diff --git a/.travis.yml b/.travis.yml index 8d4ac257..5b9fe59e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,7 +2,6 @@ language: bash services: docker env: - - VERSION=5.5 - VERSION=10.3 - VERSION=10.2 - VERSION=10.1 diff --git a/10.0/Dockerfile b/10.0/Dockerfile index 98104e65..7061da6f 100644 --- a/10.0/Dockerfile +++ b/10.0/Dockerfile @@ -1,15 +1,24 @@ # vim:set ft=dockerfile: -FROM debian:jessie +FROM debian:jessie-slim # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added RUN groupadd -r mysql && useradd -r -g mysql mysql +# install "pwgen" for randomizing passwords +# install "apt-transport-https" for Percona's repo (switched to https-only) +RUN apt-get update && apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + pwgen \ + && rm -rf /var/lib/apt/lists/* + # add gosu for easy step-down from root ENV GOSU_VERSION 1.10 RUN set -ex; \ \ fetchDeps=' \ - ca-certificates \ wget \ '; \ apt-get update; \ @@ -30,21 +39,21 @@ RUN set -ex; \ # verify that the binary works gosu nobody true; \ \ - apt-get purge -y --auto-remove $fetchDeps + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \ + rm -rf /var/lib/apt/lists/* RUN mkdir /docker-entrypoint-initdb.d -# install "pwgen" for randomizing passwords -# install "apt-transport-https" for Percona's repo (switched to https-only) -RUN apt-get update && apt-get install -y --no-install-recommends \ - apt-transport-https ca-certificates \ - pwgen \ - && rm -rf /var/lib/apt/lists/* - ENV GPG_KEYS \ # Key fingerprint = 1993 69E5 404B D5FC 7D2F E43B CBCB 082A 1BB9 43DB # MariaDB Package Signing Key +# The old key is for MariaDB 10.0 199369E5404BD5FC7D2FE43BCBCB082A1BB943DB \ +# pub 4096R/C74CD1D8 2016-03-30 +# Key fingerprint = 177F 4010 FE56 CA33 3630 0305 F165 6F24 C74C D1D8 +# uid MariaDB Signing Key +# sub 4096R/DE8F6914 2016-03-30 + 177F4010FE56CA3336300305F1656F24C74CD1D8 \ # pub 1024D/CD2EFD2A 2009-12-15 # Key fingerprint = 430B DF5C 56E7 C94E 848E E60C 1C4C BDCD CD2E FD2A # uid Percona MySQL Development Team diff --git a/10.1/Dockerfile b/10.1/Dockerfile index 25bfac81..927171da 100644 --- a/10.1/Dockerfile +++ b/10.1/Dockerfile @@ -1,15 +1,24 @@ # vim:set ft=dockerfile: -FROM debian:jessie +FROM debian:stretch-slim # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added RUN groupadd -r mysql && useradd -r -g mysql mysql +# install "pwgen" for randomizing passwords +# install "apt-transport-https" for Percona's repo (switched to https-only) +RUN apt-get update && apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + pwgen \ + && rm -rf /var/lib/apt/lists/* + # add gosu for easy step-down from root ENV GOSU_VERSION 1.10 RUN set -ex; \ \ fetchDeps=' \ - ca-certificates \ wget \ '; \ apt-get update; \ @@ -30,21 +39,21 @@ RUN set -ex; \ # verify that the binary works gosu nobody true; \ \ - apt-get purge -y --auto-remove $fetchDeps + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \ + rm -rf /var/lib/apt/lists/* RUN mkdir /docker-entrypoint-initdb.d -# install "pwgen" for randomizing passwords -# install "apt-transport-https" for Percona's repo (switched to https-only) -RUN apt-get update && apt-get install -y --no-install-recommends \ - apt-transport-https ca-certificates \ - pwgen \ - && rm -rf /var/lib/apt/lists/* - ENV GPG_KEYS \ # Key fingerprint = 1993 69E5 404B D5FC 7D2F E43B CBCB 082A 1BB9 43DB # MariaDB Package Signing Key +# The old key is for MariaDB 10.0 199369E5404BD5FC7D2FE43BCBCB082A1BB943DB \ +# pub 4096R/C74CD1D8 2016-03-30 +# Key fingerprint = 177F 4010 FE56 CA33 3630 0305 F165 6F24 C74C D1D8 +# uid MariaDB Signing Key +# sub 4096R/DE8F6914 2016-03-30 + 177F4010FE56CA3336300305F1656F24C74CD1D8 \ # pub 1024D/CD2EFD2A 2009-12-15 # Key fingerprint = 430B DF5C 56E7 C94E 848E E60C 1C4C BDCD CD2E FD2A # uid Percona MySQL Development Team @@ -65,7 +74,7 @@ RUN set -ex; \ apt-key list # add Percona's repo for xtrabackup (which is useful for Galera) -RUN echo "deb https://repo.percona.com/apt jessie main" > /etc/apt/sources.list.d/percona.list \ +RUN echo "deb https://repo.percona.com/apt stretch main" > /etc/apt/sources.list.d/percona.list \ && { \ echo 'Package: *'; \ echo 'Pin: release o=Percona Development Team'; \ @@ -73,9 +82,9 @@ RUN echo "deb https://repo.percona.com/apt jessie main" > /etc/apt/sources.list. } > /etc/apt/preferences.d/percona ENV MARIADB_MAJOR 10.1 -ENV MARIADB_VERSION 10.1.33+maria-1~jessie +ENV MARIADB_VERSION 10.1.33+maria-1~stretch -RUN echo "deb http://ftp.osuosl.org/pub/mariadb/repo/$MARIADB_MAJOR/debian jessie main" > /etc/apt/sources.list.d/mariadb.list \ +RUN echo "deb http://ftp.osuosl.org/pub/mariadb/repo/$MARIADB_MAJOR/debian stretch main" > /etc/apt/sources.list.d/mariadb.list \ && { \ echo 'Package: *'; \ echo 'Pin: release o=MariaDB'; \ diff --git a/10.2/Dockerfile b/10.2/Dockerfile index 10f6ecef..bda29143 100644 --- a/10.2/Dockerfile +++ b/10.2/Dockerfile @@ -1,15 +1,24 @@ # vim:set ft=dockerfile: -FROM debian:jessie +FROM debian:stretch-slim # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added RUN groupadd -r mysql && useradd -r -g mysql mysql +# install "pwgen" for randomizing passwords +# install "apt-transport-https" for Percona's repo (switched to https-only) +RUN apt-get update && apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + pwgen \ + && rm -rf /var/lib/apt/lists/* + # add gosu for easy step-down from root ENV GOSU_VERSION 1.10 RUN set -ex; \ \ fetchDeps=' \ - ca-certificates \ wget \ '; \ apt-get update; \ @@ -30,21 +39,21 @@ RUN set -ex; \ # verify that the binary works gosu nobody true; \ \ - apt-get purge -y --auto-remove $fetchDeps + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \ + rm -rf /var/lib/apt/lists/* RUN mkdir /docker-entrypoint-initdb.d -# install "pwgen" for randomizing passwords -# install "apt-transport-https" for Percona's repo (switched to https-only) -RUN apt-get update && apt-get install -y --no-install-recommends \ - apt-transport-https ca-certificates \ - pwgen \ - && rm -rf /var/lib/apt/lists/* - ENV GPG_KEYS \ # Key fingerprint = 1993 69E5 404B D5FC 7D2F E43B CBCB 082A 1BB9 43DB # MariaDB Package Signing Key +# The old key is for MariaDB 10.0 199369E5404BD5FC7D2FE43BCBCB082A1BB943DB \ +# pub 4096R/C74CD1D8 2016-03-30 +# Key fingerprint = 177F 4010 FE56 CA33 3630 0305 F165 6F24 C74C D1D8 +# uid MariaDB Signing Key +# sub 4096R/DE8F6914 2016-03-30 + 177F4010FE56CA3336300305F1656F24C74CD1D8 \ # pub 1024D/CD2EFD2A 2009-12-15 # Key fingerprint = 430B DF5C 56E7 C94E 848E E60C 1C4C BDCD CD2E FD2A # uid Percona MySQL Development Team @@ -65,7 +74,7 @@ RUN set -ex; \ apt-key list # add Percona's repo for xtrabackup (which is useful for Galera) -RUN echo "deb https://repo.percona.com/apt jessie main" > /etc/apt/sources.list.d/percona.list \ +RUN echo "deb https://repo.percona.com/apt stretch main" > /etc/apt/sources.list.d/percona.list \ && { \ echo 'Package: *'; \ echo 'Pin: release o=Percona Development Team'; \ @@ -73,9 +82,9 @@ RUN echo "deb https://repo.percona.com/apt jessie main" > /etc/apt/sources.list. } > /etc/apt/preferences.d/percona ENV MARIADB_MAJOR 10.2 -ENV MARIADB_VERSION 10.2.15+maria~jessie +ENV MARIADB_VERSION 10.2.15+maria~stretch -RUN echo "deb http://ftp.osuosl.org/pub/mariadb/repo/$MARIADB_MAJOR/debian jessie main" > /etc/apt/sources.list.d/mariadb.list \ +RUN echo "deb http://ftp.osuosl.org/pub/mariadb/repo/$MARIADB_MAJOR/debian stretch main" > /etc/apt/sources.list.d/mariadb.list \ && { \ echo 'Package: *'; \ echo 'Pin: release o=MariaDB'; \ diff --git a/10.3/Dockerfile b/10.3/Dockerfile index aa367a06..46e20989 100644 --- a/10.3/Dockerfile +++ b/10.3/Dockerfile @@ -1,15 +1,24 @@ # vim:set ft=dockerfile: -FROM debian:jessie +FROM debian:stretch-slim # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added RUN groupadd -r mysql && useradd -r -g mysql mysql +# install "pwgen" for randomizing passwords +# install "apt-transport-https" for Percona's repo (switched to https-only) +RUN apt-get update && apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + pwgen \ + && rm -rf /var/lib/apt/lists/* + # add gosu for easy step-down from root ENV GOSU_VERSION 1.10 RUN set -ex; \ \ fetchDeps=' \ - ca-certificates \ wget \ '; \ apt-get update; \ @@ -30,21 +39,21 @@ RUN set -ex; \ # verify that the binary works gosu nobody true; \ \ - apt-get purge -y --auto-remove $fetchDeps + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \ + rm -rf /var/lib/apt/lists/* RUN mkdir /docker-entrypoint-initdb.d -# install "pwgen" for randomizing passwords -# install "apt-transport-https" for Percona's repo (switched to https-only) -RUN apt-get update && apt-get install -y --no-install-recommends \ - apt-transport-https ca-certificates \ - pwgen \ - && rm -rf /var/lib/apt/lists/* - ENV GPG_KEYS \ # Key fingerprint = 1993 69E5 404B D5FC 7D2F E43B CBCB 082A 1BB9 43DB # MariaDB Package Signing Key +# The old key is for MariaDB 10.0 199369E5404BD5FC7D2FE43BCBCB082A1BB943DB \ +# pub 4096R/C74CD1D8 2016-03-30 +# Key fingerprint = 177F 4010 FE56 CA33 3630 0305 F165 6F24 C74C D1D8 +# uid MariaDB Signing Key +# sub 4096R/DE8F6914 2016-03-30 + 177F4010FE56CA3336300305F1656F24C74CD1D8 \ # pub 1024D/CD2EFD2A 2009-12-15 # Key fingerprint = 430B DF5C 56E7 C94E 848E E60C 1C4C BDCD CD2E FD2A # uid Percona MySQL Development Team @@ -65,7 +74,7 @@ RUN set -ex; \ apt-key list # add Percona's repo for xtrabackup (which is useful for Galera) -RUN echo "deb https://repo.percona.com/apt jessie main" > /etc/apt/sources.list.d/percona.list \ +RUN echo "deb https://repo.percona.com/apt stretch main" > /etc/apt/sources.list.d/percona.list \ && { \ echo 'Package: *'; \ echo 'Pin: release o=Percona Development Team'; \ @@ -73,9 +82,9 @@ RUN echo "deb https://repo.percona.com/apt jessie main" > /etc/apt/sources.list. } > /etc/apt/preferences.d/percona ENV MARIADB_MAJOR 10.3 -ENV MARIADB_VERSION 1:10.3.7+maria~jessie +ENV MARIADB_VERSION 1:10.3.7+maria~stretch -RUN echo "deb http://ftp.osuosl.org/pub/mariadb/repo/$MARIADB_MAJOR/debian jessie main" > /etc/apt/sources.list.d/mariadb.list \ +RUN echo "deb http://ftp.osuosl.org/pub/mariadb/repo/$MARIADB_MAJOR/debian stretch main" > /etc/apt/sources.list.d/mariadb.list \ && { \ echo 'Package: *'; \ echo 'Pin: release o=MariaDB'; \ diff --git a/5.5/Dockerfile b/5.5/Dockerfile deleted file mode 100644 index 1280b50e..00000000 --- a/5.5/Dockerfile +++ /dev/null @@ -1,121 +0,0 @@ -# vim:set ft=dockerfile: -FROM debian:wheezy - -# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added -RUN groupadd -r mysql && useradd -r -g mysql mysql - -# add gosu for easy step-down from root -ENV GOSU_VERSION 1.10 -RUN set -ex; \ - \ - fetchDeps=' \ - ca-certificates \ - wget \ - '; \ - apt-get update; \ - apt-get install -y --no-install-recommends $fetchDeps; \ - rm -rf /var/lib/apt/lists/*; \ - \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - \ -# verify the signature - export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - \ - chmod +x /usr/local/bin/gosu; \ -# verify that the binary works - gosu nobody true; \ - \ - apt-get purge -y --auto-remove $fetchDeps - -RUN mkdir /docker-entrypoint-initdb.d - -# install "pwgen" for randomizing passwords -# install "apt-transport-https" for Percona's repo (switched to https-only) -RUN apt-get update && apt-get install -y --no-install-recommends \ - apt-transport-https ca-certificates \ - pwgen \ - && rm -rf /var/lib/apt/lists/* - -ENV GPG_KEYS \ -# Key fingerprint = 1993 69E5 404B D5FC 7D2F E43B CBCB 082A 1BB9 43DB -# MariaDB Package Signing Key - 199369E5404BD5FC7D2FE43BCBCB082A1BB943DB \ -# pub 1024D/CD2EFD2A 2009-12-15 -# Key fingerprint = 430B DF5C 56E7 C94E 848E E60C 1C4C BDCD CD2E FD2A -# uid Percona MySQL Development Team -# sub 2048g/2D607DAF 2009-12-15 - 430BDF5C56E7C94E848EE60C1C4CBDCDCD2EFD2A \ -# pub 4096R/8507EFA5 2016-06-30 -# Key fingerprint = 4D1B B29D 63D9 8E42 2B21 13B1 9334 A25F 8507 EFA5 -# uid Percona MySQL Development Team (Packaging key) -# sub 4096R/4CAC6D72 2016-06-30 - 4D1BB29D63D98E422B2113B19334A25F8507EFA5 -RUN set -ex; \ - export GNUPGHOME="$(mktemp -d)"; \ - for key in $GPG_KEYS; do \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ - done; \ - gpg --export $GPG_KEYS > /etc/apt/trusted.gpg.d/mariadb.gpg; \ - rm -r "$GNUPGHOME"; \ - apt-key list - -# add Percona's repo for xtrabackup (which is useful for Galera) -RUN echo "deb https://repo.percona.com/apt wheezy main" > /etc/apt/sources.list.d/percona.list \ - && { \ - echo 'Package: *'; \ - echo 'Pin: release o=Percona Development Team'; \ - echo 'Pin-Priority: 998'; \ - } > /etc/apt/preferences.d/percona - -ENV MARIADB_MAJOR 5.5 -ENV MARIADB_VERSION 5.5.60+maria-1~wheezy - -RUN echo "deb http://ftp.osuosl.org/pub/mariadb/repo/$MARIADB_MAJOR/debian wheezy main" > /etc/apt/sources.list.d/mariadb.list \ - && { \ - echo 'Package: *'; \ - echo 'Pin: release o=MariaDB'; \ - echo 'Pin-Priority: 999'; \ - } > /etc/apt/preferences.d/mariadb -# add repository pinning to make sure dependencies from this MariaDB repo are preferred over Debian dependencies -# libmariadbclient18 : Depends: libmysqlclient18 (= 5.5.42+maria-1~wheezy) but 5.5.43-0+deb7u1 is to be installed - -# the "/var/lib/mysql" stuff here is because the mysql-server postinst doesn't have an explicit way to disable the mysql_install_db codepath besides having a database already "configured" (ie, stuff in /var/lib/mysql/mysql) -# also, we set debconf keys to make APT a little quieter -RUN { \ - echo "mariadb-server-$MARIADB_MAJOR" mysql-server/root_password password 'unused'; \ - echo "mariadb-server-$MARIADB_MAJOR" mysql-server/root_password_again password 'unused'; \ - } | debconf-set-selections \ - && apt-get update \ - && apt-get install -y \ - "mariadb-server=$MARIADB_VERSION" \ -# percona-xtrabackup is installed at the same time so that `mysql-common` is only installed once from just mariadb repos - percona-xtrabackup \ - socat \ - && rm -rf /var/lib/apt/lists/* \ -# comment out any "user" entires in the MySQL config ("docker-entrypoint.sh" or "--user" will handle user switching) - && sed -ri 's/^user\s/#&/' /etc/mysql/my.cnf /etc/mysql/conf.d/* \ -# purge and re-create /var/lib/mysql with appropriate ownership - && rm -rf /var/lib/mysql && mkdir -p /var/lib/mysql /var/run/mysqld \ - && chown -R mysql:mysql /var/lib/mysql /var/run/mysqld \ -# ensure that /var/run/mysqld (used for socket and lock files) is writable regardless of the UID our mysqld instance ends up having at runtime - && chmod 777 /var/run/mysqld \ -# comment out a few problematic configuration values - && find /etc/mysql/ -name '*.cnf' -print0 \ - | xargs -0 grep -lZE '^(bind-address|log)' \ - | xargs -rt -0 sed -Ei 's/^(bind-address|log)/#&/' \ -# don't reverse lookup hostnames, they are usually another container - && echo '[mysqld]\nskip-host-cache\nskip-name-resolve' > /etc/mysql/conf.d/docker.cnf - -VOLUME /var/lib/mysql - -COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -ENTRYPOINT ["docker-entrypoint.sh"] - -EXPOSE 3306 -CMD ["mysqld"] diff --git a/5.5/docker-entrypoint.sh b/5.5/docker-entrypoint.sh deleted file mode 100755 index 98a6e66d..00000000 --- a/5.5/docker-entrypoint.sh +++ /dev/null @@ -1,190 +0,0 @@ -#!/bin/bash -set -eo pipefail -shopt -s nullglob - -# if command starts with an option, prepend mysqld -if [ "${1:0:1}" = '-' ]; then - set -- mysqld "$@" -fi - -# skip setup if they want an option that stops mysqld -wantHelp= -for arg; do - case "$arg" in - -'?'|--help|--print-defaults|-V|--version) - wantHelp=1 - break - ;; - esac -done - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -_check_config() { - toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" ) - if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then - cat >&2 <<-EOM - - ERROR: mysqld failed while attempting to check config - command was: "${toRun[*]}" - - $errors - EOM - exit 1 - fi -} - -# Fetch value from server config -# We use mysqld --verbose --help instead of my_print_defaults because the -# latter only show values present in config files, and not server defaults -_get_config() { - local conf="$1"; shift - "$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null | awk '$1 == "'"$conf"'" { print $2; exit }' -} - -# allow the container to be started with `--user` -if [ "$1" = 'mysqld' -a -z "$wantHelp" -a "$(id -u)" = '0' ]; then - _check_config "$@" - DATADIR="$(_get_config 'datadir' "$@")" - mkdir -p "$DATADIR" - chown -R mysql:mysql "$DATADIR" - exec gosu mysql "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'mysqld' -a -z "$wantHelp" ]; then - # still need to check config, container may have started with --user - _check_config "$@" - # Get config - DATADIR="$(_get_config 'datadir' "$@")" - - if [ ! -d "$DATADIR/mysql" ]; then - file_env 'MYSQL_ROOT_PASSWORD' - if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then - echo >&2 'error: database is uninitialized and password option is not specified ' - echo >&2 ' You need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD' - exit 1 - fi - - mkdir -p "$DATADIR" - - echo 'Initializing database' - # "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here) - mysql_install_db --datadir="$DATADIR" --rpm "${@:2}" - echo 'Database initialized' - - SOCKET="$(_get_config 'socket' "$@")" - "$@" --skip-networking --socket="${SOCKET}" & - pid="$!" - - mysql=( mysql --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" ) - - for i in {30..0}; do - if echo 'SELECT 1' | "${mysql[@]}" &> /dev/null; then - break - fi - echo 'MySQL init process in progress...' - sleep 1 - done - if [ "$i" = 0 ]; then - echo >&2 'MySQL init process failed.' - exit 1 - fi - - if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then - # sed is for https://bugs.mysql.com/bug.php?id=20545 - mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql - fi - - if [ ! -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then - export MYSQL_ROOT_PASSWORD="$(pwgen -1 32)" - echo "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD" - fi - - rootCreate= - # default root to listen for connections from anywhere - file_env 'MYSQL_ROOT_HOST' '%' - if [ ! -z "$MYSQL_ROOT_HOST" -a "$MYSQL_ROOT_HOST" != 'localhost' ]; then - # no, we don't care if read finds a terminating character in this heredoc - # https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151 - read -r -d '' rootCreate <<-EOSQL || true - CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ; - GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ; - EOSQL - fi - - "${mysql[@]}" <<-EOSQL - -- What's done in this file shouldn't be replicated - -- or products like mysql-fabric won't work - SET @@SESSION.SQL_LOG_BIN=0; - - DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ; - SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ; - GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ; - ${rootCreate} - DROP DATABASE IF EXISTS test ; - FLUSH PRIVILEGES ; - EOSQL - - if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then - mysql+=( -p"${MYSQL_ROOT_PASSWORD}" ) - fi - - file_env 'MYSQL_DATABASE' - if [ "$MYSQL_DATABASE" ]; then - echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" | "${mysql[@]}" - mysql+=( "$MYSQL_DATABASE" ) - fi - - file_env 'MYSQL_USER' - file_env 'MYSQL_PASSWORD' - if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then - echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" | "${mysql[@]}" - - if [ "$MYSQL_DATABASE" ]; then - echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}" - fi - fi - - echo - for f in /docker-entrypoint-initdb.d/*; do - case "$f" in - *.sh) echo "$0: running $f"; . "$f" ;; - *.sql) echo "$0: running $f"; "${mysql[@]}" < "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${mysql[@]}"; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done - - if ! kill -s TERM "$pid" || ! wait "$pid"; then - echo >&2 'MySQL init process failed.' - exit 1 - fi - - echo - echo 'MySQL init process done. Ready for start up.' - echo - fi -fi - -exec "$@" diff --git a/Dockerfile.template b/Dockerfile.template index 0e73316f..86abda99 100644 --- a/Dockerfile.template +++ b/Dockerfile.template @@ -1,15 +1,24 @@ # vim:set ft=dockerfile: -FROM debian:%%SUITE%% +FROM debian:%%SUITE%%-slim # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added RUN groupadd -r mysql && useradd -r -g mysql mysql +# install "pwgen" for randomizing passwords +# install "apt-transport-https" for Percona's repo (switched to https-only) +RUN apt-get update && apt-get install -y --no-install-recommends \ + apt-transport-https \ + ca-certificates \ + dirmngr \ + gnupg \ + pwgen \ + && rm -rf /var/lib/apt/lists/* + # add gosu for easy step-down from root ENV GOSU_VERSION 1.10 RUN set -ex; \ \ fetchDeps=' \ - ca-certificates \ wget \ '; \ apt-get update; \ @@ -30,21 +39,21 @@ RUN set -ex; \ # verify that the binary works gosu nobody true; \ \ - apt-get purge -y --auto-remove $fetchDeps + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \ + rm -rf /var/lib/apt/lists/* RUN mkdir /docker-entrypoint-initdb.d -# install "pwgen" for randomizing passwords -# install "apt-transport-https" for Percona's repo (switched to https-only) -RUN apt-get update && apt-get install -y --no-install-recommends \ - apt-transport-https ca-certificates \ - pwgen \ - && rm -rf /var/lib/apt/lists/* - ENV GPG_KEYS \ # Key fingerprint = 1993 69E5 404B D5FC 7D2F E43B CBCB 082A 1BB9 43DB # MariaDB Package Signing Key +# The old key is for MariaDB 10.0 199369E5404BD5FC7D2FE43BCBCB082A1BB943DB \ +# pub 4096R/C74CD1D8 2016-03-30 +# Key fingerprint = 177F 4010 FE56 CA33 3630 0305 F165 6F24 C74C D1D8 +# uid MariaDB Signing Key +# sub 4096R/DE8F6914 2016-03-30 + 177F4010FE56CA3336300305F1656F24C74CD1D8 \ # pub 1024D/CD2EFD2A 2009-12-15 # Key fingerprint = 430B DF5C 56E7 C94E 848E E60C 1C4C BDCD CD2E FD2A # uid Percona MySQL Development Team diff --git a/update.sh b/update.sh index 15b3bc88..5403d6f6 100755 --- a/update.sh +++ b/update.sh @@ -1,13 +1,12 @@ #!/bin/bash set -eo pipefail -defaultSuite='jessie' +defaultSuite='stretch' declare -A suites=( - [5.5]='wheezy' + [10.0]='jessie' ) defaultXtrabackup='percona-xtrabackup-24' declare -A xtrabackups=( - [5.5]='percona-xtrabackup' [10.0]='percona-xtrabackup' [10.1]='percona-xtrabackup' )