Skip to content

Commit 812039a

Browse files
williamdeswilliamdes
committed
Make containers contents run on www-data
1 parent 577a94f commit 812039a

File tree

5 files changed

+97
-105
lines changed

5 files changed

+97
-105
lines changed

Dockerfile-alpine.template

Lines changed: 14 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,10 @@
11
FROM php:%%PHP_VERSION%%-%%VARIANT%%
22

3-
# docker-entrypoint.sh dependencies
3+
# install and docker-entrypoint.sh dependencies
44
RUN apk add --no-cache \
55
bash \
6-
tzdata
6+
tzdata \
7+
gnupg
78

89
# Install dependencies
910
RUN set -ex; \
@@ -46,6 +47,13 @@ ENV UPLOAD_LIMIT 2048K
4647
ENV TZ UTC
4748
ENV SESSION_SAVE_PATH /sessions
4849
RUN set -ex; \
50+
mkdir $SESSION_SAVE_PATH; \
51+
mkdir -p $PMA_SSL_DIR; \
52+
chmod 1777 $SESSION_SAVE_PATH; \
53+
chmod 755 $PMA_SSL_DIR; \
54+
chown www-data:www-data /etc/phpmyadmin; \
55+
chown www-data:www-data $PMA_SSL_DIR; \
56+
chown www-data:www-data $SESSION_SAVE_PATH; \
4957
\
5058
{ \
5159
echo 'opcache.memory_consumption=128'; \
@@ -71,6 +79,8 @@ RUN set -ex; \
7179
echo 'session.save_path=${SESSION_SAVE_PATH}'; \
7280
} > $PHP_INI_DIR/conf.d/phpmyadmin-misc.ini
7381

82+
USER www-data:www-data
83+
7484
# Calculate download URL
7585
ENV VERSION %%VERSION%%
7686
ENV SHA256 %%SHA256%%
@@ -88,15 +98,6 @@ LABEL org.opencontainers.image.title="Official phpMyAdmin Docker image" \
8898

8999
# Download tarball, verify it using gpg and extract
90100
RUN set -ex; \
91-
apk add --no-cache --virtual .fetch-deps \
92-
gnupg \
93-
; \
94-
mkdir $SESSION_SAVE_PATH; \
95-
mkdir -p $PMA_SSL_DIR; \
96-
chmod 1777 $SESSION_SAVE_PATH; \
97-
chmod 755 $PMA_SSL_DIR; \
98-
chown www-data:www-data $SESSION_SAVE_PATH; \
99-
chown www-data:www-data $PMA_SSL_DIR; \
100101
\
101102
export GNUPGHOME="$(mktemp -d)"; \
102103
export GPGKEY="%%GPG_KEY%%"; \
@@ -110,16 +111,13 @@ RUN set -ex; \
110111
gpg --batch --verify phpMyAdmin.tar.xz.asc phpMyAdmin.tar.xz; \
111112
tar -xf phpMyAdmin.tar.xz -C /var/www/html --strip-components=1; \
112113
mkdir -p /var/www/html/tmp; \
113-
chown www-data:www-data /var/www/html/tmp; \
114114
gpgconf --kill all; \
115115
rm -r "$GNUPGHOME" phpMyAdmin.tar.xz phpMyAdmin.tar.xz.asc; \
116116
rm -r -v /var/www/html/setup/ /var/www/html/examples/ /var/www/html/js/src/ /var/www/html/babel.config.json /var/www/html/doc/html/_sources/ /var/www/html/RELEASE-DATE-$VERSION /var/www/html/CONTRIBUTING.md; \
117117
grep -q -F "'configFile' => ROOT_PATH . 'config.inc.php'," /var/www/html/libraries/vendor_config.php; \
118118
sed -i "s@'configFile' => .*@'configFile' => '/etc/phpmyadmin/config.inc.php',@" /var/www/html/libraries/vendor_config.php; \
119119
grep -q -F "'configFile' => '/etc/phpmyadmin/config.inc.php'," /var/www/html/libraries/vendor_config.php; \
120-
php -l /var/www/html/libraries/vendor_config.php; \
121-
chown -R www-data:www-data -R /var/www/html/; \
122-
apk del --no-network .fetch-deps
120+
php -l /var/www/html/libraries/vendor_config.php;
123121

124122
# Copy configuration
125123
COPY --chown=www-data:www-data config.inc.php /etc/phpmyadmin/config.inc.php
@@ -128,5 +126,6 @@ COPY --chown=www-data:www-data helpers.php /etc/phpmyadmin/helpers.php
128126
# Copy main script
129127
COPY docker-entrypoint.sh /docker-entrypoint.sh
130128

129+
USER root
131130
ENTRYPOINT [ "/docker-entrypoint.sh" ]
132131
CMD ["%%CMD%%"]

Dockerfile-debian.template

Lines changed: 23 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -2,10 +2,15 @@ FROM php:%%PHP_VERSION%%-%%VARIANT%%
22

33
# Install dependencies
44
RUN set -ex; \
5+
\
6+
apt-get update; \
7+
apt-get install -y --no-install-recommends \
8+
gnupg \
9+
dirmngr \
10+
; \
511
\
612
savedAptMark="$(apt-mark showmanual)"; \
713
\
8-
apt-get update; \
914
apt-get install -y --no-install-recommends \
1015
libbz2-dev \
1116
libfreetype6-dev \
@@ -46,7 +51,12 @@ RUN set -ex; \
4651
ldd "$extdir"/*.so | grep -qzv "=> not found" || (echo "Sanity check failed: missing libraries:"; ldd "$extdir"/*.so | grep " => not found"; exit 1); \
4752
ldd "$extdir"/*.so | grep -q "libzip.so.* => .*/libzip.so.*" || (echo "Sanity check failed: libzip.so is not referenced"; ldd "$extdir"/*.so; exit 1); \
4853
err="$(php --version 3>&1 1>&2 2>&3)"; \
49-
[ -z "$err" ] || (echo "Sanity check failed: php returned errors; $err"; exit 1;);
54+
[ -z "$err" ] || (echo "Sanity check failed: php returned errors; $err"; exit 1;); \
55+
\
56+
apt-mark auto '.*' > /dev/null; \
57+
apt-mark manual $savedAptMark; \
58+
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
59+
rm -rf /var/lib/apt/lists/*
5060

5161
# set recommended PHP.ini settings
5262
# see https://secure.php.net/manual/en/opcache.installation.php
@@ -57,6 +67,13 @@ ENV UPLOAD_LIMIT 2048K
5767
ENV TZ UTC
5868
ENV SESSION_SAVE_PATH /sessions
5969
RUN set -ex; \
70+
mkdir $SESSION_SAVE_PATH; \
71+
mkdir -p $PMA_SSL_DIR; \
72+
chmod 1777 $SESSION_SAVE_PATH; \
73+
chmod 755 $PMA_SSL_DIR; \
74+
chown www-data:www-data /etc/phpmyadmin; \
75+
chown www-data:www-data $PMA_SSL_DIR; \
76+
chown www-data:www-data $SESSION_SAVE_PATH; \
6077
\
6178
{ \
6279
echo 'opcache.memory_consumption=128'; \
@@ -82,6 +99,8 @@ RUN set -ex; \
8299
echo 'session.save_path=${SESSION_SAVE_PATH}'; \
83100
} > $PHP_INI_DIR/conf.d/phpmyadmin-misc.ini
84101

102+
USER www-data:www-data
103+
85104
# Calculate download URL
86105
ENV VERSION %%VERSION%%
87106
ENV SHA256 %%SHA256%%
@@ -99,21 +118,6 @@ LABEL org.opencontainers.image.title="Official phpMyAdmin Docker image" \
99118

100119
# Download tarball, verify it using gpg and extract
101120
RUN set -ex; \
102-
\
103-
savedAptMark="$(apt-mark showmanual)"; \
104-
\
105-
apt-get update; \
106-
apt-get install -y --no-install-recommends \
107-
gnupg \
108-
dirmngr \
109-
; \
110-
mkdir $SESSION_SAVE_PATH; \
111-
mkdir -p $PMA_SSL_DIR; \
112-
chmod 1777 $SESSION_SAVE_PATH; \
113-
chmod 755 $PMA_SSL_DIR; \
114-
chown www-data:www-data $SESSION_SAVE_PATH; \
115-
chown www-data:www-data $PMA_SSL_DIR; \
116-
\
117121
export GNUPGHOME="$(mktemp -d)"; \
118122
export GPGKEY="%%GPG_KEY%%"; \
119123
curl -fsSL -o phpMyAdmin.tar.xz $URL; \
@@ -126,20 +130,13 @@ RUN set -ex; \
126130
gpg --batch --verify phpMyAdmin.tar.xz.asc phpMyAdmin.tar.xz; \
127131
tar -xf phpMyAdmin.tar.xz -C /var/www/html --strip-components=1; \
128132
mkdir -p /var/www/html/tmp; \
129-
chown www-data:www-data /var/www/html/tmp; \
130133
gpgconf --kill all; \
131134
rm -r "$GNUPGHOME" phpMyAdmin.tar.xz phpMyAdmin.tar.xz.asc; \
132135
rm -r -v /var/www/html/setup/ /var/www/html/examples/ /var/www/html/js/src/ /var/www/html/babel.config.json /var/www/html/doc/html/_sources/ /var/www/html/RELEASE-DATE-$VERSION /var/www/html/CONTRIBUTING.md; \
133136
grep -q -F "'configFile' => ROOT_PATH . 'config.inc.php'," /var/www/html/libraries/vendor_config.php; \
134137
sed -i "s@'configFile' => .*@'configFile' => '/etc/phpmyadmin/config.inc.php',@" /var/www/html/libraries/vendor_config.php; \
135138
grep -q -F "'configFile' => '/etc/phpmyadmin/config.inc.php'," /var/www/html/libraries/vendor_config.php; \
136-
php -l /var/www/html/libraries/vendor_config.php; \
137-
chown -R www-data:www-data -R /var/www/html/; \
138-
\
139-
apt-mark auto '.*' > /dev/null; \
140-
apt-mark manual $savedAptMark; \
141-
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
142-
rm -rf /var/lib/apt/lists/*
139+
php -l /var/www/html/libraries/vendor_config.php;
143140

144141
# Copy configuration
145142
COPY --chown=www-data:www-data config.inc.php /etc/phpmyadmin/config.inc.php
@@ -148,5 +145,6 @@ COPY --chown=www-data:www-data helpers.php /etc/phpmyadmin/helpers.php
148145
# Copy main script
149146
COPY docker-entrypoint.sh /docker-entrypoint.sh
150147

148+
USER root
151149
ENTRYPOINT [ "/docker-entrypoint.sh" ]
152150
CMD ["%%CMD%%"]

apache/Dockerfile

Lines changed: 23 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -3,10 +3,15 @@ FROM php:8.2-apache
33

44
# Install dependencies
55
RUN set -ex; \
6+
\
7+
apt-get update; \
8+
apt-get install -y --no-install-recommends \
9+
gnupg \
10+
dirmngr \
11+
; \
612
\
713
savedAptMark="$(apt-mark showmanual)"; \
814
\
9-
apt-get update; \
1015
apt-get install -y --no-install-recommends \
1116
libbz2-dev \
1217
libfreetype6-dev \
@@ -47,7 +52,12 @@ RUN set -ex; \
4752
ldd "$extdir"/*.so | grep -qzv "=> not found" || (echo "Sanity check failed: missing libraries:"; ldd "$extdir"/*.so | grep " => not found"; exit 1); \
4853
ldd "$extdir"/*.so | grep -q "libzip.so.* => .*/libzip.so.*" || (echo "Sanity check failed: libzip.so is not referenced"; ldd "$extdir"/*.so; exit 1); \
4954
err="$(php --version 3>&1 1>&2 2>&3)"; \
50-
[ -z "$err" ] || (echo "Sanity check failed: php returned errors; $err"; exit 1;);
55+
[ -z "$err" ] || (echo "Sanity check failed: php returned errors; $err"; exit 1;); \
56+
\
57+
apt-mark auto '.*' > /dev/null; \
58+
apt-mark manual $savedAptMark; \
59+
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
60+
rm -rf /var/lib/apt/lists/*
5161

5262
# set recommended PHP.ini settings
5363
# see https://secure.php.net/manual/en/opcache.installation.php
@@ -58,6 +68,13 @@ ENV UPLOAD_LIMIT 2048K
5868
ENV TZ UTC
5969
ENV SESSION_SAVE_PATH /sessions
6070
RUN set -ex; \
71+
mkdir $SESSION_SAVE_PATH; \
72+
mkdir -p $PMA_SSL_DIR; \
73+
chmod 1777 $SESSION_SAVE_PATH; \
74+
chmod 755 $PMA_SSL_DIR; \
75+
chown www-data:www-data /etc/phpmyadmin; \
76+
chown www-data:www-data $PMA_SSL_DIR; \
77+
chown www-data:www-data $SESSION_SAVE_PATH; \
6178
\
6279
{ \
6380
echo 'opcache.memory_consumption=128'; \
@@ -83,6 +100,8 @@ RUN set -ex; \
83100
echo 'session.save_path=${SESSION_SAVE_PATH}'; \
84101
} > $PHP_INI_DIR/conf.d/phpmyadmin-misc.ini
85102

103+
USER www-data:www-data
104+
86105
# Calculate download URL
87106
ENV VERSION 5.2.1
88107
ENV SHA256 373f9599dfbd96d6fe75316d5dad189e68c305f297edf42377db9dd6b41b2557
@@ -100,21 +119,6 @@ LABEL org.opencontainers.image.title="Official phpMyAdmin Docker image" \
100119

101120
# Download tarball, verify it using gpg and extract
102121
RUN set -ex; \
103-
\
104-
savedAptMark="$(apt-mark showmanual)"; \
105-
\
106-
apt-get update; \
107-
apt-get install -y --no-install-recommends \
108-
gnupg \
109-
dirmngr \
110-
; \
111-
mkdir $SESSION_SAVE_PATH; \
112-
mkdir -p $PMA_SSL_DIR; \
113-
chmod 1777 $SESSION_SAVE_PATH; \
114-
chmod 755 $PMA_SSL_DIR; \
115-
chown www-data:www-data $SESSION_SAVE_PATH; \
116-
chown www-data:www-data $PMA_SSL_DIR; \
117-
\
118122
export GNUPGHOME="$(mktemp -d)"; \
119123
export GPGKEY="3D06A59ECE730EB71B511C17CE752F178259BD92"; \
120124
curl -fsSL -o phpMyAdmin.tar.xz $URL; \
@@ -127,20 +131,13 @@ RUN set -ex; \
127131
gpg --batch --verify phpMyAdmin.tar.xz.asc phpMyAdmin.tar.xz; \
128132
tar -xf phpMyAdmin.tar.xz -C /var/www/html --strip-components=1; \
129133
mkdir -p /var/www/html/tmp; \
130-
chown www-data:www-data /var/www/html/tmp; \
131134
gpgconf --kill all; \
132135
rm -r "$GNUPGHOME" phpMyAdmin.tar.xz phpMyAdmin.tar.xz.asc; \
133136
rm -r -v /var/www/html/setup/ /var/www/html/examples/ /var/www/html/js/src/ /var/www/html/babel.config.json /var/www/html/doc/html/_sources/ /var/www/html/RELEASE-DATE-$VERSION /var/www/html/CONTRIBUTING.md; \
134137
grep -q -F "'configFile' => ROOT_PATH . 'config.inc.php'," /var/www/html/libraries/vendor_config.php; \
135138
sed -i "s@'configFile' => .*@'configFile' => '/etc/phpmyadmin/config.inc.php',@" /var/www/html/libraries/vendor_config.php; \
136139
grep -q -F "'configFile' => '/etc/phpmyadmin/config.inc.php'," /var/www/html/libraries/vendor_config.php; \
137-
php -l /var/www/html/libraries/vendor_config.php; \
138-
chown -R www-data:www-data -R /var/www/html/; \
139-
\
140-
apt-mark auto '.*' > /dev/null; \
141-
apt-mark manual $savedAptMark; \
142-
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
143-
rm -rf /var/lib/apt/lists/*
140+
php -l /var/www/html/libraries/vendor_config.php;
144141

145142
# Copy configuration
146143
COPY --chown=www-data:www-data config.inc.php /etc/phpmyadmin/config.inc.php
@@ -149,5 +146,6 @@ COPY --chown=www-data:www-data helpers.php /etc/phpmyadmin/helpers.php
149146
# Copy main script
150147
COPY docker-entrypoint.sh /docker-entrypoint.sh
151148

149+
USER root
152150
ENTRYPOINT [ "/docker-entrypoint.sh" ]
153151
CMD ["apache2-foreground"]

fpm-alpine/Dockerfile

Lines changed: 14 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,11 @@
11
# DO NOT EDIT: created by update.sh from Dockerfile-alpine.template
22
FROM php:8.2-fpm-alpine
33

4-
# docker-entrypoint.sh dependencies
4+
# install and docker-entrypoint.sh dependencies
55
RUN apk add --no-cache \
66
bash \
7-
tzdata
7+
tzdata \
8+
gnupg
89

910
# Install dependencies
1011
RUN set -ex; \
@@ -47,6 +48,13 @@ ENV UPLOAD_LIMIT 2048K
4748
ENV TZ UTC
4849
ENV SESSION_SAVE_PATH /sessions
4950
RUN set -ex; \
51+
mkdir $SESSION_SAVE_PATH; \
52+
mkdir -p $PMA_SSL_DIR; \
53+
chmod 1777 $SESSION_SAVE_PATH; \
54+
chmod 755 $PMA_SSL_DIR; \
55+
chown www-data:www-data /etc/phpmyadmin; \
56+
chown www-data:www-data $PMA_SSL_DIR; \
57+
chown www-data:www-data $SESSION_SAVE_PATH; \
5058
\
5159
{ \
5260
echo 'opcache.memory_consumption=128'; \
@@ -72,6 +80,8 @@ RUN set -ex; \
7280
echo 'session.save_path=${SESSION_SAVE_PATH}'; \
7381
} > $PHP_INI_DIR/conf.d/phpmyadmin-misc.ini
7482

83+
USER www-data:www-data
84+
7585
# Calculate download URL
7686
ENV VERSION 5.2.1
7787
ENV SHA256 373f9599dfbd96d6fe75316d5dad189e68c305f297edf42377db9dd6b41b2557
@@ -89,15 +99,6 @@ LABEL org.opencontainers.image.title="Official phpMyAdmin Docker image" \
8999

90100
# Download tarball, verify it using gpg and extract
91101
RUN set -ex; \
92-
apk add --no-cache --virtual .fetch-deps \
93-
gnupg \
94-
; \
95-
mkdir $SESSION_SAVE_PATH; \
96-
mkdir -p $PMA_SSL_DIR; \
97-
chmod 1777 $SESSION_SAVE_PATH; \
98-
chmod 755 $PMA_SSL_DIR; \
99-
chown www-data:www-data $SESSION_SAVE_PATH; \
100-
chown www-data:www-data $PMA_SSL_DIR; \
101102
\
102103
export GNUPGHOME="$(mktemp -d)"; \
103104
export GPGKEY="3D06A59ECE730EB71B511C17CE752F178259BD92"; \
@@ -111,16 +112,13 @@ RUN set -ex; \
111112
gpg --batch --verify phpMyAdmin.tar.xz.asc phpMyAdmin.tar.xz; \
112113
tar -xf phpMyAdmin.tar.xz -C /var/www/html --strip-components=1; \
113114
mkdir -p /var/www/html/tmp; \
114-
chown www-data:www-data /var/www/html/tmp; \
115115
gpgconf --kill all; \
116116
rm -r "$GNUPGHOME" phpMyAdmin.tar.xz phpMyAdmin.tar.xz.asc; \
117117
rm -r -v /var/www/html/setup/ /var/www/html/examples/ /var/www/html/js/src/ /var/www/html/babel.config.json /var/www/html/doc/html/_sources/ /var/www/html/RELEASE-DATE-$VERSION /var/www/html/CONTRIBUTING.md; \
118118
grep -q -F "'configFile' => ROOT_PATH . 'config.inc.php'," /var/www/html/libraries/vendor_config.php; \
119119
sed -i "s@'configFile' => .*@'configFile' => '/etc/phpmyadmin/config.inc.php',@" /var/www/html/libraries/vendor_config.php; \
120120
grep -q -F "'configFile' => '/etc/phpmyadmin/config.inc.php'," /var/www/html/libraries/vendor_config.php; \
121-
php -l /var/www/html/libraries/vendor_config.php; \
122-
chown -R www-data:www-data -R /var/www/html/; \
123-
apk del --no-network .fetch-deps
121+
php -l /var/www/html/libraries/vendor_config.php;
124122

125123
# Copy configuration
126124
COPY --chown=www-data:www-data config.inc.php /etc/phpmyadmin/config.inc.php
@@ -129,5 +127,6 @@ COPY --chown=www-data:www-data helpers.php /etc/phpmyadmin/helpers.php
129127
# Copy main script
130128
COPY docker-entrypoint.sh /docker-entrypoint.sh
131129

130+
USER root
132131
ENTRYPOINT [ "/docker-entrypoint.sh" ]
133132
CMD ["php-fpm"]

0 commit comments

Comments
 (0)