-
-
Save ondrejhlavacek/f929ad3ab6ae2563f1ce7df41ee5bf05 to your computer and use it in GitHub Desktop.
php:7.4.21-apache-buster with --enable-debug and debug symbols
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" | |
# | |
# PLEASE DO NOT EDIT IT DIRECTLY. | |
# | |
FROM debian:buster-slim | |
# prevent Debian's PHP packages from being installed | |
# https://github.com/docker-library/php/pull/542 | |
RUN set -eux; \ | |
{ \ | |
echo 'Package: php*'; \ | |
echo 'Pin: release *'; \ | |
echo 'Pin-Priority: -1'; \ | |
} > /etc/apt/preferences.d/no-debian-php | |
# dependencies required for running "phpize" | |
# (see persistent deps below) | |
ENV PHPIZE_DEPS \ | |
autoconf \ | |
dpkg-dev \ | |
file \ | |
g++ \ | |
gcc \ | |
libc-dev \ | |
make \ | |
pkg-config \ | |
re2c | |
# persistent / runtime deps | |
RUN set -eux; \ | |
apt-get update; \ | |
apt-get install -y --no-install-recommends \ | |
$PHPIZE_DEPS \ | |
ca-certificates \ | |
curl \ | |
xz-utils \ | |
gdb \ | |
; \ | |
rm -rf /var/lib/apt/lists/* | |
ENV PHP_INI_DIR /usr/local/etc/php | |
RUN set -eux; \ | |
mkdir -p "$PHP_INI_DIR/conf.d"; \ | |
# allow running as an arbitrary user (https://github.com/docker-library/php/issues/743) | |
[ ! -d /var/www/html ]; \ | |
mkdir -p /var/www/html; \ | |
chown www-data:www-data /var/www/html; \ | |
chmod 777 /var/www/html | |
ENV APACHE_CONFDIR /etc/apache2 | |
ENV APACHE_ENVVARS $APACHE_CONFDIR/envvars | |
RUN set -eux; \ | |
apt-get update; \ | |
apt-get install -y --no-install-recommends apache2; \ | |
rm -rf /var/lib/apt/lists/*; \ | |
\ | |
# generically convert lines like | |
# export APACHE_RUN_USER=www-data | |
# into | |
# : ${APACHE_RUN_USER:=www-data} | |
# export APACHE_RUN_USER | |
# so that they can be overridden at runtime ("-e APACHE_RUN_USER=...") | |
sed -ri 's/^export ([^=]+)=(.*)$/: ${\1:=\2}\nexport \1/' "$APACHE_ENVVARS"; \ | |
\ | |
# setup directories and permissions | |
. "$APACHE_ENVVARS"; \ | |
for dir in \ | |
"$APACHE_LOCK_DIR" \ | |
"$APACHE_RUN_DIR" \ | |
"$APACHE_LOG_DIR" \ | |
; do \ | |
rm -rvf "$dir"; \ | |
mkdir -p "$dir"; \ | |
chown "$APACHE_RUN_USER:$APACHE_RUN_GROUP" "$dir"; \ | |
# allow running as an arbitrary user (https://github.com/docker-library/php/issues/743) | |
chmod 777 "$dir"; \ | |
done; \ | |
\ | |
# delete the "index.html" that installing Apache drops in here | |
rm -rvf /var/www/html/*; \ | |
\ | |
# logs should go to stdout / stderr | |
ln -sfT /dev/stderr "$APACHE_LOG_DIR/error.log"; \ | |
ln -sfT /dev/stdout "$APACHE_LOG_DIR/access.log"; \ | |
ln -sfT /dev/stdout "$APACHE_LOG_DIR/other_vhosts_access.log"; \ | |
chown -R --no-dereference "$APACHE_RUN_USER:$APACHE_RUN_GROUP" "$APACHE_LOG_DIR" | |
# Apache + PHP requires preforking Apache for best results | |
RUN a2dismod mpm_event && a2enmod mpm_prefork | |
# PHP files should be handled by PHP, and should be preferred over any other file type | |
RUN { \ | |
echo '<FilesMatch \.php$>'; \ | |
echo '\tSetHandler application/x-httpd-php'; \ | |
echo '</FilesMatch>'; \ | |
echo; \ | |
echo 'DirectoryIndex disabled'; \ | |
echo 'DirectoryIndex index.php index.html'; \ | |
echo; \ | |
echo '<Directory /var/www/>'; \ | |
echo '\tOptions -Indexes'; \ | |
echo '\tAllowOverride All'; \ | |
echo '</Directory>'; \ | |
} | tee "$APACHE_CONFDIR/conf-available/docker-php.conf" \ | |
&& a2enconf docker-php | |
ENV PHP_EXTRA_BUILD_DEPS apache2-dev | |
ENV PHP_EXTRA_CONFIGURE_ARGS --with-apxs2 --disable-cgi --enable-debug | |
# Apply stack smash protection to functions using local buffers and alloca() | |
# Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) | |
# Enable optimization (-O2) | |
# Enable linker optimization (this sorts the hash buckets to improve cache locality, and is non-default) | |
# https://github.com/docker-library/php/issues/272 | |
# -D_LARGEFILE_SOURCE and -D_FILE_OFFSET_BITS=64 (https://www.php.net/manual/en/intro.filesystem.php) | |
ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O0 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -ggdb3 -g" | |
ENV PHP_CPPFLAGS="$PHP_CFLAGS" | |
ENV PHP_LDFLAGS="-Wl,-O0 -pie" | |
ENV GPG_KEYS 42670A7FE4D0441C8E4632349E4FDC074A4EF02D 5A52880781F755608BF815FC910DEB46F53EA312 | |
ENV PHP_VERSION 7.4.21 | |
ENV PHP_URL="https://www.php.net/distributions/php-7.4.21.tar.xz" PHP_ASC_URL="https://www.php.net/distributions/php-7.4.21.tar.xz.asc" | |
ENV PHP_SHA256="cf43384a7806241bc2ff22022619baa4abb9710f12ec1656d0173de992e32a90" | |
RUN set -eux; \ | |
\ | |
savedAptMark="$(apt-mark showmanual)"; \ | |
apt-get update; \ | |
apt-get install -y --no-install-recommends gnupg dirmngr; \ | |
rm -rf /var/lib/apt/lists/*; \ | |
\ | |
mkdir -p /usr/src; \ | |
cd /usr/src; \ | |
\ | |
curl -fsSL -o php.tar.xz "$PHP_URL"; \ | |
\ | |
if [ -n "$PHP_SHA256" ]; then \ | |
echo "$PHP_SHA256 *php.tar.xz" | sha256sum -c -; \ | |
fi; \ | |
\ | |
if [ -n "$PHP_ASC_URL" ]; then \ | |
curl -fsSL -o php.tar.xz.asc "$PHP_ASC_URL"; \ | |
export GNUPGHOME="$(mktemp -d)"; \ | |
for key in $GPG_KEYS; do \ | |
gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ | |
done; \ | |
gpg --batch --verify php.tar.xz.asc php.tar.xz; \ | |
gpgconf --kill all; \ | |
rm -rf "$GNUPGHOME"; \ | |
fi; \ | |
\ | |
apt-mark auto '.*' > /dev/null; \ | |
apt-mark manual $savedAptMark > /dev/null; \ | |
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false | |
COPY docker-php-source /usr/local/bin/ | |
RUN set -eux; \ | |
\ | |
savedAptMark="$(apt-mark showmanual)"; \ | |
apt-get update; \ | |
apt-get install -y --no-install-recommends \ | |
libargon2-dev \ | |
libcurl4-openssl-dev \ | |
libedit-dev \ | |
libonig-dev \ | |
libsodium-dev \ | |
libsqlite3-dev \ | |
libssl-dev \ | |
libxml2-dev \ | |
zlib1g-dev \ | |
${PHP_EXTRA_BUILD_DEPS:-} \ | |
; \ | |
rm -rf /var/lib/apt/lists/*; \ | |
\ | |
export \ | |
CFLAGS="$PHP_CFLAGS" \ | |
CPPFLAGS="$PHP_CPPFLAGS" \ | |
LDFLAGS="$PHP_LDFLAGS" \ | |
; \ | |
docker-php-source extract; \ | |
cd /usr/src/php; \ | |
gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ | |
debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ | |
# https://bugs.php.net/bug.php?id=74125 | |
if [ ! -d /usr/include/curl ]; then \ | |
ln -sT "/usr/include/$debMultiarch/curl" /usr/local/include/curl; \ | |
fi; \ | |
./configure \ | |
--build="$gnuArch" \ | |
--with-config-file-path="$PHP_INI_DIR" \ | |
--with-config-file-scan-dir="$PHP_INI_DIR/conf.d" \ | |
\ | |
# make sure invalid --configure-flags are fatal errors instead of just warnings | |
--enable-option-checking=fatal \ | |
\ | |
# https://github.com/docker-library/php/issues/439 | |
--with-mhash \ | |
\ | |
# https://github.com/docker-library/php/issues/822 | |
--with-pic \ | |
\ | |
# --enable-ftp is included here because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236) | |
--enable-ftp \ | |
# --enable-mbstring is included here because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195) | |
--enable-mbstring \ | |
# --enable-mysqlnd is included here because it's harder to compile after the fact than extensions are (since it's a plugin for several extensions, not an extension in itself) | |
--enable-mysqlnd \ | |
# https://wiki.php.net/rfc/argon2_password_hash (7.2+) | |
--with-password-argon2 \ | |
# https://wiki.php.net/rfc/libsodium | |
--with-sodium=shared \ | |
# always build against system sqlite3 (https://github.com/php/php-src/commit/6083a387a81dbbd66d6316a3a12a63f06d5f7109) | |
--with-pdo-sqlite=/usr \ | |
--with-sqlite3=/usr \ | |
\ | |
--with-curl \ | |
--with-libedit \ | |
--with-openssl \ | |
--with-zlib \ | |
\ | |
# in PHP 7.4+, the pecl/pear installers are officially deprecated (requiring an explicit "--with-pear") | |
--with-pear \ | |
\ | |
# bundled pcre does not support JIT on s390x | |
# https://manpages.debian.org/stretch/libpcre3-dev/pcrejit.3.en.html#AVAILABILITY_OF_JIT_SUPPORT | |
$(test "$gnuArch" = 's390x-linux-gnu' && echo '--without-pcre-jit') \ | |
--with-libdir="lib/$debMultiarch" \ | |
\ | |
${PHP_EXTRA_CONFIGURE_ARGS:-} \ | |
; \ | |
make -j "$(nproc)"; \ | |
find -type f -name '*.a' -delete; \ | |
make install; \ | |
make clean; \ | |
\ | |
# https://github.com/docker-library/php/issues/692 (copy default example "php.ini" files somewhere easily discoverable) | |
cp -v php.ini-* "$PHP_INI_DIR/"; \ | |
\ | |
cd /; \ | |
\ | |
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies | |
apt-mark auto '.*' > /dev/null; \ | |
[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \ | |
find /usr/local -type f -executable -exec ldd '{}' ';' \ | |
| awk '/=>/ { print $(NF-1) }' \ | |
| sort -u \ | |
| xargs -r dpkg-query --search \ | |
| cut -d: -f1 \ | |
| sort -u \ | |
| xargs -r apt-mark manual \ | |
; \ | |
# apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ | |
\ | |
# update pecl channel definitions https://github.com/docker-library/php/issues/443 | |
pecl update-channels; \ | |
rm -rf /tmp/pear ~/.pearrc; \ | |
\ | |
# smoke test | |
php --version | |
COPY docker-php-ext-* docker-php-entrypoint /usr/local/bin/ | |
# sodium was built as a shared module (so that it can be replaced later if so desired), so let's enable it too (https://github.com/docker-library/php/issues/598) | |
RUN docker-php-ext-enable sodium | |
ENTRYPOINT ["docker-php-entrypoint"] | |
# https://httpd.apache.org/docs/2.4/stopping.html#gracefulstop | |
STOPSIGNAL SIGWINCH | |
COPY apache2-foreground /usr/local/bin/ | |
WORKDIR /var/www/html | |
EXPOSE 80 | |
CMD ["apache2-foreground"] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment