New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add an image for ZNC #2617
Add an image for ZNC #2617
Conversation
Thanks, if this is merged I can get rid of my personal ZNC image 🎉 Here's some tips to improve your Dockerfile:
See here for an more or less untested Dockerfile that incorporates my suggestions:
|
Thanks, applied the listed suggestions. I see this warning, is it ok?
I'm not sure if 6667 is the right port to EXPOSE. Elsewhere ZNC recommends against using it, because some browsers block it. Also I'm wondering, what is "2+ dockerization review"? |
I would guess Tim recommened The warning about no trusted keys is fine, since there isn't a full web of trust with a chain of signatures. The important part is that the As far as port exposing, I would stick with the regular known port for ZNC, since a user can simply switch the public facing port to anything they like on
That would be for @tianon and I to both review. 😞 -> We're a bit slow on new images. I plan to post any feedback about the dockerization this week, but tianon is at a conference so he probably won't have time until next week. |
There's no such port...
User can use |
I took these conventions from my own Dockerfiles, which in turn have been inspired mostly by the Redis one: https://github.com/docker-library/redis/blob/master/3.2/alpine/Dockerfile Changed it to make the official Dockerfiles more consistent. |
So, for the Dockerization looks great to me! diff --git a/znc_latest/Dockerfile b/znc_latest/Dockerfile
new file mode 100644
index 0000000..4f52eee
--- /dev/null
+++ b/znc_latest/Dockerfile
@@ -0,0 +1,11 @@
+FROM znc:small
+
+# znc:small removed them. Install them again.
+RUN set -x \
+ && apk add --no-cache \
+ build-base \
+ icu-dev \
+ openssl-dev \
+ perl \
+ python3
+COPY znc-build-modules.sh /
diff --git a/znc_latest/znc-build-modules.sh b/znc_latest/znc-build-modules.sh
new file mode 100755
index 0000000..ea87d1b
--- /dev/null
+++ b/znc_latest/znc-build-modules.sh
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+# Build modules from source.
+if [ -d "${DATADIR}/modules" ]; then
+ cd "${DATADIR}/modules" || exit 11
+
+ # Find module sources.
+ modules=$(find . -name "*.cpp")
+
+ if [ -n "$modules" ]; then
+ # Build modules.
+ echo "Building modules $modules..."
+ /opt/znc/bin/znc-buildmod $modules || exit 12
+ fi
+fi
+
diff --git a/znc_small/Dockerfile b/znc_small/Dockerfile
new file mode 100644
index 0000000..b7bdbc9
--- /dev/null
+++ b/znc_small/Dockerfile
@@ -0,0 +1,55 @@
+FROM alpine:3.5
+
+ENV GPG_KEY D5823CACB477191CAC0075555AE420CC0209989E
+
+# modperl and modpython are built, but won't be loadable.
+# :full image installs perl and python3 again, making these modules loadable.
+
+# musl silently doesn't support AI_ADDRCONFIG yet, and ZNC doesn't support Happy Eyeballs yet.
+# Together they cause very slow connection. So for now IPv6 is disabled here.
+ARG CONFIGUREFLAGS="--prefix=/opt/znc --enable-cyrus --enable-perl --enable-python --disable-ipv6"
+ARG MAKEFLAGS=""
+
+ENV ZNC_VERSION 1.6.4
+
+RUN set -x \
+ && adduser -S znc \
+ && addgroup -S znc \
+ && apk add --no-cache --virtual runtime-dependencies \
+ ca-certificates \
+ cyrus-sasl \
+ icu \
+ openssl \
+ tini \
+ && apk add --no-cache --virtual build-dependencies \
+ build-base \
+ curl \
+ cyrus-sasl-dev \
+ gnupg \
+ icu-dev \
+ openssl-dev \
+ perl-dev \
+ python3-dev \
+ && mkdir /znc-src && cd /znc-src \
+ && curl -fsSL "http://znc.in/releases/archive/znc-${ZNC_VERSION}.tar.gz" -o znc.tgz \
+ && curl -fsSL "http://znc.in/releases/archive/znc-${ZNC_VERSION}.tar.gz.sig" -o znc.tgz.sig \
+ && export GNUPGHOME="$(mktemp -d)" \
+ && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "${GPG_KEY}" \
+ && gpg --batch --verify znc.tgz.sig znc.tgz \
+ && rm -rf "$GNUPGHOME" \
+ && tar -zxf znc.tgz --strip-components=1 \
+ && mkdir build && cd build \
+ && ../configure ${CONFIGUREFLAGS} \
+ && make $MAKEFLAGS \
+ && make install \
+ && apk del build-dependencies \
+ && cd / && rm -rf /znc-src
+
+COPY docker-entrypoint.sh /
+
+USER znc
+VOLUME /znc-data
+
+EXPOSE 6667
+
+ENTRYPOINT ["/docker-entrypoint.sh"]
diff --git a/znc_small/docker-entrypoint.sh b/znc_small/docker-entrypoint.sh
new file mode 100755
index 0000000..5b06172
--- /dev/null
+++ b/znc_small/docker-entrypoint.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+# "docker run -ti znc sh" should work, according to
+# https://github.com/docker-library/official-images
+if [ "${1:0:1}" != '-' ]; then
+ exec "$@"
+fi
+
+# Options.
+DATADIR="/znc-data"
+
+# Make sure $DATADIR is owned by znc user. This affects ownership of the
+# mounted directory on the host machine too.
+chown -R znc:znc "$DATADIR" || exit 1
+chmod 700 "$DATADIR" || exit 2
+
+# This file is added by znc:full image
+if [ -r /znc-build-modules.sh ]; then
+ source /znc-build-modules.sh || exit 3
+fi
+
+cd /
+
+# ZNC itself responds to SIGTERM, and reaps its children, but whatever was
+# started via *shell module is not guaranteed to reap their children.
+exec /sbin/tini -- /opt/znc/bin/znc --foreground --datadir "$DATADIR" "$@" |
Dockerization looks sane (and agree 100% personally with dropping |
Done. |
Nice -- love the level of responsiveness. I wish we could consistently be as responsive as you've been. 😅 ❤️ Updated diff: (which LGTM) diff --git a/_bashbrew-list b/_bashbrew-list
index e69de29..fc89bac 100644
--- a/_bashbrew-list
+++ b/_bashbrew-list
@@ -0,0 +1,6 @@
+znc:1.6
+znc:1.6-slim
+znc:1.6.4
+znc:1.6.4-slim
+znc:latest
+znc:slim
diff --git a/znc_latest/Dockerfile b/znc_latest/Dockerfile
new file mode 100644
index 0000000..409bf55
--- /dev/null
+++ b/znc_latest/Dockerfile
@@ -0,0 +1,11 @@
+FROM znc:slim
+
+# znc:slim removed them. Install them again.
+RUN set -x \
+ && apk add --no-cache \
+ build-base \
+ icu-dev \
+ openssl-dev \
+ perl \
+ python3
+COPY znc-build-modules.sh /
diff --git a/znc_latest/znc-build-modules.sh b/znc_latest/znc-build-modules.sh
new file mode 100755
index 0000000..ea87d1b
--- /dev/null
+++ b/znc_latest/znc-build-modules.sh
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+# Build modules from source.
+if [ -d "${DATADIR}/modules" ]; then
+ cd "${DATADIR}/modules" || exit 11
+
+ # Find module sources.
+ modules=$(find . -name "*.cpp")
+
+ if [ -n "$modules" ]; then
+ # Build modules.
+ echo "Building modules $modules..."
+ /opt/znc/bin/znc-buildmod $modules || exit 12
+ fi
+fi
+
diff --git a/znc_slim/Dockerfile b/znc_slim/Dockerfile
new file mode 100644
index 0000000..d3e785b
--- /dev/null
+++ b/znc_slim/Dockerfile
@@ -0,0 +1,53 @@
+FROM alpine:3.5
+
+ENV GPG_KEY D5823CACB477191CAC0075555AE420CC0209989E
+
+# modperl and modpython are built, but won't be loadable.
+# :full image installs perl and python3 again, making these modules loadable.
+
+# musl silently doesn't support AI_ADDRCONFIG yet, and ZNC doesn't support Happy Eyeballs yet.
+# Together they cause very slow connection. So for now IPv6 is disabled here.
+ARG CONFIGUREFLAGS="--prefix=/opt/znc --enable-cyrus --enable-perl --enable-python --disable-ipv6"
+ARG MAKEFLAGS=""
+
+ENV ZNC_VERSION 1.6.4
+
+RUN set -x \
+ && adduser -S znc \
+ && addgroup -S znc \
+ && apk add --no-cache --virtual runtime-dependencies \
+ ca-certificates \
+ cyrus-sasl \
+ icu \
+ openssl \
+ tini \
+ && apk add --no-cache --virtual build-dependencies \
+ build-base \
+ curl \
+ cyrus-sasl-dev \
+ gnupg \
+ icu-dev \
+ openssl-dev \
+ perl-dev \
+ python3-dev \
+ && mkdir /znc-src && cd /znc-src \
+ && curl -fsSL "http://znc.in/releases/archive/znc-${ZNC_VERSION}.tar.gz" -o znc.tgz \
+ && curl -fsSL "http://znc.in/releases/archive/znc-${ZNC_VERSION}.tar.gz.sig" -o znc.tgz.sig \
+ && export GNUPGHOME="$(mktemp -d)" \
+ && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "${GPG_KEY}" \
+ && gpg --batch --verify znc.tgz.sig znc.tgz \
+ && rm -rf "$GNUPGHOME" \
+ && tar -zxf znc.tgz --strip-components=1 \
+ && mkdir build && cd build \
+ && ../configure ${CONFIGUREFLAGS} \
+ && make $MAKEFLAGS \
+ && make install \
+ && apk del build-dependencies \
+ && cd / && rm -rf /znc-src
+
+COPY docker-entrypoint.sh /
+
+USER znc
+VOLUME /znc-data
+
+ENTRYPOINT ["/docker-entrypoint.sh"]
diff --git a/znc_slim/docker-entrypoint.sh b/znc_slim/docker-entrypoint.sh
new file mode 100755
index 0000000..5b06172
--- /dev/null
+++ b/znc_slim/docker-entrypoint.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+# "docker run -ti znc sh" should work, according to
+# https://github.com/docker-library/official-images
+if [ "${1:0:1}" != '-' ]; then
+ exec "$@"
+fi
+
+# Options.
+DATADIR="/znc-data"
+
+# Make sure $DATADIR is owned by znc user. This affects ownership of the
+# mounted directory on the host machine too.
+chown -R znc:znc "$DATADIR" || exit 1
+chmod 700 "$DATADIR" || exit 2
+
+# This file is added by znc:full image
+if [ -r /znc-build-modules.sh ]; then
+ source /znc-build-modules.sh || exit 3
+fi
+
+cd /
+
+# ZNC itself responds to SIGTERM, and reaps its children, but whatever was
+# started via *shell module is not guaranteed to reap their children.
+exec /sbin/tini -- /opt/znc/bin/znc --foreground --datadir "$DATADIR" "$@" |
Heh, Once that's fixed, all that will be left is minor loose ends on the docs PR! 👍 Build test of #2617; 211fe49 ( $ bashbrew build znc:1.6.4-slim
Using bashbrew/cache:d8e5a79f38b86720f93c76fc43ab9cf4c9db25bdd237075d4edb97d93bf02d15 (znc:1.6.4-slim)
Tagging znc:1.6.4-slim
Tagging znc:1.6-slim
Tagging znc:slim
$ test/run.sh znc:1.6.4-slim
testing znc:1.6.4-slim
'utc' [1/4]...passed
'cve-2014--shellshock' [2/4]...passed
'no-hard-coded-passwords' [3/4]...passed
'override-cmd' [4/4]...passed
$ bashbrew build znc:1.6.4
Building bashbrew/cache:35bf25fe5105c0bb4ff2f0deacfd07414314846fd5e008f137f82db2fb87ec72 (znc:1.6.4)
error: failed building "znc" (tags "1.6.4, 1.6, latest")
exit status 1
docker ["build" "-t" "bashbrew/cache:35bf25fe5105c0bb4ff2f0deacfd07414314846fd5e008f137f82db2fb87ec72" "--rm" "--force-rm" "-"] output:
Sending build context to Docker daemon 10.24 kB
Step 1/3 : FROM znc:slim
---> 42078906ffa8
Step 2/3 : RUN set -x && apk add --no-cache build-base icu-dev openssl-dev perl python3
---> Running in 82348d402e4d
+ apk add --no-cache build-base icu-dev openssl-dev perl python3
ERROR: Unable to lock database: Permission denied
ERROR: Failed to open apk database: Permission denied
Removing intermediate container 82348d402e4d
The command '/bin/sh -c set -x && apk add --no-cache build-base icu-dev openssl-dev perl python3' returned a non-zero code: 243
The following images failed to build:
|
That's strange. It works for me.
|
Well, done, and it still works for me... The versions installed on my Gentoo: |
Oh man, the timing on this is absolutely incredible. I literally committed tianon/docker-overlay@4f5bd8a this morning to fix that very issue. 😅 (Which is also why @yosifkit's previous build testing was successful.) |
I also ran a build test on a server we've got which is running Debian in a very similar configuration to our official build server and it failed in the same way as my own local build. 😄 👍 I'll go re-run now. |
I'm not using your overlay, but docker from portage. |
Right, see also gentoo/gentoo@8784a58 and gentoo/gentoo@37e1e34 which are the attempts to fix this in the main tree (making a separate In either case, it was failing on Debian (which is what our official build server runs) before, and passes now, so we're good now (and the swapping back and forth is definitely necessary): Build test of #2617; af4982a ( $ bashbrew build znc:1.6.4-slim
Building bashbrew/cache:c89a1a476dc8f7ef6cb788d17ab249eda93edcbc012a2b59e463618a9a557f50 (znc:1.6.4-slim)
Tagging znc:1.6.4-slim
Tagging znc:1.6-slim
Tagging znc:slim
$ test/run.sh znc:1.6.4-slim
testing znc:1.6.4-slim
'utc' [1/4]...passed
'cve-2014--shellshock' [2/4]...passed
'no-hard-coded-passwords' [3/4]...passed
'override-cmd' [4/4]...passed
$ bashbrew build znc:1.6.4
Building bashbrew/cache:0e00ef49b864f9dd494ee7f1b53d425a0e9a6be32c43158f078a23259eb97c77 (znc:1.6.4)
Tagging znc:1.6.4
Tagging znc:1.6
Tagging znc:latest
$ test/run.sh znc:1.6.4
testing znc:1.6.4
'utc' [1/4]...passed
'cve-2014--shellshock' [2/4]...passed
'no-hard-coded-passwords' [3/4]...passed
'override-cmd' [4/4]...passed
|
Ref: znc/znc#1286
Checklist for Review
NOTE: This checklist is intended for the use of the Official Images maintainers both to track the status of your PR and to help inform you and others of where we're at. As such, please leave the "checking" of items to the repository maintainers. If there is a point below for which you would like to provide additional information or note completion, please do so by commenting on the PR. Thanks! (and thanks for staying patient with us ❤️)
foobar
needs Node.js, hasFROM node:...
instead of grabbingnode
via other means been considered?)FROM alpine
, compiles application viagcc
ifFROM scratch
, tarballs only exist in a single commit within the associated history?