Redis 8.0.0. #18969
Merged
Redis 8.0.0. #18969
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Redis 8.0: http://redis.io/blog/redis-8-ga/
Diff for a75dba0:diff --git a/_bashbrew-cat b/_bashbrew-cat
index 4b045be..26e8f54 100644
--- a/_bashbrew-cat
+++ b/_bashbrew-cat
@@ -21,24 +21,24 @@ Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, riscv64, s390x
GitCommit: 27cd071c3e9d903a19c79577ddb82fb322ef5ed6
Directory: 7.2/alpine
-Tags: 7.4.3, 7.4, 7, latest, 7.4.3-bookworm, 7.4-bookworm, 7-bookworm, bookworm
+Tags: 7.4.3, 7.4, 7, 7.4.3-bookworm, 7.4-bookworm, 7-bookworm
Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
GitCommit: 27cd071c3e9d903a19c79577ddb82fb322ef5ed6
Directory: 7.4/debian
-Tags: 7.4.3-alpine, 7.4-alpine, 7-alpine, alpine, 7.4.3-alpine3.21, 7.4-alpine3.21, 7-alpine3.21, alpine3.21
+Tags: 7.4.3-alpine, 7.4-alpine, 7-alpine, 7.4.3-alpine3.21, 7.4-alpine3.21, 7-alpine3.21
Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, riscv64, s390x
GitCommit: 27cd071c3e9d903a19c79577ddb82fb322ef5ed6
Directory: 7.4/alpine
-Tags: 8.0-rc1, 8.0-rc1-bookworm
+Tags: 8.0.0, 8.0, 8, 8.0.0-bookworm, 8.0-bookworm, 8-bookworm, latest, bookworm
Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
GitFetch: refs/heads/release/8.0
-GitCommit: f3cfc256e913880e5d5eefc794e220c6b0733f22
+GitCommit: 7fc7e5625cd84b832db85561cb73b1bef78583fa
Directory: debian
-Tags: 8.0-rc1-alpine, 8.0-rc1-alpine3.21
+Tags: 8.0.0-alpine, 8.0-alpine, 8-alpine, 8.0.0-alpine3.21, 8.0-alpine3.21, 8-alpine3.21, alpine, alpine3.21
Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, riscv64, s390x
GitFetch: refs/heads/release/8.0
-GitCommit: f3cfc256e913880e5d5eefc794e220c6b0733f22
+GitCommit: 7fc7e5625cd84b832db85561cb73b1bef78583fa
Directory: alpine
diff --git a/_bashbrew-list b/_bashbrew-list
index 2e6e068..19ed27d 100644
--- a/_bashbrew-list
+++ b/_bashbrew-list
@@ -30,10 +30,18 @@ redis:7.4.3
redis:7.4.3-alpine
redis:7.4.3-alpine3.21
redis:7.4.3-bookworm
-redis:8.0-rc1
-redis:8.0-rc1-alpine
-redis:8.0-rc1-alpine3.21
-redis:8.0-rc1-bookworm
+redis:8
+redis:8-alpine
+redis:8-alpine3.21
+redis:8-bookworm
+redis:8.0
+redis:8.0-alpine
+redis:8.0-alpine3.21
+redis:8.0-bookworm
+redis:8.0.0
+redis:8.0.0-alpine
+redis:8.0.0-alpine3.21
+redis:8.0.0-bookworm
redis:alpine
redis:alpine3.21
redis:bookworm
diff --git a/_bashbrew-list-build-order b/_bashbrew-list-build-order
index b193234..7e03ffb 100644
--- a/_bashbrew-list-build-order
+++ b/_bashbrew-list-build-order
@@ -1,8 +1,8 @@
redis:6-alpine3.21
redis:6-bookworm
+redis:7-alpine3.21
+redis:7-bookworm
redis:7.2-alpine3.21
redis:7.2-bookworm
-redis:8.0-rc1-alpine3.21
-redis:8.0-rc1-bookworm
redis:alpine3.21
redis:bookworm
diff --git a/redis_alpine3.21/Dockerfile b/redis_7-alpine3.21/Dockerfile
similarity index 100%
copy from redis_alpine3.21/Dockerfile
copy to redis_7-alpine3.21/Dockerfile
diff --git a/redis_6-alpine3.21/docker-entrypoint.sh b/redis_7-alpine3.21/docker-entrypoint.sh
similarity index 100%
copy from redis_6-alpine3.21/docker-entrypoint.sh
copy to redis_7-alpine3.21/docker-entrypoint.sh
diff --git a/redis_bookworm/Dockerfile b/redis_7-bookworm/Dockerfile
similarity index 100%
copy from redis_bookworm/Dockerfile
copy to redis_7-bookworm/Dockerfile
diff --git a/redis_6-alpine3.21/docker-entrypoint.sh b/redis_7-bookworm/docker-entrypoint.sh
similarity index 100%
copy from redis_6-alpine3.21/docker-entrypoint.sh
copy to redis_7-bookworm/docker-entrypoint.sh
diff --git a/redis_8.0-rc1-alpine3.21/Dockerfile b/redis_8.0-rc1-alpine3.21/Dockerfile
deleted file mode 100644
index d7f5431..0000000
diff --git a/redis_8.0-rc1-alpine3.21/docker-entrypoint.sh b/redis_8.0-rc1-alpine3.21/docker-entrypoint.sh
deleted file mode 100755
index ab5befb..0000000
diff --git a/redis_8.0-rc1-bookworm/Dockerfile b/redis_8.0-rc1-bookworm/Dockerfile
deleted file mode 100644
index 5ee068d..0000000
diff --git a/redis_8.0-rc1-bookworm/docker-entrypoint.sh b/redis_8.0-rc1-bookworm/docker-entrypoint.sh
deleted file mode 100755
index ab5befb..0000000
diff --git a/redis_alpine3.21/Dockerfile b/redis_alpine3.21/Dockerfile
index 5d620e1..4c2755c 100644
--- a/redis_alpine3.21/Dockerfile
+++ b/redis_alpine3.21/Dockerfile
@@ -1,9 +1,3 @@
-#
-# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh"
-#
-# PLEASE DO NOT EDIT IT DIRECTLY.
-#
-
FROM alpine:3.21
# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
@@ -17,42 +11,11 @@ RUN set -eux; \
apk add --no-cache \
# add tzdata for https://github.com/docker-library/redis/issues/138
tzdata \
+# we need setpriv package as busybox provides very limited functionality
+ setpriv \
;
-
-# grab gosu for easy step-down from root
-# https://github.com/tianon/gosu/releases
-ENV GOSU_VERSION 1.17
-RUN set -eux; \
- apk add --no-cache --virtual .gosu-fetch gnupg; \
- arch="$(apk --print-arch)"; \
- case "$arch" in \
- 'x86_64') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-amd64'; sha256='bbc4136d03ab138b1ad66fa4fc051bafc6cc7ffae632b069a53657279a450de3' ;; \
- 'aarch64') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-arm64'; sha256='c3805a85d17f4454c23d7059bcb97e1ec1af272b90126e79ed002342de08389b' ;; \
- 'armhf') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-armhf'; sha256='e5866286277ff2a2159fb9196fea13e0a59d3f1091ea46ddb985160b94b6841b' ;; \
- 'x86') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-i386'; sha256='087dbb8fe479537e64f9c86fa49ff3b41dee1cbd28739a19aaef83dc8186b1ca' ;; \
- 'ppc64le') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-ppc64el'; sha256='1891acdcfa70046818ab6ed3c52b9d42fa10fbb7b340eb429c8c7849691dbd76' ;; \
- 'riscv64') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-riscv64'; sha256='38a6444b57adce135c42d5a3689f616fc7803ddc7a07ff6f946f2ebc67a26ba6' ;; \
- 's390x') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-s390x'; sha256='69873bab588192f760547ca1f75b27cfcf106e9f7403fee6fd0600bc914979d0' ;; \
- 'armv7') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-armhf'; sha256='e5866286277ff2a2159fb9196fea13e0a59d3f1091ea46ddb985160b94b6841b' ;; \
- *) echo >&2 "error: unsupported gosu architecture: '$arch'"; exit 1 ;; \
- esac; \
- wget -O /usr/local/bin/gosu.asc "$url.asc"; \
- wget -O /usr/local/bin/gosu "$url"; \
- echo "$sha256 */usr/local/bin/gosu" | sha256sum -c -; \
- export GNUPGHOME="$(mktemp -d)"; \
- gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
- gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
- gpgconf --kill all; \
- rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
- apk del --no-network .gosu-fetch; \
- chmod +x /usr/local/bin/gosu; \
- gosu --version; \
- gosu nobody true
-
-ENV REDIS_VERSION 7.4.3
-ENV REDIS_DOWNLOAD_URL http://download.redis.io/releases/redis-7.4.3.tar.gz
-ENV REDIS_DOWNLOAD_SHA e1807d7c0f824f4c5450244ef50c1e596b8d09b35d03a83f4e018fb7316acf45
-
+ENV REDIS_DOWNLOAD_URL=https://github.com/redis/redis/archive/refs/tags/8.0.0.tar.gz
+ENV REDIS_DOWNLOAD_SHA=6d1b428d289426b68cff933d61f2d5c0a44a316f17236c51fbb33bc9e5c5a385
RUN set -eux; \
\
apk add --no-cache --virtual .build-deps \
@@ -63,13 +26,49 @@ RUN set -eux; \
make \
musl-dev \
openssl-dev \
-# install real "wget" to avoid:
-# + wget -O redis.tar.gz https://download.redis.io/releases/redis-x.y.z.tar.gz
-# Connecting to download.redis.io (45.60.121.1:80)
-# wget: bad header line: XxhODalH: btu; path=/; Max-Age=900
- wget \
- ; \
+ g++; \
+ \
+ arch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
+ case "$arch" in \
+ 'amd64') export BUILD_WITH_MODULES=yes; export INSTALL_RUST_TOOLCHAIN=yes; export DISABLE_WERRORS=yes ;; \
+ 'arm64') export BUILD_WITH_MODULES=yes; export INSTALL_RUST_TOOLCHAIN=yes; export DISABLE_WERRORS=yes ;; \
+ *) echo >&2 "Modules are NOT supported! unsupported architecture: '$arch'"; export BUILD_WITH_MODULES=no ;; \
+ esac; \
+ if [ "$BUILD_WITH_MODULES" = "yes" ]; then \
+ apk add --no-cache --virtual .module-build-deps \
+ autoconf \
+ automake \
+ bash \
+ bsd-compat-headers \
+ build-base \
+ cargo \
+ clang \
+ clang18-libclang \
+ cmake \
+ curl \
+ g++ \
+ git \
+ libffi-dev \
+ libgcc \
+ libtool \
+ openssh \
+ openssl \
+ py-virtualenv \
+ py3-cryptography \
+ py3-pip \
+ py3-virtualenv \
+ python3 \
+ python3-dev \
+ rsync \
+ tar \
+ unzip \
+ which \
+ xsimd \
+ xz; \
+ fi; \
\
+# install required python packages for RedisJSON module
+ pip install -q --upgrade setuptools && pip install -q --upgrade pip && PIP_BREAK_SYSTEM_PACKAGES=1 pip install -q addict toml jinja2 ramp-packer ;\
wget -O redis.tar.gz "$REDIS_DOWNLOAD_URL"; \
echo "$REDIS_DOWNLOAD_SHA *redis.tar.gz" | sha256sum -c -; \
mkdir -p /usr/src/redis; \
@@ -102,6 +101,11 @@ RUN set -eux; \
grep -F "cd jemalloc && ./configure $extraJemallocConfigureFlags " /usr/src/redis/deps/Makefile; \
\
export BUILD_TLS=yes; \
+ if [ "$BUILD_WITH_MODULES" = "yes" ]; then \
+ make -C /usr/src/redis/modules/redisjson get_source; \
+ sed -i 's/^RUST_FLAGS=$/RUST_FLAGS += -C target-feature=-crt-static/' /usr/src/redis/modules/redisjson/src/Makefile ; \
+ grep -E 'RUST_FLAGS' /usr/src/redis/modules/redisjson/src/Makefile; \
+ fi; \
make -C /usr/src/redis -j "$(nproc)" all; \
make -C /usr/src/redis install; \
\
@@ -116,6 +120,7 @@ RUN set -eux; \
-exec ln -svfT 'redis-server' '{}' ';' \
; \
\
+ make -C /usr/src/redis distclean; \
rm -r /usr/src/redis; \
\
runDeps="$( \
@@ -125,11 +130,15 @@ RUN set -eux; \
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
)"; \
apk add --no-network --virtual .redis-rundeps $runDeps; \
+ if [ "$BUILD_WITH_MODULES" = "yes" ]; then \
+ apk del --no-network .module-build-deps; \
+ fi; \
apk del --no-network .build-deps; \
+ apk --purge del apk-tools ; \
+ rm -fr ~/.cache/pip* rm -f /sbin/apk && rm -rf /etc/apk && rm -rf /lib/apk && rm -rf /usr/share/apk && rm -rf /var/lib/apk && rm -rf /usr/lib/python*; \
\
redis-cli --version; \
- redis-server --version
-
+ redis-server --version;
RUN mkdir /data && chown redis:redis /data
VOLUME /data
WORKDIR /data
diff --git a/redis_alpine3.21/docker-entrypoint.sh b/redis_alpine3.21/docker-entrypoint.sh
index 30406a5..ab5befb 100755
--- a/redis_alpine3.21/docker-entrypoint.sh
+++ b/redis_alpine3.21/docker-entrypoint.sh
@@ -1,16 +1,37 @@
#!/bin/sh
set -e
+has_cap() {
+ /usr/bin/setpriv -d | grep -q 'Capability bounding set:.*\b'$1'\b'
+}
+
# first arg is `-f` or `--some-option`
# or first arg is `something.conf`
if [ "${1#-}" != "$1" ] || [ "${1%.conf}" != "$1" ]; then
set -- redis-server "$@"
fi
-# allow the container to be started with `--user`
-if [ "$1" = 'redis-server' -a "$(id -u)" = '0' ]; then
+CMD=$(realpath $(command -v "$1") 2>/dev/null || :)
+# drop privileges only if our uid is 0 (container started without explicit --user)
+# and we have capabilities required to drop privs
+if has_cap setuid && has_cap setgid && \
+ [ \( "$CMD" = '/usr/local/bin/redis-server' -o "$CMD" = '/usr/local/bin/redis-sentinel' \) -a "$(id -u)" = '0' ]; then
find . \! -user redis -exec chown redis '{}' +
- exec gosu redis "$0" "$@"
+ CAPS_TO_KEEP=""
+ if has_cap sys_resource; then
+ # we have sys_resource capability, keep it available for redis
+ # as redis may use it to increase open files limit
+ CAPS_TO_KEEP=",+sys_resource"
+ fi
+ exec /usr/bin/setpriv \
+ --reuid redis \
+ --regid redis \
+ --clear-groups \
+ --nnp \
+ --inh-caps=-all$CAPS_TO_KEEP \
+ --ambient-caps=-all$CAPS_TO_KEEP \
+ --bounding-set=-all$CAPS_TO_KEEP \
+ "$0" "$@"
fi
# set an appropriate umask (if one isn't set already)
@@ -21,4 +42,39 @@ if [ "$um" = '0022' ]; then
umask 0077
fi
+if [ "$1" = 'redis-server' ]; then
+ echo "Starting Redis Server"
+ modules_dir="/usr/local/lib/redis/modules/"
+
+ if [ ! -d "$modules_dir" ]; then
+ echo "Warning: Default Redis modules directory $modules_dir does not exist."
+ elif [ -n "$(ls -A $modules_dir 2>/dev/null)" ]; then
+ for module in "$modules_dir"/*.so;
+ do
+ if [ ! -s "$module" ]; then
+ echo "Skipping module $module: file has no size."
+ continue
+ fi
+
+ if [ -d "$module" ]; then
+ echo "Skipping module $module: is a directory."
+ continue
+ fi
+
+ if [ ! -r "$module" ]; then
+ echo "Skipping module $module: file is not readable."
+ continue
+ fi
+
+ if [ ! -x "$module" ]; then
+ echo "Warning: Module $module is not executable."
+ continue
+ fi
+
+ set -- "$@" --loadmodule "$module"
+ done
+ fi
+fi
+
+
exec "$@"
diff --git a/redis_bookworm/Dockerfile b/redis_bookworm/Dockerfile
index 8cbac35..469bde1 100644
--- a/redis_bookworm/Dockerfile
+++ b/redis_bookworm/Dockerfile
@@ -1,9 +1,3 @@
-#
-# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh"
-#
-# PLEASE DO NOT EDIT IT DIRECTLY.
-#
-
FROM debian:bookworm-slim
# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
@@ -20,46 +14,8 @@ RUN set -eux; \
; \
rm -rf /var/lib/apt/lists/*
-# grab gosu for easy step-down from root
-# https://github.com/tianon/gosu/releases
-ENV GOSU_VERSION 1.17
-RUN set -eux; \
- savedAptMark="$(apt-mark showmanual)"; \
- apt-get update; \
- apt-get install -y --no-install-recommends ca-certificates gnupg wget; \
- rm -rf /var/lib/apt/lists/*; \
- arch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
- case "$arch" in \
- 'amd64') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-amd64'; sha256='bbc4136d03ab138b1ad66fa4fc051bafc6cc7ffae632b069a53657279a450de3' ;; \
- 'arm64') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-arm64'; sha256='c3805a85d17f4454c23d7059bcb97e1ec1af272b90126e79ed002342de08389b' ;; \
- 'armel') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-armel'; sha256='f9969910fa141140438c998cfa02f603bf213b11afd466dcde8fa940e700945d' ;; \
- 'i386') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-i386'; sha256='087dbb8fe479537e64f9c86fa49ff3b41dee1cbd28739a19aaef83dc8186b1ca' ;; \
- 'mips64el') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-mips64el'; sha256='87140029d792595e660be0015341dfa1c02d1181459ae40df9f093e471d75b70' ;; \
- 'ppc64el') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-ppc64el'; sha256='1891acdcfa70046818ab6ed3c52b9d42fa10fbb7b340eb429c8c7849691dbd76' ;; \
- 'riscv64') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-riscv64'; sha256='38a6444b57adce135c42d5a3689f616fc7803ddc7a07ff6f946f2ebc67a26ba6' ;; \
- 's390x') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-s390x'; sha256='69873bab588192f760547ca1f75b27cfcf106e9f7403fee6fd0600bc914979d0' ;; \
- 'armhf') url='https://github.com/tianon/gosu/releases/download/1.17/gosu-armhf'; sha256='e5866286277ff2a2159fb9196fea13e0a59d3f1091ea46ddb985160b94b6841b' ;; \
- *) echo >&2 "error: unsupported gosu architecture: '$arch'"; exit 1 ;; \
- esac; \
- wget -O /usr/local/bin/gosu.asc "$url.asc"; \
- wget -O /usr/local/bin/gosu "$url"; \
- echo "$sha256 */usr/local/bin/gosu" | sha256sum -c -; \
- export GNUPGHOME="$(mktemp -d)"; \
- gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
- gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
- gpgconf --kill all; \
- rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
- apt-mark auto '.*' > /dev/null; \
- [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \
- apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
- chmod +x /usr/local/bin/gosu; \
- gosu --version; \
- gosu nobody true
-
-ENV REDIS_VERSION 7.4.3
-ENV REDIS_DOWNLOAD_URL http://download.redis.io/releases/redis-7.4.3.tar.gz
-ENV REDIS_DOWNLOAD_SHA e1807d7c0f824f4c5450244ef50c1e596b8d09b35d03a83f4e018fb7316acf45
-
+ENV REDIS_DOWNLOAD_URL=https://github.com/redis/redis/archive/refs/tags/8.0.0.tar.gz
+ENV REDIS_DOWNLOAD_SHA=6d1b428d289426b68cff933d61f2d5c0a44a316f17236c51fbb33bc9e5c5a385
RUN set -eux; \
\
savedAptMark="$(apt-mark showmanual)"; \
@@ -67,13 +23,36 @@ RUN set -eux; \
apt-get install -y --no-install-recommends \
ca-certificates \
wget \
- \
dpkg-dev \
gcc \
+ g++ \
libc6-dev \
libssl-dev \
- make \
- ; \
+ make; \
+ \
+ arch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
+ case "$arch" in \
+ 'amd64') export BUILD_WITH_MODULES=yes; export INSTALL_RUST_TOOLCHAIN=yes; export DISABLE_WERRORS=yes ;; \
+ 'arm64') export BUILD_WITH_MODULES=yes; export INSTALL_RUST_TOOLCHAIN=yes; export DISABLE_WERRORS=yes ;; \
+ *) echo >&2 "Modules are NOT supported! unsupported architecture: '$arch'"; export BUILD_WITH_MODULES=no ;; \
+ esac; \
+ if [ "$BUILD_WITH_MODULES" = "yes" ]; then \
+ apt-get install -y --no-install-recommends \
+ git \
+ cmake \
+ python3 \
+ python3-pip \
+ python3-venv \
+ python3-dev \
+ unzip \
+ rsync \
+ clang \
+ automake \
+ autoconf \
+ libtool \
+ g++; \
+ fi; \
+ \
rm -rf /var/lib/apt/lists/*; \
\
wget -O redis.tar.gz "$REDIS_DOWNLOAD_URL"; \
@@ -97,8 +76,7 @@ RUN set -eux; \
gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \
extraJemallocConfigureFlags="--build=$gnuArch"; \
# https://salsa.debian.org/debian/jemalloc/-/blob/c0a88c37a551be7d12e4863435365c9a6a51525f/debian/rules#L8-23
- dpkgArch="$(dpkg --print-architecture)"; \
- case "${dpkgArch##*-}" in \
+ case "${arch##*-}" in \
amd64 | i386 | x32) extraJemallocConfigureFlags="$extraJemallocConfigureFlags --with-lg-page=12" ;; \
*) extraJemallocConfigureFlags="$extraJemallocConfigureFlags --with-lg-page=16" ;; \
esac; \
@@ -122,6 +100,7 @@ RUN set -eux; \
-exec ln -svfT 'redis-server' '{}' ';' \
; \
\
+ make -C /usr/src/redis distclean; \
rm -r /usr/src/redis; \
\
apt-mark auto '.*' > /dev/null; \
@@ -135,6 +114,7 @@ RUN set -eux; \
| xargs -r apt-mark manual \
; \
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
+ rm -rf /var/cache/debconf/*; \
\
redis-cli --version; \
redis-server --version
diff --git a/redis_bookworm/docker-entrypoint.sh b/redis_bookworm/docker-entrypoint.sh
index 30406a5..ab5befb 100755
--- a/redis_bookworm/docker-entrypoint.sh
+++ b/redis_bookworm/docker-entrypoint.sh
@@ -1,16 +1,37 @@
#!/bin/sh
set -e
+has_cap() {
+ /usr/bin/setpriv -d | grep -q 'Capability bounding set:.*\b'$1'\b'
+}
+
# first arg is `-f` or `--some-option`
# or first arg is `something.conf`
if [ "${1#-}" != "$1" ] || [ "${1%.conf}" != "$1" ]; then
set -- redis-server "$@"
fi
-# allow the container to be started with `--user`
-if [ "$1" = 'redis-server' -a "$(id -u)" = '0' ]; then
+CMD=$(realpath $(command -v "$1") 2>/dev/null || :)
+# drop privileges only if our uid is 0 (container started without explicit --user)
+# and we have capabilities required to drop privs
+if has_cap setuid && has_cap setgid && \
+ [ \( "$CMD" = '/usr/local/bin/redis-server' -o "$CMD" = '/usr/local/bin/redis-sentinel' \) -a "$(id -u)" = '0' ]; then
find . \! -user redis -exec chown redis '{}' +
- exec gosu redis "$0" "$@"
+ CAPS_TO_KEEP=""
+ if has_cap sys_resource; then
+ # we have sys_resource capability, keep it available for redis
+ # as redis may use it to increase open files limit
+ CAPS_TO_KEEP=",+sys_resource"
+ fi
+ exec /usr/bin/setpriv \
+ --reuid redis \
+ --regid redis \
+ --clear-groups \
+ --nnp \
+ --inh-caps=-all$CAPS_TO_KEEP \
+ --ambient-caps=-all$CAPS_TO_KEEP \
+ --bounding-set=-all$CAPS_TO_KEEP \
+ "$0" "$@"
fi
# set an appropriate umask (if one isn't set already)
@@ -21,4 +42,39 @@ if [ "$um" = '0022' ]; then
umask 0077
fi
+if [ "$1" = 'redis-server' ]; then
+ echo "Starting Redis Server"
+ modules_dir="/usr/local/lib/redis/modules/"
+
+ if [ ! -d "$modules_dir" ]; then
+ echo "Warning: Default Redis modules directory $modules_dir does not exist."
+ elif [ -n "$(ls -A $modules_dir 2>/dev/null)" ]; then
+ for module in "$modules_dir"/*.so;
+ do
+ if [ ! -s "$module" ]; then
+ echo "Skipping module $module: file has no size."
+ continue
+ fi
+
+ if [ -d "$module" ]; then
+ echo "Skipping module $module: is a directory."
+ continue
+ fi
+
+ if [ ! -r "$module" ]; then
+ echo "Skipping module $module: file is not readable."
+ continue
+ fi
+
+ if [ ! -x "$module" ]; then
+ echo "Warning: Module $module is not executable."
+ continue
+ fi
+
+ set -- "$@" --loadmodule "$module"
+ done
+ fi
+fi
+
+
exec "$@"Relevant Maintainers: |
|
Redid the diff locally with more aggressive flags so that Git gets more clever: Diff:diff --git a/_bashbrew-cat b/_bashbrew-cat
index 4b045be..26e8f54 100644
--- a/_bashbrew-cat
+++ b/_bashbrew-cat
@@ -21,24 +21,24 @@ Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, riscv64, s390x
GitCommit: 27cd071c3e9d903a19c79577ddb82fb322ef5ed6
Directory: 7.2/alpine
-Tags: 7.4.3, 7.4, 7, latest, 7.4.3-bookworm, 7.4-bookworm, 7-bookworm, bookworm
+Tags: 7.4.3, 7.4, 7, 7.4.3-bookworm, 7.4-bookworm, 7-bookworm
Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
GitCommit: 27cd071c3e9d903a19c79577ddb82fb322ef5ed6
Directory: 7.4/debian
-Tags: 7.4.3-alpine, 7.4-alpine, 7-alpine, alpine, 7.4.3-alpine3.21, 7.4-alpine3.21, 7-alpine3.21, alpine3.21
+Tags: 7.4.3-alpine, 7.4-alpine, 7-alpine, 7.4.3-alpine3.21, 7.4-alpine3.21, 7-alpine3.21
Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, riscv64, s390x
GitCommit: 27cd071c3e9d903a19c79577ddb82fb322ef5ed6
Directory: 7.4/alpine
-Tags: 8.0-rc1, 8.0-rc1-bookworm
+Tags: 8.0.0, 8.0, 8, 8.0.0-bookworm, 8.0-bookworm, 8-bookworm, latest, bookworm
Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
GitFetch: refs/heads/release/8.0
-GitCommit: f3cfc256e913880e5d5eefc794e220c6b0733f22
+GitCommit: 7fc7e5625cd84b832db85561cb73b1bef78583fa
Directory: debian
-Tags: 8.0-rc1-alpine, 8.0-rc1-alpine3.21
+Tags: 8.0.0-alpine, 8.0-alpine, 8-alpine, 8.0.0-alpine3.21, 8.0-alpine3.21, 8-alpine3.21, alpine, alpine3.21
Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, riscv64, s390x
GitFetch: refs/heads/release/8.0
-GitCommit: f3cfc256e913880e5d5eefc794e220c6b0733f22
+GitCommit: 7fc7e5625cd84b832db85561cb73b1bef78583fa
Directory: alpine
diff --git a/_bashbrew-list b/_bashbrew-list
index 2e6e068..19ed27d 100644
--- a/_bashbrew-list
+++ b/_bashbrew-list
@@ -30,10 +30,18 @@ redis:7.4.3
redis:7.4.3-alpine
redis:7.4.3-alpine3.21
redis:7.4.3-bookworm
-redis:8.0-rc1
-redis:8.0-rc1-alpine
-redis:8.0-rc1-alpine3.21
-redis:8.0-rc1-bookworm
+redis:8
+redis:8-alpine
+redis:8-alpine3.21
+redis:8-bookworm
+redis:8.0
+redis:8.0-alpine
+redis:8.0-alpine3.21
+redis:8.0-bookworm
+redis:8.0.0
+redis:8.0.0-alpine
+redis:8.0.0-alpine3.21
+redis:8.0.0-bookworm
redis:alpine
redis:alpine3.21
redis:bookworm
diff --git a/_bashbrew-list-build-order b/_bashbrew-list-build-order
index b193234..7e03ffb 100644
--- a/_bashbrew-list-build-order
+++ b/_bashbrew-list-build-order
@@ -1,8 +1,8 @@
redis:6-alpine3.21
redis:6-bookworm
+redis:7-alpine3.21
+redis:7-bookworm
redis:7.2-alpine3.21
redis:7.2-bookworm
-redis:8.0-rc1-alpine3.21
-redis:8.0-rc1-bookworm
redis:alpine3.21
redis:bookworm
diff --git a/redis_alpine/Dockerfile b/redis_7-alpine/Dockerfile
similarity index 100%
copy from redis_alpine/Dockerfile
copy to redis_7-alpine/Dockerfile
diff --git a/redis_6-alpine/docker-entrypoint.sh b/redis_7-alpine/docker-entrypoint.sh
similarity index 100%
copy from redis_6-alpine/docker-entrypoint.sh
copy to redis_7-alpine/docker-entrypoint.sh
diff --git a/redis_8.0-rc1/Dockerfile b/redis_8/Dockerfile
similarity index 97%
rename from redis_8.0-rc1/Dockerfile
rename to redis_8/Dockerfile
index 5ee068d..469bde1 100644
--- a/redis_8.0-rc1/Dockerfile
+++ b/redis_8/Dockerfile
@@ -14,8 +14,8 @@ RUN set -eux; \
; \
rm -rf /var/lib/apt/lists/*
-ENV REDIS_DOWNLOAD_URL=https://github.com/redis/redis/archive/refs/tags/8.0-rc1.tar.gz
-ENV REDIS_DOWNLOAD_SHA=3f8283dcbaf3f8297607c2595ccd9b2b9785a0e88f4007c882dd60846ffec28c
+ENV REDIS_DOWNLOAD_URL=https://github.com/redis/redis/archive/refs/tags/8.0.0.tar.gz
+ENV REDIS_DOWNLOAD_SHA=6d1b428d289426b68cff933d61f2d5c0a44a316f17236c51fbb33bc9e5c5a385
RUN set -eux; \
\
savedAptMark="$(apt-mark showmanual)"; \
diff --git a/redis_8.0-rc1-alpine/docker-entrypoint.sh b/redis_8/docker-entrypoint.sh
similarity index 100%
rename from redis_8.0-rc1-alpine/docker-entrypoint.sh
rename to redis_8/docker-entrypoint.sh
diff --git a/redis_8.0-rc1-alpine/Dockerfile b/redis_alpine/Dockerfile
similarity index 98%
rename from redis_8.0-rc1-alpine/Dockerfile
rename to redis_alpine/Dockerfile
index d7f5431..4c2755c 100644
--- a/redis_8.0-rc1-alpine/Dockerfile
+++ b/redis_alpine/Dockerfile
@@ -14,8 +14,8 @@ RUN set -eux; \
# we need setpriv package as busybox provides very limited functionality
setpriv \
;
-ENV REDIS_DOWNLOAD_URL=https://github.com/redis/redis/archive/refs/tags/8.0-rc1.tar.gz
-ENV REDIS_DOWNLOAD_SHA=3f8283dcbaf3f8297607c2595ccd9b2b9785a0e88f4007c882dd60846ffec28c
+ENV REDIS_DOWNLOAD_URL=https://github.com/redis/redis/archive/refs/tags/8.0.0.tar.gz
+ENV REDIS_DOWNLOAD_SHA=6d1b428d289426b68cff933d61f2d5c0a44a316f17236c51fbb33bc9e5c5a385
RUN set -eux; \
\
apk add --no-cache --virtual .build-deps \
diff --git a/redis_8.0-rc1/docker-entrypoint.sh b/redis_alpine/docker-entrypoint.sh
similarity index 100%
rename from redis_8.0-rc1/docker-entrypoint.sh
rename to redis_alpine/docker-entrypoint.sh |
tianon
approved these changes
May 5, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Redis 8.0: http://redis.io/blog/redis-8-ga/