Merged
Conversation
Member
Author
|
Oops: docker-library/mysql#825 (thanks overzealous diff ❤️) |
Changes: - docker-library/mysql@131ffdd: Merge pull request docker-library/mysql#825 from infosiftr/oracle-gosu - docker-library/mysql@4e7d396: Update Oracle "gosu" to 1.14 - docker-library/mysql@4d243fc: Merge pull request docker-library/mysql#680 from infosiftr/oracle - docker-library/mysql@6a2fb1d: Merge pull request docker-library/mysql#428 from infosiftr/ssl=0 - docker-library/mysql@c77f720: Add Oracle Linux image variants - docker-library/mysql@2d86ed2: Drop explicit "mysql_ssl_rsa_setup" invocation - docker-library/mysql@b06a707: Merge pull request docker-library/mysql#821 from infosiftr/signed-by - docker-library/mysql@4afbe06: Switch from apt-key/trusted.gpg(.d) to signed-by - docker-library/mysql@0bd6d4c: Fix .gitattributes
docker-library-bot
force-pushed
the
mysql
branch
from
f19a855 to
c529c11
Compare
Diff for c529c11:diff --git a/_bashbrew-cat b/_bashbrew-cat
index fc34bdc..ce8da4f 100644
--- a/_bashbrew-cat
+++ b/_bashbrew-cat
@@ -1,12 +1,23 @@
Maintainers: Tianon Gravi <admwiggin@gmail.com> (@tianon), Joseph Ferguson <yosifkit@gmail.com> (@yosifkit)
GitRepo: https://github.com/docker-library/mysql.git
-Tags: 5.7.37, 5.7, 5
-GitCommit: aa600026fe54b1fa6b2a7ac80ffbb466618fcabf
+Tags: 5.7.37, 5.7, 5, 5.7.37-debian, 5.7-debian, 5-debian
+GitCommit: 2d86ed268c0dcacb38d9a39daf7686a9d9d61400
Directory: 5.7
File: Dockerfile.debian
-Tags: 8.0.28, 8.0, 8, latest
-GitCommit: aa600026fe54b1fa6b2a7ac80ffbb466618fcabf
+Tags: 5.7.37-oracle, 5.7-oracle, 5-oracle
+GitCommit: 4e7d3969ede713b2660ca04493125c6d714d343f
+Directory: 5.7
+File: Dockerfile.oracle
+
+Tags: 8.0.28, 8.0, 8, latest, 8.0.28-debian, 8.0-debian, 8-debian, debian
+GitCommit: 2d86ed268c0dcacb38d9a39daf7686a9d9d61400
Directory: 8.0
File: Dockerfile.debian
+
+Tags: 8.0.28-oracle, 8.0-oracle, 8-oracle, oracle
+Architectures: amd64, arm64v8
+GitCommit: 4e7d3969ede713b2660ca04493125c6d714d343f
+Directory: 8.0
+File: Dockerfile.oracle
diff --git a/_bashbrew-list b/_bashbrew-list
index a268037..4874215 100644
--- a/_bashbrew-list
+++ b/_bashbrew-list
@@ -1,7 +1,21 @@
mysql:5
+mysql:5-debian
+mysql:5-oracle
mysql:5.7
+mysql:5.7-debian
+mysql:5.7-oracle
mysql:5.7.37
+mysql:5.7.37-debian
+mysql:5.7.37-oracle
mysql:8
+mysql:8-debian
+mysql:8-oracle
mysql:8.0
+mysql:8.0-debian
+mysql:8.0-oracle
mysql:8.0.28
+mysql:8.0.28-debian
+mysql:8.0.28-oracle
+mysql:debian
mysql:latest
+mysql:oracle
diff --git a/mysql_5/Dockerfile.debian b/mysql_5-debian/Dockerfile.debian
similarity index 93%
rename from mysql_5/Dockerfile.debian
rename to mysql_5-debian/Dockerfile.debian
index 170e107..e206506 100644
--- a/mysql_5/Dockerfile.debian
+++ b/mysql_5-debian/Dockerfile.debian
@@ -56,15 +56,15 @@ RUN set -ex; \
key='859BE8D7C586F538430B19C2467B942D3A79BD29'; \
export GNUPGHOME="$(mktemp -d)"; \
gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
- gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/mysql.gpg; \
+ mkdir -p /etc/apt/keyrings; \
+ gpg --batch --export "$key" > /etc/apt/keyrings/mysql.gpg; \
gpgconf --kill all; \
- rm -rf "$GNUPGHOME"; \
- apt-key list > /dev/null
+ rm -rf "$GNUPGHOME"
ENV MYSQL_MAJOR 5.7
ENV MYSQL_VERSION 5.7.37-1debian10
-RUN echo 'deb http://repo.mysql.com/apt/debian/ buster mysql-5.7' > /etc/apt/sources.list.d/mysql.list
+RUN echo 'deb [ signed-by=/etc/apt/keyrings/mysql.gpg ] http://repo.mysql.com/apt/debian/ buster mysql-5.7' > /etc/apt/sources.list.d/mysql.list
# the "/var/lib/mysql" stuff here is because the mysql-server postinst doesn't have an explicit way to disable the mysql_install_db codepath besides having a database already "configured" (ie, stuff in /var/lib/mysql/mysql)
# also, we set debconf keys to make APT a little quieter
diff --git a/mysql_5/docker-entrypoint.sh b/mysql_5-debian/docker-entrypoint.sh
similarity index 97%
copy from mysql_5/docker-entrypoint.sh
copy to mysql_5-debian/docker-entrypoint.sh
index 761da53..f4e6c86 100755
--- a/mysql_5/docker-entrypoint.sh
+++ b/mysql_5-debian/docker-entrypoint.sh
@@ -192,13 +192,6 @@ docker_init_database_dir() {
mysql_note "Initializing database files"
"$@" --initialize-insecure --default-time-zone=SYSTEM
mysql_note "Database files initialized"
-
- if command -v mysql_ssl_rsa_setup > /dev/null && [ ! -e "$DATADIR/server-key.pem" ]; then
- # https://github.com/mysql/mysql-server/blob/23032807537d8dd8ee4ec1c4d40f0633cd4e12f9/packaging/deb-in/extra/mysql-systemd-start#L81-L84
- mysql_note "Initializing certificates"
- mysql_ssl_rsa_setup --datadir="$DATADIR"
- mysql_note "Certificates initialized"
- fi
}
# Loads various settings that are used elsewhere in the script
diff --git a/mysql_latest/Dockerfile.debian b/mysql_5-oracle/Dockerfile.oracle
similarity index 26%
copy from mysql_latest/Dockerfile.debian
copy to mysql_5-oracle/Dockerfile.oracle
index 18912ef..2f60699 100644
--- a/mysql_latest/Dockerfile.debian
+++ b/mysql_5-oracle/Dockerfile.oracle
@@ -4,92 +4,104 @@
# PLEASE DO NOT EDIT IT DIRECTLY.
#
-FROM debian:buster-slim
+FROM oraclelinux:7-slim
-# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
-RUN groupadd -r mysql && useradd -r -g mysql mysql
-
-RUN apt-get update && apt-get install -y --no-install-recommends gnupg dirmngr && rm -rf /var/lib/apt/lists/*
+RUN set -eux; \
+ groupadd --system --gid 999 mysql; \
+ useradd --system --uid 999 --gid 999 --home-dir /var/lib/mysql --no-create-home mysql; \
+ \
+ mkdir /var/lib/mysql /var/run/mysqld; \
+ chown mysql:mysql /var/lib/mysql /var/run/mysqld; \
+# ensure that /var/run/mysqld (used for socket and lock files) is writable regardless of the UID our mysqld instance ends up having at runtime
+ chmod 1777 /var/lib/mysql /var/run/mysqld; \
+ \
+ mkdir /docker-entrypoint-initdb.d
# add gosu for easy step-down from root
# https://github.com/tianon/gosu/releases
ENV GOSU_VERSION 1.14
RUN set -eux; \
- savedAptMark="$(apt-mark showmanual)"; \
- apt-get update; \
- apt-get install -y --no-install-recommends ca-certificates wget; \
- rm -rf /var/lib/apt/lists/*; \
- dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
- wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
- wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
+# TODO find a better userspace architecture detection method than querying the kernel
+ arch="$(uname -m)"; \
+ case "$arch" in \
+ aarch64) gosuArch='arm64' ;; \
+ x86_64) gosuArch='amd64' ;; \
+ *) echo >&2 "error: unsupported architecture: '$arch'"; exit 1 ;; \
+ esac; \
+ curl -fL -o /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$gosuArch.asc"; \
+ curl -fL -o /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$gosuArch"; \
export GNUPGHOME="$(mktemp -d)"; \
gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
- gpgconf --kill all; \
rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
- apt-mark auto '.*' > /dev/null; \
- [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \
- apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
chmod +x /usr/local/bin/gosu; \
gosu --version; \
gosu nobody true
-RUN mkdir /docker-entrypoint-initdb.d
-
-RUN apt-get update && apt-get install -y --no-install-recommends \
-# for MYSQL_RANDOM_ROOT_PASSWORD
- pwgen \
-# for mysql_ssl_rsa_setup
- openssl \
-# FATAL ERROR: please install the following Perl modules before executing /usr/local/mysql/scripts/mysql_install_db:
-# File::Basename
-# File::Copy
-# Sys::Hostname
-# Data::Dumper
- perl \
-# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files
- xz-utils \
- && rm -rf /var/lib/apt/lists/*
-
-RUN set -ex; \
+RUN set -eux; \
+# https://dev.mysql.com/doc/refman/8.0/en/checking-gpg-signature.html
# gpg: key 3A79BD29: public key "MySQL Release Engineering <mysql-build@oss.oracle.com>" imported
key='859BE8D7C586F538430B19C2467B942D3A79BD29'; \
export GNUPGHOME="$(mktemp -d)"; \
gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
- gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/mysql.gpg; \
- gpgconf --kill all; \
- rm -rf "$GNUPGHOME"; \
- apt-key list > /dev/null
+ gpg --batch --export --armor "$key" > /etc/pki/rpm-gpg/RPM-GPG-KEY-mysql; \
+ rm -rf "$GNUPGHOME"
-ENV MYSQL_MAJOR 8.0
-ENV MYSQL_VERSION 8.0.28-1debian10
+ENV MYSQL_MAJOR 5.7
+ENV MYSQL_VERSION 5.7.37-1.el7
-RUN echo 'deb http://repo.mysql.com/apt/debian/ buster mysql-8.0' > /etc/apt/sources.list.d/mysql.list
+RUN set -eu; \
+ . /etc/os-release; \
+ { \
+ echo '[mysql5.7-server-minimal]'; \
+ echo 'name=MySQL 5.7 Server Minimal'; \
+ echo 'enabled=1'; \
+ echo "baseurl=https://repo.mysql.com/yum/mysql-5.7-community/docker/el/${VERSION_ID%%[.-]*}/\$basearch/"; \
+ echo 'gpgcheck=1'; \
+ echo 'gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql'; \
+# https://github.com/docker-library/mysql/pull/680#issuecomment-825930524
+ echo 'module_hotfixes=true'; \
+ } | tee /etc/yum.repos.d/mysql-community-minimal.repo
-# the "/var/lib/mysql" stuff here is because the mysql-server postinst doesn't have an explicit way to disable the mysql_install_db codepath besides having a database already "configured" (ie, stuff in /var/lib/mysql/mysql)
-# also, we set debconf keys to make APT a little quieter
-RUN { \
- echo mysql-community-server mysql-community-server/data-dir select ''; \
- echo mysql-community-server mysql-community-server/root-pass password ''; \
- echo mysql-community-server mysql-community-server/re-root-pass password ''; \
- echo mysql-community-server mysql-community-server/remove-test-db select false; \
- } | debconf-set-selections \
- && apt-get update \
- && apt-get install -y \
- mysql-community-client="${MYSQL_VERSION}" \
- mysql-community-server-core="${MYSQL_VERSION}" \
- && rm -rf /var/lib/apt/lists/* \
- && rm -rf /var/lib/mysql && mkdir -p /var/lib/mysql /var/run/mysqld \
- && chown -R mysql:mysql /var/lib/mysql /var/run/mysqld \
-# ensure that /var/run/mysqld (used for socket and lock files) is writable regardless of the UID our mysqld instance ends up having at runtime
- && chmod 1777 /var/run/mysqld /var/lib/mysql
+RUN set -eux; \
+ yum install -y "mysql-community-server-minimal-$MYSQL_VERSION"; \
+ yum clean all; \
+# the "socket" value in the Oracle packages is set to "/var/lib/mysql" which isn't a great place for the socket (we want it in "/var/run/mysqld" instead)
+# https://github.com/docker-library/mysql/pull/680#issuecomment-636121520
+ grep -F 'socket=/var/lib/mysql/mysql.sock' /etc/my.cnf; \
+ sed -i 's!^socket=.*!socket=/var/run/mysqld/mysqld.sock!' /etc/my.cnf; \
+ grep -F 'socket=/var/run/mysqld/mysqld.sock' /etc/my.cnf; \
+ \
+# make sure users dumping files in "/etc/mysql/conf.d" still works
+ ! grep -F '!includedir' /etc/my.cnf; \
+ { echo; echo '!includedir /etc/mysql/conf.d/'; } >> /etc/my.cnf; \
+ mkdir -p /etc/mysql/conf.d; \
+ \
+ mysqld --version; \
+ mysql --version
+
+RUN set -eu; \
+ . /etc/os-release; \
+ { \
+ echo '[mysql-tools-community]'; \
+ echo 'name=MySQL Tools Community'; \
+ echo "baseurl=https://repo.mysql.com/yum/mysql-tools-community/el/${VERSION_ID%%[.-]*}/\$basearch/"; \
+ echo 'enabled=1'; \
+ echo 'gpgcheck=1'; \
+ echo 'gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql'; \
+# https://github.com/docker-library/mysql/pull/680#issuecomment-825930524
+ echo 'module_hotfixes=true'; \
+ } | tee /etc/yum.repos.d/mysql-community-tools.repo
+ENV MYSQL_SHELL_VERSION 8.0.28-1.el7
+RUN set -eux; \
+ yum install -y "mysql-shell-$MYSQL_SHELL_VERSION"; \
+ yum clean all; \
+ \
+ mysqlsh --version
VOLUME /var/lib/mysql
-# Config files
-COPY config/ /etc/mysql/
COPY docker-entrypoint.sh /usr/local/bin/
-RUN ln -s usr/local/bin/docker-entrypoint.sh /entrypoint.sh # backwards compat
ENTRYPOINT ["docker-entrypoint.sh"]
EXPOSE 3306 33060
diff --git a/mysql_latest/docker-entrypoint.sh b/mysql_5-oracle/docker-entrypoint.sh
similarity index 97%
rename from mysql_latest/docker-entrypoint.sh
rename to mysql_5-oracle/docker-entrypoint.sh
index 761da53..f4e6c86 100755
--- a/mysql_latest/docker-entrypoint.sh
+++ b/mysql_5-oracle/docker-entrypoint.sh
@@ -192,13 +192,6 @@ docker_init_database_dir() {
mysql_note "Initializing database files"
"$@" --initialize-insecure --default-time-zone=SYSTEM
mysql_note "Database files initialized"
-
- if command -v mysql_ssl_rsa_setup > /dev/null && [ ! -e "$DATADIR/server-key.pem" ]; then
- # https://github.com/mysql/mysql-server/blob/23032807537d8dd8ee4ec1c4d40f0633cd4e12f9/packaging/deb-in/extra/mysql-systemd-start#L81-L84
- mysql_note "Initializing certificates"
- mysql_ssl_rsa_setup --datadir="$DATADIR"
- mysql_note "Certificates initialized"
- fi
}
# Loads various settings that are used elsewhere in the script
diff --git a/mysql_latest/Dockerfile.debian b/mysql_debian/Dockerfile.debian
similarity index 93%
copy from mysql_latest/Dockerfile.debian
copy to mysql_debian/Dockerfile.debian
index 18912ef..a009850 100644
--- a/mysql_latest/Dockerfile.debian
+++ b/mysql_debian/Dockerfile.debian
@@ -56,15 +56,15 @@ RUN set -ex; \
key='859BE8D7C586F538430B19C2467B942D3A79BD29'; \
export GNUPGHOME="$(mktemp -d)"; \
gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
- gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/mysql.gpg; \
+ mkdir -p /etc/apt/keyrings; \
+ gpg --batch --export "$key" > /etc/apt/keyrings/mysql.gpg; \
gpgconf --kill all; \
- rm -rf "$GNUPGHOME"; \
- apt-key list > /dev/null
+ rm -rf "$GNUPGHOME"
ENV MYSQL_MAJOR 8.0
ENV MYSQL_VERSION 8.0.28-1debian10
-RUN echo 'deb http://repo.mysql.com/apt/debian/ buster mysql-8.0' > /etc/apt/sources.list.d/mysql.list
+RUN echo 'deb [ signed-by=/etc/apt/keyrings/mysql.gpg ] http://repo.mysql.com/apt/debian/ buster mysql-8.0' > /etc/apt/sources.list.d/mysql.list
# the "/var/lib/mysql" stuff here is because the mysql-server postinst doesn't have an explicit way to disable the mysql_install_db codepath besides having a database already "configured" (ie, stuff in /var/lib/mysql/mysql)
# also, we set debconf keys to make APT a little quieter
diff --git a/mysql_latest/config/conf.d/docker.cnf b/mysql_debian/config/conf.d/docker.cnf
similarity index 100%
rename from mysql_latest/config/conf.d/docker.cnf
rename to mysql_debian/config/conf.d/docker.cnf
diff --git a/mysql_latest/config/my.cnf b/mysql_debian/config/my.cnf
similarity index 100%
rename from mysql_latest/config/my.cnf
rename to mysql_debian/config/my.cnf
diff --git a/mysql_5/docker-entrypoint.sh b/mysql_debian/docker-entrypoint.sh
similarity index 97%
copy from mysql_5/docker-entrypoint.sh
copy to mysql_debian/docker-entrypoint.sh
index 761da53..f4e6c86 100755
--- a/mysql_5/docker-entrypoint.sh
+++ b/mysql_debian/docker-entrypoint.sh
@@ -192,13 +192,6 @@ docker_init_database_dir() {
mysql_note "Initializing database files"
"$@" --initialize-insecure --default-time-zone=SYSTEM
mysql_note "Database files initialized"
-
- if command -v mysql_ssl_rsa_setup > /dev/null && [ ! -e "$DATADIR/server-key.pem" ]; then
- # https://github.com/mysql/mysql-server/blob/23032807537d8dd8ee4ec1c4d40f0633cd4e12f9/packaging/deb-in/extra/mysql-systemd-start#L81-L84
- mysql_note "Initializing certificates"
- mysql_ssl_rsa_setup --datadir="$DATADIR"
- mysql_note "Certificates initialized"
- fi
}
# Loads various settings that are used elsewhere in the script
diff --git a/mysql_latest/Dockerfile.debian b/mysql_oracle/Dockerfile.oracle
similarity index 26%
rename from mysql_latest/Dockerfile.debian
rename to mysql_oracle/Dockerfile.oracle
index 18912ef..1c61788 100644
--- a/mysql_latest/Dockerfile.debian
+++ b/mysql_oracle/Dockerfile.oracle
@@ -4,92 +4,107 @@
# PLEASE DO NOT EDIT IT DIRECTLY.
#
-FROM debian:buster-slim
+FROM oraclelinux:8-slim
-# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
-RUN groupadd -r mysql && useradd -r -g mysql mysql
-
-RUN apt-get update && apt-get install -y --no-install-recommends gnupg dirmngr && rm -rf /var/lib/apt/lists/*
+RUN set -eux; \
+ groupadd --system --gid 999 mysql; \
+ useradd --system --uid 999 --gid 999 --home-dir /var/lib/mysql --no-create-home mysql; \
+ \
+ mkdir /var/lib/mysql /var/run/mysqld; \
+ chown mysql:mysql /var/lib/mysql /var/run/mysqld; \
+# ensure that /var/run/mysqld (used for socket and lock files) is writable regardless of the UID our mysqld instance ends up having at runtime
+ chmod 1777 /var/lib/mysql /var/run/mysqld; \
+ \
+ mkdir /docker-entrypoint-initdb.d
# add gosu for easy step-down from root
# https://github.com/tianon/gosu/releases
ENV GOSU_VERSION 1.14
RUN set -eux; \
- savedAptMark="$(apt-mark showmanual)"; \
- apt-get update; \
- apt-get install -y --no-install-recommends ca-certificates wget; \
- rm -rf /var/lib/apt/lists/*; \
- dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
- wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
- wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
+# TODO find a better userspace architecture detection method than querying the kernel
+ arch="$(uname -m)"; \
+ case "$arch" in \
+ aarch64) gosuArch='arm64' ;; \
+ x86_64) gosuArch='amd64' ;; \
+ *) echo >&2 "error: unsupported architecture: '$arch'"; exit 1 ;; \
+ esac; \
+ curl -fL -o /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$gosuArch.asc"; \
+ curl -fL -o /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$gosuArch"; \
export GNUPGHOME="$(mktemp -d)"; \
gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
- gpgconf --kill all; \
rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
- apt-mark auto '.*' > /dev/null; \
- [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \
- apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
chmod +x /usr/local/bin/gosu; \
gosu --version; \
gosu nobody true
-RUN mkdir /docker-entrypoint-initdb.d
-
-RUN apt-get update && apt-get install -y --no-install-recommends \
-# for MYSQL_RANDOM_ROOT_PASSWORD
- pwgen \
-# for mysql_ssl_rsa_setup
- openssl \
-# FATAL ERROR: please install the following Perl modules before executing /usr/local/mysql/scripts/mysql_install_db:
-# File::Basename
-# File::Copy
-# Sys::Hostname
-# Data::Dumper
- perl \
-# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files
- xz-utils \
- && rm -rf /var/lib/apt/lists/*
-
-RUN set -ex; \
+RUN set -eux; \
+# https://dev.mysql.com/doc/refman/8.0/en/checking-gpg-signature.html
# gpg: key 3A79BD29: public key "MySQL Release Engineering <mysql-build@oss.oracle.com>" imported
key='859BE8D7C586F538430B19C2467B942D3A79BD29'; \
export GNUPGHOME="$(mktemp -d)"; \
gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
- gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/mysql.gpg; \
- gpgconf --kill all; \
- rm -rf "$GNUPGHOME"; \
- apt-key list > /dev/null
+ gpg --batch --export --armor "$key" > /etc/pki/rpm-gpg/RPM-GPG-KEY-mysql; \
+ rm -rf "$GNUPGHOME"
+
+# Oracle Linux 8+ is very slim :)
+RUN set -eux; microdnf install -y findutils; microdnf clean all
ENV MYSQL_MAJOR 8.0
-ENV MYSQL_VERSION 8.0.28-1debian10
+ENV MYSQL_VERSION 8.0.28-1.el8
-RUN echo 'deb http://repo.mysql.com/apt/debian/ buster mysql-8.0' > /etc/apt/sources.list.d/mysql.list
+RUN set -eu; \
+ . /etc/os-release; \
+ { \
+ echo '[mysql8.0-server-minimal]'; \
+ echo 'name=MySQL 8.0 Server Minimal'; \
+ echo 'enabled=1'; \
+ echo "baseurl=https://repo.mysql.com/yum/mysql-8.0-community/docker/el/${VERSION_ID%%[.-]*}/\$basearch/"; \
+ echo 'gpgcheck=1'; \
+ echo 'gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql'; \
+# https://github.com/docker-library/mysql/pull/680#issuecomment-825930524
+ echo 'module_hotfixes=true'; \
+ } | tee /etc/yum.repos.d/mysql-community-minimal.repo
-# the "/var/lib/mysql" stuff here is because the mysql-server postinst doesn't have an explicit way to disable the mysql_install_db codepath besides having a database already "configured" (ie, stuff in /var/lib/mysql/mysql)
-# also, we set debconf keys to make APT a little quieter
-RUN { \
- echo mysql-community-server mysql-community-server/data-dir select ''; \
- echo mysql-community-server mysql-community-server/root-pass password ''; \
- echo mysql-community-server mysql-community-server/re-root-pass password ''; \
- echo mysql-community-server mysql-community-server/remove-test-db select false; \
- } | debconf-set-selections \
- && apt-get update \
- && apt-get install -y \
- mysql-community-client="${MYSQL_VERSION}" \
- mysql-community-server-core="${MYSQL_VERSION}" \
- && rm -rf /var/lib/apt/lists/* \
- && rm -rf /var/lib/mysql && mkdir -p /var/lib/mysql /var/run/mysqld \
- && chown -R mysql:mysql /var/lib/mysql /var/run/mysqld \
-# ensure that /var/run/mysqld (used for socket and lock files) is writable regardless of the UID our mysqld instance ends up having at runtime
- && chmod 1777 /var/run/mysqld /var/lib/mysql
+RUN set -eux; \
+ microdnf install -y "mysql-community-server-minimal-$MYSQL_VERSION"; \
+ microdnf clean all; \
+# the "socket" value in the Oracle packages is set to "/var/lib/mysql" which isn't a great place for the socket (we want it in "/var/run/mysqld" instead)
+# https://github.com/docker-library/mysql/pull/680#issuecomment-636121520
+ grep -F 'socket=/var/lib/mysql/mysql.sock' /etc/my.cnf; \
+ sed -i 's!^socket=.*!socket=/var/run/mysqld/mysqld.sock!' /etc/my.cnf; \
+ grep -F 'socket=/var/run/mysqld/mysqld.sock' /etc/my.cnf; \
+ \
+# make sure users dumping files in "/etc/mysql/conf.d" still works
+ ! grep -F '!includedir' /etc/my.cnf; \
+ { echo; echo '!includedir /etc/mysql/conf.d/'; } >> /etc/my.cnf; \
+ mkdir -p /etc/mysql/conf.d; \
+ \
+ mysqld --version; \
+ mysql --version
+
+RUN set -eu; \
+ . /etc/os-release; \
+ { \
+ echo '[mysql-tools-community]'; \
+ echo 'name=MySQL Tools Community'; \
+ echo "baseurl=https://repo.mysql.com/yum/mysql-tools-community/el/${VERSION_ID%%[.-]*}/\$basearch/"; \
+ echo 'enabled=1'; \
+ echo 'gpgcheck=1'; \
+ echo 'gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql'; \
+# https://github.com/docker-library/mysql/pull/680#issuecomment-825930524
+ echo 'module_hotfixes=true'; \
+ } | tee /etc/yum.repos.d/mysql-community-tools.repo
+ENV MYSQL_SHELL_VERSION 8.0.28-1.el8
+RUN set -eux; \
+ microdnf install -y "mysql-shell-$MYSQL_SHELL_VERSION"; \
+ microdnf clean all; \
+ \
+ mysqlsh --version
VOLUME /var/lib/mysql
-# Config files
-COPY config/ /etc/mysql/
COPY docker-entrypoint.sh /usr/local/bin/
-RUN ln -s usr/local/bin/docker-entrypoint.sh /entrypoint.sh # backwards compat
ENTRYPOINT ["docker-entrypoint.sh"]
EXPOSE 3306 33060
diff --git a/mysql_5/docker-entrypoint.sh b/mysql_oracle/docker-entrypoint.sh
similarity index 97%
rename from mysql_5/docker-entrypoint.sh
rename to mysql_oracle/docker-entrypoint.sh
index 761da53..f4e6c86 100755
--- a/mysql_5/docker-entrypoint.sh
+++ b/mysql_oracle/docker-entrypoint.sh
@@ -192,13 +192,6 @@ docker_init_database_dir() {
mysql_note "Initializing database files"
"$@" --initialize-insecure --default-time-zone=SYSTEM
mysql_note "Database files initialized"
-
- if command -v mysql_ssl_rsa_setup > /dev/null && [ ! -e "$DATADIR/server-key.pem" ]; then
- # https://github.com/mysql/mysql-server/blob/23032807537d8dd8ee4ec1c4d40f0633cd4e12f9/packaging/deb-in/extra/mysql-systemd-start#L81-L84
- mysql_note "Initializing certificates"
- mysql_ssl_rsa_setup --datadir="$DATADIR"
- mysql_note "Certificates initialized"
- fi
}
# Loads various settings that are used elsewhere in the scriptRelevant Maintainers: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changes: