Incorporate more feedback from official Docker image maintainers
diff --git a/1.6.1/Dockerfile b/1.6.1/Dockerfile
index 32f9cee..6113501 100644
--- a/1.6.1/Dockerfile
+++ b/1.6.1/Dockerfile
@@ -28,27 +28,37 @@
libnspr4-0d \
&& rm -rf /var/lib/apt/lists/*
-# grab gosu for easy step-down from root
ENV GOSU_VERSION 1.10
-RUN set -x \
- && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \
- && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
- && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
- && export GNUPGHOME="$(mktemp -d)" \
- && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
- && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
- && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \
- && chmod +x /usr/local/bin/gosu \
- && gosu nobody true \
-&& apt-get purge -y --auto-remove wget
-
-# grab tini for signal handling
-ENV TINI_VERSION v0.16.1
-ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /usr/local/bin/tini
-ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini.asc /usr/local/bin/tini.asc
-RUN gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 \
- && gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini \
-&& chmod +x /usr/local/bin/tini
+ENV TINI_VERSION 0.16.1
+RUN set -ex; \
+ \
+ apt-get update; \
+ apt-get install -y --no-install-recommends wget; \
+ rm -rf /var/lib/apt/lists/*; \
+ \
+ dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
+ \
+# install gosu
+ wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-$dpkgArch"; \
+ wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
+ export GNUPGHOME="$(mktemp -d)"; \
+ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
+ gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
+ rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \
+ chmod +x /usr/local/bin/gosu; \
+ gosu nobody true; \
+ \
+# install tini
+ wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch"; \
+ wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch.asc"; \
+ export GNUPGHOME="$(mktemp -d)"; \
+ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7; \
+ gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \
+ rm -r "$GNUPGHOME" /usr/local/bin/tini.asc; \
+ chmod +x /usr/local/bin/tini; \
+ tini --version; \
+ \
+ apt-get purge -y --auto-remove wget
# https://www.apache.org/dist/couchdb/KEYS
ENV GPG_KEYS \
diff --git a/1.7.0/Dockerfile b/1.7.0/Dockerfile
new file mode 100644
index 0000000..134d654
--- /dev/null
+++ b/1.7.0/Dockerfile
@@ -0,0 +1,114 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy of
+# the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations under
+# the License.
+
+FROM debian:jessie
+
+MAINTAINER CouchDB Developers dev@couchdb.apache.org
+
+# Install instructions from https://cwiki.apache.org/confluence/display/COUCHDB/Debian
+
+RUN groupadd -r couchdb && useradd -d /var/lib/couchdb -g couchdb couchdb
+
+RUN apt-get update -y && apt-get install -y --no-install-recommends \
+ ca-certificates \
+ curl \
+ erlang-nox \
+ libicu52 \
+ libmozjs185-1.0 \
+ libnspr4 \
+ libnspr4-0d \
+ && rm -rf /var/lib/apt/lists/*
+
+# grab gosu for easy step-down from root
+ENV GOSU_VERSION 1.10
+RUN set -x \
+ && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \
+ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
+ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
+ && export GNUPGHOME="$(mktemp -d)" \
+ && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
+ && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
+ && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \
+ && chmod +x /usr/local/bin/gosu \
+ && gosu nobody true \
+&& apt-get purge -y --auto-remove wget
+
+# grab tini for signal handling
+ENV TINI_VERSION v0.16.1
+ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /usr/local/bin/tini
+ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini.asc /usr/local/bin/tini.asc
+RUN gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 \
+ && gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini \
+&& chmod +x /usr/local/bin/tini
+
+# https://www.apache.org/dist/couchdb/KEYS
+ENV GPG_KEYS \
+ 15DD4F3B8AACA54740EB78C7B7B7C53943ECCEE1 \
+ 1CFBFA43C19B6DF4A0CA3934669C02FFDF3CEBA3 \
+ 25BBBAC113C1BFD5AA594A4C9F96B92930380381 \
+ 4BFCA2B99BADC6F9F105BEC9C5E32E2D6B065BFB \
+ 5D680346FAA3E51B29DBCB681015F68F9DA248BC \
+ 7BCCEB868313DDA925DF1805ECA5BCB7BB9656B0 \
+ C3F4DFAEAD621E1C94523AEEC376457E61D50B88 \
+ D2B17F9DA23C0A10991AF2E3D9EE01E47852AEE4 \
+ E0AF0A194D55C84E4A19A801CDB0C0F904F4EE9B
+RUN set -xe \
+ && for key in $GPG_KEYS; do \
+ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
+ done
+
+ENV COUCHDB_VERSION 1.7.0
+
+# download dependencies, compile and install couchdb,
+# set correct permissions, expose couchdb to the outside and disable logging to disk
+RUN buildDeps=' \
+ gcc \
+ g++ \
+ erlang-dev \
+ libcurl4-openssl-dev \
+ libicu-dev \
+ libmozjs185-dev \
+ libnspr4-dev \
+ make \
+ ' \
+ && apt-get update && apt-get install -y --no-install-recommends $buildDeps \
+ && curl -fSL https://apache.osuosl.org/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz -o couchdb.tar.gz \
+ && curl -fSL https://www.apache.org/dist/couchdb/source/$COUCHDB_VERSION/apache-couchdb-$COUCHDB_VERSION.tar.gz.asc -o couchdb.tar.gz.asc \
+ && gpg --batch --verify couchdb.tar.gz.asc couchdb.tar.gz \
+ && mkdir -p /usr/src/couchdb \
+ && tar -xzf couchdb.tar.gz -C /usr/src/couchdb --strip-components=1 \
+ && cd /usr/src/couchdb \
+ && ./configure --with-js-lib=/usr/lib --with-js-include=/usr/include/mozjs \
+ && make && make install \
+ && apt-get purge -y --auto-remove $buildDeps \
+ && rm -rf /var/lib/apt/lists/* /usr/src/couchdb /couchdb.tar.gz* \
+ && chown -R couchdb:couchdb \
+ /usr/local/lib/couchdb /usr/local/etc/couchdb \
+ /usr/local/var/lib/couchdb /usr/local/var/log/couchdb /usr/local/var/run/couchdb \
+ && chmod -R g+rw \
+ /usr/local/lib/couchdb /usr/local/etc/couchdb \
+ /usr/local/var/lib/couchdb /usr/local/var/log/couchdb /usr/local/var/run/couchdb \
+ && mkdir -p /var/lib/couchdb \
+ && sed -e 's/^bind_address = .*$/bind_address = 0.0.0.0/' -i /usr/local/etc/couchdb/default.ini \
+ && sed -e 's!/usr/local/var/log/couchdb/couch.log$!/dev/null!' -i /usr/local/etc/couchdb/default.ini
+
+COPY ./docker-entrypoint.sh /
+RUN chmod +x /docker-entrypoint.sh
+
+# Define mountable directories.
+VOLUME ["/usr/local/var/lib/couchdb"]
+
+EXPOSE 5984
+WORKDIR /var/lib/couchdb
+
+ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"]
+CMD ["couchdb"]
diff --git a/1.7.0/docker-entrypoint.sh b/1.7.0/docker-entrypoint.sh
new file mode 100755
index 0000000..c1c9f56
--- /dev/null
+++ b/1.7.0/docker-entrypoint.sh
@@ -0,0 +1,62 @@
+#!/bin/bash
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy of
+# the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations under
+# the License.
+
+set -e
+
+if [ "$1" = 'couchdb' ]; then
+ # we need to set the permissions here because docker mounts volumes as root
+ chown -R couchdb:couchdb \
+ /usr/local/var/lib/couchdb \
+ /usr/local/var/log/couchdb \
+ /usr/local/var/run/couchdb \
+ /usr/local/etc/couchdb
+
+ chmod -R 0770 \
+ /usr/local/var/lib/couchdb \
+ /usr/local/var/log/couchdb \
+ /usr/local/var/run/couchdb \
+ /usr/local/etc/couchdb
+
+ chmod 664 /usr/local/etc/couchdb/*.ini
+ chmod 775 /usr/local/etc/couchdb/*.d
+
+ if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then
+ # Create admin
+ printf "[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" > /usr/local/etc/couchdb/local.d/docker.ini
+ chown couchdb:couchdb /usr/local/etc/couchdb/local.d/docker.ini
+ fi
+
+ printf "[httpd]\nport = %s\nbind_address = %s\n" ${COUCHDB_HTTP_PORT:=5984} ${COUCHDB_HTTP_BIND_ADDRESS:=0.0.0.0} > /usr/local/etc/couchdb/local.d/bind_address.ini
+ chown couchdb:couchdb /usr/local/etc/couchdb/local.d/bind_address.ini
+
+ # if we don't find an [admins] section followed by a non-comment, display a warning
+ if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /usr/local/etc/couchdb; then
+ # The - option suppresses leading tabs but *not* spaces. :)
+ cat >&2 <<-'EOWARN'
+ ****************************************************
+ WARNING: CouchDB is running in Admin Party mode.
+ This will allow anyone with access to the
+ CouchDB port to access your database. In
+ Docker's default configuration, this is
+ effectively any other container on the same
+ system.
+ Use "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password"
+ to set it in "docker run".
+ ****************************************************
+ EOWARN
+ fi
+
+ exec gosu couchdb "$@"
+fi
+
+exec "$@"
diff --git a/2.1.0/Dockerfile b/2.1.0/Dockerfile
index 59a3d31..4cfeaa3 100644
--- a/2.1.0/Dockerfile
+++ b/2.1.0/Dockerfile
@@ -28,27 +28,39 @@
openssl \
&& rm -rf /var/lib/apt/lists/*
-# grab gosu for easy step-down from root
+# grab gosu for easy step-down from root and tini for signal handling
+# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407
ENV GOSU_VERSION 1.10
-RUN set -x \
- && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \
- && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
- && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
- && export GNUPGHOME="$(mktemp -d)" \
- && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
- && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
- && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \
- && chmod +x /usr/local/bin/gosu \
- && gosu nobody true \
-&& apt-get purge -y --auto-remove wget
-
-# grab tini for signal handling
-ENV TINI_VERSION v0.16.1
-ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /usr/local/bin/tini
-ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini.asc /usr/local/bin/tini.asc
-RUN gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 \
- && gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini \
-&& chmod +x /usr/local/bin/tini
+ENV TINI_VERSION 0.16.1
+RUN set -ex; \
+ \
+ apt-get update; \
+ apt-get install -y --no-install-recommends wget; \
+ rm -rf /var/lib/apt/lists/*; \
+ \
+ dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
+ \
+# install gosu
+ wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-$dpkgArch"; \
+ wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
+ export GNUPGHOME="$(mktemp -d)"; \
+ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
+ gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
+ rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \
+ chmod +x /usr/local/bin/gosu; \
+ gosu nobody true; \
+ \
+# install tini
+ wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch"; \
+ wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch.asc"; \
+ export GNUPGHOME="$(mktemp -d)"; \
+ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7; \
+ gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \
+ rm -r "$GNUPGHOME" /usr/local/bin/tini.asc; \
+ chmod +x /usr/local/bin/tini; \
+ tini --version; \
+ \
+ apt-get purge -y --auto-remove wget
# https://www.apache.org/dist/couchdb/KEYS
ENV GPG_KEYS \