Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Alpine based version. Almost the same as the standard version. #3872

Merged
merged 3 commits into from
Jan 5, 2018
Merged

Alpine based version. Almost the same as the standard version. #3872

merged 3 commits into from
Jan 5, 2018

Conversation

nicolas-albert
Copy link
Contributor

There is something else to do ?

tianon
tianon reviewed Jan 5, 2018
View reviewed changes
library/convertigo Outdated

Tags: 7.5.0, 7.5, latest
Architectures: amd64, arm32v7, arm64v8, i386
Directory: 7.5/7.5.0

Tags: 7.5.0-alpine, 7.5-alpine, alpine
Architectures: amd64, arm32v7, arm64v8, i386
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Alpine doesn't actually support arm32v7 -- you wanted arm32v6 here.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See also:

$ bashbrew cat tomcat:7.0.82-jre8-alpine
Maintainers: Tianon Gravi <[email protected]> (@tianon), Joseph Ferguson <[email protected]> (@yosifkit)
Tags: 7.0.82-jre8-alpine, 7.0-jre8-alpine, 7-jre8-alpine
Architectures: amd64, arm32v6, arm64v8, i386, ppc64le, s390x
GitRepo: https://github.com/docker-library/tomcat.git
GitFetch: refs/heads/master
GitCommit: 5a78361a9ce7ef48979acbcabe2acd9342d0168a
Directory: 7/jre8-alpine

@nicolas-albert
Copy link
Contributor Author

I just build this on my Raspberry pi3 (armv7) without any problem:

$ docker run --rm -it c8o-alpine bash
bash-4.4# apk --print arch
armhf
bash-4.4# uname -a
Linux bcdc47f49c83 4.9.66-v7+ #1059 SMP Fri Dec 1 15:38:42 GMT 2017 armv7l Linux

This is a bug ? 😅

@tianon
Copy link
Member

tianon commented Jan 5, 2018

Nope, not a bug at all -- uname is showing you details about your host kernel (which is armv7l, and which is why we never do arch detection via uname as a general rule). When you do docker run on an image like alpine:3.7, it's running the first arm variant it finds (see moby/moby#34875). Lastly, arm32v6 images are totally compatible and runnable on arm32v7 devices (and we actually build them on an arm64v8 device which is compatible with running arm32 code).

@nicolas-albert
Copy link
Contributor Author

Ah ok, I just check and it make sense:

$ docker pull arm32v7/tomcat:7.0.82-jre8-alpine
Error response from daemon: manifest for arm32v7/tomcat:7.0.82-jre8-alpine not found
$ docker pull arm32v6/tomcat:7.0.82-jre8-alpine
7.0.82-jre8-alpine: Pulling from arm32v6/tomcat
Digest: sha256:ccfd36623f5495b11c55dc0ca43c793d148dcb357f042afe5ff600a9d99d05bd
Status: Downloaded newer image for arm32v6/tomcat:7.0.82-jre8-alpine

I'll commit with arm32v6 for alpine tags.

@yosifkit
Copy link
Member

yosifkit commented Jan 5, 2018

Diff: 
diff --git a/_bashbrew-arches b/_bashbrew-arches
index b7ca3a9..e2b225c 100644
--- a/_bashbrew-arches
+++ b/_bashbrew-arches
@@ -2,6 +2,14 @@ convertigo:7.4 @ amd64
 convertigo:7.4 @ arm32v7
 convertigo:7.4 @ arm64v8
 convertigo:7.4 @ i386
+convertigo:7.4-alpine @ amd64
+convertigo:7.4-alpine @ arm32v6
+convertigo:7.4-alpine @ arm64v8
+convertigo:7.4-alpine @ i386
+convertigo:alpine @ amd64
+convertigo:alpine @ arm32v6
+convertigo:alpine @ arm64v8
+convertigo:alpine @ i386
 convertigo:latest @ amd64
 convertigo:latest @ arm32v7
 convertigo:latest @ arm64v8
diff --git a/_bashbrew-list b/_bashbrew-list
index 22abf16..883f872 100644
--- a/_bashbrew-list
+++ b/_bashbrew-list
@@ -1,5 +1,10 @@
 convertigo:7.4
+convertigo:7.4-alpine
 convertigo:7.4.7
+convertigo:7.4.7-alpine
 convertigo:7.5
+convertigo:7.5-alpine
 convertigo:7.5.0
+convertigo:7.5.0-alpine
+convertigo:alpine
 convertigo:latest
diff --git a/convertigo_7.4/Dockerfile b/convertigo_7.4-alpine/Dockerfile
similarity index 82%
copy from convertigo_7.4/Dockerfile
copy to convertigo_7.4-alpine/Dockerfile
index 1457047..c04c837 100644
--- a/convertigo_7.4/Dockerfile
+++ b/convertigo_7.4-alpine/Dockerfile
@@ -13,7 +13,7 @@
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, see<http://www.gnu.org/licenses/>.
 
-FROM tomcat:7.0.82-jre8
+FROM tomcat:7.0.82-jre8-alpine
 
 
 MAINTAINER Nicolas Albert [email protected]
@@ -22,13 +22,10 @@ ENV CATALINA_HOME /usr/local/tomcat
 RUN mkdir -p "$CATALINA_HOME"
 WORKDIR $CATALINA_HOME
 
-RUN apt-get update -y \
-  && apt-get install -y --no-install-recommends \
+RUN apk --no-cache add \
     ca-certificates \
     curl \
-    unzip \
-  && rm -rf /var/lib/apt/lists/*
-
+    unzip
 
 ## grab gosu for easy step-down from root and tini for signal handling
 ENV GOSU_VERSION 1.10
@@ -37,28 +34,31 @@ ENV TINI_VERSION 0.16.1
 ENV TINI_GPG_KEYS 6380DC428747F6C393FEACA59A84159D7001A4E5
 
 RUN export GNUPGHOME="$(mktemp -d)" \
+  && apk add --no-cache --virtual .arch dpkg \
+  && dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" \
   && ( gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GOSU_GPG_KEYS" \
   || gpg --keyserver pgp.mit.edu --recv-keys "$GOSU_GPG_KEYS" \
   || gpg --keyserver keyserver.pgp.com --recv-keys "$GOSU_GPG_KEYS" ) \
-  && curl -o /usr/local/bin/gosu -fSL "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-$(dpkg --print-architecture)" \
-  && curl -o /usr/local/bin/gosu.asc -fSL "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-$(dpkg --print-architecture).asc" \
+  && curl -o /usr/local/bin/gosu -fSL "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${dpkgArch}" \
+  && curl -o /usr/local/bin/gosu.asc -fSL "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${dpkgArch}.asc" \
   && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
   && rm /usr/local/bin/gosu.asc \
   && chmod +x /usr/local/bin/gosu \
   && ( gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$TINI_GPG_KEYS" \
   || gpg --keyserver pgp.mit.edu --recv-keys "$TINI_GPG_KEYS" \
   || gpg --keyserver keyserver.pgp.com --recv-keys "$TINI_GPG_KEYS" ) \
-  && curl -o /usr/local/bin/tini -fSL "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$(dpkg --print-architecture)" \
-  && curl -o /usr/local/bin/tini.asc -fSL "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$(dpkg --print-architecture).asc" \
+  && curl -o /usr/local/bin/tini -fSL "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-static-${dpkgArch}" \
+  && curl -o /usr/local/bin/tini.asc -fSL "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-static-${dpkgArch}.asc" \
   && gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini \
   && rm /usr/local/bin/tini.asc \
   && chmod +x /usr/local/bin/tini \
-  && rm -rf /tmp/*
+  && rm -rf /tmp/* \
+  && apk del .arch
 
 
 ## create a 'convertigo' user and fix some rights
 
-RUN useradd -s /bin/false -m convertigo \
+RUN adduser -s /bin/false -D convertigo \
     && mkdir -p /workspace/lib /workspace/classes \
     && chown -R convertigo:convertigo /workspace
 
@@ -98,9 +98,7 @@ RUN export GNUPGHOME="$(mktemp -d)" \
     && mkdir webapps/ROOT webapps/convertigo \
     && (cd webapps/convertigo \
         && unzip -q /tmp/convertigo.war \
-        && chmod a+x WEB-INF/xvnc/* \
-        && (test "$(dpkg --print-architecture)" != "i386" && rm -rf WEB-INF/xulrunner WEB-INF/xvnc WEB-INF/lib/swt_* || true) \
-        && rm -rf /tmp/*)
+        && rm -rf WEB-INF/xulrunner WEB-INF/xvnc WEB-INF/lib/swt_* /tmp/*)
 
 
 ## copy the ROOT index that redirect to the 'convertigo' webapps
@@ -108,10 +106,6 @@ RUN export GNUPGHOME="$(mktemp -d)" \
 COPY ./root-index.html webapps/ROOT/index.html
 COPY ./docker-entrypoint.sh /
 
-## force SWT to use GTK2 instead of GTK3 (no Xulrunner support)
-
-ENV SWT_GTK3 0
-
 WORKDIR /workspace
 VOLUME ["/workspace"]
 EXPOSE 28080
diff --git a/convertigo_7.4/docker-entrypoint.sh b/convertigo_7.4-alpine/docker-entrypoint.sh
similarity index 100%
copy from convertigo_7.4/docker-entrypoint.sh
copy to convertigo_7.4-alpine/docker-entrypoint.sh
diff --git a/convertigo_7.4/root-index.html b/convertigo_7.4-alpine/root-index.html
similarity index 100%
copy from convertigo_7.4/root-index.html
copy to convertigo_7.4-alpine/root-index.html
diff --git a/convertigo_7.4/Dockerfile b/convertigo_7.4/Dockerfile
index 1457047..179da68 100644
--- a/convertigo_7.4/Dockerfile
+++ b/convertigo_7.4/Dockerfile
@@ -105,8 +105,8 @@ RUN export GNUPGHOME="$(mktemp -d)" \
 
 ## copy the ROOT index that redirect to the 'convertigo' webapps
 
-COPY ./root-index.html webapps/ROOT/index.html
-COPY ./docker-entrypoint.sh /
+COPY ./alpine/root-index.html webapps/ROOT/index.html
+COPY ./alpine/docker-entrypoint.sh /
 
 ## force SWT to use GTK2 instead of GTK3 (no Xulrunner support)
 
diff --git a/convertigo_latest/docker-entrypoint.sh b/convertigo_7.4/alpine/docker-entrypoint.sh
similarity index 100%
rename from convertigo_latest/docker-entrypoint.sh
rename to convertigo_7.4/alpine/docker-entrypoint.sh
diff --git a/convertigo_latest/root-index.html b/convertigo_7.4/alpine/root-index.html
similarity index 100%
rename from convertigo_latest/root-index.html
rename to convertigo_7.4/alpine/root-index.html
diff --git a/convertigo_latest/Dockerfile b/convertigo_alpine/Dockerfile
similarity index 82%
copy from convertigo_latest/Dockerfile
copy to convertigo_alpine/Dockerfile
index d916511..34b9534 100644
--- a/convertigo_latest/Dockerfile
+++ b/convertigo_alpine/Dockerfile
@@ -13,7 +13,7 @@
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, see<http://www.gnu.org/licenses/>.
 
-FROM tomcat:7.0.82-jre8
+FROM tomcat:7.0.82-jre8-alpine
 
 
 MAINTAINER Nicolas Albert [email protected]
@@ -22,13 +22,10 @@ ENV CATALINA_HOME /usr/local/tomcat
 RUN mkdir -p "$CATALINA_HOME"
 WORKDIR $CATALINA_HOME
 
-RUN apt-get update -y \
-  && apt-get install -y --no-install-recommends \
+RUN apk --no-cache add \
     ca-certificates \
     curl \
-    unzip \
-  && rm -rf /var/lib/apt/lists/*
-
+    unzip
 
 ## grab gosu for easy step-down from root and tini for signal handling
 ENV GOSU_VERSION 1.10
@@ -37,28 +34,31 @@ ENV TINI_VERSION 0.16.1
 ENV TINI_GPG_KEYS 6380DC428747F6C393FEACA59A84159D7001A4E5
 
 RUN export GNUPGHOME="$(mktemp -d)" \
+  && apk add --no-cache --virtual .arch dpkg \
+  && dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" \
   && ( gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GOSU_GPG_KEYS" \
   || gpg --keyserver pgp.mit.edu --recv-keys "$GOSU_GPG_KEYS" \
   || gpg --keyserver keyserver.pgp.com --recv-keys "$GOSU_GPG_KEYS" ) \
-  && curl -o /usr/local/bin/gosu -fSL "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-$(dpkg --print-architecture)" \
-  && curl -o /usr/local/bin/gosu.asc -fSL "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-$(dpkg --print-architecture).asc" \
+  && curl -o /usr/local/bin/gosu -fSL "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${dpkgArch}" \
+  && curl -o /usr/local/bin/gosu.asc -fSL "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${dpkgArch}.asc" \
   && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
   && rm /usr/local/bin/gosu.asc \
   && chmod +x /usr/local/bin/gosu \
   && ( gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$TINI_GPG_KEYS" \
   || gpg --keyserver pgp.mit.edu --recv-keys "$TINI_GPG_KEYS" \
   || gpg --keyserver keyserver.pgp.com --recv-keys "$TINI_GPG_KEYS" ) \
-  && curl -o /usr/local/bin/tini -fSL "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$(dpkg --print-architecture)" \
-  && curl -o /usr/local/bin/tini.asc -fSL "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$(dpkg --print-architecture).asc" \
+  && curl -o /usr/local/bin/tini -fSL "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-static-${dpkgArch}" \
+  && curl -o /usr/local/bin/tini.asc -fSL "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-static-${dpkgArch}.asc" \
   && gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini \
   && rm /usr/local/bin/tini.asc \
   && chmod +x /usr/local/bin/tini \
-  && rm -rf /tmp/*
+  && rm -rf /tmp/* \
+  && apk del .arch
 
 
 ## create a 'convertigo' user and fix some rights
 
-RUN useradd -s /bin/false -m convertigo \
+RUN adduser -s /bin/false -D convertigo \
     && mkdir -p /workspace/lib /workspace/classes \
     && chown -R convertigo:convertigo /workspace
 
@@ -98,9 +98,7 @@ RUN export GNUPGHOME="$(mktemp -d)" \
     && mkdir webapps/ROOT webapps/convertigo \
     && (cd webapps/convertigo \
         && unzip -q /tmp/convertigo.war \
-        && chmod a+x WEB-INF/xvnc/* \
-        && (test "$(dpkg --print-architecture)" != "i386" && rm -rf WEB-INF/xulrunner WEB-INF/xvnc WEB-INF/lib/swt_* || true) \
-        && rm -rf /tmp/*)
+        && rm -rf WEB-INF/xulrunner WEB-INF/xvnc WEB-INF/lib/swt_* /tmp/*)
 
 
 ## copy the ROOT index that redirect to the 'convertigo' webapps
@@ -108,10 +106,6 @@ RUN export GNUPGHOME="$(mktemp -d)" \
 COPY ./root-index.html webapps/ROOT/index.html
 COPY ./docker-entrypoint.sh /
 
-## force SWT to use GTK2 instead of GTK3 (no Xulrunner support)
-
-ENV SWT_GTK3 0
-
 WORKDIR /workspace
 VOLUME ["/workspace"]
 EXPOSE 28080
diff --git a/convertigo_7.4/docker-entrypoint.sh b/convertigo_alpine/docker-entrypoint.sh
similarity index 100%
copy from convertigo_7.4/docker-entrypoint.sh
copy to convertigo_alpine/docker-entrypoint.sh
diff --git a/convertigo_7.4/root-index.html b/convertigo_alpine/root-index.html
similarity index 100%
copy from convertigo_7.4/root-index.html
copy to convertigo_alpine/root-index.html
diff --git a/convertigo_latest/Dockerfile b/convertigo_latest/Dockerfile
index d916511..b8fe4ca 100644
--- a/convertigo_latest/Dockerfile
+++ b/convertigo_latest/Dockerfile
@@ -105,8 +105,8 @@ RUN export GNUPGHOME="$(mktemp -d)" \
 
 ## copy the ROOT index that redirect to the 'convertigo' webapps
 
-COPY ./root-index.html webapps/ROOT/index.html
-COPY ./docker-entrypoint.sh /
+COPY ./alpine/root-index.html webapps/ROOT/index.html
+COPY ./alpine/docker-entrypoint.sh /
 
 ## force SWT to use GTK2 instead of GTK3 (no Xulrunner support)
 
diff --git a/convertigo_7.4/docker-entrypoint.sh b/convertigo_latest/alpine/docker-entrypoint.sh
similarity index 100%
rename from convertigo_7.4/docker-entrypoint.sh
rename to convertigo_latest/alpine/docker-entrypoint.sh
diff --git a/convertigo_7.4/root-index.html b/convertigo_latest/alpine/root-index.html
similarity index 100%
rename from convertigo_7.4/root-index.html
rename to convertigo_latest/alpine/root-index.html

@yosifkit
Copy link
Member

yosifkit commented Jan 5, 2018

Build test of #3872; 1d22075; amd64 (convertigo):

$ bashbrew build convertigo:7.5.0
Using bashbrew/cache:f28dc89286cd9ade8ac8a54f263224f2fd4a00fd468fbaccccd1278514c29025 (convertigo:7.5.0)
Tagging convertigo:7.5.0
Tagging convertigo:7.5
Tagging convertigo:latest

$ test/run.sh convertigo:7.5.0
testing convertigo:7.5.0
	'utc' [1/5]...passed
	'cve-2014--shellshock' [2/5]...passed
	'no-hard-coded-passwords' [3/5]...passed
	'override-cmd' [4/5]...passed
	'convertigo-hello-world' [5/5]....passed


$ bashbrew build convertigo:7.5.0-alpine
Using bashbrew/cache:a64b0172603a25e294cceefaa249a7a21b80cdd8153bb8163840feba955d5ca4 (convertigo:7.5.0-alpine)
Tagging convertigo:7.5.0-alpine
Tagging convertigo:7.5-alpine
Tagging convertigo:alpine

$ test/run.sh convertigo:7.5.0-alpine
testing convertigo:7.5.0-alpine
	'utc' [1/5]...passed
	'cve-2014--shellshock' [2/5]...passed
	'no-hard-coded-passwords' [3/5]...passed
	'override-cmd' [4/5]...passed
	'convertigo-hello-world' [5/5]....passed


$ bashbrew build convertigo:7.4.7
Using bashbrew/cache:5ad630356a01b2af73566dd6d39f9876657e29dc91e48ae0e3a2b1ca4caedc40 (convertigo:7.4.7)
Tagging convertigo:7.4.7
Tagging convertigo:7.4

$ test/run.sh convertigo:7.4.7
testing convertigo:7.4.7
	'utc' [1/5]...passed
	'cve-2014--shellshock' [2/5]...passed
	'no-hard-coded-passwords' [3/5]...passed
	'override-cmd' [4/5]...passed
	'convertigo-hello-world' [5/5]....passed


$ bashbrew build convertigo:7.4.7-alpine
Using bashbrew/cache:dfb01128f1c8bf4ea23aae03f4452a8200a78a5329300c22d9feb4e6ab0b08eb (convertigo:7.4.7-alpine)
Tagging convertigo:7.4.7-alpine
Tagging convertigo:7.4-alpine

$ test/run.sh convertigo:7.4.7-alpine
testing convertigo:7.4.7-alpine
	'utc' [1/5]...passed
	'cve-2014--shellshock' [2/5]...passed
	'no-hard-coded-passwords' [3/5]...passed
	'override-cmd' [4/5]...passed
	'convertigo-hello-world' [5/5]....passed

@yosifkit yosifkit merged commit 2ded119 into docker-library:master Jan 5, 2018
@nicolas-albert nicolas-albert deleted the convertigo-7.5.0-alpine branch January 6, 2018 09:04
@nicolas-albert
Copy link
Contributor Author

Great ! Thanks 👍

It seems to me that it is missing the arm32v6/convertigo task (for the alpine arm32) ?
https://doi-janky.infosiftr.net/job/multiarch/view/images/view/convertigo/

@nicolas-albert
Copy link
Contributor Author

The arm32v6/convertigo image (FROM tomcat:alpine) is built but the performance is very different of the arm32v7/convertigo image (FROM tomcat), on my raspberry pi 3:

Tomcat init in 13 sec vs 2.5 sec (x5 slower).
Convertigo webapp first init in 900 sec vs 50 sec (x18 slower).

It's sad that alpine isn't arm32v7 (I see why here gliderlabs/docker-alpine#298).

Do you think we should let the arm32v6 version with this bad performance ?

@tianon
Copy link
Member

tianon commented Jan 9, 2018

Interesting -- I'm not sure exactly why it'd have significantly worse performance.

It's the only way you'll get an Alpine variant on arm32, so if that's important to you (or your users), then you don't really have much choice. If that's not important to you, then you could remove it at your discretion. IMO, it's better to have it available than not, but we don't really have a firm rule one way or the other.

@nicolas-albert
Copy link
Contributor Author

I have an another question for the standard and the alpine versions:
Do I really need gosu and tini because tomcat image doesn't use them (just exec catalina.sh) ?

@tianon
Copy link
Member

tianon commented Jan 22, 2018

It depends.

Using tini is useful to reap zombies for software that doesn't handle SIGCHLD appropriately (often the case for Java and Ruby based software, in our experience). Tomcat may very well need it, but we haven't seen reports of zombies in the wild there, so that's why it hasn't been added there. See also https://github.com/docker-library/official-images#init for a bit more about tini.

Using gosu is useful when you need to do pre-initialization steps as root (such as setting permissions on a mounted volume), but then want to run the software itself as non-root for security purposes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tianon tianon tianon left review comments

Assignees
No one assigned
Labels
library/convertigo
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@nicolas-albert @tianon @yosifkit @docker-library-bot