NH-3807 - Use custom Firebird 3 Docker image.

Author: ngbrown

.circleci/config.yml

@@ -95,7 +95,7 @@ jobs:
     docker:
       - *ref-base-image
 
-      - image: jacobalberty/firebird:2.5.7-ss
+      - image: ngbrown/nhibernate-build-firebird
         environment:
           - ISC_PASSWORD: Password12!
             FIREBIRD_USER: nhibernate

.circleci/images/nhibernate-build-firebird/Dockerfile

@@ -0,0 +1,25 @@
+FROM debian:jessie
+
+ENV PREFIX=/usr/local/firebird
+ENV DEBIAN_FRONTEND noninteractive
+ENV FBURL=http://downloads.sourceforge.net/project/firebird/firebird/3.0.2-Release/Firebird-3.0.2.32703-0.tar.bz2
+ENV DBPATH=/databases
+
+ADD build.sh ./build.sh
+
+RUN chmod +x ./build.sh && \
+    sync && \
+    ./build.sh && \
+    rm -f ./build.sh
+
+VOLUME ["/databases", "/var/firebird/run", "/var/firebird/etc", "/var/firebird/log", "/var/firebird/system", "/tmp/firebird"]
+
+EXPOSE 3050/tcp
+
+ADD docker-entrypoint.sh ${PREFIX}/docker-entrypoint.sh
+RUN chmod +x ${PREFIX}/docker-entrypoint.sh
+
+ADD docker-entrypoint-async.sh ${PREFIX}/docker-entrypoint-async.sh
+RUN chmod +x ${PREFIX}/docker-entrypoint-async.sh
+
+ENTRYPOINT ${PREFIX}/docker-entrypoint-async.sh ${PREFIX}/bin/fbguard

.circleci/images/nhibernate-build-firebird/README.md

@@ -0,0 +1,67 @@
+# docker Firebird
+
+## Default password for `sysdba`
+The default password for `sysdba` is randomly generated when you first launch the container, 
+look in the docker log for your container or pull /var/firebird/etc/SYSDBA.password.
+Alternatively you may pass the environment variable ISC_PASSWORD to set the default password.
+
+## Description
+This is a Firebird SQL Database container.
+
+## Default Login information
+Username: SYSDBA
+Password is either set by `ISC_PASSWORD` or randomized
+
+## Environment Variables:
+### `TZ`
+TimeZone. (i.e. America/Chicago)
+
+### `ISC_PASSWORD`
+Default `sysdba` user password, if left blank a random 20 character password will be set instead.
+The password used will be placed in /var/firebird/etc/SYSDBA.password.
+If a random password is generated then it will be in the log for the container.
+
+### `FIREBIRD_DATABASE`
+If this is set then a database will be created with this name under the `/databases` volume with the 'UTF8'
+default character set and if `FIREBIRD_USER` is also set then `FIREBIRD_USER` will be given ownership.
+
+### `FIREBIRD_USER`
+This user will be created and given ownership of `FIREBIRD_DATABASE`.
+This variable is only used if `FIREBIRD_DATABASE` is also set.
+
+### `FIREBIRD_PASSWORD`
+The password for `FIREBIRD_USER`, if left blank a random 20 character password will be set instead.
+If a random password is generated then it will be in the log for the container.
+
+### `<VARIABLE>_FILE`
+If set to the path to a file then the named variable minus the _FILE portion will contain the contents of that file.
+This is useful for using docker secrets to manage your password.
+This applies to all variables except `TZ`
+
+## Volumes:
+
+### `/databases/`
+Default location to put database files
+
+### `/var/firebird/run`
+guardian lock DIR
+
+### `/var/firebird/etc`
+config files DIR
+message files DIR
+
+### `/var/firebird/log`
+log files DIR
+
+### `/var/firebird/system`
+security database DIR
+
+### `/tmp/firebird`
+Database lock directory
+
+## Exposes: 
+### 3050/tcp
+
+## Events
+Please note for events to work properly you must either configure RemoteAuxPort and forward it with -p using a direct mapping where both sides internal and external use the same port or use --net=host to allow the random port mapping to work.
+see: http://www.firebirdfaq.org/faq53/ for more information on event port mapping.

.circleci/images/nhibernate-build-firebird/build.sh

@@ -0,0 +1,64 @@
+#!/bin/bash
+set -e
+CPUC=$(awk '/^processor/{n+=1}END{print n}' /proc/cpuinfo)
+
+apt-get update
+apt-get install -qy --no-install-recommends \
+    libicu52 \
+    libtommath0
+apt-get install -qy --no-install-recommends \
+    bzip2 \
+    ca-certificates \
+    curl \
+    g++ \
+    gcc \
+    libicu-dev \
+    libncurses5-dev \
+    libtommath-dev \
+    make \
+    zlib1g-dev
+mkdir -p /home/firebird
+cd /home/firebird
+curl -o firebird-source.tar.bz2 -L \
+    "${FBURL}"
+tar --strip=1 -xf firebird-source.tar.bz2
+./configure \
+    --prefix=${PREFIX}/ --with-fbbin=${PREFIX}/bin/ --with-fbsbin=${PREFIX}/bin/ --with-fblib=${PREFIX}/lib/ \
+    --with-fbinclude=${PREFIX}/include/ --with-fbdoc=${PREFIX}/doc/ --with-fbudf=${PREFIX}/UDF/ \
+    --with-fbsample=${PREFIX}/examples/ --with-fbsample-db=${PREFIX}/examples/empbuild/ --with-fbhelp=${PREFIX}/help/ \
+    --with-fbintl=${PREFIX}/intl/ --with-fbmisc=${PREFIX}/misc/ --with-fbplugins=${PREFIX}/ \
+    --with-fbconf=/var/firebird/etc/ --with-fbmsg=${PREFIX}/ \
+    --with-fblog=/var/firebird/log/ --with-fbglock=/var/firebird/run/ \
+    --with-fbsecure-db=/var/firebird/system
+make -j${CPUC}
+make silent_install
+cd /
+rm -rf /home/firebird
+find ${PREFIX} -name .debug -prune -exec rm -rf {} \;
+apt-get purge -qy --auto-remove \
+    bzip2 \
+    ca-certificates \
+    curl \
+    g++ \
+    gcc \
+    libicu-dev \
+    libncurses5-dev \
+    libtommath-dev \
+    make \
+    zlib1g-dev
+rm -rf /var/lib/apt/lists/*
+
+# This allows us to initialize a random value for sysdba password
+mv /var/firebird/system/security3.fdb ${PREFIX}/security3.fdb
+
+sed -i 's/^#DatabaseAccess/DatabaseAccess/g' /var/firebird/etc/firebird.conf
+sed -i "s~^\(DatabaseAccess\s*=\s*\).*$~\1Restrict ${DBPATH}~" /var/firebird/etc/firebird.conf
+
+# Enable non-secured ADO.NET connector to connect.
+echo $'WireCrypt = Enabled
+AuthServer = Srp
+AuthClient = Srp
+UserManager = Srp
+'\
+>> /var/firebird/etc/firebird.conf
+

.circleci/images/nhibernate-build-firebird/docker-entrypoint.sh

@@ -0,0 +1,128 @@
+#!/bin/bash
+set -e
+
+build() {
+    local var="$1"
+    local stmt="$2"
+    export $var+="$(printf "\n${stmt}")"
+}
+
+run() {
+    echo "${!1}" | ${PREFIX}/bin/isql
+}
+
+createNewPassword() {
+    # openssl generates random data.
+        openssl </dev/null >/dev/null 2>/dev/null
+    if [ $? -eq 0 ]
+    then
+        # We generate 40 random chars, strip any '/''s and get the first 20
+        NewPasswd=`openssl rand -base64 40 | tr -d '/' | cut -c1-20`
+    fi
+
+        # If openssl is missing...
+        if [ -z "$NewPasswd" ]
+        then
+                NewPasswd=`dd if=/dev/urandom bs=10 count=1 2>/dev/null | od -x | head -n 1 | tr -d ' ' | cut -c8-27`
+        fi
+
+        # On some systems even this routines may be missing. So if
+        # the specific one isn't available then keep the original password.
+    if [ -z "$NewPasswd" ]
+    then
+        NewPasswd="masterkey"
+    fi
+
+        echo "$NewPasswd"
+}
+
+# usage: file_env VAR [DEFAULT]
+#    ie: file_env 'XYZ_DB_PASSWORD' 'example'
+# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
+#  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
+file_env() {
+    local var="$1"
+    local fileVar="${var}_FILE"
+    local def="${2:-}"
+    if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+        echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
+        exit 1
+    fi
+    local val="$def"
+    if [ "${!var:-}" ]; then
+        val="${!var}"
+    elif [ "${!fileVar:-}" ]; then
+        val="$(< "${!fileVar}")"
+    fi
+    export "$var"="$val"
+    unset "$fileVar"
+}
+
+if [ ! -f "/var/firebird/system/security3.fdb" ]; then
+    cp ${PREFIX}/security3.fdb /var/firebird/system/security3.fdb
+    file_env 'ISC_PASSWORD'
+    if [ -z ${ISC_PASSWORD} ]; then
+       ISC_PASSWORD=$(createNewPassword)
+       echo "setting 'SYSDBA' password to '${ISC_PASSWORD}'"
+    fi
+
+    ${PREFIX}/bin/isql -user sysdba employee <<EOL
+create or alter user SYSDBA password '${ISC_PASSWORD}';
+commit;
+quit;
+EOL
+
+    cat > /var/firebird/etc/SYSDBA.password <<EOL
+# Firebird generated password for user SYSDBA is:
+#
+ISC_USER=sysdba
+ISC_PASSWORD=${ISC_PASSWORD}
+#
+# Also set legacy variable though it can't be exported directly
+#
+ISC_PASSWD=${ISC_PASSWORD}
+#
+# generated at time $(date)
+#
+# Your password can be changed to a more suitable one using
+# SQL operator ALTER USER.
+#
+
+EOL
+
+fi
+
+if [ -f "/var/firebird/etc/SYSDBA.password" ]; then
+    source /var/firebird/etc/SYSDBA.password
+fi;
+
+file_env 'FIREBIRD_USER'
+file_env 'FIREBIRD_PASSWORD'
+file_env 'FIREBIRD_DATABASE'
+
+build isql "set sql dialect 3;"
+if [ ! -z "${FIREBIRD_DATABASE}" -a ! -f "${DBPATH}/${FIREBIRD_DATABASE}" ]; then
+    if [ "${FIREBIRD_USER}" ];  then
+        build isql "CONNECT employee USER '${ISC_USER}' PASSWORD '${ISC_PASSWORD}';"
+        if [ -z "${FIREBIRD_PASSWORD}" ]; then
+            FIREBIRD_PASSWORD=$(createNewPassword)
+            echo "setting '${FIREBIRD_USER}' password to '${FIREBIRD_PASSWORD}'"
+        fi
+        build isql "CREATE USER ${FIREBIRD_USER} PASSWORD '${FIREBIRD_PASSWORD}';"
+        build isql "COMMIT;"
+    fi
+
+    stmt="CREATE DATABASE '${DBPATH}/${FIREBIRD_DATABASE}'"
+    if [ "${FIREBIRD_USER}" ];  then
+        stmt+=" USER '${FIREBIRD_USER}' PASSWORD '${FIREBIRD_PASSWORD}'"
+    fi
+    stmt+=" DEFAULT CHARACTER SET UTF8;";
+    build isql "${stmt}";
+    build isql "COMMIT;"
+    if [ "${isql}" ]; then
+        build isql "QUIT;"
+        run isql
+    fi
+fi
+
+$@