diff --git a/5.7/Dockerfile b/5.7/Dockerfile index bb2453431..cc999d7af 100644 --- a/5.7/Dockerfile +++ b/5.7/Dockerfile @@ -1,18 +1,25 @@ -FROM debian:jessie +FROM debian:stretch-slim # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added RUN groupadd -r mysql && useradd -r -g mysql mysql +RUN apt-get update && apt-get install -y --no-install-recommends gnupg dirmngr && rm -rf /var/lib/apt/lists/* + # add gosu for easy step-down from root ENV GOSU_VERSION 1.7 + +RUN apt-get update -y && \ + apt install -y gnupg2 + RUN set -x \ && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ && export GNUPGHOME="$(mktemp -d)" \ - && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ - && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ - && rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \ + && gpg2 --batch --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg2 --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \ && chmod +x /usr/local/bin/gosu \ && gosu nobody true \ && apt-get purge -y --auto-remove ca-certificates wget @@ -36,33 +43,37 @@ RUN set -ex; \ # gpg: key 5072E1F5: public key "MySQL Release Engineering " imported key='A4A9406876FCBD3C456770C88C718D3B5072E1F5'; \ export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ - gpg --export "$key" > /etc/apt/trusted.gpg.d/mysql.gpg; \ - rm -r "$GNUPGHOME"; \ + #gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ + gpg --batch --keyserver pgpkeys.uk --recv-keys A4A9406876FCBD3C456770C88C718D3B5072E1F5; \ + gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/mysql.gpg; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ apt-key list > /dev/null ENV MYSQL_MAJOR 5.7 -ENV MYSQL_VERSION 5.7.19-1debian8 +ENV MYSQL_VERSION 5.7.24-1debian9 -RUN echo "deb http://repo.mysql.com/apt/debian/ jessie mysql-${MYSQL_MAJOR}" > /etc/apt/sources.list.d/mysql.list +RUN echo "deb http://repo.mysql.com/apt/debian/ stretch mysql-${MYSQL_MAJOR}" > /etc/apt/sources.list.d/mysql.list # the "/var/lib/mysql" stuff here is because the mysql-server postinst doesn't have an explicit way to disable the mysql_install_db codepath besides having a database already "configured" (ie, stuff in /var/lib/mysql/mysql) # also, we set debconf keys to make APT a little quieter RUN { \ - echo mysql-community-server mysql-community-server/data-dir select ''; \ - echo mysql-community-server mysql-community-server/root-pass password ''; \ - echo mysql-community-server mysql-community-server/re-root-pass password ''; \ - echo mysql-community-server mysql-community-server/remove-test-db select false; \ + echo mysql-community-server mysql-community-server/data-dir select ''; \ + echo mysql-community-server mysql-community-server/root-pass password ''; \ + echo mysql-community-server mysql-community-server/re-root-pass password ''; \ + echo mysql-community-server mysql-community-server/remove-test-db select false; \ } | debconf-set-selections \ && apt-get update && apt-get install -y mysql-server="${MYSQL_VERSION}" && rm -rf /var/lib/apt/lists/* \ && rm -rf /var/lib/mysql && mkdir -p /var/lib/mysql /var/run/mysqld \ && chown -R mysql:mysql /var/lib/mysql /var/run/mysqld \ # ensure that /var/run/mysqld (used for socket and lock files) is writable regardless of the UID our mysqld instance ends up having at runtime - && chmod 777 /var/run/mysqld - + && chmod 777 /var/run/mysqld \ # comment out a few problematic configuration values + && find /etc/mysql/ -name '*.cnf' -print0 \ + | xargs -0 grep -lZE '^(bind-address|log)' \ + | xargs -rt -0 sed -Ei 's/^(bind-address|log)/#&/' \ # don't reverse lookup hostnames, they are usually another container -RUN sed -Ei 's/^(bind-address|log)/#&/' /etc/mysql/mysql.conf.d/mysqld.cnf \ +# RUN sed -Ei 's/^(bind-address|log)/#&/' /etc/mysql/mysql.conf.d/mysqld.cnf \ && echo '[mysqld]\nskip-host-cache\nskip-name-resolve' > /etc/mysql/conf.d/docker.cnf VOLUME /var/lib/mysql @@ -71,5 +82,5 @@ COPY docker-entrypoint.sh /usr/local/bin/ RUN ln -s usr/local/bin/docker-entrypoint.sh /entrypoint.sh # backwards compat ENTRYPOINT ["docker-entrypoint.sh"] -EXPOSE 3306 +EXPOSE 3306 33060 CMD ["mysqld"]