Change default user to wodby wodby/php#22

.travis.yml

@@ -21,16 +21,18 @@ env:
     - TAG=7.1-dev PHP_VER="${PHP71}" PHP_DEV=1
     - TAG=7.0-dev PHP_VER="${PHP70}" PHP_DEV=1
     - TAG=5.6-dev PHP_VER="${PHP56}" PHP_DEV=1
+    - TAG=5.3-dev PHP_VER="${PHP53}" PHP_DEV=1
     - TAG=7.2-debug PHP_VER="${PHP72}" PHP_DEBUG=1
     - TAG=7.1-debug PHP_VER="${PHP71}" PHP_DEBUG=1
     - TAG=7.0-debug PHP_VER="${PHP70}" PHP_DEBUG=1
     - TAG=5.6-debug PHP_VER="${PHP56}" PHP_DEBUG=1
+    - TAG=5.3-debug PHP_VER="${PHP53}" PHP_DEBUG=1
 
-script:
-  - cd "${PHP_VER:0:1}" || cd "${PHP_VER:0:3}"
-  - travis_retry make && make test
+script: |
+  cd "${PHP_VER:0:1}" || cd "${PHP_VER:0:3}"
+
+  travis_retry make && make test
 
-after_success: |
   if [[ "${TRAVIS_PULL_REQUEST}" == "false" && ("${TRAVIS_BRANCH}" == "master"  || -n "${TRAVIS_TAG}") ]]; then
     docker login -u "${DOCKER_USERNAME}" -p "${DOCKER_PASSWORD}"
 

5.3/Dockerfile

@@ -1,183 +1,17 @@
-FROM wodby/alpine:3.4
+ARG FROM_TAG
 
-# persistent / runtime deps
-ENV PHPIZE_DEPS \
-		autoconf \
-		file \
-		g++ \
-		gcc \
-		libc-dev \
-		make \
-		pkgconf \
-		re2c
-RUN apk add --no-cache --virtual .persistent-deps \
-		ca-certificates \
-		curl \
-		tar \
-		xz
+FROM wodby/base-php:${FROM_TAG}
 
-# ensure www-data user exists
-RUN set -x \
-	&& addgroup -g 82 -S www-data \
-	&& adduser -u 82 -D -S -s /bin/bash -G www-data www-data \
-	&& adduser -u 1000 -D -S -G www-data php-fpm \
-	&& sed -i '/^www-data/s/!/*/' /etc/shadow \
-	&& echo "PS1='\w\$ '" >> /home/www-data/.bashrc
-# 82 is the standard uid/gid for "www-data" in Alpine
-# http://git.alpinelinux.org/cgit/aports/tree/main/apache2/apache2.pre-install?h=v3.3.2
-# http://git.alpinelinux.org/cgit/aports/tree/main/lighttpd/lighttpd.pre-install?h=v3.3.2
-# http://git.alpinelinux.org/cgit/aports/tree/main/nginx-initscripts/nginx-initscripts.pre-install?h=v3.3.2
+ARG PHP_DEV
+ARG PHP_DEBUG
 
-ENV PHP_INI_DIR /usr/local/etc/php
-RUN mkdir -p $PHP_INI_DIR/conf.d
-
-##<autogenerated>##
-ENV PHP_EXTRA_CONFIGURE_ARGS --enable-fpm --with-fpm-user=www-data --with-fpm-group=www-data
-##</autogenerated>##
-
-# Apply stack smash protection to functions using local buffers and alloca()
-# Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64)
-# Enable optimization (-O2)
-# Enable linker optimization (this sorts the hash buckets to improve cache locality, and is non-default)
-# Adds GNU HASH segments to generated executables (this is used if present, and is much faster than sysv hash; in this configuration, sysv hash is also generated)
-# https://github.com/docker-library/php/issues/272
-ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2"
-ENV PHP_CPPFLAGS="$PHP_CFLAGS"
-ENV PHP_LDFLAGS="-Wl,-O1 -Wl,--hash-style=both -pie"
-
-ENV GPG_KEYS 0B96609E270F565C13292B24C13C70B87267B52D 0A95E9A026542D53835E3F3A7DEC4E69FC9C83D7 0E604491
-
-ENV PHP_VERSION 5.3.29
-ENV PHP_URL="https://secure.php.net/get/php-5.3.29.tar.xz/from/this/mirror" PHP_ASC_URL="https://secure.php.net/get/php-5.3.29.tar.xz.asc/from/this/mirror"
-ENV PHP_SHA256="8438c2f14ab8f3d6cd2495aa37de7b559e33b610f9ab264f0c61b531bf0c262d" PHP_MD5="dcff9c881fe436708c141cfc56358075"
-
-RUN set -xe; \
-	\
-	apk add --no-cache --virtual .fetch-deps \
-		gnupg \
-		openssl \
-	; \
-	\
-	mkdir -p /usr/src; \
-	cd /usr/src; \
-	\
-	wget -O php.tar.xz "$PHP_URL"; \
-	\
-	if [ -n "$PHP_SHA256" ]; then \
-		echo "$PHP_SHA256 *php.tar.xz" | sha256sum -c -; \
-	fi; \
-	if [ -n "$PHP_MD5" ]; then \
-		echo "$PHP_MD5 *php.tar.xz" | md5sum -c -; \
-	fi; \
-	\
-	if [ -n "$PHP_ASC_URL" ]; then \
-		wget -O php.tar.xz.asc "$PHP_ASC_URL"; \
-		export GNUPGHOME="$(mktemp -d)"; \
-		for key in $GPG_KEYS; do \
-			gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
-		done; \
-		gpg --batch --verify php.tar.xz.asc php.tar.xz; \
-		rm -r "$GNUPGHOME"; \
-	fi; \
-	\
-	apk del .fetch-deps
-
-COPY docker-php-source /usr/local/bin/
-
-RUN set -xe \
-	&& apk add --no-cache --virtual .build-deps \
-		$PHPIZE_DEPS \
-		curl-dev \
-		libedit-dev \
-		libxml2-dev \
-		openssl-dev \
-		sqlite-dev \
-	\
-	&& export CFLAGS="$PHP_CFLAGS" \
-		CPPFLAGS="$PHP_CPPFLAGS" \
-		LDFLAGS="$PHP_LDFLAGS" \
-	&& docker-php-source extract \
-	&& cd /usr/src/php \
-	&& ./configure \
-		--with-config-file-path="$PHP_INI_DIR" \
-		--with-config-file-scan-dir="$PHP_INI_DIR/conf.d" \
-		\
-		--disable-cgi \
-		\
-# --enable-ftp is included here because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236)
-		--enable-ftp \
-# --enable-mbstring is included here because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195)
-		--enable-mbstring \
-# --enable-mysqlnd is included here because it's harder to compile after the fact than extensions are (since it's a plugin for several extensions, not an extension in itself)
-		--enable-mysqlnd \
-		\
-		--with-curl \
-		--with-libedit \
-		--with-openssl \
-		--with-zlib \
-		\
-		$PHP_EXTRA_CONFIGURE_ARGS \
-	&& make -j "$(getconf _NPROCESSORS_ONLN)" \
-	&& make install \
-	&& { find /usr/local/bin /usr/local/sbin -type f -perm +0111 -exec strip --strip-all '{}' + || true; } \
-	&& make clean \
-	&& docker-php-source delete \
-	\
-	&& runDeps="$( \
-		scanelf --needed --nobanner --recursive /usr/local \
-			| awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \
-			| sort -u \
-			| xargs -r apk info --installed \
-			| sort -u \
-	)" \
-	&& apk add --no-cache --virtual .php-rundeps $runDeps \
-	\
-	&& apk del .build-deps
-
-COPY docker-php-ext-* docker-php-entrypoint /usr/local/bin/
-
-RUN set -ex \
-	&& cd /usr/local/etc \
-	&& if [ -d php-fpm.d ]; then \
-		# for some reason, upstream's php-fpm.conf.default has "include=NONE/etc/php-fpm.d/*.conf"
-		sed 's!=NONE/!=!g' php-fpm.conf.default | tee php-fpm.conf > /dev/null; \
-		cp php-fpm.d/www.conf.default php-fpm.d/www.conf; \
-	else \
-		# PHP 5.x doesn't use "include=" by default, so we'll create our own simple config that mimics PHP 7+ for consistency
-		mkdir php-fpm.d; \
-		cp php-fpm.conf.default php-fpm.d/www.conf; \
-		{ \
-			echo '[global]'; \
-			echo 'include=etc/php-fpm.d/*.conf'; \
-		} | tee php-fpm.conf; \
-	fi \
-	&& { \
-		echo '[global]'; \
-		echo 'error_log = /proc/self/fd/2'; \
-		echo; \
-		echo '[www]'; \
-		echo '; if we send this to /proc/self/fd/1, it never appears'; \
-		echo 'access.log = /proc/self/fd/2'; \
-		echo; \
-		echo '; Ensure worker stdout and stderr are sent to the main error log.'; \
-		echo 'catch_workers_output = yes'; \
-	} | tee php-fpm.d/docker.conf \
-	&& { \
-		echo '[global]'; \
-		echo 'daemonize = no'; \
-		echo; \
-		echo '[www]'; \
-		echo 'listen = 0.0.0.0:9000'; \
-	} | tee php-fpm.d/zz-docker.conf \
-	&& sed -i '/listen = 127.0.0.1:9000/d' php-fpm.d/www.conf
-
-# INSTALLING EXTENSIONS
-
-ENV SSHD_PERMIT_USER_ENV="yes" \
+ENV PHP_DEV="${PHP_DEV}" \
+    PHP_DEBUG="${PHP_DEBUG}" \
+    SSHD_PERMIT_USER_ENV="yes" \
     RABBITMQ_C_VER="0.8.0" \
     WALTER_VER="1.3.0" \
     \
-    # Imagick missing because of bug in imagemagick library.
+    # No imagick ext because of a bug in imagemagick library.
     EXT_AMQP_VER="1.8.0" \
     EXT_APCU_VER="4.0.11" \
     EXT_MEMCACHED_VER="2.2.0" \
@@ -186,21 +20,24 @@ ENV SSHD_PERMIT_USER_ENV="yes" \
     EXT_UPLOADPROGRESS_VER="1.0.3.1" \
     EXT_XDEBUG_VER="2.2.7" \
     EXT_YAML_VER="1.3.1" \
-    EXT_OPCACHE_VER="7.0.5"
-
-ENV WALTER_URL="https://github.com/walter-cd/walter/releases/download/v${WALTER_VER}/walter_${WALTER_VER}_linux_amd64.tar.gz" \
-    RABBITMQ_C_URL="https://github.com/alanxz/rabbitmq-c/releases/download/v${RABBITMQ_C_VER}/rabbitmq-c-${RABBITMQ_C_VER}.tar.gz" \
+    EXT_OPCACHE_VER="7.0.5" \
     \
     APP_ROOT="/var/www/html" \
     CONF_DIR="/var/www/conf" \
     FILES_DIR="/mnt/files" \
-    PATH="/home/www-data/.composer/vendor/bin:${PATH}" \
+    PATH="/home/wodby/.composer/vendor/bin:${PATH}" \
     SSHD_HOST_KEYS_DIR="/etc/ssh" \
     \
-    GIT_USER_EMAIL="www-data@example.com" \
-    GIT_USER_NAME="www-data"
+    GIT_USER_EMAIL="wodby@example.com" \
+    GIT_USER_NAME="wodby"
 
 RUN set -xe; \
+    \
+	addgroup -g 1000 -S wodby; \
+	adduser -u 1000 -D -S -s /bin/bash -G wodby wodby; \
+	adduser www-data wodby; \
+	sed -i '/^wodby/s/!/*/' /etc/shadow; \
+	echo "PS1='\w\$ '" >> /home/wodby/.bashrc; \
     \
     apk add --update --no-cache -t .php-rundeps \
         bzip2 \
@@ -256,6 +93,10 @@ RUN set -xe; \
         postgresql-dev \
         yaml-dev; \
     \
+    if [[ -n "${PHP_DEBUG}" ]]; then \
+        apk add --update --no-cache -t .debug-tools gdb; \
+    fi; \
+    \
     # Temporary install additional packages to keep client bins.
     apk add --update --no-cache -t .bins-only \
         postgresql \
@@ -315,8 +156,9 @@ RUN set -xe; \
       docker-php-ext-install -j${NPROC} gd; \
     \
     # RabbitMQ C client
-    wget -qO- ${RABBITMQ_C_URL} | tar xz -C /tmp/; \
-    cd /tmp/rabbitmq-c-${RABBITMQ_C_VER}; \
+    rmq_url="https://github.com/alanxz/rabbitmq-c/releases/download/v${RABBITMQ_C_VER}/rabbitmq-c-${RABBITMQ_C_VER}.tar.gz"; \
+    wget -qO- "${rmq_url}" | tar xz -C /tmp/; \
+    cd "/tmp/rabbitmq-c-${RABBITMQ_C_VER}"; \
     mkdir -p build && cd build; \
     cmake .. \
         -DCMAKE_INSTALL_PREFIX=/usr \
@@ -328,15 +170,15 @@ RUN set -xe; \
     pecl config-set php_ini "${PHP_INI_DIR}/php.ini"; \
     \
     pecl install \
-        amqp-${EXT_AMQP_VER} \
-        apcu-${EXT_APCU_VER} \
-        memcached-${EXT_MEMCACHED_VER} \
-        mongo-${EXT_MONGO_VER} \
-        oauth-${EXT_OAUTH_VER} \
-        uploadprogress-${EXT_UPLOADPROGRESS_VER} \
-        xdebug-${EXT_XDEBUG_VER} \
-        yaml-${EXT_YAML_VER} \
-        ZendOpcache-${EXT_OPCACHE_VER}; \
+        "amqp-${EXT_AMQP_VER}" \
+        "apcu-${EXT_APCU_VER}" \
+        "memcached-${EXT_MEMCACHED_VER}" \
+        "mongo-${EXT_MONGO_VER}" \
+        "oauth-${EXT_OAUTH_VER}" \
+        "uploadprogress-${EXT_UPLOADPROGRESS_VER}" \
+        "xdebug-${EXT_XDEBUG_VER}" \
+        "yaml-${EXT_YAML_VER}" \
+        "ZendOpcache-${EXT_OPCACHE_VER};" \
     \
     docker-php-ext-enable \
         amqp \
@@ -353,25 +195,30 @@ RUN set -xe; \
     wget -qO- https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer; \
     \
     # Install Walter tool
-    wget -qO- ${WALTER_URL} | tar xz -C /tmp/; \
+    walter_url="https://github.com/walter-cd/walter/releases/download/v${WALTER_VER}/walter_${WALTER_VER}_linux_amd64.tar.gz"; \
+    wget -qO- "${walter_url}" | tar xz -C /tmp/; \
     mv /tmp/walter_linux_amd64/walter /usr/local/bin; \
     \
     # Add composer bins to $PATH
-    su-exec www-data echo "export PATH=/home/www-data/.composer/vendor/bin:${PATH}" > /home/www-data/.profile; \
+    su-exec wodby echo "export PATH=/home/wodby/.composer/vendor/bin:${PATH}" > /home/wodby/.profile; \
     \
     # Script to fix volumes permissions via sudo.
-    echo "chown www-data:www-data ${FILES_DIR} ${APP_ROOT}" > /usr/local/bin/fix-volumes-permissions.sh; \
+    echo "chown wodby:wodby ${FILES_DIR} ${APP_ROOT}" > /usr/local/bin/fix-volumes-permissions.sh; \
     chmod +x /usr/local/bin/fix-volumes-permissions.sh; \
     \
     # Configure sudoers
-    { \
-        echo -n 'www-data ALL=(root) NOPASSWD:SETENV: ' ; \
-        echo -n '/usr/local/sbin/php-fpm, ' ; \
-        echo -n '/usr/local/bin/gen-ssh-keys.sh, ' ; \
-        echo -n '/usr/local/bin/fix-volumes-permissions.sh, ' ; \
-        echo -n '/usr/sbin/sshd, ' ; \
-        echo "/usr/sbin/crond" ; \
-    } | tee /etc/sudoers.d/www-data; \
+    if [[ -n "${PHP_DEV}" ]]; then \
+        echo 'wodby ALL=(root) NOPASSWD:SETENV:ALL' > /etc/sudoers.d/wodby; \
+    else \
+        { \
+            echo -n 'wodby ALL=(root) NOPASSWD:SETENV: ' ; \
+            echo -n '/usr/local/sbin/php-fpm, ' ; \
+            echo -n '/usr/local/bin/gen-ssh-keys.sh, ' ; \
+            echo -n '/usr/local/bin/fix-volumes-permissions.sh, ' ; \
+            echo -n '/usr/sbin/sshd, ' ; \
+            echo "/usr/sbin/crond" ; \
+        } | tee /etc/sudoers.d/wodby; \
+    fi; \
     \
     # Configure ldap
     echo "TLS_CACERTDIR /etc/ssl/certs/" >> /etc/openldap/ldap.conf; \
@@ -384,24 +231,25 @@ RUN set -xe; \
         "${FILES_DIR}/private"; \
     \
     chmod 775 "${FILES_DIR}/public" "${FILES_DIR}/private"; \
-    su-exec www-data mkdir /home/www-data/.ssh; \
+    su-exec wodby mkdir /home/wodby/.ssh; \
     \
     touch /etc/ssh/sshd_config; \
-    chown www-data: /etc/ssh/sshd_config; \
+    chown wodby: /etc/ssh/sshd_config; \
     \
     rm /etc/crontabs/root; \
-    touch /etc/crontabs/www-data; \
-    chown root:www-data /etc/crontabs/www-data; \
-    chmod 660 /etc/crontabs/www-data; \
+    touch /etc/crontabs/wodby; \
+    chown root:wodby /etc/crontabs/wodby; \
+    chmod 660 /etc/crontabs/wodby; \
     \
-    chown -R www-data:www-data \
+    chown -R wodby:wodby \
         /var/www \
         "${PHP_INI_DIR}/conf.d" \
         "${FILES_DIR}" \
         /usr/local/etc/php-fpm.d/ \
-        /home/www-data/.profile; \
+        /home/wodby/.profile; \
     \
     # Cleanup
+    su-exec wodby composer clear-cache; \
     docker-php-source delete; \
     apk del --purge .build-deps; \
     pecl clear-cache; \
@@ -411,9 +259,13 @@ RUN set -xe; \
         /usr/lib/php/build \
         /tmp/* \
         /root/.composer \
-        /var/cache/apk/*
+        /var/cache/apk/*; \
+    \
+    if [[ -z "${PHP_DEV}" ]]; then \
+        rm -rf /usr/src/php.tar.xz; \
+    fi
 
-USER www-data
+USER wodby
 
 WORKDIR ${APP_ROOT}
 EXPOSE 9000