Update redmine #18292
Merged
Update redmine #18292
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This comment has been minimized.
This comment has been minimized.
Changes: - docker-library/redmine@8d36a1a: Merge pull request docker-library/redmine#366 from infosiftr/single-template - docker-library/redmine@b160f7a: Move to a single template for Debian and Alpine - docker-library/redmine@087f78a: Merge pull request docker-library/redmine#365 from infosiftr/better-keybase - docker-library/redmine@922b31e: Backport https://www.redmine.org/issues/42113 patch for 5.x - docker-library/redmine@a57cd24: Drop secrets.yml and just use `SECRET_KEY_BASE`
docker-library-bot
force-pushed
the
redmine
branch
from
3faabc7 to
b020b35
Compare
Diff for b020b35:diff --git a/_bashbrew-cat b/_bashbrew-cat
index 614be3a..fc77d0c 100644
--- a/_bashbrew-cat
+++ b/_bashbrew-cat
@@ -3,45 +3,45 @@ GitRepo: https://github.com/docker-library/redmine.git
Tags: 5.0.10, 5.0, 5.0.10-bookworm, 5.0-bookworm
Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
-GitCommit: 2ac79199f72a9628d9cb9ee1dafac2dd2856487c
+GitCommit: b160f7adabeb4216193103061c576210c8ca6674
Directory: 5.0/bookworm
Tags: 5.0.10-alpine3.20, 5.0-alpine3.20
Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, riscv64, s390x
-GitCommit: 2ac79199f72a9628d9cb9ee1dafac2dd2856487c
+GitCommit: b160f7adabeb4216193103061c576210c8ca6674
Directory: 5.0/alpine3.20
Tags: 5.0.10-alpine3.21, 5.0-alpine3.21, 5.0.10-alpine, 5.0-alpine
Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, riscv64, s390x
-GitCommit: 2ac79199f72a9628d9cb9ee1dafac2dd2856487c
+GitCommit: b160f7adabeb4216193103061c576210c8ca6674
Directory: 5.0/alpine3.21
Tags: 5.1.5, 5.1, 5, 5.1.5-bookworm, 5.1-bookworm, 5-bookworm
Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
-GitCommit: 2ac79199f72a9628d9cb9ee1dafac2dd2856487c
+GitCommit: b160f7adabeb4216193103061c576210c8ca6674
Directory: 5.1/bookworm
Tags: 5.1.5-alpine3.20, 5.1-alpine3.20, 5-alpine3.20
Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, riscv64, s390x
-GitCommit: 2ac79199f72a9628d9cb9ee1dafac2dd2856487c
+GitCommit: b160f7adabeb4216193103061c576210c8ca6674
Directory: 5.1/alpine3.20
Tags: 5.1.5-alpine3.21, 5.1-alpine3.21, 5-alpine3.21, 5.1.5-alpine, 5.1-alpine, 5-alpine
Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, riscv64, s390x
-GitCommit: 2ac79199f72a9628d9cb9ee1dafac2dd2856487c
+GitCommit: b160f7adabeb4216193103061c576210c8ca6674
Directory: 5.1/alpine3.21
Tags: 6.0.2, 6.0, 6, latest, 6.0.2-bookworm, 6.0-bookworm, 6-bookworm, bookworm
Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
-GitCommit: 2ac79199f72a9628d9cb9ee1dafac2dd2856487c
+GitCommit: b160f7adabeb4216193103061c576210c8ca6674
Directory: 6.0/bookworm
Tags: 6.0.2-alpine3.20, 6.0-alpine3.20, 6-alpine3.20, alpine3.20
Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, riscv64, s390x
-GitCommit: 2ac79199f72a9628d9cb9ee1dafac2dd2856487c
+GitCommit: b160f7adabeb4216193103061c576210c8ca6674
Directory: 6.0/alpine3.20
Tags: 6.0.2-alpine3.21, 6.0-alpine3.21, 6-alpine3.21, alpine3.21, 6.0.2-alpine, 6.0-alpine, 6-alpine, alpine
Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, riscv64, s390x
-GitCommit: 2ac79199f72a9628d9cb9ee1dafac2dd2856487c
+GitCommit: b160f7adabeb4216193103061c576210c8ca6674
Directory: 6.0/alpine3.21
diff --git a/redmine_5-alpine/Dockerfile b/redmine_5-alpine/Dockerfile
index d6338a0..5e6811f 100644
--- a/redmine_5-alpine/Dockerfile
+++ b/redmine_5-alpine/Dockerfile
@@ -14,23 +14,19 @@ RUN addgroup -S -g 1000 redmine && adduser -S -H -G redmine -u 999 redmine
RUN set -eux; \
apk add --no-cache \
bash \
+ breezy \
ca-certificates \
findutils \
- tini \
- tzdata \
- wget \
- \
- breezy \
+ ghostscript \
+ ghostscript-fonts \
git \
+ imagemagick \
mercurial \
openssh-client \
subversion \
- \
-# we need "gsfonts" for generating PNGs of Gantt charts
-# and "ghostscript" for creating PDF thumbnails (in 4.1+)
- ghostscript \
- ghostscript-fonts \
- imagemagick \
+ tini \
+ tzdata \
+ wget \
;
# grab gosu for easy step-down from root
@@ -39,7 +35,6 @@ ENV GOSU_VERSION 1.17
RUN set -eux; \
\
apk add --no-cache --virtual .gosu-deps \
- ca-certificates \
dpkg \
gnupg \
; \
@@ -82,6 +77,15 @@ RUN set -eux; \
wget -O redmine.tar.gz "$REDMINE_DOWNLOAD_URL"; \
echo "$REDMINE_DOWNLOAD_SHA256 *redmine.tar.gz" | sha256sum -c -; \
tar -xf redmine.tar.gz --strip-components=1; \
+ # https://www.redmine.org/issues/42113 (aka https://github.com/rails/rails/issues/54260)
+ # 5.1: https://github.com/redmine/redmine/commit/c7b1f00fc1b42fd9f77b8e6574dae453ced642b4
+ # 5.0: https://github.com/redmine/redmine/commit/f27570120b7a672249bfebfe4d62da506785e146
+ apk add --no-cache patch; \
+ wget -O 42113.patch 'https://github.com/redmine/redmine/commit/c7b1f00fc1b42fd9f77b8e6574dae453ced642b4.patch?full_index=1'; \
+ echo 'e352699be3995ff6e3b0066a478e377922fa95ce9fe4729240cd98dcee3c8575 *42113.patch' | sha256sum -c -; \
+ patch -p1 < 42113.patch; \
+ rm 42113.patch; \
+ apk del --no-network patch; \
rm redmine.tar.gz files/delete.me log/delete.me; \
mkdir -p log public/plugin_assets sqlite tmp/pdf tmp/pids; \
chown -R redmine:redmine ./; \
@@ -92,7 +96,6 @@ RUN set -eux; \
# build for musl-libc, not glibc (see https://github.com/sparklemotion/nokogiri/issues/2075, https://github.com/rubygems/rubygems/issues/3174)
ENV BUNDLE_FORCE_RUBY_PLATFORM 1
RUN set -eux; \
- \
apk add --no-cache --virtual .build-deps \
coreutils \
freetds-dev \
@@ -124,7 +127,6 @@ RUN set -eux; \
rm ./config/database.yml; \
# fix permissions for running as an arbitrary user
chmod -R ugo=rwX Gemfile.lock "$GEM_HOME"; \
-# this requires coreutils because "chmod +X" in busybox will remove +x on files (and coreutils leaves files alone with +X)
rm -rf ~redmine/.bundle; \
\
# https://github.com/naitoh/rbpdf/issues/31
diff --git a/redmine_5-alpine/docker-entrypoint.sh b/redmine_5-alpine/docker-entrypoint.sh
index 62c56ea..9a1640a 100755
--- a/redmine_5-alpine/docker-entrypoint.sh
+++ b/redmine_5-alpine/docker-entrypoint.sh
@@ -139,17 +139,24 @@ if [ -n "$isLikelyRedmine" ]; then
# install additional gems for Gemfile.local and plugins
bundle check || bundle install
- if [ ! -s config/secrets.yml ]; then
file_env 'REDMINE_SECRET_KEY_BASE'
- if [ -n "$REDMINE_SECRET_KEY_BASE" ]; then
- cat > 'config/secrets.yml' <<-YML
- $RAILS_ENV:
- secret_key_base: "$REDMINE_SECRET_KEY_BASE"
- YML
- elif [ ! -f config/initializers/secret_token.rb ]; then
- rake generate_secret_token
+ # just use the rails variable rather than trying to put it into a yml file
+ # https://github.com/rails/rails/blob/6-1-stable/railties/lib/rails/application.rb#L438
+ # https://github.com/rails/rails/blob/1aa9987169213ce5ce43c20b2643bc64c235e792/railties/lib/rails/application.rb#L484 (rails 7.1-stable)
+ if [ -n "${SECRET_KEY_BASE}" ] && [ -n "${REDMINE_SECRET_KEY_BASE}" ]; then
+ echo >&2
+ echo >&2 'warning: both SECRET_KEY_BASE and REDMINE_SECRET_KEY_BASE{_FILE} set, only SECRET_KEY_BASE will apply'
+ echo >&2
fi
+ : "${SECRET_KEY_BASE:=$REDMINE_SECRET_KEY_BASE}"
+ export SECRET_KEY_BASE
+ # generate SECRET_KEY_BASE if not set; this is not recommended unless the secret_token.rb is saved when container is recreated
+ if [ -z "$SECRET_KEY_BASE" ] && [ ! -f config/initializers/secret_token.rb ]; then
+ echo >&2 'warning: no *SECRET_KEY_BASE set; running `rake generate_secret_token` to create one in "config/initializers/secret_token.rb"'
+ unset SECRET_KEY_BASE # just in case
+ rake generate_secret_token
fi
+
if [ "$1" != 'rake' -a -z "$REDMINE_NO_DB_MIGRATE" ]; then
rake db:migrate
fi
diff --git a/redmine_5-alpine3.20/Dockerfile b/redmine_5-alpine3.20/Dockerfile
index 1068ebc..8b465ef 100644
--- a/redmine_5-alpine3.20/Dockerfile
+++ b/redmine_5-alpine3.20/Dockerfile
@@ -14,23 +14,19 @@ RUN addgroup -S -g 1000 redmine && adduser -S -H -G redmine -u 999 redmine
RUN set -eux; \
apk add --no-cache \
bash \
+ breezy \
ca-certificates \
findutils \
- tini \
- tzdata \
- wget \
- \
- breezy \
+ ghostscript \
+ ghostscript-fonts \
git \
+ imagemagick \
mercurial \
openssh-client \
subversion \
- \
-# we need "gsfonts" for generating PNGs of Gantt charts
-# and "ghostscript" for creating PDF thumbnails (in 4.1+)
- ghostscript \
- ghostscript-fonts \
- imagemagick \
+ tini \
+ tzdata \
+ wget \
;
# grab gosu for easy step-down from root
@@ -39,7 +35,6 @@ ENV GOSU_VERSION 1.17
RUN set -eux; \
\
apk add --no-cache --virtual .gosu-deps \
- ca-certificates \
dpkg \
gnupg \
; \
@@ -82,6 +77,15 @@ RUN set -eux; \
wget -O redmine.tar.gz "$REDMINE_DOWNLOAD_URL"; \
echo "$REDMINE_DOWNLOAD_SHA256 *redmine.tar.gz" | sha256sum -c -; \
tar -xf redmine.tar.gz --strip-components=1; \
+ # https://www.redmine.org/issues/42113 (aka https://github.com/rails/rails/issues/54260)
+ # 5.1: https://github.com/redmine/redmine/commit/c7b1f00fc1b42fd9f77b8e6574dae453ced642b4
+ # 5.0: https://github.com/redmine/redmine/commit/f27570120b7a672249bfebfe4d62da506785e146
+ apk add --no-cache patch; \
+ wget -O 42113.patch 'https://github.com/redmine/redmine/commit/c7b1f00fc1b42fd9f77b8e6574dae453ced642b4.patch?full_index=1'; \
+ echo 'e352699be3995ff6e3b0066a478e377922fa95ce9fe4729240cd98dcee3c8575 *42113.patch' | sha256sum -c -; \
+ patch -p1 < 42113.patch; \
+ rm 42113.patch; \
+ apk del --no-network patch; \
rm redmine.tar.gz files/delete.me log/delete.me; \
mkdir -p log public/plugin_assets sqlite tmp/pdf tmp/pids; \
chown -R redmine:redmine ./; \
@@ -92,7 +96,6 @@ RUN set -eux; \
# build for musl-libc, not glibc (see https://github.com/sparklemotion/nokogiri/issues/2075, https://github.com/rubygems/rubygems/issues/3174)
ENV BUNDLE_FORCE_RUBY_PLATFORM 1
RUN set -eux; \
- \
apk add --no-cache --virtual .build-deps \
coreutils \
freetds-dev \
@@ -124,7 +127,6 @@ RUN set -eux; \
rm ./config/database.yml; \
# fix permissions for running as an arbitrary user
chmod -R ugo=rwX Gemfile.lock "$GEM_HOME"; \
-# this requires coreutils because "chmod +X" in busybox will remove +x on files (and coreutils leaves files alone with +X)
rm -rf ~redmine/.bundle; \
\
# https://github.com/naitoh/rbpdf/issues/31
diff --git a/redmine_5-alpine3.20/docker-entrypoint.sh b/redmine_5-alpine3.20/docker-entrypoint.sh
index 62c56ea..9a1640a 100755
--- a/redmine_5-alpine3.20/docker-entrypoint.sh
+++ b/redmine_5-alpine3.20/docker-entrypoint.sh
@@ -139,17 +139,24 @@ if [ -n "$isLikelyRedmine" ]; then
# install additional gems for Gemfile.local and plugins
bundle check || bundle install
- if [ ! -s config/secrets.yml ]; then
file_env 'REDMINE_SECRET_KEY_BASE'
- if [ -n "$REDMINE_SECRET_KEY_BASE" ]; then
- cat > 'config/secrets.yml' <<-YML
- $RAILS_ENV:
- secret_key_base: "$REDMINE_SECRET_KEY_BASE"
- YML
- elif [ ! -f config/initializers/secret_token.rb ]; then
- rake generate_secret_token
+ # just use the rails variable rather than trying to put it into a yml file
+ # https://github.com/rails/rails/blob/6-1-stable/railties/lib/rails/application.rb#L438
+ # https://github.com/rails/rails/blob/1aa9987169213ce5ce43c20b2643bc64c235e792/railties/lib/rails/application.rb#L484 (rails 7.1-stable)
+ if [ -n "${SECRET_KEY_BASE}" ] && [ -n "${REDMINE_SECRET_KEY_BASE}" ]; then
+ echo >&2
+ echo >&2 'warning: both SECRET_KEY_BASE and REDMINE_SECRET_KEY_BASE{_FILE} set, only SECRET_KEY_BASE will apply'
+ echo >&2
fi
+ : "${SECRET_KEY_BASE:=$REDMINE_SECRET_KEY_BASE}"
+ export SECRET_KEY_BASE
+ # generate SECRET_KEY_BASE if not set; this is not recommended unless the secret_token.rb is saved when container is recreated
+ if [ -z "$SECRET_KEY_BASE" ] && [ ! -f config/initializers/secret_token.rb ]; then
+ echo >&2 'warning: no *SECRET_KEY_BASE set; running `rake generate_secret_token` to create one in "config/initializers/secret_token.rb"'
+ unset SECRET_KEY_BASE # just in case
+ rake generate_secret_token
fi
+
if [ "$1" != 'rake' -a -z "$REDMINE_NO_DB_MIGRATE" ]; then
rake db:migrate
fi
diff --git a/redmine_5-bookworm/Dockerfile b/redmine_5-bookworm/Dockerfile
index f075cb1..92b0d6f 100644
--- a/redmine_5-bookworm/Dockerfile
+++ b/redmine_5-bookworm/Dockerfile
@@ -13,29 +13,24 @@ RUN groupadd -r -g 999 redmine && useradd -r -g redmine -u 999 redmine
RUN set -eux; \
apt-get update; \
apt-get install -y --no-install-recommends \
- ca-certificates \
- curl \
- wget \
- \
bzr \
+ ca-certificates \
+ ghostscript \
git \
+ gsfonts \
+ imagemagick \
mercurial \
openssh-client \
subversion \
- \
-# we need "gsfonts" for generating PNGs of Gantt charts
-# and "ghostscript" for creating PDF thumbnails (in 4.1+)
- ghostscript \
- gsfonts \
- imagemagick \
-# grab tini for signal processing and zombie killing
tini \
+ wget \
; \
# allow imagemagick to use ghostscript for PDF -> PNG thumbnail conversion (4.1+)
sed -ri 's/(rights)="none" (pattern="PDF")/\1="read" \2/' /etc/ImageMagick-6/policy.xml; \
rm -rf /var/lib/apt/lists/*
# grab gosu for easy step-down from root
+# https://github.com/tianon/gosu/releases
ENV GOSU_VERSION 1.17
RUN set -eux; \
\
@@ -82,10 +77,23 @@ ENV REDMINE_DOWNLOAD_SHA256 2c9739511712fc1381d9584fa005f911a3022e8366d1d6a53fec
ENV RAILS_LOG_TO_STDOUT true
RUN set -eux; \
-# if we use wget here, we get certificate issues (https://github.com/docker-library/redmine/pull/249#issuecomment-984176479)
- curl -fL -o redmine.tar.gz "$REDMINE_DOWNLOAD_URL"; \
+ wget -O redmine.tar.gz "$REDMINE_DOWNLOAD_URL"; \
echo "$REDMINE_DOWNLOAD_SHA256 *redmine.tar.gz" | sha256sum -c -; \
tar -xf redmine.tar.gz --strip-components=1; \
+ # https://www.redmine.org/issues/42113 (aka https://github.com/rails/rails/issues/54260)
+ # 5.1: https://github.com/redmine/redmine/commit/c7b1f00fc1b42fd9f77b8e6574dae453ced642b4
+ # 5.0: https://github.com/redmine/redmine/commit/f27570120b7a672249bfebfe4d62da506785e146
+ savedAptMark="$(apt-mark showmanual)"; \
+ apt-get update; \
+ apt-get install -y --no-install-recommends patch; \
+ wget -O 42113.patch 'https://github.com/redmine/redmine/commit/c7b1f00fc1b42fd9f77b8e6574dae453ced642b4.patch?full_index=1'; \
+ echo 'e352699be3995ff6e3b0066a478e377922fa95ce9fe4729240cd98dcee3c8575 *42113.patch' | sha256sum -c -; \
+ patch -p1 < 42113.patch; \
+ rm 42113.patch; \
+ apt-mark auto '.*' > /dev/null; \
+ apt-mark manual $savedAptMark > /dev/null; \
+ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
+ rm -rf /var/lib/apt/lists/*; \
rm redmine.tar.gz files/delete.me log/delete.me; \
mkdir -p log public/plugin_assets sqlite tmp/pdf tmp/pids; \
chown -R redmine:redmine ./; \
@@ -94,7 +102,6 @@ RUN set -eux; \
find log tmp -type d -exec chmod 1777 '{}' +
RUN set -eux; \
- \
savedAptMark="$(apt-mark showmanual)"; \
apt-get update; \
apt-get install -y --no-install-recommends \
diff --git a/redmine_5-bookworm/docker-entrypoint.sh b/redmine_5-bookworm/docker-entrypoint.sh
index 62c56ea..9a1640a 100755
--- a/redmine_5-bookworm/docker-entrypoint.sh
+++ b/redmine_5-bookworm/docker-entrypoint.sh
@@ -139,17 +139,24 @@ if [ -n "$isLikelyRedmine" ]; then
# install additional gems for Gemfile.local and plugins
bundle check || bundle install
- if [ ! -s config/secrets.yml ]; then
file_env 'REDMINE_SECRET_KEY_BASE'
- if [ -n "$REDMINE_SECRET_KEY_BASE" ]; then
- cat > 'config/secrets.yml' <<-YML
- $RAILS_ENV:
- secret_key_base: "$REDMINE_SECRET_KEY_BASE"
- YML
- elif [ ! -f config/initializers/secret_token.rb ]; then
- rake generate_secret_token
+ # just use the rails variable rather than trying to put it into a yml file
+ # https://github.com/rails/rails/blob/6-1-stable/railties/lib/rails/application.rb#L438
+ # https://github.com/rails/rails/blob/1aa9987169213ce5ce43c20b2643bc64c235e792/railties/lib/rails/application.rb#L484 (rails 7.1-stable)
+ if [ -n "${SECRET_KEY_BASE}" ] && [ -n "${REDMINE_SECRET_KEY_BASE}" ]; then
+ echo >&2
+ echo >&2 'warning: both SECRET_KEY_BASE and REDMINE_SECRET_KEY_BASE{_FILE} set, only SECRET_KEY_BASE will apply'
+ echo >&2
fi
+ : "${SECRET_KEY_BASE:=$REDMINE_SECRET_KEY_BASE}"
+ export SECRET_KEY_BASE
+ # generate SECRET_KEY_BASE if not set; this is not recommended unless the secret_token.rb is saved when container is recreated
+ if [ -z "$SECRET_KEY_BASE" ] && [ ! -f config/initializers/secret_token.rb ]; then
+ echo >&2 'warning: no *SECRET_KEY_BASE set; running `rake generate_secret_token` to create one in "config/initializers/secret_token.rb"'
+ unset SECRET_KEY_BASE # just in case
+ rake generate_secret_token
fi
+
if [ "$1" != 'rake' -a -z "$REDMINE_NO_DB_MIGRATE" ]; then
rake db:migrate
fi
diff --git a/redmine_5.0-alpine/Dockerfile b/redmine_5.0-alpine/Dockerfile
index 4af7ac4..29b104a 100644
--- a/redmine_5.0-alpine/Dockerfile
+++ b/redmine_5.0-alpine/Dockerfile
@@ -14,23 +14,19 @@ RUN addgroup -S -g 1000 redmine && adduser -S -H -G redmine -u 999 redmine
RUN set -eux; \
apk add --no-cache \
bash \
+ breezy \
ca-certificates \
findutils \
- tini \
- tzdata \
- wget \
- \
- breezy \
+ ghostscript \
+ ghostscript-fonts \
git \
+ imagemagick \
mercurial \
openssh-client \
subversion \
- \
-# we need "gsfonts" for generating PNGs of Gantt charts
-# and "ghostscript" for creating PDF thumbnails (in 4.1+)
- ghostscript \
- ghostscript-fonts \
- imagemagick \
+ tini \
+ tzdata \
+ wget \
;
# grab gosu for easy step-down from root
@@ -39,7 +35,6 @@ ENV GOSU_VERSION 1.17
RUN set -eux; \
\
apk add --no-cache --virtual .gosu-deps \
- ca-certificates \
dpkg \
gnupg \
; \
@@ -82,6 +77,15 @@ RUN set -eux; \
wget -O redmine.tar.gz "$REDMINE_DOWNLOAD_URL"; \
echo "$REDMINE_DOWNLOAD_SHA256 *redmine.tar.gz" | sha256sum -c -; \
tar -xf redmine.tar.gz --strip-components=1; \
+ # https://www.redmine.org/issues/42113 (aka https://github.com/rails/rails/issues/54260)
+ # 5.1: https://github.com/redmine/redmine/commit/c7b1f00fc1b42fd9f77b8e6574dae453ced642b4
+ # 5.0: https://github.com/redmine/redmine/commit/f27570120b7a672249bfebfe4d62da506785e146
+ apk add --no-cache patch; \
+ wget -O 42113.patch 'https://github.com/redmine/redmine/commit/c7b1f00fc1b42fd9f77b8e6574dae453ced642b4.patch?full_index=1'; \
+ echo 'e352699be3995ff6e3b0066a478e377922fa95ce9fe4729240cd98dcee3c8575 *42113.patch' | sha256sum -c -; \
+ patch -p1 < 42113.patch; \
+ rm 42113.patch; \
+ apk del --no-network patch; \
rm redmine.tar.gz files/delete.me log/delete.me; \
mkdir -p log public/plugin_assets sqlite tmp/pdf tmp/pids; \
chown -R redmine:redmine ./; \
@@ -92,7 +96,6 @@ RUN set -eux; \
# build for musl-libc, not glibc (see https://github.com/sparklemotion/nokogiri/issues/2075, https://github.com/rubygems/rubygems/issues/3174)
ENV BUNDLE_FORCE_RUBY_PLATFORM 1
RUN set -eux; \
- \
apk add --no-cache --virtual .build-deps \
coreutils \
freetds-dev \
@@ -127,7 +130,6 @@ RUN set -eux; \
rm ./config/database.yml; \
# fix permissions for running as an arbitrary user
chmod -R ugo=rwX Gemfile.lock "$GEM_HOME"; \
-# this requires coreutils because "chmod +X" in busybox will remove +x on files (and coreutils leaves files alone with +X)
rm -rf ~redmine/.bundle; \
\
# https://github.com/naitoh/rbpdf/issues/31
diff --git a/redmine_5.0-alpine/docker-entrypoint.sh b/redmine_5.0-alpine/docker-entrypoint.sh
index 62c56ea..9a1640a 100755
--- a/redmine_5.0-alpine/docker-entrypoint.sh
+++ b/redmine_5.0-alpine/docker-entrypoint.sh
@@ -139,17 +139,24 @@ if [ -n "$isLikelyRedmine" ]; then
# install additional gems for Gemfile.local and plugins
bundle check || bundle install
- if [ ! -s config/secrets.yml ]; then
file_env 'REDMINE_SECRET_KEY_BASE'
- if [ -n "$REDMINE_SECRET_KEY_BASE" ]; then
- cat > 'config/secrets.yml' <<-YML
- $RAILS_ENV:
- secret_key_base: "$REDMINE_SECRET_KEY_BASE"
- YML
- elif [ ! -f config/initializers/secret_token.rb ]; then
- rake generate_secret_token
+ # just use the rails variable rather than trying to put it into a yml file
+ # https://github.com/rails/rails/blob/6-1-stable/railties/lib/rails/application.rb#L438
+ # https://github.com/rails/rails/blob/1aa9987169213ce5ce43c20b2643bc64c235e792/railties/lib/rails/application.rb#L484 (rails 7.1-stable)
+ if [ -n "${SECRET_KEY_BASE}" ] && [ -n "${REDMINE_SECRET_KEY_BASE}" ]; then
+ echo >&2
+ echo >&2 'warning: both SECRET_KEY_BASE and REDMINE_SECRET_KEY_BASE{_FILE} set, only SECRET_KEY_BASE will apply'
+ echo >&2
fi
+ : "${SECRET_KEY_BASE:=$REDMINE_SECRET_KEY_BASE}"
+ export SECRET_KEY_BASE
+ # generate SECRET_KEY_BASE if not set; this is not recommended unless the secret_token.rb is saved when container is recreated
+ if [ -z "$SECRET_KEY_BASE" ] && [ ! -f config/initializers/secret_token.rb ]; then
+ echo >&2 'warning: no *SECRET_KEY_BASE set; running `rake generate_secret_token` to create one in "config/initializers/secret_token.rb"'
+ unset SECRET_KEY_BASE # just in case
+ rake generate_secret_token
fi
+
if [ "$1" != 'rake' -a -z "$REDMINE_NO_DB_MIGRATE" ]; then
rake db:migrate
fi
diff --git a/redmine_5.0-alpine3.20/Dockerfile b/redmine_5.0-alpine3.20/Dockerfile
index a37c64c..0a152db 100644
--- a/redmine_5.0-alpine3.20/Dockerfile
+++ b/redmine_5.0-alpine3.20/Dockerfile
@@ -14,23 +14,19 @@ RUN addgroup -S -g 1000 redmine && adduser -S -H -G redmine -u 999 redmine
RUN set -eux; \
apk add --no-cache \
bash \
+ breezy \
ca-certificates \
findutils \
- tini \
- tzdata \
- wget \
- \
- breezy \
+ ghostscript \
+ ghostscript-fonts \
git \
+ imagemagick \
mercurial \
openssh-client \
subversion \
- \
-# we need "gsfonts" for generating PNGs of Gantt charts
-# and "ghostscript" for creating PDF thumbnails (in 4.1+)
- ghostscript \
- ghostscript-fonts \
- imagemagick \
+ tini \
+ tzdata \
+ wget \
;
# grab gosu for easy step-down from root
@@ -39,7 +35,6 @@ ENV GOSU_VERSION 1.17
RUN set -eux; \
\
apk add --no-cache --virtual .gosu-deps \
- ca-certificates \
dpkg \
gnupg \
; \
@@ -82,6 +77,15 @@ RUN set -eux; \
wget -O redmine.tar.gz "$REDMINE_DOWNLOAD_URL"; \
echo "$REDMINE_DOWNLOAD_SHA256 *redmine.tar.gz" | sha256sum -c -; \
tar -xf redmine.tar.gz --strip-components=1; \
+ # https://www.redmine.org/issues/42113 (aka https://github.com/rails/rails/issues/54260)
+ # 5.1: https://github.com/redmine/redmine/commit/c7b1f00fc1b42fd9f77b8e6574dae453ced642b4
+ # 5.0: https://github.com/redmine/redmine/commit/f27570120b7a672249bfebfe4d62da506785e146
+ apk add --no-cache patch; \
+ wget -O 42113.patch 'https://github.com/redmine/redmine/commit/c7b1f00fc1b42fd9f77b8e6574dae453ced642b4.patch?full_index=1'; \
+ echo 'e352699be3995ff6e3b0066a478e377922fa95ce9fe4729240cd98dcee3c8575 *42113.patch' | sha256sum -c -; \
+ patch -p1 < 42113.patch; \
+ rm 42113.patch; \
+ apk del --no-network patch; \
rm redmine.tar.gz files/delete.me log/delete.me; \
mkdir -p log public/plugin_assets sqlite tmp/pdf tmp/pids; \
chown -R redmine:redmine ./; \
@@ -92,7 +96,6 @@ RUN set -eux; \
# build for musl-libc, not glibc (see https://github.com/sparklemotion/nokogiri/issues/2075, https://github.com/rubygems/rubygems/issues/3174)
ENV BUNDLE_FORCE_RUBY_PLATFORM 1
RUN set -eux; \
- \
apk add --no-cache --virtual .build-deps \
coreutils \
freetds-dev \
@@ -124,7 +127,6 @@ RUN set -eux; \
rm ./config/database.yml; \
# fix permissions for running as an arbitrary user
chmod -R ugo=rwX Gemfile.lock "$GEM_HOME"; \
-# this requires coreutils because "chmod +X" in busybox will remove +x on files (and coreutils leaves files alone with +X)
rm -rf ~redmine/.bundle; \
\
# https://github.com/naitoh/rbpdf/issues/31
diff --git a/redmine_5.0-alpine3.20/docker-entrypoint.sh b/redmine_5.0-alpine3.20/docker-entrypoint.sh
index 62c56ea..9a1640a 100755
--- a/redmine_5.0-alpine3.20/docker-entrypoint.sh
+++ b/redmine_5.0-alpine3.20/docker-entrypoint.sh
@@ -139,17 +139,24 @@ if [ -n "$isLikelyRedmine" ]; then
# install additional gems for Gemfile.local and plugins
bundle check || bundle install
- if [ ! -s config/secrets.yml ]; then
file_env 'REDMINE_SECRET_KEY_BASE'
- if [ -n "$REDMINE_SECRET_KEY_BASE" ]; then
- cat > 'config/secrets.yml' <<-YML
- $RAILS_ENV:
- secret_key_base: "$REDMINE_SECRET_KEY_BASE"
- YML
- elif [ ! -f config/initializers/secret_token.rb ]; then
- rake generate_secret_token
+ # just use the rails variable rather than trying to put it into a yml file
+ # https://github.com/rails/rails/blob/6-1-stable/railties/lib/rails/application.rb#L438
+ # https://github.com/rails/rails/blob/1aa9987169213ce5ce43c20b2643bc64c235e792/railties/lib/rails/application.rb#L484 (rails 7.1-stable)
+ if [ -n "${SECRET_KEY_BASE}" ] && [ -n "${REDMINE_SECRET_KEY_BASE}" ]; then
+ echo >&2
+ echo >&2 'warning: both SECRET_KEY_BASE and REDMINE_SECRET_KEY_BASE{_FILE} set, only SECRET_KEY_BASE will apply'
+ echo >&2
fi
+ : "${SECRET_KEY_BASE:=$REDMINE_SECRET_KEY_BASE}"
+ export SECRET_KEY_BASE
+ # generate SECRET_KEY_BASE if not set; this is not recommended unless the secret_token.rb is saved when container is recreated
+ if [ -z "$SECRET_KEY_BASE" ] && [ ! -f config/initializers/secret_token.rb ]; then
+ echo >&2 'warning: no *SECRET_KEY_BASE set; running `rake generate_secret_token` to create one in "config/initializers/secret_token.rb"'
+ unset SECRET_KEY_BASE # just in case
+ rake generate_secret_token
fi
+
if [ "$1" != 'rake' -a -z "$REDMINE_NO_DB_MIGRATE" ]; then
rake db:migrate
fi
diff --git a/redmine_5.0-bookworm/Dockerfile b/redmine_5.0-bookworm/Dockerfile
index e990c48..8d0674c 100644
--- a/redmine_5.0-bookworm/Dockerfile
+++ b/redmine_5.0-bookworm/Dockerfile
@@ -13,29 +13,24 @@ RUN groupadd -r -g 999 redmine && useradd -r -g redmine -u 999 redmine
RUN set -eux; \
apt-get update; \
apt-get install -y --no-install-recommends \
- ca-certificates \
- curl \
- wget \
- \
bzr \
+ ca-certificates \
+ ghostscript \
git \
+ gsfonts \
+ imagemagick \
mercurial \
openssh-client \
subversion \
- \
-# we need "gsfonts" for generating PNGs of Gantt charts
-# and "ghostscript" for creating PDF thumbnails (in 4.1+)
- ghostscript \
- gsfonts \
- imagemagick \
-# grab tini for signal processing and zombie killing
tini \
+ wget \
; \
# allow imagemagick to use ghostscript for PDF -> PNG thumbnail conversion (4.1+)
sed -ri 's/(rights)="none" (pattern="PDF")/\1="read" \2/' /etc/ImageMagick-6/policy.xml; \
rm -rf /var/lib/apt/lists/*
# grab gosu for easy step-down from root
+# https://github.com/tianon/gosu/releases
ENV GOSU_VERSION 1.17
RUN set -eux; \
\
@@ -82,10 +77,23 @@ ENV REDMINE_DOWNLOAD_SHA256 cb0df0f6feb5a3198e59e36b239e9a1110011ed7078316bd1c80
ENV RAILS_LOG_TO_STDOUT true
RUN set -eux; \
-# if we use wget here, we get certificate issues (https://github.com/docker-library/redmine/pull/249#issuecomment-984176479)
- curl -fL -o redmine.tar.gz "$REDMINE_DOWNLOAD_URL"; \
+ wget -O redmine.tar.gz "$REDMINE_DOWNLOAD_URL"; \
echo "$REDMINE_DOWNLOAD_SHA256 *redmine.tar.gz" | sha256sum -c -; \
tar -xf redmine.tar.gz --strip-components=1; \
+ # https://www.redmine.org/issues/42113 (aka https://github.com/rails/rails/issues/54260)
+ # 5.1: https://github.com/redmine/redmine/commit/c7b1f00fc1b42fd9f77b8e6574dae453ced642b4
+ # 5.0: https://github.com/redmine/redmine/commit/f27570120b7a672249bfebfe4d62da506785e146
+ savedAptMark="$(apt-mark showmanual)"; \
+ apt-get update; \
+ apt-get install -y --no-install-recommends patch; \
+ wget -O 42113.patch 'https://github.com/redmine/redmine/commit/c7b1f00fc1b42fd9f77b8e6574dae453ced642b4.patch?full_index=1'; \
+ echo 'e352699be3995ff6e3b0066a478e377922fa95ce9fe4729240cd98dcee3c8575 *42113.patch' | sha256sum -c -; \
+ patch -p1 < 42113.patch; \
+ rm 42113.patch; \
+ apt-mark auto '.*' > /dev/null; \
+ apt-mark manual $savedAptMark > /dev/null; \
+ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
+ rm -rf /var/lib/apt/lists/*; \
rm redmine.tar.gz files/delete.me log/delete.me; \
mkdir -p log public/plugin_assets sqlite tmp/pdf tmp/pids; \
chown -R redmine:redmine ./; \
@@ -94,7 +102,6 @@ RUN set -eux; \
find log tmp -type d -exec chmod 1777 '{}' +
RUN set -eux; \
- \
savedAptMark="$(apt-mark showmanual)"; \
apt-get update; \
apt-get install -y --no-install-recommends \
diff --git a/redmine_5.0-bookworm/docker-entrypoint.sh b/redmine_5.0-bookworm/docker-entrypoint.sh
index 62c56ea..9a1640a 100755
--- a/redmine_5.0-bookworm/docker-entrypoint.sh
+++ b/redmine_5.0-bookworm/docker-entrypoint.sh
@@ -139,17 +139,24 @@ if [ -n "$isLikelyRedmine" ]; then
# install additional gems for Gemfile.local and plugins
bundle check || bundle install
- if [ ! -s config/secrets.yml ]; then
file_env 'REDMINE_SECRET_KEY_BASE'
- if [ -n "$REDMINE_SECRET_KEY_BASE" ]; then
- cat > 'config/secrets.yml' <<-YML
- $RAILS_ENV:
- secret_key_base: "$REDMINE_SECRET_KEY_BASE"
- YML
- elif [ ! -f config/initializers/secret_token.rb ]; then
- rake generate_secret_token
+ # just use the rails variable rather than trying to put it into a yml file
+ # https://github.com/rails/rails/blob/6-1-stable/railties/lib/rails/application.rb#L438
+ # https://github.com/rails/rails/blob/1aa9987169213ce5ce43c20b2643bc64c235e792/railties/lib/rails/application.rb#L484 (rails 7.1-stable)
+ if [ -n "${SECRET_KEY_BASE}" ] && [ -n "${REDMINE_SECRET_KEY_BASE}" ]; then
+ echo >&2
+ echo >&2 'warning: both SECRET_KEY_BASE and REDMINE_SECRET_KEY_BASE{_FILE} set, only SECRET_KEY_BASE will apply'
+ echo >&2
fi
+ : "${SECRET_KEY_BASE:=$REDMINE_SECRET_KEY_BASE}"
+ export SECRET_KEY_BASE
+ # generate SECRET_KEY_BASE if not set; this is not recommended unless the secret_token.rb is saved when container is recreated
+ if [ -z "$SECRET_KEY_BASE" ] && [ ! -f config/initializers/secret_token.rb ]; then
+ echo >&2 'warning: no *SECRET_KEY_BASE set; running `rake generate_secret_token` to create one in "config/initializers/secret_token.rb"'
+ unset SECRET_KEY_BASE # just in case
+ rake generate_secret_token
fi
+
if [ "$1" != 'rake' -a -z "$REDMINE_NO_DB_MIGRATE" ]; then
rake db:migrate
fi
diff --git a/redmine_alpine/Dockerfile b/redmine_alpine/Dockerfile
index 17c65ec..be3d49c 100644
--- a/redmine_alpine/Dockerfile
+++ b/redmine_alpine/Dockerfile
@@ -14,23 +14,19 @@ RUN addgroup -S -g 1000 redmine && adduser -S -H -G redmine -u 999 redmine
RUN set -eux; \
apk add --no-cache \
bash \
+ breezy \
ca-certificates \
findutils \
- tini \
- tzdata \
- wget \
- \
- breezy \
+ ghostscript \
+ ghostscript-fonts \
git \
+ imagemagick \
mercurial \
openssh-client \
subversion \
- \
-# we need "gsfonts" for generating PNGs of Gantt charts
-# and "ghostscript" for creating PDF thumbnails (in 4.1+)
- ghostscript \
- ghostscript-fonts \
- imagemagick \
+ tini \
+ tzdata \
+ wget \
;
# grab gosu for easy step-down from root
@@ -39,7 +35,6 @@ ENV GOSU_VERSION 1.17
RUN set -eux; \
\
apk add --no-cache --virtual .gosu-deps \
- ca-certificates \
dpkg \
gnupg \
; \
@@ -91,7 +86,6 @@ RUN set -eux; \
# build for musl-libc, not glibc (see https://github.com/sparklemotion/nokogiri/issues/2075, https://github.com/rubygems/rubygems/issues/3174)
ENV BUNDLE_FORCE_RUBY_PLATFORM 1
RUN set -eux; \
- \
apk add --no-cache --virtual .build-deps \
coreutils \
freetds-dev \
@@ -123,7 +117,6 @@ RUN set -eux; \
rm ./config/database.yml; \
# fix permissions for running as an arbitrary user
chmod -R ugo=rwX Gemfile.lock "$GEM_HOME"; \
-# this requires coreutils because "chmod +X" in busybox will remove +x on files (and coreutils leaves files alone with +X)
rm -rf ~redmine/.bundle; \
\
# https://github.com/naitoh/rbpdf/issues/31
diff --git a/redmine_alpine/docker-entrypoint.sh b/redmine_alpine/docker-entrypoint.sh
index 62c56ea..9a1640a 100755
--- a/redmine_alpine/docker-entrypoint.sh
+++ b/redmine_alpine/docker-entrypoint.sh
@@ -139,17 +139,24 @@ if [ -n "$isLikelyRedmine" ]; then
# install additional gems for Gemfile.local and plugins
bundle check || bundle install
- if [ ! -s config/secrets.yml ]; then
file_env 'REDMINE_SECRET_KEY_BASE'
- if [ -n "$REDMINE_SECRET_KEY_BASE" ]; then
- cat > 'config/secrets.yml' <<-YML
- $RAILS_ENV:
- secret_key_base: "$REDMINE_SECRET_KEY_BASE"
- YML
- elif [ ! -f config/initializers/secret_token.rb ]; then
- rake generate_secret_token
+ # just use the rails variable rather than trying to put it into a yml file
+ # https://github.com/rails/rails/blob/6-1-stable/railties/lib/rails/application.rb#L438
+ # https://github.com/rails/rails/blob/1aa9987169213ce5ce43c20b2643bc64c235e792/railties/lib/rails/application.rb#L484 (rails 7.1-stable)
+ if [ -n "${SECRET_KEY_BASE}" ] && [ -n "${REDMINE_SECRET_KEY_BASE}" ]; then
+ echo >&2
+ echo >&2 'warning: both SECRET_KEY_BASE and REDMINE_SECRET_KEY_BASE{_FILE} set, only SECRET_KEY_BASE will apply'
+ echo >&2
fi
+ : "${SECRET_KEY_BASE:=$REDMINE_SECRET_KEY_BASE}"
+ export SECRET_KEY_BASE
+ # generate SECRET_KEY_BASE if not set; this is not recommended unless the secret_token.rb is saved when container is recreated
+ if [ -z "$SECRET_KEY_BASE" ] && [ ! -f config/initializers/secret_token.rb ]; then
+ echo >&2 'warning: no *SECRET_KEY_BASE set; running `rake generate_secret_token` to create one in "config/initializers/secret_token.rb"'
+ unset SECRET_KEY_BASE # just in case
+ rake generate_secret_token
fi
+
if [ "$1" != 'rake' -a -z "$REDMINE_NO_DB_MIGRATE" ]; then
rake db:migrate
fi
diff --git a/redmine_alpine3.20/Dockerfile b/redmine_alpine3.20/Dockerfile
index 06c975a..7e7c501 100644
--- a/redmine_alpine3.20/Dockerfile
+++ b/redmine_alpine3.20/Dockerfile
@@ -14,23 +14,19 @@ RUN addgroup -S -g 1000 redmine && adduser -S -H -G redmine -u 999 redmine
RUN set -eux; \
apk add --no-cache \
bash \
+ breezy \
ca-certificates \
findutils \
- tini \
- tzdata \
- wget \
- \
- breezy \
+ ghostscript \
+ ghostscript-fonts \
git \
+ imagemagick \
mercurial \
openssh-client \
subversion \
- \
-# we need "gsfonts" for generating PNGs of Gantt charts
-# and "ghostscript" for creating PDF thumbnails (in 4.1+)
- ghostscript \
- ghostscript-fonts \
- imagemagick \
+ tini \
+ tzdata \
+ wget \
;
# grab gosu for easy step-down from root
@@ -39,7 +35,6 @@ ENV GOSU_VERSION 1.17
RUN set -eux; \
\
apk add --no-cache --virtual .gosu-deps \
- ca-certificates \
dpkg \
gnupg \
; \
@@ -91,7 +86,6 @@ RUN set -eux; \
# build for musl-libc, not glibc (see https://github.com/sparklemotion/nokogiri/issues/2075, https://github.com/rubygems/rubygems/issues/3174)
ENV BUNDLE_FORCE_RUBY_PLATFORM 1
RUN set -eux; \
- \
apk add --no-cache --virtual .build-deps \
coreutils \
freetds-dev \
@@ -123,7 +117,6 @@ RUN set -eux; \
rm ./config/database.yml; \
# fix permissions for running as an arbitrary user
chmod -R ugo=rwX Gemfile.lock "$GEM_HOME"; \
-# this requires coreutils because "chmod +X" in busybox will remove +x on files (and coreutils leaves files alone with +X)
rm -rf ~redmine/.bundle; \
\
# https://github.com/naitoh/rbpdf/issues/31
diff --git a/redmine_alpine3.20/docker-entrypoint.sh b/redmine_alpine3.20/docker-entrypoint.sh
index 62c56ea..9a1640a 100755
--- a/redmine_alpine3.20/docker-entrypoint.sh
+++ b/redmine_alpine3.20/docker-entrypoint.sh
@@ -139,17 +139,24 @@ if [ -n "$isLikelyRedmine" ]; then
# install additional gems for Gemfile.local and plugins
bundle check || bundle install
- if [ ! -s config/secrets.yml ]; then
file_env 'REDMINE_SECRET_KEY_BASE'
- if [ -n "$REDMINE_SECRET_KEY_BASE" ]; then
- cat > 'config/secrets.yml' <<-YML
- $RAILS_ENV:
- secret_key_base: "$REDMINE_SECRET_KEY_BASE"
- YML
- elif [ ! -f config/initializers/secret_token.rb ]; then
- rake generate_secret_token
+ # just use the rails variable rather than trying to put it into a yml file
+ # https://github.com/rails/rails/blob/6-1-stable/railties/lib/rails/application.rb#L438
+ # https://github.com/rails/rails/blob/1aa9987169213ce5ce43c20b2643bc64c235e792/railties/lib/rails/application.rb#L484 (rails 7.1-stable)
+ if [ -n "${SECRET_KEY_BASE}" ] && [ -n "${REDMINE_SECRET_KEY_BASE}" ]; then
+ echo >&2
+ echo >&2 'warning: both SECRET_KEY_BASE and REDMINE_SECRET_KEY_BASE{_FILE} set, only SECRET_KEY_BASE will apply'
+ echo >&2
fi
+ : "${SECRET_KEY_BASE:=$REDMINE_SECRET_KEY_BASE}"
+ export SECRET_KEY_BASE
+ # generate SECRET_KEY_BASE if not set; this is not recommended unless the secret_token.rb is saved when container is recreated
+ if [ -z "$SECRET_KEY_BASE" ] && [ ! -f config/initializers/secret_token.rb ]; then
+ echo >&2 'warning: no *SECRET_KEY_BASE set; running `rake generate_secret_token` to create one in "config/initializers/secret_token.rb"'
+ unset SECRET_KEY_BASE # just in case
+ rake generate_secret_token
fi
+
if [ "$1" != 'rake' -a -z "$REDMINE_NO_DB_MIGRATE" ]; then
rake db:migrate
fi
diff --git a/redmine_bookworm/Dockerfile b/redmine_bookworm/Dockerfile
index e4cecdb..d96be5d 100644
--- a/redmine_bookworm/Dockerfile
+++ b/redmine_bookworm/Dockerfile
@@ -13,29 +13,24 @@ RUN groupadd -r -g 999 redmine && useradd -r -g redmine -u 999 redmine
RUN set -eux; \
apt-get update; \
apt-get install -y --no-install-recommends \
- ca-certificates \
- curl \
- wget \
- \
bzr \
+ ca-certificates \
+ ghostscript \
git \
+ gsfonts \
+ imagemagick \
mercurial \
openssh-client \
subversion \
- \
-# we need "gsfonts" for generating PNGs of Gantt charts
-# and "ghostscript" for creating PDF thumbnails (in 4.1+)
- ghostscript \
- gsfonts \
- imagemagick \
-# grab tini for signal processing and zombie killing
tini \
+ wget \
; \
# allow imagemagick to use ghostscript for PDF -> PNG thumbnail conversion (4.1+)
sed -ri 's/(rights)="none" (pattern="PDF")/\1="read" \2/' /etc/ImageMagick-6/policy.xml; \
rm -rf /var/lib/apt/lists/*
# grab gosu for easy step-down from root
+# https://github.com/tianon/gosu/releases
ENV GOSU_VERSION 1.17
RUN set -eux; \
\
@@ -82,8 +77,7 @@ ENV REDMINE_DOWNLOAD_SHA256 d06e8b1b0c0c9210d2ed6207d2a3f729c26a996255e47c3b0bd4
ENV RAILS_LOG_TO_STDOUT true
RUN set -eux; \
-# if we use wget here, we get certificate issues (https://github.com/docker-library/redmine/pull/249#issuecomment-984176479)
- curl -fL -o redmine.tar.gz "$REDMINE_DOWNLOAD_URL"; \
+ wget -O redmine.tar.gz "$REDMINE_DOWNLOAD_URL"; \
echo "$REDMINE_DOWNLOAD_SHA256 *redmine.tar.gz" | sha256sum -c -; \
tar -xf redmine.tar.gz --strip-components=1; \
rm redmine.tar.gz files/delete.me log/delete.me; \
@@ -94,7 +88,6 @@ RUN set -eux; \
find log tmp -type d -exec chmod 1777 '{}' +
RUN set -eux; \
- \
savedAptMark="$(apt-mark showmanual)"; \
apt-get update; \
apt-get install -y --no-install-recommends \
diff --git a/redmine_bookworm/docker-entrypoint.sh b/redmine_bookworm/docker-entrypoint.sh
index 62c56ea..9a1640a 100755
--- a/redmine_bookworm/docker-entrypoint.sh
+++ b/redmine_bookworm/docker-entrypoint.sh
@@ -139,17 +139,24 @@ if [ -n "$isLikelyRedmine" ]; then
# install additional gems for Gemfile.local and plugins
bundle check || bundle install
- if [ ! -s config/secrets.yml ]; then
file_env 'REDMINE_SECRET_KEY_BASE'
- if [ -n "$REDMINE_SECRET_KEY_BASE" ]; then
- cat > 'config/secrets.yml' <<-YML
- $RAILS_ENV:
- secret_key_base: "$REDMINE_SECRET_KEY_BASE"
- YML
- elif [ ! -f config/initializers/secret_token.rb ]; then
- rake generate_secret_token
+ # just use the rails variable rather than trying to put it into a yml file
+ # https://github.com/rails/rails/blob/6-1-stable/railties/lib/rails/application.rb#L438
+ # https://github.com/rails/rails/blob/1aa9987169213ce5ce43c20b2643bc64c235e792/railties/lib/rails/application.rb#L484 (rails 7.1-stable)
+ if [ -n "${SECRET_KEY_BASE}" ] && [ -n "${REDMINE_SECRET_KEY_BASE}" ]; then
+ echo >&2
+ echo >&2 'warning: both SECRET_KEY_BASE and REDMINE_SECRET_KEY_BASE{_FILE} set, only SECRET_KEY_BASE will apply'
+ echo >&2
fi
+ : "${SECRET_KEY_BASE:=$REDMINE_SECRET_KEY_BASE}"
+ export SECRET_KEY_BASE
+ # generate SECRET_KEY_BASE if not set; this is not recommended unless the secret_token.rb is saved when container is recreated
+ if [ -z "$SECRET_KEY_BASE" ] && [ ! -f config/initializers/secret_token.rb ]; then
+ echo >&2 'warning: no *SECRET_KEY_BASE set; running `rake generate_secret_token` to create one in "config/initializers/secret_token.rb"'
+ unset SECRET_KEY_BASE # just in case
+ rake generate_secret_token
fi
+
if [ "$1" != 'rake' -a -z "$REDMINE_NO_DB_MIGRATE" ]; then
rake db:migrate
fiRelevant Maintainers: |
yosifkit
approved these changes
Jan 23, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes:
SECRET_KEY_BASEenv redmine#365 from infosiftr/better-keybaseSECRET_KEY_BASE