Add wodby images

Author: csandanov

.gitignore

@@ -0,0 +1 @@
+.idea

.travis.yml

@@ -1,25 +1,32 @@
 language: bash
-services: docker
 
-env:
-  - VERSION=2.4
-  - VERSION=2.4 VARIANT=alpine
-  - VERSION=2.2
-  - VERSION=2.2 VARIANT=alpine
+sudo: required
 
-install:
-  - git clone https://github.com/docker-library/official-images.git ~/official-images
+services:
+  - docker
 
-before_script:
-  - env | sort
-  - cd "$VERSION/$VARIANT"
-  - image="httpd:${VERSION}${VARIANT:+-$VARIANT}"
+env:
+  global:
+    - LATEST_VERSION=2.4
+  matrix:
+    - VERSION=2.4
+    - VERSION=2.2
 
 script:
-  - travis_retry docker build -t "$image" .
-  - ~/official-images/test/run.sh "$image"
+  - cd ./"${VERSION}"/alpine
+  - make
+
+after_success: |
+  if [[ "${TRAVIS_PULL_REQUEST}" == "false" && ("${TRAVIS_BRANCH}" == "master"  || -n "${TRAVIS_TAG}") ]]; then
+    docker login -u "${DOCKER_USERNAME}" -p "${DOCKER_PASSWORD}"
+    make release
 
-after_script:
-  - docker images
+    if [[ "${VERSION}" == "${LATEST_VERSION}" ]]; then
+      make release TAG="latest"
+    fi
+  fi
 
-# vim:set et ts=2 sw=2:
+notifications:
+  slack:
+    on_success: always
+    secure: OvMmlq3dGMtpXuNp8bdMnYZjHISDU53AxJe6tswFNHkRlcdTlnT10lWFd3B+DdBOk8YqrEy1FLkdKpaBtHwiinnVSfrVjmwQwHMTbLZkpSWDPYWILSFu+Y/6Las4rAIjy6gbsqiZLqc4phisJFhLxeg+BJnii6q++VHp4oWf0zqeXx5H18gPWMRUtp50+FakyQWUX91F7IB/FZ2wDTpYUMANDgVNPhqiqs76Cz4JQZkzPsstLNcyzbxwBceqhWf3K30VvyTunG9lv/kSeM0qNO0yCl2UcoQ9aRhF64A5SeoeszNgM3yO+JzFjCP8Jr3TOgiMB72l5RFM1PGMHqw4EMm7ewE5M/79B5HT3PJ2+EwR16a0z+H7hyPGnlRX5pjnHXnezPN5VYpjO2+FheMF7j4lRji5CzLiPbVgsHyz2hF/54kKTm5zQx9EPNpD0UGns4PdqKzCI2YSLsW5Q8Gf5Jw1sge+0mxA+L3dZrZLhI4wucuWyCOxX90oDjUTKVNq6PvJ4zg2mt1s0fENTjjKP94pUw3ocw8HThD/j5pbjlBDnPJeiWpKiU6E2FwUyWX8nZp31KlFTIKYn6iQu0+6K8iXZozta0HfZjlsUCDSAXhuxPyxid+zsBpQBAJ6w1qsr4oBGULvKqraxby+ZrH3z9bt7SvXd0zfGTLF8NTi7VM=

2.2/alpine/Dockerfile.wodby

@@ -0,0 +1,135 @@
+# this cannot upgrade to Alpine 3.5 due to https://github.com/libressl-portable/portable/issues/147
+# given that 2.2.x is a "legacy branch", and is in security-fixes-only mode upstream, this should be reasonably fine
+#   "Minimal maintenance patches of 2.2.x are expected throughout this period, and users are strongly encouraged to promptly complete their transitions to the the 2.4.x flavour of httpd to benefit from a much larger assortment of minor security and bug fixes as well as new features."
+# https://httpd.apache.org/
+FROM wodby/alpine:3.4-1.0.0
+
+# ensure www-data user exists
+RUN set -x \
+	&& addgroup -g 82 -S www-data \
+	&& adduser -u 82 -D -S -G www-data www-data
+# 82 is the standard uid/gid for "www-data" in Alpine
+# http://git.alpinelinux.org/cgit/aports/tree/main/apache2/apache2.pre-install?h=v3.3.2
+# http://git.alpinelinux.org/cgit/aports/tree/main/lighttpd/lighttpd.pre-install?h=v3.3.2
+# http://git.alpinelinux.org/cgit/aports/tree/main/nginx-initscripts/nginx-initscripts.pre-install?h=v3.3.2
+
+ENV HTTPD_PREFIX /usr/local/apache2
+ENV PATH $HTTPD_PREFIX/bin:$PATH
+RUN mkdir -p "$HTTPD_PREFIX" \
+	&& chown www-data:www-data "$HTTPD_PREFIX"
+WORKDIR $HTTPD_PREFIX
+
+ENV HTTPD_VERSION 2.2.34
+ENV HTTPD_SHA256 e53183d5dfac5740d768b4c9bea193b1099f4b06b57e5f28d7caaf9ea7498160
+
+# https://httpd.apache.org/security/vulnerabilities_22.html
+ENV HTTPD_PATCHES="CVE-2017-9798-patch-2.2.patch 42c610f8a8f8d4d08664db6d9857120c2c252c9b388d56f238718854e6013e46"
+
+ENV APACHE_DIST_URLS \
+# https://issues.apache.org/jira/browse/INFRA-8753?focusedCommentId=14735394#comment-14735394
+	https://www.apache.org/dyn/closer.cgi?action=download&filename= \
+# if the version is outdated (or we're grabbing the .asc file), we might have to pull from the dist/archive :/
+	https://www-us.apache.org/dist/ \
+	https://www.apache.org/dist/ \
+	https://archive.apache.org/dist/
+
+# see https://httpd.apache.org/docs/2.2/install.html#requirements
+RUN set -eux; \
+	\
+	runDeps=' \
+		apr-dev \
+		apr-util-dev \
+		apr-util-ldap \
+		perl \
+	'; \
+	apk add --no-cache --virtual .build-deps \
+		$runDeps \
+		ca-certificates \
+		coreutils \
+		dpkg-dev dpkg \
+		gcc \
+		gnupg \
+		libc-dev \
+		make \
+		openssl \
+		openssl-dev \
+		pcre-dev \
+		tar \
+# install GNU wget (Busybox wget in Alpine 3.4 gives us "wget: error getting response: Connection reset by peer" for some reason)
+		wget \
+	; \
+	\
+	ddist() { \
+		local f="$1"; shift; \
+		local distFile="$1"; shift; \
+		local success=; \
+		local distUrl=; \
+		for distUrl in $APACHE_DIST_URLS; do \
+			if wget -O "$f" "$distUrl$distFile"; then \
+				success=1; \
+				break; \
+			fi; \
+		done; \
+		[ -n "$success" ]; \
+	}; \
+	\
+	ddist 'httpd.tar.bz2' "httpd/httpd-$HTTPD_VERSION.tar.bz2"; \
+	echo "$HTTPD_SHA256 *httpd.tar.bz2" | sha256sum -c -; \
+	\
+# see https://httpd.apache.org/download.cgi#verify
+	ddist 'httpd.tar.bz2.asc' "httpd/httpd-$HTTPD_VERSION.tar.bz2.asc"; \
+	export GNUPGHOME="$(mktemp -d)"; \
+	gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B1B96F45DFBDCCF974019235193F180AB55D9977; \
+	gpg --batch --verify httpd.tar.bz2.asc httpd.tar.bz2; \
+	rm -rf "$GNUPGHOME" httpd.tar.bz2.asc; \
+	\
+	mkdir -p src; \
+	tar -xf httpd.tar.bz2 -C src --strip-components=1; \
+	rm httpd.tar.bz2; \
+	cd src; \
+	\
+	patches() { \
+		while [ "$#" -gt 0 ]; do \
+			local patchFile="$1"; shift; \
+			local patchSha256="$1"; shift; \
+			ddist "$patchFile" "httpd/patches/apply_to_$HTTPD_VERSION/$patchFile"; \
+			echo "$patchSha256 *$patchFile" | sha256sum -c -; \
+			patch -p0 < "$patchFile"; \
+			rm -f "$patchFile"; \
+		done; \
+	}; \
+	patches $HTTPD_PATCHES; \
+	\
+	gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \
+	./configure \
+		--build="$gnuArch" \
+		--prefix="$HTTPD_PREFIX" \
+		--with-mpm=event \
+# https://httpd.apache.org/docs/2.2/programs/configure.html
+# Caveat: --enable-mods-shared=all does not actually build all modules. To build all modules then, one might use:
+		--enable-mods-shared='all ssl ldap cache proxy authn_alias mem_cache file_cache authnz_ldap charset_lite dav_lock disk_cache' \
+	; \
+	make -j "$(nproc)"; \
+	make install; \
+	\
+	cd ..; \
+	rm -r src man manual; \
+	\
+	sed -ri \
+		-e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \
+		-e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \
+		"$HTTPD_PREFIX/conf/httpd.conf"; \
+	\
+	runDeps="$runDeps $( \
+		scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \
+			| tr ',' '\n' \
+			| sort -u \
+			| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
+	)"; \
+	apk add --virtual .httpd-rundeps $runDeps; \
+	apk del .build-deps
+
+COPY httpd-foreground /usr/local/bin/
+
+EXPOSE 80
+CMD ["httpd-foreground"]

2.2/alpine/Makefile

@@ -0,0 +1,38 @@
+-include env_make
+
+TAG ?= 2.2.34
+REPO = wodby/httpd
+NAME = httpd-2.2.34
+
+.PHONY: build test push shell run start stop logs clean release
+
+default: build
+
+build:
+	docker build -t $(REPO):$(TAG) -f Dockerfile.wodby ./
+
+test:
+	IMAGE=$(REPO):$(TAG) ./test.sh
+
+push:
+	docker push $(REPO):$(TAG)
+
+shell:
+	docker run --rm --name $(NAME) -i -t $(PORTS) $(VOLUMES) $(ENV) $(REPO):$(TAG) /bin/bash
+
+run:
+	docker run --rm --name $(NAME) $(PORTS) $(VOLUMES) $(ENV) $(REPO):$(TAG) $(CMD)
+
+start:
+	docker run -d --name $(NAME) $(PORTS) $(VOLUMES) $(ENV) $(REPO):$(TAG)
+
+stop:
+	docker stop $(NAME)
+
+logs:
+	docker logs $(NAME)
+
+clean:
+	-docker rm -f $(NAME)
+
+release: build push

2.4/alpine/Dockerfile.wodby

@@ -0,0 +1,136 @@
+FROM wodby/alpine:3.6-1.0.0
+
+# ensure www-data user exists
+RUN set -x \
+	&& addgroup -g 82 -S www-data \
+	&& adduser -u 82 -D -S -G www-data www-data
+# 82 is the standard uid/gid for "www-data" in Alpine
+# http://git.alpinelinux.org/cgit/aports/tree/main/apache2/apache2.pre-install?h=v3.3.2
+# http://git.alpinelinux.org/cgit/aports/tree/main/lighttpd/lighttpd.pre-install?h=v3.3.2
+# http://git.alpinelinux.org/cgit/aports/tree/main/nginx-initscripts/nginx-initscripts.pre-install?h=v3.3.2
+
+ENV HTTPD_PREFIX /usr/local/apache2
+ENV PATH $HTTPD_PREFIX/bin:$PATH
+RUN mkdir -p "$HTTPD_PREFIX" \
+	&& chown www-data:www-data "$HTTPD_PREFIX"
+WORKDIR $HTTPD_PREFIX
+
+ENV HTTPD_VERSION 2.4.29
+ENV HTTPD_SHA256 777753a5a25568a2a27428b2214980564bc1c38c1abf9ccc7630b639991f7f00
+
+# https://httpd.apache.org/security/vulnerabilities_24.html
+ENV HTTPD_PATCHES=""
+
+ENV APACHE_DIST_URLS \
+# https://issues.apache.org/jira/browse/INFRA-8753?focusedCommentId=14735394#comment-14735394
+	https://www.apache.org/dyn/closer.cgi?action=download&filename= \
+# if the version is outdated (or we're grabbing the .asc file), we might have to pull from the dist/archive :/
+	https://www-us.apache.org/dist/ \
+	https://www.apache.org/dist/ \
+	https://archive.apache.org/dist/
+
+# see https://httpd.apache.org/docs/2.4/install.html#requirements
+RUN set -eux; \
+	\
+	runDeps=' \
+		apr-dev \
+		apr-util-dev \
+		apr-util-ldap \
+		perl \
+	'; \
+	apk add --no-cache --virtual .build-deps \
+		$runDeps \
+		ca-certificates \
+		coreutils \
+		dpkg-dev dpkg \
+		gcc \
+		gnupg \
+		libc-dev \
+		# mod_session_crypto
+		libressl \
+		libressl-dev \
+		# mod_proxy_html mod_xml2enc
+		libxml2-dev \
+		# mod_lua
+		lua-dev \
+		make \
+		# mod_http2
+		nghttp2-dev \
+		pcre-dev \
+		tar \
+		# mod_deflate
+		zlib-dev \
+	; \
+	\
+	ddist() { \
+		local f="$1"; shift; \
+		local distFile="$1"; shift; \
+		local success=; \
+		local distUrl=; \
+		for distUrl in $APACHE_DIST_URLS; do \
+			if wget -O "$f" "$distUrl$distFile"; then \
+				success=1; \
+				break; \
+			fi; \
+		done; \
+		[ -n "$success" ]; \
+	}; \
+	\
+	ddist 'httpd.tar.bz2' "httpd/httpd-$HTTPD_VERSION.tar.bz2"; \
+	echo "$HTTPD_SHA256 *httpd.tar.bz2" | sha256sum -c -; \
+	\
+# see https://httpd.apache.org/download.cgi#verify
+	ddist 'httpd.tar.bz2.asc' "httpd/httpd-$HTTPD_VERSION.tar.bz2.asc"; \
+	export GNUPGHOME="$(mktemp -d)"; \
+	gpg --keyserver ha.pool.sks-keyservers.net --recv-keys A93D62ECC3C8EA12DB220EC934EA76E6791485A8; \
+	gpg --batch --verify httpd.tar.bz2.asc httpd.tar.bz2; \
+	rm -rf "$GNUPGHOME" httpd.tar.bz2.asc; \
+	\
+	mkdir -p src; \
+	tar -xf httpd.tar.bz2 -C src --strip-components=1; \
+	rm httpd.tar.bz2; \
+	cd src; \
+	\
+	patches() { \
+		while [ "$#" -gt 0 ]; do \
+			local patchFile="$1"; shift; \
+			local patchSha256="$1"; shift; \
+			ddist "$patchFile" "httpd/patches/apply_to_$HTTPD_VERSION/$patchFile"; \
+			echo "$patchSha256 *$patchFile" | sha256sum -c -; \
+			patch -p0 < "$patchFile"; \
+			rm -f "$patchFile"; \
+		done; \
+	}; \
+	patches $HTTPD_PATCHES; \
+	\
+	gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \
+	./configure \
+		--build="$gnuArch" \
+		--prefix="$HTTPD_PREFIX" \
+		--enable-mods-shared=reallyall \
+		--with-mpm=event \
+	; \
+	make -j "$(nproc)"; \
+	make install; \
+	\
+	cd ..; \
+	rm -r src man manual; \
+	\
+	sed -ri \
+		-e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \
+		-e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \
+		"$HTTPD_PREFIX/conf/httpd.conf"; \
+	\
+	runDeps="$runDeps $( \
+		scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \
+			| tr ',' '\n' \
+			| sort -u \
+			| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
+	)"; \
+	apk add --virtual .httpd-rundeps $runDeps; \
+	apk del .build-deps
+
+COPY httpd-foreground /usr/local/bin/
+
+EXPOSE 80
+CMD ["httpd-foreground"]