Skip to content
Permalink
main
Switch branches/tags
Go to file
 
 
Cannot retrieve contributors at this time
FROM rockylinux:8.6 AS php-build
RUN dnf -y install dnf-plugins-core
RUN yum -y install epel-release
RUN dnf config-manager --set-enabled powertools
RUN yum -y update && yum -y install \
autoconf \
bison \
gcc \
httpd-devel \
libargon2-devel \
libcurl-devel \
libedit-devel \
libsodium-devel \
libxml2-devel \
libxslt-devel \
make \
mariadb-devel \
oniguruma-devel \
openldap-devel \
openssl-devel \
postgresql-devel \
re2c \
sqlite-devel \
findutils \
wget
WORKDIR /usr/local/src
ARG PHP_VERSION=7.4.30
ARG PHP_SRC_URL=https://github.com/php/php-src/archive/php-${PHP_VERSION}.tar.gz
RUN mkdir php-src \
&& wget -O php-src.tar.gz ${PHP_SRC_URL} \
&& tar zxf php-src.tar.gz -C php-src --strip-components=1 \
&& rm php-src.tar.gz
ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2"
ENV PHP_CPPFLAGS="$PHP_CFLAGS"
ENV PHP_LDFLAGS="-Wl,-O1 -Wl,--hash-style=both -pie"
RUN cd php-src \
&& ./buildconf --force \
&& ./configure \
--disable-cgi \
--enable-mbstring \
--enable-mysqlnd \
--with-apxs2=/usr/bin/apxs \
--with-config-file-path=/usr/local/etc/php \
--with-config-file-scan-dir=/usr/local/etc/php/conf.d \
--with-curl \
--with-ldap \
--with-libdir=lib64 \
--with-libedit \
--with-mysqli \
--with-openssl \
--with-password-argon2 \
--with-pdo-mysql \
--with-pdo-pgsql \
--with-pgsql \
--with-sodium \
--with-xsl \
--with-zlib \
&& export CFLAGS="$PHP_CFLAGS" \
&& export CPPFLAGS="$PHP_CPPFLAGS" \
&& export LDFLAGS="$PHP_LDFLAGS" \
&& make -j "$(nproc)" \
&& make install
FROM i2incommon/shibboleth_sp:3.4.0_02092023_rocky8_multiarch
RUN rm -f /etc/yum.repos.d/security:shibboleth.repo
RUN dnf -y install dnf-plugins-core && dnf config-manager --set-enabled powertools
RUN yum -y update && yum -y install \
libedit-devel \
autoconf \
bison \
gcc \
httpd-devel \
libargon2-devel \
libcurl-devel \
libsodium-devel \
libxml2-devel \
libxslt-devel \
make \
mariadb-devel \
oniguruma-devel \
openldap-devel \
openssl-devel \
postgresql-devel \
re2c \
wget \
supervisor \
&& yum clean -y all
COPY --from=php-build /usr/lib64/httpd/modules/libphp7.so /usr/lib64/httpd/modules/
COPY --from=php-build /usr/local/lib/php /usr/local/lib/php/
COPY --from=php-build /usr/local/include/php /usr/local/include/php/
COPY --from=php-build /usr/local/bin /usr/local/bin/
RUN /usr/local/bin/php -v
ARG COMANAGE_REGISTRY_VERSION=4.1.0
ARG COMANAGE_REGISTRY_SRC_URL=https://github.com/Internet2/comanage-registry/archive/${COMANAGE_REGISTRY_VERSION}.tar.gz
ENV COMANAGE_REGISTRY_VERSION ${COMANAGE_REGISTRY_VERSION}
LABEL comanage_registry_version=${COMANAGE_REGISTRY_VERSION}
LABEL comanage_registry_src_url=${COMANAGE_REGISTRY_SRC_URL}
ENV COMANAGE_REGISTRY_DIR /srv/comanage-registry
WORKDIR "$COMANAGE_REGISTRY_DIR"
RUN mkdir -p "${COMANAGE_REGISTRY_DIR}" \
&& wget -O comanage.tar.gz ${COMANAGE_REGISTRY_SRC_URL} \
&& tar -zxf comanage.tar.gz -C ${COMANAGE_REGISTRY_DIR} --strip-components=1 \
&& rm -f comanage.tar.gz \
&& rm -f ${COMANAGE_REGISTRY_DIR}/app/tmp \
&& cp -r ${COMANAGE_REGISTRY_DIR}/app/tmp.dist ${COMANAGE_REGISTRY_DIR}/app/tmp \
&& chown -R apache:apache ${COMANAGE_REGISTRY_DIR}/app/tmp \
&& cd /var/www/html \
&& ln -s ${COMANAGE_REGISTRY_DIR}/app/webroot registry \
&& rm -rf ${COMANAGE_REGISTRY_DIR}/local/* \
&& ln -s ${COMANAGE_REGISTRY_DIR}/local /local
COPY container_files/httpd/000-comanage.conf /etc/httpd/conf.d/
COPY container_files/httpd/10-php7.conf /etc/httpd/conf.modules.d/
COPY container_files/httpd/php.conf /etc/httpd/conf.d/
COPY container_files/system/supervisord.conf /usr/local/etc/supervisord.conf
COPY container_files/shibboleth/shibd.logger /etc/shibboleth/
COPY container_files/shibboleth/native.logger /etc/shibboleth/
COPY container_files/httpd/httpd.conf /etc/httpd/conf/
COPY container_files/system/sendtierbeacon.sh /usr/local/bin/sendtierbeacon.sh
COPY container_files/system/setupcron.sh /usr/local/bin/setupcron.sh
RUN cd /etc/httpd/conf.d \
&& rm -f autoindex.conf ssl.conf userdir.conf welcome.conf \
&& cd /etc/httpd \
&& ln -s /etc/pki/tls/certs/localhost.crt cert.pem \
&& ln -s /etc/pki/tls/private/localhost.key privkey.pem \
&& chmod 755 /usr/local/bin/sendtierbeacon.sh \
&& chmod 755 /usr/local/bin/setupcron.sh \
&& /usr/local/bin/setupcron.sh
# Allow values for first administrator bootstrapped into the
# platform to be specified at image build time, in addition to
# being injected at run time through the entrypoint script.
ARG COMANAGE_REGISTRY_ADMIN_GIVEN_NAME
ARG COMANAGE_REGISTRY_ADMIN_FAMILY_NAME
ARG COMANAGE_REGISTRY_ADMIN_USERNAME
ARG COMANAGE_REGISTRY_ENABLE_POOLING
# Set simple defaults for first administrator bootstrapped into the
# platform to make simple evaluation of the platform easier.
ENV COMANAGE_REGISTRY_ADMIN_GIVEN_NAME ${COMANAGE_REGISTRY_ADMIN_GIVEN_NAME:-Registry}
ENV COMANAGE_REGISTRY_ADMIN_FAMILY_NAME ${COMANAGE_REGISTRY_ADMIN_FAMILY_NAME:-Admin}
ENV COMANAGE_REGISTRY_ADMIN_USERNAME ${COMANAGE_REGISTRY_ADMIN_USERNAME:-registry.admin}
ENV COMANAGE_REGISTRY_ENABLE_POOLING ${COMANAGE_REGISTRY_ENABLE_POOLING:-No}
EXPOSE 80 443
COPY container_files/system/docker-comanage-entrypoint /usr/local/bin/
COPY container_files/system/docker-comanage-shibboleth-sp-entrypoint /usr/local/bin/
COPY container_files/system/docker-supervisord-entrypoint /usr/local/bin/
# TIER Beacon Opt-out
#
# Completely uncomment the following ENV line to prevent the containers from
# sending analytics information to Internet2. With the default/release
# configuration, it will only send product (Shibb/Grouper/COmanage) and version
# (3.3.1-17040, etc) once daily between midnight and 4am. There is no
# configuration or private information collected or sent. This data helps with
# the scaling and funding of TIER. Please do not disable it if you find the
# TIER tools useful. To keep it commented, keep multiple comments on the
# following line (to prevent other scripts from processing it).
##### ENV TIER_BEACON_OPT_OUT True
ENV TIER_RELEASE=20230215
ENV TIER_MAINTAINER=i2incommon
ENTRYPOINT ["docker-supervisord-entrypoint"]