# # NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" # # PLEASE DO NOT EDIT IT DIRECTLY. # FROM alpine:3.8 # dependencies required for running "phpize" # these get automatically installed and removed by "docker-php-ext-*" (unless they're already installed) ENV PHPIZE_DEPS \ autoconf \ dpkg-dev dpkg \ file \ g++ \ gcc \ libc-dev \ make \ pkgconf \ re2c # persistent / runtime deps RUN apk add --no-cache --virtual .persistent-deps \ ca-certificates \ curl \ tar \ xz \ # https://github.com/docker-library/php/issues/494 libressl # ensure www-data user exists RUN set -x \ && addgroup -g 82 -S www-data \ && adduser -u 82 -D -S -G www-data www-data # 82 is the standard uid/gid for "www-data" in Alpine # https://git.alpinelinux.org/aports/tree/main/apache2/apache2.pre-install?h=3.9-stable # https://git.alpinelinux.org/aports/tree/main/lighttpd/lighttpd.pre-install?h=3.9-stable # https://git.alpinelinux.org/aports/tree/main/nginx/nginx.pre-install?h=3.9-stable ENV PHP_INI_DIR /usr/local/etc/php RUN set -eux; \ mkdir -p "$PHP_INI_DIR/conf.d"; \ # allow running as an arbitrary user (https://github.com/docker-library/php/issues/743) [ ! -d /var/www/html ]; \ mkdir -p /var/www/html; \ chown www-data:www-data /var/www/html; \ chmod 777 /var/www/html #### #### # Apply stack smash protection to functions using local buffers and alloca() # Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) # Enable optimization (-O2) # Enable linker optimization (this sorts the hash buckets to improve cache locality, and is non-default) # Adds GNU HASH segments to generated executables (this is used if present, and is much faster than sysv hash; in this configuration, sysv hash is also generated) # https://github.com/docker-library/php/issues/272 ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2" ENV PHP_CPPFLAGS="$PHP_CFLAGS" ENV PHP_LDFLAGS="-Wl,-O1 -Wl,--hash-style=both -pie" ENV GPG_KEYS 1729F83938DA44E27BA0F4D3DBDB397470D12172 B1B44D8F021E4E2D6021E995DC9FF8D3EE5AF27F ENV PHP_VERSION 7.2.15 ENV PHP_URL="https://secure.php.net/get/php-7.2.15.tar.xz/from/this/mirror" PHP_ASC_URL="https://secure.php.net/get/php-7.2.15.tar.xz.asc/from/this/mirror" ENV PHP_SHA256="75e90012faef700dffb29311f3d24fa25f1a5e0f70254a9b8d5c794e25e938ce" PHP_MD5="" RUN set -xe; \ \ apk add --no-cache --virtual .fetch-deps \ gnupg \ wget \ ; \ \ mkdir -p /usr/src; \ cd /usr/src; \ \ wget -O php.tar.xz "$PHP_URL"; \ \ if [ -n "$PHP_SHA256" ]; then \ echo "$PHP_SHA256 *php.tar.xz" | sha256sum -c -; \ fi; \ if [ -n "$PHP_MD5" ]; then \ echo "$PHP_MD5 *php.tar.xz" | md5sum -c -; \ fi; \ \ if [ -n "$PHP_ASC_URL" ]; then \ wget -O php.tar.xz.asc "$PHP_ASC_URL"; \ export GNUPGHOME="$(mktemp -d)"; \ for key in $GPG_KEYS; do \ gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ done; \ gpg --batch --verify php.tar.xz.asc php.tar.xz; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ rm -rf "$GNUPGHOME"; \ fi; \ \ apk del .fetch-deps COPY docker-php-source /usr/local/bin/ RUN set -xe \ && apk add --no-cache --virtual .build-deps \ $PHPIZE_DEPS \ argon2-dev \ coreutils \ curl-dev \ libedit-dev \ libsodium-dev \ libxml2-dev \ libressl-dev \ sqlite-dev \ \ && export CFLAGS="$PHP_CFLAGS" \ CPPFLAGS="$PHP_CPPFLAGS" \ LDFLAGS="$PHP_LDFLAGS" \ && docker-php-source extract \ && cd /usr/src/php \ && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ && ./configure \ --build="$gnuArch" \ --with-config-file-path="$PHP_INI_DIR" \ --with-config-file-scan-dir="$PHP_INI_DIR/conf.d" \ \ # make sure invalid --configure-flags are fatal errors intead of just warnings --enable-option-checking=fatal \ \ # https://github.com/docker-library/php/issues/439 --with-mhash \ \ # --enable-ftp is included here because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236) --enable-ftp \ # --enable-mbstring is included here because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195) --enable-mbstring \ # --enable-mysqlnd is included here because it's harder to compile after the fact than extensions are (since it's a plugin for several extensions, not an extension in itself) --enable-mysqlnd \ # https://wiki.php.net/rfc/argon2_password_hash (7.2+) --with-password-argon2 \ # https://wiki.php.net/rfc/libsodium --with-sodium=shared \ \ --with-curl \ --with-libedit \ --with-openssl \ --with-zlib \ \ # bundled pcre does not support JIT on s390x # https://manpages.debian.org/stretch/libpcre3-dev/pcrejit.3.en.html#AVAILABILITY_OF_JIT_SUPPORT $(test "$gnuArch" = 's390x-linux-gnu' && echo '--without-pcre-jit') \ \ $PHP_EXTRA_CONFIGURE_ARGS \ && make -j "$(nproc)" \ && find -type f -name '*.a' -delete \ && make install \ && { find /usr/local/bin /usr/local/sbin -type f -perm +0111 -exec strip --strip-all '{}' + || true; } \ && make clean \ \ # https://github.com/docker-library/php/issues/692 (copy default example "php.ini" files somewhere easily discoverable) && cp -v php.ini-* "$PHP_INI_DIR/" \ \ && cd / \ && docker-php-source delete \ \ && runDeps="$( \ scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ | tr ',' '\n' \ | sort -u \ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ )" \ && apk add --no-cache --virtual .php-rundeps $runDeps \ \ && apk del .build-deps \ \ # https://github.com/docker-library/php/issues/443 && pecl update-channels \ && rm -rf /tmp/pear ~/.pearrc COPY docker-php-ext-* docker-php-entrypoint /usr/local/bin/ # sodium was built as a shared module (so that it can be replaced later if so desired), so let's enable it too (https://github.com/docker-library/php/issues/598) RUN docker-php-ext-enable sodium ENTRYPOINT ["docker-php-entrypoint"] #### CMD ["php", "-a"] ####