From ad2c785ac44a259fb6a66c58dee07833cb3d6d2e Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Thu, 30 Dec 2021 13:59:22 +0000 Subject: [PATCH] 5.8.2-debian-10-r44 release --- .../wordpress-nginx/5/debian-10/Dockerfile | 6 +- .../opt/bitnami/.bitnami_components.json | 4 +- .../rootfs/opt/bitnami/scripts/libnginx.sh | 194 +++++++++++------- .../rootfs/opt/bitnami/scripts/nginx-env.sh | 1 + .../opt/bitnami/scripts/nginx/postunpack.sh | 6 +- .../rootfs/opt/bitnami/scripts/nginx/setup.sh | 3 + bitnami/wordpress-nginx/README.md | 2 +- 7 files changed, 129 insertions(+), 87 deletions(-) diff --git a/bitnami/wordpress-nginx/5/debian-10/Dockerfile b/bitnami/wordpress-nginx/5/debian-10/Dockerfile index 8cf4a71043c4..200e9dbb156d 100644 --- a/bitnami/wordpress-nginx/5/debian-10/Dockerfile +++ b/bitnami/wordpress-nginx/5/debian-10/Dockerfile @@ -9,7 +9,7 @@ ENV HOME="/" \ COPY prebuildfs / # Install required system packages and dependencies RUN install_packages acl ca-certificates curl gzip less libaudit1 libbsd0 libbz2-1.0 libc6 libcap-ng0 libcom-err2 libcurl4 libexpat1 libffi6 libfftw3-double3 libfontconfig1 libfreetype6 libgcc1 libgcrypt20 libgeoip1 libglib2.0-0 libgmp10 libgnutls30 libgomp1 libgpg-error0 libgssapi-krb5-2 libhogweed4 libicu63 libidn2-0 libjemalloc2 libjpeg62-turbo libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 liblcms2-2 libldap-2.4-2 liblqr-1-0 libltdl7 liblzma5 libmagickcore-6.q16-6 libmagickwand-6.q16-6 libmcrypt4 libmemcached11 libmemcachedutil2 libncurses6 libnettle6 libnghttp2-14 libonig5 libp11-kit0 libpam0g libpcre3 libpng16-16 libpq5 libpsl5 libreadline7 librtmp1 libsasl2-2 libsodium23 libsqlite3-0 libssh2-1 libssl1.1 libstdc++6 libsybdb5 libtasn1-6 libtidy5deb1 libtinfo6 libunistring2 libuuid1 libwebp6 libx11-6 libxau6 libxcb1 libxdmcp6 libxext6 libxml2 libxslt1.1 libzip4 procps tar zlib1g -RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "php" "7.4.27-2" --checksum 00c27d3d0d2dc5db11f1c8d5b0271c3e55d89e81e11e82b4ab9de26bfebf8b21 +RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "php" "7.4.27-3" --checksum 6e6afcff2aae442d1271343e88fea61dda066c449c241cd3cb2d612cda73098c RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "wp-cli" "2.5.0-0" --checksum b2be17e2065fc8d9d1a175e1dbc689e8f6a5543bb3b6a6f5470bc987b7c396ce RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "nginx" "1.21.5-0" --checksum e2c355bf9aacd333d1efd311aa016f412fe701aad136a981f6c5993a3d9bc82f RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "mysql-client" "10.3.32-0" --checksum 4a211faa9436c9747dfc4374cb9e8a7f9b0065dfc58dd4784cef0f5029c2e65e @@ -20,13 +20,13 @@ RUN chmod g+rwX /opt/bitnami COPY rootfs / RUN /opt/bitnami/scripts/mysql-client/postunpack.sh -RUN /opt/bitnami/scripts/php/postunpack.sh RUN /opt/bitnami/scripts/nginx/postunpack.sh +RUN /opt/bitnami/scripts/php/postunpack.sh RUN /opt/bitnami/scripts/nginx-php-fpm/postunpack.sh RUN /opt/bitnami/scripts/wordpress/postunpack.sh ENV ALLOW_EMPTY_PASSWORD="no" \ BITNAMI_APP_NAME="wordpress-nginx" \ - BITNAMI_IMAGE_VERSION="5.8.2-debian-10-r43" \ + BITNAMI_IMAGE_VERSION="5.8.2-debian-10-r44" \ MARIADB_HOST="mariadb" \ MARIADB_PORT_NUMBER="3306" \ MARIADB_ROOT_PASSWORD="" \ diff --git a/bitnami/wordpress-nginx/5/debian-10/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/wordpress-nginx/5/debian-10/prebuildfs/opt/bitnami/.bitnami_components.json index ee4f0dda19ba..fa8262c0e5eb 100644 --- a/bitnami/wordpress-nginx/5/debian-10/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/wordpress-nginx/5/debian-10/prebuildfs/opt/bitnami/.bitnami_components.json @@ -22,10 +22,10 @@ }, "php": { "arch": "amd64", - "digest": "00c27d3d0d2dc5db11f1c8d5b0271c3e55d89e81e11e82b4ab9de26bfebf8b21", + "digest": "6e6afcff2aae442d1271343e88fea61dda066c449c241cd3cb2d612cda73098c", "distro": "debian-10", "type": "NAMI", - "version": "7.4.27-2" + "version": "7.4.27-3" }, "render-template": { "arch": "amd64", diff --git a/bitnami/wordpress-nginx/5/debian-10/rootfs/opt/bitnami/scripts/libnginx.sh b/bitnami/wordpress-nginx/5/debian-10/rootfs/opt/bitnami/scripts/libnginx.sh index a1c046eefe00..b302ab8f5151 100644 --- a/bitnami/wordpress-nginx/5/debian-10/rootfs/opt/bitnami/scripts/libnginx.sh +++ b/bitnami/wordpress-nginx/5/debian-10/rootfs/opt/bitnami/scripts/libnginx.sh @@ -2,7 +2,7 @@ # # Bitnami NGINX library -# shellcheck disable=SC1091 +# shellcheck disable=SC1090,SC1091 # Load Generic Libraries . /opt/bitnami/scripts/libfs.sh @@ -79,7 +79,7 @@ nginx_configure_port() { debug "Setting port number to ${port} in '${file}'" # TODO: find an appropriate NGINX parser to avoid 'sed calls' nginx_configuration="$(sed -E "s/(listen\s+)[0-9]{1,5};/\1${port};/g" "$file")" - echo "$nginx_configuration" > "$file" + echo "$nginx_configuration" >"$file" fi } @@ -145,12 +145,12 @@ nginx_initialize() { chown -R "${NGINX_DAEMON_USER:-}" "$NGINX_TMP_DIR" fi nginx_user_configuration="$(sed -E "s/^(user\s+).*/\1${NGINX_DAEMON_USER:-} ${NGINX_DAEMON_GROUP:-};/g" "$NGINX_CONF_FILE")" - is_file_writable "$NGINX_CONF_FILE" && echo "$nginx_user_configuration" > "$NGINX_CONF_FILE" + is_file_writable "$NGINX_CONF_FILE" && echo "$nginx_user_configuration" >"$NGINX_CONF_FILE" else # The "user" directive makes sense only if the master process runs with super-user privileges # TODO: find an appropriate NGINX parser to avoid 'sed calls' nginx_user_configuration="$(sed -E "s/(^user)/# \1/g" "$NGINX_CONF_FILE")" - is_file_writable "$NGINX_CONF_FILE" && echo "$nginx_user_configuration" > "$NGINX_CONF_FILE" + is_file_writable "$NGINX_CONF_FILE" && echo "$nginx_user_configuration" >"$NGINX_CONF_FILE" fi if [[ -n "${NGINX_HTTP_PORT_NUMBER:-}" ]]; then nginx_configure_port "$NGINX_HTTP_PORT_NUMBER" @@ -202,37 +202,37 @@ ensure_nginx_app_configuration_exists() { shift while [[ "$#" -gt 0 ]]; do case "$1" in - --hosts \ - | --server-aliases) - var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" - shift - read -r -a "$var_name" <<< "$1" - ;; - --disable \ - | --disable-http \ - | --disable-https \ - ) - var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" - export "${var_name}=yes" - ;; - --type \ - | --server-name \ - | --allow-remote-connections \ - | --http-port \ - | --https-port \ - | --additional-configuration \ - | --external-configuration \ - | --document-root \ - | --extra-directory-configuration \ - ) - var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" - shift - export "${var_name}"="$1" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; + --hosts | \ + --server-aliases) + var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" + shift + read -r -a "$var_name" <<<"$1" + ;; + --disable | \ + --disable-http | \ + --disable-https) + + var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" + export "${var_name}=yes" + ;; + --type | \ + --server-name | \ + --allow-remote-connections | \ + --http-port | \ + --https-port | \ + --additional-configuration | \ + --external-configuration | \ + --document-root | \ + --extra-directory-configuration) + + var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" + shift + export "${var_name}"="$1" + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; esac shift done @@ -290,12 +290,12 @@ absolute_redirect off;" local http_server_block="${NGINX_SERVER_BLOCKS_DIR}/${app}-server-block.conf" local https_server_block="${NGINX_SERVER_BLOCKS_DIR}/${app}-https-server-block.conf" local -r disable_suffix=".disabled" - ( is_boolean_yes "$disable" || is_boolean_yes "$disable_http" ) && http_server_block+="$disable_suffix" - ( is_boolean_yes "$disable" || is_boolean_yes "$disable_https" ) && https_server_block+="$disable_suffix" + (is_boolean_yes "$disable" || is_boolean_yes "$disable_http") && http_server_block+="$disable_suffix" + (is_boolean_yes "$disable" || is_boolean_yes "$disable_https") && https_server_block+="$disable_suffix" if is_file_writable "$http_server_block"; then # Create file with root group write privileges, so it can be modified in non-root containers [[ ! -f "$http_server_block" ]] && touch "$http_server_block" && chmod g+rw "$http_server_block" - render-template "${template_dir}/${template_name}-http-server-block.conf.tpl" | sed '/^\s*$/d' > "$http_server_block" + render-template "${template_dir}/${template_name}-http-server-block.conf.tpl" | sed '/^\s*$/d' >"$http_server_block" elif [[ ! -f "$http_server_block" ]]; then error "Could not create server block for ${app} at '${http_server_block}'. Check permissions and ownership for parent directories." return 1 @@ -305,7 +305,7 @@ absolute_redirect off;" if is_file_writable "$https_server_block"; then # Create file with root group write privileges, so it can be modified in non-root containers [[ ! -f "$https_server_block" ]] && touch "$https_server_block" && chmod g+rw "$https_server_block" - render-template "${template_dir}/${template_name}-https-server-block.conf.tpl" | sed '/^\s*$/d' > "$https_server_block" + render-template "${template_dir}/${template_name}-https-server-block.conf.tpl" | sed '/^\s*$/d' >"$https_server_block" elif [[ ! -f "$https_server_block" ]]; then error "Could not create server block for ${app} at '${https_server_block}'. Check permissions and ownership for parent directories." return 1 @@ -364,21 +364,21 @@ ensure_nginx_prefix_configuration_exists() { shift while [[ "$#" -gt 0 ]]; do case "$1" in - --type \ - | --allow-remote-connections \ - | --additional-configuration \ - | --document-root \ - | --extra-directory-configuration \ - | --prefix \ - ) - var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" - shift - declare "${var_name}"="$1" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; + --type | \ + --allow-remote-connections | \ + --additional-configuration | \ + --document-root | \ + --extra-directory-configuration | \ + --prefix) + + var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" + shift + declare "${var_name}"="$1" + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; esac shift done @@ -407,7 +407,7 @@ absolute_redirect off;" if is_file_writable "$prefix_file"; then # Create file with root group write privileges, so it can be modified in non-root containers [[ ! -f "$prefix_file" ]] && touch "$prefix_file" && chmod g+rw "$prefix_file" - render-template "${template_dir}/${template_name}-prefix.conf.tpl" | sed '/^\s*$/d' > "$prefix_file" + render-template "${template_dir}/${template_name}-prefix.conf.tpl" | sed '/^\s*$/d' >"$prefix_file" elif [[ ! -f "$prefix_file" ]]; then error "Could not create web server configuration file for ${app} at '${prefix_file}'. Check permissions and ownership for parent directories." return 1 @@ -448,31 +448,31 @@ nginx_update_app_configuration() { shift while [[ "$#" -gt 0 ]]; do case "$1" in - --hosts \ - | --server-aliases) - var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" - shift - read -r -a "$var_name" <<< "$1" - ;; + --hosts | \ + --server-aliases) + var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" + shift + read -r -a "$var_name" <<<"$1" + ;; - # Common flags - --server-name \ - | --enable-http \ - | --enable-https \ - | --disable-http \ - | --disable-https \ - | --http-port \ - | --https-port \ - ) - var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" - shift - declare "${var_name}=${1}" - ;; + # Common flags + --server-name | \ + --enable-http | \ + --enable-https | \ + --disable-http | \ + --disable-https | \ + --http-port | \ + --https-port) - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; + var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" + shift + declare "${var_name}=${1}" + ;; + + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; esac shift done @@ -542,3 +542,41 @@ nginx_update_app_configuration() { fi fi } + +######################## +# Run custom initialization scripts +# Globals: +# NGINX_* +# Arguments: +# None +# Returns: +# None +######################### +nginx_custom_init_scripts() { + if [[ -n $(find "${NGINX_INITSCRIPTS_DIR}/" -type f -regex ".*\.sh") ]]; then + info "Loading user's custom files from $NGINX_INITSCRIPTS_DIR ..." + local -r tmp_file="/tmp/filelist" + nginx_start_bg + find "${NGINX_INITSCRIPTS_DIR}/" -type f -regex ".*\.sh" | sort >"$tmp_file" + while read -r f; do + case "$f" in + *.sh) + if [[ -x "$f" ]]; then + debug "Executing $f" + "$f" + else + debug "Sourcing $f" + . "$f" + fi + ;; + *) + debug "Ignoring $f" + ;; + esac + done <$tmp_file + nginx_stop + rm -f "$tmp_file" + else + info "No custom scripts in $NGINX_INITSCRIPTS_DIR" + fi +} diff --git a/bitnami/wordpress-nginx/5/debian-10/rootfs/opt/bitnami/scripts/nginx-env.sh b/bitnami/wordpress-nginx/5/debian-10/rootfs/opt/bitnami/scripts/nginx-env.sh index 8d3b0d74c845..ad2f58525806 100644 --- a/bitnami/wordpress-nginx/5/debian-10/rootfs/opt/bitnami/scripts/nginx-env.sh +++ b/bitnami/wordpress-nginx/5/debian-10/rootfs/opt/bitnami/scripts/nginx-env.sh @@ -47,6 +47,7 @@ export NGINX_HTDOCS_DIR="${NGINX_BASE_DIR}/html" export NGINX_TMP_DIR="${NGINX_BASE_DIR}/tmp" export NGINX_LOGS_DIR="${NGINX_BASE_DIR}/logs" export NGINX_SERVER_BLOCKS_DIR="${NGINX_CONF_DIR}/server_blocks" +export NGINX_INITSCRIPTS_DIR="/docker-entrypoint-initdb.d" export NGINX_CONF_FILE="${NGINX_CONF_DIR}/nginx.conf" export NGINX_PID_FILE="${NGINX_TMP_DIR}/nginx.pid" export PATH="${NGINX_SBIN_DIR}:${BITNAMI_ROOT_DIR}/common/bin:${PATH}" diff --git a/bitnami/wordpress-nginx/5/debian-10/rootfs/opt/bitnami/scripts/nginx/postunpack.sh b/bitnami/wordpress-nginx/5/debian-10/rootfs/opt/bitnami/scripts/nginx/postunpack.sh index a0a4ec313315..08cfa13c25d5 100755 --- a/bitnami/wordpress-nginx/5/debian-10/rootfs/opt/bitnami/scripts/nginx/postunpack.sh +++ b/bitnami/wordpress-nginx/5/debian-10/rootfs/opt/bitnami/scripts/nginx/postunpack.sh @@ -25,8 +25,8 @@ set -o pipefail ######################### nginx_patch_httpoxy_vulnerability() { debug "Unsetting HTTP_PROXY header..." - echo '# Unset the HTTP_PROXY header' >> "${NGINX_CONF_DIR}/fastcgi_params" - echo 'fastcgi_param HTTP_PROXY "";' >> "${NGINX_CONF_DIR}/fastcgi_params" + echo '# Unset the HTTP_PROXY header' >>"${NGINX_CONF_DIR}/fastcgi_params" + echo 'fastcgi_param HTTP_PROXY "";' >>"${NGINX_CONF_DIR}/fastcgi_params" } # Load NGINX environment variables @@ -36,7 +36,7 @@ nginx_patch_httpoxy_vulnerability() { rm -rf "${BITNAMI_ROOT_DIR}/certs" "${BITNAMI_ROOT_DIR}/server_blocks" # Ensure non-root user has write permissions on a set of directories -for dir in "$NGINX_VOLUME_DIR" "$NGINX_CONF_DIR" "$NGINX_SERVER_BLOCKS_DIR" "${NGINX_CONF_DIR}/bitnami" "$NGINX_LOGS_DIR" "$NGINX_TMP_DIR"; do +for dir in "$NGINX_VOLUME_DIR" "$NGINX_CONF_DIR" "$NGINX_INITSCRIPTS_DIR" "$NGINX_SERVER_BLOCKS_DIR" "${NGINX_CONF_DIR}/bitnami" "$NGINX_LOGS_DIR" "$NGINX_TMP_DIR"; do ensure_dir_exists "$dir" chmod -R g+rwX "$dir" done diff --git a/bitnami/wordpress-nginx/5/debian-10/rootfs/opt/bitnami/scripts/nginx/setup.sh b/bitnami/wordpress-nginx/5/debian-10/rootfs/opt/bitnami/scripts/nginx/setup.sh index 6acfad80f5d1..1db662a40de2 100755 --- a/bitnami/wordpress-nginx/5/debian-10/rootfs/opt/bitnami/scripts/nginx/setup.sh +++ b/bitnami/wordpress-nginx/5/debian-10/rootfs/opt/bitnami/scripts/nginx/setup.sh @@ -24,6 +24,9 @@ trap "nginx_stop" EXIT # Ensure NGINX daemon user exists when running as 'root' am_i_root && ensure_user_exists "$NGINX_DAEMON_USER" --group "$NGINX_DAEMON_GROUP" +# Run init scripts +nginx_custom_init_scripts + # Fix logging issue when running as root ! am_i_root || chmod o+w "$(readlink /dev/stdout)" "$(readlink /dev/stderr)" diff --git a/bitnami/wordpress-nginx/README.md b/bitnami/wordpress-nginx/README.md index dc7ac119de48..c5146c10ab33 100644 --- a/bitnami/wordpress-nginx/README.md +++ b/bitnami/wordpress-nginx/README.md @@ -37,7 +37,7 @@ Non-root container images add an extra layer of security and are generally recom Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers/). -- [`5`, `5-debian-10`, `5.8.2`, `5.8.2-debian-10-r43`, `latest` (5/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-wordpress-nginx/blob/5.8.2-debian-10-r43/5/debian-10/Dockerfile) +- [`5`, `5-debian-10`, `5.8.2`, `5.8.2-debian-10-r44`, `latest` (5/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-wordpress-nginx/blob/5.8.2-debian-10-r44/5/debian-10/Dockerfile) Subscribe to project updates by watching the [bitnami/wordpress-nginx GitHub repo](https://github.com/bitnami/bitnami-docker-wordpress-nginx).