mirror of
https://github.com/danog/php.git
synced 2024-12-11 16:49:55 +01:00
dbd5d1e03d
This will hopefully help folks with the confusion around installing packages like "php-apcu" and then wondering why they don't actually "work" (because they pull in Debian's PHP, and that's not what this image packages).
208 lines
6.3 KiB
Docker
208 lines
6.3 KiB
Docker
#
|
|
# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh"
|
|
#
|
|
# PLEASE DO NOT EDIT IT DIRECTLY.
|
|
#
|
|
|
|
FROM debian:jessie
|
|
|
|
# prevent Debian's PHP packages from being installed
|
|
RUN set -eux; \
|
|
{ \
|
|
echo 'Package: php*'; \
|
|
echo 'Pin: release *'; \
|
|
echo 'Pin-Priority: -1'; \
|
|
} > /etc/apt/preferences.d/no-debian-php
|
|
|
|
# persistent / runtime deps
|
|
ENV PHPIZE_DEPS \
|
|
autoconf \
|
|
dpkg-dev \
|
|
file \
|
|
g++ \
|
|
gcc \
|
|
libc-dev \
|
|
make \
|
|
pkg-config \
|
|
re2c
|
|
RUN apt-get update && apt-get install -y \
|
|
$PHPIZE_DEPS \
|
|
ca-certificates \
|
|
curl \
|
|
libedit2 \
|
|
libsqlite3-0 \
|
|
libxml2 \
|
|
xz-utils \
|
|
--no-install-recommends && rm -r /var/lib/apt/lists/*
|
|
|
|
ENV PHP_INI_DIR /usr/local/etc/php
|
|
RUN mkdir -p $PHP_INI_DIR/conf.d
|
|
|
|
##<autogenerated>##
|
|
ENV PHP_EXTRA_CONFIGURE_ARGS --enable-fpm --with-fpm-user=www-data --with-fpm-group=www-data
|
|
##</autogenerated>##
|
|
|
|
# Apply stack smash protection to functions using local buffers and alloca()
|
|
# Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64)
|
|
# Enable optimization (-O2)
|
|
# Enable linker optimization (this sorts the hash buckets to improve cache locality, and is non-default)
|
|
# Adds GNU HASH segments to generated executables (this is used if present, and is much faster than sysv hash; in this configuration, sysv hash is also generated)
|
|
# https://github.com/docker-library/php/issues/272
|
|
ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2"
|
|
ENV PHP_CPPFLAGS="$PHP_CFLAGS"
|
|
ENV PHP_LDFLAGS="-Wl,-O1 -Wl,--hash-style=both -pie"
|
|
|
|
ENV GPG_KEYS 1A4E8B7277C42E53DBA9C7B9BCAA30EA9C0D5763 6E4F6AB321FDC07F2C332E3AC2BF0BC433CFC8B3
|
|
|
|
ENV PHP_VERSION 7.0.26
|
|
ENV PHP_URL="https://secure.php.net/get/php-7.0.26.tar.xz/from/this/mirror" PHP_ASC_URL="https://secure.php.net/get/php-7.0.26.tar.xz.asc/from/this/mirror"
|
|
ENV PHP_SHA256="ed5cbb4bbb0ddef8985f100bba2e94002ad22a230b5da2dccfe148915df5f199" PHP_MD5=""
|
|
|
|
RUN set -xe; \
|
|
\
|
|
fetchDeps=' \
|
|
wget \
|
|
'; \
|
|
if ! command -v gpg > /dev/null; then \
|
|
fetchDeps="$fetchDeps \
|
|
dirmngr \
|
|
gnupg \
|
|
"; \
|
|
fi; \
|
|
apt-get update; \
|
|
apt-get install -y --no-install-recommends $fetchDeps; \
|
|
rm -rf /var/lib/apt/lists/*; \
|
|
\
|
|
mkdir -p /usr/src; \
|
|
cd /usr/src; \
|
|
\
|
|
wget -O php.tar.xz "$PHP_URL"; \
|
|
\
|
|
if [ -n "$PHP_SHA256" ]; then \
|
|
echo "$PHP_SHA256 *php.tar.xz" | sha256sum -c -; \
|
|
fi; \
|
|
if [ -n "$PHP_MD5" ]; then \
|
|
echo "$PHP_MD5 *php.tar.xz" | md5sum -c -; \
|
|
fi; \
|
|
\
|
|
if [ -n "$PHP_ASC_URL" ]; then \
|
|
wget -O php.tar.xz.asc "$PHP_ASC_URL"; \
|
|
export GNUPGHOME="$(mktemp -d)"; \
|
|
for key in $GPG_KEYS; do \
|
|
gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
|
|
done; \
|
|
gpg --batch --verify php.tar.xz.asc php.tar.xz; \
|
|
rm -rf "$GNUPGHOME"; \
|
|
fi; \
|
|
\
|
|
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps
|
|
|
|
COPY docker-php-source /usr/local/bin/
|
|
|
|
RUN set -xe \
|
|
&& buildDeps=" \
|
|
$PHP_EXTRA_BUILD_DEPS \
|
|
libcurl4-openssl-dev \
|
|
libedit-dev \
|
|
libsqlite3-dev \
|
|
libssl-dev \
|
|
libxml2-dev \
|
|
zlib1g-dev \
|
|
" \
|
|
&& apt-get update && apt-get install -y $buildDeps --no-install-recommends && rm -rf /var/lib/apt/lists/* \
|
|
\
|
|
&& export CFLAGS="$PHP_CFLAGS" \
|
|
CPPFLAGS="$PHP_CPPFLAGS" \
|
|
LDFLAGS="$PHP_LDFLAGS" \
|
|
&& docker-php-source extract \
|
|
&& cd /usr/src/php \
|
|
&& gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \
|
|
&& debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)" \
|
|
# https://bugs.php.net/bug.php?id=74125
|
|
&& if [ ! -d /usr/include/curl ]; then \
|
|
ln -sT "/usr/include/$debMultiarch/curl" /usr/local/include/curl; \
|
|
fi \
|
|
&& ./configure \
|
|
--build="$gnuArch" \
|
|
--with-config-file-path="$PHP_INI_DIR" \
|
|
--with-config-file-scan-dir="$PHP_INI_DIR/conf.d" \
|
|
\
|
|
--disable-cgi \
|
|
\
|
|
# --enable-ftp is included here because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236)
|
|
--enable-ftp \
|
|
# --enable-mbstring is included here because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195)
|
|
--enable-mbstring \
|
|
# --enable-mysqlnd is included here because it's harder to compile after the fact than extensions are (since it's a plugin for several extensions, not an extension in itself)
|
|
--enable-mysqlnd \
|
|
\
|
|
--with-curl \
|
|
--with-libedit \
|
|
--with-openssl \
|
|
--with-zlib \
|
|
\
|
|
# bundled pcre does not support JIT on s390x
|
|
# https://manpages.debian.org/stretch/libpcre3-dev/pcrejit.3.en.html#AVAILABILITY_OF_JIT_SUPPORT
|
|
$(test "$gnuArch" = 's390x-linux-gnu' && echo '--without-pcre-jit') \
|
|
--with-libdir="lib/$debMultiarch" \
|
|
\
|
|
$PHP_EXTRA_CONFIGURE_ARGS \
|
|
&& make -j "$(nproc)" \
|
|
&& make install \
|
|
&& { find /usr/local/bin /usr/local/sbin -type f -executable -exec strip --strip-all '{}' + || true; } \
|
|
&& make clean \
|
|
&& cd / \
|
|
&& docker-php-source delete \
|
|
\
|
|
&& apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $buildDeps \
|
|
\
|
|
# https://github.com/docker-library/php/issues/443
|
|
&& pecl update-channels \
|
|
&& rm -rf /tmp/pear ~/.pearrc
|
|
|
|
COPY docker-php-ext-* docker-php-entrypoint /usr/local/bin/
|
|
|
|
ENTRYPOINT ["docker-php-entrypoint"]
|
|
##<autogenerated>##
|
|
WORKDIR /var/www/html
|
|
|
|
RUN set -ex \
|
|
&& cd /usr/local/etc \
|
|
&& if [ -d php-fpm.d ]; then \
|
|
# for some reason, upstream's php-fpm.conf.default has "include=NONE/etc/php-fpm.d/*.conf"
|
|
sed 's!=NONE/!=!g' php-fpm.conf.default | tee php-fpm.conf > /dev/null; \
|
|
cp php-fpm.d/www.conf.default php-fpm.d/www.conf; \
|
|
else \
|
|
# PHP 5.x doesn't use "include=" by default, so we'll create our own simple config that mimics PHP 7+ for consistency
|
|
mkdir php-fpm.d; \
|
|
cp php-fpm.conf.default php-fpm.d/www.conf; \
|
|
{ \
|
|
echo '[global]'; \
|
|
echo 'include=etc/php-fpm.d/*.conf'; \
|
|
} | tee php-fpm.conf; \
|
|
fi \
|
|
&& { \
|
|
echo '[global]'; \
|
|
echo 'error_log = /proc/self/fd/2'; \
|
|
echo; \
|
|
echo '[www]'; \
|
|
echo '; if we send this to /proc/self/fd/1, it never appears'; \
|
|
echo 'access.log = /proc/self/fd/2'; \
|
|
echo; \
|
|
echo 'clear_env = no'; \
|
|
echo; \
|
|
echo '; Ensure worker stdout and stderr are sent to the main error log.'; \
|
|
echo 'catch_workers_output = yes'; \
|
|
} | tee php-fpm.d/docker.conf \
|
|
&& { \
|
|
echo '[global]'; \
|
|
echo 'daemonize = no'; \
|
|
echo; \
|
|
echo '[www]'; \
|
|
echo 'listen = [::]:9000'; \
|
|
} | tee php-fpm.d/zz-docker.conf
|
|
|
|
EXPOSE 9000
|
|
CMD ["php-fpm"]
|
|
##</autogenerated>##
|