Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update phpmyadmin to the latest commit #17398

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

williamdes
Copy link
Contributor

  • Some changes for rootless
  • Support new ENVs for SSL

@williamdes williamdes requested a review from a team as a code owner August 20, 2024 18:42
Copy link

Diff for 0f07766:
diff --git a/_bashbrew-arches b/_bashbrew-arches
index bedcccb..3616e93 100644
--- a/_bashbrew-arches
+++ b/_bashbrew-arches
@@ -6,4 +6,5 @@ arm64v8
 i386
 mips64le
 ppc64le
+riscv64
 s390x
diff --git a/_bashbrew-cat b/_bashbrew-cat
index 767f734..87f1f12 100644
--- a/_bashbrew-cat
+++ b/_bashbrew-cat
@@ -3,15 +3,15 @@ GitRepo: https://github.com/phpmyadmin/docker.git
 
 Tags: 5.2.1-apache, 5.2-apache, 5-apache, apache, 5.2.1, 5.2, 5, latest
 Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
-GitCommit: da4b8f273a0a81078185076683ed92a382814ef3
+GitCommit: 0109a4fbdd4144fa3585260527d200818ac76eaf
 Directory: apache
 
 Tags: 5.2.1-fpm, 5.2-fpm, 5-fpm, fpm
 Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
-GitCommit: da4b8f273a0a81078185076683ed92a382814ef3
+GitCommit: 0109a4fbdd4144fa3585260527d200818ac76eaf
 Directory: fpm
 
 Tags: 5.2.1-fpm-alpine, 5.2-fpm-alpine, 5-fpm-alpine, fpm-alpine
-Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, s390x
-GitCommit: 8674356a6d0f67eb89d0200647832fc3853781fd
+Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, riscv64, s390x
+GitCommit: 0109a4fbdd4144fa3585260527d200818ac76eaf
 Directory: fpm-alpine
diff --git a/phpmyadmin_fpm-alpine/Dockerfile b/phpmyadmin_fpm-alpine/Dockerfile
index 60b095f..f947994 100644
--- a/phpmyadmin_fpm-alpine/Dockerfile
+++ b/phpmyadmin_fpm-alpine/Dockerfile
@@ -115,10 +115,12 @@ RUN set -ex; \
     sed -i "s@'configFile' => .*@'configFile' => '/etc/phpmyadmin/config.inc.php',@" /var/www/html/libraries/vendor_config.php; \
     grep -q -F "'configFile' => '/etc/phpmyadmin/config.inc.php'," /var/www/html/libraries/vendor_config.php; \
     php -l /var/www/html/libraries/vendor_config.php; \
+    chown -R www-data:www-data -R /var/www/html/; \
     apk del --no-network .fetch-deps
 
 # Copy configuration
 COPY config.inc.php /etc/phpmyadmin/config.inc.php
+RUN chown www-data:www-data -R /etc/phpmyadmin/
 
 # Copy main script
 COPY docker-entrypoint.sh /docker-entrypoint.sh
diff --git a/phpmyadmin_fpm-alpine/config.inc.php b/phpmyadmin_fpm-alpine/config.inc.php
index 9a39134..9f5d2ac 100644
--- a/phpmyadmin_fpm-alpine/config.inc.php
+++ b/phpmyadmin_fpm-alpine/config.inc.php
@@ -27,6 +27,8 @@ $vars = [
     'MEMORY_LIMIT',
     'PMA_UPLOADDIR',
     'PMA_SAVEDIR',
+    'PMA_SSL',
+    'PMA_SSLS',
 ];
 
 foreach ($vars as $var) {
@@ -63,10 +65,12 @@ if (! empty($_ENV['PMA_HOST'])) {
     $hosts = [$_ENV['PMA_HOST']];
     $verbose = [$_ENV['PMA_VERBOSE']];
     $ports = [$_ENV['PMA_PORT']];
+    $ssls = [$_ENV['PMA_SSL']];
 } elseif (! empty($_ENV['PMA_HOSTS'])) {
     $hosts = array_map('trim', explode(',', $_ENV['PMA_HOSTS']));
     $verbose = array_map('trim', explode(',', $_ENV['PMA_VERBOSES']));
     $ports = array_map('trim', explode(',', $_ENV['PMA_PORTS']));
+    $ssls = array_map('trim', explode(',', $_ENV['PMA_SSLS']));
 }
 
 if (! empty($_ENV['PMA_SOCKET'])) {
@@ -77,6 +81,9 @@ if (! empty($_ENV['PMA_SOCKET'])) {
 
 /* Server settings */
 for ($i = 1; isset($hosts[$i - 1]); $i++) {
+    if (isset($ssls[$i - 1]) && $ssls[$i - 1] === '1') {
+        $cfg['Servers'][$i]['ssl'] = $ssls[$i - 1];
+    }
     $cfg['Servers'][$i]['host'] = $hosts[$i - 1];
     if (isset($verbose[$i - 1])) {
         $cfg['Servers'][$i]['verbose'] = $verbose[$i - 1];
diff --git a/phpmyadmin_fpm-alpine/docker-entrypoint.sh b/phpmyadmin_fpm-alpine/docker-entrypoint.sh
index 24c45e8..0d98e27 100755
--- a/phpmyadmin_fpm-alpine/docker-entrypoint.sh
+++ b/phpmyadmin_fpm-alpine/docker-entrypoint.sh
@@ -7,6 +7,7 @@ if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then
 \$cfg['blowfish_secret'] = '$(tr -dc 'a-zA-Z0-9~!@#$%^&*_()+}{?></";.,[]=-' < /dev/urandom | fold -w 32 | head -n 1)';
 EOT
     fi
+    chgrp www-data /etc/phpmyadmin/config.secret.inc.php
 
     if [ ! -f /etc/phpmyadmin/config.user.inc.php ]; then
         touch /etc/phpmyadmin/config.user.inc.php
@@ -50,5 +51,7 @@ get_docker_secret PMA_HOST
 get_docker_secret PMA_CONTROLHOST
 get_docker_secret PMA_CONTROLUSER
 get_docker_secret PMA_CONTROLPASS
+get_docker_secret PMA_SSL
+get_docker_secret PMA_SSLS
 
 exec "$@"
diff --git a/phpmyadmin_fpm/Dockerfile b/phpmyadmin_fpm/Dockerfile
index 34e24d1..4ec338b 100644
--- a/phpmyadmin_fpm/Dockerfile
+++ b/phpmyadmin_fpm/Dockerfile
@@ -38,6 +38,7 @@ RUN set -ex; \
         | sort -u \
         | xargs -rt apt-mark manual; \
     \
+    \
     apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
     rm -rf /var/lib/apt/lists/*; \
     ldd "$extdir"/*.so | grep -qzv "=> not found" || (echo "Sanity check failed: missing libraries:"; ldd "$extdir"/*.so | grep " => not found"; exit 1); \
@@ -127,6 +128,7 @@ RUN set -ex; \
     sed -i "s@'configFile' => .*@'configFile' => '/etc/phpmyadmin/config.inc.php',@" /var/www/html/libraries/vendor_config.php; \
     grep -q -F "'configFile' => '/etc/phpmyadmin/config.inc.php'," /var/www/html/libraries/vendor_config.php; \
     php -l /var/www/html/libraries/vendor_config.php; \
+    chown -R www-data:www-data -R /var/www/html/; \
     \
     apt-mark auto '.*' > /dev/null; \
     apt-mark manual $savedAptMark; \
@@ -135,6 +137,7 @@ RUN set -ex; \
 
 # Copy configuration
 COPY config.inc.php /etc/phpmyadmin/config.inc.php
+RUN chown www-data:www-data -R /etc/phpmyadmin/
 
 # Copy main script
 COPY docker-entrypoint.sh /docker-entrypoint.sh
diff --git a/phpmyadmin_fpm/config.inc.php b/phpmyadmin_fpm/config.inc.php
index 9a39134..9f5d2ac 100644
--- a/phpmyadmin_fpm/config.inc.php
+++ b/phpmyadmin_fpm/config.inc.php
@@ -27,6 +27,8 @@ $vars = [
     'MEMORY_LIMIT',
     'PMA_UPLOADDIR',
     'PMA_SAVEDIR',
+    'PMA_SSL',
+    'PMA_SSLS',
 ];
 
 foreach ($vars as $var) {
@@ -63,10 +65,12 @@ if (! empty($_ENV['PMA_HOST'])) {
     $hosts = [$_ENV['PMA_HOST']];
     $verbose = [$_ENV['PMA_VERBOSE']];
     $ports = [$_ENV['PMA_PORT']];
+    $ssls = [$_ENV['PMA_SSL']];
 } elseif (! empty($_ENV['PMA_HOSTS'])) {
     $hosts = array_map('trim', explode(',', $_ENV['PMA_HOSTS']));
     $verbose = array_map('trim', explode(',', $_ENV['PMA_VERBOSES']));
     $ports = array_map('trim', explode(',', $_ENV['PMA_PORTS']));
+    $ssls = array_map('trim', explode(',', $_ENV['PMA_SSLS']));
 }
 
 if (! empty($_ENV['PMA_SOCKET'])) {
@@ -77,6 +81,9 @@ if (! empty($_ENV['PMA_SOCKET'])) {
 
 /* Server settings */
 for ($i = 1; isset($hosts[$i - 1]); $i++) {
+    if (isset($ssls[$i - 1]) && $ssls[$i - 1] === '1') {
+        $cfg['Servers'][$i]['ssl'] = $ssls[$i - 1];
+    }
     $cfg['Servers'][$i]['host'] = $hosts[$i - 1];
     if (isset($verbose[$i - 1])) {
         $cfg['Servers'][$i]['verbose'] = $verbose[$i - 1];
diff --git a/phpmyadmin_fpm/docker-entrypoint.sh b/phpmyadmin_fpm/docker-entrypoint.sh
index 24c45e8..0d98e27 100755
--- a/phpmyadmin_fpm/docker-entrypoint.sh
+++ b/phpmyadmin_fpm/docker-entrypoint.sh
@@ -7,6 +7,7 @@ if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then
 \$cfg['blowfish_secret'] = '$(tr -dc 'a-zA-Z0-9~!@#$%^&*_()+}{?></";.,[]=-' < /dev/urandom | fold -w 32 | head -n 1)';
 EOT
     fi
+    chgrp www-data /etc/phpmyadmin/config.secret.inc.php
 
     if [ ! -f /etc/phpmyadmin/config.user.inc.php ]; then
         touch /etc/phpmyadmin/config.user.inc.php
@@ -50,5 +51,7 @@ get_docker_secret PMA_HOST
 get_docker_secret PMA_CONTROLHOST
 get_docker_secret PMA_CONTROLUSER
 get_docker_secret PMA_CONTROLPASS
+get_docker_secret PMA_SSL
+get_docker_secret PMA_SSLS
 
 exec "$@"
diff --git a/phpmyadmin_latest/Dockerfile b/phpmyadmin_latest/Dockerfile
index 66a9262..2984356 100644
--- a/phpmyadmin_latest/Dockerfile
+++ b/phpmyadmin_latest/Dockerfile
@@ -38,6 +38,10 @@ RUN set -ex; \
         | sort -u \
         | xargs -rt apt-mark manual; \
     \
+    # start: Apache specific build
+    a2enmod remoteip; \
+    # end: Apache specific build
+    \
     apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
     rm -rf /var/lib/apt/lists/*; \
     ldd "$extdir"/*.so | grep -qzv "=> not found" || (echo "Sanity check failed: missing libraries:"; ldd "$extdir"/*.so | grep " => not found"; exit 1); \
@@ -127,6 +131,7 @@ RUN set -ex; \
     sed -i "s@'configFile' => .*@'configFile' => '/etc/phpmyadmin/config.inc.php',@" /var/www/html/libraries/vendor_config.php; \
     grep -q -F "'configFile' => '/etc/phpmyadmin/config.inc.php'," /var/www/html/libraries/vendor_config.php; \
     php -l /var/www/html/libraries/vendor_config.php; \
+    chown -R www-data:www-data -R /var/www/html/; \
     \
     apt-mark auto '.*' > /dev/null; \
     apt-mark manual $savedAptMark; \
@@ -135,6 +140,7 @@ RUN set -ex; \
 
 # Copy configuration
 COPY config.inc.php /etc/phpmyadmin/config.inc.php
+RUN chown www-data:www-data -R /etc/phpmyadmin/
 
 # Copy main script
 COPY docker-entrypoint.sh /docker-entrypoint.sh
diff --git a/phpmyadmin_latest/config.inc.php b/phpmyadmin_latest/config.inc.php
index 9a39134..9f5d2ac 100644
--- a/phpmyadmin_latest/config.inc.php
+++ b/phpmyadmin_latest/config.inc.php
@@ -27,6 +27,8 @@ $vars = [
     'MEMORY_LIMIT',
     'PMA_UPLOADDIR',
     'PMA_SAVEDIR',
+    'PMA_SSL',
+    'PMA_SSLS',
 ];
 
 foreach ($vars as $var) {
@@ -63,10 +65,12 @@ if (! empty($_ENV['PMA_HOST'])) {
     $hosts = [$_ENV['PMA_HOST']];
     $verbose = [$_ENV['PMA_VERBOSE']];
     $ports = [$_ENV['PMA_PORT']];
+    $ssls = [$_ENV['PMA_SSL']];
 } elseif (! empty($_ENV['PMA_HOSTS'])) {
     $hosts = array_map('trim', explode(',', $_ENV['PMA_HOSTS']));
     $verbose = array_map('trim', explode(',', $_ENV['PMA_VERBOSES']));
     $ports = array_map('trim', explode(',', $_ENV['PMA_PORTS']));
+    $ssls = array_map('trim', explode(',', $_ENV['PMA_SSLS']));
 }
 
 if (! empty($_ENV['PMA_SOCKET'])) {
@@ -77,6 +81,9 @@ if (! empty($_ENV['PMA_SOCKET'])) {
 
 /* Server settings */
 for ($i = 1; isset($hosts[$i - 1]); $i++) {
+    if (isset($ssls[$i - 1]) && $ssls[$i - 1] === '1') {
+        $cfg['Servers'][$i]['ssl'] = $ssls[$i - 1];
+    }
     $cfg['Servers'][$i]['host'] = $hosts[$i - 1];
     if (isset($verbose[$i - 1])) {
         $cfg['Servers'][$i]['verbose'] = $verbose[$i - 1];
diff --git a/phpmyadmin_latest/docker-entrypoint.sh b/phpmyadmin_latest/docker-entrypoint.sh
index 5d74854..5c2e85a 100755
--- a/phpmyadmin_latest/docker-entrypoint.sh
+++ b/phpmyadmin_latest/docker-entrypoint.sh
@@ -7,6 +7,7 @@ if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then
 \$cfg['blowfish_secret'] = '$(tr -dc 'a-zA-Z0-9~!@#$%^&*_()+}{?></";.,[]=-' < /dev/urandom | fold -w 32 | head -n 1)';
 EOT
     fi
+    chgrp www-data /etc/phpmyadmin/config.secret.inc.php
 
     if [ ! -f /etc/phpmyadmin/config.user.inc.php ]; then
         touch /etc/phpmyadmin/config.user.inc.php
@@ -58,5 +59,7 @@ get_docker_secret PMA_HOST
 get_docker_secret PMA_CONTROLHOST
 get_docker_secret PMA_CONTROLUSER
 get_docker_secret PMA_CONTROLPASS
+get_docker_secret PMA_SSL
+get_docker_secret PMA_SSLS
 
 exec "$@"

Relevant Maintainers:

@yosifkit
Copy link
Member

RUN chown ... is going to duplicate the file added by COPY, so it should use COPY --chown instead (https://docs.docker.com/reference/dockerfile/#copy---chown---chmod). It will require a Builder: buildkit in the library/phpmyadmin file (like rabbitmq) so that we use the correct docker builder (since the classic builder doesn't understand it).

buildkit will eventually be the default for Docker Official Images, but it is still an active migration.

@williamdes williamdes marked this pull request as draft October 27, 2024 22:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants