From 73ccb45f47531feb30338a01dd410d27b6d65625 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 14 Dec 2020 15:34:39 -0800 Subject: [PATCH] Add "--enable-embed" to Debian-based CLI variants This is used for things like NGINX Unit to embed PHP (similar to `mod_php` in Apache, but a more general interface). --- 7.3/buster/cli/Dockerfile | 3 +++ 7.3/stretch/cli/Dockerfile | 3 +++ 7.4/buster/cli/Dockerfile | 3 +++ 8.0/buster/cli/Dockerfile | 3 +++ Dockerfile-cli-block-1.template | 4 ++++ 5 files changed, 16 insertions(+) create mode 100644 Dockerfile-cli-block-1.template diff --git a/7.3/buster/cli/Dockerfile b/7.3/buster/cli/Dockerfile index bc95cbf7..28900c67 100644 --- a/7.3/buster/cli/Dockerfile +++ b/7.3/buster/cli/Dockerfile @@ -48,6 +48,9 @@ RUN set -eux; \ chown www-data:www-data /var/www/html; \ chmod 777 /var/www/html +# https://github.com/docker-library/php/pull/939#issuecomment-730501748 +ENV PHP_EXTRA_CONFIGURE_ARGS --enable-embed + # Apply stack smash protection to functions using local buffers and alloca() # Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) # Enable optimization (-O2) diff --git a/7.3/stretch/cli/Dockerfile b/7.3/stretch/cli/Dockerfile index a2547b9d..c07962be 100644 --- a/7.3/stretch/cli/Dockerfile +++ b/7.3/stretch/cli/Dockerfile @@ -48,6 +48,9 @@ RUN set -eux; \ chown www-data:www-data /var/www/html; \ chmod 777 /var/www/html +# https://github.com/docker-library/php/pull/939#issuecomment-730501748 +ENV PHP_EXTRA_CONFIGURE_ARGS --enable-embed + # Apply stack smash protection to functions using local buffers and alloca() # Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) # Enable optimization (-O2) diff --git a/7.4/buster/cli/Dockerfile b/7.4/buster/cli/Dockerfile index 21b2fb28..24e23c89 100644 --- a/7.4/buster/cli/Dockerfile +++ b/7.4/buster/cli/Dockerfile @@ -48,6 +48,9 @@ RUN set -eux; \ chown www-data:www-data /var/www/html; \ chmod 777 /var/www/html +# https://github.com/docker-library/php/pull/939#issuecomment-730501748 +ENV PHP_EXTRA_CONFIGURE_ARGS --enable-embed + # Apply stack smash protection to functions using local buffers and alloca() # Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) # Enable optimization (-O2) diff --git a/8.0/buster/cli/Dockerfile b/8.0/buster/cli/Dockerfile index 24809ceb..bb9c4894 100644 --- a/8.0/buster/cli/Dockerfile +++ b/8.0/buster/cli/Dockerfile @@ -48,6 +48,9 @@ RUN set -eux; \ chown www-data:www-data /var/www/html; \ chmod 777 /var/www/html +# https://github.com/docker-library/php/pull/939#issuecomment-730501748 +ENV PHP_EXTRA_CONFIGURE_ARGS --enable-embed + # Apply stack smash protection to functions using local buffers and alloca() # Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) # Enable optimization (-O2) diff --git a/Dockerfile-cli-block-1.template b/Dockerfile-cli-block-1.template new file mode 100644 index 00000000..fdce7647 --- /dev/null +++ b/Dockerfile-cli-block-1.template @@ -0,0 +1,4 @@ +{{ if env.suite | startswith("alpine") | not then ( -}} +# https://github.com/docker-library/php/pull/939#issuecomment-730501748 +ENV PHP_EXTRA_CONFIGURE_ARGS --enable-embed +{{ ) else "" end -}}