docker-library
/
rabbitmq
mirror of https://github.com/docker-library/rabbitmq.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update alpine dockerfile to install Erlang and OpenSSL to /opt

This commit is contained in:
Luke Bakken 2023-08-29 13:33:26 -07:00 committed by yosifkit
parent fecac447f8
commit daf0c85adf
12 changed files with 216 additions and 186 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
3.10/alpine/Dockerfile generated
View File

@ -36,8 +36,8 @@ ENV OTP_VERSION 25.3.2.5
ENV OTP_SOURCE_SHA256="1f899b4b1ef8569c08713b76bc54607a09503a1d188e6d61512036188cc356db" ENV OTP_SOURCE_SHA256="1f899b4b1ef8569c08713b76bc54607a09503a1d188e6d61512036188cc356db"
# install openssl & erlang to a path that isn't auto-checked for libs to prevent accidental use by system packages # install openssl & erlang to a path that isn't auto-checked for libs to prevent accidental use by system packages
ENV INSTALL_PATH_PREFIX='/usr/local/erlang' ENV ERLANG_INSTALL_PATH_PREFIX /opt/erlang
ENV PATH="$INSTALL_PATH_PREFIX/bin:$PATH" ENV OPENSSL_INSTALL_PATH_PREFIX /opt/openssl
# Install dependencies required to build Erlang/OTP from source # Install dependencies required to build Erlang/OTP from source
# https://erlang.org/doc/installation_guide/INSTALL.html # https://erlang.org/doc/installation_guide/INSTALL.html
@ -50,7 +50,7 @@ RUN set -eux; \
\ \
OPENSSL_SOURCE_URL="https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz"; \ OPENSSL_SOURCE_URL="https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz"; \
OPENSSL_PATH="/usr/local/src/openssl-$OPENSSL_VERSION"; \ OPENSSL_PATH="/usr/local/src/openssl-$OPENSSL_VERSION"; \
OPENSSL_CONFIG_DIR="$INSTALL_PATH_PREFIX/etc/ssl"; \ OPENSSL_CONFIG_DIR="$OPENSSL_INSTALL_PATH_PREFIX/etc/ssl"; \
\ \
# Required by the crypto & ssl Erlang/OTP applications # Required by the crypto & ssl Erlang/OTP applications
wget --output-document "$OPENSSL_PATH.tar.gz.asc" "$OPENSSL_SOURCE_URL.asc"; \ wget --output-document "$OPENSSL_PATH.tar.gz.asc" "$OPENSSL_SOURCE_URL.asc"; \
@ -92,11 +92,11 @@ RUN set -eux; \
./Configure \ ./Configure \
"$opensslMachine" \ "$opensslMachine" \
enable-fips \ enable-fips \
--prefix="$INSTALL_PATH_PREFIX" \ --prefix="$OPENSSL_INSTALL_PATH_PREFIX" \
--openssldir="$OPENSSL_CONFIG_DIR" \ --openssldir="$OPENSSL_CONFIG_DIR" \
--libdir="$INSTALL_PATH_PREFIX/lib" \ --libdir="$OPENSSL_INSTALL_PATH_PREFIX/lib" \
# add -rpath to avoid conflicts between our OpenSSL's "libssl.so" and the libssl package by making sure "$INSTALL_PATH_PREFIX/lib" is searched first (but only for Erlang/OpenSSL to avoid issues with other tools using libssl; https://github.com/docker-library/rabbitmq/issues/364) # add -rpath to avoid conflicts between our OpenSSL's "libssl.so" and the libssl package by making sure "$INSTALL_PATH_PREFIX/lib" is searched first (but only for Erlang/OpenSSL to avoid issues with other tools using libssl; https://github.com/docker-library/rabbitmq/issues/364)
-Wl,-rpath="$INSTALL_PATH_PREFIX/lib" \ -Wl,-rpath="$OPENSSL_INSTALL_PATH_PREFIX/lib" \
${opensslExtraConfig:-} \ ${opensslExtraConfig:-} \
; \ ; \
# Compile, install OpenSSL, verify that the command-line works & development headers are present # Compile, install OpenSSL, verify that the command-line works & development headers are present
@ -107,7 +107,7 @@ RUN set -eux; \
ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR" ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR"
# smoke test # smoke test
RUN openssl version RUN $OPENSSL_INSTALL_PATH_PREFIX/bin/openssl version
FROM openssl-builder as erlang-builder FROM openssl-builder as erlang-builder
@ -131,7 +131,7 @@ RUN set -eux; \
export ERL_TOP="$OTP_PATH"; \ export ERL_TOP="$OTP_PATH"; \
export CFLAGS='-g -O2'; \ export CFLAGS='-g -O2'; \
# add -rpath to avoid conflicts between our OpenSSL's "libssl.so" and the libssl package by making sure "$INSTALL_PATH_PREFIX/lib" is searched first (but only for Erlang/OpenSSL to avoid issues with other tools using libssl; https://github.com/docker-library/rabbitmq/issues/364) # add -rpath to avoid conflicts between our OpenSSL's "libssl.so" and the libssl package by making sure "$INSTALL_PATH_PREFIX/lib" is searched first (but only for Erlang/OpenSSL to avoid issues with other tools using libssl; https://github.com/docker-library/rabbitmq/issues/364)
export CFLAGS="$CFLAGS -Wl,-rpath=$INSTALL_PATH_PREFIX/lib"; \ export CFLAGS="$CFLAGS -Wl,-rpath=$OPENSSL_INSTALL_PATH_PREFIX/lib"; \
hostArch="$(dpkg-architecture --query DEB_HOST_GNU_TYPE)"; \ hostArch="$(dpkg-architecture --query DEB_HOST_GNU_TYPE)"; \
buildArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ buildArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \
dpkgArch="$(dpkg --print-architecture)"; dpkgArch="${dpkgArch##*-}"; \ dpkgArch="$(dpkg --print-architecture)"; dpkgArch="${dpkgArch##*-}"; \
@ -141,7 +141,7 @@ RUN set -eux; \
amd64 | arm64) jitFlag='--enable-jit' ;; \ amd64 | arm64) jitFlag='--enable-jit' ;; \
esac; \ esac; \
./configure \ ./configure \
--prefix="$INSTALL_PATH_PREFIX" \ --prefix="$ERLANG_INSTALL_PATH_PREFIX" \
--host="$hostArch" \ --host="$hostArch" \
--build="$buildArch" \ --build="$buildArch" \
--disable-hipe \ --disable-hipe \
@ -154,7 +154,7 @@ RUN set -eux; \
--enable-smp-support \ --enable-smp-support \
--enable-threads \ --enable-threads \
--with-microstate-accounting=extra \ --with-microstate-accounting=extra \
--with-ssl="$INSTALL_PATH_PREFIX" \ --with-ssl="$OPENSSL_INSTALL_PATH_PREFIX" \
--without-common_test \ --without-common_test \
--without-debugger \ --without-debugger \
--without-dialyzer \ --without-dialyzer \
@ -180,40 +180,45 @@ RUN set -eux; \
make install; \ make install; \
\ \
# Remove unnecessary files # Remove unnecessary files
find "$INSTALL_PATH_PREFIX/lib/erlang" -type d -name examples -exec rm -rf '{}' +; \ find "$ERLANG_INSTALL_PATH_PREFIX/lib/erlang" -type d -name examples -exec rm -rf '{}' +; \
find "$INSTALL_PATH_PREFIX/lib/erlang" -type d -name src -exec rm -rf '{}' +; \ find "$ERLANG_INSTALL_PATH_PREFIX/lib/erlang" -type d -name src -exec rm -rf '{}' +; \
find "$INSTALL_PATH_PREFIX/lib/erlang" -type d -name include -exec rm -rf '{}' + find "$ERLANG_INSTALL_PATH_PREFIX/lib/erlang" -type d -name include -exec rm -rf '{}' +
# Check that Erlang/OTP crypto & ssl were compiled against OpenSSL correctly # Check that Erlang/OTP crypto & ssl were compiled against OpenSSL correctly
ENV PATH $ERLANG_INSTALL_PATH_PREFIX/bin:$PATH
RUN find $ERLANG_INSTALL_PATH_PREFIX -type f -name 'crypto.so' -exec ldd {} \; | awk '/libcrypto\.so/ { if (!index($3,ENVIRON["OPENSSL_INSTALL_PATH_PREFIX"])) exit 1 }'
RUN erl -noshell -eval 'ok = crypto:start(), ok = io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().' RUN erl -noshell -eval 'ok = crypto:start(), ok = io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().'
FROM alpine:3.18 FROM alpine:3.18
# INSTALL_PATH_PREFIX is in a different stage, so define it again # OPENSSL/ERLANG_INSTALL_PATH_PREFIX are defined in a different stage, so define them again
ENV INSTALL_PATH_PREFIX /usr/local/erlang ENV ERLANG_INSTALL_PATH_PREFIX /opt/erlang
COPY --from=erlang-builder "$INSTALL_PATH_PREFIX" "$INSTALL_PATH_PREFIX" ENV OPENSSL_INSTALL_PATH_PREFIX /opt/openssl
ENV PATH="$INSTALL_PATH_PREFIX/bin:$PATH" COPY --from=erlang-builder $ERLANG_INSTALL_PATH_PREFIX $ERLANG_INSTALL_PATH_PREFIX
COPY --from=openssl-builder $OPENSSL_INSTALL_PATH_PREFIX $OPENSSL_INSTALL_PATH_PREFIX
ENV PATH $ERLANG_INSTALL_PATH_PREFIX/bin:$OPENSSL_INSTALL_PATH_PREFIX/bin:$PATH
ENV RABBITMQ_DATA_DIR=/var/lib/rabbitmq ENV RABBITMQ_DATA_DIR /var/lib/rabbitmq
RUN set -eux; \ RUN set -eux; \
# Configure OpenSSL to use system certs # Configure OpenSSL to use system certs
ln -vsf /etc/ssl/certs /etc/ssl/private "$INSTALL_PATH_PREFIX/etc/ssl"; \ ln -vsf /etc/ssl/certs /etc/ssl/private "$OPENSSL_INSTALL_PATH_PREFIX/etc/ssl"; \
\ \
# Ensure run-time dependencies are installed # Ensure run-time dependencies are installed
runDeps="$( \ runDeps="$( \
scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ scanelf --needed --nobanner --format '%n#p' --recursive $ERLANG_INSTALL_PATH_PREFIX $OPENSSL_INSTALL_PATH_PREFIX \
| tr ',' '\n' \ | tr ',' '\n' \
| sort -u \ | sort -u \
| grep -v '^$\|lib\(crypto\|ssl\)' \
| awk 'system("test -e /usr/local/lib/" $1) == 0 { next } { print "so:" $1 }' \ | awk 'system("test -e /usr/local/lib/" $1) == 0 { next } { print "so:" $1 }' \
)"; \ )"; \
apk add --no-cache --virtual .otp-run-deps $runDeps; \ apk add --no-cache --virtual .otp-run-deps $runDeps; \
\ \
# Check that OpenSSL still works after copying from previous builder # Check that OpenSSL still works after copying from previous builder
sed -i.ORIG -e "/\.include.*fips/ s!.*!.include $INSTALL_PATH_PREFIX/etc/ssl/fipsmodule.cnf!" \ sed -i.ORIG -e "/\.include.*fips/ s!.*!.include $OPENSSL_INSTALL_PATH_PREFIX/etc/ssl/fipsmodule.cnf!" \
-e '/# fips =/s/.*/fips = fips_sect/' "$INSTALL_PATH_PREFIX/etc/ssl/openssl.cnf"; \ -e '/# fips =/s/.*/fips = fips_sect/' "$OPENSSL_INSTALL_PATH_PREFIX/etc/ssl/openssl.cnf"; \
sed -i.ORIG -e '/^activate/s/^/#/' "$INSTALL_PATH_PREFIX/etc/ssl/fipsmodule.cnf"; \ sed -i.ORIG -e '/^activate/s/^/#/' "$OPENSSL_INSTALL_PATH_PREFIX/etc/ssl/fipsmodule.cnf"; \
[ "$(command -v openssl)" = "$INSTALL_PATH_PREFIX/bin/openssl" ]; \ [ "$(command -v openssl)" = "$OPENSSL_INSTALL_PATH_PREFIX/bin/openssl" ]; \
openssl version; \ openssl version; \
openssl version -d; \ openssl version -d; \
\ \
@ -241,11 +246,11 @@ RUN set -eux; \
# Use the latest stable RabbitMQ release (https://www.rabbitmq.com/download.html) # Use the latest stable RabbitMQ release (https://www.rabbitmq.com/download.html)
ENV RABBITMQ_VERSION 3.10.25 ENV RABBITMQ_VERSION 3.10.25
# https://www.rabbitmq.com/signatures.html#importing-gpg # https://www.rabbitmq.com/signatures.html#importing-gpg
ENV RABBITMQ_PGP_KEY_ID="0x0A9AF2115F4687BD29803A206B73A36E6026DFCA" ENV RABBITMQ_PGP_KEY_ID 0x0A9AF2115F4687BD29803A206B73A36E6026DFCA
ENV RABBITMQ_HOME=/opt/rabbitmq ENV RABBITMQ_HOME /opt/rabbitmq
# Add RabbitMQ to PATH # Add RabbitMQ to PATH
ENV PATH=$RABBITMQ_HOME/sbin:$PATH ENV PATH $RABBITMQ_HOME/sbin:$PATH
# Install RabbitMQ # Install RabbitMQ
RUN set -eux; \ RUN set -eux; \

8
3.10/ubuntu/Dockerfile generated
View File

@ -107,7 +107,7 @@ RUN set -eux; \
ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR" ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR"
# smoke test # smoke test
RUN openssl version RUN $OPENSSL_INSTALL_PATH_PREFIX/bin/openssl version
FROM openssl-builder as erlang-builder FROM openssl-builder as erlang-builder
@ -189,7 +189,7 @@ RUN erl -noshell -eval 'ok = crypto:start(), ok = io:format("~p~n~n~p~n~n", [cry
FROM ubuntu:22.04 FROM ubuntu:22.04
# ERLANG_INSTALL_PATH_PREFIX is in a different stage, so define it again # OPENSSL/ERLANG_INSTALL_PATH_PREFIX are defined in a different stage, so define them again
ENV ERLANG_INSTALL_PATH_PREFIX /opt/erlang ENV ERLANG_INSTALL_PATH_PREFIX /opt/erlang
ENV OPENSSL_INSTALL_PATH_PREFIX /opt/openssl ENV OPENSSL_INSTALL_PATH_PREFIX /opt/openssl
COPY --from=erlang-builder $ERLANG_INSTALL_PATH_PREFIX $ERLANG_INSTALL_PATH_PREFIX COPY --from=erlang-builder $ERLANG_INSTALL_PATH_PREFIX $ERLANG_INSTALL_PATH_PREFIX
@ -225,8 +225,8 @@ RUN set -eux; \
# Use the latest stable RabbitMQ release (https://www.rabbitmq.com/download.html) # Use the latest stable RabbitMQ release (https://www.rabbitmq.com/download.html)
ENV RABBITMQ_VERSION 3.10.25 ENV RABBITMQ_VERSION 3.10.25
# https://www.rabbitmq.com/signatures.html#importing-gpg # https://www.rabbitmq.com/signatures.html#importing-gpg
ENV RABBITMQ_PGP_KEY_ID="0x0A9AF2115F4687BD29803A206B73A36E6026DFCA" ENV RABBITMQ_PGP_KEY_ID 0x0A9AF2115F4687BD29803A206B73A36E6026DFCA
ENV RABBITMQ_HOME=/opt/rabbitmq ENV RABBITMQ_HOME /opt/rabbitmq
# Add RabbitMQ to PATH # Add RabbitMQ to PATH
ENV PATH $RABBITMQ_HOME/sbin:$PATH ENV PATH $RABBITMQ_HOME/sbin:$PATH

59
3.11/alpine/Dockerfile generated
View File

@ -36,8 +36,8 @@ ENV OTP_VERSION 25.3.2.5
ENV OTP_SOURCE_SHA256="1f899b4b1ef8569c08713b76bc54607a09503a1d188e6d61512036188cc356db" ENV OTP_SOURCE_SHA256="1f899b4b1ef8569c08713b76bc54607a09503a1d188e6d61512036188cc356db"
# install openssl & erlang to a path that isn't auto-checked for libs to prevent accidental use by system packages # install openssl & erlang to a path that isn't auto-checked for libs to prevent accidental use by system packages
ENV INSTALL_PATH_PREFIX='/usr/local/erlang' ENV ERLANG_INSTALL_PATH_PREFIX /opt/erlang
ENV PATH="$INSTALL_PATH_PREFIX/bin:$PATH" ENV OPENSSL_INSTALL_PATH_PREFIX /opt/openssl
# Install dependencies required to build Erlang/OTP from source # Install dependencies required to build Erlang/OTP from source
# https://erlang.org/doc/installation_guide/INSTALL.html # https://erlang.org/doc/installation_guide/INSTALL.html
@ -50,7 +50,7 @@ RUN set -eux; \
\ \
OPENSSL_SOURCE_URL="https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz"; \ OPENSSL_SOURCE_URL="https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz"; \
OPENSSL_PATH="/usr/local/src/openssl-$OPENSSL_VERSION"; \ OPENSSL_PATH="/usr/local/src/openssl-$OPENSSL_VERSION"; \
OPENSSL_CONFIG_DIR="$INSTALL_PATH_PREFIX/etc/ssl"; \ OPENSSL_CONFIG_DIR="$OPENSSL_INSTALL_PATH_PREFIX/etc/ssl"; \
\ \
# Required by the crypto & ssl Erlang/OTP applications # Required by the crypto & ssl Erlang/OTP applications
wget --output-document "$OPENSSL_PATH.tar.gz.asc" "$OPENSSL_SOURCE_URL.asc"; \ wget --output-document "$OPENSSL_PATH.tar.gz.asc" "$OPENSSL_SOURCE_URL.asc"; \
@ -92,11 +92,11 @@ RUN set -eux; \
./Configure \ ./Configure \
"$opensslMachine" \ "$opensslMachine" \
enable-fips \ enable-fips \
--prefix="$INSTALL_PATH_PREFIX" \ --prefix="$OPENSSL_INSTALL_PATH_PREFIX" \
--openssldir="$OPENSSL_CONFIG_DIR" \ --openssldir="$OPENSSL_CONFIG_DIR" \
--libdir="$INSTALL_PATH_PREFIX/lib" \ --libdir="$OPENSSL_INSTALL_PATH_PREFIX/lib" \
# add -rpath to avoid conflicts between our OpenSSL's "libssl.so" and the libssl package by making sure "$INSTALL_PATH_PREFIX/lib" is searched first (but only for Erlang/OpenSSL to avoid issues with other tools using libssl; https://github.com/docker-library/rabbitmq/issues/364) # add -rpath to avoid conflicts between our OpenSSL's "libssl.so" and the libssl package by making sure "$INSTALL_PATH_PREFIX/lib" is searched first (but only for Erlang/OpenSSL to avoid issues with other tools using libssl; https://github.com/docker-library/rabbitmq/issues/364)
-Wl,-rpath="$INSTALL_PATH_PREFIX/lib" \ -Wl,-rpath="$OPENSSL_INSTALL_PATH_PREFIX/lib" \
${opensslExtraConfig:-} \ ${opensslExtraConfig:-} \
; \ ; \
# Compile, install OpenSSL, verify that the command-line works & development headers are present # Compile, install OpenSSL, verify that the command-line works & development headers are present
@ -107,7 +107,7 @@ RUN set -eux; \
ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR" ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR"
# smoke test # smoke test
RUN openssl version RUN $OPENSSL_INSTALL_PATH_PREFIX/bin/openssl version
FROM openssl-builder as erlang-builder FROM openssl-builder as erlang-builder
@ -131,7 +131,7 @@ RUN set -eux; \
export ERL_TOP="$OTP_PATH"; \ export ERL_TOP="$OTP_PATH"; \
export CFLAGS='-g -O2'; \ export CFLAGS='-g -O2'; \
# add -rpath to avoid conflicts between our OpenSSL's "libssl.so" and the libssl package by making sure "$INSTALL_PATH_PREFIX/lib" is searched first (but only for Erlang/OpenSSL to avoid issues with other tools using libssl; https://github.com/docker-library/rabbitmq/issues/364) # add -rpath to avoid conflicts between our OpenSSL's "libssl.so" and the libssl package by making sure "$INSTALL_PATH_PREFIX/lib" is searched first (but only for Erlang/OpenSSL to avoid issues with other tools using libssl; https://github.com/docker-library/rabbitmq/issues/364)
export CFLAGS="$CFLAGS -Wl,-rpath=$INSTALL_PATH_PREFIX/lib"; \ export CFLAGS="$CFLAGS -Wl,-rpath=$OPENSSL_INSTALL_PATH_PREFIX/lib"; \
hostArch="$(dpkg-architecture --query DEB_HOST_GNU_TYPE)"; \ hostArch="$(dpkg-architecture --query DEB_HOST_GNU_TYPE)"; \
buildArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ buildArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \
dpkgArch="$(dpkg --print-architecture)"; dpkgArch="${dpkgArch##*-}"; \ dpkgArch="$(dpkg --print-architecture)"; dpkgArch="${dpkgArch##*-}"; \
@ -141,7 +141,7 @@ RUN set -eux; \
amd64 | arm64) jitFlag='--enable-jit' ;; \ amd64 | arm64) jitFlag='--enable-jit' ;; \
esac; \ esac; \
./configure \ ./configure \
--prefix="$INSTALL_PATH_PREFIX" \ --prefix="$ERLANG_INSTALL_PATH_PREFIX" \
--host="$hostArch" \ --host="$hostArch" \
--build="$buildArch" \ --build="$buildArch" \
--disable-hipe \ --disable-hipe \
@ -154,7 +154,7 @@ RUN set -eux; \
--enable-smp-support \ --enable-smp-support \
--enable-threads \ --enable-threads \
--with-microstate-accounting=extra \ --with-microstate-accounting=extra \
--with-ssl="$INSTALL_PATH_PREFIX" \ --with-ssl="$OPENSSL_INSTALL_PATH_PREFIX" \
--without-common_test \ --without-common_test \
--without-debugger \ --without-debugger \
--without-dialyzer \ --without-dialyzer \
@ -180,40 +180,45 @@ RUN set -eux; \
make install; \ make install; \
\ \
# Remove unnecessary files # Remove unnecessary files
find "$INSTALL_PATH_PREFIX/lib/erlang" -type d -name examples -exec rm -rf '{}' +; \ find "$ERLANG_INSTALL_PATH_PREFIX/lib/erlang" -type d -name examples -exec rm -rf '{}' +; \
find "$INSTALL_PATH_PREFIX/lib/erlang" -type d -name src -exec rm -rf '{}' +; \ find "$ERLANG_INSTALL_PATH_PREFIX/lib/erlang" -type d -name src -exec rm -rf '{}' +; \
find "$INSTALL_PATH_PREFIX/lib/erlang" -type d -name include -exec rm -rf '{}' + find "$ERLANG_INSTALL_PATH_PREFIX/lib/erlang" -type d -name include -exec rm -rf '{}' +
# Check that Erlang/OTP crypto & ssl were compiled against OpenSSL correctly # Check that Erlang/OTP crypto & ssl were compiled against OpenSSL correctly
ENV PATH $ERLANG_INSTALL_PATH_PREFIX/bin:$PATH
RUN find $ERLANG_INSTALL_PATH_PREFIX -type f -name 'crypto.so' -exec ldd {} \; | awk '/libcrypto\.so/ { if (!index($3,ENVIRON["OPENSSL_INSTALL_PATH_PREFIX"])) exit 1 }'
RUN erl -noshell -eval 'ok = crypto:start(), ok = io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().' RUN erl -noshell -eval 'ok = crypto:start(), ok = io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().'
FROM alpine:3.18 FROM alpine:3.18
# INSTALL_PATH_PREFIX is in a different stage, so define it again # OPENSSL/ERLANG_INSTALL_PATH_PREFIX are defined in a different stage, so define them again
ENV INSTALL_PATH_PREFIX /usr/local/erlang ENV ERLANG_INSTALL_PATH_PREFIX /opt/erlang
COPY --from=erlang-builder "$INSTALL_PATH_PREFIX" "$INSTALL_PATH_PREFIX" ENV OPENSSL_INSTALL_PATH_PREFIX /opt/openssl
ENV PATH="$INSTALL_PATH_PREFIX/bin:$PATH" COPY --from=erlang-builder $ERLANG_INSTALL_PATH_PREFIX $ERLANG_INSTALL_PATH_PREFIX
COPY --from=openssl-builder $OPENSSL_INSTALL_PATH_PREFIX $OPENSSL_INSTALL_PATH_PREFIX
ENV PATH $ERLANG_INSTALL_PATH_PREFIX/bin:$OPENSSL_INSTALL_PATH_PREFIX/bin:$PATH
ENV RABBITMQ_DATA_DIR=/var/lib/rabbitmq ENV RABBITMQ_DATA_DIR /var/lib/rabbitmq
RUN set -eux; \ RUN set -eux; \
# Configure OpenSSL to use system certs # Configure OpenSSL to use system certs
ln -vsf /etc/ssl/certs /etc/ssl/private "$INSTALL_PATH_PREFIX/etc/ssl"; \ ln -vsf /etc/ssl/certs /etc/ssl/private "$OPENSSL_INSTALL_PATH_PREFIX/etc/ssl"; \
\ \
# Ensure run-time dependencies are installed # Ensure run-time dependencies are installed
runDeps="$( \ runDeps="$( \
scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ scanelf --needed --nobanner --format '%n#p' --recursive $ERLANG_INSTALL_PATH_PREFIX $OPENSSL_INSTALL_PATH_PREFIX \
| tr ',' '\n' \ | tr ',' '\n' \
| sort -u \ | sort -u \
| grep -v '^$\|lib\(crypto\|ssl\)' \
| awk 'system("test -e /usr/local/lib/" $1) == 0 { next } { print "so:" $1 }' \ | awk 'system("test -e /usr/local/lib/" $1) == 0 { next } { print "so:" $1 }' \
)"; \ )"; \
apk add --no-cache --virtual .otp-run-deps $runDeps; \ apk add --no-cache --virtual .otp-run-deps $runDeps; \
\ \
# Check that OpenSSL still works after copying from previous builder # Check that OpenSSL still works after copying from previous builder
sed -i.ORIG -e "/\.include.*fips/ s!.*!.include $INSTALL_PATH_PREFIX/etc/ssl/fipsmodule.cnf!" \ sed -i.ORIG -e "/\.include.*fips/ s!.*!.include $OPENSSL_INSTALL_PATH_PREFIX/etc/ssl/fipsmodule.cnf!" \
-e '/# fips =/s/.*/fips = fips_sect/' "$INSTALL_PATH_PREFIX/etc/ssl/openssl.cnf"; \ -e '/# fips =/s/.*/fips = fips_sect/' "$OPENSSL_INSTALL_PATH_PREFIX/etc/ssl/openssl.cnf"; \
sed -i.ORIG -e '/^activate/s/^/#/' "$INSTALL_PATH_PREFIX/etc/ssl/fipsmodule.cnf"; \ sed -i.ORIG -e '/^activate/s/^/#/' "$OPENSSL_INSTALL_PATH_PREFIX/etc/ssl/fipsmodule.cnf"; \
[ "$(command -v openssl)" = "$INSTALL_PATH_PREFIX/bin/openssl" ]; \ [ "$(command -v openssl)" = "$OPENSSL_INSTALL_PATH_PREFIX/bin/openssl" ]; \
openssl version; \ openssl version; \
openssl version -d; \ openssl version -d; \
\ \
@ -241,11 +246,11 @@ RUN set -eux; \
# Use the latest stable RabbitMQ release (https://www.rabbitmq.com/download.html) # Use the latest stable RabbitMQ release (https://www.rabbitmq.com/download.html)
ENV RABBITMQ_VERSION 3.11.21 ENV RABBITMQ_VERSION 3.11.21
# https://www.rabbitmq.com/signatures.html#importing-gpg # https://www.rabbitmq.com/signatures.html#importing-gpg
ENV RABBITMQ_PGP_KEY_ID="0x0A9AF2115F4687BD29803A206B73A36E6026DFCA" ENV RABBITMQ_PGP_KEY_ID 0x0A9AF2115F4687BD29803A206B73A36E6026DFCA
ENV RABBITMQ_HOME=/opt/rabbitmq ENV RABBITMQ_HOME /opt/rabbitmq
# Add RabbitMQ to PATH # Add RabbitMQ to PATH
ENV PATH=$RABBITMQ_HOME/sbin:$PATH ENV PATH $RABBITMQ_HOME/sbin:$PATH
# Install RabbitMQ # Install RabbitMQ
RUN set -eux; \ RUN set -eux; \

8
3.11/ubuntu/Dockerfile generated
View File

@ -107,7 +107,7 @@ RUN set -eux; \
ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR" ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR"
# smoke test # smoke test
RUN openssl version RUN $OPENSSL_INSTALL_PATH_PREFIX/bin/openssl version
FROM openssl-builder as erlang-builder FROM openssl-builder as erlang-builder
@ -189,7 +189,7 @@ RUN erl -noshell -eval 'ok = crypto:start(), ok = io:format("~p~n~n~p~n~n", [cry
FROM ubuntu:22.04 FROM ubuntu:22.04
# ERLANG_INSTALL_PATH_PREFIX is in a different stage, so define it again # OPENSSL/ERLANG_INSTALL_PATH_PREFIX are defined in a different stage, so define them again
ENV ERLANG_INSTALL_PATH_PREFIX /opt/erlang ENV ERLANG_INSTALL_PATH_PREFIX /opt/erlang
ENV OPENSSL_INSTALL_PATH_PREFIX /opt/openssl ENV OPENSSL_INSTALL_PATH_PREFIX /opt/openssl
COPY --from=erlang-builder $ERLANG_INSTALL_PATH_PREFIX $ERLANG_INSTALL_PATH_PREFIX COPY --from=erlang-builder $ERLANG_INSTALL_PATH_PREFIX $ERLANG_INSTALL_PATH_PREFIX
@ -225,8 +225,8 @@ RUN set -eux; \
# Use the latest stable RabbitMQ release (https://www.rabbitmq.com/download.html) # Use the latest stable RabbitMQ release (https://www.rabbitmq.com/download.html)
ENV RABBITMQ_VERSION 3.11.21 ENV RABBITMQ_VERSION 3.11.21
# https://www.rabbitmq.com/signatures.html#importing-gpg # https://www.rabbitmq.com/signatures.html#importing-gpg
ENV RABBITMQ_PGP_KEY_ID="0x0A9AF2115F4687BD29803A206B73A36E6026DFCA" ENV RABBITMQ_PGP_KEY_ID 0x0A9AF2115F4687BD29803A206B73A36E6026DFCA
ENV RABBITMQ_HOME=/opt/rabbitmq ENV RABBITMQ_HOME /opt/rabbitmq
# Add RabbitMQ to PATH # Add RabbitMQ to PATH
ENV PATH $RABBITMQ_HOME/sbin:$PATH ENV PATH $RABBITMQ_HOME/sbin:$PATH

59
3.12/alpine/Dockerfile generated
View File

@ -36,8 +36,8 @@ ENV OTP_VERSION 25.3.2.5
ENV OTP_SOURCE_SHA256="1f899b4b1ef8569c08713b76bc54607a09503a1d188e6d61512036188cc356db" ENV OTP_SOURCE_SHA256="1f899b4b1ef8569c08713b76bc54607a09503a1d188e6d61512036188cc356db"
# install openssl & erlang to a path that isn't auto-checked for libs to prevent accidental use by system packages # install openssl & erlang to a path that isn't auto-checked for libs to prevent accidental use by system packages
ENV INSTALL_PATH_PREFIX='/usr/local/erlang' ENV ERLANG_INSTALL_PATH_PREFIX /opt/erlang
ENV PATH="$INSTALL_PATH_PREFIX/bin:$PATH" ENV OPENSSL_INSTALL_PATH_PREFIX /opt/openssl
# Install dependencies required to build Erlang/OTP from source # Install dependencies required to build Erlang/OTP from source
# https://erlang.org/doc/installation_guide/INSTALL.html # https://erlang.org/doc/installation_guide/INSTALL.html
@ -50,7 +50,7 @@ RUN set -eux; \
\ \
OPENSSL_SOURCE_URL="https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz"; \ OPENSSL_SOURCE_URL="https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz"; \
OPENSSL_PATH="/usr/local/src/openssl-$OPENSSL_VERSION"; \ OPENSSL_PATH="/usr/local/src/openssl-$OPENSSL_VERSION"; \
OPENSSL_CONFIG_DIR="$INSTALL_PATH_PREFIX/etc/ssl"; \ OPENSSL_CONFIG_DIR="$OPENSSL_INSTALL_PATH_PREFIX/etc/ssl"; \
\ \
# Required by the crypto & ssl Erlang/OTP applications # Required by the crypto & ssl Erlang/OTP applications
wget --output-document "$OPENSSL_PATH.tar.gz.asc" "$OPENSSL_SOURCE_URL.asc"; \ wget --output-document "$OPENSSL_PATH.tar.gz.asc" "$OPENSSL_SOURCE_URL.asc"; \
@ -92,11 +92,11 @@ RUN set -eux; \
./Configure \ ./Configure \
"$opensslMachine" \ "$opensslMachine" \
enable-fips \ enable-fips \
--prefix="$INSTALL_PATH_PREFIX" \ --prefix="$OPENSSL_INSTALL_PATH_PREFIX" \
--openssldir="$OPENSSL_CONFIG_DIR" \ --openssldir="$OPENSSL_CONFIG_DIR" \
--libdir="$INSTALL_PATH_PREFIX/lib" \ --libdir="$OPENSSL_INSTALL_PATH_PREFIX/lib" \
# add -rpath to avoid conflicts between our OpenSSL's "libssl.so" and the libssl package by making sure "$INSTALL_PATH_PREFIX/lib" is searched first (but only for Erlang/OpenSSL to avoid issues with other tools using libssl; https://github.com/docker-library/rabbitmq/issues/364) # add -rpath to avoid conflicts between our OpenSSL's "libssl.so" and the libssl package by making sure "$INSTALL_PATH_PREFIX/lib" is searched first (but only for Erlang/OpenSSL to avoid issues with other tools using libssl; https://github.com/docker-library/rabbitmq/issues/364)
-Wl,-rpath="$INSTALL_PATH_PREFIX/lib" \ -Wl,-rpath="$OPENSSL_INSTALL_PATH_PREFIX/lib" \
${opensslExtraConfig:-} \ ${opensslExtraConfig:-} \
; \ ; \
# Compile, install OpenSSL, verify that the command-line works & development headers are present # Compile, install OpenSSL, verify that the command-line works & development headers are present
@ -107,7 +107,7 @@ RUN set -eux; \
ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR" ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR"
# smoke test # smoke test
RUN openssl version RUN $OPENSSL_INSTALL_PATH_PREFIX/bin/openssl version
FROM openssl-builder as erlang-builder FROM openssl-builder as erlang-builder
@ -131,7 +131,7 @@ RUN set -eux; \
export ERL_TOP="$OTP_PATH"; \ export ERL_TOP="$OTP_PATH"; \
export CFLAGS='-g -O2'; \ export CFLAGS='-g -O2'; \
# add -rpath to avoid conflicts between our OpenSSL's "libssl.so" and the libssl package by making sure "$INSTALL_PATH_PREFIX/lib" is searched first (but only for Erlang/OpenSSL to avoid issues with other tools using libssl; https://github.com/docker-library/rabbitmq/issues/364) # add -rpath to avoid conflicts between our OpenSSL's "libssl.so" and the libssl package by making sure "$INSTALL_PATH_PREFIX/lib" is searched first (but only for Erlang/OpenSSL to avoid issues with other tools using libssl; https://github.com/docker-library/rabbitmq/issues/364)
export CFLAGS="$CFLAGS -Wl,-rpath=$INSTALL_PATH_PREFIX/lib"; \ export CFLAGS="$CFLAGS -Wl,-rpath=$OPENSSL_INSTALL_PATH_PREFIX/lib"; \
hostArch="$(dpkg-architecture --query DEB_HOST_GNU_TYPE)"; \ hostArch="$(dpkg-architecture --query DEB_HOST_GNU_TYPE)"; \
buildArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ buildArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \
dpkgArch="$(dpkg --print-architecture)"; dpkgArch="${dpkgArch##*-}"; \ dpkgArch="$(dpkg --print-architecture)"; dpkgArch="${dpkgArch##*-}"; \
@ -141,7 +141,7 @@ RUN set -eux; \
amd64 | arm64) jitFlag='--enable-jit' ;; \ amd64 | arm64) jitFlag='--enable-jit' ;; \
esac; \ esac; \
./configure \ ./configure \
--prefix="$INSTALL_PATH_PREFIX" \ --prefix="$ERLANG_INSTALL_PATH_PREFIX" \
--host="$hostArch" \ --host="$hostArch" \
--build="$buildArch" \ --build="$buildArch" \
--disable-hipe \ --disable-hipe \
@ -154,7 +154,7 @@ RUN set -eux; \
--enable-smp-support \ --enable-smp-support \
--enable-threads \ --enable-threads \
--with-microstate-accounting=extra \ --with-microstate-accounting=extra \
--with-ssl="$INSTALL_PATH_PREFIX" \ --with-ssl="$OPENSSL_INSTALL_PATH_PREFIX" \
--without-common_test \ --without-common_test \
--without-debugger \ --without-debugger \
--without-dialyzer \ --without-dialyzer \
@ -180,40 +180,45 @@ RUN set -eux; \
make install; \ make install; \
\ \
# Remove unnecessary files # Remove unnecessary files
find "$INSTALL_PATH_PREFIX/lib/erlang" -type d -name examples -exec rm -rf '{}' +; \ find "$ERLANG_INSTALL_PATH_PREFIX/lib/erlang" -type d -name examples -exec rm -rf '{}' +; \
find "$INSTALL_PATH_PREFIX/lib/erlang" -type d -name src -exec rm -rf '{}' +; \ find "$ERLANG_INSTALL_PATH_PREFIX/lib/erlang" -type d -name src -exec rm -rf '{}' +; \
find "$INSTALL_PATH_PREFIX/lib/erlang" -type d -name include -exec rm -rf '{}' + find "$ERLANG_INSTALL_PATH_PREFIX/lib/erlang" -type d -name include -exec rm -rf '{}' +
# Check that Erlang/OTP crypto & ssl were compiled against OpenSSL correctly # Check that Erlang/OTP crypto & ssl were compiled against OpenSSL correctly
ENV PATH $ERLANG_INSTALL_PATH_PREFIX/bin:$PATH
RUN find $ERLANG_INSTALL_PATH_PREFIX -type f -name 'crypto.so' -exec ldd {} \; | awk '/libcrypto\.so/ { if (!index($3,ENVIRON["OPENSSL_INSTALL_PATH_PREFIX"])) exit 1 }'
RUN erl -noshell -eval 'ok = crypto:start(), ok = io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().' RUN erl -noshell -eval 'ok = crypto:start(), ok = io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().'
FROM alpine:3.18 FROM alpine:3.18
# INSTALL_PATH_PREFIX is in a different stage, so define it again # OPENSSL/ERLANG_INSTALL_PATH_PREFIX are defined in a different stage, so define them again
ENV INSTALL_PATH_PREFIX /usr/local/erlang ENV ERLANG_INSTALL_PATH_PREFIX /opt/erlang
COPY --from=erlang-builder "$INSTALL_PATH_PREFIX" "$INSTALL_PATH_PREFIX" ENV OPENSSL_INSTALL_PATH_PREFIX /opt/openssl
ENV PATH="$INSTALL_PATH_PREFIX/bin:$PATH" COPY --from=erlang-builder $ERLANG_INSTALL_PATH_PREFIX $ERLANG_INSTALL_PATH_PREFIX
COPY --from=openssl-builder $OPENSSL_INSTALL_PATH_PREFIX $OPENSSL_INSTALL_PATH_PREFIX
ENV PATH $ERLANG_INSTALL_PATH_PREFIX/bin:$OPENSSL_INSTALL_PATH_PREFIX/bin:$PATH
ENV RABBITMQ_DATA_DIR=/var/lib/rabbitmq ENV RABBITMQ_DATA_DIR /var/lib/rabbitmq
RUN set -eux; \ RUN set -eux; \
# Configure OpenSSL to use system certs # Configure OpenSSL to use system certs
ln -vsf /etc/ssl/certs /etc/ssl/private "$INSTALL_PATH_PREFIX/etc/ssl"; \ ln -vsf /etc/ssl/certs /etc/ssl/private "$OPENSSL_INSTALL_PATH_PREFIX/etc/ssl"; \
\ \
# Ensure run-time dependencies are installed # Ensure run-time dependencies are installed
runDeps="$( \ runDeps="$( \
scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ scanelf --needed --nobanner --format '%n#p' --recursive $ERLANG_INSTALL_PATH_PREFIX $OPENSSL_INSTALL_PATH_PREFIX \
| tr ',' '\n' \ | tr ',' '\n' \
| sort -u \ | sort -u \
| grep -v '^$\|lib\(crypto\|ssl\)' \
| awk 'system("test -e /usr/local/lib/" $1) == 0 { next } { print "so:" $1 }' \ | awk 'system("test -e /usr/local/lib/" $1) == 0 { next } { print "so:" $1 }' \
)"; \ )"; \
apk add --no-cache --virtual .otp-run-deps $runDeps; \ apk add --no-cache --virtual .otp-run-deps $runDeps; \
\ \
# Check that OpenSSL still works after copying from previous builder # Check that OpenSSL still works after copying from previous builder
sed -i.ORIG -e "/\.include.*fips/ s!.*!.include $INSTALL_PATH_PREFIX/etc/ssl/fipsmodule.cnf!" \ sed -i.ORIG -e "/\.include.*fips/ s!.*!.include $OPENSSL_INSTALL_PATH_PREFIX/etc/ssl/fipsmodule.cnf!" \
-e '/# fips =/s/.*/fips = fips_sect/' "$INSTALL_PATH_PREFIX/etc/ssl/openssl.cnf"; \ -e '/# fips =/s/.*/fips = fips_sect/' "$OPENSSL_INSTALL_PATH_PREFIX/etc/ssl/openssl.cnf"; \
sed -i.ORIG -e '/^activate/s/^/#/' "$INSTALL_PATH_PREFIX/etc/ssl/fipsmodule.cnf"; \ sed -i.ORIG -e '/^activate/s/^/#/' "$OPENSSL_INSTALL_PATH_PREFIX/etc/ssl/fipsmodule.cnf"; \
[ "$(command -v openssl)" = "$INSTALL_PATH_PREFIX/bin/openssl" ]; \ [ "$(command -v openssl)" = "$OPENSSL_INSTALL_PATH_PREFIX/bin/openssl" ]; \
openssl version; \ openssl version; \
openssl version -d; \ openssl version -d; \
\ \
@ -241,11 +246,11 @@ RUN set -eux; \
# Use the latest stable RabbitMQ release (https://www.rabbitmq.com/download.html) # Use the latest stable RabbitMQ release (https://www.rabbitmq.com/download.html)
ENV RABBITMQ_VERSION 3.12.2 ENV RABBITMQ_VERSION 3.12.2
# https://www.rabbitmq.com/signatures.html#importing-gpg # https://www.rabbitmq.com/signatures.html#importing-gpg
ENV RABBITMQ_PGP_KEY_ID="0x0A9AF2115F4687BD29803A206B73A36E6026DFCA" ENV RABBITMQ_PGP_KEY_ID 0x0A9AF2115F4687BD29803A206B73A36E6026DFCA
ENV RABBITMQ_HOME=/opt/rabbitmq ENV RABBITMQ_HOME /opt/rabbitmq
# Add RabbitMQ to PATH # Add RabbitMQ to PATH
ENV PATH=$RABBITMQ_HOME/sbin:$PATH ENV PATH $RABBITMQ_HOME/sbin:$PATH
# Install RabbitMQ # Install RabbitMQ
RUN set -eux; \ RUN set -eux; \

8
3.12/ubuntu/Dockerfile generated
View File

@ -107,7 +107,7 @@ RUN set -eux; \
ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR" ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR"
# smoke test # smoke test
RUN openssl version RUN $OPENSSL_INSTALL_PATH_PREFIX/bin/openssl version
FROM openssl-builder as erlang-builder FROM openssl-builder as erlang-builder
@ -189,7 +189,7 @@ RUN erl -noshell -eval 'ok = crypto:start(), ok = io:format("~p~n~n~p~n~n", [cry
FROM ubuntu:22.04 FROM ubuntu:22.04
# ERLANG_INSTALL_PATH_PREFIX is in a different stage, so define it again # OPENSSL/ERLANG_INSTALL_PATH_PREFIX are defined in a different stage, so define them again
ENV ERLANG_INSTALL_PATH_PREFIX /opt/erlang ENV ERLANG_INSTALL_PATH_PREFIX /opt/erlang
ENV OPENSSL_INSTALL_PATH_PREFIX /opt/openssl ENV OPENSSL_INSTALL_PATH_PREFIX /opt/openssl
COPY --from=erlang-builder $ERLANG_INSTALL_PATH_PREFIX $ERLANG_INSTALL_PATH_PREFIX COPY --from=erlang-builder $ERLANG_INSTALL_PATH_PREFIX $ERLANG_INSTALL_PATH_PREFIX
@ -225,8 +225,8 @@ RUN set -eux; \
# Use the latest stable RabbitMQ release (https://www.rabbitmq.com/download.html) # Use the latest stable RabbitMQ release (https://www.rabbitmq.com/download.html)
ENV RABBITMQ_VERSION 3.12.2 ENV RABBITMQ_VERSION 3.12.2
# https://www.rabbitmq.com/signatures.html#importing-gpg # https://www.rabbitmq.com/signatures.html#importing-gpg
ENV RABBITMQ_PGP_KEY_ID="0x0A9AF2115F4687BD29803A206B73A36E6026DFCA" ENV RABBITMQ_PGP_KEY_ID 0x0A9AF2115F4687BD29803A206B73A36E6026DFCA
ENV RABBITMQ_HOME=/opt/rabbitmq ENV RABBITMQ_HOME /opt/rabbitmq
# Add RabbitMQ to PATH # Add RabbitMQ to PATH
ENV PATH $RABBITMQ_HOME/sbin:$PATH ENV PATH $RABBITMQ_HOME/sbin:$PATH

59
3.13-rc/alpine/Dockerfile generated
View File

@ -36,8 +36,8 @@ ENV OTP_VERSION 26.0.2
ENV OTP_SOURCE_SHA256="47853ea9230643a0a31004433f07a71c1b92d6e0094534f629e3b75dbc62f193" ENV OTP_SOURCE_SHA256="47853ea9230643a0a31004433f07a71c1b92d6e0094534f629e3b75dbc62f193"
# install openssl & erlang to a path that isn't auto-checked for libs to prevent accidental use by system packages # install openssl & erlang to a path that isn't auto-checked for libs to prevent accidental use by system packages
ENV INSTALL_PATH_PREFIX='/usr/local/erlang' ENV ERLANG_INSTALL_PATH_PREFIX /opt/erlang
ENV PATH="$INSTALL_PATH_PREFIX/bin:$PATH" ENV OPENSSL_INSTALL_PATH_PREFIX /opt/openssl
# Install dependencies required to build Erlang/OTP from source # Install dependencies required to build Erlang/OTP from source
# https://erlang.org/doc/installation_guide/INSTALL.html # https://erlang.org/doc/installation_guide/INSTALL.html
@ -50,7 +50,7 @@ RUN set -eux; \
\ \
OPENSSL_SOURCE_URL="https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz"; \ OPENSSL_SOURCE_URL="https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz"; \
OPENSSL_PATH="/usr/local/src/openssl-$OPENSSL_VERSION"; \ OPENSSL_PATH="/usr/local/src/openssl-$OPENSSL_VERSION"; \
OPENSSL_CONFIG_DIR="$INSTALL_PATH_PREFIX/etc/ssl"; \ OPENSSL_CONFIG_DIR="$OPENSSL_INSTALL_PATH_PREFIX/etc/ssl"; \
\ \
# Required by the crypto & ssl Erlang/OTP applications # Required by the crypto & ssl Erlang/OTP applications
wget --output-document "$OPENSSL_PATH.tar.gz.asc" "$OPENSSL_SOURCE_URL.asc"; \ wget --output-document "$OPENSSL_PATH.tar.gz.asc" "$OPENSSL_SOURCE_URL.asc"; \
@ -92,11 +92,11 @@ RUN set -eux; \
./Configure \ ./Configure \
"$opensslMachine" \ "$opensslMachine" \
enable-fips \ enable-fips \
--prefix="$INSTALL_PATH_PREFIX" \ --prefix="$OPENSSL_INSTALL_PATH_PREFIX" \
--openssldir="$OPENSSL_CONFIG_DIR" \ --openssldir="$OPENSSL_CONFIG_DIR" \
--libdir="$INSTALL_PATH_PREFIX/lib" \ --libdir="$OPENSSL_INSTALL_PATH_PREFIX/lib" \
# add -rpath to avoid conflicts between our OpenSSL's "libssl.so" and the libssl package by making sure "$INSTALL_PATH_PREFIX/lib" is searched first (but only for Erlang/OpenSSL to avoid issues with other tools using libssl; https://github.com/docker-library/rabbitmq/issues/364) # add -rpath to avoid conflicts between our OpenSSL's "libssl.so" and the libssl package by making sure "$INSTALL_PATH_PREFIX/lib" is searched first (but only for Erlang/OpenSSL to avoid issues with other tools using libssl; https://github.com/docker-library/rabbitmq/issues/364)
-Wl,-rpath="$INSTALL_PATH_PREFIX/lib" \ -Wl,-rpath="$OPENSSL_INSTALL_PATH_PREFIX/lib" \
${opensslExtraConfig:-} \ ${opensslExtraConfig:-} \
; \ ; \
# Compile, install OpenSSL, verify that the command-line works & development headers are present # Compile, install OpenSSL, verify that the command-line works & development headers are present
@ -107,7 +107,7 @@ RUN set -eux; \
ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR" ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR"
# smoke test # smoke test
RUN openssl version RUN $OPENSSL_INSTALL_PATH_PREFIX/bin/openssl version
FROM openssl-builder as erlang-builder FROM openssl-builder as erlang-builder
@ -131,7 +131,7 @@ RUN set -eux; \
export ERL_TOP="$OTP_PATH"; \ export ERL_TOP="$OTP_PATH"; \
export CFLAGS='-g -O2'; \ export CFLAGS='-g -O2'; \
# add -rpath to avoid conflicts between our OpenSSL's "libssl.so" and the libssl package by making sure "$INSTALL_PATH_PREFIX/lib" is searched first (but only for Erlang/OpenSSL to avoid issues with other tools using libssl; https://github.com/docker-library/rabbitmq/issues/364) # add -rpath to avoid conflicts between our OpenSSL's "libssl.so" and the libssl package by making sure "$INSTALL_PATH_PREFIX/lib" is searched first (but only for Erlang/OpenSSL to avoid issues with other tools using libssl; https://github.com/docker-library/rabbitmq/issues/364)
export CFLAGS="$CFLAGS -Wl,-rpath=$INSTALL_PATH_PREFIX/lib"; \ export CFLAGS="$CFLAGS -Wl,-rpath=$OPENSSL_INSTALL_PATH_PREFIX/lib"; \
hostArch="$(dpkg-architecture --query DEB_HOST_GNU_TYPE)"; \ hostArch="$(dpkg-architecture --query DEB_HOST_GNU_TYPE)"; \
buildArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ buildArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \
dpkgArch="$(dpkg --print-architecture)"; dpkgArch="${dpkgArch##*-}"; \ dpkgArch="$(dpkg --print-architecture)"; dpkgArch="${dpkgArch##*-}"; \
@ -141,7 +141,7 @@ RUN set -eux; \
amd64 | arm64) jitFlag='--enable-jit' ;; \ amd64 | arm64) jitFlag='--enable-jit' ;; \
esac; \ esac; \
./configure \ ./configure \
--prefix="$INSTALL_PATH_PREFIX" \ --prefix="$ERLANG_INSTALL_PATH_PREFIX" \
--host="$hostArch" \ --host="$hostArch" \
--build="$buildArch" \ --build="$buildArch" \
--disable-hipe \ --disable-hipe \
@ -154,7 +154,7 @@ RUN set -eux; \
--enable-smp-support \ --enable-smp-support \
--enable-threads \ --enable-threads \
--with-microstate-accounting=extra \ --with-microstate-accounting=extra \
--with-ssl="$INSTALL_PATH_PREFIX" \ --with-ssl="$OPENSSL_INSTALL_PATH_PREFIX" \
--without-common_test \ --without-common_test \
--without-debugger \ --without-debugger \
--without-dialyzer \ --without-dialyzer \
@ -180,40 +180,45 @@ RUN set -eux; \
make install; \ make install; \
\ \
# Remove unnecessary files # Remove unnecessary files
find "$INSTALL_PATH_PREFIX/lib/erlang" -type d -name examples -exec rm -rf '{}' +; \ find "$ERLANG_INSTALL_PATH_PREFIX/lib/erlang" -type d -name examples -exec rm -rf '{}' +; \
find "$INSTALL_PATH_PREFIX/lib/erlang" -type d -name src -exec rm -rf '{}' +; \ find "$ERLANG_INSTALL_PATH_PREFIX/lib/erlang" -type d -name src -exec rm -rf '{}' +; \
find "$INSTALL_PATH_PREFIX/lib/erlang" -type d -name include -exec rm -rf '{}' + find "$ERLANG_INSTALL_PATH_PREFIX/lib/erlang" -type d -name include -exec rm -rf '{}' +
# Check that Erlang/OTP crypto & ssl were compiled against OpenSSL correctly # Check that Erlang/OTP crypto & ssl were compiled against OpenSSL correctly
ENV PATH $ERLANG_INSTALL_PATH_PREFIX/bin:$PATH
RUN find $ERLANG_INSTALL_PATH_PREFIX -type f -name 'crypto.so' -exec ldd {} \; | awk '/libcrypto\.so/ { if (!index($3,ENVIRON["OPENSSL_INSTALL_PATH_PREFIX"])) exit 1 }'
RUN erl -noshell -eval 'ok = crypto:start(), ok = io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().' RUN erl -noshell -eval 'ok = crypto:start(), ok = io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().'
FROM alpine:3.18 FROM alpine:3.18
# INSTALL_PATH_PREFIX is in a different stage, so define it again # OPENSSL/ERLANG_INSTALL_PATH_PREFIX are defined in a different stage, so define them again
ENV INSTALL_PATH_PREFIX /usr/local/erlang ENV ERLANG_INSTALL_PATH_PREFIX /opt/erlang
COPY --from=erlang-builder "$INSTALL_PATH_PREFIX" "$INSTALL_PATH_PREFIX" ENV OPENSSL_INSTALL_PATH_PREFIX /opt/openssl
ENV PATH="$INSTALL_PATH_PREFIX/bin:$PATH" COPY --from=erlang-builder $ERLANG_INSTALL_PATH_PREFIX $ERLANG_INSTALL_PATH_PREFIX
COPY --from=openssl-builder $OPENSSL_INSTALL_PATH_PREFIX $OPENSSL_INSTALL_PATH_PREFIX
ENV PATH $ERLANG_INSTALL_PATH_PREFIX/bin:$OPENSSL_INSTALL_PATH_PREFIX/bin:$PATH
ENV RABBITMQ_DATA_DIR=/var/lib/rabbitmq ENV RABBITMQ_DATA_DIR /var/lib/rabbitmq
RUN set -eux; \ RUN set -eux; \
# Configure OpenSSL to use system certs # Configure OpenSSL to use system certs
ln -vsf /etc/ssl/certs /etc/ssl/private "$INSTALL_PATH_PREFIX/etc/ssl"; \ ln -vsf /etc/ssl/certs /etc/ssl/private "$OPENSSL_INSTALL_PATH_PREFIX/etc/ssl"; \
\ \
# Ensure run-time dependencies are installed # Ensure run-time dependencies are installed
runDeps="$( \ runDeps="$( \
scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ scanelf --needed --nobanner --format '%n#p' --recursive $ERLANG_INSTALL_PATH_PREFIX $OPENSSL_INSTALL_PATH_PREFIX \
| tr ',' '\n' \ | tr ',' '\n' \
| sort -u \ | sort -u \
| grep -v '^$\|lib\(crypto\|ssl\)' \
| awk 'system("test -e /usr/local/lib/" $1) == 0 { next } { print "so:" $1 }' \ | awk 'system("test -e /usr/local/lib/" $1) == 0 { next } { print "so:" $1 }' \
)"; \ )"; \
apk add --no-cache --virtual .otp-run-deps $runDeps; \ apk add --no-cache --virtual .otp-run-deps $runDeps; \
\ \
# Check that OpenSSL still works after copying from previous builder # Check that OpenSSL still works after copying from previous builder
sed -i.ORIG -e "/\.include.*fips/ s!.*!.include $INSTALL_PATH_PREFIX/etc/ssl/fipsmodule.cnf!" \ sed -i.ORIG -e "/\.include.*fips/ s!.*!.include $OPENSSL_INSTALL_PATH_PREFIX/etc/ssl/fipsmodule.cnf!" \
-e '/# fips =/s/.*/fips = fips_sect/' "$INSTALL_PATH_PREFIX/etc/ssl/openssl.cnf"; \ -e '/# fips =/s/.*/fips = fips_sect/' "$OPENSSL_INSTALL_PATH_PREFIX/etc/ssl/openssl.cnf"; \
sed -i.ORIG -e '/^activate/s/^/#/' "$INSTALL_PATH_PREFIX/etc/ssl/fipsmodule.cnf"; \ sed -i.ORIG -e '/^activate/s/^/#/' "$OPENSSL_INSTALL_PATH_PREFIX/etc/ssl/fipsmodule.cnf"; \
[ "$(command -v openssl)" = "$INSTALL_PATH_PREFIX/bin/openssl" ]; \ [ "$(command -v openssl)" = "$OPENSSL_INSTALL_PATH_PREFIX/bin/openssl" ]; \
openssl version; \ openssl version; \
openssl version -d; \ openssl version -d; \
\ \
@ -241,11 +246,11 @@ RUN set -eux; \
# Use the latest stable RabbitMQ release (https://www.rabbitmq.com/download.html) # Use the latest stable RabbitMQ release (https://www.rabbitmq.com/download.html)
ENV RABBITMQ_VERSION 3.13.0-beta.4 ENV RABBITMQ_VERSION 3.13.0-beta.4
# https://www.rabbitmq.com/signatures.html#importing-gpg # https://www.rabbitmq.com/signatures.html#importing-gpg
ENV RABBITMQ_PGP_KEY_ID="0x0A9AF2115F4687BD29803A206B73A36E6026DFCA" ENV RABBITMQ_PGP_KEY_ID 0x0A9AF2115F4687BD29803A206B73A36E6026DFCA
ENV RABBITMQ_HOME=/opt/rabbitmq ENV RABBITMQ_HOME /opt/rabbitmq
# Add RabbitMQ to PATH # Add RabbitMQ to PATH
ENV PATH=$RABBITMQ_HOME/sbin:$PATH ENV PATH $RABBITMQ_HOME/sbin:$PATH
# Install RabbitMQ # Install RabbitMQ
RUN set -eux; \ RUN set -eux; \

8
3.13-rc/ubuntu/Dockerfile generated
View File

@ -107,7 +107,7 @@ RUN set -eux; \
ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR" ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR"
# smoke test # smoke test
RUN openssl version RUN $OPENSSL_INSTALL_PATH_PREFIX/bin/openssl version
FROM openssl-builder as erlang-builder FROM openssl-builder as erlang-builder
@ -189,7 +189,7 @@ RUN erl -noshell -eval 'ok = crypto:start(), ok = io:format("~p~n~n~p~n~n", [cry
FROM ubuntu:22.04 FROM ubuntu:22.04
# ERLANG_INSTALL_PATH_PREFIX is in a different stage, so define it again # OPENSSL/ERLANG_INSTALL_PATH_PREFIX are defined in a different stage, so define them again
ENV ERLANG_INSTALL_PATH_PREFIX /opt/erlang ENV ERLANG_INSTALL_PATH_PREFIX /opt/erlang
ENV OPENSSL_INSTALL_PATH_PREFIX /opt/openssl ENV OPENSSL_INSTALL_PATH_PREFIX /opt/openssl
COPY --from=erlang-builder $ERLANG_INSTALL_PATH_PREFIX $ERLANG_INSTALL_PATH_PREFIX COPY --from=erlang-builder $ERLANG_INSTALL_PATH_PREFIX $ERLANG_INSTALL_PATH_PREFIX
@ -225,8 +225,8 @@ RUN set -eux; \
# Use the latest stable RabbitMQ release (https://www.rabbitmq.com/download.html) # Use the latest stable RabbitMQ release (https://www.rabbitmq.com/download.html)
ENV RABBITMQ_VERSION 3.13.0-beta.4 ENV RABBITMQ_VERSION 3.13.0-beta.4
# https://www.rabbitmq.com/signatures.html#importing-gpg # https://www.rabbitmq.com/signatures.html#importing-gpg
ENV RABBITMQ_PGP_KEY_ID="0x0A9AF2115F4687BD29803A206B73A36E6026DFCA" ENV RABBITMQ_PGP_KEY_ID 0x0A9AF2115F4687BD29803A206B73A36E6026DFCA
ENV RABBITMQ_HOME=/opt/rabbitmq ENV RABBITMQ_HOME /opt/rabbitmq
# Add RabbitMQ to PATH # Add RabbitMQ to PATH
ENV PATH $RABBITMQ_HOME/sbin:$PATH ENV PATH $RABBITMQ_HOME/sbin:$PATH

59
3.9/alpine/Dockerfile generated
View File

@ -36,8 +36,8 @@ ENV OTP_VERSION 25.3.2.5
ENV OTP_SOURCE_SHA256="1f899b4b1ef8569c08713b76bc54607a09503a1d188e6d61512036188cc356db" ENV OTP_SOURCE_SHA256="1f899b4b1ef8569c08713b76bc54607a09503a1d188e6d61512036188cc356db"
# install openssl & erlang to a path that isn't auto-checked for libs to prevent accidental use by system packages # install openssl & erlang to a path that isn't auto-checked for libs to prevent accidental use by system packages
ENV INSTALL_PATH_PREFIX='/usr/local/erlang' ENV ERLANG_INSTALL_PATH_PREFIX /opt/erlang
ENV PATH="$INSTALL_PATH_PREFIX/bin:$PATH" ENV OPENSSL_INSTALL_PATH_PREFIX /opt/openssl
# Install dependencies required to build Erlang/OTP from source # Install dependencies required to build Erlang/OTP from source
# https://erlang.org/doc/installation_guide/INSTALL.html # https://erlang.org/doc/installation_guide/INSTALL.html
@ -50,7 +50,7 @@ RUN set -eux; \
\ \
OPENSSL_SOURCE_URL="https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz"; \ OPENSSL_SOURCE_URL="https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz"; \
OPENSSL_PATH="/usr/local/src/openssl-$OPENSSL_VERSION"; \ OPENSSL_PATH="/usr/local/src/openssl-$OPENSSL_VERSION"; \
OPENSSL_CONFIG_DIR="$INSTALL_PATH_PREFIX/etc/ssl"; \ OPENSSL_CONFIG_DIR="$OPENSSL_INSTALL_PATH_PREFIX/etc/ssl"; \
\ \
# Required by the crypto & ssl Erlang/OTP applications # Required by the crypto & ssl Erlang/OTP applications
wget --output-document "$OPENSSL_PATH.tar.gz.asc" "$OPENSSL_SOURCE_URL.asc"; \ wget --output-document "$OPENSSL_PATH.tar.gz.asc" "$OPENSSL_SOURCE_URL.asc"; \
@ -92,11 +92,11 @@ RUN set -eux; \
./Configure \ ./Configure \
"$opensslMachine" \ "$opensslMachine" \
enable-fips \ enable-fips \
--prefix="$INSTALL_PATH_PREFIX" \ --prefix="$OPENSSL_INSTALL_PATH_PREFIX" \
--openssldir="$OPENSSL_CONFIG_DIR" \ --openssldir="$OPENSSL_CONFIG_DIR" \
--libdir="$INSTALL_PATH_PREFIX/lib" \ --libdir="$OPENSSL_INSTALL_PATH_PREFIX/lib" \
# add -rpath to avoid conflicts between our OpenSSL's "libssl.so" and the libssl package by making sure "$INSTALL_PATH_PREFIX/lib" is searched first (but only for Erlang/OpenSSL to avoid issues with other tools using libssl; https://github.com/docker-library/rabbitmq/issues/364) # add -rpath to avoid conflicts between our OpenSSL's "libssl.so" and the libssl package by making sure "$INSTALL_PATH_PREFIX/lib" is searched first (but only for Erlang/OpenSSL to avoid issues with other tools using libssl; https://github.com/docker-library/rabbitmq/issues/364)
-Wl,-rpath="$INSTALL_PATH_PREFIX/lib" \ -Wl,-rpath="$OPENSSL_INSTALL_PATH_PREFIX/lib" \
${opensslExtraConfig:-} \ ${opensslExtraConfig:-} \
; \ ; \
# Compile, install OpenSSL, verify that the command-line works & development headers are present # Compile, install OpenSSL, verify that the command-line works & development headers are present
@ -107,7 +107,7 @@ RUN set -eux; \
ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR" ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR"
# smoke test # smoke test
RUN openssl version RUN $OPENSSL_INSTALL_PATH_PREFIX/bin/openssl version
FROM openssl-builder as erlang-builder FROM openssl-builder as erlang-builder
@ -131,7 +131,7 @@ RUN set -eux; \
export ERL_TOP="$OTP_PATH"; \ export ERL_TOP="$OTP_PATH"; \
export CFLAGS='-g -O2'; \ export CFLAGS='-g -O2'; \
# add -rpath to avoid conflicts between our OpenSSL's "libssl.so" and the libssl package by making sure "$INSTALL_PATH_PREFIX/lib" is searched first (but only for Erlang/OpenSSL to avoid issues with other tools using libssl; https://github.com/docker-library/rabbitmq/issues/364) # add -rpath to avoid conflicts between our OpenSSL's "libssl.so" and the libssl package by making sure "$INSTALL_PATH_PREFIX/lib" is searched first (but only for Erlang/OpenSSL to avoid issues with other tools using libssl; https://github.com/docker-library/rabbitmq/issues/364)
export CFLAGS="$CFLAGS -Wl,-rpath=$INSTALL_PATH_PREFIX/lib"; \ export CFLAGS="$CFLAGS -Wl,-rpath=$OPENSSL_INSTALL_PATH_PREFIX/lib"; \
hostArch="$(dpkg-architecture --query DEB_HOST_GNU_TYPE)"; \ hostArch="$(dpkg-architecture --query DEB_HOST_GNU_TYPE)"; \
buildArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ buildArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \
dpkgArch="$(dpkg --print-architecture)"; dpkgArch="${dpkgArch##*-}"; \ dpkgArch="$(dpkg --print-architecture)"; dpkgArch="${dpkgArch##*-}"; \
@ -141,7 +141,7 @@ RUN set -eux; \
amd64 | arm64) jitFlag='--enable-jit' ;; \ amd64 | arm64) jitFlag='--enable-jit' ;; \
esac; \ esac; \
./configure \ ./configure \
--prefix="$INSTALL_PATH_PREFIX" \ --prefix="$ERLANG_INSTALL_PATH_PREFIX" \
--host="$hostArch" \ --host="$hostArch" \
--build="$buildArch" \ --build="$buildArch" \
--disable-hipe \ --disable-hipe \
@ -154,7 +154,7 @@ RUN set -eux; \
--enable-smp-support \ --enable-smp-support \
--enable-threads \ --enable-threads \
--with-microstate-accounting=extra \ --with-microstate-accounting=extra \
--with-ssl="$INSTALL_PATH_PREFIX" \ --with-ssl="$OPENSSL_INSTALL_PATH_PREFIX" \
--without-common_test \ --without-common_test \
--without-debugger \ --without-debugger \
--without-dialyzer \ --without-dialyzer \
@ -180,40 +180,45 @@ RUN set -eux; \
make install; \ make install; \
\ \
# Remove unnecessary files # Remove unnecessary files
find "$INSTALL_PATH_PREFIX/lib/erlang" -type d -name examples -exec rm -rf '{}' +; \ find "$ERLANG_INSTALL_PATH_PREFIX/lib/erlang" -type d -name examples -exec rm -rf '{}' +; \
find "$INSTALL_PATH_PREFIX/lib/erlang" -type d -name src -exec rm -rf '{}' +; \ find "$ERLANG_INSTALL_PATH_PREFIX/lib/erlang" -type d -name src -exec rm -rf '{}' +; \
find "$INSTALL_PATH_PREFIX/lib/erlang" -type d -name include -exec rm -rf '{}' + find "$ERLANG_INSTALL_PATH_PREFIX/lib/erlang" -type d -name include -exec rm -rf '{}' +
# Check that Erlang/OTP crypto & ssl were compiled against OpenSSL correctly # Check that Erlang/OTP crypto & ssl were compiled against OpenSSL correctly
ENV PATH $ERLANG_INSTALL_PATH_PREFIX/bin:$PATH
RUN find $ERLANG_INSTALL_PATH_PREFIX -type f -name 'crypto.so' -exec ldd {} \; | awk '/libcrypto\.so/ { if (!index($3,ENVIRON["OPENSSL_INSTALL_PATH_PREFIX"])) exit 1 }'
RUN erl -noshell -eval 'ok = crypto:start(), ok = io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().' RUN erl -noshell -eval 'ok = crypto:start(), ok = io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().'
FROM alpine:3.18 FROM alpine:3.18
# INSTALL_PATH_PREFIX is in a different stage, so define it again # OPENSSL/ERLANG_INSTALL_PATH_PREFIX are defined in a different stage, so define them again
ENV INSTALL_PATH_PREFIX /usr/local/erlang ENV ERLANG_INSTALL_PATH_PREFIX /opt/erlang
COPY --from=erlang-builder "$INSTALL_PATH_PREFIX" "$INSTALL_PATH_PREFIX" ENV OPENSSL_INSTALL_PATH_PREFIX /opt/openssl
ENV PATH="$INSTALL_PATH_PREFIX/bin:$PATH" COPY --from=erlang-builder $ERLANG_INSTALL_PATH_PREFIX $ERLANG_INSTALL_PATH_PREFIX
COPY --from=openssl-builder $OPENSSL_INSTALL_PATH_PREFIX $OPENSSL_INSTALL_PATH_PREFIX
ENV PATH $ERLANG_INSTALL_PATH_PREFIX/bin:$OPENSSL_INSTALL_PATH_PREFIX/bin:$PATH
ENV RABBITMQ_DATA_DIR=/var/lib/rabbitmq ENV RABBITMQ_DATA_DIR /var/lib/rabbitmq
RUN set -eux; \ RUN set -eux; \
# Configure OpenSSL to use system certs # Configure OpenSSL to use system certs
ln -vsf /etc/ssl/certs /etc/ssl/private "$INSTALL_PATH_PREFIX/etc/ssl"; \ ln -vsf /etc/ssl/certs /etc/ssl/private "$OPENSSL_INSTALL_PATH_PREFIX/etc/ssl"; \
\ \
# Ensure run-time dependencies are installed # Ensure run-time dependencies are installed
runDeps="$( \ runDeps="$( \
scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ scanelf --needed --nobanner --format '%n#p' --recursive $ERLANG_INSTALL_PATH_PREFIX $OPENSSL_INSTALL_PATH_PREFIX \
| tr ',' '\n' \ | tr ',' '\n' \
| sort -u \ | sort -u \
| grep -v '^$\|lib\(crypto\|ssl\)' \
| awk 'system("test -e /usr/local/lib/" $1) == 0 { next } { print "so:" $1 }' \ | awk 'system("test -e /usr/local/lib/" $1) == 0 { next } { print "so:" $1 }' \
)"; \ )"; \
apk add --no-cache --virtual .otp-run-deps $runDeps; \ apk add --no-cache --virtual .otp-run-deps $runDeps; \
\ \
# Check that OpenSSL still works after copying from previous builder # Check that OpenSSL still works after copying from previous builder
sed -i.ORIG -e "/\.include.*fips/ s!.*!.include $INSTALL_PATH_PREFIX/etc/ssl/fipsmodule.cnf!" \ sed -i.ORIG -e "/\.include.*fips/ s!.*!.include $OPENSSL_INSTALL_PATH_PREFIX/etc/ssl/fipsmodule.cnf!" \
-e '/# fips =/s/.*/fips = fips_sect/' "$INSTALL_PATH_PREFIX/etc/ssl/openssl.cnf"; \ -e '/# fips =/s/.*/fips = fips_sect/' "$OPENSSL_INSTALL_PATH_PREFIX/etc/ssl/openssl.cnf"; \
sed -i.ORIG -e '/^activate/s/^/#/' "$INSTALL_PATH_PREFIX/etc/ssl/fipsmodule.cnf"; \ sed -i.ORIG -e '/^activate/s/^/#/' "$OPENSSL_INSTALL_PATH_PREFIX/etc/ssl/fipsmodule.cnf"; \
[ "$(command -v openssl)" = "$INSTALL_PATH_PREFIX/bin/openssl" ]; \ [ "$(command -v openssl)" = "$OPENSSL_INSTALL_PATH_PREFIX/bin/openssl" ]; \
openssl version; \ openssl version; \
openssl version -d; \ openssl version -d; \
\ \
@ -241,11 +246,11 @@ RUN set -eux; \
# Use the latest stable RabbitMQ release (https://www.rabbitmq.com/download.html) # Use the latest stable RabbitMQ release (https://www.rabbitmq.com/download.html)
ENV RABBITMQ_VERSION 3.9.29 ENV RABBITMQ_VERSION 3.9.29
# https://www.rabbitmq.com/signatures.html#importing-gpg # https://www.rabbitmq.com/signatures.html#importing-gpg
ENV RABBITMQ_PGP_KEY_ID="0x0A9AF2115F4687BD29803A206B73A36E6026DFCA" ENV RABBITMQ_PGP_KEY_ID 0x0A9AF2115F4687BD29803A206B73A36E6026DFCA
ENV RABBITMQ_HOME=/opt/rabbitmq ENV RABBITMQ_HOME /opt/rabbitmq
# Add RabbitMQ to PATH # Add RabbitMQ to PATH
ENV PATH=$RABBITMQ_HOME/sbin:$PATH ENV PATH $RABBITMQ_HOME/sbin:$PATH
# Install RabbitMQ # Install RabbitMQ
RUN set -eux; \ RUN set -eux; \

8
3.9/ubuntu/Dockerfile generated
View File

@ -107,7 +107,7 @@ RUN set -eux; \
ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR" ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR"
# smoke test # smoke test
RUN openssl version RUN $OPENSSL_INSTALL_PATH_PREFIX/bin/openssl version
FROM openssl-builder as erlang-builder FROM openssl-builder as erlang-builder
@ -189,7 +189,7 @@ RUN erl -noshell -eval 'ok = crypto:start(), ok = io:format("~p~n~n~p~n~n", [cry
FROM ubuntu:22.04 FROM ubuntu:22.04
# ERLANG_INSTALL_PATH_PREFIX is in a different stage, so define it again # OPENSSL/ERLANG_INSTALL_PATH_PREFIX are defined in a different stage, so define them again
ENV ERLANG_INSTALL_PATH_PREFIX /opt/erlang ENV ERLANG_INSTALL_PATH_PREFIX /opt/erlang
ENV OPENSSL_INSTALL_PATH_PREFIX /opt/openssl ENV OPENSSL_INSTALL_PATH_PREFIX /opt/openssl
COPY --from=erlang-builder $ERLANG_INSTALL_PATH_PREFIX $ERLANG_INSTALL_PATH_PREFIX COPY --from=erlang-builder $ERLANG_INSTALL_PATH_PREFIX $ERLANG_INSTALL_PATH_PREFIX
@ -225,8 +225,8 @@ RUN set -eux; \
# Use the latest stable RabbitMQ release (https://www.rabbitmq.com/download.html) # Use the latest stable RabbitMQ release (https://www.rabbitmq.com/download.html)
ENV RABBITMQ_VERSION 3.9.29 ENV RABBITMQ_VERSION 3.9.29
# https://www.rabbitmq.com/signatures.html#importing-gpg # https://www.rabbitmq.com/signatures.html#importing-gpg
ENV RABBITMQ_PGP_KEY_ID="0x0A9AF2115F4687BD29803A206B73A36E6026DFCA" ENV RABBITMQ_PGP_KEY_ID 0x0A9AF2115F4687BD29803A206B73A36E6026DFCA
ENV RABBITMQ_HOME=/opt/rabbitmq ENV RABBITMQ_HOME /opt/rabbitmq
# Add RabbitMQ to PATH # Add RabbitMQ to PATH
ENV PATH $RABBITMQ_HOME/sbin:$PATH ENV PATH $RABBITMQ_HOME/sbin:$PATH

59
Dockerfile-alpine.template
View File

@ -70,8 +70,8 @@ ENV OTP_VERSION {{ .otp.version }}
ENV OTP_SOURCE_SHA256="{{ .otp.sha256 }}" ENV OTP_SOURCE_SHA256="{{ .otp.sha256 }}"
# install openssl & erlang to a path that isn't auto-checked for libs to prevent accidental use by system packages # install openssl & erlang to a path that isn't auto-checked for libs to prevent accidental use by system packages
ENV INSTALL_PATH_PREFIX='/usr/local/erlang' ENV ERLANG_INSTALL_PATH_PREFIX /opt/erlang
ENV PATH="$INSTALL_PATH_PREFIX/bin:$PATH" ENV OPENSSL_INSTALL_PATH_PREFIX /opt/openssl
# Install dependencies required to build Erlang/OTP from source # Install dependencies required to build Erlang/OTP from source
# https://erlang.org/doc/installation_guide/INSTALL.html # https://erlang.org/doc/installation_guide/INSTALL.html
@ -84,7 +84,7 @@ RUN set -eux; \
\ \
OPENSSL_SOURCE_URL="https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz"; \ OPENSSL_SOURCE_URL="https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz"; \
OPENSSL_PATH="/usr/local/src/openssl-$OPENSSL_VERSION"; \ OPENSSL_PATH="/usr/local/src/openssl-$OPENSSL_VERSION"; \
OPENSSL_CONFIG_DIR="$INSTALL_PATH_PREFIX/etc/ssl"; \ OPENSSL_CONFIG_DIR="$OPENSSL_INSTALL_PATH_PREFIX/etc/ssl"; \
\ \
# Required by the crypto & ssl Erlang/OTP applications # Required by the crypto & ssl Erlang/OTP applications
wget --output-document "$OPENSSL_PATH.tar.gz.asc" "$OPENSSL_SOURCE_URL.asc"; \ wget --output-document "$OPENSSL_PATH.tar.gz.asc" "$OPENSSL_SOURCE_URL.asc"; \
@ -126,11 +126,11 @@ RUN set -eux; \
./Configure \ ./Configure \
"$opensslMachine" \ "$opensslMachine" \
enable-fips \ enable-fips \
--prefix="$INSTALL_PATH_PREFIX" \ --prefix="$OPENSSL_INSTALL_PATH_PREFIX" \
--openssldir="$OPENSSL_CONFIG_DIR" \ --openssldir="$OPENSSL_CONFIG_DIR" \
--libdir="$INSTALL_PATH_PREFIX/lib" \ --libdir="$OPENSSL_INSTALL_PATH_PREFIX/lib" \
# add -rpath to avoid conflicts between our OpenSSL's "libssl.so" and the libssl package by making sure "$INSTALL_PATH_PREFIX/lib" is searched first (but only for Erlang/OpenSSL to avoid issues with other tools using libssl; https://github.com/docker-library/rabbitmq/issues/364) # add -rpath to avoid conflicts between our OpenSSL's "libssl.so" and the libssl package by making sure "$INSTALL_PATH_PREFIX/lib" is searched first (but only for Erlang/OpenSSL to avoid issues with other tools using libssl; https://github.com/docker-library/rabbitmq/issues/364)
-Wl,-rpath="$INSTALL_PATH_PREFIX/lib" \ -Wl,-rpath="$OPENSSL_INSTALL_PATH_PREFIX/lib" \
${opensslExtraConfig:-} \ ${opensslExtraConfig:-} \
; \ ; \
# Compile, install OpenSSL, verify that the command-line works & development headers are present # Compile, install OpenSSL, verify that the command-line works & development headers are present
@ -141,7 +141,7 @@ RUN set -eux; \
ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR" ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR"
# smoke test # smoke test
RUN openssl version RUN $OPENSSL_INSTALL_PATH_PREFIX/bin/openssl version
FROM openssl-builder as erlang-builder FROM openssl-builder as erlang-builder
@ -165,7 +165,7 @@ RUN set -eux; \
export ERL_TOP="$OTP_PATH"; \ export ERL_TOP="$OTP_PATH"; \
export CFLAGS='-g -O2'; \ export CFLAGS='-g -O2'; \
# add -rpath to avoid conflicts between our OpenSSL's "libssl.so" and the libssl package by making sure "$INSTALL_PATH_PREFIX/lib" is searched first (but only for Erlang/OpenSSL to avoid issues with other tools using libssl; https://github.com/docker-library/rabbitmq/issues/364) # add -rpath to avoid conflicts between our OpenSSL's "libssl.so" and the libssl package by making sure "$INSTALL_PATH_PREFIX/lib" is searched first (but only for Erlang/OpenSSL to avoid issues with other tools using libssl; https://github.com/docker-library/rabbitmq/issues/364)
export CFLAGS="$CFLAGS -Wl,-rpath=$INSTALL_PATH_PREFIX/lib"; \ export CFLAGS="$CFLAGS -Wl,-rpath=$OPENSSL_INSTALL_PATH_PREFIX/lib"; \
hostArch="$(dpkg-architecture --query DEB_HOST_GNU_TYPE)"; \ hostArch="$(dpkg-architecture --query DEB_HOST_GNU_TYPE)"; \
buildArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ buildArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \
dpkgArch="$(dpkg --print-architecture)"; dpkgArch="${dpkgArch##*-}"; \ dpkgArch="$(dpkg --print-architecture)"; dpkgArch="${dpkgArch##*-}"; \
@ -175,7 +175,7 @@ RUN set -eux; \
amd64 | arm64) jitFlag='--enable-jit' ;; \ amd64 | arm64) jitFlag='--enable-jit' ;; \
esac; \ esac; \
./configure \ ./configure \
--prefix="$INSTALL_PATH_PREFIX" \ --prefix="$ERLANG_INSTALL_PATH_PREFIX" \
--host="$hostArch" \ --host="$hostArch" \
--build="$buildArch" \ --build="$buildArch" \
--disable-hipe \ --disable-hipe \
@ -188,7 +188,7 @@ RUN set -eux; \
--enable-smp-support \ --enable-smp-support \
--enable-threads \ --enable-threads \
--with-microstate-accounting=extra \ --with-microstate-accounting=extra \
--with-ssl="$INSTALL_PATH_PREFIX" \ --with-ssl="$OPENSSL_INSTALL_PATH_PREFIX" \
--without-common_test \ --without-common_test \
--without-debugger \ --without-debugger \
--without-dialyzer \ --without-dialyzer \
@ -214,40 +214,45 @@ RUN set -eux; \
make install; \ make install; \
\ \
# Remove unnecessary files # Remove unnecessary files
find "$INSTALL_PATH_PREFIX/lib/erlang" -type d -name examples -exec rm -rf '{}' +; \ find "$ERLANG_INSTALL_PATH_PREFIX/lib/erlang" -type d -name examples -exec rm -rf '{}' +; \
find "$INSTALL_PATH_PREFIX/lib/erlang" -type d -name src -exec rm -rf '{}' +; \ find "$ERLANG_INSTALL_PATH_PREFIX/lib/erlang" -type d -name src -exec rm -rf '{}' +; \
find "$INSTALL_PATH_PREFIX/lib/erlang" -type d -name include -exec rm -rf '{}' + find "$ERLANG_INSTALL_PATH_PREFIX/lib/erlang" -type d -name include -exec rm -rf '{}' +
# Check that Erlang/OTP crypto & ssl were compiled against OpenSSL correctly # Check that Erlang/OTP crypto & ssl were compiled against OpenSSL correctly
ENV PATH $ERLANG_INSTALL_PATH_PREFIX/bin:$PATH
RUN find $ERLANG_INSTALL_PATH_PREFIX -type f -name 'crypto.so' -exec ldd {} \; | awk '/libcrypto\.so/ { if (!index($3,ENVIRON["OPENSSL_INSTALL_PATH_PREFIX"])) exit 1 }'
RUN erl -noshell -eval 'ok = crypto:start(), ok = io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().' RUN erl -noshell -eval 'ok = crypto:start(), ok = io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().'
FROM alpine:{{ .alpine.version }} FROM alpine:{{ .alpine.version }}
# INSTALL_PATH_PREFIX is in a different stage, so define it again # OPENSSL/ERLANG_INSTALL_PATH_PREFIX are defined in a different stage, so define them again
ENV INSTALL_PATH_PREFIX /usr/local/erlang ENV ERLANG_INSTALL_PATH_PREFIX /opt/erlang
COPY --from=erlang-builder "$INSTALL_PATH_PREFIX" "$INSTALL_PATH_PREFIX" ENV OPENSSL_INSTALL_PATH_PREFIX /opt/openssl
ENV PATH="$INSTALL_PATH_PREFIX/bin:$PATH" COPY --from=erlang-builder $ERLANG_INSTALL_PATH_PREFIX $ERLANG_INSTALL_PATH_PREFIX
COPY --from=openssl-builder $OPENSSL_INSTALL_PATH_PREFIX $OPENSSL_INSTALL_PATH_PREFIX
ENV PATH $ERLANG_INSTALL_PATH_PREFIX/bin:$OPENSSL_INSTALL_PATH_PREFIX/bin:$PATH
ENV RABBITMQ_DATA_DIR=/var/lib/rabbitmq ENV RABBITMQ_DATA_DIR /var/lib/rabbitmq
RUN set -eux; \ RUN set -eux; \
# Configure OpenSSL to use system certs # Configure OpenSSL to use system certs
ln -vsf /etc/ssl/certs /etc/ssl/private "$INSTALL_PATH_PREFIX/etc/ssl"; \ ln -vsf /etc/ssl/certs /etc/ssl/private "$OPENSSL_INSTALL_PATH_PREFIX/etc/ssl"; \
\ \
# Ensure run-time dependencies are installed # Ensure run-time dependencies are installed
runDeps="$( \ runDeps="$( \
scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ scanelf --needed --nobanner --format '%n#p' --recursive $ERLANG_INSTALL_PATH_PREFIX $OPENSSL_INSTALL_PATH_PREFIX \
| tr ',' '\n' \ | tr ',' '\n' \
| sort -u \ | sort -u \
| grep -v '^$\|lib\(crypto\|ssl\)' \
| awk 'system("test -e /usr/local/lib/" $1) == 0 { next } { print "so:" $1 }' \ | awk 'system("test -e /usr/local/lib/" $1) == 0 { next } { print "so:" $1 }' \
)"; \ )"; \
apk add --no-cache --virtual .otp-run-deps $runDeps; \ apk add --no-cache --virtual .otp-run-deps $runDeps; \
\ \
# Check that OpenSSL still works after copying from previous builder # Check that OpenSSL still works after copying from previous builder
sed -i.ORIG -e "/\.include.*fips/ s!.*!.include $INSTALL_PATH_PREFIX/etc/ssl/fipsmodule.cnf!" \ sed -i.ORIG -e "/\.include.*fips/ s!.*!.include $OPENSSL_INSTALL_PATH_PREFIX/etc/ssl/fipsmodule.cnf!" \
-e '/# fips =/s/.*/fips = fips_sect/' "$INSTALL_PATH_PREFIX/etc/ssl/openssl.cnf"; \ -e '/# fips =/s/.*/fips = fips_sect/' "$OPENSSL_INSTALL_PATH_PREFIX/etc/ssl/openssl.cnf"; \
sed -i.ORIG -e '/^activate/s/^/#/' "$INSTALL_PATH_PREFIX/etc/ssl/fipsmodule.cnf"; \ sed -i.ORIG -e '/^activate/s/^/#/' "$OPENSSL_INSTALL_PATH_PREFIX/etc/ssl/fipsmodule.cnf"; \
[ "$(command -v openssl)" = "$INSTALL_PATH_PREFIX/bin/openssl" ]; \ [ "$(command -v openssl)" = "$OPENSSL_INSTALL_PATH_PREFIX/bin/openssl" ]; \
openssl version; \ openssl version; \
openssl version -d; \ openssl version -d; \
\ \
@ -275,11 +280,11 @@ RUN set -eux; \
# Use the latest stable RabbitMQ release (https://www.rabbitmq.com/download.html) # Use the latest stable RabbitMQ release (https://www.rabbitmq.com/download.html)
ENV RABBITMQ_VERSION {{ .version }} ENV RABBITMQ_VERSION {{ .version }}
# https://www.rabbitmq.com/signatures.html#importing-gpg # https://www.rabbitmq.com/signatures.html#importing-gpg
ENV RABBITMQ_PGP_KEY_ID="0x0A9AF2115F4687BD29803A206B73A36E6026DFCA" ENV RABBITMQ_PGP_KEY_ID 0x0A9AF2115F4687BD29803A206B73A36E6026DFCA
ENV RABBITMQ_HOME=/opt/rabbitmq ENV RABBITMQ_HOME /opt/rabbitmq
# Add RabbitMQ to PATH # Add RabbitMQ to PATH
ENV PATH=$RABBITMQ_HOME/sbin:$PATH ENV PATH $RABBITMQ_HOME/sbin:$PATH
# Install RabbitMQ # Install RabbitMQ
RUN set -eux; \ RUN set -eux; \

8
Dockerfile-ubuntu.template
View File

@ -141,7 +141,7 @@ RUN set -eux; \
ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR" ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR"
# smoke test # smoke test
RUN openssl version RUN $OPENSSL_INSTALL_PATH_PREFIX/bin/openssl version
FROM openssl-builder as erlang-builder FROM openssl-builder as erlang-builder
@ -223,7 +223,7 @@ RUN erl -noshell -eval 'ok = crypto:start(), ok = io:format("~p~n~n~p~n~n", [cry
FROM ubuntu:{{ .ubuntu.version }} FROM ubuntu:{{ .ubuntu.version }}
# ERLANG_INSTALL_PATH_PREFIX is in a different stage, so define it again # OPENSSL/ERLANG_INSTALL_PATH_PREFIX are defined in a different stage, so define them again
ENV ERLANG_INSTALL_PATH_PREFIX /opt/erlang ENV ERLANG_INSTALL_PATH_PREFIX /opt/erlang
ENV OPENSSL_INSTALL_PATH_PREFIX /opt/openssl ENV OPENSSL_INSTALL_PATH_PREFIX /opt/openssl
COPY --from=erlang-builder $ERLANG_INSTALL_PATH_PREFIX $ERLANG_INSTALL_PATH_PREFIX COPY --from=erlang-builder $ERLANG_INSTALL_PATH_PREFIX $ERLANG_INSTALL_PATH_PREFIX
@ -259,8 +259,8 @@ RUN set -eux; \
# Use the latest stable RabbitMQ release (https://www.rabbitmq.com/download.html) # Use the latest stable RabbitMQ release (https://www.rabbitmq.com/download.html)
ENV RABBITMQ_VERSION {{ .version }} ENV RABBITMQ_VERSION {{ .version }}
# https://www.rabbitmq.com/signatures.html#importing-gpg # https://www.rabbitmq.com/signatures.html#importing-gpg
ENV RABBITMQ_PGP_KEY_ID="0x0A9AF2115F4687BD29803A206B73A36E6026DFCA" ENV RABBITMQ_PGP_KEY_ID 0x0A9AF2115F4687BD29803A206B73A36E6026DFCA
ENV RABBITMQ_HOME=/opt/rabbitmq ENV RABBITMQ_HOME /opt/rabbitmq
# Add RabbitMQ to PATH # Add RabbitMQ to PATH
ENV PATH $RABBITMQ_HOME/sbin:$PATH ENV PATH $RABBITMQ_HOME/sbin:$PATH