - \ - sed -ri \ - -e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \ - -e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \ - "$HTTPD_PREFIX/conf/httpd.conf"; \ - \ - apt-get purge -y --auto-remove $buildDeps - -COPY httpd-foreground /usr/local/bin/ - -EXPOSE 80 -CMD ["httpd-foreground"] diff --git a/2.2/alpine/Dockerfile b/2.2/alpine/Dockerfile deleted file mode 100644 index 2da7e1a..0000000 --- a/2.2/alpine/Dockerfile +++ /dev/null @@ -1,134 +0,0 @@ -# this cannot upgrade to Alpine 3.5 due to https://github.com/libressl-portable/portable/issues/147 -# given that 2.2.x is a "legacy branch", and is in security-fixes-only mode upstream, this should be reasonably fine -# "Minimal maintenance patches of 2.2.x are expected throughout this period, and users are strongly encouraged to promptly complete their transitions to the the 2.4.x flavour of httpd to benefit from a much larger assortment of minor security and bug fixes as well as new features." -# https://httpd.apache.org/ -FROM alpine:3.4 - -# ensure www-data user exists -RUN set -x \ - && addgroup -g 82 -S www-data \ - && adduser -u 82 -D -S -G www-data www-data -# 82 is the standard uid/gid for "www-data" in Alpine -# http://git.alpinelinux.org/cgit/aports/tree/main/apache2/apache2.pre-install?h=v3.3.2 -# http://git.alpinelinux.org/cgit/aports/tree/main/lighttpd/lighttpd.pre-install?h=v3.3.2 -# http://git.alpinelinux.org/cgit/aports/tree/main/nginx-initscripts/nginx-initscripts.pre-install?h=v3.3.2 - -ENV HTTPD_PREFIX /usr/local/apache2 -ENV PATH $HTTPD_PREFIX/bin:$PATH -RUN mkdir -p "$HTTPD_PREFIX" \ - && chown www-data:www-data "$HTTPD_PREFIX" -WORKDIR $HTTPD_PREFIX - -ENV HTTPD_VERSION 2.2.34 -ENV HTTPD_SHA256 e53183d5dfac5740d768b4c9bea193b1099f4b06b57e5f28d7caaf9ea7498160 - -# https://httpd.apache.org/security/vulnerabilities_22.html -ENV HTTPD_PATCHES="CVE-2017-9798-patch-2.2.patch 42c610f8a8f8d4d08664db6d9857120c2c252c9b388d56f238718854e6013e46 2.2.x-mod_proxy-without-APR_HAS_THREADS.patch beb66a79a239f7e898311c5ed6a38c070c641ec56706a295b7e5caf3c55a7296" - -ENV APACHE_DIST_URLS \ -# https://issues.apache.org/jira/browse/INFRA-8753?focusedCommentId=14735394#comment-14735394 - https://www.apache.org/dyn/closer.cgi?action=download&filename= \ -# if the version is outdated (or we're grabbing the .asc file), we might have to pull from the dist/archive :/ - https://www-us.apache.org/dist/ \ - https://www.apache.org/dist/ \ - https://archive.apache.org/dist/ - -# see https://httpd.apache.org/docs/2.2/install.html#requirements -RUN set -eux; \ - \ - runDeps=' \ - apr-dev \ - apr-util-dev \ - apr-util-ldap \ - perl \ - '; \ - apk add --no-cache --virtual .build-deps \ - $runDeps \ - ca-certificates \ - coreutils \ - dpkg-dev dpkg \ - gcc \ - gnupg \ - libc-dev \ - make \ - openssl \ - openssl-dev \ - pcre-dev \ - tar \ -# install GNU wget (Busybox wget in Alpine 3.4 gives us "wget: error getting response: Connection reset by peer" for some reason) - wget \ - ; \ - \ - ddist() { \ - local f="$1"; shift; \ - local distFile="$1"; shift; \ - local success=; \ - local distUrl=; \ - for distUrl in $APACHE_DIST_URLS; do \ - if wget -O "$f" "$distUrl$distFile"; then \ - success=1; \ - break; \ - fi; \ - done; \ - [ -n "$success" ]; \ - }; \ - \ - ddist 'httpd.tar.bz2' "httpd/httpd-$HTTPD_VERSION.tar.bz2"; \ - echo "$HTTPD_SHA256 *httpd.tar.bz2" | sha256sum -c -; \ - \ -# see https://httpd.apache.org/download.cgi#verify - ddist 'httpd.tar.bz2.asc' "httpd/httpd-$HTTPD_VERSION.tar.bz2.asc"; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B1B96F45DFBDCCF974019235193F180AB55D9977; \ - gpg --batch --verify httpd.tar.bz2.asc httpd.tar.bz2; \ - rm -rf "$GNUPGHOME" httpd.tar.bz2.asc; \ - \ - mkdir -p src; \ - tar -xf httpd.tar.bz2 -C src --strip-components=1; \ - rm httpd.tar.bz2; \ - cd src; \ - \ - patches() { \ - while [ "$#" -gt 0 ]; do \ - local patchFile="$1"; shift; \ - local patchSha256="$1"; shift; \ - ddist "$patchFile" "httpd/patches/apply_to_$HTTPD_VERSION/$patchFile"; \ - echo "$patchSha256 *$patchFile" | sha256sum -c -; \ - patch -p0 < "$patchFile"; \ - rm -f "$patchFile"; \ - done; \ - }; \ - patches $HTTPD_PATCHES; \ - \ - gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ - ./configure \ - --build="$gnuArch" \ - --prefix="$HTTPD_PREFIX" \ -# https://httpd.apache.org/docs/2.2/programs/configure.html -# Caveat: --enable-mods-shared=all does not actually build all modules. To build all modules then, one might use: - --enable-mods-shared='all ssl ldap cache proxy authn_alias mem_cache file_cache authnz_ldap charset_lite dav_lock disk_cache' \ - ; \ - make -j "$(nproc)"; \ - make install; \ - \ - cd ..; \ - rm -r src man manual; \ - \ - sed -ri \ - -e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \ - -e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \ - "$HTTPD_PREFIX/conf/httpd.conf"; \ - \ - runDeps="$runDeps $( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )"; \ - apk add --virtual .httpd-rundeps $runDeps; \ - apk del .build-deps - -COPY httpd-foreground /usr/local/bin/ - -EXPOSE 80 -CMD ["httpd-foreground"] diff --git a/2.2/alpine/httpd-foreground b/2.2/alpine/httpd-foreground deleted file mode 100755 index 5400585..0000000 --- a/2.2/alpine/httpd-foreground +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh -set -e - -# Apache gets grumpy about PID files pre-existing -rm -f /usr/local/apache2/logs/httpd.pid - -exec httpd -DFOREGROUND diff --git a/2.2/httpd-foreground b/2.2/httpd-foreground deleted file mode 100755 index 2058e23..0000000 --- a/2.2/httpd-foreground +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash -set -e - -# Apache gets grumpy about PID files pre-existing -rm -f /usr/local/apache2/logs/httpd.pid - -exec httpd -DFOREGROUND