diff --git a/3.13/alpine/Dockerfile b/3.13/alpine/Dockerfile index 6ebb602b..e42885e6 100644 --- a/3.13/alpine/Dockerfile +++ b/3.13/alpine/Dockerfile @@ -5,7 +5,7 @@ # # Alpine Linux is not officially supported by the RabbitMQ team -- use at your own risk! -FROM alpine:3.21 as build-base +FROM alpine:3.21 AS build-base RUN apk add --no-cache \ build-base \ @@ -16,7 +16,7 @@ RUN apk add --no-cache \ linux-headers \ ncurses-dev -FROM build-base as openssl-builder +FROM build-base AS openssl-builder ARG BUILDKIT_SBOM_SCAN_STAGE=true @@ -110,19 +110,23 @@ RUN set -eux; \ # smoke test RUN $OPENSSL_INSTALL_PATH_PREFIX/bin/openssl version -FROM openssl-builder as erlang-builder +FROM openssl-builder AS erlang-builder ARG BUILDKIT_SBOM_SCAN_STAGE=true -RUN set -eux; \ # /usr/local/src doesn't exist in Alpine by default - mkdir -p /usr/local/src; \ - \ +RUN set -eux; \ + OTP_PATH="/usr/local/src/otp-$OTP_VERSION"; \ + mkdir -p "/usr/local/src/patch"; \ + mkdir -p "$OTP_PATH" + +COPY patch/ /usr/local/src/patch/ + +RUN set -eux; \ OTP_SOURCE_URL="https://github.com/erlang/otp/releases/download/OTP-$OTP_VERSION/otp_src_$OTP_VERSION.tar.gz"; \ OTP_PATH="/usr/local/src/otp-$OTP_VERSION"; \ \ # Download, verify & extract OTP_SOURCE - mkdir -p "$OTP_PATH"; \ wget --output-document "$OTP_PATH.tar.gz" "$OTP_SOURCE_URL"; \ echo "$OTP_SOURCE_SHA256 *$OTP_PATH.tar.gz" | sha256sum -c -; \ tar --extract --file "$OTP_PATH.tar.gz" --directory "$OTP_PATH" --strip-components 1; \ @@ -131,6 +135,13 @@ RUN set -eux; \ # https://erlang.org/doc/applications.html # ERL_TOP is required for Erlang/OTP makefiles to find the absolute path for the installation cd "$OTP_PATH"; \ + if [ -d /usr/local/src/patch/otp/$OTP_VERSION ]; then \ + for patch_file in /usr/local/src/patch/otp/$OTP_VERSION/*.patch; do \ + if [ -f "$patch_file" ]; then \ + patch -p0 < "$patch_file"; \ + fi; \ + done; \ + fi; \ export ERL_TOP="$OTP_PATH"; \ export CFLAGS='-g -O2'; \ # add -rpath to avoid conflicts between our OpenSSL's "libssl.so" and the libssl package by making sure "$INSTALL_PATH_PREFIX/lib" is searched first (but only for Erlang/OpenSSL to avoid issues with other tools using libssl; https://github.com/docker-library/rabbitmq/issues/364) diff --git a/3.13/alpine/patch/otp/26.2.5.6/.gitkeep b/3.13/alpine/patch/otp/26.2.5.6/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/3.13/alpine/patch/otp/27.2/erts-configure.patch b/3.13/alpine/patch/otp/27.2/erts-configure.patch new file mode 100644 index 00000000..d4fabe85 --- /dev/null +++ b/3.13/alpine/patch/otp/27.2/erts-configure.patch @@ -0,0 +1,22 @@ +--- erts/configure.orig ++++ erts/configure +@@ -21677,6 +21677,7 @@ + /* end confdefs.h. */ + + #include ++#include + #ifdef HAVE_MALLOC_H + # include + #endif +@@ -25866,8 +25867,10 @@ + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + ++#include + #include +-main() ++#include ++int main() + { + #ifdef _POLL_EMUL_H_ + exit(1); /* Implemented using select() -- fail */ diff --git a/3.13/ubuntu/Dockerfile b/3.13/ubuntu/Dockerfile index 58c50b66..999eb7d0 100644 --- a/3.13/ubuntu/Dockerfile +++ b/3.13/ubuntu/Dockerfile @@ -6,7 +6,7 @@ # The official Canonical Ubuntu Focal image is ideal from a security perspective, # especially for the enterprises that we, the RabbitMQ team, have to deal with -FROM ubuntu:24.04 as build-base +FROM ubuntu:24.04 AS build-base ARG BUILDKIT_SBOM_SCAN_STAGE=true @@ -19,7 +19,7 @@ RUN set -eux; \ libncurses5-dev \ wget -FROM build-base as openssl-builder +FROM build-base AS openssl-builder ARG BUILDKIT_SBOM_SCAN_STAGE=true @@ -112,7 +112,7 @@ RUN set -eux; \ # smoke test RUN $OPENSSL_INSTALL_PATH_PREFIX/bin/openssl version -FROM openssl-builder as erlang-builder +FROM openssl-builder AS erlang-builder ARG BUILDKIT_SBOM_SCAN_STAGE=true diff --git a/4.0/alpine/Dockerfile b/4.0/alpine/Dockerfile index 9fa2a483..4b07e2ff 100644 --- a/4.0/alpine/Dockerfile +++ b/4.0/alpine/Dockerfile @@ -5,7 +5,7 @@ # # Alpine Linux is not officially supported by the RabbitMQ team -- use at your own risk! -FROM alpine:3.21 as build-base +FROM alpine:3.21 AS build-base RUN apk add --no-cache \ build-base \ @@ -16,7 +16,7 @@ RUN apk add --no-cache \ linux-headers \ ncurses-dev -FROM build-base as openssl-builder +FROM build-base AS openssl-builder ARG BUILDKIT_SBOM_SCAN_STAGE=true @@ -110,19 +110,23 @@ RUN set -eux; \ # smoke test RUN $OPENSSL_INSTALL_PATH_PREFIX/bin/openssl version -FROM openssl-builder as erlang-builder +FROM openssl-builder AS erlang-builder ARG BUILDKIT_SBOM_SCAN_STAGE=true -RUN set -eux; \ # /usr/local/src doesn't exist in Alpine by default - mkdir -p /usr/local/src; \ - \ +RUN set -eux; \ + OTP_PATH="/usr/local/src/otp-$OTP_VERSION"; \ + mkdir -p "/usr/local/src/patch"; \ + mkdir -p "$OTP_PATH" + +COPY patch/ /usr/local/src/patch/ + +RUN set -eux; \ OTP_SOURCE_URL="https://github.com/erlang/otp/releases/download/OTP-$OTP_VERSION/otp_src_$OTP_VERSION.tar.gz"; \ OTP_PATH="/usr/local/src/otp-$OTP_VERSION"; \ \ # Download, verify & extract OTP_SOURCE - mkdir -p "$OTP_PATH"; \ wget --output-document "$OTP_PATH.tar.gz" "$OTP_SOURCE_URL"; \ echo "$OTP_SOURCE_SHA256 *$OTP_PATH.tar.gz" | sha256sum -c -; \ tar --extract --file "$OTP_PATH.tar.gz" --directory "$OTP_PATH" --strip-components 1; \ @@ -131,6 +135,13 @@ RUN set -eux; \ # https://erlang.org/doc/applications.html # ERL_TOP is required for Erlang/OTP makefiles to find the absolute path for the installation cd "$OTP_PATH"; \ + if [ -d /usr/local/src/patch/otp/$OTP_VERSION ]; then \ + for patch_file in /usr/local/src/patch/otp/$OTP_VERSION/*.patch; do \ + if [ -f "$patch_file" ]; then \ + patch -p0 < "$patch_file"; \ + fi; \ + done; \ + fi; \ export ERL_TOP="$OTP_PATH"; \ export CFLAGS='-g -O2'; \ # add -rpath to avoid conflicts between our OpenSSL's "libssl.so" and the libssl package by making sure "$INSTALL_PATH_PREFIX/lib" is searched first (but only for Erlang/OpenSSL to avoid issues with other tools using libssl; https://github.com/docker-library/rabbitmq/issues/364) diff --git a/4.0/alpine/patch/otp/26.2.5.6/.gitkeep b/4.0/alpine/patch/otp/26.2.5.6/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/4.0/alpine/patch/otp/27.2/erts-configure.patch b/4.0/alpine/patch/otp/27.2/erts-configure.patch new file mode 100644 index 00000000..d4fabe85 --- /dev/null +++ b/4.0/alpine/patch/otp/27.2/erts-configure.patch @@ -0,0 +1,22 @@ +--- erts/configure.orig ++++ erts/configure +@@ -21677,6 +21677,7 @@ + /* end confdefs.h. */ + + #include ++#include + #ifdef HAVE_MALLOC_H + # include + #endif +@@ -25866,8 +25867,10 @@ + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + ++#include + #include +-main() ++#include ++int main() + { + #ifdef _POLL_EMUL_H_ + exit(1); /* Implemented using select() -- fail */ diff --git a/4.0/ubuntu/Dockerfile b/4.0/ubuntu/Dockerfile index 504bbafc..5e19debb 100644 --- a/4.0/ubuntu/Dockerfile +++ b/4.0/ubuntu/Dockerfile @@ -6,7 +6,7 @@ # The official Canonical Ubuntu Focal image is ideal from a security perspective, # especially for the enterprises that we, the RabbitMQ team, have to deal with -FROM ubuntu:24.04 as build-base +FROM ubuntu:24.04 AS build-base ARG BUILDKIT_SBOM_SCAN_STAGE=true @@ -19,7 +19,7 @@ RUN set -eux; \ libncurses5-dev \ wget -FROM build-base as openssl-builder +FROM build-base AS openssl-builder ARG BUILDKIT_SBOM_SCAN_STAGE=true @@ -112,7 +112,7 @@ RUN set -eux; \ # smoke test RUN $OPENSSL_INSTALL_PATH_PREFIX/bin/openssl version -FROM openssl-builder as erlang-builder +FROM openssl-builder AS erlang-builder ARG BUILDKIT_SBOM_SCAN_STAGE=true diff --git a/4.1-rc/alpine/Dockerfile b/4.1-rc/alpine/Dockerfile index c62419ff..ab3d709e 100644 --- a/4.1-rc/alpine/Dockerfile +++ b/4.1-rc/alpine/Dockerfile @@ -5,7 +5,7 @@ # # Alpine Linux is not officially supported by the RabbitMQ team -- use at your own risk! -FROM alpine:3.21 as build-base +FROM alpine:3.21 AS build-base RUN apk add --no-cache \ build-base \ @@ -16,7 +16,7 @@ RUN apk add --no-cache \ linux-headers \ ncurses-dev -FROM build-base as openssl-builder +FROM build-base AS openssl-builder ARG BUILDKIT_SBOM_SCAN_STAGE=true @@ -110,19 +110,23 @@ RUN set -eux; \ # smoke test RUN $OPENSSL_INSTALL_PATH_PREFIX/bin/openssl version -FROM openssl-builder as erlang-builder +FROM openssl-builder AS erlang-builder ARG BUILDKIT_SBOM_SCAN_STAGE=true -RUN set -eux; \ # /usr/local/src doesn't exist in Alpine by default - mkdir -p /usr/local/src; \ - \ +RUN set -eux; \ + OTP_PATH="/usr/local/src/otp-$OTP_VERSION"; \ + mkdir -p "/usr/local/src/patch"; \ + mkdir -p "$OTP_PATH" + +COPY patch/ /usr/local/src/patch/ + +RUN set -eux; \ OTP_SOURCE_URL="https://github.com/erlang/otp/releases/download/OTP-$OTP_VERSION/otp_src_$OTP_VERSION.tar.gz"; \ OTP_PATH="/usr/local/src/otp-$OTP_VERSION"; \ \ # Download, verify & extract OTP_SOURCE - mkdir -p "$OTP_PATH"; \ wget --output-document "$OTP_PATH.tar.gz" "$OTP_SOURCE_URL"; \ echo "$OTP_SOURCE_SHA256 *$OTP_PATH.tar.gz" | sha256sum -c -; \ tar --extract --file "$OTP_PATH.tar.gz" --directory "$OTP_PATH" --strip-components 1; \ @@ -131,6 +135,13 @@ RUN set -eux; \ # https://erlang.org/doc/applications.html # ERL_TOP is required for Erlang/OTP makefiles to find the absolute path for the installation cd "$OTP_PATH"; \ + if [ -d /usr/local/src/patch/otp/$OTP_VERSION ]; then \ + for patch_file in /usr/local/src/patch/otp/$OTP_VERSION/*.patch; do \ + if [ -f "$patch_file" ]; then \ + patch -p0 < "$patch_file"; \ + fi; \ + done; \ + fi; \ export ERL_TOP="$OTP_PATH"; \ export CFLAGS='-g -O2'; \ # add -rpath to avoid conflicts between our OpenSSL's "libssl.so" and the libssl package by making sure "$INSTALL_PATH_PREFIX/lib" is searched first (but only for Erlang/OpenSSL to avoid issues with other tools using libssl; https://github.com/docker-library/rabbitmq/issues/364) diff --git a/4.1-rc/alpine/patch/otp/26.2.5.6/.gitkeep b/4.1-rc/alpine/patch/otp/26.2.5.6/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/4.1-rc/alpine/patch/otp/27.2/erts-configure.patch b/4.1-rc/alpine/patch/otp/27.2/erts-configure.patch new file mode 100644 index 00000000..d4fabe85 --- /dev/null +++ b/4.1-rc/alpine/patch/otp/27.2/erts-configure.patch @@ -0,0 +1,22 @@ +--- erts/configure.orig ++++ erts/configure +@@ -21677,6 +21677,7 @@ + /* end confdefs.h. */ + + #include ++#include + #ifdef HAVE_MALLOC_H + # include + #endif +@@ -25866,8 +25867,10 @@ + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + ++#include + #include +-main() ++#include ++int main() + { + #ifdef _POLL_EMUL_H_ + exit(1); /* Implemented using select() -- fail */ diff --git a/4.1-rc/ubuntu/Dockerfile b/4.1-rc/ubuntu/Dockerfile index f0b923fe..40865440 100644 --- a/4.1-rc/ubuntu/Dockerfile +++ b/4.1-rc/ubuntu/Dockerfile @@ -6,7 +6,7 @@ # The official Canonical Ubuntu Focal image is ideal from a security perspective, # especially for the enterprises that we, the RabbitMQ team, have to deal with -FROM ubuntu:24.04 as build-base +FROM ubuntu:24.04 AS build-base ARG BUILDKIT_SBOM_SCAN_STAGE=true @@ -19,7 +19,7 @@ RUN set -eux; \ libncurses5-dev \ wget -FROM build-base as openssl-builder +FROM build-base AS openssl-builder ARG BUILDKIT_SBOM_SCAN_STAGE=true @@ -112,7 +112,7 @@ RUN set -eux; \ # smoke test RUN $OPENSSL_INSTALL_PATH_PREFIX/bin/openssl version -FROM openssl-builder as erlang-builder +FROM openssl-builder AS erlang-builder ARG BUILDKIT_SBOM_SCAN_STAGE=true diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index cb0b8c49..b2477b92 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -1,5 +1,5 @@ # Alpine Linux is not officially supported by the RabbitMQ team -- use at your own risk! -FROM alpine:{{ .alpine.version }} as build-base +FROM alpine:{{ .alpine.version }} AS build-base RUN apk add --no-cache \ build-base \ @@ -10,7 +10,7 @@ RUN apk add --no-cache \ linux-headers \ ncurses-dev -FROM build-base as openssl-builder +FROM build-base AS openssl-builder ARG BUILDKIT_SBOM_SCAN_STAGE=true @@ -117,19 +117,23 @@ RUN set -eux; \ # smoke test RUN $OPENSSL_INSTALL_PATH_PREFIX/bin/openssl version -FROM openssl-builder as erlang-builder +FROM openssl-builder AS erlang-builder ARG BUILDKIT_SBOM_SCAN_STAGE=true -RUN set -eux; \ # /usr/local/src doesn't exist in Alpine by default - mkdir -p /usr/local/src; \ - \ +RUN set -eux; \ + OTP_PATH="/usr/local/src/otp-$OTP_VERSION"; \ + mkdir -p "/usr/local/src/patch"; \ + mkdir -p "$OTP_PATH" + +COPY patch/ /usr/local/src/patch/ + +RUN set -eux; \ OTP_SOURCE_URL="https://github.com/erlang/otp/releases/download/OTP-$OTP_VERSION/otp_src_$OTP_VERSION.tar.gz"; \ OTP_PATH="/usr/local/src/otp-$OTP_VERSION"; \ \ # Download, verify & extract OTP_SOURCE - mkdir -p "$OTP_PATH"; \ wget --output-document "$OTP_PATH.tar.gz" "$OTP_SOURCE_URL"; \ echo "$OTP_SOURCE_SHA256 *$OTP_PATH.tar.gz" | sha256sum -c -; \ tar --extract --file "$OTP_PATH.tar.gz" --directory "$OTP_PATH" --strip-components 1; \ @@ -138,6 +142,13 @@ RUN set -eux; \ # https://erlang.org/doc/applications.html # ERL_TOP is required for Erlang/OTP makefiles to find the absolute path for the installation cd "$OTP_PATH"; \ + if [ -d /usr/local/src/patch/otp/$OTP_VERSION ]; then \ + for patch_file in /usr/local/src/patch/otp/$OTP_VERSION/*.patch; do \ + if [ -f "$patch_file" ]; then \ + patch -p0 < "$patch_file"; \ + fi; \ + done; \ + fi; \ export ERL_TOP="$OTP_PATH"; \ export CFLAGS='-g -O2'; \ # add -rpath to avoid conflicts between our OpenSSL's "libssl.so" and the libssl package by making sure "$INSTALL_PATH_PREFIX/lib" is searched first (but only for Erlang/OpenSSL to avoid issues with other tools using libssl; https://github.com/docker-library/rabbitmq/issues/364) diff --git a/Dockerfile-ubuntu.template b/Dockerfile-ubuntu.template index 9f9b0747..0f2c4663 100644 --- a/Dockerfile-ubuntu.template +++ b/Dockerfile-ubuntu.template @@ -1,6 +1,6 @@ # The official Canonical Ubuntu Focal image is ideal from a security perspective, # especially for the enterprises that we, the RabbitMQ team, have to deal with -FROM ubuntu:{{ .ubuntu.version }} as build-base +FROM ubuntu:{{ .ubuntu.version }} AS build-base ARG BUILDKIT_SBOM_SCAN_STAGE=true @@ -13,7 +13,7 @@ RUN set -eux; \ libncurses5-dev \ wget -FROM build-base as openssl-builder +FROM build-base AS openssl-builder ARG BUILDKIT_SBOM_SCAN_STAGE=true @@ -119,7 +119,7 @@ RUN set -eux; \ # smoke test RUN $OPENSSL_INSTALL_PATH_PREFIX/bin/openssl version -FROM openssl-builder as erlang-builder +FROM openssl-builder AS erlang-builder ARG BUILDKIT_SBOM_SCAN_STAGE=true diff --git a/apply-templates.sh b/apply-templates.sh index 3d1091c4..96e80dc6 100755 --- a/apply-templates.sh +++ b/apply-templates.sh @@ -53,6 +53,12 @@ for version; do gawk -f "$jqt" "Dockerfile-$variant.template" } > "$version/$variant/Dockerfile" + if (($(find "patch/$variant" -type f -name '*.patch' | wc -l) > 0)) + then + mkdir -p "$version/$variant/patch" + cp -af "patch/$variant/"* "$version/$variant/patch" + fi + cp -f docker-entrypoint.sh conf.d/*.conf "$version/$variant/" if [ "$variant" = 'alpine' ]; then diff --git a/patch/alpine/.gitkeep b/patch/alpine/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/patch/alpine/otp/26.2.5.6/.gitkeep b/patch/alpine/otp/26.2.5.6/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/patch/alpine/otp/27.2/erts-configure.patch b/patch/alpine/otp/27.2/erts-configure.patch new file mode 100644 index 00000000..d4fabe85 --- /dev/null +++ b/patch/alpine/otp/27.2/erts-configure.patch @@ -0,0 +1,22 @@ +--- erts/configure.orig ++++ erts/configure +@@ -21677,6 +21677,7 @@ + /* end confdefs.h. */ + + #include ++#include + #ifdef HAVE_MALLOC_H + # include + #endif +@@ -25866,8 +25867,10 @@ + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + ++#include + #include +-main() ++#include ++int main() + { + #ifdef _POLL_EMUL_H_ + exit(1); /* Implemented using select() -- fail */ diff --git a/patch/ubuntu/.gitkeep b/patch/ubuntu/.gitkeep new file mode 100644 index 00000000..e69de29b