Updated nginx to latest version #17664
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Diff for a24c628:diff --git a/_bashbrew-cat b/_bashbrew-cat
index a777f54..22cb3ef 100644
--- a/_bashbrew-cat
+++ b/_bashbrew-cat
@@ -36,37 +36,37 @@ Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
GitCommit: e78cf70ce7b73a0c9ea734c9cf8aaaa283c1cc5a
Directory: stable/debian-perl
-Tags: 1.27.1, mainline, 1, 1.27, latest, 1.27.1-bookworm, mainline-bookworm, 1-bookworm, 1.27-bookworm, bookworm
+Tags: 1.27.2, mainline, 1, 1.27, latest, 1.27.2-bookworm, mainline-bookworm, 1-bookworm, 1.27-bookworm, bookworm
Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
-GitCommit: e78cf70ce7b73a0c9ea734c9cf8aaaa283c1cc5a
+GitCommit: 6a4c0cb4ac7e53bbbe473df71b61a5bf9f95252f
Directory: mainline/debian
-Tags: 1.27.1-alpine, mainline-alpine, 1-alpine, 1.27-alpine, alpine, 1.27.1-alpine3.20, mainline-alpine3.20, 1-alpine3.20, 1.27-alpine3.20, alpine3.20
+Tags: 1.27.2-alpine, mainline-alpine, 1-alpine, 1.27-alpine, alpine, 1.27.2-alpine3.20, mainline-alpine3.20, 1-alpine3.20, 1.27-alpine3.20, alpine3.20
Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, s390x
-GitCommit: 239684923b2c652b0767540d180de7f7e84bd9fa
+GitCommit: 6a4c0cb4ac7e53bbbe473df71b61a5bf9f95252f
Directory: mainline/alpine
-Tags: 1.27.1-alpine-otel, mainline-alpine-otel, 1-alpine-otel, 1.27-alpine-otel, alpine-otel, 1.27.1-alpine3.20-otel, mainline-alpine3.20-otel, 1-alpine3.20-otel, 1.27-alpine3.20-otel, alpine3.20-otel
+Tags: 1.27.2-alpine-otel, mainline-alpine-otel, 1-alpine-otel, 1.27-alpine-otel, alpine-otel, 1.27.2-alpine3.20-otel, mainline-alpine3.20-otel, 1-alpine3.20-otel, 1.27-alpine3.20-otel, alpine3.20-otel
Architectures: amd64, arm64v8
-GitCommit: 239684923b2c652b0767540d180de7f7e84bd9fa
+GitCommit: 6a4c0cb4ac7e53bbbe473df71b61a5bf9f95252f
Directory: mainline/alpine-otel
-Tags: 1.27.1-alpine-perl, mainline-alpine-perl, 1-alpine-perl, 1.27-alpine-perl, alpine-perl, 1.27.1-alpine3.20-perl, mainline-alpine3.20-perl, 1-alpine3.20-perl, 1.27-alpine3.20-perl, alpine3.20-perl
+Tags: 1.27.2-alpine-perl, mainline-alpine-perl, 1-alpine-perl, 1.27-alpine-perl, alpine-perl, 1.27.2-alpine3.20-perl, mainline-alpine3.20-perl, 1-alpine3.20-perl, 1.27-alpine3.20-perl, alpine3.20-perl
Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, s390x
-GitCommit: 239684923b2c652b0767540d180de7f7e84bd9fa
+GitCommit: 6a4c0cb4ac7e53bbbe473df71b61a5bf9f95252f
Directory: mainline/alpine-perl
-Tags: 1.27.1-alpine-slim, mainline-alpine-slim, 1-alpine-slim, 1.27-alpine-slim, alpine-slim, 1.27.1-alpine3.20-slim, mainline-alpine3.20-slim, 1-alpine3.20-slim, 1.27-alpine3.20-slim, alpine3.20-slim
+Tags: 1.27.2-alpine-slim, mainline-alpine-slim, 1-alpine-slim, 1.27-alpine-slim, alpine-slim, 1.27.2-alpine3.20-slim, mainline-alpine3.20-slim, 1-alpine3.20-slim, 1.27-alpine3.20-slim, alpine3.20-slim
Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, s390x
-GitCommit: 239684923b2c652b0767540d180de7f7e84bd9fa
+GitCommit: 6a4c0cb4ac7e53bbbe473df71b61a5bf9f95252f
Directory: mainline/alpine-slim
-Tags: 1.27.1-otel, mainline-otel, 1-otel, 1.27-otel, otel, 1.27.1-bookworm-otel, mainline-bookworm-otel, 1-bookworm-otel, 1.27-bookworm-otel, bookworm-otel
+Tags: 1.27.2-otel, mainline-otel, 1-otel, 1.27-otel, otel, 1.27.2-bookworm-otel, mainline-bookworm-otel, 1-bookworm-otel, 1.27-bookworm-otel, bookworm-otel
Architectures: amd64, arm64v8
-GitCommit: e78cf70ce7b73a0c9ea734c9cf8aaaa283c1cc5a
+GitCommit: 6a4c0cb4ac7e53bbbe473df71b61a5bf9f95252f
Directory: mainline/debian-otel
-Tags: 1.27.1-perl, mainline-perl, 1-perl, 1.27-perl, perl, 1.27.1-bookworm-perl, mainline-bookworm-perl, 1-bookworm-perl, 1.27-bookworm-perl, bookworm-perl
+Tags: 1.27.2-perl, mainline-perl, 1-perl, 1.27-perl, perl, 1.27.2-bookworm-perl, mainline-bookworm-perl, 1-bookworm-perl, 1.27-bookworm-perl, bookworm-perl
Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
-GitCommit: e78cf70ce7b73a0c9ea734c9cf8aaaa283c1cc5a
+GitCommit: 6a4c0cb4ac7e53bbbe473df71b61a5bf9f95252f
Directory: mainline/debian-perl
diff --git a/_bashbrew-list b/_bashbrew-list
index be69455..06c9aca 100644
--- a/_bashbrew-list
+++ b/_bashbrew-list
@@ -54,20 +54,20 @@ nginx:1.27-bookworm-otel
nginx:1.27-bookworm-perl
nginx:1.27-otel
nginx:1.27-perl
-nginx:1.27.1
-nginx:1.27.1-alpine
-nginx:1.27.1-alpine3.20
-nginx:1.27.1-alpine3.20-otel
-nginx:1.27.1-alpine3.20-perl
-nginx:1.27.1-alpine3.20-slim
-nginx:1.27.1-alpine-otel
-nginx:1.27.1-alpine-perl
-nginx:1.27.1-alpine-slim
-nginx:1.27.1-bookworm
-nginx:1.27.1-bookworm-otel
-nginx:1.27.1-bookworm-perl
-nginx:1.27.1-otel
-nginx:1.27.1-perl
+nginx:1.27.2
+nginx:1.27.2-alpine
+nginx:1.27.2-alpine3.20
+nginx:1.27.2-alpine3.20-otel
+nginx:1.27.2-alpine3.20-perl
+nginx:1.27.2-alpine3.20-slim
+nginx:1.27.2-alpine-otel
+nginx:1.27.2-alpine-perl
+nginx:1.27.2-alpine-slim
+nginx:1.27.2-bookworm
+nginx:1.27.2-bookworm-otel
+nginx:1.27.2-bookworm-perl
+nginx:1.27.2-otel
+nginx:1.27.2-perl
nginx:alpine
nginx:alpine3.20
nginx:alpine3.20-otel
diff --git a/nginx_alpine3.20-otel/Dockerfile b/nginx_alpine3.20-otel/Dockerfile
index 320fb07..d396fa2 100644
--- a/nginx_alpine3.20-otel/Dockerfile
+++ b/nginx_alpine3.20-otel/Dockerfile
@@ -3,7 +3,7 @@
#
# PLEASE DO NOT EDIT IT DIRECTLY.
#
-FROM nginx:1.27.1-alpine
+FROM nginx:1.27.2-alpine
ENV OTEL_VERSION 0.1.0
@@ -50,8 +50,8 @@ RUN set -x \
&& su nobody -s /bin/sh -c " \
export HOME=${tempDir} \
&& cd ${tempDir} \
- && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \
- && PKGOSSCHECKSUM=\"b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \
+ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \
+ && PKGOSSCHECKSUM=\"6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \
&& if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \
echo \"pkg-oss tarball checksum verification succeeded!\"; \
else \
diff --git a/nginx_alpine3.20-perl/Dockerfile b/nginx_alpine3.20-perl/Dockerfile
index dc7219f..db4489c 100644
--- a/nginx_alpine3.20-perl/Dockerfile
+++ b/nginx_alpine3.20-perl/Dockerfile
@@ -3,7 +3,7 @@
#
# PLEASE DO NOT EDIT IT DIRECTLY.
#
-FROM nginx:1.27.1-alpine
+FROM nginx:1.27.2-alpine
RUN set -x \
&& apkArch="$(cat /etc/apk/arch)" \
@@ -45,8 +45,8 @@ RUN set -x \
&& su nobody -s /bin/sh -c " \
export HOME=${tempDir} \
&& cd ${tempDir} \
- && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \
- && PKGOSSCHECKSUM=\"b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \
+ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \
+ && PKGOSSCHECKSUM=\"6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \
&& if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \
echo \"pkg-oss tarball checksum verification succeeded!\"; \
else \
diff --git a/nginx_alpine3.20-slim/15-local-resolvers.envsh b/nginx_alpine3.20-slim/15-local-resolvers.envsh
index 450a999..e830dda 100755
--- a/nginx_alpine3.20-slim/15-local-resolvers.envsh
+++ b/nginx_alpine3.20-slim/15-local-resolvers.envsh
@@ -9,4 +9,7 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
[ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0
NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {if ($2 ~ ":") {print "["$2"]"} else {print $2}}' /etc/resolv.conf)
+
+NGINX_LOCAL_RESOLVERS="${NGINX_LOCAL_RESOLVERS% }"
+
export NGINX_LOCAL_RESOLVERS
diff --git a/nginx_alpine3.20-slim/Dockerfile b/nginx_alpine3.20-slim/Dockerfile
index a931809..1491b23 100644
--- a/nginx_alpine3.20-slim/Dockerfile
+++ b/nginx_alpine3.20-slim/Dockerfile
@@ -7,9 +7,9 @@ FROM alpine:3.20
LABEL maintainer="NGINX Docker Maintainers <[email protected]>"
-ENV NGINX_VERSION 1.27.1
+ENV NGINX_VERSION 1.27.2
ENV PKG_RELEASE 1
-ENV DYNPKG_RELEASE 2
+ENV DYNPKG_RELEASE 1
RUN set -x \
# create nginx user/group first, to be consistent throughout docker variants
@@ -58,8 +58,8 @@ RUN set -x \
&& su nobody -s /bin/sh -c " \
export HOME=${tempDir} \
&& cd ${tempDir} \
- && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \
- && PKGOSSCHECKSUM=\"b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \
+ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \
+ && PKGOSSCHECKSUM=\"6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \
&& if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \
echo \"pkg-oss tarball checksum verification succeeded!\"; \
else \
diff --git a/nginx_alpine3.20/Dockerfile b/nginx_alpine3.20/Dockerfile
index 1bb5b53..246edd8 100644
--- a/nginx_alpine3.20/Dockerfile
+++ b/nginx_alpine3.20/Dockerfile
@@ -3,9 +3,9 @@
#
# PLEASE DO NOT EDIT IT DIRECTLY.
#
-FROM nginx:1.27.1-alpine-slim
+FROM nginx:1.27.2-alpine-slim
-ENV NJS_VERSION 0.8.5
+ENV NJS_VERSION 0.8.6
ENV NJS_RELEASE 1
RUN set -x \
@@ -50,8 +50,8 @@ RUN set -x \
&& su nobody -s /bin/sh -c " \
export HOME=${tempDir} \
&& cd ${tempDir} \
- && curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \
- && PKGOSSCHECKSUM=\"b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \
+ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \
+ && PKGOSSCHECKSUM=\"6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \
&& if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \
echo \"pkg-oss tarball checksum verification succeeded!\"; \
else \
diff --git a/nginx_bookworm-otel/Dockerfile b/nginx_bookworm-otel/Dockerfile
index 58a5cd9..9cc28f6 100644
--- a/nginx_bookworm-otel/Dockerfile
+++ b/nginx_bookworm-otel/Dockerfile
@@ -3,7 +3,7 @@
#
# PLEASE DO NOT EDIT IT DIRECTLY.
#
-FROM nginx:1.27.1
+FROM nginx:1.27.2
ENV OTEL_VERSION 0.1.0
@@ -26,24 +26,46 @@ RUN set -x; \
;; \
*) \
# we're on an architecture upstream doesn't officially build for
-# let's build binaries from the published source packages
- echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \
- \
+# let's build binaries from the published packaging sources
# new directory for storing sources and .deb files
- && tempDir="$(mktemp -d)" \
+ tempDir="$(mktemp -d)" \
&& chmod 777 "$tempDir" \
# (777 to ensure APT's "_apt" user can access it too)
\
# save list of currently-installed packages so build dependencies can be cleanly removed later
&& savedAptMark="$(apt-mark showmanual)" \
\
-# build .deb files from upstream's source packages (which are verified by apt-get)
+# build .deb files from upstream's packaging sources
&& apt-get update \
- && apt-get build-dep -y nginx-module-otel \
+ && apt-get install --no-install-recommends --no-install-suggests -y \
+ curl \
+ devscripts \
+ equivs \
+ git \
+ libxml2-utils \
+ lsb-release \
+ xsltproc \
&& ( \
cd "$tempDir" \
- && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \
- apt-get source --compile nginx-module-otel \
+ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \
+ && REVISION=${REVISION%~*} \
+ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \
+ && PKGOSSCHECKSUM="6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${REVISION}.tar.gz" \
+ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \
+ echo "pkg-oss tarball checksum verification succeeded!"; \
+ else \
+ echo "pkg-oss tarball checksum verification failed!"; \
+ exit 1; \
+ fi \
+ && tar xzvf ${REVISION}.tar.gz \
+ && cd pkg-oss-${REVISION} \
+ && cd debian \
+ && for target in module-otel; do \
+ make rules-$target; \
+ mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \
+ debuild-$target/nginx-$NGINX_VERSION/debian/control; \
+ done \
+ && make module-otel \
) \
# we don't remove APT lists here because they get re-downloaded and removed later
\
diff --git a/nginx_bookworm-perl/Dockerfile b/nginx_bookworm-perl/Dockerfile
index e3a51fb..ef4bcf3 100644
--- a/nginx_bookworm-perl/Dockerfile
+++ b/nginx_bookworm-perl/Dockerfile
@@ -3,7 +3,7 @@
#
# PLEASE DO NOT EDIT IT DIRECTLY.
#
-FROM nginx:1.27.1
+FROM nginx:1.27.2
RUN set -x; \
NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \
@@ -24,24 +24,46 @@ RUN set -x; \
;; \
*) \
# we're on an architecture upstream doesn't officially build for
-# let's build binaries from the published source packages
- echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \
- \
+# let's build binaries from the published packaging sources
# new directory for storing sources and .deb files
- && tempDir="$(mktemp -d)" \
+ tempDir="$(mktemp -d)" \
&& chmod 777 "$tempDir" \
# (777 to ensure APT's "_apt" user can access it too)
\
# save list of currently-installed packages so build dependencies can be cleanly removed later
&& savedAptMark="$(apt-mark showmanual)" \
\
-# build .deb files from upstream's source packages (which are verified by apt-get)
+# build .deb files from upstream's packaging sources
&& apt-get update \
- && apt-get build-dep -y nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \
+ && apt-get install --no-install-recommends --no-install-suggests -y \
+ curl \
+ devscripts \
+ equivs \
+ git \
+ libxml2-utils \
+ lsb-release \
+ xsltproc \
&& ( \
cd "$tempDir" \
- && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \
- apt-get source --compile nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \
+ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \
+ && REVISION=${REVISION%~*} \
+ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \
+ && PKGOSSCHECKSUM="6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${REVISION}.tar.gz" \
+ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \
+ echo "pkg-oss tarball checksum verification succeeded!"; \
+ else \
+ echo "pkg-oss tarball checksum verification failed!"; \
+ exit 1; \
+ fi \
+ && tar xzvf ${REVISION}.tar.gz \
+ && cd pkg-oss-${REVISION} \
+ && cd debian \
+ && for target in module-perl; do \
+ make rules-$target; \
+ mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \
+ debuild-$target/nginx-$NGINX_VERSION/debian/control; \
+ done \
+ && make module-perl \
) \
# we don't remove APT lists here because they get re-downloaded and removed later
\
diff --git a/nginx_bookworm/15-local-resolvers.envsh b/nginx_bookworm/15-local-resolvers.envsh
index 450a999..e830dda 100755
--- a/nginx_bookworm/15-local-resolvers.envsh
+++ b/nginx_bookworm/15-local-resolvers.envsh
@@ -9,4 +9,7 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
[ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0
NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {if ($2 ~ ":") {print "["$2"]"} else {print $2}}' /etc/resolv.conf)
+
+NGINX_LOCAL_RESOLVERS="${NGINX_LOCAL_RESOLVERS% }"
+
export NGINX_LOCAL_RESOLVERS
diff --git a/nginx_bookworm/Dockerfile b/nginx_bookworm/Dockerfile
index 40a9838..2e9d964 100644
--- a/nginx_bookworm/Dockerfile
+++ b/nginx_bookworm/Dockerfile
@@ -7,11 +7,11 @@ FROM debian:bookworm-slim
LABEL maintainer="NGINX Docker Maintainers <[email protected]>"
-ENV NGINX_VERSION 1.27.1
-ENV NJS_VERSION 0.8.5
+ENV NGINX_VERSION 1.27.2
+ENV NJS_VERSION 0.8.6
ENV NJS_RELEASE 1~bookworm
ENV PKG_RELEASE 1~bookworm
-ENV DYNPKG_RELEASE 2~bookworm
+ENV DYNPKG_RELEASE 1~bookworm
RUN set -x \
# create nginx user/group first, to be consistent throughout docker variants
@@ -53,24 +53,46 @@ RUN set -x \
;; \
*) \
# we're on an architecture upstream doesn't officially build for
-# let's build binaries from the published source packages
- echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \
- \
+# let's build binaries from the published packaging sources
# new directory for storing sources and .deb files
- && tempDir="$(mktemp -d)" \
+ tempDir="$(mktemp -d)" \
&& chmod 777 "$tempDir" \
# (777 to ensure APT's "_apt" user can access it too)
\
# save list of currently-installed packages so build dependencies can be cleanly removed later
&& savedAptMark="$(apt-mark showmanual)" \
\
-# build .deb files from upstream's source packages (which are verified by apt-get)
+# build .deb files from upstream's packaging sources
&& apt-get update \
- && apt-get build-dep -y $nginxPackages \
+ && apt-get install --no-install-recommends --no-install-suggests -y \
+ curl \
+ devscripts \
+ equivs \
+ git \
+ libxml2-utils \
+ lsb-release \
+ xsltproc \
&& ( \
cd "$tempDir" \
- && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \
- apt-get source --compile $nginxPackages \
+ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \
+ && REVISION=${REVISION%~*} \
+ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \
+ && PKGOSSCHECKSUM="6982e2df739645fc72db5bdf994032f799718230e7016e811d9d482e5cf41814c888660ca9a68814d5e99ab571e892ada3bd43166e720cbf04c7f85b6934772c *${REVISION}.tar.gz" \
+ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \
+ echo "pkg-oss tarball checksum verification succeeded!"; \
+ else \
+ echo "pkg-oss tarball checksum verification failed!"; \
+ exit 1; \
+ fi \
+ && tar xzvf ${REVISION}.tar.gz \
+ && cd pkg-oss-${REVISION} \
+ && cd debian \
+ && for target in base module-geoip module-image-filter module-njs module-xslt; do \
+ make rules-$target; \
+ mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \
+ debuild-$target/nginx-$NGINX_VERSION/debian/control; \
+ done \
+ && make base module-geoip module-image-filter module-njs module-xslt \
) \
# we don't remove APT lists here because they get re-downloaded and removed later
\Relevant Maintainers:
|
yosifkit
approved these changes
Oct 3, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Nginx updated to 1.27.2, njs inside the image is updated to 0.8.6.