From 53040bf1b36f12b5b14ba4fcf4c65e576a1f39b7 Mon Sep 17 00:00:00 2001 From: Joe Ferguson Date: Thu, 17 May 2018 11:26:05 -0700 Subject: [PATCH] Add Dockerfiles for newer base OSs --- .travis.yml | 21 +++ 5.6/alpine3.7/cli/Dockerfile | 166 ++++++++++++++++++++++ 5.6/alpine3.7/fpm/Dockerfile | 206 +++++++++++++++++++++++++++ 5.6/alpine3.7/zts/Dockerfile | 167 ++++++++++++++++++++++ 5.6/stretch/apache/Dockerfile | 256 ++++++++++++++++++++++++++++++++++ 5.6/stretch/cli/Dockerfile | 193 +++++++++++++++++++++++++ 5.6/stretch/fpm/Dockerfile | 233 +++++++++++++++++++++++++++++++ 5.6/stretch/zts/Dockerfile | 194 ++++++++++++++++++++++++++ 7.0/alpine3.7/cli/Dockerfile | 166 ++++++++++++++++++++++ 7.0/alpine3.7/fpm/Dockerfile | 206 +++++++++++++++++++++++++++ 7.0/alpine3.7/zts/Dockerfile | 167 ++++++++++++++++++++++ 7.0/stretch/apache/Dockerfile | 256 ++++++++++++++++++++++++++++++++++ 7.0/stretch/cli/Dockerfile | 193 +++++++++++++++++++++++++ 7.0/stretch/fpm/Dockerfile | 233 +++++++++++++++++++++++++++++++ 7.0/stretch/zts/Dockerfile | 194 ++++++++++++++++++++++++++ 7.1/alpine3.7/cli/Dockerfile | 166 ++++++++++++++++++++++ 7.1/alpine3.7/fpm/Dockerfile | 206 +++++++++++++++++++++++++++ 7.1/alpine3.7/zts/Dockerfile | 167 ++++++++++++++++++++++ 7.1/stretch/apache/Dockerfile | 256 ++++++++++++++++++++++++++++++++++ 7.1/stretch/cli/Dockerfile | 193 +++++++++++++++++++++++++ 7.1/stretch/fpm/Dockerfile | 233 +++++++++++++++++++++++++++++++ 7.1/stretch/zts/Dockerfile | 194 ++++++++++++++++++++++++++ 22 files changed, 4266 insertions(+) create mode 100644 5.6/alpine3.7/cli/Dockerfile create mode 100644 5.6/alpine3.7/fpm/Dockerfile create mode 100644 5.6/alpine3.7/zts/Dockerfile create mode 100644 5.6/stretch/apache/Dockerfile create mode 100644 5.6/stretch/cli/Dockerfile create mode 100644 5.6/stretch/fpm/Dockerfile create mode 100644 5.6/stretch/zts/Dockerfile create mode 100644 7.0/alpine3.7/cli/Dockerfile create mode 100644 7.0/alpine3.7/fpm/Dockerfile create mode 100644 7.0/alpine3.7/zts/Dockerfile create mode 100644 7.0/stretch/apache/Dockerfile create mode 100644 7.0/stretch/cli/Dockerfile create mode 100644 7.0/stretch/fpm/Dockerfile create mode 100644 7.0/stretch/zts/Dockerfile create mode 100644 7.1/alpine3.7/cli/Dockerfile create mode 100644 7.1/alpine3.7/fpm/Dockerfile create mode 100644 7.1/alpine3.7/zts/Dockerfile create mode 100644 7.1/stretch/apache/Dockerfile create mode 100644 7.1/stretch/cli/Dockerfile create mode 100644 7.1/stretch/fpm/Dockerfile create mode 100644 7.1/stretch/zts/Dockerfile diff --git a/.travis.yml b/.travis.yml index 76cdc10a..60b89fa0 100644 --- a/.travis.yml +++ b/.travis.yml @@ -12,24 +12,45 @@ env: - VERSION=7.2 VARIANT=alpine3.6/cli - VERSION=7.2 VARIANT=alpine3.6/fpm - VERSION=7.2 VARIANT=alpine3.6/zts + - VERSION=7.1 VARIANT=stretch/cli + - VERSION=7.1 VARIANT=stretch/apache + - VERSION=7.1 VARIANT=stretch/fpm + - VERSION=7.1 VARIANT=stretch/zts - VERSION=7.1 VARIANT=jessie/cli - VERSION=7.1 VARIANT=jessie/apache - VERSION=7.1 VARIANT=jessie/fpm - VERSION=7.1 VARIANT=jessie/zts + - VERSION=7.1 VARIANT=alpine3.7/cli + - VERSION=7.1 VARIANT=alpine3.7/fpm + - VERSION=7.1 VARIANT=alpine3.7/zts - VERSION=7.1 VARIANT=alpine3.4/cli - VERSION=7.1 VARIANT=alpine3.4/fpm - VERSION=7.1 VARIANT=alpine3.4/zts + - VERSION=7.0 VARIANT=stretch/cli + - VERSION=7.0 VARIANT=stretch/apache + - VERSION=7.0 VARIANT=stretch/fpm + - VERSION=7.0 VARIANT=stretch/zts - VERSION=7.0 VARIANT=jessie/cli - VERSION=7.0 VARIANT=jessie/apache - VERSION=7.0 VARIANT=jessie/fpm - VERSION=7.0 VARIANT=jessie/zts + - VERSION=7.0 VARIANT=alpine3.7/cli + - VERSION=7.0 VARIANT=alpine3.7/fpm + - VERSION=7.0 VARIANT=alpine3.7/zts - VERSION=7.0 VARIANT=alpine3.4/cli - VERSION=7.0 VARIANT=alpine3.4/fpm - VERSION=7.0 VARIANT=alpine3.4/zts + - VERSION=5.6 VARIANT=stretch/cli + - VERSION=5.6 VARIANT=stretch/apache + - VERSION=5.6 VARIANT=stretch/fpm + - VERSION=5.6 VARIANT=stretch/zts - VERSION=5.6 VARIANT=jessie/cli - VERSION=5.6 VARIANT=jessie/apache - VERSION=5.6 VARIANT=jessie/fpm - VERSION=5.6 VARIANT=jessie/zts + - VERSION=5.6 VARIANT=alpine3.7/cli + - VERSION=5.6 VARIANT=alpine3.7/fpm + - VERSION=5.6 VARIANT=alpine3.7/zts - VERSION=5.6 VARIANT=alpine3.4/cli - VERSION=5.6 VARIANT=alpine3.4/fpm - VERSION=5.6 VARIANT=alpine3.4/zts diff --git a/5.6/alpine3.7/cli/Dockerfile b/5.6/alpine3.7/cli/Dockerfile new file mode 100644 index 00000000..8436caaa --- /dev/null +++ b/5.6/alpine3.7/cli/Dockerfile @@ -0,0 +1,166 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.7 + +# dependencies required for running "phpize" +# these get automatically installed and removed by "docker-php-ext-*" (unless they're already installed) +ENV PHPIZE_DEPS \ + autoconf \ + dpkg-dev dpkg \ + file \ + g++ \ + gcc \ + libc-dev \ + make \ + pkgconf \ + re2c + +# persistent / runtime deps +RUN apk add --no-cache --virtual .persistent-deps \ + ca-certificates \ + curl \ + tar \ + xz \ +# https://github.com/docker-library/php/issues/494 + libressl + +# ensure www-data user exists +RUN set -x \ + && addgroup -g 82 -S www-data \ + && adduser -u 82 -D -S -G www-data www-data +# 82 is the standard uid/gid for "www-data" in Alpine +# http://git.alpinelinux.org/cgit/aports/tree/main/apache2/apache2.pre-install?h=v3.3.2 +# http://git.alpinelinux.org/cgit/aports/tree/main/lighttpd/lighttpd.pre-install?h=v3.3.2 +# http://git.alpinelinux.org/cgit/aports/tree/main/nginx-initscripts/nginx-initscripts.pre-install?h=v3.3.2 + +ENV PHP_INI_DIR /usr/local/etc/php +RUN mkdir -p $PHP_INI_DIR/conf.d + +#### +#### + +# Apply stack smash protection to functions using local buffers and alloca() +# Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) +# Enable optimization (-O2) +# Enable linker optimization (this sorts the hash buckets to improve cache locality, and is non-default) +# Adds GNU HASH segments to generated executables (this is used if present, and is much faster than sysv hash; in this configuration, sysv hash is also generated) +# https://github.com/docker-library/php/issues/272 +ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2" +ENV PHP_CPPFLAGS="$PHP_CFLAGS" +ENV PHP_LDFLAGS="-Wl,-O1 -Wl,--hash-style=both -pie" + +ENV GPG_KEYS 0BD78B5F97500D450838F95DFE857D9A90D90EC1 6E4F6AB321FDC07F2C332E3AC2BF0BC433CFC8B3 + +ENV PHP_VERSION 5.6.36 +ENV PHP_URL="https://secure.php.net/get/php-5.6.36.tar.xz/from/this/mirror" PHP_ASC_URL="https://secure.php.net/get/php-5.6.36.tar.xz.asc/from/this/mirror" +ENV PHP_SHA256="18f536bf548e909b4e980379d0c4e56d024b2b1eb1c9768fd169360491f1d6dd" PHP_MD5="" + +RUN set -xe; \ + \ + apk add --no-cache --virtual .fetch-deps \ + gnupg \ + ; \ + \ + mkdir -p /usr/src; \ + cd /usr/src; \ + \ + wget -O php.tar.xz "$PHP_URL"; \ + \ + if [ -n "$PHP_SHA256" ]; then \ + echo "$PHP_SHA256 *php.tar.xz" | sha256sum -c -; \ + fi; \ + if [ -n "$PHP_MD5" ]; then \ + echo "$PHP_MD5 *php.tar.xz" | md5sum -c -; \ + fi; \ + \ + if [ -n "$PHP_ASC_URL" ]; then \ + wget -O php.tar.xz.asc "$PHP_ASC_URL"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for key in $GPG_KEYS; do \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + done; \ + gpg --batch --verify php.tar.xz.asc php.tar.xz; \ + rm -rf "$GNUPGHOME"; \ + fi; \ + \ + apk del .fetch-deps + +COPY docker-php-source /usr/local/bin/ + +RUN set -xe \ + && apk add --no-cache --virtual .build-deps \ + $PHPIZE_DEPS \ + coreutils \ + curl-dev \ + libedit-dev \ + libressl-dev \ + libxml2-dev \ + sqlite-dev \ + \ + && export CFLAGS="$PHP_CFLAGS" \ + CPPFLAGS="$PHP_CPPFLAGS" \ + LDFLAGS="$PHP_LDFLAGS" \ + && docker-php-source extract \ + && cd /usr/src/php \ + && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ + && ./configure \ + --build="$gnuArch" \ + --with-config-file-path="$PHP_INI_DIR" \ + --with-config-file-scan-dir="$PHP_INI_DIR/conf.d" \ + \ +# make sure invalid --configure-flags are fatal errors intead of just warnings + --enable-option-checking=fatal \ + \ + --disable-cgi \ + \ +# https://github.com/docker-library/php/issues/439 + --with-mhash \ + \ +# --enable-ftp is included here because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236) + --enable-ftp \ +# --enable-mbstring is included here because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195) + --enable-mbstring \ +# --enable-mysqlnd is included here because it's harder to compile after the fact than extensions are (since it's a plugin for several extensions, not an extension in itself) + --enable-mysqlnd \ + \ + --with-curl \ + --with-libedit \ + --with-openssl \ + --with-zlib \ + \ +# bundled pcre does not support JIT on s390x +# https://manpages.debian.org/stretch/libpcre3-dev/pcrejit.3.en.html#AVAILABILITY_OF_JIT_SUPPORT + $(test "$gnuArch" = 's390x-linux-gnu' && echo '--without-pcre-jit') \ + \ + $PHP_EXTRA_CONFIGURE_ARGS \ + && make -j "$(nproc)" \ + && make install \ + && { find /usr/local/bin /usr/local/sbin -type f -perm +0111 -exec strip --strip-all '{}' + || true; } \ + && make clean \ + && cd / \ + && docker-php-source delete \ + \ + && runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + )" \ + && apk add --no-cache --virtual .php-rundeps $runDeps \ + \ + && apk del .build-deps \ + \ +# https://github.com/docker-library/php/issues/443 + && pecl update-channels \ + && rm -rf /tmp/pear ~/.pearrc + +COPY docker-php-ext-* docker-php-entrypoint /usr/local/bin/ + +ENTRYPOINT ["docker-php-entrypoint"] +#### +CMD ["php", "-a"] +#### diff --git a/5.6/alpine3.7/fpm/Dockerfile b/5.6/alpine3.7/fpm/Dockerfile new file mode 100644 index 00000000..3b61d378 --- /dev/null +++ b/5.6/alpine3.7/fpm/Dockerfile @@ -0,0 +1,206 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.7 + +# dependencies required for running "phpize" +# these get automatically installed and removed by "docker-php-ext-*" (unless they're already installed) +ENV PHPIZE_DEPS \ + autoconf \ + dpkg-dev dpkg \ + file \ + g++ \ + gcc \ + libc-dev \ + make \ + pkgconf \ + re2c + +# persistent / runtime deps +RUN apk add --no-cache --virtual .persistent-deps \ + ca-certificates \ + curl \ + tar \ + xz \ +# https://github.com/docker-library/php/issues/494 + libressl + +# ensure www-data user exists +RUN set -x \ + && addgroup -g 82 -S www-data \ + && adduser -u 82 -D -S -G www-data www-data +# 82 is the standard uid/gid for "www-data" in Alpine +# http://git.alpinelinux.org/cgit/aports/tree/main/apache2/apache2.pre-install?h=v3.3.2 +# http://git.alpinelinux.org/cgit/aports/tree/main/lighttpd/lighttpd.pre-install?h=v3.3.2 +# http://git.alpinelinux.org/cgit/aports/tree/main/nginx-initscripts/nginx-initscripts.pre-install?h=v3.3.2 + +ENV PHP_INI_DIR /usr/local/etc/php +RUN mkdir -p $PHP_INI_DIR/conf.d + +#### +ENV PHP_EXTRA_CONFIGURE_ARGS --enable-fpm --with-fpm-user=www-data --with-fpm-group=www-data +#### + +# Apply stack smash protection to functions using local buffers and alloca() +# Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) +# Enable optimization (-O2) +# Enable linker optimization (this sorts the hash buckets to improve cache locality, and is non-default) +# Adds GNU HASH segments to generated executables (this is used if present, and is much faster than sysv hash; in this configuration, sysv hash is also generated) +# https://github.com/docker-library/php/issues/272 +ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2" +ENV PHP_CPPFLAGS="$PHP_CFLAGS" +ENV PHP_LDFLAGS="-Wl,-O1 -Wl,--hash-style=both -pie" + +ENV GPG_KEYS 0BD78B5F97500D450838F95DFE857D9A90D90EC1 6E4F6AB321FDC07F2C332E3AC2BF0BC433CFC8B3 + +ENV PHP_VERSION 5.6.36 +ENV PHP_URL="https://secure.php.net/get/php-5.6.36.tar.xz/from/this/mirror" PHP_ASC_URL="https://secure.php.net/get/php-5.6.36.tar.xz.asc/from/this/mirror" +ENV PHP_SHA256="18f536bf548e909b4e980379d0c4e56d024b2b1eb1c9768fd169360491f1d6dd" PHP_MD5="" + +RUN set -xe; \ + \ + apk add --no-cache --virtual .fetch-deps \ + gnupg \ + ; \ + \ + mkdir -p /usr/src; \ + cd /usr/src; \ + \ + wget -O php.tar.xz "$PHP_URL"; \ + \ + if [ -n "$PHP_SHA256" ]; then \ + echo "$PHP_SHA256 *php.tar.xz" | sha256sum -c -; \ + fi; \ + if [ -n "$PHP_MD5" ]; then \ + echo "$PHP_MD5 *php.tar.xz" | md5sum -c -; \ + fi; \ + \ + if [ -n "$PHP_ASC_URL" ]; then \ + wget -O php.tar.xz.asc "$PHP_ASC_URL"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for key in $GPG_KEYS; do \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + done; \ + gpg --batch --verify php.tar.xz.asc php.tar.xz; \ + rm -rf "$GNUPGHOME"; \ + fi; \ + \ + apk del .fetch-deps + +COPY docker-php-source /usr/local/bin/ + +RUN set -xe \ + && apk add --no-cache --virtual .build-deps \ + $PHPIZE_DEPS \ + coreutils \ + curl-dev \ + libedit-dev \ + libressl-dev \ + libxml2-dev \ + sqlite-dev \ + \ + && export CFLAGS="$PHP_CFLAGS" \ + CPPFLAGS="$PHP_CPPFLAGS" \ + LDFLAGS="$PHP_LDFLAGS" \ + && docker-php-source extract \ + && cd /usr/src/php \ + && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ + && ./configure \ + --build="$gnuArch" \ + --with-config-file-path="$PHP_INI_DIR" \ + --with-config-file-scan-dir="$PHP_INI_DIR/conf.d" \ + \ +# make sure invalid --configure-flags are fatal errors intead of just warnings + --enable-option-checking=fatal \ + \ + --disable-cgi \ + \ +# https://github.com/docker-library/php/issues/439 + --with-mhash \ + \ +# --enable-ftp is included here because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236) + --enable-ftp \ +# --enable-mbstring is included here because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195) + --enable-mbstring \ +# --enable-mysqlnd is included here because it's harder to compile after the fact than extensions are (since it's a plugin for several extensions, not an extension in itself) + --enable-mysqlnd \ + \ + --with-curl \ + --with-libedit \ + --with-openssl \ + --with-zlib \ + \ +# bundled pcre does not support JIT on s390x +# https://manpages.debian.org/stretch/libpcre3-dev/pcrejit.3.en.html#AVAILABILITY_OF_JIT_SUPPORT + $(test "$gnuArch" = 's390x-linux-gnu' && echo '--without-pcre-jit') \ + \ + $PHP_EXTRA_CONFIGURE_ARGS \ + && make -j "$(nproc)" \ + && make install \ + && { find /usr/local/bin /usr/local/sbin -type f -perm +0111 -exec strip --strip-all '{}' + || true; } \ + && make clean \ + && cd / \ + && docker-php-source delete \ + \ + && runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + )" \ + && apk add --no-cache --virtual .php-rundeps $runDeps \ + \ + && apk del .build-deps \ + \ +# https://github.com/docker-library/php/issues/443 + && pecl update-channels \ + && rm -rf /tmp/pear ~/.pearrc + +COPY docker-php-ext-* docker-php-entrypoint /usr/local/bin/ + +ENTRYPOINT ["docker-php-entrypoint"] +#### +WORKDIR /var/www/html + +RUN set -ex \ + && cd /usr/local/etc \ + && if [ -d php-fpm.d ]; then \ + # for some reason, upstream's php-fpm.conf.default has "include=NONE/etc/php-fpm.d/*.conf" + sed 's!=NONE/!=!g' php-fpm.conf.default | tee php-fpm.conf > /dev/null; \ + cp php-fpm.d/www.conf.default php-fpm.d/www.conf; \ + else \ + # PHP 5.x doesn't use "include=" by default, so we'll create our own simple config that mimics PHP 7+ for consistency + mkdir php-fpm.d; \ + cp php-fpm.conf.default php-fpm.d/www.conf; \ + { \ + echo '[global]'; \ + echo 'include=etc/php-fpm.d/*.conf'; \ + } | tee php-fpm.conf; \ + fi \ + && { \ + echo '[global]'; \ + echo 'error_log = /proc/self/fd/2'; \ + echo; \ + echo '[www]'; \ + echo '; if we send this to /proc/self/fd/1, it never appears'; \ + echo 'access.log = /proc/self/fd/2'; \ + echo; \ + echo 'clear_env = no'; \ + echo; \ + echo '; Ensure worker stdout and stderr are sent to the main error log.'; \ + echo 'catch_workers_output = yes'; \ + } | tee php-fpm.d/docker.conf \ + && { \ + echo '[global]'; \ + echo 'daemonize = no'; \ + echo; \ + echo '[www]'; \ + echo 'listen = 9000'; \ + } | tee php-fpm.d/zz-docker.conf + +EXPOSE 9000 +CMD ["php-fpm"] +#### diff --git a/5.6/alpine3.7/zts/Dockerfile b/5.6/alpine3.7/zts/Dockerfile new file mode 100644 index 00000000..a26bce66 --- /dev/null +++ b/5.6/alpine3.7/zts/Dockerfile @@ -0,0 +1,167 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.7 + +# dependencies required for running "phpize" +# these get automatically installed and removed by "docker-php-ext-*" (unless they're already installed) +ENV PHPIZE_DEPS \ + autoconf \ + dpkg-dev dpkg \ + file \ + g++ \ + gcc \ + libc-dev \ + make \ + pkgconf \ + re2c + +# persistent / runtime deps +RUN apk add --no-cache --virtual .persistent-deps \ + ca-certificates \ + curl \ + tar \ + xz \ +# https://github.com/docker-library/php/issues/494 + libressl + +# ensure www-data user exists +RUN set -x \ + && addgroup -g 82 -S www-data \ + && adduser -u 82 -D -S -G www-data www-data +# 82 is the standard uid/gid for "www-data" in Alpine +# http://git.alpinelinux.org/cgit/aports/tree/main/apache2/apache2.pre-install?h=v3.3.2 +# http://git.alpinelinux.org/cgit/aports/tree/main/lighttpd/lighttpd.pre-install?h=v3.3.2 +# http://git.alpinelinux.org/cgit/aports/tree/main/nginx-initscripts/nginx-initscripts.pre-install?h=v3.3.2 + +ENV PHP_INI_DIR /usr/local/etc/php +RUN mkdir -p $PHP_INI_DIR/conf.d + +#### +ENV PHP_EXTRA_CONFIGURE_ARGS --enable-maintainer-zts +#### + +# Apply stack smash protection to functions using local buffers and alloca() +# Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) +# Enable optimization (-O2) +# Enable linker optimization (this sorts the hash buckets to improve cache locality, and is non-default) +# Adds GNU HASH segments to generated executables (this is used if present, and is much faster than sysv hash; in this configuration, sysv hash is also generated) +# https://github.com/docker-library/php/issues/272 +ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2" +ENV PHP_CPPFLAGS="$PHP_CFLAGS" +ENV PHP_LDFLAGS="-Wl,-O1 -Wl,--hash-style=both -pie" + +ENV GPG_KEYS 0BD78B5F97500D450838F95DFE857D9A90D90EC1 6E4F6AB321FDC07F2C332E3AC2BF0BC433CFC8B3 + +ENV PHP_VERSION 5.6.36 +ENV PHP_URL="https://secure.php.net/get/php-5.6.36.tar.xz/from/this/mirror" PHP_ASC_URL="https://secure.php.net/get/php-5.6.36.tar.xz.asc/from/this/mirror" +ENV PHP_SHA256="18f536bf548e909b4e980379d0c4e56d024b2b1eb1c9768fd169360491f1d6dd" PHP_MD5="" + +RUN set -xe; \ + \ + apk add --no-cache --virtual .fetch-deps \ + gnupg \ + ; \ + \ + mkdir -p /usr/src; \ + cd /usr/src; \ + \ + wget -O php.tar.xz "$PHP_URL"; \ + \ + if [ -n "$PHP_SHA256" ]; then \ + echo "$PHP_SHA256 *php.tar.xz" | sha256sum -c -; \ + fi; \ + if [ -n "$PHP_MD5" ]; then \ + echo "$PHP_MD5 *php.tar.xz" | md5sum -c -; \ + fi; \ + \ + if [ -n "$PHP_ASC_URL" ]; then \ + wget -O php.tar.xz.asc "$PHP_ASC_URL"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for key in $GPG_KEYS; do \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + done; \ + gpg --batch --verify php.tar.xz.asc php.tar.xz; \ + rm -rf "$GNUPGHOME"; \ + fi; \ + \ + apk del .fetch-deps + +COPY docker-php-source /usr/local/bin/ + +RUN set -xe \ + && apk add --no-cache --virtual .build-deps \ + $PHPIZE_DEPS \ + coreutils \ + curl-dev \ + libedit-dev \ + libressl-dev \ + libxml2-dev \ + sqlite-dev \ + \ + && export CFLAGS="$PHP_CFLAGS" \ + CPPFLAGS="$PHP_CPPFLAGS" \ + LDFLAGS="$PHP_LDFLAGS" \ + && docker-php-source extract \ + && cd /usr/src/php \ + && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ + && ./configure \ + --build="$gnuArch" \ + --with-config-file-path="$PHP_INI_DIR" \ + --with-config-file-scan-dir="$PHP_INI_DIR/conf.d" \ + \ +# make sure invalid --configure-flags are fatal errors intead of just warnings + --enable-option-checking=fatal \ + \ + --disable-cgi \ + \ +# https://github.com/docker-library/php/issues/439 + --with-mhash \ + \ +# --enable-ftp is included here because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236) + --enable-ftp \ +# --enable-mbstring is included here because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195) + --enable-mbstring \ +# --enable-mysqlnd is included here because it's harder to compile after the fact than extensions are (since it's a plugin for several extensions, not an extension in itself) + --enable-mysqlnd \ + \ + --with-curl \ + --with-libedit \ + --with-openssl \ + --with-zlib \ + \ +# bundled pcre does not support JIT on s390x +# https://manpages.debian.org/stretch/libpcre3-dev/pcrejit.3.en.html#AVAILABILITY_OF_JIT_SUPPORT + $(test "$gnuArch" = 's390x-linux-gnu' && echo '--without-pcre-jit') \ + \ + $PHP_EXTRA_CONFIGURE_ARGS \ + && make -j "$(nproc)" \ + && make install \ + && { find /usr/local/bin /usr/local/sbin -type f -perm +0111 -exec strip --strip-all '{}' + || true; } \ + && make clean \ + && cd / \ + && docker-php-source delete \ + \ + && runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + )" \ + && apk add --no-cache --virtual .php-rundeps $runDeps \ + \ + && apk del .build-deps \ + \ +# https://github.com/docker-library/php/issues/443 + && pecl update-channels \ + && rm -rf /tmp/pear ~/.pearrc + +COPY docker-php-ext-* docker-php-entrypoint /usr/local/bin/ + +ENTRYPOINT ["docker-php-entrypoint"] +#### +CMD ["php", "-a"] +#### diff --git a/5.6/stretch/apache/Dockerfile b/5.6/stretch/apache/Dockerfile new file mode 100644 index 00000000..e470ad6d --- /dev/null +++ b/5.6/stretch/apache/Dockerfile @@ -0,0 +1,256 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:stretch-slim + +# prevent Debian's PHP packages from being installed +# https://github.com/docker-library/php/pull/542 +RUN set -eux; \ + { \ + echo 'Package: php*'; \ + echo 'Pin: release *'; \ + echo 'Pin-Priority: -1'; \ + } > /etc/apt/preferences.d/no-debian-php + +# dependencies required for running "phpize" +# (see persistent deps below) +ENV PHPIZE_DEPS \ + autoconf \ + dpkg-dev \ + file \ + g++ \ + gcc \ + libc-dev \ + make \ + pkg-config \ + re2c + +# persistent / runtime deps +RUN apt-get update && apt-get install -y \ + $PHPIZE_DEPS \ + ca-certificates \ + curl \ + xz-utils \ + --no-install-recommends && rm -r /var/lib/apt/lists/* + +ENV PHP_INI_DIR /usr/local/etc/php +RUN mkdir -p $PHP_INI_DIR/conf.d + +#### +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + apache2 \ + && rm -rf /var/lib/apt/lists/* + +ENV APACHE_CONFDIR /etc/apache2 +ENV APACHE_ENVVARS $APACHE_CONFDIR/envvars + +RUN set -ex \ + \ +# generically convert lines like +# export APACHE_RUN_USER=www-data +# into +# : ${APACHE_RUN_USER:=www-data} +# export APACHE_RUN_USER +# so that they can be overridden at runtime ("-e APACHE_RUN_USER=...") + && sed -ri 's/^export ([^=]+)=(.*)$/: ${\1:=\2}\nexport \1/' "$APACHE_ENVVARS" \ + \ +# setup directories and permissions + && . "$APACHE_ENVVARS" \ + && for dir in \ + "$APACHE_LOCK_DIR" \ + "$APACHE_RUN_DIR" \ + "$APACHE_LOG_DIR" \ + /var/www/html \ + ; do \ + rm -rvf "$dir" \ + && mkdir -p "$dir" \ + && chown -R "$APACHE_RUN_USER:$APACHE_RUN_GROUP" "$dir"; \ + done + +# Apache + PHP requires preforking Apache for best results +RUN a2dismod mpm_event && a2enmod mpm_prefork + +# logs should go to stdout / stderr +RUN set -ex \ + && . "$APACHE_ENVVARS" \ + && ln -sfT /dev/stderr "$APACHE_LOG_DIR/error.log" \ + && ln -sfT /dev/stdout "$APACHE_LOG_DIR/access.log" \ + && ln -sfT /dev/stdout "$APACHE_LOG_DIR/other_vhosts_access.log" + +# PHP files should be handled by PHP, and should be preferred over any other file type +RUN { \ + echo ''; \ + echo '\tSetHandler application/x-httpd-php'; \ + echo ''; \ + echo; \ + echo 'DirectoryIndex disabled'; \ + echo 'DirectoryIndex index.php index.html'; \ + echo; \ + echo ''; \ + echo '\tOptions -Indexes'; \ + echo '\tAllowOverride All'; \ + echo ''; \ + } | tee "$APACHE_CONFDIR/conf-available/docker-php.conf" \ + && a2enconf docker-php + +ENV PHP_EXTRA_BUILD_DEPS apache2-dev +ENV PHP_EXTRA_CONFIGURE_ARGS --with-apxs2 +#### + +# Apply stack smash protection to functions using local buffers and alloca() +# Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) +# Enable optimization (-O2) +# Enable linker optimization (this sorts the hash buckets to improve cache locality, and is non-default) +# Adds GNU HASH segments to generated executables (this is used if present, and is much faster than sysv hash; in this configuration, sysv hash is also generated) +# https://github.com/docker-library/php/issues/272 +ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2" +ENV PHP_CPPFLAGS="$PHP_CFLAGS" +ENV PHP_LDFLAGS="-Wl,-O1 -Wl,--hash-style=both -pie" + +ENV GPG_KEYS 0BD78B5F97500D450838F95DFE857D9A90D90EC1 6E4F6AB321FDC07F2C332E3AC2BF0BC433CFC8B3 + +ENV PHP_VERSION 5.6.36 +ENV PHP_URL="https://secure.php.net/get/php-5.6.36.tar.xz/from/this/mirror" PHP_ASC_URL="https://secure.php.net/get/php-5.6.36.tar.xz.asc/from/this/mirror" +ENV PHP_SHA256="18f536bf548e909b4e980379d0c4e56d024b2b1eb1c9768fd169360491f1d6dd" PHP_MD5="" + +RUN set -xe; \ + \ + fetchDeps=' \ + wget \ + '; \ + if ! command -v gpg > /dev/null; then \ + fetchDeps="$fetchDeps \ + dirmngr \ + gnupg \ + "; \ + fi; \ + apt-get update; \ + apt-get install -y --no-install-recommends $fetchDeps; \ + rm -rf /var/lib/apt/lists/*; \ + \ + mkdir -p /usr/src; \ + cd /usr/src; \ + \ + wget -O php.tar.xz "$PHP_URL"; \ + \ + if [ -n "$PHP_SHA256" ]; then \ + echo "$PHP_SHA256 *php.tar.xz" | sha256sum -c -; \ + fi; \ + if [ -n "$PHP_MD5" ]; then \ + echo "$PHP_MD5 *php.tar.xz" | md5sum -c -; \ + fi; \ + \ + if [ -n "$PHP_ASC_URL" ]; then \ + wget -O php.tar.xz.asc "$PHP_ASC_URL"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for key in $GPG_KEYS; do \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + done; \ + gpg --batch --verify php.tar.xz.asc php.tar.xz; \ + rm -rf "$GNUPGHOME"; \ + fi; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps + +COPY docker-php-source /usr/local/bin/ + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libcurl4-openssl-dev \ + libedit-dev \ + libsqlite3-dev \ + libssl-dev \ + libxml2-dev \ + zlib1g-dev \ + ${PHP_EXTRA_BUILD_DEPS:-} \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + \ + export \ + CFLAGS="$PHP_CFLAGS" \ + CPPFLAGS="$PHP_CPPFLAGS" \ + LDFLAGS="$PHP_LDFLAGS" \ + ; \ + docker-php-source extract; \ + cd /usr/src/php; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ +# https://bugs.php.net/bug.php?id=74125 + if [ ! -d /usr/include/curl ]; then \ + ln -sT "/usr/include/$debMultiarch/curl" /usr/local/include/curl; \ + fi; \ + ./configure \ + --build="$gnuArch" \ + --with-config-file-path="$PHP_INI_DIR" \ + --with-config-file-scan-dir="$PHP_INI_DIR/conf.d" \ + \ +# make sure invalid --configure-flags are fatal errors intead of just warnings + --enable-option-checking=fatal \ + \ + --disable-cgi \ + \ +# https://github.com/docker-library/php/issues/439 + --with-mhash \ + \ +# --enable-ftp is included here because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236) + --enable-ftp \ +# --enable-mbstring is included here because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195) + --enable-mbstring \ +# --enable-mysqlnd is included here because it's harder to compile after the fact than extensions are (since it's a plugin for several extensions, not an extension in itself) + --enable-mysqlnd \ + \ + --with-curl \ + --with-libedit \ + --with-openssl \ + --with-zlib \ + \ +# bundled pcre does not support JIT on s390x +# https://manpages.debian.org/stretch/libpcre3-dev/pcrejit.3.en.html#AVAILABILITY_OF_JIT_SUPPORT + $(test "$gnuArch" = 's390x-linux-gnu' && echo '--without-pcre-jit') \ + --with-libdir="lib/$debMultiarch" \ + \ + ${PHP_EXTRA_CONFIGURE_ARGS:-} \ + ; \ + make -j "$(nproc)"; \ + make install; \ + find /usr/local/bin /usr/local/sbin -type f -executable -exec strip --strip-all '{}' + || true; \ + make clean; \ + cd /; \ + docker-php-source delete; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \ + find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + ; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + \ + php --version; \ + \ +# https://github.com/docker-library/php/issues/443 + pecl update-channels; \ + rm -rf /tmp/pear ~/.pearrc + +COPY docker-php-ext-* docker-php-entrypoint /usr/local/bin/ + +ENTRYPOINT ["docker-php-entrypoint"] +#### +COPY apache2-foreground /usr/local/bin/ +WORKDIR /var/www/html + +EXPOSE 80 +CMD ["apache2-foreground"] +#### diff --git a/5.6/stretch/cli/Dockerfile b/5.6/stretch/cli/Dockerfile new file mode 100644 index 00000000..8903321e --- /dev/null +++ b/5.6/stretch/cli/Dockerfile @@ -0,0 +1,193 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:stretch-slim + +# prevent Debian's PHP packages from being installed +# https://github.com/docker-library/php/pull/542 +RUN set -eux; \ + { \ + echo 'Package: php*'; \ + echo 'Pin: release *'; \ + echo 'Pin-Priority: -1'; \ + } > /etc/apt/preferences.d/no-debian-php + +# dependencies required for running "phpize" +# (see persistent deps below) +ENV PHPIZE_DEPS \ + autoconf \ + dpkg-dev \ + file \ + g++ \ + gcc \ + libc-dev \ + make \ + pkg-config \ + re2c + +# persistent / runtime deps +RUN apt-get update && apt-get install -y \ + $PHPIZE_DEPS \ + ca-certificates \ + curl \ + xz-utils \ + --no-install-recommends && rm -r /var/lib/apt/lists/* + +ENV PHP_INI_DIR /usr/local/etc/php +RUN mkdir -p $PHP_INI_DIR/conf.d + +#### +#### + +# Apply stack smash protection to functions using local buffers and alloca() +# Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) +# Enable optimization (-O2) +# Enable linker optimization (this sorts the hash buckets to improve cache locality, and is non-default) +# Adds GNU HASH segments to generated executables (this is used if present, and is much faster than sysv hash; in this configuration, sysv hash is also generated) +# https://github.com/docker-library/php/issues/272 +ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2" +ENV PHP_CPPFLAGS="$PHP_CFLAGS" +ENV PHP_LDFLAGS="-Wl,-O1 -Wl,--hash-style=both -pie" + +ENV GPG_KEYS 0BD78B5F97500D450838F95DFE857D9A90D90EC1 6E4F6AB321FDC07F2C332E3AC2BF0BC433CFC8B3 + +ENV PHP_VERSION 5.6.36 +ENV PHP_URL="https://secure.php.net/get/php-5.6.36.tar.xz/from/this/mirror" PHP_ASC_URL="https://secure.php.net/get/php-5.6.36.tar.xz.asc/from/this/mirror" +ENV PHP_SHA256="18f536bf548e909b4e980379d0c4e56d024b2b1eb1c9768fd169360491f1d6dd" PHP_MD5="" + +RUN set -xe; \ + \ + fetchDeps=' \ + wget \ + '; \ + if ! command -v gpg > /dev/null; then \ + fetchDeps="$fetchDeps \ + dirmngr \ + gnupg \ + "; \ + fi; \ + apt-get update; \ + apt-get install -y --no-install-recommends $fetchDeps; \ + rm -rf /var/lib/apt/lists/*; \ + \ + mkdir -p /usr/src; \ + cd /usr/src; \ + \ + wget -O php.tar.xz "$PHP_URL"; \ + \ + if [ -n "$PHP_SHA256" ]; then \ + echo "$PHP_SHA256 *php.tar.xz" | sha256sum -c -; \ + fi; \ + if [ -n "$PHP_MD5" ]; then \ + echo "$PHP_MD5 *php.tar.xz" | md5sum -c -; \ + fi; \ + \ + if [ -n "$PHP_ASC_URL" ]; then \ + wget -O php.tar.xz.asc "$PHP_ASC_URL"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for key in $GPG_KEYS; do \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + done; \ + gpg --batch --verify php.tar.xz.asc php.tar.xz; \ + rm -rf "$GNUPGHOME"; \ + fi; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps + +COPY docker-php-source /usr/local/bin/ + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libcurl4-openssl-dev \ + libedit-dev \ + libsqlite3-dev \ + libssl-dev \ + libxml2-dev \ + zlib1g-dev \ + ${PHP_EXTRA_BUILD_DEPS:-} \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + \ + export \ + CFLAGS="$PHP_CFLAGS" \ + CPPFLAGS="$PHP_CPPFLAGS" \ + LDFLAGS="$PHP_LDFLAGS" \ + ; \ + docker-php-source extract; \ + cd /usr/src/php; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ +# https://bugs.php.net/bug.php?id=74125 + if [ ! -d /usr/include/curl ]; then \ + ln -sT "/usr/include/$debMultiarch/curl" /usr/local/include/curl; \ + fi; \ + ./configure \ + --build="$gnuArch" \ + --with-config-file-path="$PHP_INI_DIR" \ + --with-config-file-scan-dir="$PHP_INI_DIR/conf.d" \ + \ +# make sure invalid --configure-flags are fatal errors intead of just warnings + --enable-option-checking=fatal \ + \ + --disable-cgi \ + \ +# https://github.com/docker-library/php/issues/439 + --with-mhash \ + \ +# --enable-ftp is included here because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236) + --enable-ftp \ +# --enable-mbstring is included here because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195) + --enable-mbstring \ +# --enable-mysqlnd is included here because it's harder to compile after the fact than extensions are (since it's a plugin for several extensions, not an extension in itself) + --enable-mysqlnd \ + \ + --with-curl \ + --with-libedit \ + --with-openssl \ + --with-zlib \ + \ +# bundled pcre does not support JIT on s390x +# https://manpages.debian.org/stretch/libpcre3-dev/pcrejit.3.en.html#AVAILABILITY_OF_JIT_SUPPORT + $(test "$gnuArch" = 's390x-linux-gnu' && echo '--without-pcre-jit') \ + --with-libdir="lib/$debMultiarch" \ + \ + ${PHP_EXTRA_CONFIGURE_ARGS:-} \ + ; \ + make -j "$(nproc)"; \ + make install; \ + find /usr/local/bin /usr/local/sbin -type f -executable -exec strip --strip-all '{}' + || true; \ + make clean; \ + cd /; \ + docker-php-source delete; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \ + find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + ; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + \ + php --version; \ + \ +# https://github.com/docker-library/php/issues/443 + pecl update-channels; \ + rm -rf /tmp/pear ~/.pearrc + +COPY docker-php-ext-* docker-php-entrypoint /usr/local/bin/ + +ENTRYPOINT ["docker-php-entrypoint"] +#### +CMD ["php", "-a"] +#### diff --git a/5.6/stretch/fpm/Dockerfile b/5.6/stretch/fpm/Dockerfile new file mode 100644 index 00000000..bb2230fd --- /dev/null +++ b/5.6/stretch/fpm/Dockerfile @@ -0,0 +1,233 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:stretch-slim + +# prevent Debian's PHP packages from being installed +# https://github.com/docker-library/php/pull/542 +RUN set -eux; \ + { \ + echo 'Package: php*'; \ + echo 'Pin: release *'; \ + echo 'Pin-Priority: -1'; \ + } > /etc/apt/preferences.d/no-debian-php + +# dependencies required for running "phpize" +# (see persistent deps below) +ENV PHPIZE_DEPS \ + autoconf \ + dpkg-dev \ + file \ + g++ \ + gcc \ + libc-dev \ + make \ + pkg-config \ + re2c + +# persistent / runtime deps +RUN apt-get update && apt-get install -y \ + $PHPIZE_DEPS \ + ca-certificates \ + curl \ + xz-utils \ + --no-install-recommends && rm -r /var/lib/apt/lists/* + +ENV PHP_INI_DIR /usr/local/etc/php +RUN mkdir -p $PHP_INI_DIR/conf.d + +#### +ENV PHP_EXTRA_CONFIGURE_ARGS --enable-fpm --with-fpm-user=www-data --with-fpm-group=www-data +#### + +# Apply stack smash protection to functions using local buffers and alloca() +# Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) +# Enable optimization (-O2) +# Enable linker optimization (this sorts the hash buckets to improve cache locality, and is non-default) +# Adds GNU HASH segments to generated executables (this is used if present, and is much faster than sysv hash; in this configuration, sysv hash is also generated) +# https://github.com/docker-library/php/issues/272 +ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2" +ENV PHP_CPPFLAGS="$PHP_CFLAGS" +ENV PHP_LDFLAGS="-Wl,-O1 -Wl,--hash-style=both -pie" + +ENV GPG_KEYS 0BD78B5F97500D450838F95DFE857D9A90D90EC1 6E4F6AB321FDC07F2C332E3AC2BF0BC433CFC8B3 + +ENV PHP_VERSION 5.6.36 +ENV PHP_URL="https://secure.php.net/get/php-5.6.36.tar.xz/from/this/mirror" PHP_ASC_URL="https://secure.php.net/get/php-5.6.36.tar.xz.asc/from/this/mirror" +ENV PHP_SHA256="18f536bf548e909b4e980379d0c4e56d024b2b1eb1c9768fd169360491f1d6dd" PHP_MD5="" + +RUN set -xe; \ + \ + fetchDeps=' \ + wget \ + '; \ + if ! command -v gpg > /dev/null; then \ + fetchDeps="$fetchDeps \ + dirmngr \ + gnupg \ + "; \ + fi; \ + apt-get update; \ + apt-get install -y --no-install-recommends $fetchDeps; \ + rm -rf /var/lib/apt/lists/*; \ + \ + mkdir -p /usr/src; \ + cd /usr/src; \ + \ + wget -O php.tar.xz "$PHP_URL"; \ + \ + if [ -n "$PHP_SHA256" ]; then \ + echo "$PHP_SHA256 *php.tar.xz" | sha256sum -c -; \ + fi; \ + if [ -n "$PHP_MD5" ]; then \ + echo "$PHP_MD5 *php.tar.xz" | md5sum -c -; \ + fi; \ + \ + if [ -n "$PHP_ASC_URL" ]; then \ + wget -O php.tar.xz.asc "$PHP_ASC_URL"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for key in $GPG_KEYS; do \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + done; \ + gpg --batch --verify php.tar.xz.asc php.tar.xz; \ + rm -rf "$GNUPGHOME"; \ + fi; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps + +COPY docker-php-source /usr/local/bin/ + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libcurl4-openssl-dev \ + libedit-dev \ + libsqlite3-dev \ + libssl-dev \ + libxml2-dev \ + zlib1g-dev \ + ${PHP_EXTRA_BUILD_DEPS:-} \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + \ + export \ + CFLAGS="$PHP_CFLAGS" \ + CPPFLAGS="$PHP_CPPFLAGS" \ + LDFLAGS="$PHP_LDFLAGS" \ + ; \ + docker-php-source extract; \ + cd /usr/src/php; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ +# https://bugs.php.net/bug.php?id=74125 + if [ ! -d /usr/include/curl ]; then \ + ln -sT "/usr/include/$debMultiarch/curl" /usr/local/include/curl; \ + fi; \ + ./configure \ + --build="$gnuArch" \ + --with-config-file-path="$PHP_INI_DIR" \ + --with-config-file-scan-dir="$PHP_INI_DIR/conf.d" \ + \ +# make sure invalid --configure-flags are fatal errors intead of just warnings + --enable-option-checking=fatal \ + \ + --disable-cgi \ + \ +# https://github.com/docker-library/php/issues/439 + --with-mhash \ + \ +# --enable-ftp is included here because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236) + --enable-ftp \ +# --enable-mbstring is included here because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195) + --enable-mbstring \ +# --enable-mysqlnd is included here because it's harder to compile after the fact than extensions are (since it's a plugin for several extensions, not an extension in itself) + --enable-mysqlnd \ + \ + --with-curl \ + --with-libedit \ + --with-openssl \ + --with-zlib \ + \ +# bundled pcre does not support JIT on s390x +# https://manpages.debian.org/stretch/libpcre3-dev/pcrejit.3.en.html#AVAILABILITY_OF_JIT_SUPPORT + $(test "$gnuArch" = 's390x-linux-gnu' && echo '--without-pcre-jit') \ + --with-libdir="lib/$debMultiarch" \ + \ + ${PHP_EXTRA_CONFIGURE_ARGS:-} \ + ; \ + make -j "$(nproc)"; \ + make install; \ + find /usr/local/bin /usr/local/sbin -type f -executable -exec strip --strip-all '{}' + || true; \ + make clean; \ + cd /; \ + docker-php-source delete; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \ + find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + ; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + \ + php --version; \ + \ +# https://github.com/docker-library/php/issues/443 + pecl update-channels; \ + rm -rf /tmp/pear ~/.pearrc + +COPY docker-php-ext-* docker-php-entrypoint /usr/local/bin/ + +ENTRYPOINT ["docker-php-entrypoint"] +#### +WORKDIR /var/www/html + +RUN set -ex \ + && cd /usr/local/etc \ + && if [ -d php-fpm.d ]; then \ + # for some reason, upstream's php-fpm.conf.default has "include=NONE/etc/php-fpm.d/*.conf" + sed 's!=NONE/!=!g' php-fpm.conf.default | tee php-fpm.conf > /dev/null; \ + cp php-fpm.d/www.conf.default php-fpm.d/www.conf; \ + else \ + # PHP 5.x doesn't use "include=" by default, so we'll create our own simple config that mimics PHP 7+ for consistency + mkdir php-fpm.d; \ + cp php-fpm.conf.default php-fpm.d/www.conf; \ + { \ + echo '[global]'; \ + echo 'include=etc/php-fpm.d/*.conf'; \ + } | tee php-fpm.conf; \ + fi \ + && { \ + echo '[global]'; \ + echo 'error_log = /proc/self/fd/2'; \ + echo; \ + echo '[www]'; \ + echo '; if we send this to /proc/self/fd/1, it never appears'; \ + echo 'access.log = /proc/self/fd/2'; \ + echo; \ + echo 'clear_env = no'; \ + echo; \ + echo '; Ensure worker stdout and stderr are sent to the main error log.'; \ + echo 'catch_workers_output = yes'; \ + } | tee php-fpm.d/docker.conf \ + && { \ + echo '[global]'; \ + echo 'daemonize = no'; \ + echo; \ + echo '[www]'; \ + echo 'listen = 9000'; \ + } | tee php-fpm.d/zz-docker.conf + +EXPOSE 9000 +CMD ["php-fpm"] +#### diff --git a/5.6/stretch/zts/Dockerfile b/5.6/stretch/zts/Dockerfile new file mode 100644 index 00000000..3064489d --- /dev/null +++ b/5.6/stretch/zts/Dockerfile @@ -0,0 +1,194 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:stretch-slim + +# prevent Debian's PHP packages from being installed +# https://github.com/docker-library/php/pull/542 +RUN set -eux; \ + { \ + echo 'Package: php*'; \ + echo 'Pin: release *'; \ + echo 'Pin-Priority: -1'; \ + } > /etc/apt/preferences.d/no-debian-php + +# dependencies required for running "phpize" +# (see persistent deps below) +ENV PHPIZE_DEPS \ + autoconf \ + dpkg-dev \ + file \ + g++ \ + gcc \ + libc-dev \ + make \ + pkg-config \ + re2c + +# persistent / runtime deps +RUN apt-get update && apt-get install -y \ + $PHPIZE_DEPS \ + ca-certificates \ + curl \ + xz-utils \ + --no-install-recommends && rm -r /var/lib/apt/lists/* + +ENV PHP_INI_DIR /usr/local/etc/php +RUN mkdir -p $PHP_INI_DIR/conf.d + +#### +ENV PHP_EXTRA_CONFIGURE_ARGS --enable-maintainer-zts +#### + +# Apply stack smash protection to functions using local buffers and alloca() +# Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) +# Enable optimization (-O2) +# Enable linker optimization (this sorts the hash buckets to improve cache locality, and is non-default) +# Adds GNU HASH segments to generated executables (this is used if present, and is much faster than sysv hash; in this configuration, sysv hash is also generated) +# https://github.com/docker-library/php/issues/272 +ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2" +ENV PHP_CPPFLAGS="$PHP_CFLAGS" +ENV PHP_LDFLAGS="-Wl,-O1 -Wl,--hash-style=both -pie" + +ENV GPG_KEYS 0BD78B5F97500D450838F95DFE857D9A90D90EC1 6E4F6AB321FDC07F2C332E3AC2BF0BC433CFC8B3 + +ENV PHP_VERSION 5.6.36 +ENV PHP_URL="https://secure.php.net/get/php-5.6.36.tar.xz/from/this/mirror" PHP_ASC_URL="https://secure.php.net/get/php-5.6.36.tar.xz.asc/from/this/mirror" +ENV PHP_SHA256="18f536bf548e909b4e980379d0c4e56d024b2b1eb1c9768fd169360491f1d6dd" PHP_MD5="" + +RUN set -xe; \ + \ + fetchDeps=' \ + wget \ + '; \ + if ! command -v gpg > /dev/null; then \ + fetchDeps="$fetchDeps \ + dirmngr \ + gnupg \ + "; \ + fi; \ + apt-get update; \ + apt-get install -y --no-install-recommends $fetchDeps; \ + rm -rf /var/lib/apt/lists/*; \ + \ + mkdir -p /usr/src; \ + cd /usr/src; \ + \ + wget -O php.tar.xz "$PHP_URL"; \ + \ + if [ -n "$PHP_SHA256" ]; then \ + echo "$PHP_SHA256 *php.tar.xz" | sha256sum -c -; \ + fi; \ + if [ -n "$PHP_MD5" ]; then \ + echo "$PHP_MD5 *php.tar.xz" | md5sum -c -; \ + fi; \ + \ + if [ -n "$PHP_ASC_URL" ]; then \ + wget -O php.tar.xz.asc "$PHP_ASC_URL"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for key in $GPG_KEYS; do \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + done; \ + gpg --batch --verify php.tar.xz.asc php.tar.xz; \ + rm -rf "$GNUPGHOME"; \ + fi; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps + +COPY docker-php-source /usr/local/bin/ + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libcurl4-openssl-dev \ + libedit-dev \ + libsqlite3-dev \ + libssl-dev \ + libxml2-dev \ + zlib1g-dev \ + ${PHP_EXTRA_BUILD_DEPS:-} \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + \ + export \ + CFLAGS="$PHP_CFLAGS" \ + CPPFLAGS="$PHP_CPPFLAGS" \ + LDFLAGS="$PHP_LDFLAGS" \ + ; \ + docker-php-source extract; \ + cd /usr/src/php; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ +# https://bugs.php.net/bug.php?id=74125 + if [ ! -d /usr/include/curl ]; then \ + ln -sT "/usr/include/$debMultiarch/curl" /usr/local/include/curl; \ + fi; \ + ./configure \ + --build="$gnuArch" \ + --with-config-file-path="$PHP_INI_DIR" \ + --with-config-file-scan-dir="$PHP_INI_DIR/conf.d" \ + \ +# make sure invalid --configure-flags are fatal errors intead of just warnings + --enable-option-checking=fatal \ + \ + --disable-cgi \ + \ +# https://github.com/docker-library/php/issues/439 + --with-mhash \ + \ +# --enable-ftp is included here because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236) + --enable-ftp \ +# --enable-mbstring is included here because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195) + --enable-mbstring \ +# --enable-mysqlnd is included here because it's harder to compile after the fact than extensions are (since it's a plugin for several extensions, not an extension in itself) + --enable-mysqlnd \ + \ + --with-curl \ + --with-libedit \ + --with-openssl \ + --with-zlib \ + \ +# bundled pcre does not support JIT on s390x +# https://manpages.debian.org/stretch/libpcre3-dev/pcrejit.3.en.html#AVAILABILITY_OF_JIT_SUPPORT + $(test "$gnuArch" = 's390x-linux-gnu' && echo '--without-pcre-jit') \ + --with-libdir="lib/$debMultiarch" \ + \ + ${PHP_EXTRA_CONFIGURE_ARGS:-} \ + ; \ + make -j "$(nproc)"; \ + make install; \ + find /usr/local/bin /usr/local/sbin -type f -executable -exec strip --strip-all '{}' + || true; \ + make clean; \ + cd /; \ + docker-php-source delete; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \ + find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + ; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + \ + php --version; \ + \ +# https://github.com/docker-library/php/issues/443 + pecl update-channels; \ + rm -rf /tmp/pear ~/.pearrc + +COPY docker-php-ext-* docker-php-entrypoint /usr/local/bin/ + +ENTRYPOINT ["docker-php-entrypoint"] +#### +CMD ["php", "-a"] +#### diff --git a/7.0/alpine3.7/cli/Dockerfile b/7.0/alpine3.7/cli/Dockerfile new file mode 100644 index 00000000..44ecb55e --- /dev/null +++ b/7.0/alpine3.7/cli/Dockerfile @@ -0,0 +1,166 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.7 + +# dependencies required for running "phpize" +# these get automatically installed and removed by "docker-php-ext-*" (unless they're already installed) +ENV PHPIZE_DEPS \ + autoconf \ + dpkg-dev dpkg \ + file \ + g++ \ + gcc \ + libc-dev \ + make \ + pkgconf \ + re2c + +# persistent / runtime deps +RUN apk add --no-cache --virtual .persistent-deps \ + ca-certificates \ + curl \ + tar \ + xz \ +# https://github.com/docker-library/php/issues/494 + libressl + +# ensure www-data user exists +RUN set -x \ + && addgroup -g 82 -S www-data \ + && adduser -u 82 -D -S -G www-data www-data +# 82 is the standard uid/gid for "www-data" in Alpine +# http://git.alpinelinux.org/cgit/aports/tree/main/apache2/apache2.pre-install?h=v3.3.2 +# http://git.alpinelinux.org/cgit/aports/tree/main/lighttpd/lighttpd.pre-install?h=v3.3.2 +# http://git.alpinelinux.org/cgit/aports/tree/main/nginx-initscripts/nginx-initscripts.pre-install?h=v3.3.2 + +ENV PHP_INI_DIR /usr/local/etc/php +RUN mkdir -p $PHP_INI_DIR/conf.d + +#### +#### + +# Apply stack smash protection to functions using local buffers and alloca() +# Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) +# Enable optimization (-O2) +# Enable linker optimization (this sorts the hash buckets to improve cache locality, and is non-default) +# Adds GNU HASH segments to generated executables (this is used if present, and is much faster than sysv hash; in this configuration, sysv hash is also generated) +# https://github.com/docker-library/php/issues/272 +ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2" +ENV PHP_CPPFLAGS="$PHP_CFLAGS" +ENV PHP_LDFLAGS="-Wl,-O1 -Wl,--hash-style=both -pie" + +ENV GPG_KEYS 1A4E8B7277C42E53DBA9C7B9BCAA30EA9C0D5763 6E4F6AB321FDC07F2C332E3AC2BF0BC433CFC8B3 + +ENV PHP_VERSION 7.0.30 +ENV PHP_URL="https://secure.php.net/get/php-7.0.30.tar.xz/from/this/mirror" PHP_ASC_URL="https://secure.php.net/get/php-7.0.30.tar.xz.asc/from/this/mirror" +ENV PHP_SHA256="c90892fb68ab9b8476519658d3f78f6388f2609ae1309bdc2a2e1cc9f92dd686" PHP_MD5="" + +RUN set -xe; \ + \ + apk add --no-cache --virtual .fetch-deps \ + gnupg \ + ; \ + \ + mkdir -p /usr/src; \ + cd /usr/src; \ + \ + wget -O php.tar.xz "$PHP_URL"; \ + \ + if [ -n "$PHP_SHA256" ]; then \ + echo "$PHP_SHA256 *php.tar.xz" | sha256sum -c -; \ + fi; \ + if [ -n "$PHP_MD5" ]; then \ + echo "$PHP_MD5 *php.tar.xz" | md5sum -c -; \ + fi; \ + \ + if [ -n "$PHP_ASC_URL" ]; then \ + wget -O php.tar.xz.asc "$PHP_ASC_URL"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for key in $GPG_KEYS; do \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + done; \ + gpg --batch --verify php.tar.xz.asc php.tar.xz; \ + rm -rf "$GNUPGHOME"; \ + fi; \ + \ + apk del .fetch-deps + +COPY docker-php-source /usr/local/bin/ + +RUN set -xe \ + && apk add --no-cache --virtual .build-deps \ + $PHPIZE_DEPS \ + coreutils \ + curl-dev \ + libedit-dev \ + libressl-dev \ + libxml2-dev \ + sqlite-dev \ + \ + && export CFLAGS="$PHP_CFLAGS" \ + CPPFLAGS="$PHP_CPPFLAGS" \ + LDFLAGS="$PHP_LDFLAGS" \ + && docker-php-source extract \ + && cd /usr/src/php \ + && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ + && ./configure \ + --build="$gnuArch" \ + --with-config-file-path="$PHP_INI_DIR" \ + --with-config-file-scan-dir="$PHP_INI_DIR/conf.d" \ + \ +# make sure invalid --configure-flags are fatal errors intead of just warnings + --enable-option-checking=fatal \ + \ + --disable-cgi \ + \ +# https://github.com/docker-library/php/issues/439 + --with-mhash \ + \ +# --enable-ftp is included here because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236) + --enable-ftp \ +# --enable-mbstring is included here because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195) + --enable-mbstring \ +# --enable-mysqlnd is included here because it's harder to compile after the fact than extensions are (since it's a plugin for several extensions, not an extension in itself) + --enable-mysqlnd \ + \ + --with-curl \ + --with-libedit \ + --with-openssl \ + --with-zlib \ + \ +# bundled pcre does not support JIT on s390x +# https://manpages.debian.org/stretch/libpcre3-dev/pcrejit.3.en.html#AVAILABILITY_OF_JIT_SUPPORT + $(test "$gnuArch" = 's390x-linux-gnu' && echo '--without-pcre-jit') \ + \ + $PHP_EXTRA_CONFIGURE_ARGS \ + && make -j "$(nproc)" \ + && make install \ + && { find /usr/local/bin /usr/local/sbin -type f -perm +0111 -exec strip --strip-all '{}' + || true; } \ + && make clean \ + && cd / \ + && docker-php-source delete \ + \ + && runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + )" \ + && apk add --no-cache --virtual .php-rundeps $runDeps \ + \ + && apk del .build-deps \ + \ +# https://github.com/docker-library/php/issues/443 + && pecl update-channels \ + && rm -rf /tmp/pear ~/.pearrc + +COPY docker-php-ext-* docker-php-entrypoint /usr/local/bin/ + +ENTRYPOINT ["docker-php-entrypoint"] +#### +CMD ["php", "-a"] +#### diff --git a/7.0/alpine3.7/fpm/Dockerfile b/7.0/alpine3.7/fpm/Dockerfile new file mode 100644 index 00000000..1a19d7e7 --- /dev/null +++ b/7.0/alpine3.7/fpm/Dockerfile @@ -0,0 +1,206 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.7 + +# dependencies required for running "phpize" +# these get automatically installed and removed by "docker-php-ext-*" (unless they're already installed) +ENV PHPIZE_DEPS \ + autoconf \ + dpkg-dev dpkg \ + file \ + g++ \ + gcc \ + libc-dev \ + make \ + pkgconf \ + re2c + +# persistent / runtime deps +RUN apk add --no-cache --virtual .persistent-deps \ + ca-certificates \ + curl \ + tar \ + xz \ +# https://github.com/docker-library/php/issues/494 + libressl + +# ensure www-data user exists +RUN set -x \ + && addgroup -g 82 -S www-data \ + && adduser -u 82 -D -S -G www-data www-data +# 82 is the standard uid/gid for "www-data" in Alpine +# http://git.alpinelinux.org/cgit/aports/tree/main/apache2/apache2.pre-install?h=v3.3.2 +# http://git.alpinelinux.org/cgit/aports/tree/main/lighttpd/lighttpd.pre-install?h=v3.3.2 +# http://git.alpinelinux.org/cgit/aports/tree/main/nginx-initscripts/nginx-initscripts.pre-install?h=v3.3.2 + +ENV PHP_INI_DIR /usr/local/etc/php +RUN mkdir -p $PHP_INI_DIR/conf.d + +#### +ENV PHP_EXTRA_CONFIGURE_ARGS --enable-fpm --with-fpm-user=www-data --with-fpm-group=www-data +#### + +# Apply stack smash protection to functions using local buffers and alloca() +# Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) +# Enable optimization (-O2) +# Enable linker optimization (this sorts the hash buckets to improve cache locality, and is non-default) +# Adds GNU HASH segments to generated executables (this is used if present, and is much faster than sysv hash; in this configuration, sysv hash is also generated) +# https://github.com/docker-library/php/issues/272 +ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2" +ENV PHP_CPPFLAGS="$PHP_CFLAGS" +ENV PHP_LDFLAGS="-Wl,-O1 -Wl,--hash-style=both -pie" + +ENV GPG_KEYS 1A4E8B7277C42E53DBA9C7B9BCAA30EA9C0D5763 6E4F6AB321FDC07F2C332E3AC2BF0BC433CFC8B3 + +ENV PHP_VERSION 7.0.30 +ENV PHP_URL="https://secure.php.net/get/php-7.0.30.tar.xz/from/this/mirror" PHP_ASC_URL="https://secure.php.net/get/php-7.0.30.tar.xz.asc/from/this/mirror" +ENV PHP_SHA256="c90892fb68ab9b8476519658d3f78f6388f2609ae1309bdc2a2e1cc9f92dd686" PHP_MD5="" + +RUN set -xe; \ + \ + apk add --no-cache --virtual .fetch-deps \ + gnupg \ + ; \ + \ + mkdir -p /usr/src; \ + cd /usr/src; \ + \ + wget -O php.tar.xz "$PHP_URL"; \ + \ + if [ -n "$PHP_SHA256" ]; then \ + echo "$PHP_SHA256 *php.tar.xz" | sha256sum -c -; \ + fi; \ + if [ -n "$PHP_MD5" ]; then \ + echo "$PHP_MD5 *php.tar.xz" | md5sum -c -; \ + fi; \ + \ + if [ -n "$PHP_ASC_URL" ]; then \ + wget -O php.tar.xz.asc "$PHP_ASC_URL"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for key in $GPG_KEYS; do \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + done; \ + gpg --batch --verify php.tar.xz.asc php.tar.xz; \ + rm -rf "$GNUPGHOME"; \ + fi; \ + \ + apk del .fetch-deps + +COPY docker-php-source /usr/local/bin/ + +RUN set -xe \ + && apk add --no-cache --virtual .build-deps \ + $PHPIZE_DEPS \ + coreutils \ + curl-dev \ + libedit-dev \ + libressl-dev \ + libxml2-dev \ + sqlite-dev \ + \ + && export CFLAGS="$PHP_CFLAGS" \ + CPPFLAGS="$PHP_CPPFLAGS" \ + LDFLAGS="$PHP_LDFLAGS" \ + && docker-php-source extract \ + && cd /usr/src/php \ + && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ + && ./configure \ + --build="$gnuArch" \ + --with-config-file-path="$PHP_INI_DIR" \ + --with-config-file-scan-dir="$PHP_INI_DIR/conf.d" \ + \ +# make sure invalid --configure-flags are fatal errors intead of just warnings + --enable-option-checking=fatal \ + \ + --disable-cgi \ + \ +# https://github.com/docker-library/php/issues/439 + --with-mhash \ + \ +# --enable-ftp is included here because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236) + --enable-ftp \ +# --enable-mbstring is included here because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195) + --enable-mbstring \ +# --enable-mysqlnd is included here because it's harder to compile after the fact than extensions are (since it's a plugin for several extensions, not an extension in itself) + --enable-mysqlnd \ + \ + --with-curl \ + --with-libedit \ + --with-openssl \ + --with-zlib \ + \ +# bundled pcre does not support JIT on s390x +# https://manpages.debian.org/stretch/libpcre3-dev/pcrejit.3.en.html#AVAILABILITY_OF_JIT_SUPPORT + $(test "$gnuArch" = 's390x-linux-gnu' && echo '--without-pcre-jit') \ + \ + $PHP_EXTRA_CONFIGURE_ARGS \ + && make -j "$(nproc)" \ + && make install \ + && { find /usr/local/bin /usr/local/sbin -type f -perm +0111 -exec strip --strip-all '{}' + || true; } \ + && make clean \ + && cd / \ + && docker-php-source delete \ + \ + && runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + )" \ + && apk add --no-cache --virtual .php-rundeps $runDeps \ + \ + && apk del .build-deps \ + \ +# https://github.com/docker-library/php/issues/443 + && pecl update-channels \ + && rm -rf /tmp/pear ~/.pearrc + +COPY docker-php-ext-* docker-php-entrypoint /usr/local/bin/ + +ENTRYPOINT ["docker-php-entrypoint"] +#### +WORKDIR /var/www/html + +RUN set -ex \ + && cd /usr/local/etc \ + && if [ -d php-fpm.d ]; then \ + # for some reason, upstream's php-fpm.conf.default has "include=NONE/etc/php-fpm.d/*.conf" + sed 's!=NONE/!=!g' php-fpm.conf.default | tee php-fpm.conf > /dev/null; \ + cp php-fpm.d/www.conf.default php-fpm.d/www.conf; \ + else \ + # PHP 5.x doesn't use "include=" by default, so we'll create our own simple config that mimics PHP 7+ for consistency + mkdir php-fpm.d; \ + cp php-fpm.conf.default php-fpm.d/www.conf; \ + { \ + echo '[global]'; \ + echo 'include=etc/php-fpm.d/*.conf'; \ + } | tee php-fpm.conf; \ + fi \ + && { \ + echo '[global]'; \ + echo 'error_log = /proc/self/fd/2'; \ + echo; \ + echo '[www]'; \ + echo '; if we send this to /proc/self/fd/1, it never appears'; \ + echo 'access.log = /proc/self/fd/2'; \ + echo; \ + echo 'clear_env = no'; \ + echo; \ + echo '; Ensure worker stdout and stderr are sent to the main error log.'; \ + echo 'catch_workers_output = yes'; \ + } | tee php-fpm.d/docker.conf \ + && { \ + echo '[global]'; \ + echo 'daemonize = no'; \ + echo; \ + echo '[www]'; \ + echo 'listen = 9000'; \ + } | tee php-fpm.d/zz-docker.conf + +EXPOSE 9000 +CMD ["php-fpm"] +#### diff --git a/7.0/alpine3.7/zts/Dockerfile b/7.0/alpine3.7/zts/Dockerfile new file mode 100644 index 00000000..b6530f57 --- /dev/null +++ b/7.0/alpine3.7/zts/Dockerfile @@ -0,0 +1,167 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.7 + +# dependencies required for running "phpize" +# these get automatically installed and removed by "docker-php-ext-*" (unless they're already installed) +ENV PHPIZE_DEPS \ + autoconf \ + dpkg-dev dpkg \ + file \ + g++ \ + gcc \ + libc-dev \ + make \ + pkgconf \ + re2c + +# persistent / runtime deps +RUN apk add --no-cache --virtual .persistent-deps \ + ca-certificates \ + curl \ + tar \ + xz \ +# https://github.com/docker-library/php/issues/494 + libressl + +# ensure www-data user exists +RUN set -x \ + && addgroup -g 82 -S www-data \ + && adduser -u 82 -D -S -G www-data www-data +# 82 is the standard uid/gid for "www-data" in Alpine +# http://git.alpinelinux.org/cgit/aports/tree/main/apache2/apache2.pre-install?h=v3.3.2 +# http://git.alpinelinux.org/cgit/aports/tree/main/lighttpd/lighttpd.pre-install?h=v3.3.2 +# http://git.alpinelinux.org/cgit/aports/tree/main/nginx-initscripts/nginx-initscripts.pre-install?h=v3.3.2 + +ENV PHP_INI_DIR /usr/local/etc/php +RUN mkdir -p $PHP_INI_DIR/conf.d + +#### +ENV PHP_EXTRA_CONFIGURE_ARGS --enable-maintainer-zts +#### + +# Apply stack smash protection to functions using local buffers and alloca() +# Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) +# Enable optimization (-O2) +# Enable linker optimization (this sorts the hash buckets to improve cache locality, and is non-default) +# Adds GNU HASH segments to generated executables (this is used if present, and is much faster than sysv hash; in this configuration, sysv hash is also generated) +# https://github.com/docker-library/php/issues/272 +ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2" +ENV PHP_CPPFLAGS="$PHP_CFLAGS" +ENV PHP_LDFLAGS="-Wl,-O1 -Wl,--hash-style=both -pie" + +ENV GPG_KEYS 1A4E8B7277C42E53DBA9C7B9BCAA30EA9C0D5763 6E4F6AB321FDC07F2C332E3AC2BF0BC433CFC8B3 + +ENV PHP_VERSION 7.0.30 +ENV PHP_URL="https://secure.php.net/get/php-7.0.30.tar.xz/from/this/mirror" PHP_ASC_URL="https://secure.php.net/get/php-7.0.30.tar.xz.asc/from/this/mirror" +ENV PHP_SHA256="c90892fb68ab9b8476519658d3f78f6388f2609ae1309bdc2a2e1cc9f92dd686" PHP_MD5="" + +RUN set -xe; \ + \ + apk add --no-cache --virtual .fetch-deps \ + gnupg \ + ; \ + \ + mkdir -p /usr/src; \ + cd /usr/src; \ + \ + wget -O php.tar.xz "$PHP_URL"; \ + \ + if [ -n "$PHP_SHA256" ]; then \ + echo "$PHP_SHA256 *php.tar.xz" | sha256sum -c -; \ + fi; \ + if [ -n "$PHP_MD5" ]; then \ + echo "$PHP_MD5 *php.tar.xz" | md5sum -c -; \ + fi; \ + \ + if [ -n "$PHP_ASC_URL" ]; then \ + wget -O php.tar.xz.asc "$PHP_ASC_URL"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for key in $GPG_KEYS; do \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + done; \ + gpg --batch --verify php.tar.xz.asc php.tar.xz; \ + rm -rf "$GNUPGHOME"; \ + fi; \ + \ + apk del .fetch-deps + +COPY docker-php-source /usr/local/bin/ + +RUN set -xe \ + && apk add --no-cache --virtual .build-deps \ + $PHPIZE_DEPS \ + coreutils \ + curl-dev \ + libedit-dev \ + libressl-dev \ + libxml2-dev \ + sqlite-dev \ + \ + && export CFLAGS="$PHP_CFLAGS" \ + CPPFLAGS="$PHP_CPPFLAGS" \ + LDFLAGS="$PHP_LDFLAGS" \ + && docker-php-source extract \ + && cd /usr/src/php \ + && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ + && ./configure \ + --build="$gnuArch" \ + --with-config-file-path="$PHP_INI_DIR" \ + --with-config-file-scan-dir="$PHP_INI_DIR/conf.d" \ + \ +# make sure invalid --configure-flags are fatal errors intead of just warnings + --enable-option-checking=fatal \ + \ + --disable-cgi \ + \ +# https://github.com/docker-library/php/issues/439 + --with-mhash \ + \ +# --enable-ftp is included here because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236) + --enable-ftp \ +# --enable-mbstring is included here because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195) + --enable-mbstring \ +# --enable-mysqlnd is included here because it's harder to compile after the fact than extensions are (since it's a plugin for several extensions, not an extension in itself) + --enable-mysqlnd \ + \ + --with-curl \ + --with-libedit \ + --with-openssl \ + --with-zlib \ + \ +# bundled pcre does not support JIT on s390x +# https://manpages.debian.org/stretch/libpcre3-dev/pcrejit.3.en.html#AVAILABILITY_OF_JIT_SUPPORT + $(test "$gnuArch" = 's390x-linux-gnu' && echo '--without-pcre-jit') \ + \ + $PHP_EXTRA_CONFIGURE_ARGS \ + && make -j "$(nproc)" \ + && make install \ + && { find /usr/local/bin /usr/local/sbin -type f -perm +0111 -exec strip --strip-all '{}' + || true; } \ + && make clean \ + && cd / \ + && docker-php-source delete \ + \ + && runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + )" \ + && apk add --no-cache --virtual .php-rundeps $runDeps \ + \ + && apk del .build-deps \ + \ +# https://github.com/docker-library/php/issues/443 + && pecl update-channels \ + && rm -rf /tmp/pear ~/.pearrc + +COPY docker-php-ext-* docker-php-entrypoint /usr/local/bin/ + +ENTRYPOINT ["docker-php-entrypoint"] +#### +CMD ["php", "-a"] +#### diff --git a/7.0/stretch/apache/Dockerfile b/7.0/stretch/apache/Dockerfile new file mode 100644 index 00000000..d6e95dab --- /dev/null +++ b/7.0/stretch/apache/Dockerfile @@ -0,0 +1,256 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:stretch-slim + +# prevent Debian's PHP packages from being installed +# https://github.com/docker-library/php/pull/542 +RUN set -eux; \ + { \ + echo 'Package: php*'; \ + echo 'Pin: release *'; \ + echo 'Pin-Priority: -1'; \ + } > /etc/apt/preferences.d/no-debian-php + +# dependencies required for running "phpize" +# (see persistent deps below) +ENV PHPIZE_DEPS \ + autoconf \ + dpkg-dev \ + file \ + g++ \ + gcc \ + libc-dev \ + make \ + pkg-config \ + re2c + +# persistent / runtime deps +RUN apt-get update && apt-get install -y \ + $PHPIZE_DEPS \ + ca-certificates \ + curl \ + xz-utils \ + --no-install-recommends && rm -r /var/lib/apt/lists/* + +ENV PHP_INI_DIR /usr/local/etc/php +RUN mkdir -p $PHP_INI_DIR/conf.d + +#### +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + apache2 \ + && rm -rf /var/lib/apt/lists/* + +ENV APACHE_CONFDIR /etc/apache2 +ENV APACHE_ENVVARS $APACHE_CONFDIR/envvars + +RUN set -ex \ + \ +# generically convert lines like +# export APACHE_RUN_USER=www-data +# into +# : ${APACHE_RUN_USER:=www-data} +# export APACHE_RUN_USER +# so that they can be overridden at runtime ("-e APACHE_RUN_USER=...") + && sed -ri 's/^export ([^=]+)=(.*)$/: ${\1:=\2}\nexport \1/' "$APACHE_ENVVARS" \ + \ +# setup directories and permissions + && . "$APACHE_ENVVARS" \ + && for dir in \ + "$APACHE_LOCK_DIR" \ + "$APACHE_RUN_DIR" \ + "$APACHE_LOG_DIR" \ + /var/www/html \ + ; do \ + rm -rvf "$dir" \ + && mkdir -p "$dir" \ + && chown -R "$APACHE_RUN_USER:$APACHE_RUN_GROUP" "$dir"; \ + done + +# Apache + PHP requires preforking Apache for best results +RUN a2dismod mpm_event && a2enmod mpm_prefork + +# logs should go to stdout / stderr +RUN set -ex \ + && . "$APACHE_ENVVARS" \ + && ln -sfT /dev/stderr "$APACHE_LOG_DIR/error.log" \ + && ln -sfT /dev/stdout "$APACHE_LOG_DIR/access.log" \ + && ln -sfT /dev/stdout "$APACHE_LOG_DIR/other_vhosts_access.log" + +# PHP files should be handled by PHP, and should be preferred over any other file type +RUN { \ + echo ''; \ + echo '\tSetHandler application/x-httpd-php'; \ + echo ''; \ + echo; \ + echo 'DirectoryIndex disabled'; \ + echo 'DirectoryIndex index.php index.html'; \ + echo; \ + echo ''; \ + echo '\tOptions -Indexes'; \ + echo '\tAllowOverride All'; \ + echo ''; \ + } | tee "$APACHE_CONFDIR/conf-available/docker-php.conf" \ + && a2enconf docker-php + +ENV PHP_EXTRA_BUILD_DEPS apache2-dev +ENV PHP_EXTRA_CONFIGURE_ARGS --with-apxs2 +#### + +# Apply stack smash protection to functions using local buffers and alloca() +# Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) +# Enable optimization (-O2) +# Enable linker optimization (this sorts the hash buckets to improve cache locality, and is non-default) +# Adds GNU HASH segments to generated executables (this is used if present, and is much faster than sysv hash; in this configuration, sysv hash is also generated) +# https://github.com/docker-library/php/issues/272 +ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2" +ENV PHP_CPPFLAGS="$PHP_CFLAGS" +ENV PHP_LDFLAGS="-Wl,-O1 -Wl,--hash-style=both -pie" + +ENV GPG_KEYS 1A4E8B7277C42E53DBA9C7B9BCAA30EA9C0D5763 6E4F6AB321FDC07F2C332E3AC2BF0BC433CFC8B3 + +ENV PHP_VERSION 7.0.30 +ENV PHP_URL="https://secure.php.net/get/php-7.0.30.tar.xz/from/this/mirror" PHP_ASC_URL="https://secure.php.net/get/php-7.0.30.tar.xz.asc/from/this/mirror" +ENV PHP_SHA256="c90892fb68ab9b8476519658d3f78f6388f2609ae1309bdc2a2e1cc9f92dd686" PHP_MD5="" + +RUN set -xe; \ + \ + fetchDeps=' \ + wget \ + '; \ + if ! command -v gpg > /dev/null; then \ + fetchDeps="$fetchDeps \ + dirmngr \ + gnupg \ + "; \ + fi; \ + apt-get update; \ + apt-get install -y --no-install-recommends $fetchDeps; \ + rm -rf /var/lib/apt/lists/*; \ + \ + mkdir -p /usr/src; \ + cd /usr/src; \ + \ + wget -O php.tar.xz "$PHP_URL"; \ + \ + if [ -n "$PHP_SHA256" ]; then \ + echo "$PHP_SHA256 *php.tar.xz" | sha256sum -c -; \ + fi; \ + if [ -n "$PHP_MD5" ]; then \ + echo "$PHP_MD5 *php.tar.xz" | md5sum -c -; \ + fi; \ + \ + if [ -n "$PHP_ASC_URL" ]; then \ + wget -O php.tar.xz.asc "$PHP_ASC_URL"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for key in $GPG_KEYS; do \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + done; \ + gpg --batch --verify php.tar.xz.asc php.tar.xz; \ + rm -rf "$GNUPGHOME"; \ + fi; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps + +COPY docker-php-source /usr/local/bin/ + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libcurl4-openssl-dev \ + libedit-dev \ + libsqlite3-dev \ + libssl-dev \ + libxml2-dev \ + zlib1g-dev \ + ${PHP_EXTRA_BUILD_DEPS:-} \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + \ + export \ + CFLAGS="$PHP_CFLAGS" \ + CPPFLAGS="$PHP_CPPFLAGS" \ + LDFLAGS="$PHP_LDFLAGS" \ + ; \ + docker-php-source extract; \ + cd /usr/src/php; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ +# https://bugs.php.net/bug.php?id=74125 + if [ ! -d /usr/include/curl ]; then \ + ln -sT "/usr/include/$debMultiarch/curl" /usr/local/include/curl; \ + fi; \ + ./configure \ + --build="$gnuArch" \ + --with-config-file-path="$PHP_INI_DIR" \ + --with-config-file-scan-dir="$PHP_INI_DIR/conf.d" \ + \ +# make sure invalid --configure-flags are fatal errors intead of just warnings + --enable-option-checking=fatal \ + \ + --disable-cgi \ + \ +# https://github.com/docker-library/php/issues/439 + --with-mhash \ + \ +# --enable-ftp is included here because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236) + --enable-ftp \ +# --enable-mbstring is included here because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195) + --enable-mbstring \ +# --enable-mysqlnd is included here because it's harder to compile after the fact than extensions are (since it's a plugin for several extensions, not an extension in itself) + --enable-mysqlnd \ + \ + --with-curl \ + --with-libedit \ + --with-openssl \ + --with-zlib \ + \ +# bundled pcre does not support JIT on s390x +# https://manpages.debian.org/stretch/libpcre3-dev/pcrejit.3.en.html#AVAILABILITY_OF_JIT_SUPPORT + $(test "$gnuArch" = 's390x-linux-gnu' && echo '--without-pcre-jit') \ + --with-libdir="lib/$debMultiarch" \ + \ + ${PHP_EXTRA_CONFIGURE_ARGS:-} \ + ; \ + make -j "$(nproc)"; \ + make install; \ + find /usr/local/bin /usr/local/sbin -type f -executable -exec strip --strip-all '{}' + || true; \ + make clean; \ + cd /; \ + docker-php-source delete; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \ + find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + ; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + \ + php --version; \ + \ +# https://github.com/docker-library/php/issues/443 + pecl update-channels; \ + rm -rf /tmp/pear ~/.pearrc + +COPY docker-php-ext-* docker-php-entrypoint /usr/local/bin/ + +ENTRYPOINT ["docker-php-entrypoint"] +#### +COPY apache2-foreground /usr/local/bin/ +WORKDIR /var/www/html + +EXPOSE 80 +CMD ["apache2-foreground"] +#### diff --git a/7.0/stretch/cli/Dockerfile b/7.0/stretch/cli/Dockerfile new file mode 100644 index 00000000..2f5e07bb --- /dev/null +++ b/7.0/stretch/cli/Dockerfile @@ -0,0 +1,193 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:stretch-slim + +# prevent Debian's PHP packages from being installed +# https://github.com/docker-library/php/pull/542 +RUN set -eux; \ + { \ + echo 'Package: php*'; \ + echo 'Pin: release *'; \ + echo 'Pin-Priority: -1'; \ + } > /etc/apt/preferences.d/no-debian-php + +# dependencies required for running "phpize" +# (see persistent deps below) +ENV PHPIZE_DEPS \ + autoconf \ + dpkg-dev \ + file \ + g++ \ + gcc \ + libc-dev \ + make \ + pkg-config \ + re2c + +# persistent / runtime deps +RUN apt-get update && apt-get install -y \ + $PHPIZE_DEPS \ + ca-certificates \ + curl \ + xz-utils \ + --no-install-recommends && rm -r /var/lib/apt/lists/* + +ENV PHP_INI_DIR /usr/local/etc/php +RUN mkdir -p $PHP_INI_DIR/conf.d + +#### +#### + +# Apply stack smash protection to functions using local buffers and alloca() +# Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) +# Enable optimization (-O2) +# Enable linker optimization (this sorts the hash buckets to improve cache locality, and is non-default) +# Adds GNU HASH segments to generated executables (this is used if present, and is much faster than sysv hash; in this configuration, sysv hash is also generated) +# https://github.com/docker-library/php/issues/272 +ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2" +ENV PHP_CPPFLAGS="$PHP_CFLAGS" +ENV PHP_LDFLAGS="-Wl,-O1 -Wl,--hash-style=both -pie" + +ENV GPG_KEYS 1A4E8B7277C42E53DBA9C7B9BCAA30EA9C0D5763 6E4F6AB321FDC07F2C332E3AC2BF0BC433CFC8B3 + +ENV PHP_VERSION 7.0.30 +ENV PHP_URL="https://secure.php.net/get/php-7.0.30.tar.xz/from/this/mirror" PHP_ASC_URL="https://secure.php.net/get/php-7.0.30.tar.xz.asc/from/this/mirror" +ENV PHP_SHA256="c90892fb68ab9b8476519658d3f78f6388f2609ae1309bdc2a2e1cc9f92dd686" PHP_MD5="" + +RUN set -xe; \ + \ + fetchDeps=' \ + wget \ + '; \ + if ! command -v gpg > /dev/null; then \ + fetchDeps="$fetchDeps \ + dirmngr \ + gnupg \ + "; \ + fi; \ + apt-get update; \ + apt-get install -y --no-install-recommends $fetchDeps; \ + rm -rf /var/lib/apt/lists/*; \ + \ + mkdir -p /usr/src; \ + cd /usr/src; \ + \ + wget -O php.tar.xz "$PHP_URL"; \ + \ + if [ -n "$PHP_SHA256" ]; then \ + echo "$PHP_SHA256 *php.tar.xz" | sha256sum -c -; \ + fi; \ + if [ -n "$PHP_MD5" ]; then \ + echo "$PHP_MD5 *php.tar.xz" | md5sum -c -; \ + fi; \ + \ + if [ -n "$PHP_ASC_URL" ]; then \ + wget -O php.tar.xz.asc "$PHP_ASC_URL"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for key in $GPG_KEYS; do \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + done; \ + gpg --batch --verify php.tar.xz.asc php.tar.xz; \ + rm -rf "$GNUPGHOME"; \ + fi; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps + +COPY docker-php-source /usr/local/bin/ + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libcurl4-openssl-dev \ + libedit-dev \ + libsqlite3-dev \ + libssl-dev \ + libxml2-dev \ + zlib1g-dev \ + ${PHP_EXTRA_BUILD_DEPS:-} \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + \ + export \ + CFLAGS="$PHP_CFLAGS" \ + CPPFLAGS="$PHP_CPPFLAGS" \ + LDFLAGS="$PHP_LDFLAGS" \ + ; \ + docker-php-source extract; \ + cd /usr/src/php; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ +# https://bugs.php.net/bug.php?id=74125 + if [ ! -d /usr/include/curl ]; then \ + ln -sT "/usr/include/$debMultiarch/curl" /usr/local/include/curl; \ + fi; \ + ./configure \ + --build="$gnuArch" \ + --with-config-file-path="$PHP_INI_DIR" \ + --with-config-file-scan-dir="$PHP_INI_DIR/conf.d" \ + \ +# make sure invalid --configure-flags are fatal errors intead of just warnings + --enable-option-checking=fatal \ + \ + --disable-cgi \ + \ +# https://github.com/docker-library/php/issues/439 + --with-mhash \ + \ +# --enable-ftp is included here because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236) + --enable-ftp \ +# --enable-mbstring is included here because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195) + --enable-mbstring \ +# --enable-mysqlnd is included here because it's harder to compile after the fact than extensions are (since it's a plugin for several extensions, not an extension in itself) + --enable-mysqlnd \ + \ + --with-curl \ + --with-libedit \ + --with-openssl \ + --with-zlib \ + \ +# bundled pcre does not support JIT on s390x +# https://manpages.debian.org/stretch/libpcre3-dev/pcrejit.3.en.html#AVAILABILITY_OF_JIT_SUPPORT + $(test "$gnuArch" = 's390x-linux-gnu' && echo '--without-pcre-jit') \ + --with-libdir="lib/$debMultiarch" \ + \ + ${PHP_EXTRA_CONFIGURE_ARGS:-} \ + ; \ + make -j "$(nproc)"; \ + make install; \ + find /usr/local/bin /usr/local/sbin -type f -executable -exec strip --strip-all '{}' + || true; \ + make clean; \ + cd /; \ + docker-php-source delete; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \ + find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + ; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + \ + php --version; \ + \ +# https://github.com/docker-library/php/issues/443 + pecl update-channels; \ + rm -rf /tmp/pear ~/.pearrc + +COPY docker-php-ext-* docker-php-entrypoint /usr/local/bin/ + +ENTRYPOINT ["docker-php-entrypoint"] +#### +CMD ["php", "-a"] +#### diff --git a/7.0/stretch/fpm/Dockerfile b/7.0/stretch/fpm/Dockerfile new file mode 100644 index 00000000..ed2dce6e --- /dev/null +++ b/7.0/stretch/fpm/Dockerfile @@ -0,0 +1,233 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:stretch-slim + +# prevent Debian's PHP packages from being installed +# https://github.com/docker-library/php/pull/542 +RUN set -eux; \ + { \ + echo 'Package: php*'; \ + echo 'Pin: release *'; \ + echo 'Pin-Priority: -1'; \ + } > /etc/apt/preferences.d/no-debian-php + +# dependencies required for running "phpize" +# (see persistent deps below) +ENV PHPIZE_DEPS \ + autoconf \ + dpkg-dev \ + file \ + g++ \ + gcc \ + libc-dev \ + make \ + pkg-config \ + re2c + +# persistent / runtime deps +RUN apt-get update && apt-get install -y \ + $PHPIZE_DEPS \ + ca-certificates \ + curl \ + xz-utils \ + --no-install-recommends && rm -r /var/lib/apt/lists/* + +ENV PHP_INI_DIR /usr/local/etc/php +RUN mkdir -p $PHP_INI_DIR/conf.d + +#### +ENV PHP_EXTRA_CONFIGURE_ARGS --enable-fpm --with-fpm-user=www-data --with-fpm-group=www-data +#### + +# Apply stack smash protection to functions using local buffers and alloca() +# Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) +# Enable optimization (-O2) +# Enable linker optimization (this sorts the hash buckets to improve cache locality, and is non-default) +# Adds GNU HASH segments to generated executables (this is used if present, and is much faster than sysv hash; in this configuration, sysv hash is also generated) +# https://github.com/docker-library/php/issues/272 +ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2" +ENV PHP_CPPFLAGS="$PHP_CFLAGS" +ENV PHP_LDFLAGS="-Wl,-O1 -Wl,--hash-style=both -pie" + +ENV GPG_KEYS 1A4E8B7277C42E53DBA9C7B9BCAA30EA9C0D5763 6E4F6AB321FDC07F2C332E3AC2BF0BC433CFC8B3 + +ENV PHP_VERSION 7.0.30 +ENV PHP_URL="https://secure.php.net/get/php-7.0.30.tar.xz/from/this/mirror" PHP_ASC_URL="https://secure.php.net/get/php-7.0.30.tar.xz.asc/from/this/mirror" +ENV PHP_SHA256="c90892fb68ab9b8476519658d3f78f6388f2609ae1309bdc2a2e1cc9f92dd686" PHP_MD5="" + +RUN set -xe; \ + \ + fetchDeps=' \ + wget \ + '; \ + if ! command -v gpg > /dev/null; then \ + fetchDeps="$fetchDeps \ + dirmngr \ + gnupg \ + "; \ + fi; \ + apt-get update; \ + apt-get install -y --no-install-recommends $fetchDeps; \ + rm -rf /var/lib/apt/lists/*; \ + \ + mkdir -p /usr/src; \ + cd /usr/src; \ + \ + wget -O php.tar.xz "$PHP_URL"; \ + \ + if [ -n "$PHP_SHA256" ]; then \ + echo "$PHP_SHA256 *php.tar.xz" | sha256sum -c -; \ + fi; \ + if [ -n "$PHP_MD5" ]; then \ + echo "$PHP_MD5 *php.tar.xz" | md5sum -c -; \ + fi; \ + \ + if [ -n "$PHP_ASC_URL" ]; then \ + wget -O php.tar.xz.asc "$PHP_ASC_URL"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for key in $GPG_KEYS; do \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + done; \ + gpg --batch --verify php.tar.xz.asc php.tar.xz; \ + rm -rf "$GNUPGHOME"; \ + fi; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps + +COPY docker-php-source /usr/local/bin/ + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libcurl4-openssl-dev \ + libedit-dev \ + libsqlite3-dev \ + libssl-dev \ + libxml2-dev \ + zlib1g-dev \ + ${PHP_EXTRA_BUILD_DEPS:-} \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + \ + export \ + CFLAGS="$PHP_CFLAGS" \ + CPPFLAGS="$PHP_CPPFLAGS" \ + LDFLAGS="$PHP_LDFLAGS" \ + ; \ + docker-php-source extract; \ + cd /usr/src/php; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ +# https://bugs.php.net/bug.php?id=74125 + if [ ! -d /usr/include/curl ]; then \ + ln -sT "/usr/include/$debMultiarch/curl" /usr/local/include/curl; \ + fi; \ + ./configure \ + --build="$gnuArch" \ + --with-config-file-path="$PHP_INI_DIR" \ + --with-config-file-scan-dir="$PHP_INI_DIR/conf.d" \ + \ +# make sure invalid --configure-flags are fatal errors intead of just warnings + --enable-option-checking=fatal \ + \ + --disable-cgi \ + \ +# https://github.com/docker-library/php/issues/439 + --with-mhash \ + \ +# --enable-ftp is included here because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236) + --enable-ftp \ +# --enable-mbstring is included here because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195) + --enable-mbstring \ +# --enable-mysqlnd is included here because it's harder to compile after the fact than extensions are (since it's a plugin for several extensions, not an extension in itself) + --enable-mysqlnd \ + \ + --with-curl \ + --with-libedit \ + --with-openssl \ + --with-zlib \ + \ +# bundled pcre does not support JIT on s390x +# https://manpages.debian.org/stretch/libpcre3-dev/pcrejit.3.en.html#AVAILABILITY_OF_JIT_SUPPORT + $(test "$gnuArch" = 's390x-linux-gnu' && echo '--without-pcre-jit') \ + --with-libdir="lib/$debMultiarch" \ + \ + ${PHP_EXTRA_CONFIGURE_ARGS:-} \ + ; \ + make -j "$(nproc)"; \ + make install; \ + find /usr/local/bin /usr/local/sbin -type f -executable -exec strip --strip-all '{}' + || true; \ + make clean; \ + cd /; \ + docker-php-source delete; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \ + find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + ; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + \ + php --version; \ + \ +# https://github.com/docker-library/php/issues/443 + pecl update-channels; \ + rm -rf /tmp/pear ~/.pearrc + +COPY docker-php-ext-* docker-php-entrypoint /usr/local/bin/ + +ENTRYPOINT ["docker-php-entrypoint"] +#### +WORKDIR /var/www/html + +RUN set -ex \ + && cd /usr/local/etc \ + && if [ -d php-fpm.d ]; then \ + # for some reason, upstream's php-fpm.conf.default has "include=NONE/etc/php-fpm.d/*.conf" + sed 's!=NONE/!=!g' php-fpm.conf.default | tee php-fpm.conf > /dev/null; \ + cp php-fpm.d/www.conf.default php-fpm.d/www.conf; \ + else \ + # PHP 5.x doesn't use "include=" by default, so we'll create our own simple config that mimics PHP 7+ for consistency + mkdir php-fpm.d; \ + cp php-fpm.conf.default php-fpm.d/www.conf; \ + { \ + echo '[global]'; \ + echo 'include=etc/php-fpm.d/*.conf'; \ + } | tee php-fpm.conf; \ + fi \ + && { \ + echo '[global]'; \ + echo 'error_log = /proc/self/fd/2'; \ + echo; \ + echo '[www]'; \ + echo '; if we send this to /proc/self/fd/1, it never appears'; \ + echo 'access.log = /proc/self/fd/2'; \ + echo; \ + echo 'clear_env = no'; \ + echo; \ + echo '; Ensure worker stdout and stderr are sent to the main error log.'; \ + echo 'catch_workers_output = yes'; \ + } | tee php-fpm.d/docker.conf \ + && { \ + echo '[global]'; \ + echo 'daemonize = no'; \ + echo; \ + echo '[www]'; \ + echo 'listen = 9000'; \ + } | tee php-fpm.d/zz-docker.conf + +EXPOSE 9000 +CMD ["php-fpm"] +#### diff --git a/7.0/stretch/zts/Dockerfile b/7.0/stretch/zts/Dockerfile new file mode 100644 index 00000000..d1e1f40f --- /dev/null +++ b/7.0/stretch/zts/Dockerfile @@ -0,0 +1,194 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:stretch-slim + +# prevent Debian's PHP packages from being installed +# https://github.com/docker-library/php/pull/542 +RUN set -eux; \ + { \ + echo 'Package: php*'; \ + echo 'Pin: release *'; \ + echo 'Pin-Priority: -1'; \ + } > /etc/apt/preferences.d/no-debian-php + +# dependencies required for running "phpize" +# (see persistent deps below) +ENV PHPIZE_DEPS \ + autoconf \ + dpkg-dev \ + file \ + g++ \ + gcc \ + libc-dev \ + make \ + pkg-config \ + re2c + +# persistent / runtime deps +RUN apt-get update && apt-get install -y \ + $PHPIZE_DEPS \ + ca-certificates \ + curl \ + xz-utils \ + --no-install-recommends && rm -r /var/lib/apt/lists/* + +ENV PHP_INI_DIR /usr/local/etc/php +RUN mkdir -p $PHP_INI_DIR/conf.d + +#### +ENV PHP_EXTRA_CONFIGURE_ARGS --enable-maintainer-zts +#### + +# Apply stack smash protection to functions using local buffers and alloca() +# Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) +# Enable optimization (-O2) +# Enable linker optimization (this sorts the hash buckets to improve cache locality, and is non-default) +# Adds GNU HASH segments to generated executables (this is used if present, and is much faster than sysv hash; in this configuration, sysv hash is also generated) +# https://github.com/docker-library/php/issues/272 +ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2" +ENV PHP_CPPFLAGS="$PHP_CFLAGS" +ENV PHP_LDFLAGS="-Wl,-O1 -Wl,--hash-style=both -pie" + +ENV GPG_KEYS 1A4E8B7277C42E53DBA9C7B9BCAA30EA9C0D5763 6E4F6AB321FDC07F2C332E3AC2BF0BC433CFC8B3 + +ENV PHP_VERSION 7.0.30 +ENV PHP_URL="https://secure.php.net/get/php-7.0.30.tar.xz/from/this/mirror" PHP_ASC_URL="https://secure.php.net/get/php-7.0.30.tar.xz.asc/from/this/mirror" +ENV PHP_SHA256="c90892fb68ab9b8476519658d3f78f6388f2609ae1309bdc2a2e1cc9f92dd686" PHP_MD5="" + +RUN set -xe; \ + \ + fetchDeps=' \ + wget \ + '; \ + if ! command -v gpg > /dev/null; then \ + fetchDeps="$fetchDeps \ + dirmngr \ + gnupg \ + "; \ + fi; \ + apt-get update; \ + apt-get install -y --no-install-recommends $fetchDeps; \ + rm -rf /var/lib/apt/lists/*; \ + \ + mkdir -p /usr/src; \ + cd /usr/src; \ + \ + wget -O php.tar.xz "$PHP_URL"; \ + \ + if [ -n "$PHP_SHA256" ]; then \ + echo "$PHP_SHA256 *php.tar.xz" | sha256sum -c -; \ + fi; \ + if [ -n "$PHP_MD5" ]; then \ + echo "$PHP_MD5 *php.tar.xz" | md5sum -c -; \ + fi; \ + \ + if [ -n "$PHP_ASC_URL" ]; then \ + wget -O php.tar.xz.asc "$PHP_ASC_URL"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for key in $GPG_KEYS; do \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + done; \ + gpg --batch --verify php.tar.xz.asc php.tar.xz; \ + rm -rf "$GNUPGHOME"; \ + fi; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps + +COPY docker-php-source /usr/local/bin/ + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libcurl4-openssl-dev \ + libedit-dev \ + libsqlite3-dev \ + libssl-dev \ + libxml2-dev \ + zlib1g-dev \ + ${PHP_EXTRA_BUILD_DEPS:-} \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + \ + export \ + CFLAGS="$PHP_CFLAGS" \ + CPPFLAGS="$PHP_CPPFLAGS" \ + LDFLAGS="$PHP_LDFLAGS" \ + ; \ + docker-php-source extract; \ + cd /usr/src/php; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ +# https://bugs.php.net/bug.php?id=74125 + if [ ! -d /usr/include/curl ]; then \ + ln -sT "/usr/include/$debMultiarch/curl" /usr/local/include/curl; \ + fi; \ + ./configure \ + --build="$gnuArch" \ + --with-config-file-path="$PHP_INI_DIR" \ + --with-config-file-scan-dir="$PHP_INI_DIR/conf.d" \ + \ +# make sure invalid --configure-flags are fatal errors intead of just warnings + --enable-option-checking=fatal \ + \ + --disable-cgi \ + \ +# https://github.com/docker-library/php/issues/439 + --with-mhash \ + \ +# --enable-ftp is included here because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236) + --enable-ftp \ +# --enable-mbstring is included here because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195) + --enable-mbstring \ +# --enable-mysqlnd is included here because it's harder to compile after the fact than extensions are (since it's a plugin for several extensions, not an extension in itself) + --enable-mysqlnd \ + \ + --with-curl \ + --with-libedit \ + --with-openssl \ + --with-zlib \ + \ +# bundled pcre does not support JIT on s390x +# https://manpages.debian.org/stretch/libpcre3-dev/pcrejit.3.en.html#AVAILABILITY_OF_JIT_SUPPORT + $(test "$gnuArch" = 's390x-linux-gnu' && echo '--without-pcre-jit') \ + --with-libdir="lib/$debMultiarch" \ + \ + ${PHP_EXTRA_CONFIGURE_ARGS:-} \ + ; \ + make -j "$(nproc)"; \ + make install; \ + find /usr/local/bin /usr/local/sbin -type f -executable -exec strip --strip-all '{}' + || true; \ + make clean; \ + cd /; \ + docker-php-source delete; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \ + find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + ; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + \ + php --version; \ + \ +# https://github.com/docker-library/php/issues/443 + pecl update-channels; \ + rm -rf /tmp/pear ~/.pearrc + +COPY docker-php-ext-* docker-php-entrypoint /usr/local/bin/ + +ENTRYPOINT ["docker-php-entrypoint"] +#### +CMD ["php", "-a"] +#### diff --git a/7.1/alpine3.7/cli/Dockerfile b/7.1/alpine3.7/cli/Dockerfile new file mode 100644 index 00000000..1a9ac7ce --- /dev/null +++ b/7.1/alpine3.7/cli/Dockerfile @@ -0,0 +1,166 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.7 + +# dependencies required for running "phpize" +# these get automatically installed and removed by "docker-php-ext-*" (unless they're already installed) +ENV PHPIZE_DEPS \ + autoconf \ + dpkg-dev dpkg \ + file \ + g++ \ + gcc \ + libc-dev \ + make \ + pkgconf \ + re2c + +# persistent / runtime deps +RUN apk add --no-cache --virtual .persistent-deps \ + ca-certificates \ + curl \ + tar \ + xz \ +# https://github.com/docker-library/php/issues/494 + libressl + +# ensure www-data user exists +RUN set -x \ + && addgroup -g 82 -S www-data \ + && adduser -u 82 -D -S -G www-data www-data +# 82 is the standard uid/gid for "www-data" in Alpine +# http://git.alpinelinux.org/cgit/aports/tree/main/apache2/apache2.pre-install?h=v3.3.2 +# http://git.alpinelinux.org/cgit/aports/tree/main/lighttpd/lighttpd.pre-install?h=v3.3.2 +# http://git.alpinelinux.org/cgit/aports/tree/main/nginx-initscripts/nginx-initscripts.pre-install?h=v3.3.2 + +ENV PHP_INI_DIR /usr/local/etc/php +RUN mkdir -p $PHP_INI_DIR/conf.d + +#### +#### + +# Apply stack smash protection to functions using local buffers and alloca() +# Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) +# Enable optimization (-O2) +# Enable linker optimization (this sorts the hash buckets to improve cache locality, and is non-default) +# Adds GNU HASH segments to generated executables (this is used if present, and is much faster than sysv hash; in this configuration, sysv hash is also generated) +# https://github.com/docker-library/php/issues/272 +ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2" +ENV PHP_CPPFLAGS="$PHP_CFLAGS" +ENV PHP_LDFLAGS="-Wl,-O1 -Wl,--hash-style=both -pie" + +ENV GPG_KEYS A917B1ECDA84AEC2B568FED6F50ABC807BD5DCD0 528995BFEDFBA7191D46839EF9BA0ADA31CBD89E 1729F83938DA44E27BA0F4D3DBDB397470D12172 + +ENV PHP_VERSION 7.1.17 +ENV PHP_URL="https://secure.php.net/get/php-7.1.17.tar.xz/from/this/mirror" PHP_ASC_URL="https://secure.php.net/get/php-7.1.17.tar.xz.asc/from/this/mirror" +ENV PHP_SHA256="1a784806866e06367f7a5c88775d239d6f30041c7ce65a8232d03a3d4de56d56" PHP_MD5="" + +RUN set -xe; \ + \ + apk add --no-cache --virtual .fetch-deps \ + gnupg \ + ; \ + \ + mkdir -p /usr/src; \ + cd /usr/src; \ + \ + wget -O php.tar.xz "$PHP_URL"; \ + \ + if [ -n "$PHP_SHA256" ]; then \ + echo "$PHP_SHA256 *php.tar.xz" | sha256sum -c -; \ + fi; \ + if [ -n "$PHP_MD5" ]; then \ + echo "$PHP_MD5 *php.tar.xz" | md5sum -c -; \ + fi; \ + \ + if [ -n "$PHP_ASC_URL" ]; then \ + wget -O php.tar.xz.asc "$PHP_ASC_URL"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for key in $GPG_KEYS; do \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + done; \ + gpg --batch --verify php.tar.xz.asc php.tar.xz; \ + rm -rf "$GNUPGHOME"; \ + fi; \ + \ + apk del .fetch-deps + +COPY docker-php-source /usr/local/bin/ + +RUN set -xe \ + && apk add --no-cache --virtual .build-deps \ + $PHPIZE_DEPS \ + coreutils \ + curl-dev \ + libedit-dev \ + libressl-dev \ + libxml2-dev \ + sqlite-dev \ + \ + && export CFLAGS="$PHP_CFLAGS" \ + CPPFLAGS="$PHP_CPPFLAGS" \ + LDFLAGS="$PHP_LDFLAGS" \ + && docker-php-source extract \ + && cd /usr/src/php \ + && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ + && ./configure \ + --build="$gnuArch" \ + --with-config-file-path="$PHP_INI_DIR" \ + --with-config-file-scan-dir="$PHP_INI_DIR/conf.d" \ + \ +# make sure invalid --configure-flags are fatal errors intead of just warnings + --enable-option-checking=fatal \ + \ + --disable-cgi \ + \ +# https://github.com/docker-library/php/issues/439 + --with-mhash \ + \ +# --enable-ftp is included here because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236) + --enable-ftp \ +# --enable-mbstring is included here because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195) + --enable-mbstring \ +# --enable-mysqlnd is included here because it's harder to compile after the fact than extensions are (since it's a plugin for several extensions, not an extension in itself) + --enable-mysqlnd \ + \ + --with-curl \ + --with-libedit \ + --with-openssl \ + --with-zlib \ + \ +# bundled pcre does not support JIT on s390x +# https://manpages.debian.org/stretch/libpcre3-dev/pcrejit.3.en.html#AVAILABILITY_OF_JIT_SUPPORT + $(test "$gnuArch" = 's390x-linux-gnu' && echo '--without-pcre-jit') \ + \ + $PHP_EXTRA_CONFIGURE_ARGS \ + && make -j "$(nproc)" \ + && make install \ + && { find /usr/local/bin /usr/local/sbin -type f -perm +0111 -exec strip --strip-all '{}' + || true; } \ + && make clean \ + && cd / \ + && docker-php-source delete \ + \ + && runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + )" \ + && apk add --no-cache --virtual .php-rundeps $runDeps \ + \ + && apk del .build-deps \ + \ +# https://github.com/docker-library/php/issues/443 + && pecl update-channels \ + && rm -rf /tmp/pear ~/.pearrc + +COPY docker-php-ext-* docker-php-entrypoint /usr/local/bin/ + +ENTRYPOINT ["docker-php-entrypoint"] +#### +CMD ["php", "-a"] +#### diff --git a/7.1/alpine3.7/fpm/Dockerfile b/7.1/alpine3.7/fpm/Dockerfile new file mode 100644 index 00000000..61c0b3db --- /dev/null +++ b/7.1/alpine3.7/fpm/Dockerfile @@ -0,0 +1,206 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.7 + +# dependencies required for running "phpize" +# these get automatically installed and removed by "docker-php-ext-*" (unless they're already installed) +ENV PHPIZE_DEPS \ + autoconf \ + dpkg-dev dpkg \ + file \ + g++ \ + gcc \ + libc-dev \ + make \ + pkgconf \ + re2c + +# persistent / runtime deps +RUN apk add --no-cache --virtual .persistent-deps \ + ca-certificates \ + curl \ + tar \ + xz \ +# https://github.com/docker-library/php/issues/494 + libressl + +# ensure www-data user exists +RUN set -x \ + && addgroup -g 82 -S www-data \ + && adduser -u 82 -D -S -G www-data www-data +# 82 is the standard uid/gid for "www-data" in Alpine +# http://git.alpinelinux.org/cgit/aports/tree/main/apache2/apache2.pre-install?h=v3.3.2 +# http://git.alpinelinux.org/cgit/aports/tree/main/lighttpd/lighttpd.pre-install?h=v3.3.2 +# http://git.alpinelinux.org/cgit/aports/tree/main/nginx-initscripts/nginx-initscripts.pre-install?h=v3.3.2 + +ENV PHP_INI_DIR /usr/local/etc/php +RUN mkdir -p $PHP_INI_DIR/conf.d + +#### +ENV PHP_EXTRA_CONFIGURE_ARGS --enable-fpm --with-fpm-user=www-data --with-fpm-group=www-data +#### + +# Apply stack smash protection to functions using local buffers and alloca() +# Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) +# Enable optimization (-O2) +# Enable linker optimization (this sorts the hash buckets to improve cache locality, and is non-default) +# Adds GNU HASH segments to generated executables (this is used if present, and is much faster than sysv hash; in this configuration, sysv hash is also generated) +# https://github.com/docker-library/php/issues/272 +ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2" +ENV PHP_CPPFLAGS="$PHP_CFLAGS" +ENV PHP_LDFLAGS="-Wl,-O1 -Wl,--hash-style=both -pie" + +ENV GPG_KEYS A917B1ECDA84AEC2B568FED6F50ABC807BD5DCD0 528995BFEDFBA7191D46839EF9BA0ADA31CBD89E 1729F83938DA44E27BA0F4D3DBDB397470D12172 + +ENV PHP_VERSION 7.1.17 +ENV PHP_URL="https://secure.php.net/get/php-7.1.17.tar.xz/from/this/mirror" PHP_ASC_URL="https://secure.php.net/get/php-7.1.17.tar.xz.asc/from/this/mirror" +ENV PHP_SHA256="1a784806866e06367f7a5c88775d239d6f30041c7ce65a8232d03a3d4de56d56" PHP_MD5="" + +RUN set -xe; \ + \ + apk add --no-cache --virtual .fetch-deps \ + gnupg \ + ; \ + \ + mkdir -p /usr/src; \ + cd /usr/src; \ + \ + wget -O php.tar.xz "$PHP_URL"; \ + \ + if [ -n "$PHP_SHA256" ]; then \ + echo "$PHP_SHA256 *php.tar.xz" | sha256sum -c -; \ + fi; \ + if [ -n "$PHP_MD5" ]; then \ + echo "$PHP_MD5 *php.tar.xz" | md5sum -c -; \ + fi; \ + \ + if [ -n "$PHP_ASC_URL" ]; then \ + wget -O php.tar.xz.asc "$PHP_ASC_URL"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for key in $GPG_KEYS; do \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + done; \ + gpg --batch --verify php.tar.xz.asc php.tar.xz; \ + rm -rf "$GNUPGHOME"; \ + fi; \ + \ + apk del .fetch-deps + +COPY docker-php-source /usr/local/bin/ + +RUN set -xe \ + && apk add --no-cache --virtual .build-deps \ + $PHPIZE_DEPS \ + coreutils \ + curl-dev \ + libedit-dev \ + libressl-dev \ + libxml2-dev \ + sqlite-dev \ + \ + && export CFLAGS="$PHP_CFLAGS" \ + CPPFLAGS="$PHP_CPPFLAGS" \ + LDFLAGS="$PHP_LDFLAGS" \ + && docker-php-source extract \ + && cd /usr/src/php \ + && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ + && ./configure \ + --build="$gnuArch" \ + --with-config-file-path="$PHP_INI_DIR" \ + --with-config-file-scan-dir="$PHP_INI_DIR/conf.d" \ + \ +# make sure invalid --configure-flags are fatal errors intead of just warnings + --enable-option-checking=fatal \ + \ + --disable-cgi \ + \ +# https://github.com/docker-library/php/issues/439 + --with-mhash \ + \ +# --enable-ftp is included here because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236) + --enable-ftp \ +# --enable-mbstring is included here because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195) + --enable-mbstring \ +# --enable-mysqlnd is included here because it's harder to compile after the fact than extensions are (since it's a plugin for several extensions, not an extension in itself) + --enable-mysqlnd \ + \ + --with-curl \ + --with-libedit \ + --with-openssl \ + --with-zlib \ + \ +# bundled pcre does not support JIT on s390x +# https://manpages.debian.org/stretch/libpcre3-dev/pcrejit.3.en.html#AVAILABILITY_OF_JIT_SUPPORT + $(test "$gnuArch" = 's390x-linux-gnu' && echo '--without-pcre-jit') \ + \ + $PHP_EXTRA_CONFIGURE_ARGS \ + && make -j "$(nproc)" \ + && make install \ + && { find /usr/local/bin /usr/local/sbin -type f -perm +0111 -exec strip --strip-all '{}' + || true; } \ + && make clean \ + && cd / \ + && docker-php-source delete \ + \ + && runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + )" \ + && apk add --no-cache --virtual .php-rundeps $runDeps \ + \ + && apk del .build-deps \ + \ +# https://github.com/docker-library/php/issues/443 + && pecl update-channels \ + && rm -rf /tmp/pear ~/.pearrc + +COPY docker-php-ext-* docker-php-entrypoint /usr/local/bin/ + +ENTRYPOINT ["docker-php-entrypoint"] +#### +WORKDIR /var/www/html + +RUN set -ex \ + && cd /usr/local/etc \ + && if [ -d php-fpm.d ]; then \ + # for some reason, upstream's php-fpm.conf.default has "include=NONE/etc/php-fpm.d/*.conf" + sed 's!=NONE/!=!g' php-fpm.conf.default | tee php-fpm.conf > /dev/null; \ + cp php-fpm.d/www.conf.default php-fpm.d/www.conf; \ + else \ + # PHP 5.x doesn't use "include=" by default, so we'll create our own simple config that mimics PHP 7+ for consistency + mkdir php-fpm.d; \ + cp php-fpm.conf.default php-fpm.d/www.conf; \ + { \ + echo '[global]'; \ + echo 'include=etc/php-fpm.d/*.conf'; \ + } | tee php-fpm.conf; \ + fi \ + && { \ + echo '[global]'; \ + echo 'error_log = /proc/self/fd/2'; \ + echo; \ + echo '[www]'; \ + echo '; if we send this to /proc/self/fd/1, it never appears'; \ + echo 'access.log = /proc/self/fd/2'; \ + echo; \ + echo 'clear_env = no'; \ + echo; \ + echo '; Ensure worker stdout and stderr are sent to the main error log.'; \ + echo 'catch_workers_output = yes'; \ + } | tee php-fpm.d/docker.conf \ + && { \ + echo '[global]'; \ + echo 'daemonize = no'; \ + echo; \ + echo '[www]'; \ + echo 'listen = 9000'; \ + } | tee php-fpm.d/zz-docker.conf + +EXPOSE 9000 +CMD ["php-fpm"] +#### diff --git a/7.1/alpine3.7/zts/Dockerfile b/7.1/alpine3.7/zts/Dockerfile new file mode 100644 index 00000000..3dee2d62 --- /dev/null +++ b/7.1/alpine3.7/zts/Dockerfile @@ -0,0 +1,167 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.7 + +# dependencies required for running "phpize" +# these get automatically installed and removed by "docker-php-ext-*" (unless they're already installed) +ENV PHPIZE_DEPS \ + autoconf \ + dpkg-dev dpkg \ + file \ + g++ \ + gcc \ + libc-dev \ + make \ + pkgconf \ + re2c + +# persistent / runtime deps +RUN apk add --no-cache --virtual .persistent-deps \ + ca-certificates \ + curl \ + tar \ + xz \ +# https://github.com/docker-library/php/issues/494 + libressl + +# ensure www-data user exists +RUN set -x \ + && addgroup -g 82 -S www-data \ + && adduser -u 82 -D -S -G www-data www-data +# 82 is the standard uid/gid for "www-data" in Alpine +# http://git.alpinelinux.org/cgit/aports/tree/main/apache2/apache2.pre-install?h=v3.3.2 +# http://git.alpinelinux.org/cgit/aports/tree/main/lighttpd/lighttpd.pre-install?h=v3.3.2 +# http://git.alpinelinux.org/cgit/aports/tree/main/nginx-initscripts/nginx-initscripts.pre-install?h=v3.3.2 + +ENV PHP_INI_DIR /usr/local/etc/php +RUN mkdir -p $PHP_INI_DIR/conf.d + +#### +ENV PHP_EXTRA_CONFIGURE_ARGS --enable-maintainer-zts +#### + +# Apply stack smash protection to functions using local buffers and alloca() +# Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) +# Enable optimization (-O2) +# Enable linker optimization (this sorts the hash buckets to improve cache locality, and is non-default) +# Adds GNU HASH segments to generated executables (this is used if present, and is much faster than sysv hash; in this configuration, sysv hash is also generated) +# https://github.com/docker-library/php/issues/272 +ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2" +ENV PHP_CPPFLAGS="$PHP_CFLAGS" +ENV PHP_LDFLAGS="-Wl,-O1 -Wl,--hash-style=both -pie" + +ENV GPG_KEYS A917B1ECDA84AEC2B568FED6F50ABC807BD5DCD0 528995BFEDFBA7191D46839EF9BA0ADA31CBD89E 1729F83938DA44E27BA0F4D3DBDB397470D12172 + +ENV PHP_VERSION 7.1.17 +ENV PHP_URL="https://secure.php.net/get/php-7.1.17.tar.xz/from/this/mirror" PHP_ASC_URL="https://secure.php.net/get/php-7.1.17.tar.xz.asc/from/this/mirror" +ENV PHP_SHA256="1a784806866e06367f7a5c88775d239d6f30041c7ce65a8232d03a3d4de56d56" PHP_MD5="" + +RUN set -xe; \ + \ + apk add --no-cache --virtual .fetch-deps \ + gnupg \ + ; \ + \ + mkdir -p /usr/src; \ + cd /usr/src; \ + \ + wget -O php.tar.xz "$PHP_URL"; \ + \ + if [ -n "$PHP_SHA256" ]; then \ + echo "$PHP_SHA256 *php.tar.xz" | sha256sum -c -; \ + fi; \ + if [ -n "$PHP_MD5" ]; then \ + echo "$PHP_MD5 *php.tar.xz" | md5sum -c -; \ + fi; \ + \ + if [ -n "$PHP_ASC_URL" ]; then \ + wget -O php.tar.xz.asc "$PHP_ASC_URL"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for key in $GPG_KEYS; do \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + done; \ + gpg --batch --verify php.tar.xz.asc php.tar.xz; \ + rm -rf "$GNUPGHOME"; \ + fi; \ + \ + apk del .fetch-deps + +COPY docker-php-source /usr/local/bin/ + +RUN set -xe \ + && apk add --no-cache --virtual .build-deps \ + $PHPIZE_DEPS \ + coreutils \ + curl-dev \ + libedit-dev \ + libressl-dev \ + libxml2-dev \ + sqlite-dev \ + \ + && export CFLAGS="$PHP_CFLAGS" \ + CPPFLAGS="$PHP_CPPFLAGS" \ + LDFLAGS="$PHP_LDFLAGS" \ + && docker-php-source extract \ + && cd /usr/src/php \ + && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ + && ./configure \ + --build="$gnuArch" \ + --with-config-file-path="$PHP_INI_DIR" \ + --with-config-file-scan-dir="$PHP_INI_DIR/conf.d" \ + \ +# make sure invalid --configure-flags are fatal errors intead of just warnings + --enable-option-checking=fatal \ + \ + --disable-cgi \ + \ +# https://github.com/docker-library/php/issues/439 + --with-mhash \ + \ +# --enable-ftp is included here because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236) + --enable-ftp \ +# --enable-mbstring is included here because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195) + --enable-mbstring \ +# --enable-mysqlnd is included here because it's harder to compile after the fact than extensions are (since it's a plugin for several extensions, not an extension in itself) + --enable-mysqlnd \ + \ + --with-curl \ + --with-libedit \ + --with-openssl \ + --with-zlib \ + \ +# bundled pcre does not support JIT on s390x +# https://manpages.debian.org/stretch/libpcre3-dev/pcrejit.3.en.html#AVAILABILITY_OF_JIT_SUPPORT + $(test "$gnuArch" = 's390x-linux-gnu' && echo '--without-pcre-jit') \ + \ + $PHP_EXTRA_CONFIGURE_ARGS \ + && make -j "$(nproc)" \ + && make install \ + && { find /usr/local/bin /usr/local/sbin -type f -perm +0111 -exec strip --strip-all '{}' + || true; } \ + && make clean \ + && cd / \ + && docker-php-source delete \ + \ + && runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + )" \ + && apk add --no-cache --virtual .php-rundeps $runDeps \ + \ + && apk del .build-deps \ + \ +# https://github.com/docker-library/php/issues/443 + && pecl update-channels \ + && rm -rf /tmp/pear ~/.pearrc + +COPY docker-php-ext-* docker-php-entrypoint /usr/local/bin/ + +ENTRYPOINT ["docker-php-entrypoint"] +#### +CMD ["php", "-a"] +#### diff --git a/7.1/stretch/apache/Dockerfile b/7.1/stretch/apache/Dockerfile new file mode 100644 index 00000000..11e7369c --- /dev/null +++ b/7.1/stretch/apache/Dockerfile @@ -0,0 +1,256 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:stretch-slim + +# prevent Debian's PHP packages from being installed +# https://github.com/docker-library/php/pull/542 +RUN set -eux; \ + { \ + echo 'Package: php*'; \ + echo 'Pin: release *'; \ + echo 'Pin-Priority: -1'; \ + } > /etc/apt/preferences.d/no-debian-php + +# dependencies required for running "phpize" +# (see persistent deps below) +ENV PHPIZE_DEPS \ + autoconf \ + dpkg-dev \ + file \ + g++ \ + gcc \ + libc-dev \ + make \ + pkg-config \ + re2c + +# persistent / runtime deps +RUN apt-get update && apt-get install -y \ + $PHPIZE_DEPS \ + ca-certificates \ + curl \ + xz-utils \ + --no-install-recommends && rm -r /var/lib/apt/lists/* + +ENV PHP_INI_DIR /usr/local/etc/php +RUN mkdir -p $PHP_INI_DIR/conf.d + +#### +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + apache2 \ + && rm -rf /var/lib/apt/lists/* + +ENV APACHE_CONFDIR /etc/apache2 +ENV APACHE_ENVVARS $APACHE_CONFDIR/envvars + +RUN set -ex \ + \ +# generically convert lines like +# export APACHE_RUN_USER=www-data +# into +# : ${APACHE_RUN_USER:=www-data} +# export APACHE_RUN_USER +# so that they can be overridden at runtime ("-e APACHE_RUN_USER=...") + && sed -ri 's/^export ([^=]+)=(.*)$/: ${\1:=\2}\nexport \1/' "$APACHE_ENVVARS" \ + \ +# setup directories and permissions + && . "$APACHE_ENVVARS" \ + && for dir in \ + "$APACHE_LOCK_DIR" \ + "$APACHE_RUN_DIR" \ + "$APACHE_LOG_DIR" \ + /var/www/html \ + ; do \ + rm -rvf "$dir" \ + && mkdir -p "$dir" \ + && chown -R "$APACHE_RUN_USER:$APACHE_RUN_GROUP" "$dir"; \ + done + +# Apache + PHP requires preforking Apache for best results +RUN a2dismod mpm_event && a2enmod mpm_prefork + +# logs should go to stdout / stderr +RUN set -ex \ + && . "$APACHE_ENVVARS" \ + && ln -sfT /dev/stderr "$APACHE_LOG_DIR/error.log" \ + && ln -sfT /dev/stdout "$APACHE_LOG_DIR/access.log" \ + && ln -sfT /dev/stdout "$APACHE_LOG_DIR/other_vhosts_access.log" + +# PHP files should be handled by PHP, and should be preferred over any other file type +RUN { \ + echo ''; \ + echo '\tSetHandler application/x-httpd-php'; \ + echo ''; \ + echo; \ + echo 'DirectoryIndex disabled'; \ + echo 'DirectoryIndex index.php index.html'; \ + echo; \ + echo ''; \ + echo '\tOptions -Indexes'; \ + echo '\tAllowOverride All'; \ + echo ''; \ + } | tee "$APACHE_CONFDIR/conf-available/docker-php.conf" \ + && a2enconf docker-php + +ENV PHP_EXTRA_BUILD_DEPS apache2-dev +ENV PHP_EXTRA_CONFIGURE_ARGS --with-apxs2 +#### + +# Apply stack smash protection to functions using local buffers and alloca() +# Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) +# Enable optimization (-O2) +# Enable linker optimization (this sorts the hash buckets to improve cache locality, and is non-default) +# Adds GNU HASH segments to generated executables (this is used if present, and is much faster than sysv hash; in this configuration, sysv hash is also generated) +# https://github.com/docker-library/php/issues/272 +ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2" +ENV PHP_CPPFLAGS="$PHP_CFLAGS" +ENV PHP_LDFLAGS="-Wl,-O1 -Wl,--hash-style=both -pie" + +ENV GPG_KEYS A917B1ECDA84AEC2B568FED6F50ABC807BD5DCD0 528995BFEDFBA7191D46839EF9BA0ADA31CBD89E 1729F83938DA44E27BA0F4D3DBDB397470D12172 + +ENV PHP_VERSION 7.1.17 +ENV PHP_URL="https://secure.php.net/get/php-7.1.17.tar.xz/from/this/mirror" PHP_ASC_URL="https://secure.php.net/get/php-7.1.17.tar.xz.asc/from/this/mirror" +ENV PHP_SHA256="1a784806866e06367f7a5c88775d239d6f30041c7ce65a8232d03a3d4de56d56" PHP_MD5="" + +RUN set -xe; \ + \ + fetchDeps=' \ + wget \ + '; \ + if ! command -v gpg > /dev/null; then \ + fetchDeps="$fetchDeps \ + dirmngr \ + gnupg \ + "; \ + fi; \ + apt-get update; \ + apt-get install -y --no-install-recommends $fetchDeps; \ + rm -rf /var/lib/apt/lists/*; \ + \ + mkdir -p /usr/src; \ + cd /usr/src; \ + \ + wget -O php.tar.xz "$PHP_URL"; \ + \ + if [ -n "$PHP_SHA256" ]; then \ + echo "$PHP_SHA256 *php.tar.xz" | sha256sum -c -; \ + fi; \ + if [ -n "$PHP_MD5" ]; then \ + echo "$PHP_MD5 *php.tar.xz" | md5sum -c -; \ + fi; \ + \ + if [ -n "$PHP_ASC_URL" ]; then \ + wget -O php.tar.xz.asc "$PHP_ASC_URL"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for key in $GPG_KEYS; do \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + done; \ + gpg --batch --verify php.tar.xz.asc php.tar.xz; \ + rm -rf "$GNUPGHOME"; \ + fi; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps + +COPY docker-php-source /usr/local/bin/ + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libcurl4-openssl-dev \ + libedit-dev \ + libsqlite3-dev \ + libssl-dev \ + libxml2-dev \ + zlib1g-dev \ + ${PHP_EXTRA_BUILD_DEPS:-} \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + \ + export \ + CFLAGS="$PHP_CFLAGS" \ + CPPFLAGS="$PHP_CPPFLAGS" \ + LDFLAGS="$PHP_LDFLAGS" \ + ; \ + docker-php-source extract; \ + cd /usr/src/php; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ +# https://bugs.php.net/bug.php?id=74125 + if [ ! -d /usr/include/curl ]; then \ + ln -sT "/usr/include/$debMultiarch/curl" /usr/local/include/curl; \ + fi; \ + ./configure \ + --build="$gnuArch" \ + --with-config-file-path="$PHP_INI_DIR" \ + --with-config-file-scan-dir="$PHP_INI_DIR/conf.d" \ + \ +# make sure invalid --configure-flags are fatal errors intead of just warnings + --enable-option-checking=fatal \ + \ + --disable-cgi \ + \ +# https://github.com/docker-library/php/issues/439 + --with-mhash \ + \ +# --enable-ftp is included here because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236) + --enable-ftp \ +# --enable-mbstring is included here because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195) + --enable-mbstring \ +# --enable-mysqlnd is included here because it's harder to compile after the fact than extensions are (since it's a plugin for several extensions, not an extension in itself) + --enable-mysqlnd \ + \ + --with-curl \ + --with-libedit \ + --with-openssl \ + --with-zlib \ + \ +# bundled pcre does not support JIT on s390x +# https://manpages.debian.org/stretch/libpcre3-dev/pcrejit.3.en.html#AVAILABILITY_OF_JIT_SUPPORT + $(test "$gnuArch" = 's390x-linux-gnu' && echo '--without-pcre-jit') \ + --with-libdir="lib/$debMultiarch" \ + \ + ${PHP_EXTRA_CONFIGURE_ARGS:-} \ + ; \ + make -j "$(nproc)"; \ + make install; \ + find /usr/local/bin /usr/local/sbin -type f -executable -exec strip --strip-all '{}' + || true; \ + make clean; \ + cd /; \ + docker-php-source delete; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \ + find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + ; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + \ + php --version; \ + \ +# https://github.com/docker-library/php/issues/443 + pecl update-channels; \ + rm -rf /tmp/pear ~/.pearrc + +COPY docker-php-ext-* docker-php-entrypoint /usr/local/bin/ + +ENTRYPOINT ["docker-php-entrypoint"] +#### +COPY apache2-foreground /usr/local/bin/ +WORKDIR /var/www/html + +EXPOSE 80 +CMD ["apache2-foreground"] +#### diff --git a/7.1/stretch/cli/Dockerfile b/7.1/stretch/cli/Dockerfile new file mode 100644 index 00000000..6e47c9ee --- /dev/null +++ b/7.1/stretch/cli/Dockerfile @@ -0,0 +1,193 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:stretch-slim + +# prevent Debian's PHP packages from being installed +# https://github.com/docker-library/php/pull/542 +RUN set -eux; \ + { \ + echo 'Package: php*'; \ + echo 'Pin: release *'; \ + echo 'Pin-Priority: -1'; \ + } > /etc/apt/preferences.d/no-debian-php + +# dependencies required for running "phpize" +# (see persistent deps below) +ENV PHPIZE_DEPS \ + autoconf \ + dpkg-dev \ + file \ + g++ \ + gcc \ + libc-dev \ + make \ + pkg-config \ + re2c + +# persistent / runtime deps +RUN apt-get update && apt-get install -y \ + $PHPIZE_DEPS \ + ca-certificates \ + curl \ + xz-utils \ + --no-install-recommends && rm -r /var/lib/apt/lists/* + +ENV PHP_INI_DIR /usr/local/etc/php +RUN mkdir -p $PHP_INI_DIR/conf.d + +#### +#### + +# Apply stack smash protection to functions using local buffers and alloca() +# Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) +# Enable optimization (-O2) +# Enable linker optimization (this sorts the hash buckets to improve cache locality, and is non-default) +# Adds GNU HASH segments to generated executables (this is used if present, and is much faster than sysv hash; in this configuration, sysv hash is also generated) +# https://github.com/docker-library/php/issues/272 +ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2" +ENV PHP_CPPFLAGS="$PHP_CFLAGS" +ENV PHP_LDFLAGS="-Wl,-O1 -Wl,--hash-style=both -pie" + +ENV GPG_KEYS A917B1ECDA84AEC2B568FED6F50ABC807BD5DCD0 528995BFEDFBA7191D46839EF9BA0ADA31CBD89E 1729F83938DA44E27BA0F4D3DBDB397470D12172 + +ENV PHP_VERSION 7.1.17 +ENV PHP_URL="https://secure.php.net/get/php-7.1.17.tar.xz/from/this/mirror" PHP_ASC_URL="https://secure.php.net/get/php-7.1.17.tar.xz.asc/from/this/mirror" +ENV PHP_SHA256="1a784806866e06367f7a5c88775d239d6f30041c7ce65a8232d03a3d4de56d56" PHP_MD5="" + +RUN set -xe; \ + \ + fetchDeps=' \ + wget \ + '; \ + if ! command -v gpg > /dev/null; then \ + fetchDeps="$fetchDeps \ + dirmngr \ + gnupg \ + "; \ + fi; \ + apt-get update; \ + apt-get install -y --no-install-recommends $fetchDeps; \ + rm -rf /var/lib/apt/lists/*; \ + \ + mkdir -p /usr/src; \ + cd /usr/src; \ + \ + wget -O php.tar.xz "$PHP_URL"; \ + \ + if [ -n "$PHP_SHA256" ]; then \ + echo "$PHP_SHA256 *php.tar.xz" | sha256sum -c -; \ + fi; \ + if [ -n "$PHP_MD5" ]; then \ + echo "$PHP_MD5 *php.tar.xz" | md5sum -c -; \ + fi; \ + \ + if [ -n "$PHP_ASC_URL" ]; then \ + wget -O php.tar.xz.asc "$PHP_ASC_URL"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for key in $GPG_KEYS; do \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + done; \ + gpg --batch --verify php.tar.xz.asc php.tar.xz; \ + rm -rf "$GNUPGHOME"; \ + fi; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps + +COPY docker-php-source /usr/local/bin/ + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libcurl4-openssl-dev \ + libedit-dev \ + libsqlite3-dev \ + libssl-dev \ + libxml2-dev \ + zlib1g-dev \ + ${PHP_EXTRA_BUILD_DEPS:-} \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + \ + export \ + CFLAGS="$PHP_CFLAGS" \ + CPPFLAGS="$PHP_CPPFLAGS" \ + LDFLAGS="$PHP_LDFLAGS" \ + ; \ + docker-php-source extract; \ + cd /usr/src/php; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ +# https://bugs.php.net/bug.php?id=74125 + if [ ! -d /usr/include/curl ]; then \ + ln -sT "/usr/include/$debMultiarch/curl" /usr/local/include/curl; \ + fi; \ + ./configure \ + --build="$gnuArch" \ + --with-config-file-path="$PHP_INI_DIR" \ + --with-config-file-scan-dir="$PHP_INI_DIR/conf.d" \ + \ +# make sure invalid --configure-flags are fatal errors intead of just warnings + --enable-option-checking=fatal \ + \ + --disable-cgi \ + \ +# https://github.com/docker-library/php/issues/439 + --with-mhash \ + \ +# --enable-ftp is included here because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236) + --enable-ftp \ +# --enable-mbstring is included here because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195) + --enable-mbstring \ +# --enable-mysqlnd is included here because it's harder to compile after the fact than extensions are (since it's a plugin for several extensions, not an extension in itself) + --enable-mysqlnd \ + \ + --with-curl \ + --with-libedit \ + --with-openssl \ + --with-zlib \ + \ +# bundled pcre does not support JIT on s390x +# https://manpages.debian.org/stretch/libpcre3-dev/pcrejit.3.en.html#AVAILABILITY_OF_JIT_SUPPORT + $(test "$gnuArch" = 's390x-linux-gnu' && echo '--without-pcre-jit') \ + --with-libdir="lib/$debMultiarch" \ + \ + ${PHP_EXTRA_CONFIGURE_ARGS:-} \ + ; \ + make -j "$(nproc)"; \ + make install; \ + find /usr/local/bin /usr/local/sbin -type f -executable -exec strip --strip-all '{}' + || true; \ + make clean; \ + cd /; \ + docker-php-source delete; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \ + find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + ; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + \ + php --version; \ + \ +# https://github.com/docker-library/php/issues/443 + pecl update-channels; \ + rm -rf /tmp/pear ~/.pearrc + +COPY docker-php-ext-* docker-php-entrypoint /usr/local/bin/ + +ENTRYPOINT ["docker-php-entrypoint"] +#### +CMD ["php", "-a"] +#### diff --git a/7.1/stretch/fpm/Dockerfile b/7.1/stretch/fpm/Dockerfile new file mode 100644 index 00000000..cf6cb221 --- /dev/null +++ b/7.1/stretch/fpm/Dockerfile @@ -0,0 +1,233 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:stretch-slim + +# prevent Debian's PHP packages from being installed +# https://github.com/docker-library/php/pull/542 +RUN set -eux; \ + { \ + echo 'Package: php*'; \ + echo 'Pin: release *'; \ + echo 'Pin-Priority: -1'; \ + } > /etc/apt/preferences.d/no-debian-php + +# dependencies required for running "phpize" +# (see persistent deps below) +ENV PHPIZE_DEPS \ + autoconf \ + dpkg-dev \ + file \ + g++ \ + gcc \ + libc-dev \ + make \ + pkg-config \ + re2c + +# persistent / runtime deps +RUN apt-get update && apt-get install -y \ + $PHPIZE_DEPS \ + ca-certificates \ + curl \ + xz-utils \ + --no-install-recommends && rm -r /var/lib/apt/lists/* + +ENV PHP_INI_DIR /usr/local/etc/php +RUN mkdir -p $PHP_INI_DIR/conf.d + +#### +ENV PHP_EXTRA_CONFIGURE_ARGS --enable-fpm --with-fpm-user=www-data --with-fpm-group=www-data +#### + +# Apply stack smash protection to functions using local buffers and alloca() +# Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) +# Enable optimization (-O2) +# Enable linker optimization (this sorts the hash buckets to improve cache locality, and is non-default) +# Adds GNU HASH segments to generated executables (this is used if present, and is much faster than sysv hash; in this configuration, sysv hash is also generated) +# https://github.com/docker-library/php/issues/272 +ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2" +ENV PHP_CPPFLAGS="$PHP_CFLAGS" +ENV PHP_LDFLAGS="-Wl,-O1 -Wl,--hash-style=both -pie" + +ENV GPG_KEYS A917B1ECDA84AEC2B568FED6F50ABC807BD5DCD0 528995BFEDFBA7191D46839EF9BA0ADA31CBD89E 1729F83938DA44E27BA0F4D3DBDB397470D12172 + +ENV PHP_VERSION 7.1.17 +ENV PHP_URL="https://secure.php.net/get/php-7.1.17.tar.xz/from/this/mirror" PHP_ASC_URL="https://secure.php.net/get/php-7.1.17.tar.xz.asc/from/this/mirror" +ENV PHP_SHA256="1a784806866e06367f7a5c88775d239d6f30041c7ce65a8232d03a3d4de56d56" PHP_MD5="" + +RUN set -xe; \ + \ + fetchDeps=' \ + wget \ + '; \ + if ! command -v gpg > /dev/null; then \ + fetchDeps="$fetchDeps \ + dirmngr \ + gnupg \ + "; \ + fi; \ + apt-get update; \ + apt-get install -y --no-install-recommends $fetchDeps; \ + rm -rf /var/lib/apt/lists/*; \ + \ + mkdir -p /usr/src; \ + cd /usr/src; \ + \ + wget -O php.tar.xz "$PHP_URL"; \ + \ + if [ -n "$PHP_SHA256" ]; then \ + echo "$PHP_SHA256 *php.tar.xz" | sha256sum -c -; \ + fi; \ + if [ -n "$PHP_MD5" ]; then \ + echo "$PHP_MD5 *php.tar.xz" | md5sum -c -; \ + fi; \ + \ + if [ -n "$PHP_ASC_URL" ]; then \ + wget -O php.tar.xz.asc "$PHP_ASC_URL"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for key in $GPG_KEYS; do \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + done; \ + gpg --batch --verify php.tar.xz.asc php.tar.xz; \ + rm -rf "$GNUPGHOME"; \ + fi; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps + +COPY docker-php-source /usr/local/bin/ + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libcurl4-openssl-dev \ + libedit-dev \ + libsqlite3-dev \ + libssl-dev \ + libxml2-dev \ + zlib1g-dev \ + ${PHP_EXTRA_BUILD_DEPS:-} \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + \ + export \ + CFLAGS="$PHP_CFLAGS" \ + CPPFLAGS="$PHP_CPPFLAGS" \ + LDFLAGS="$PHP_LDFLAGS" \ + ; \ + docker-php-source extract; \ + cd /usr/src/php; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ +# https://bugs.php.net/bug.php?id=74125 + if [ ! -d /usr/include/curl ]; then \ + ln -sT "/usr/include/$debMultiarch/curl" /usr/local/include/curl; \ + fi; \ + ./configure \ + --build="$gnuArch" \ + --with-config-file-path="$PHP_INI_DIR" \ + --with-config-file-scan-dir="$PHP_INI_DIR/conf.d" \ + \ +# make sure invalid --configure-flags are fatal errors intead of just warnings + --enable-option-checking=fatal \ + \ + --disable-cgi \ + \ +# https://github.com/docker-library/php/issues/439 + --with-mhash \ + \ +# --enable-ftp is included here because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236) + --enable-ftp \ +# --enable-mbstring is included here because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195) + --enable-mbstring \ +# --enable-mysqlnd is included here because it's harder to compile after the fact than extensions are (since it's a plugin for several extensions, not an extension in itself) + --enable-mysqlnd \ + \ + --with-curl \ + --with-libedit \ + --with-openssl \ + --with-zlib \ + \ +# bundled pcre does not support JIT on s390x +# https://manpages.debian.org/stretch/libpcre3-dev/pcrejit.3.en.html#AVAILABILITY_OF_JIT_SUPPORT + $(test "$gnuArch" = 's390x-linux-gnu' && echo '--without-pcre-jit') \ + --with-libdir="lib/$debMultiarch" \ + \ + ${PHP_EXTRA_CONFIGURE_ARGS:-} \ + ; \ + make -j "$(nproc)"; \ + make install; \ + find /usr/local/bin /usr/local/sbin -type f -executable -exec strip --strip-all '{}' + || true; \ + make clean; \ + cd /; \ + docker-php-source delete; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \ + find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + ; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + \ + php --version; \ + \ +# https://github.com/docker-library/php/issues/443 + pecl update-channels; \ + rm -rf /tmp/pear ~/.pearrc + +COPY docker-php-ext-* docker-php-entrypoint /usr/local/bin/ + +ENTRYPOINT ["docker-php-entrypoint"] +#### +WORKDIR /var/www/html + +RUN set -ex \ + && cd /usr/local/etc \ + && if [ -d php-fpm.d ]; then \ + # for some reason, upstream's php-fpm.conf.default has "include=NONE/etc/php-fpm.d/*.conf" + sed 's!=NONE/!=!g' php-fpm.conf.default | tee php-fpm.conf > /dev/null; \ + cp php-fpm.d/www.conf.default php-fpm.d/www.conf; \ + else \ + # PHP 5.x doesn't use "include=" by default, so we'll create our own simple config that mimics PHP 7+ for consistency + mkdir php-fpm.d; \ + cp php-fpm.conf.default php-fpm.d/www.conf; \ + { \ + echo '[global]'; \ + echo 'include=etc/php-fpm.d/*.conf'; \ + } | tee php-fpm.conf; \ + fi \ + && { \ + echo '[global]'; \ + echo 'error_log = /proc/self/fd/2'; \ + echo; \ + echo '[www]'; \ + echo '; if we send this to /proc/self/fd/1, it never appears'; \ + echo 'access.log = /proc/self/fd/2'; \ + echo; \ + echo 'clear_env = no'; \ + echo; \ + echo '; Ensure worker stdout and stderr are sent to the main error log.'; \ + echo 'catch_workers_output = yes'; \ + } | tee php-fpm.d/docker.conf \ + && { \ + echo '[global]'; \ + echo 'daemonize = no'; \ + echo; \ + echo '[www]'; \ + echo 'listen = 9000'; \ + } | tee php-fpm.d/zz-docker.conf + +EXPOSE 9000 +CMD ["php-fpm"] +#### diff --git a/7.1/stretch/zts/Dockerfile b/7.1/stretch/zts/Dockerfile new file mode 100644 index 00000000..7d844907 --- /dev/null +++ b/7.1/stretch/zts/Dockerfile @@ -0,0 +1,194 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:stretch-slim + +# prevent Debian's PHP packages from being installed +# https://github.com/docker-library/php/pull/542 +RUN set -eux; \ + { \ + echo 'Package: php*'; \ + echo 'Pin: release *'; \ + echo 'Pin-Priority: -1'; \ + } > /etc/apt/preferences.d/no-debian-php + +# dependencies required for running "phpize" +# (see persistent deps below) +ENV PHPIZE_DEPS \ + autoconf \ + dpkg-dev \ + file \ + g++ \ + gcc \ + libc-dev \ + make \ + pkg-config \ + re2c + +# persistent / runtime deps +RUN apt-get update && apt-get install -y \ + $PHPIZE_DEPS \ + ca-certificates \ + curl \ + xz-utils \ + --no-install-recommends && rm -r /var/lib/apt/lists/* + +ENV PHP_INI_DIR /usr/local/etc/php +RUN mkdir -p $PHP_INI_DIR/conf.d + +#### +ENV PHP_EXTRA_CONFIGURE_ARGS --enable-maintainer-zts +#### + +# Apply stack smash protection to functions using local buffers and alloca() +# Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) +# Enable optimization (-O2) +# Enable linker optimization (this sorts the hash buckets to improve cache locality, and is non-default) +# Adds GNU HASH segments to generated executables (this is used if present, and is much faster than sysv hash; in this configuration, sysv hash is also generated) +# https://github.com/docker-library/php/issues/272 +ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2" +ENV PHP_CPPFLAGS="$PHP_CFLAGS" +ENV PHP_LDFLAGS="-Wl,-O1 -Wl,--hash-style=both -pie" + +ENV GPG_KEYS A917B1ECDA84AEC2B568FED6F50ABC807BD5DCD0 528995BFEDFBA7191D46839EF9BA0ADA31CBD89E 1729F83938DA44E27BA0F4D3DBDB397470D12172 + +ENV PHP_VERSION 7.1.17 +ENV PHP_URL="https://secure.php.net/get/php-7.1.17.tar.xz/from/this/mirror" PHP_ASC_URL="https://secure.php.net/get/php-7.1.17.tar.xz.asc/from/this/mirror" +ENV PHP_SHA256="1a784806866e06367f7a5c88775d239d6f30041c7ce65a8232d03a3d4de56d56" PHP_MD5="" + +RUN set -xe; \ + \ + fetchDeps=' \ + wget \ + '; \ + if ! command -v gpg > /dev/null; then \ + fetchDeps="$fetchDeps \ + dirmngr \ + gnupg \ + "; \ + fi; \ + apt-get update; \ + apt-get install -y --no-install-recommends $fetchDeps; \ + rm -rf /var/lib/apt/lists/*; \ + \ + mkdir -p /usr/src; \ + cd /usr/src; \ + \ + wget -O php.tar.xz "$PHP_URL"; \ + \ + if [ -n "$PHP_SHA256" ]; then \ + echo "$PHP_SHA256 *php.tar.xz" | sha256sum -c -; \ + fi; \ + if [ -n "$PHP_MD5" ]; then \ + echo "$PHP_MD5 *php.tar.xz" | md5sum -c -; \ + fi; \ + \ + if [ -n "$PHP_ASC_URL" ]; then \ + wget -O php.tar.xz.asc "$PHP_ASC_URL"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for key in $GPG_KEYS; do \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + done; \ + gpg --batch --verify php.tar.xz.asc php.tar.xz; \ + rm -rf "$GNUPGHOME"; \ + fi; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps + +COPY docker-php-source /usr/local/bin/ + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libcurl4-openssl-dev \ + libedit-dev \ + libsqlite3-dev \ + libssl-dev \ + libxml2-dev \ + zlib1g-dev \ + ${PHP_EXTRA_BUILD_DEPS:-} \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + \ + export \ + CFLAGS="$PHP_CFLAGS" \ + CPPFLAGS="$PHP_CPPFLAGS" \ + LDFLAGS="$PHP_LDFLAGS" \ + ; \ + docker-php-source extract; \ + cd /usr/src/php; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ +# https://bugs.php.net/bug.php?id=74125 + if [ ! -d /usr/include/curl ]; then \ + ln -sT "/usr/include/$debMultiarch/curl" /usr/local/include/curl; \ + fi; \ + ./configure \ + --build="$gnuArch" \ + --with-config-file-path="$PHP_INI_DIR" \ + --with-config-file-scan-dir="$PHP_INI_DIR/conf.d" \ + \ +# make sure invalid --configure-flags are fatal errors intead of just warnings + --enable-option-checking=fatal \ + \ + --disable-cgi \ + \ +# https://github.com/docker-library/php/issues/439 + --with-mhash \ + \ +# --enable-ftp is included here because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236) + --enable-ftp \ +# --enable-mbstring is included here because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195) + --enable-mbstring \ +# --enable-mysqlnd is included here because it's harder to compile after the fact than extensions are (since it's a plugin for several extensions, not an extension in itself) + --enable-mysqlnd \ + \ + --with-curl \ + --with-libedit \ + --with-openssl \ + --with-zlib \ + \ +# bundled pcre does not support JIT on s390x +# https://manpages.debian.org/stretch/libpcre3-dev/pcrejit.3.en.html#AVAILABILITY_OF_JIT_SUPPORT + $(test "$gnuArch" = 's390x-linux-gnu' && echo '--without-pcre-jit') \ + --with-libdir="lib/$debMultiarch" \ + \ + ${PHP_EXTRA_CONFIGURE_ARGS:-} \ + ; \ + make -j "$(nproc)"; \ + make install; \ + find /usr/local/bin /usr/local/sbin -type f -executable -exec strip --strip-all '{}' + || true; \ + make clean; \ + cd /; \ + docker-php-source delete; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \ + find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + ; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + \ + php --version; \ + \ +# https://github.com/docker-library/php/issues/443 + pecl update-channels; \ + rm -rf /tmp/pear ~/.pearrc + +COPY docker-php-ext-* docker-php-entrypoint /usr/local/bin/ + +ENTRYPOINT ["docker-php-entrypoint"] +#### +CMD ["php", "-a"] +####