docker-library
/
httpd
mirror of https://github.com/docker-library/httpd.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove EOL 2.2.x series 

From https://www.apache.org/dist/httpd/Announcement2.2.html

> No further maintenance patches of 2.2.x will be published. Users are strongly encouraged to promptly complete their transitions to the 2.4.x flavor of httpd to receive any future benefit from the user community or the Apache HTTP Server project developers.

From https://www.apache.org/dist/httpd/Announcement2.4.html

> Please note that while the Apache HTTP Server Project may publish some security patches to the 2.2.x flavor through at least December of 2017, no further maintenance patches of 2.2.x will be considered and no further releases will be distributed. The 2.2.x branch has now reached the end of its maintenance, and users are strongly encouraged to promptly complete their transitions to this 2.4.x flavor of httpd to benefit from security and bug fixes, as well as new features.
This commit is contained in:
Tianon Gravi 2018-01-25 14:39:32 -08:00
parent 49d553ae79
commit faf2448bd3
5 changed files with 0 additions and 271 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.travis.yml
View File

@ -4,8 +4,6 @@ services: docker
env:
- VERSION=2.4
- VERSION=2.4 VARIANT=alpine
- VERSION=2.2
- VERSION=2.2 VARIANT=alpine
install:
- git clone https://github.com/docker-library/official-images.git ~/official-images

121
2.2/Dockerfile
View File

@ -1,121 +0,0 @@
FROM debian:jessie
# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
#RUN groupadd -r www-data && useradd -r --create-home -g www-data www-data
ENV HTTPD_PREFIX /usr/local/apache2
ENV PATH $HTTPD_PREFIX/bin:$PATH
RUN mkdir -p "$HTTPD_PREFIX" \
&& chown www-data:www-data "$HTTPD_PREFIX"
WORKDIR $HTTPD_PREFIX
# install httpd runtime dependencies
# https://httpd.apache.org/docs/2.2/install.html#requirements
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
libapr1 \
libaprutil1 \
libaprutil1-ldap \
libapr1-dev \
libaprutil1-dev \
libpcre++0 \
libssl1.0.0 \
&& rm -r /var/lib/apt/lists/*
ENV HTTPD_VERSION 2.2.34
ENV HTTPD_SHA256 e53183d5dfac5740d768b4c9bea193b1099f4b06b57e5f28d7caaf9ea7498160
# https://httpd.apache.org/security/vulnerabilities_22.html
ENV HTTPD_PATCHES="CVE-2017-9798-patch-2.2.patch 42c610f8a8f8d4d08664db6d9857120c2c252c9b388d56f238718854e6013e46 2.2.x-mod_proxy-without-APR_HAS_THREADS.patch beb66a79a239f7e898311c5ed6a38c070c641ec56706a295b7e5caf3c55a7296"
ENV APACHE_DIST_URLS \
# https://issues.apache.org/jira/browse/INFRA-8753?focusedCommentId=14735394#comment-14735394
https://www.apache.org/dyn/closer.cgi?action=download&filename= \
# if the version is outdated (or we're grabbing the .asc file), we might have to pull from the dist/archive :/
https://www-us.apache.org/dist/ \
https://www.apache.org/dist/ \
https://archive.apache.org/dist/
# see https://httpd.apache.org/docs/2.2/install.html#requirements
RUN set -eux; \
\
buildDeps=' \
bzip2 \
ca-certificates \
dpkg-dev \
gcc \
libpcre++-dev \
libssl-dev \
make \
wget \
'; \
apt-get update; \
apt-get install -y --no-install-recommends -V $buildDeps; \
rm -r /var/lib/apt/lists/*; \
\
ddist() { \
local f="$1"; shift; \
local distFile="$1"; shift; \
local success=; \
local distUrl=; \
for distUrl in $APACHE_DIST_URLS; do \
if wget -O "$f" "$distUrl$distFile"; then \
success=1; \
break; \
fi; \
done; \
[ -n "$success" ]; \
}; \
\
ddist 'httpd.tar.bz2' "httpd/httpd-$HTTPD_VERSION.tar.bz2"; \
echo "$HTTPD_SHA256 *httpd.tar.bz2" | sha256sum -c -; \
\
# see https://httpd.apache.org/download.cgi#verify
ddist 'httpd.tar.bz2.asc' "httpd/httpd-$HTTPD_VERSION.tar.bz2.asc"; \
export GNUPGHOME="$(mktemp -d)"; \
gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B1B96F45DFBDCCF974019235193F180AB55D9977; \
gpg --batch --verify httpd.tar.bz2.asc httpd.tar.bz2; \
rm -rf "$GNUPGHOME" httpd.tar.bz2.asc; \
\
mkdir -p src; \
tar -xf httpd.tar.bz2 -C src --strip-components=1; \
rm httpd.tar.bz2; \
cd src; \
\
patches() { \
while [ "$#" -gt 0 ]; do \
local patchFile="$1"; shift; \
local patchSha256="$1"; shift; \
ddist "$patchFile" "httpd/patches/apply_to_$HTTPD_VERSION/$patchFile"; \
echo "$patchSha256 *$patchFile" | sha256sum -c -; \
patch -p0 < "$patchFile"; \
rm -f "$patchFile"; \
done; \
}; \
patches $HTTPD_PATCHES; \
\
gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \
./configure \
--build="$gnuArch" \
--prefix="$HTTPD_PREFIX" \
# https://httpd.apache.org/docs/2.2/programs/configure.html
# Caveat: --enable-mods-shared=all does not actually build all modules. To build all modules then, one might use:
--enable-mods-shared='all ssl ldap cache proxy authn_alias mem_cache file_cache authnz_ldap charset_lite dav_lock disk_cache' \
; \
make -j "$(nproc)"; \
make install; \
\
cd ..; \
rm -r src man manual; \
\
sed -ri \
-e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \
-e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \
"$HTTPD_PREFIX/conf/httpd.conf"; \
\
apt-get purge -y --auto-remove $buildDeps
COPY httpd-foreground /usr/local/bin/
EXPOSE 80
CMD ["httpd-foreground"]

134
2.2/alpine/Dockerfile
View File

@ -1,134 +0,0 @@
# this cannot upgrade to Alpine 3.5 due to https://github.com/libressl-portable/portable/issues/147
# given that 2.2.x is a "legacy branch", and is in security-fixes-only mode upstream, this should be reasonably fine
# "Minimal maintenance patches of 2.2.x are expected throughout this period, and users are strongly encouraged to promptly complete their transitions to the the 2.4.x flavour of httpd to benefit from a much larger assortment of minor security and bug fixes as well as new features."
# https://httpd.apache.org/
FROM alpine:3.4
# ensure www-data user exists
RUN set -x \
&& addgroup -g 82 -S www-data \
&& adduser -u 82 -D -S -G www-data www-data
# 82 is the standard uid/gid for "www-data" in Alpine
# http://git.alpinelinux.org/cgit/aports/tree/main/apache2/apache2.pre-install?h=v3.3.2
# http://git.alpinelinux.org/cgit/aports/tree/main/lighttpd/lighttpd.pre-install?h=v3.3.2
# http://git.alpinelinux.org/cgit/aports/tree/main/nginx-initscripts/nginx-initscripts.pre-install?h=v3.3.2
ENV HTTPD_PREFIX /usr/local/apache2
ENV PATH $HTTPD_PREFIX/bin:$PATH
RUN mkdir -p "$HTTPD_PREFIX" \
&& chown www-data:www-data "$HTTPD_PREFIX"
WORKDIR $HTTPD_PREFIX
ENV HTTPD_VERSION 2.2.34
ENV HTTPD_SHA256 e53183d5dfac5740d768b4c9bea193b1099f4b06b57e5f28d7caaf9ea7498160
# https://httpd.apache.org/security/vulnerabilities_22.html
ENV HTTPD_PATCHES="CVE-2017-9798-patch-2.2.patch 42c610f8a8f8d4d08664db6d9857120c2c252c9b388d56f238718854e6013e46 2.2.x-mod_proxy-without-APR_HAS_THREADS.patch beb66a79a239f7e898311c5ed6a38c070c641ec56706a295b7e5caf3c55a7296"
ENV APACHE_DIST_URLS \
# https://issues.apache.org/jira/browse/INFRA-8753?focusedCommentId=14735394#comment-14735394
https://www.apache.org/dyn/closer.cgi?action=download&filename= \
# if the version is outdated (or we're grabbing the .asc file), we might have to pull from the dist/archive :/
https://www-us.apache.org/dist/ \
https://www.apache.org/dist/ \
https://archive.apache.org/dist/
# see https://httpd.apache.org/docs/2.2/install.html#requirements
RUN set -eux; \
\
runDeps=' \
apr-dev \
apr-util-dev \
apr-util-ldap \
perl \
'; \
apk add --no-cache --virtual .build-deps \
$runDeps \
ca-certificates \
coreutils \
dpkg-dev dpkg \
gcc \
gnupg \
libc-dev \
make \
openssl \
openssl-dev \
pcre-dev \
tar \
# install GNU wget (Busybox wget in Alpine 3.4 gives us "wget: error getting response: Connection reset by peer" for some reason)
wget \
; \
\
ddist() { \
local f="$1"; shift; \
local distFile="$1"; shift; \
local success=; \
local distUrl=; \
for distUrl in $APACHE_DIST_URLS; do \
if wget -O "$f" "$distUrl$distFile"; then \
success=1; \
break; \
fi; \
done; \
[ -n "$success" ]; \
}; \
\
ddist 'httpd.tar.bz2' "httpd/httpd-$HTTPD_VERSION.tar.bz2"; \
echo "$HTTPD_SHA256 *httpd.tar.bz2" | sha256sum -c -; \
\
# see https://httpd.apache.org/download.cgi#verify
ddist 'httpd.tar.bz2.asc' "httpd/httpd-$HTTPD_VERSION.tar.bz2.asc"; \
export GNUPGHOME="$(mktemp -d)"; \
gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B1B96F45DFBDCCF974019235193F180AB55D9977; \
gpg --batch --verify httpd.tar.bz2.asc httpd.tar.bz2; \
rm -rf "$GNUPGHOME" httpd.tar.bz2.asc; \
\
mkdir -p src; \
tar -xf httpd.tar.bz2 -C src --strip-components=1; \
rm httpd.tar.bz2; \
cd src; \
\
patches() { \
while [ "$#" -gt 0 ]; do \
local patchFile="$1"; shift; \
local patchSha256="$1"; shift; \
ddist "$patchFile" "httpd/patches/apply_to_$HTTPD_VERSION/$patchFile"; \
echo "$patchSha256 *$patchFile" | sha256sum -c -; \
patch -p0 < "$patchFile"; \
rm -f "$patchFile"; \
done; \
}; \
patches $HTTPD_PATCHES; \
\
gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \
./configure \
--build="$gnuArch" \
--prefix="$HTTPD_PREFIX" \
# https://httpd.apache.org/docs/2.2/programs/configure.html
# Caveat: --enable-mods-shared=all does not actually build all modules. To build all modules then, one might use:
--enable-mods-shared='all ssl ldap cache proxy authn_alias mem_cache file_cache authnz_ldap charset_lite dav_lock disk_cache' \
; \
make -j "$(nproc)"; \
make install; \
\
cd ..; \
rm -r src man manual; \
\
sed -ri \
-e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \
-e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \
"$HTTPD_PREFIX/conf/httpd.conf"; \
\
runDeps="$runDeps $( \
scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \
| tr ',' '\n' \
| sort -u \
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
)"; \
apk add --virtual .httpd-rundeps $runDeps; \
apk del .build-deps
COPY httpd-foreground /usr/local/bin/
EXPOSE 80
CMD ["httpd-foreground"]

7
2.2/alpine/httpd-foreground
View File

@ -1,7 +0,0 @@
#!/bin/sh
set -e
# Apache gets grumpy about PID files pre-existing
rm -f /usr/local/apache2/logs/httpd.pid
exec httpd -DFOREGROUND

7
2.2/httpd-foreground
View File

@ -1,7 +0,0 @@
#!/bin/bash
set -e
# Apache gets grumpy about PID files pre-existing
rm -f /usr/local/apache2/logs/httpd.pid
exec httpd -DFOREGROUND