diff --git a/.github/workflows/external_trigger.yml b/.github/workflows/external_trigger.yml index d629735..0041615 100755 --- a/.github/workflows/external_trigger.yml +++ b/.github/workflows/external_trigger.yml @@ -18,7 +18,7 @@ jobs: fi echo "**** External trigger running off of master branch. To disable this trigger, set a Github secret named \"PAUSE_EXTERNAL_TRIGGER_MARIADB_MASTER\". ****" echo "**** Retrieving external version ****" - EXT_RELEASE=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.14/main/x86_64/APKINDEX.tar.gz" | tar -xz -C /tmp \ + EXT_RELEASE=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.16/main/x86_64/APKINDEX.tar.gz" | tar -xz -C /tmp \ && awk '/^P:'"mariadb"'$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://') if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then echo "**** Can't retrieve external version, exiting ****" diff --git a/Dockerfile b/Dockerfile index fc3abd7..d400130 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/linuxserver/baseimage-alpine:3.14 +FROM ghcr.io/linuxserver/baseimage-alpine:3.16 # set version label ARG BUILD_DATE @@ -14,7 +14,7 @@ ENV DATADIR=$MYSQL_DIR/databases RUN \ echo "**** install runtime packages ****" && \ if [ -z ${MARIADB_VERSION+x} ]; then \ - MARIADB_VERSION=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.14/main/x86_64/APKINDEX.tar.gz" | tar -xz -C /tmp \ + MARIADB_VERSION=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.16/main/x86_64/APKINDEX.tar.gz" | tar -xz -C /tmp \ && awk '/^P:mariadb$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://'); \ fi && \ apk add --no-cache \ @@ -36,4 +36,5 @@ COPY root/ / # ports and volumes EXPOSE 3306 + VOLUME /config diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 98d8fed..f3a3dc7 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -1,4 +1,4 @@ -FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.14 +FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.16 # set version label ARG BUILD_DATE @@ -14,7 +14,7 @@ ENV DATADIR=$MYSQL_DIR/databases RUN \ echo "**** install runtime packages ****" && \ if [ -z ${MARIADB_VERSION+x} ]; then \ - MARIADB_VERSION=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.14/main/x86_64/APKINDEX.tar.gz" | tar -xz -C /tmp \ + MARIADB_VERSION=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.16/main/x86_64/APKINDEX.tar.gz" | tar -xz -C /tmp \ && awk '/^P:mariadb$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://'); \ fi && \ apk add --no-cache \ @@ -36,4 +36,5 @@ COPY root/ / # ports and volumes EXPOSE 3306 + VOLUME /config diff --git a/Dockerfile.armhf b/Dockerfile.armhf index b5243ea..f88d2e6 100644 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -1,4 +1,4 @@ -FROM ghcr.io/linuxserver/baseimage-alpine:arm32v7-3.14 +FROM ghcr.io/linuxserver/baseimage-alpine:arm32v7-3.16 # set version label ARG BUILD_DATE @@ -14,7 +14,7 @@ ENV DATADIR=$MYSQL_DIR/databases RUN \ echo "**** install runtime packages ****" && \ if [ -z ${MARIADB_VERSION+x} ]; then \ - MARIADB_VERSION=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.14/main/x86_64/APKINDEX.tar.gz" | tar -xz -C /tmp \ + MARIADB_VERSION=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.16/main/x86_64/APKINDEX.tar.gz" | tar -xz -C /tmp \ && awk '/^P:mariadb$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://'); \ fi && \ apk add --no-cache \ @@ -36,4 +36,5 @@ COPY root/ / # ports and volumes EXPOSE 3306 + VOLUME /config diff --git a/Jenkinsfile b/Jenkinsfile index 9189a53..56bfff5 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -25,8 +25,8 @@ pipeline { DEV_DOCKERHUB_IMAGE = 'lsiodev/mariadb' PR_DOCKERHUB_IMAGE = 'lspipepr/mariadb' DIST_IMAGE = 'alpine' - DIST_TAG = '3.14' - DIST_REPO = 'http://dl-cdn.alpinelinux.org/alpine/v3.14/main/' + DIST_TAG = '3.16' + DIST_REPO = 'http://dl-cdn.alpinelinux.org/alpine/v3.16/main/' DIST_REPO_PACKAGES = 'mariadb' MULTIARCH='true' CI='true' diff --git a/README.md b/README.md index 66d8d0a..6ef5232 100644 --- a/README.md +++ b/README.md @@ -159,11 +159,11 @@ Container images are configured using parameters passed at runtime (such as thos | `-p 3306` | Mariadb listens on this port. | | `-e PUID=1000` | for UserID - see below for explanation | | `-e PGID=1000` | for GroupID - see below for explanation | -| `-e MYSQL_ROOT_PASSWORD=ROOT_ACCESS_PASSWORD` | Set this to root password for installation (minimum 4 characters). | +| `-e MYSQL_ROOT_PASSWORD=ROOT_ACCESS_PASSWORD` | Set this to root password for installation (minimum 4 characters & non-alphanumeric passwords must be properly escaped). | | `-e TZ=Europe/London` | Specify a timezone to use EG Europe/London. | | `-e MYSQL_DATABASE=USER_DB_NAME` | Specify the name of a database to be created on image startup. | | `-e MYSQL_USER=MYSQL_USER` | This user will have superuser access to the database specified by MYSQL_DATABASE (do not use root here). | -| `-e MYSQL_PASSWORD=DATABASE_PASSWORD` | Set this to the password you want to use for you MYSQL_USER (minimum 4 characters). | +| `-e MYSQL_PASSWORD=DATABASE_PASSWORD` | Set this to the password you want to use for you MYSQL_USER (minimum 4 characters & non-alphanumeric passwords must be properly escaped). | | `-e REMOTE_SQL=http://URL1/your.sql,https://URL2/your.sql` | Set this to ingest sql files from an http/https endpoint (comma seperated array). | | `-v /config` | Contains the db itself and all assorted settings. | @@ -276,6 +276,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **11.10.22:** - Rebase master to Alpine 3.16, migrate to s6v3, remove password escape logic which caused problems for a small subset of users. * **06.07.21:** - Rebase master to alpine. * **03.07.21:** - Rebase to 3.14. * **08.02.21:** - Fix new installs. diff --git a/jenkins-vars.yml b/jenkins-vars.yml index c4afc6a..13bec50 100644 --- a/jenkins-vars.yml +++ b/jenkins-vars.yml @@ -15,8 +15,8 @@ repo_vars: - DEV_DOCKERHUB_IMAGE = 'lsiodev/mariadb' - PR_DOCKERHUB_IMAGE = 'lspipepr/mariadb' - DIST_IMAGE = 'alpine' - - DIST_TAG = '3.14' - - DIST_REPO = 'http://dl-cdn.alpinelinux.org/alpine/v3.14/main/' + - DIST_TAG = '3.16' + - DIST_REPO = 'http://dl-cdn.alpinelinux.org/alpine/v3.16/main/' - DIST_REPO_PACKAGES = 'mariadb' - MULTIARCH='true' - CI='true' diff --git a/readme-vars.yml b/readme-vars.yml index d6efd13..8fe37fe 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -25,7 +25,7 @@ param_container_name: "{{ project_name }}" param_usage_include_net: false param_usage_include_env: true param_env_vars: - - { env_var: "MYSQL_ROOT_PASSWORD", env_value: "ROOT_ACCESS_PASSWORD", desc: "Set this to root password for installation (minimum 4 characters)." } + - { env_var: "MYSQL_ROOT_PASSWORD", env_value: "ROOT_ACCESS_PASSWORD", desc: "Set this to root password for installation (minimum 4 characters & non-alphanumeric passwords must be properly escaped)." } - { env_var: "TZ", env_value: "Europe/London", desc: "Specify a timezone to use EG Europe/London." } param_usage_include_vols: true param_volumes: @@ -41,7 +41,7 @@ opt_param_usage_include_env: true opt_param_env_vars: - { env_var: "MYSQL_DATABASE", env_value: "USER_DB_NAME", desc: "Specify the name of a database to be created on image startup." } - { env_var: "MYSQL_USER", env_value: "MYSQL_USER", desc: "This user will have superuser access to the database specified by MYSQL_DATABASE (do not use root here)." } - - { env_var: "MYSQL_PASSWORD", env_value: "DATABASE_PASSWORD", desc: "Set this to the password you want to use for you MYSQL_USER (minimum 4 characters)." } + - { env_var: "MYSQL_PASSWORD", env_value: "DATABASE_PASSWORD", desc: "Set this to the password you want to use for you MYSQL_USER (minimum 4 characters & non-alphanumeric passwords must be properly escaped)." } - { env_var: "REMOTE_SQL", env_value: "http://URL1/your.sql,https://URL2/your.sql", desc: "Set this to ingest sql files from an http/https endpoint (comma seperated array)." } opt_param_usage_include_vols: false opt_param_usage_include_ports: false @@ -96,6 +96,7 @@ app_setup_block: | # changelog changelogs: + - { date: "11.10.22:", desc: "Rebase master to Alpine 3.16, migrate to s6v3, remove password escape logic which caused problems for a small subset of users." } - { date: "06.07.21:", desc: "Rebase master to alpine." } - { date: "03.07.21:", desc: "Rebase to 3.14." } - { date: "08.02.21:", desc: "Fix new installs." } diff --git a/root/etc/cont-init.d/30-config b/root/etc/cont-init.d/30-config deleted file mode 100644 index 2c244be..0000000 --- a/root/etc/cont-init.d/30-config +++ /dev/null @@ -1,22 +0,0 @@ -#!/usr/bin/with-contenv bash - -# make folders if required -mkdir -p \ - "${DATADIR}" \ - /config/log/mysql \ - /var/run/mysqld - -# configure mariadb-server.cnf -sed -i "s|.*skip-networking.*|#skip-networking|g" /etc/my.cnf.d/mariadb-server.cnf - -# setup custom cnf file -[[ ! -f /config/custom.cnf ]] && \ - cp /defaults/my.cnf /config/custom.cnf -[[ ! -L /etc/my.cnf.d/custom.cnf && -f /etc/my.cnf.d/custom.cnf ]] && \ - rm /etc/my.cnf.d/custom.cnf -[[ ! -L /etc/my.cnf.d/custom.cnf ]] && \ - ln -s /config/custom.cnf /etc/my.cnf.d/custom.cnf - -# set permissions -chmod -R 777 \ - /var/run/mysqld diff --git a/root/etc/s6-overlay/s6-rc.d/init-config-end/dependencies.d/init-mariadb-initdb b/root/etc/s6-overlay/s6-rc.d/init-config-end/dependencies.d/init-mariadb-initdb new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/init-mariadb-config/dependencies.d/init-config b/root/etc/s6-overlay/s6-rc.d/init-mariadb-config/dependencies.d/init-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/init-mariadb-config/run b/root/etc/s6-overlay/s6-rc.d/init-mariadb-config/run new file mode 100755 index 0000000..dbe76d6 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-mariadb-config/run @@ -0,0 +1,27 @@ +#!/usr/bin/with-contenv bash + +# make folders if required +mkdir -p \ + "${DATADIR}" \ + /config/log/mysql \ + /var/run/mysqld + +# configure mariadb-server.cnf +sed -i "s|.*skip-networking.*|#skip-networking|g" /etc/my.cnf.d/mariadb-server.cnf + +# setup custom cnf file +if [[ ! -f /config/custom.cnf ]]; then + cp /defaults/my.cnf /config/custom.cnf +fi + +if [[ ! -L /etc/my.cnf.d/custom.cnf && -f /etc/my.cnf.d/custom.cnf ]]; then + rm /etc/my.cnf.d/custom.cnf +fi + +if [[ ! -L /etc/my.cnf.d/custom.cnf ]]; then + ln -s /config/custom.cnf /etc/my.cnf.d/custom.cnf +fi + +# set permissions +chmod -R 777 \ + /var/run/mysqld diff --git a/root/etc/s6-overlay/s6-rc.d/init-mariadb-config/type b/root/etc/s6-overlay/s6-rc.d/init-mariadb-config/type new file mode 100644 index 0000000..3d92b15 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-mariadb-config/type @@ -0,0 +1 @@ +oneshot \ No newline at end of file diff --git a/root/etc/s6-overlay/s6-rc.d/init-mariadb-config/up b/root/etc/s6-overlay/s6-rc.d/init-mariadb-config/up new file mode 100644 index 0000000..42ed94a --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-mariadb-config/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-mariadb-config/run \ No newline at end of file diff --git a/root/etc/s6-overlay/s6-rc.d/init-mariadb-initdb/dependencies.d/init-mariadb-config b/root/etc/s6-overlay/s6-rc.d/init-mariadb-initdb/dependencies.d/init-mariadb-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/cont-init.d/40-initialise-db b/root/etc/s6-overlay/s6-rc.d/init-mariadb-initdb/run old mode 100644 new mode 100755 similarity index 77% rename from root/etc/cont-init.d/40-initialise-db rename to root/etc/s6-overlay/s6-rc.d/init-mariadb-initdb/run index d566804..d61a666 --- a/root/etc/cont-init.d/40-initialise-db +++ b/root/etc/s6-overlay/s6-rc.d/init-mariadb-initdb/run @@ -14,10 +14,10 @@ start_mysql(){ # test for existence of mysql folder in datadir and start initialise if not present # BEGIN: No indentation due to heredocs -if [ ! -d "${DATADIR}/mysql" ]; then +if [[ ! -d "${DATADIR}/mysql" ]]; then # load env file if it exists -if [ -f "/config/env" ]; then +if [[ -f "/config/env" ]]; then source /config/env fi @@ -31,21 +31,21 @@ EOSQL NOPASS_SET=$(mktemp) cat > "${NOPASS_SET}" <<-EOFPASS ################################################################# -# No root password or too short a password ,min of 4 characters # -# No root password will be set, this is not a good thing # -# You shoud set one after initialisation with the command # -# mysqladmin -u root password # +# No root password or too short a password, min of 4 characters # +# No root password will be set, this is not a good thing # +# You shoud set one after initialisation with the command # +# mysqladmin -u root password # ################################################################# EOFPASS # test for empty password variable, if it's set to 0 or less than 4 characters -if [ -z "${MYSQL_ROOT_PASSWORD}" ]; then +if [[ -z "${MYSQL_ROOT_PASSWORD}" ]]; then TEST_LEN="0" else TEST_LEN=${#MYSQL_ROOT_PASSWORD} fi -MYSQL_ROOT_PASSWORD=$(sed -E 's/('\'')/\\\1/g' <<< "${MYSQL_ROOT_PASSWORD}") -if [ "${TEST_LEN}" -lt "4" ]; then + +if [[ "${TEST_LEN}" -lt "4" ]]; then MYSQL_PASS="CREATE USER 'root'@'%' IDENTIFIED BY '' ;" else MYSQL_PASS="CREATE USER 'root'@'%' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ;" @@ -53,11 +53,10 @@ fi # Make sure all user and database settings are set and pass is more than 4 characters # At the end change to default database created with environment variables to run init and remote scripts there -if [ "${MYSQL_USER+x}" ] && \ -[ "${MYSQL_DATABASE+x}" ] && \ -[ "${MYSQL_PASSWORD+x}" ] && \ -[ "${#MYSQL_PASSWORD}" -gt "3" ]; then -MYSQL_PASSWORD=$(sed -E 's/('\'')/\\\1/g' <<< "${MYSQL_PASSWORD}") +if [[ "${MYSQL_USER+x}" ]] && \ +[[ "${MYSQL_DATABASE+x}" ]] && \ +[[ "${MYSQL_PASSWORD+x}" ]] && \ +[[ "${#MYSQL_PASSWORD}" -gt "3" ]]; then read -r -d '' MYSQL_DB_SETUP << EOM CREATE DATABASE \`${MYSQL_DATABASE}\`; CREATE USER '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}'; @@ -77,7 +76,7 @@ EONEWSQL echo "Setting Up Initial Databases" # add all sql from a user defined directory on first init -if [ -e "/config/initdb.d" ] && [ -n "$(/bin/ls -A /config/initdb.d/*.sql 2>/dev/null)" ]; then +if [[ -e "/config/initdb.d" ]] && [[ -n "$(/bin/ls -A /config/initdb.d/*.sql 2>/dev/null)" ]]; then cat /config/initdb.d/*.sql >> "${tempSqlFile}" fi @@ -85,10 +84,10 @@ chown -R abc:abc "${tempSqlFile}" # ingest remote sql if REMOTE_SQL is set -if [ -n "${REMOTE_SQL+set}" ]; then +if [[ -n "${REMOTE_SQL+set}" ]]; then IFS=, read -ra URLS <<< "${REMOTE_SQL}" for URL in "${URLS[@]}"; do - if [ "$(curl -I -sL -w "%{http_code}" "${URL}" -o /dev/null)" == 200 ]; then + if [[ "$(curl -I -sL -w "%{http_code}" "${URL}" -o /dev/null)" == 200 ]]; then curl -sL "${URL}" >> "${tempSqlFile}" fi done @@ -109,7 +108,7 @@ wait "${pid}" echo "Database Setup Completed" # display a message about password if not set or too short -if [ "${TEST_LEN}" -lt "4" ]; then +if [[ "${TEST_LEN}" -lt "4" ]]; then printf '\n\n\n%s\n\n\n' "$(<"${NOPASS_SET}")" sleep 5s fi diff --git a/root/etc/s6-overlay/s6-rc.d/init-mariadb-initdb/type b/root/etc/s6-overlay/s6-rc.d/init-mariadb-initdb/type new file mode 100644 index 0000000..3d92b15 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-mariadb-initdb/type @@ -0,0 +1 @@ +oneshot \ No newline at end of file diff --git a/root/etc/s6-overlay/s6-rc.d/init-mariadb-initdb/up b/root/etc/s6-overlay/s6-rc.d/init-mariadb-initdb/up new file mode 100644 index 0000000..e8792cf --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-mariadb-initdb/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-mariadb-initdb/run \ No newline at end of file diff --git a/root/etc/s6-overlay/s6-rc.d/svc-mariadb/dependencies.d/init-services b/root/etc/s6-overlay/s6-rc.d/svc-mariadb/dependencies.d/init-services new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/svc-mariadb/finish b/root/etc/s6-overlay/s6-rc.d/svc-mariadb/finish new file mode 100755 index 0000000..36876e7 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/svc-mariadb/finish @@ -0,0 +1,5 @@ +#!/usr/bin/with-contenv bash + +echo "Caught SIGTERM signal!" + +kill -TERM "$(cat /var/run/mysqld/mysqld.pid)" 2>/dev/null diff --git a/root/etc/s6-overlay/s6-rc.d/svc-mariadb/notification-fd b/root/etc/s6-overlay/s6-rc.d/svc-mariadb/notification-fd new file mode 100644 index 0000000..e440e5c --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/svc-mariadb/notification-fd @@ -0,0 +1 @@ +3 \ No newline at end of file diff --git a/root/etc/s6-overlay/s6-rc.d/svc-mariadb/run b/root/etc/s6-overlay/s6-rc.d/svc-mariadb/run new file mode 100755 index 0000000..301b0d6 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/svc-mariadb/run @@ -0,0 +1,10 @@ +#!/usr/bin/with-contenv bash + +s6-notifyoncheck -d -n 300 -w 1000 -c "nc -z localhost 3306" \ + s6-setuidgid abc \ + /usr/bin/mariadbd-safe \ + --datadir="${DATADIR}" \ + --pid-file=/var/run/mysqld/mysqld.pid \ + --user=abc & + +wait diff --git a/root/etc/s6-overlay/s6-rc.d/svc-mariadb/type b/root/etc/s6-overlay/s6-rc.d/svc-mariadb/type new file mode 100644 index 0000000..1780f9f --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/svc-mariadb/type @@ -0,0 +1 @@ +longrun \ No newline at end of file diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-mariadb-config b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-mariadb-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-mariadb-initdb b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-mariadb-initdb new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/svc-mariadb b/root/etc/s6-overlay/s6-rc.d/user/contents.d/svc-mariadb new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/services.d/mariadb/run b/root/etc/services.d/mariadb/run deleted file mode 100644 index 070577e..0000000 --- a/root/etc/services.d/mariadb/run +++ /dev/null @@ -1,17 +0,0 @@ -#!/usr/bin/with-contenv bash - -_term() { - echo "Caught SIGTERM signal!" - kill -TERM "$(cat /var/run/mysqld/mysqld.pid)" 2>/dev/null -} - -trap _term SIGTERM - -s6-setuidgid abc \ - /usr/bin/mysqld_safe \ - --console \ - --datadir="${DATADIR}" \ - --pid-file=/var/run/mysqld/mysqld.pid \ - --user=abc & - -wait