[Misc] Apply best practices as reported by yosifkit on docker-library…

…/official-images#2563 (comment) * Removed the not needed sh files * Allow passing parameters to catalina.sh from the docker command line * Removed unnecessary apt upgrade + unncessary --force-yes option * Verify sha of xwiki war to make sure the right WAR is downloaded and avoid man in the middle attacks * Simplify the sed expression and do it in one step * Remove unnecessary EXPOSE (done by the tomcat image) * Install the MySQL JDBC driver using apt-get (libmysql-java package) instead of getting it directly from upstream
xwiki · Feb 1, 2017 · f2fe008 · f2fe008
1 parent 56aa09e
commit f2fe008
Show file tree

Hide file tree

Showing 5 changed files with 39 additions and 105 deletions.
diff --git a/xwiki-mysql-tomcat/Dockerfile b/xwiki-mysql-tomcat/Dockerfile
@@ -25,32 +25,29 @@ MAINTAINER Vincent Massol <[email protected]>
 
 # Install LibreOffice + other tools
 RUN apt-get update && \
-  apt-get -y upgrade && \
-  apt-get --no-install-recommends -y --force-yes install \
+  apt-get --no-install-recommends -y install \
     curl \
     libreoffice \
-    unzip && \
+    unzip \
+    libmysql-java && \
   rm -rf /var/lib/apt/lists/*
 
 # Install XWiki as the ROOT webapp context in Tomcat
 # Create the Tomcat temporary directory
 # Configure the XWiki permanent directory
 ENV XWIKI_VERSION=8.4.4
+ENV XWIKI_URL_PREFIX "http://maven.xwiki.org/releases/org/xwiki/enterprise/xwiki-enterprise-web/${XWIKI_VERSION}"
+ENV XWIKI_DOWNLOAD_SHA256 b414edb4527e3d8b27c40a8c3f2f09423980de7963207b7dc89da71d14e7fb23
 RUN rm -rf /usr/local/tomcat/webapps/* && \
   mkdir -p /usr/local/tomcat/temp && \
   mkdir -p /usr/local/xwiki/data && \
-  curl -L "http://download.forge.ow2.org/xwiki/xwiki-enterprise-web-${XWIKI_VERSION}.war" -o xwiki.war && \ 
+  curl -fSL "${XWIKI_URL_PREFIX}/xwiki-enterprise-web-${XWIKI_VERSION}.war" -o xwiki.war && \
+  echo "$XWIKI_DOWNLOAD_SHA256 xwiki.war" | sha256sum -c - && \
   unzip -d /usr/local/tomcat/webapps/ROOT xwiki.war && \
   rm -f xwiki.war
 
-# Download the MySQL JDBC driver and install it in the XWiki webapp
-ENV MYSQL_DRIVER_VERSION=5.1.38
-RUN curl -L https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-${MYSQL_DRIVER_VERSION}.tar.gz \
-    -o mysql-connector-java-${MYSQL_DRIVER_VERSION}.tar.gz && \
-  tar xvf mysql-connector-java-${MYSQL_DRIVER_VERSION}.tar.gz \
-    mysql-connector-java-${MYSQL_DRIVER_VERSION}/mysql-connector-java-${MYSQL_DRIVER_VERSION}-bin.jar -O > \
-    /usr/local/tomcat/webapps/ROOT/WEB-INF/lib/mysql-connector-java-${MYSQL_DRIVER_VERSION}-bin.jar && \
-  rm -f mysql-connector-java-${MYSQL_DRIVER_VERSION}.tar.gz
+# Copy the MySQL JDBC driver in the XWiki webapp
+RUN cp /usr/share/java/mysql-connector-java-*.jar /usr/local/tomcat/webapps/ROOT/WEB-INF/lib/
 
 # Configure Tomcat. For example set the memory for the Tomcat JVM since the default value is too small for XWiki
 COPY tomcat/setenv.sh /usr/local/tomcat/bin/
@@ -60,25 +57,18 @@ ENV MYSQL_DATABASE=xwiki
 COPY xwiki/hibernate.cfg.xml /usr/local/tomcat/webapps/ROOT/WEB-INF/hibernate.cfg.xml
 
 # Set a specific distribution id in XWiki for this docker packaging.
-RUN sed "s/<id>org.xwiki.enterprise:xwiki-enterprise-web/<id>org.xwiki.enterprise:xwiki-enterprise-docker/" \
-    < /usr/local/tomcat/webapps/ROOT/META-INF/extension.xed > /usr/local/tomcat/webapps/ROOT/META-INF/extension2.xed && \
-  mv /usr/local/tomcat/webapps/ROOT/META-INF/extension2.xed /usr/local/tomcat/webapps/ROOT/META-INF/extension.xed
+RUN sed -i 's/<id>org.xwiki.enterprise:xwiki-enterprise-web/<id>org.xwiki.enterprise:xwiki-enterprise-docker/' \
+    /usr/local/tomcat/webapps/ROOT/META-INF/extension.xed
 
 # Add scripts required to make changes to XWiki configuration files at execution time
 # Note: we don't run CHMOD since 1) it's not required since the executabe bit is already set in git and 2) running
 # CHMOD after a COPY will sometimes fail, depending on different host-specific factors (especially on AUFS).
-COPY xwiki/xwiki-config-replace.sh /usr/local/bin/xwiki-config-replace.sh
-COPY xwiki/xwiki-set-cfg /usr/local/bin/xwiki-set-cfg
-COPY xwiki/xwiki-set-properties /usr/local/bin/xwiki-set-properties
 COPY xwiki/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
 
 # Make the XWiki directory (the permanent directory is included in it) persist on the host (so that it's not recreated
 # across runs)
 VOLUME /var/lib/xwiki
 
-# Expose the Tomcat port
-EXPOSE 8080
-
 # At this point the image is done and what remains below are the runtime configuration used by the user to configure
 # the container that will be created out of the image. Namely the user can override some environment variables with
 #   docker run -e "var1=val1" -e "var2=val2" ...

diff --git a/xwiki-mysql-tomcat/xwiki/docker-entrypoint.sh b/xwiki-mysql-tomcat/xwiki/docker-entrypoint.sh
@@ -26,23 +26,42 @@ function first_start() {
   touch /usr/local/xwiki/.first_start_completed
 }
 
+# $1 - the path to xwiki.[cfg|properties]
+# $2 - the setting/property to set
+# $3 - the new value
+function xwiki_replace() {
+  sed -i s~"\#\? \?$2 \?=.*"~"$2=$3"~g "$1"
+}
+
+# $1 - the setting/property to set
+# $2 - the new value
+function xwiki_set_cfg() {
+  xwiki_replace /usr/local/tomcat/webapps/ROOT/WEB-INF/xwiki.cfg "$1" "$2"
+}
+
+# $1 - the setting/property to set
+# $2 - the new value
+function xwiki_set_properties() {
+  xwiki_replace /usr/local/tomcat/webapps/ROOT/WEB-INF/xwiki.properties "$1" "$2"
+}
+
 function configure() {
   echo 'Configuring XWiki...'
   sed -i "s/replacemysqluser/${MYSQL_USERNAME:-xwiki}/g" /usr/local/tomcat/webapps/ROOT/WEB-INF/hibernate.cfg.xml
   sed -i "s/replacemysqlpassword/${MYSQL_PASSWORD:-xwiki}/g" /usr/local/tomcat/webapps/ROOT/WEB-INF/hibernate.cfg.xml
 
   echo '  Using filesystem-based attachments...'
-  xwiki-set-cfg 'xwiki.store.attachment.hint' 'file'
-  xwiki-set-cfg 'xwiki.store.attachment.versioning.hint' 'file'
-  xwiki-set-cfg 'xwiki.store.attachment.recyclebin.hint' 'file'
+  xwiki_set_cfg 'xwiki.store.attachment.hint' 'file'
+  xwiki_set_cfg 'xwiki.store.attachment.versioning.hint' 'file'
+  xwiki_set_cfg 'xwiki.store.attachment.recyclebin.hint' 'file'
   echo '  Generating authentication validation and encryption keys...'
-  xwiki-set-cfg 'xwiki.authentication.validationKey' "$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)"
-  xwiki-set-cfg 'xwiki.authentication.encryptionKey' "$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)"
+  xwiki_set_cfg 'xwiki.authentication.validationKey' "$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)"
+  xwiki_set_cfg 'xwiki.authentication.encryptionKey' "$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)"
 
   echo '  Setting permanent directory...'
-  xwiki-set-properties 'environment.permanentDirectory' '/usr/local/xwiki/data'
+  xwiki_set_properties 'environment.permanentDirectory' '/usr/local/xwiki/data'
   echo '  Configure libreoffice...'
-  xwiki-set-properties 'openoffice.autoStart' 'true'
+  xwiki_set_properties 'openoffice.autoStart' 'true'
 }
 
 # This if will check if the first argument is a flag but only works if all arguments require a hyphenated flag
@@ -56,7 +75,8 @@ if [ "$1" = 'xwiki' ]; then
   if [[ ! -f /usr/local/xwiki/.first_start_completed ]]; then
     first_start
   fi
-  /usr/local/tomcat/bin/catalina.sh run
+  shift
+  set -- catalina.sh run "$@"
 fi
 
 # Else default to run whatever the user wanted like "bash"

diff --git a/xwiki-mysql-tomcat/xwiki/xwiki-config-replace.sh b/xwiki-mysql-tomcat/xwiki/xwiki-config-replace.sh
diff --git a/xwiki-mysql-tomcat/xwiki/xwiki-set-cfg b/xwiki-mysql-tomcat/xwiki/xwiki-set-cfg
diff --git a/xwiki-mysql-tomcat/xwiki/xwiki-set-properties b/xwiki-mysql-tomcat/xwiki/xwiki-set-properties