[Misc] Apply best practices as reported by yosifkit on...

[Misc] Apply best practices as reported by yosifkit on https://github.com/docker-library/official-images/pull/2563#issuecomment-276541490 * Removed the not needed sh files * Allow passing parameters to catalina.sh from the docker command line * Removed unnecessary apt upgrade + unncessary --force-yes option * Verify sha of xwiki war to make sure the right WAR is downloaded and avoid man in the middle attacks * Simplify the sed expression and do it in one step * Remove unnecessary EXPOSE (done by the tomcat image) * Install the MySQL JDBC driver using apt-get (libmysql-java package) instead of getting it directly from upstream

[Misc] Apply best practices as reported by yosifkit on...
6c386ede · Vincent Massol · 35033483 · 6c386ede · 6c386ede · 35033483
Commit 6c386ede authored 8 years ago by Vincent Massol
--- a/xwiki-mysql-tomcat/Dockerfile
+++ b/xwiki-mysql-tomcat/Dockerfile
@@ -25,32 +25,29 @@ MAINTAINER Vincent Massol <vincent@massol.net>

 # Install LibreOffice + other tools
 RUN apt-get update && \
-  apt-get -y upgrade && \
-  apt-get --no-install-recommends -y --force-yes install \
+  apt-get --no-install-recommends -y install \
    curl \
    libreoffice \
-    unzip && \
+    unzip \
+    libmysql-java && \
  rm -rf /var/lib/apt/lists/*

 # Install XWiki as the ROOT webapp context in Tomcat
 # Create the Tomcat temporary directory
 # Configure the XWiki permanent directory
 ENV XWIKI_VERSION=8.4.4
+ENV XWIKI_URL_PREFIX "http://maven.xwiki.org/releases/org/xwiki/enterprise/xwiki-enterprise-web/${XWIKI_VERSION}"
+ENV XWIKI_DOWNLOAD_SHA256 b414edb4527e3d8b27c40a8c3f2f09423980de7963207b7dc89da71d14e7fb23
 RUN rm -rf /usr/local/tomcat/webapps/* && \
  mkdir -p /usr/local/tomcat/temp && \
  mkdir -p /usr/local/xwiki/data && \
-  curl -L "http://download.forge.ow2.org/xwiki/xwiki-enterprise-web-${XWIKI_VERSION}.war" -o xwiki.war && \ 
+  curl -fSL "${XWIKI_URL_PREFIX}/xwiki-enterprise-web-${XWIKI_VERSION}.war" -o xwiki.war && \
+  echo "$XWIKI_DOWNLOAD_SHA256 xwiki.war" | sha256sum -c - && \
  unzip -d /usr/local/tomcat/webapps/ROOT xwiki.war && \
  rm -f xwiki.war

-# Download the MySQL JDBC driver and install it in the XWiki webapp
-ENV MYSQL_DRIVER_VERSION=5.1.38
-RUN curl -L https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-${MYSQL_DRIVER_VERSION}.tar.gz \
-    -o mysql-connector-java-${MYSQL_DRIVER_VERSION}.tar.gz && \
-  tar xvf mysql-connector-java-${MYSQL_DRIVER_VERSION}.tar.gz \
-    mysql-connector-java-${MYSQL_DRIVER_VERSION}/mysql-connector-java-${MYSQL_DRIVER_VERSION}-bin.jar -O > \
-    /usr/local/tomcat/webapps/ROOT/WEB-INF/lib/mysql-connector-java-${MYSQL_DRIVER_VERSION}-bin.jar && \
-  rm -f mysql-connector-java-${MYSQL_DRIVER_VERSION}.tar.gz
+# Copy the MySQL JDBC driver in the XWiki webapp
+RUN cp /usr/share/java/mysql-connector-java-*.jar /usr/local/tomcat/webapps/ROOT/WEB-INF/lib/

 # Configure Tomcat. For example set the memory for the Tomcat JVM since the default value is too small for XWiki
 COPY tomcat/setenv.sh /usr/local/tomcat/bin/
@@ -60,25 +57,18 @@ ENV MYSQL_DATABASE=xwiki
 COPY xwiki/hibernate.cfg.xml /usr/local/tomcat/webapps/ROOT/WEB-INF/hibernate.cfg.xml

 # Set a specific distribution id in XWiki for this docker packaging.
-RUN sed "s/<id>org.xwiki.enterprise:xwiki-enterprise-web/<id>org.xwiki.enterprise:xwiki-enterprise-docker/" \
-    < /usr/local/tomcat/webapps/ROOT/META-INF/extension.xed > /usr/local/tomcat/webapps/ROOT/META-INF/extension2.xed && \
-  mv /usr/local/tomcat/webapps/ROOT/META-INF/extension2.xed /usr/local/tomcat/webapps/ROOT/META-INF/extension.xed
+RUN sed -i 's/<id>org.xwiki.enterprise:xwiki-enterprise-web/<id>org.xwiki.enterprise:xwiki-enterprise-docker/' \
+    /usr/local/tomcat/webapps/ROOT/META-INF/extension.xed

 # Add scripts required to make changes to XWiki configuration files at execution time
 # Note: we don't run CHMOD since 1) it's not required since the executabe bit is already set in git and 2) running
 # CHMOD after a COPY will sometimes fail, depending on different host-specific factors (especially on AUFS).
-COPY xwiki/xwiki-config-replace.sh /usr/local/bin/xwiki-config-replace.sh
-COPY xwiki/xwiki-set-cfg /usr/local/bin/xwiki-set-cfg
-COPY xwiki/xwiki-set-properties /usr/local/bin/xwiki-set-properties
 COPY xwiki/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh

 # Make the XWiki directory (the permanent directory is included in it) persist on the host (so that it's not recreated
 # across runs)
 VOLUME /var/lib/xwiki

-# Expose the Tomcat port
-EXPOSE 8080
-
 # At this point the image is done and what remains below are the runtime configuration used by the user to configure
 # the container that will be created out of the image. Namely the user can override some environment variables with
 #   docker run -e "var1=val1" -e "var2=val2" ...

--- a/xwiki-mysql-tomcat/xwiki/docker-entrypoint.sh
+++ b/xwiki-mysql-tomcat/xwiki/docker-entrypoint.sh
@@ -26,23 +26,42 @@ function first_start() {
  touch /usr/local/xwiki/.first_start_completed
 }

+# $1 - the path to xwiki.[cfg|properties]
+# $2 - the setting/property to set
+# $3 - the new value
+function xwiki_replace() {
+  sed -i s~"\#\? \?$2 \?=.*"~"$2=$3"~g "$1"
+}
+
+# $1 - the setting/property to set
+# $2 - the new value
+function xwiki_set_cfg() {
+  xwiki_replace /usr/local/tomcat/webapps/ROOT/WEB-INF/xwiki.cfg "$1" "$2"
+}
+
+# $1 - the setting/property to set
+# $2 - the new value
+function xwiki_set_properties() {
+  xwiki_replace /usr/local/tomcat/webapps/ROOT/WEB-INF/xwiki.properties "$1" "$2"
+}
+
 function configure() {
  echo 'Configuring XWiki...'
  sed -i "s/replacemysqluser/${MYSQL_USERNAME:-xwiki}/g" /usr/local/tomcat/webapps/ROOT/WEB-INF/hibernate.cfg.xml
  sed -i "s/replacemysqlpassword/${MYSQL_PASSWORD:-xwiki}/g" /usr/local/tomcat/webapps/ROOT/WEB-INF/hibernate.cfg.xml

  echo '  Using filesystem-based attachments...'
-  xwiki-set-cfg 'xwiki.store.attachment.hint' 'file'
-  xwiki-set-cfg 'xwiki.store.attachment.versioning.hint' 'file'
-  xwiki-set-cfg 'xwiki.store.attachment.recyclebin.hint' 'file'
+  xwiki_set_cfg 'xwiki.store.attachment.hint' 'file'
+  xwiki_set_cfg 'xwiki.store.attachment.versioning.hint' 'file'
+  xwiki_set_cfg 'xwiki.store.attachment.recyclebin.hint' 'file'
  echo '  Generating authentication validation and encryption keys...'
-  xwiki-set-cfg 'xwiki.authentication.validationKey' "$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)"
-  xwiki-set-cfg 'xwiki.authentication.encryptionKey' "$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)"
+  xwiki_set_cfg 'xwiki.authentication.validationKey' "$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)"
+  xwiki_set_cfg 'xwiki.authentication.encryptionKey' "$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)"

  echo '  Setting permanent directory...'
-  xwiki-set-properties 'environment.permanentDirectory' '/usr/local/xwiki/data'
+  xwiki_set_properties 'environment.permanentDirectory' '/usr/local/xwiki/data'
  echo '  Configure libreoffice...'
-  xwiki-set-properties 'openoffice.autoStart' 'true'
+  xwiki_set_properties 'openoffice.autoStart' 'true'
 }

 # This if will check if the first argument is a flag but only works if all arguments require a hyphenated flag
@@ -56,7 +75,8 @@ if [ "$1" = 'xwiki' ]; then
  if [[ ! -f /usr/local/xwiki/.first_start_completed ]]; then
    first_start
  fi
-  /usr/local/tomcat/bin/catalina.sh run
+  shift
+  set -- catalina.sh run "$@"
 fi

 # Else default to run whatever the user wanted like "bash"

--- a/xwiki-mysql-tomcat/xwiki/xwiki-config-replace.sh
+++ b/xwiki-mysql-tomcat/xwiki/xwiki-config-replace.sh
-#!/bin/bash
-# ---------------------------------------------------------------------------
-# See the NOTICE file distributed with this work for additional
-# information regarding copyright ownership.
-#
-# This is free software; you can redistribute it and/or modify it
-# under the terms of the GNU Lesser General Public License as
-# published by the Free Software Foundation; either version 2.1 of
-# the License, or (at your option) any later version.
-#
-# This software is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this software; if not, write to the Free
-# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-# 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-# ---------------------------------------------------------------------------
-
-# $1 - the path to xwiki.[cfg|properties]
-# $2 - the setting/property to set
-# $3 - the new value
-
-sed -i s~"\#\? \?$2 \?=.*"~"$2=$3"~g "$1"
\ No newline at end of file
--- a/xwiki-mysql-tomcat/xwiki/xwiki-set-cfg
+++ b/xwiki-mysql-tomcat/xwiki/xwiki-set-cfg
-#!/bin/bash
-# ---------------------------------------------------------------------------
-# See the NOTICE file distributed with this work for additional
-# information regarding copyright ownership.
-#
-# This is free software; you can redistribute it and/or modify it
-# under the terms of the GNU Lesser General Public License as
-# published by the Free Software Foundation; either version 2.1 of
-# the License, or (at your option) any later version.
-#
-# This software is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this software; if not, write to the Free
-# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-# 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-# ---------------------------------------------------------------------------
-
-# $1 - the setting/property to set
-# $2 - the new value
-
-xwiki-config-replace.sh /usr/local/tomcat/webapps/ROOT/WEB-INF/xwiki.cfg "$1" "$2"
\ No newline at end of file
--- a/xwiki-mysql-tomcat/xwiki/xwiki-set-properties
+++ b/xwiki-mysql-tomcat/xwiki/xwiki-set-properties
-#!/bin/bash
-# ---------------------------------------------------------------------------
-# See the NOTICE file distributed with this work for additional
-# information regarding copyright ownership.
-#
-# This is free software; you can redistribute it and/or modify it
-# under the terms of the GNU Lesser General Public License as
-# published by the Free Software Foundation; either version 2.1 of
-# the License, or (at your option) any later version.
-#
-# This software is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this software; if not, write to the Free
-# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-# 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-# ---------------------------------------------------------------------------
-
-# $1 - the setting/property to set
-# $2 - the new value
-
-xwiki-config-replace.sh /usr/local/tomcat/webapps/ROOT/WEB-INF/xwiki.properties "$1" "$2"
\ No newline at end of file