Add "bash" image #2217
Merged
Add "bash" image #2217
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/bash_3.1/Dockerfile b/bash_3.1/Dockerfile
new file mode 100644
index 0000000..5d2403f
--- /dev/null
+++ b/bash_3.1/Dockerfile
@@ -0,0 +1,117 @@
+FROM alpine:3.4
+
+# gpg: key 64EA74AB: public key "Chet Ramey <[email protected]>" imported
+ENV _BASH_GPG_KEY 7C0135FB088AAF6C66C650B9BB5869F064EA74AB
+
+# https://ftp.gnu.org/gnu/bash/?C=M;O=D
+ENV _BASH_VERSION 3.1
+ENV _BASH_PATCH_LEVEL 0
+# https://ftp.gnu.org/gnu/bash/bash-3.1-patches/?C=M;O=D
+ENV _BASH_LATEST_PATCH 23
+# prefixed with "_" since "$BASH..." have meaning in Bash parlance
+
+RUN set -ex; \
+ \
+ apk add --no-cache --virtual .build-deps \
+ bison \
+ ca-certificates \
+ gcc \
+ gnupg \
+ libc-dev \
+ make \
+ ncurses-dev \
+ openssl \
+ patch \
+ tar \
+ ; \
+ \
+ version="$_BASH_VERSION"; \
+ if [ "$_BASH_PATCH_LEVEL" -gt 0 ]; then \
+ version="$version.$_BASH_PATCH_LEVEL"; \
+ fi; \
+ wget -O bash.tar.gz "https://ftp.gnu.org/gnu/bash/bash-$version.tar.gz"; \
+ wget -O bash.tar.gz.sig "https://ftp.gnu.org/gnu/bash/bash-$version.tar.gz.sig"; \
+ \
+ if [ "$_BASH_LATEST_PATCH" -gt "$_BASH_PATCH_LEVEL" ]; then \
+ mkdir -p bash-patches; \
+ first="$(printf '%03d' "$(( _BASH_PATCH_LEVEL + 1 ))")"; \
+ last="$(printf '%03d' "$_BASH_LATEST_PATCH")"; \
+ for patch in $(seq -w "$first" "$last"); do \
+ url="https://ftp.gnu.org/gnu/bash/bash-$_BASH_VERSION-patches/bash${_BASH_VERSION//./}-$patch"; \
+ wget -O "bash-patches/$patch" "$url"; \
+ wget -O "bash-patches/$patch.sig" "$url.sig"; \
+ done; \
+ fi; \
+ \
+ export GNUPGHOME="$(mktemp -d)"; \
+ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$_BASH_GPG_KEY"; \
+ gpg --batch --verify bash.tar.gz.sig bash.tar.gz; \
+ rm bash.tar.gz.sig; \
+ if [ -d bash-patches ]; then \
+ for sig in bash-patches/*.sig; do \
+ p="${sig%.sig}"; \
+ gpg --batch --verify "$sig" "$p"; \
+ rm "$sig"; \
+ done; \
+ fi; \
+ rm -r "$GNUPGHOME"; \
+ \
+ mkdir -p /usr/src/bash; \
+ tar \
+ --extract \
+ --file=bash.tar.gz \
+ --strip-components=1 \
+ --directory=/usr/src/bash \
+ ; \
+ rm bash.tar.gz; \
+ \
+ if [ -d bash-patches ]; then \
+ for p in bash-patches/*; do \
+ patch \
+ --directory=/usr/src/bash \
+ --input="$(readlink -f "$p")" \
+ --strip=0 \
+ ; \
+ rm "$p"; \
+ done; \
+ rmdir bash-patches; \
+ fi; \
+ \
+ cd /usr/src/bash; \
+ ./configure \
+ --enable-readline \
+ --with-curses \
+# musl does not implement brk/sbrk (they simply return -ENOMEM)
+# bash: xmalloc: locale.c:81: cannot allocate 18 bytes (0 bytes allocated)
+ --without-bash-malloc \
+ || { \
+ cat >&2 config.log; \
+ false; \
+ }; \
+# parallel jobs workaround borrowed from Alpine :)
+ make y.tab.c; make builtins/libbuiltins.a; \
+ make -j "$(getconf _NPROCESSORS_ONLN)"; \
+ make install; \
+ cd /; \
+ rm -r /usr/src/bash; \
+ \
+# delete a few installed bits for smaller image size
+ rm -r \
+ /usr/local/share/locale \
+ ; \
+ \
+ runDeps="$( \
+ scanelf --needed --nobanner --recursive /usr/local \
+ | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \
+ | sort -u \
+ | xargs -r apk info --installed \
+ | sort -u \
+ )"; \
+ apk add --no-cache --virtual .bash-rundeps $runDeps; \
+ apk del .build-deps; \
+ \
+ [ "$(which bash)" = '/usr/local/bin/bash' ]; \
+ bash --version; \
+ [ "$(bash -c 'echo "${BASH_VERSION%%[^0-9.]*}"')" = "$_BASH_VERSION.$_BASH_LATEST_PATCH" ];
+
+CMD ["bash"]
diff --git a/bash_3/Dockerfile b/bash_3/Dockerfile
new file mode 100644
index 0000000..c0340c4
--- /dev/null
+++ b/bash_3/Dockerfile
@@ -0,0 +1,117 @@
+FROM alpine:3.4
+
+# gpg: key 64EA74AB: public key "Chet Ramey <[email protected]>" imported
+ENV _BASH_GPG_KEY 7C0135FB088AAF6C66C650B9BB5869F064EA74AB
+
+# https://ftp.gnu.org/gnu/bash/?C=M;O=D
+ENV _BASH_VERSION 3.2
+ENV _BASH_PATCH_LEVEL 57
+# https://ftp.gnu.org/gnu/bash/bash-3.2-patches/?C=M;O=D
+ENV _BASH_LATEST_PATCH 57
+# prefixed with "_" since "$BASH..." have meaning in Bash parlance
+
+RUN set -ex; \
+ \
+ apk add --no-cache --virtual .build-deps \
+ bison \
+ ca-certificates \
+ gcc \
+ gnupg \
+ libc-dev \
+ make \
+ ncurses-dev \
+ openssl \
+ patch \
+ tar \
+ ; \
+ \
+ version="$_BASH_VERSION"; \
+ if [ "$_BASH_PATCH_LEVEL" -gt 0 ]; then \
+ version="$version.$_BASH_PATCH_LEVEL"; \
+ fi; \
+ wget -O bash.tar.gz "https://ftp.gnu.org/gnu/bash/bash-$version.tar.gz"; \
+ wget -O bash.tar.gz.sig "https://ftp.gnu.org/gnu/bash/bash-$version.tar.gz.sig"; \
+ \
+ if [ "$_BASH_LATEST_PATCH" -gt "$_BASH_PATCH_LEVEL" ]; then \
+ mkdir -p bash-patches; \
+ first="$(printf '%03d' "$(( _BASH_PATCH_LEVEL + 1 ))")"; \
+ last="$(printf '%03d' "$_BASH_LATEST_PATCH")"; \
+ for patch in $(seq -w "$first" "$last"); do \
+ url="https://ftp.gnu.org/gnu/bash/bash-$_BASH_VERSION-patches/bash${_BASH_VERSION//./}-$patch"; \
+ wget -O "bash-patches/$patch" "$url"; \
+ wget -O "bash-patches/$patch.sig" "$url.sig"; \
+ done; \
+ fi; \
+ \
+ export GNUPGHOME="$(mktemp -d)"; \
+ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$_BASH_GPG_KEY"; \
+ gpg --batch --verify bash.tar.gz.sig bash.tar.gz; \
+ rm bash.tar.gz.sig; \
+ if [ -d bash-patches ]; then \
+ for sig in bash-patches/*.sig; do \
+ p="${sig%.sig}"; \
+ gpg --batch --verify "$sig" "$p"; \
+ rm "$sig"; \
+ done; \
+ fi; \
+ rm -r "$GNUPGHOME"; \
+ \
+ mkdir -p /usr/src/bash; \
+ tar \
+ --extract \
+ --file=bash.tar.gz \
+ --strip-components=1 \
+ --directory=/usr/src/bash \
+ ; \
+ rm bash.tar.gz; \
+ \
+ if [ -d bash-patches ]; then \
+ for p in bash-patches/*; do \
+ patch \
+ --directory=/usr/src/bash \
+ --input="$(readlink -f "$p")" \
+ --strip=0 \
+ ; \
+ rm "$p"; \
+ done; \
+ rmdir bash-patches; \
+ fi; \
+ \
+ cd /usr/src/bash; \
+ ./configure \
+ --enable-readline \
+ --with-curses \
+# musl does not implement brk/sbrk (they simply return -ENOMEM)
+# bash: xmalloc: locale.c:81: cannot allocate 18 bytes (0 bytes allocated)
+ --without-bash-malloc \
+ || { \
+ cat >&2 config.log; \
+ false; \
+ }; \
+# parallel jobs workaround borrowed from Alpine :)
+ make y.tab.c; make builtins/libbuiltins.a; \
+ make -j "$(getconf _NPROCESSORS_ONLN)"; \
+ make install; \
+ cd /; \
+ rm -r /usr/src/bash; \
+ \
+# delete a few installed bits for smaller image size
+ rm -r \
+ /usr/local/share/locale \
+ ; \
+ \
+ runDeps="$( \
+ scanelf --needed --nobanner --recursive /usr/local \
+ | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \
+ | sort -u \
+ | xargs -r apk info --installed \
+ | sort -u \
+ )"; \
+ apk add --no-cache --virtual .bash-rundeps $runDeps; \
+ apk del .build-deps; \
+ \
+ [ "$(which bash)" = '/usr/local/bin/bash' ]; \
+ bash --version; \
+ [ "$(bash -c 'echo "${BASH_VERSION%%[^0-9.]*}"')" = "$_BASH_VERSION.$_BASH_LATEST_PATCH" ];
+
+CMD ["bash"]
diff --git a/bash_4.0/Dockerfile b/bash_4.0/Dockerfile
new file mode 100644
index 0000000..aacc76f
--- /dev/null
+++ b/bash_4.0/Dockerfile
@@ -0,0 +1,120 @@
+FROM alpine:3.4
+
+# gpg: key 64EA74AB: public key "Chet Ramey <[email protected]>" imported
+ENV _BASH_GPG_KEY 7C0135FB088AAF6C66C650B9BB5869F064EA74AB
+
+# https://ftp.gnu.org/gnu/bash/?C=M;O=D
+ENV _BASH_VERSION 4.0
+ENV _BASH_PATCH_LEVEL 0
+# https://ftp.gnu.org/gnu/bash/bash-4.0-patches/?C=M;O=D
+ENV _BASH_LATEST_PATCH 44
+# prefixed with "_" since "$BASH..." have meaning in Bash parlance
+
+RUN set -ex; \
+ \
+ apk add --no-cache --virtual .build-deps \
+ autoconf \
+ bison \
+ ca-certificates \
+ gcc \
+ gnupg \
+ libc-dev \
+ make \
+ ncurses-dev \
+ openssl \
+ patch \
+ tar \
+ ; \
+ \
+ version="$_BASH_VERSION"; \
+ if [ "$_BASH_PATCH_LEVEL" -gt 0 ]; then \
+ version="$version.$_BASH_PATCH_LEVEL"; \
+ fi; \
+ wget -O bash.tar.gz "https://ftp.gnu.org/gnu/bash/bash-$version.tar.gz"; \
+ wget -O bash.tar.gz.sig "https://ftp.gnu.org/gnu/bash/bash-$version.tar.gz.sig"; \
+ \
+ if [ "$_BASH_LATEST_PATCH" -gt "$_BASH_PATCH_LEVEL" ]; then \
+ mkdir -p bash-patches; \
+ first="$(printf '%03d' "$(( _BASH_PATCH_LEVEL + 1 ))")"; \
+ last="$(printf '%03d' "$_BASH_LATEST_PATCH")"; \
+ for patch in $(seq -w "$first" "$last"); do \
+ url="https://ftp.gnu.org/gnu/bash/bash-$_BASH_VERSION-patches/bash${_BASH_VERSION//./}-$patch"; \
+ wget -O "bash-patches/$patch" "$url"; \
+ wget -O "bash-patches/$patch.sig" "$url.sig"; \
+ done; \
+ fi; \
+ \
+ export GNUPGHOME="$(mktemp -d)"; \
+ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$_BASH_GPG_KEY"; \
+ gpg --batch --verify bash.tar.gz.sig bash.tar.gz; \
+ rm bash.tar.gz.sig; \
+ if [ -d bash-patches ]; then \
+ for sig in bash-patches/*.sig; do \
+ p="${sig%.sig}"; \
+ gpg --batch --verify "$sig" "$p"; \
+ rm "$sig"; \
+ done; \
+ fi; \
+ rm -r "$GNUPGHOME"; \
+ \
+ mkdir -p /usr/src/bash; \
+ tar \
+ --extract \
+ --file=bash.tar.gz \
+ --strip-components=1 \
+ --directory=/usr/src/bash \
+ ; \
+ rm bash.tar.gz; \
+ \
+ if [ -d bash-patches ]; then \
+ for p in bash-patches/*; do \
+ patch \
+ --directory=/usr/src/bash \
+ --input="$(readlink -f "$p")" \
+ --strip=0 \
+ ; \
+ rm "$p"; \
+ done; \
+ rmdir bash-patches; \
+ fi; \
+ \
+ cd /usr/src/bash; \
+ ./configure \
+ --enable-readline \
+ --with-curses \
+# musl does not implement brk/sbrk (they simply return -ENOMEM)
+# bash: xmalloc: locale.c:81: cannot allocate 18 bytes (0 bytes allocated)
+ --without-bash-malloc \
+ || { \
+ cat >&2 config.log; \
+ false; \
+ }; \
+# parallel jobs workaround borrowed from Alpine :)
+ make y.tab.c; make builtins/libbuiltins.a; \
+ make -j "$(getconf _NPROCESSORS_ONLN)"; \
+ make install; \
+ cd /; \
+ rm -r /usr/src/bash; \
+ \
+# delete a few installed bits for smaller image size
+ rm -r \
+ /usr/local/share/info \
+ /usr/local/share/locale \
+ /usr/local/share/man \
+ ; \
+ \
+ runDeps="$( \
+ scanelf --needed --nobanner --recursive /usr/local \
+ | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \
+ | sort -u \
+ | xargs -r apk info --installed \
+ | sort -u \
+ )"; \
+ apk add --no-cache --virtual .bash-rundeps $runDeps; \
+ apk del .build-deps; \
+ \
+ [ "$(which bash)" = '/usr/local/bin/bash' ]; \
+ bash --version; \
+ [ "$(bash -c 'echo "${BASH_VERSION%%[^0-9.]*}"')" = "$_BASH_VERSION.$_BASH_LATEST_PATCH" ];
+
+CMD ["bash"]
diff --git a/bash_4.1/Dockerfile b/bash_4.1/Dockerfile
new file mode 100644
index 0000000..47a1a0b
--- /dev/null
+++ b/bash_4.1/Dockerfile
@@ -0,0 +1,117 @@
+FROM alpine:3.4
+
+# gpg: key 64EA74AB: public key "Chet Ramey <[email protected]>" imported
+ENV _BASH_GPG_KEY 7C0135FB088AAF6C66C650B9BB5869F064EA74AB
+
+# https://ftp.gnu.org/gnu/bash/?C=M;O=D
+ENV _BASH_VERSION 4.1
+ENV _BASH_PATCH_LEVEL 0
+# https://ftp.gnu.org/gnu/bash/bash-4.1-patches/?C=M;O=D
+ENV _BASH_LATEST_PATCH 17
+# prefixed with "_" since "$BASH..." have meaning in Bash parlance
+
+RUN set -ex; \
+ \
+ apk add --no-cache --virtual .build-deps \
+ bison \
+ ca-certificates \
+ gcc \
+ gnupg \
+ libc-dev \
+ make \
+ ncurses-dev \
+ openssl \
+ patch \
+ tar \
+ ; \
+ \
+ version="$_BASH_VERSION"; \
+ if [ "$_BASH_PATCH_LEVEL" -gt 0 ]; then \
+ version="$version.$_BASH_PATCH_LEVEL"; \
+ fi; \
+ wget -O bash.tar.gz "https://ftp.gnu.org/gnu/bash/bash-$version.tar.gz"; \
+ wget -O bash.tar.gz.sig "https://ftp.gnu.org/gnu/bash/bash-$version.tar.gz.sig"; \
+ \
+ if [ "$_BASH_LATEST_PATCH" -gt "$_BASH_PATCH_LEVEL" ]; then \
+ mkdir -p bash-patches; \
+ first="$(printf '%03d' "$(( _BASH_PATCH_LEVEL + 1 ))")"; \
+ last="$(printf '%03d' "$_BASH_LATEST_PATCH")"; \
+ for patch in $(seq -w "$first" "$last"); do \
+ url="https://ftp.gnu.org/gnu/bash/bash-$_BASH_VERSION-patches/bash${_BASH_VERSION//./}-$patch"; \
+ wget -O "bash-patches/$patch" "$url"; \
+ wget -O "bash-patches/$patch.sig" "$url.sig"; \
+ done; \
+ fi; \
+ \
+ export GNUPGHOME="$(mktemp -d)"; \
+ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$_BASH_GPG_KEY"; \
+ gpg --batch --verify bash.tar.gz.sig bash.tar.gz; \
+ rm bash.tar.gz.sig; \
+ if [ -d bash-patches ]; then \
+ for sig in bash-patches/*.sig; do \
+ p="${sig%.sig}"; \
+ gpg --batch --verify "$sig" "$p"; \
+ rm "$sig"; \
+ done; \
+ fi; \
+ rm -r "$GNUPGHOME"; \
+ \
+ mkdir -p /usr/src/bash; \
+ tar \
+ --extract \
+ --file=bash.tar.gz \
+ --strip-components=1 \
+ --directory=/usr/src/bash \
+ ; \
+ rm bash.tar.gz; \
+ \
+ if [ -d bash-patches ]; then \
+ for p in bash-patches/*; do \
+ patch \
+ --directory=/usr/src/bash \
+ --input="$(readlink -f "$p")" \
+ --strip=0 \
+ ; \
+ rm "$p"; \
+ done; \
+ rmdir bash-patches; \
+ fi; \
+ \
+ cd /usr/src/bash; \
+ ./configure \
+ --enable-readline \
+ --with-curses \
+# musl does not implement brk/sbrk (they simply return -ENOMEM)
+# bash: xmalloc: locale.c:81: cannot allocate 18 bytes (0 bytes allocated)
+ --without-bash-malloc \
+ || { \
+ cat >&2 config.log; \
+ false; \
+ }; \
+ make -j "$(getconf _NPROCESSORS_ONLN)"; \
+ make install; \
+ cd /; \
+ rm -r /usr/src/bash; \
+ \
+# delete a few installed bits for smaller image size
+ rm -r \
+ /usr/local/share/info \
+ /usr/local/share/locale \
+ /usr/local/share/man \
+ ; \
+ \
+ runDeps="$( \
+ scanelf --needed --nobanner --recursive /usr/local \
+ | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \
+ | sort -u \
+ | xargs -r apk info --installed \
+ | sort -u \
+ )"; \
+ apk add --no-cache --virtual .bash-rundeps $runDeps; \
+ apk del .build-deps; \
+ \
+ [ "$(which bash)" = '/usr/local/bin/bash' ]; \
+ bash --version; \
+ [ "$(bash -c 'echo "${BASH_VERSION%%[^0-9.]*}"')" = "$_BASH_VERSION.$_BASH_LATEST_PATCH" ];
+
+CMD ["bash"]
diff --git a/bash_4.2/Dockerfile b/bash_4.2/Dockerfile
new file mode 100644
index 0000000..b79bb7f
--- /dev/null
+++ b/bash_4.2/Dockerfile
@@ -0,0 +1,117 @@
+FROM alpine:3.4
+
+# gpg: key 64EA74AB: public key "Chet Ramey <[email protected]>" imported
+ENV _BASH_GPG_KEY 7C0135FB088AAF6C66C650B9BB5869F064EA74AB
+
+# https://ftp.gnu.org/gnu/bash/?C=M;O=D
+ENV _BASH_VERSION 4.2
+ENV _BASH_PATCH_LEVEL 53
+# https://ftp.gnu.org/gnu/bash/bash-4.2-patches/?C=M;O=D
+ENV _BASH_LATEST_PATCH 53
+# prefixed with "_" since "$BASH..." have meaning in Bash parlance
+
+RUN set -ex; \
+ \
+ apk add --no-cache --virtual .build-deps \
+ bison \
+ ca-certificates \
+ gcc \
+ gnupg \
+ libc-dev \
+ make \
+ ncurses-dev \
+ openssl \
+ patch \
+ tar \
+ ; \
+ \
+ version="$_BASH_VERSION"; \
+ if [ "$_BASH_PATCH_LEVEL" -gt 0 ]; then \
+ version="$version.$_BASH_PATCH_LEVEL"; \
+ fi; \
+ wget -O bash.tar.gz "https://ftp.gnu.org/gnu/bash/bash-$version.tar.gz"; \
+ wget -O bash.tar.gz.sig "https://ftp.gnu.org/gnu/bash/bash-$version.tar.gz.sig"; \
+ \
+ if [ "$_BASH_LATEST_PATCH" -gt "$_BASH_PATCH_LEVEL" ]; then \
+ mkdir -p bash-patches; \
+ first="$(printf '%03d' "$(( _BASH_PATCH_LEVEL + 1 ))")"; \
+ last="$(printf '%03d' "$_BASH_LATEST_PATCH")"; \
+ for patch in $(seq -w "$first" "$last"); do \
+ url="https://ftp.gnu.org/gnu/bash/bash-$_BASH_VERSION-patches/bash${_BASH_VERSION//./}-$patch"; \
+ wget -O "bash-patches/$patch" "$url"; \
+ wget -O "bash-patches/$patch.sig" "$url.sig"; \
+ done; \
+ fi; \
+ \
+ export GNUPGHOME="$(mktemp -d)"; \
+ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$_BASH_GPG_KEY"; \
+ gpg --batch --verify bash.tar.gz.sig bash.tar.gz; \
+ rm bash.tar.gz.sig; \
+ if [ -d bash-patches ]; then \
+ for sig in bash-patches/*.sig; do \
+ p="${sig%.sig}"; \
+ gpg --batch --verify "$sig" "$p"; \
+ rm "$sig"; \
+ done; \
+ fi; \
+ rm -r "$GNUPGHOME"; \
+ \
+ mkdir -p /usr/src/bash; \
+ tar \
+ --extract \
+ --file=bash.tar.gz \
+ --strip-components=1 \
+ --directory=/usr/src/bash \
+ ; \
+ rm bash.tar.gz; \
+ \
+ if [ -d bash-patches ]; then \
+ for p in bash-patches/*; do \
+ patch \
+ --directory=/usr/src/bash \
+ --input="$(readlink -f "$p")" \
+ --strip=0 \
+ ; \
+ rm "$p"; \
+ done; \
+ rmdir bash-patches; \
+ fi; \
+ \
+ cd /usr/src/bash; \
+ ./configure \
+ --enable-readline \
+ --with-curses \
+# musl does not implement brk/sbrk (they simply return -ENOMEM)
+# bash: xmalloc: locale.c:81: cannot allocate 18 bytes (0 bytes allocated)
+ --without-bash-malloc \
+ || { \
+ cat >&2 config.log; \
+ false; \
+ }; \
+ make -j "$(getconf _NPROCESSORS_ONLN)"; \
+ make install; \
+ cd /; \
+ rm -r /usr/src/bash; \
+ \
+# delete a few installed bits for smaller image size
+ rm -r \
+ /usr/local/share/info \
+ /usr/local/share/locale \
+ /usr/local/share/man \
+ ; \
+ \
+ runDeps="$( \
+ scanelf --needed --nobanner --recursive /usr/local \
+ | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \
+ | sort -u \
+ | xargs -r apk info --installed \
+ | sort -u \
+ )"; \
+ apk add --no-cache --virtual .bash-rundeps $runDeps; \
+ apk del .build-deps; \
+ \
+ [ "$(which bash)" = '/usr/local/bin/bash' ]; \
+ bash --version; \
+ [ "$(bash -c 'echo "${BASH_VERSION%%[^0-9.]*}"')" = "$_BASH_VERSION.$_BASH_LATEST_PATCH" ];
+
+CMD ["bash"]
diff --git a/bash_4.3/Dockerfile b/bash_4.3/Dockerfile
new file mode 100644
index 0000000..5a7a3fe
--- /dev/null
+++ b/bash_4.3/Dockerfile
@@ -0,0 +1,118 @@
+FROM alpine:3.4
+
+# gpg: key 64EA74AB: public key "Chet Ramey <[email protected]>" imported
+ENV _BASH_GPG_KEY 7C0135FB088AAF6C66C650B9BB5869F064EA74AB
+
+# https://ftp.gnu.org/gnu/bash/?C=M;O=D
+ENV _BASH_VERSION 4.3
+ENV _BASH_PATCH_LEVEL 30
+# https://ftp.gnu.org/gnu/bash/bash-4.3-patches/?C=M;O=D
+ENV _BASH_LATEST_PATCH 48
+# prefixed with "_" since "$BASH..." have meaning in Bash parlance
+
+RUN set -ex; \
+ \
+ apk add --no-cache --virtual .build-deps \
+ bison \
+ ca-certificates \
+ gcc \
+ gnupg \
+ libc-dev \
+ make \
+ ncurses-dev \
+ openssl \
+ patch \
+ tar \
+ ; \
+ \
+ version="$_BASH_VERSION"; \
+ if [ "$_BASH_PATCH_LEVEL" -gt 0 ]; then \
+ version="$version.$_BASH_PATCH_LEVEL"; \
+ fi; \
+ wget -O bash.tar.gz "https://ftp.gnu.org/gnu/bash/bash-$version.tar.gz"; \
+ wget -O bash.tar.gz.sig "https://ftp.gnu.org/gnu/bash/bash-$version.tar.gz.sig"; \
+ \
+ if [ "$_BASH_LATEST_PATCH" -gt "$_BASH_PATCH_LEVEL" ]; then \
+ mkdir -p bash-patches; \
+ first="$(printf '%03d' "$(( _BASH_PATCH_LEVEL + 1 ))")"; \
+ last="$(printf '%03d' "$_BASH_LATEST_PATCH")"; \
+ for patch in $(seq -w "$first" "$last"); do \
+ url="https://ftp.gnu.org/gnu/bash/bash-$_BASH_VERSION-patches/bash${_BASH_VERSION//./}-$patch"; \
+ wget -O "bash-patches/$patch" "$url"; \
+ wget -O "bash-patches/$patch.sig" "$url.sig"; \
+ done; \
+ fi; \
+ \
+ export GNUPGHOME="$(mktemp -d)"; \
+ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$_BASH_GPG_KEY"; \
+ gpg --batch --verify bash.tar.gz.sig bash.tar.gz; \
+ rm bash.tar.gz.sig; \
+ if [ -d bash-patches ]; then \
+ for sig in bash-patches/*.sig; do \
+ p="${sig%.sig}"; \
+ gpg --batch --verify "$sig" "$p"; \
+ rm "$sig"; \
+ done; \
+ fi; \
+ rm -r "$GNUPGHOME"; \
+ \
+ mkdir -p /usr/src/bash; \
+ tar \
+ --extract \
+ --file=bash.tar.gz \
+ --strip-components=1 \
+ --directory=/usr/src/bash \
+ ; \
+ rm bash.tar.gz; \
+ \
+ if [ -d bash-patches ]; then \
+ for p in bash-patches/*; do \
+ patch \
+ --directory=/usr/src/bash \
+ --input="$(readlink -f "$p")" \
+ --strip=0 \
+ ; \
+ rm "$p"; \
+ done; \
+ rmdir bash-patches; \
+ fi; \
+ \
+ cd /usr/src/bash; \
+ ./configure \
+ --enable-readline \
+ --with-curses \
+# musl does not implement brk/sbrk (they simply return -ENOMEM)
+# bash: xmalloc: locale.c:81: cannot allocate 18 bytes (0 bytes allocated)
+ --without-bash-malloc \
+ || { \
+ cat >&2 config.log; \
+ false; \
+ }; \
+ make -j "$(getconf _NPROCESSORS_ONLN)"; \
+ make install; \
+ cd /; \
+ rm -r /usr/src/bash; \
+ \
+# delete a few installed bits for smaller image size
+ rm -r \
+ /usr/local/share/doc/bash/*.html \
+ /usr/local/share/info \
+ /usr/local/share/locale \
+ /usr/local/share/man \
+ ; \
+ \
+ runDeps="$( \
+ scanelf --needed --nobanner --recursive /usr/local \
+ | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \
+ | sort -u \
+ | xargs -r apk info --installed \
+ | sort -u \
+ )"; \
+ apk add --no-cache --virtual .bash-rundeps $runDeps; \
+ apk del .build-deps; \
+ \
+ [ "$(which bash)" = '/usr/local/bin/bash' ]; \
+ bash --version; \
+ [ "$(bash -c 'echo "${BASH_VERSION%%[^0-9.]*}"')" = "$_BASH_VERSION.$_BASH_LATEST_PATCH" ];
+
+CMD ["bash"]
diff --git a/bash_latest/Dockerfile b/bash_latest/Dockerfile
new file mode 100644
index 0000000..b99a79e
--- /dev/null
+++ b/bash_latest/Dockerfile
@@ -0,0 +1,118 @@
+FROM alpine:3.4
+
+# gpg: key 64EA74AB: public key "Chet Ramey <[email protected]>" imported
+ENV _BASH_GPG_KEY 7C0135FB088AAF6C66C650B9BB5869F064EA74AB
+
+# https://ftp.gnu.org/gnu/bash/?C=M;O=D
+ENV _BASH_VERSION 4.4
+ENV _BASH_PATCH_LEVEL 0
+# https://ftp.gnu.org/gnu/bash/bash-4.4-patches/?C=M;O=D
+ENV _BASH_LATEST_PATCH 0
+# prefixed with "_" since "$BASH..." have meaning in Bash parlance
+
+RUN set -ex; \
+ \
+ apk add --no-cache --virtual .build-deps \
+ bison \
+ ca-certificates \
+ gcc \
+ gnupg \
+ libc-dev \
+ make \
+ ncurses-dev \
+ openssl \
+ patch \
+ tar \
+ ; \
+ \
+ version="$_BASH_VERSION"; \
+ if [ "$_BASH_PATCH_LEVEL" -gt 0 ]; then \
+ version="$version.$_BASH_PATCH_LEVEL"; \
+ fi; \
+ wget -O bash.tar.gz "https://ftp.gnu.org/gnu/bash/bash-$version.tar.gz"; \
+ wget -O bash.tar.gz.sig "https://ftp.gnu.org/gnu/bash/bash-$version.tar.gz.sig"; \
+ \
+ if [ "$_BASH_LATEST_PATCH" -gt "$_BASH_PATCH_LEVEL" ]; then \
+ mkdir -p bash-patches; \
+ first="$(printf '%03d' "$(( _BASH_PATCH_LEVEL + 1 ))")"; \
+ last="$(printf '%03d' "$_BASH_LATEST_PATCH")"; \
+ for patch in $(seq -w "$first" "$last"); do \
+ url="https://ftp.gnu.org/gnu/bash/bash-$_BASH_VERSION-patches/bash${_BASH_VERSION//./}-$patch"; \
+ wget -O "bash-patches/$patch" "$url"; \
+ wget -O "bash-patches/$patch.sig" "$url.sig"; \
+ done; \
+ fi; \
+ \
+ export GNUPGHOME="$(mktemp -d)"; \
+ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$_BASH_GPG_KEY"; \
+ gpg --batch --verify bash.tar.gz.sig bash.tar.gz; \
+ rm bash.tar.gz.sig; \
+ if [ -d bash-patches ]; then \
+ for sig in bash-patches/*.sig; do \
+ p="${sig%.sig}"; \
+ gpg --batch --verify "$sig" "$p"; \
+ rm "$sig"; \
+ done; \
+ fi; \
+ rm -r "$GNUPGHOME"; \
+ \
+ mkdir -p /usr/src/bash; \
+ tar \
+ --extract \
+ --file=bash.tar.gz \
+ --strip-components=1 \
+ --directory=/usr/src/bash \
+ ; \
+ rm bash.tar.gz; \
+ \
+ if [ -d bash-patches ]; then \
+ for p in bash-patches/*; do \
+ patch \
+ --directory=/usr/src/bash \
+ --input="$(readlink -f "$p")" \
+ --strip=0 \
+ ; \
+ rm "$p"; \
+ done; \
+ rmdir bash-patches; \
+ fi; \
+ \
+ cd /usr/src/bash; \
+ ./configure \
+ --enable-readline \
+ --with-curses \
+# musl does not implement brk/sbrk (they simply return -ENOMEM)
+# bash: xmalloc: locale.c:81: cannot allocate 18 bytes (0 bytes allocated)
+ --without-bash-malloc \
+ || { \
+ cat >&2 config.log; \
+ false; \
+ }; \
+ make -j "$(getconf _NPROCESSORS_ONLN)"; \
+ make install; \
+ cd /; \
+ rm -r /usr/src/bash; \
+ \
+# delete a few installed bits for smaller image size
+ rm -r \
+ /usr/local/share/doc/bash/*.html \
+ /usr/local/share/info \
+ /usr/local/share/locale \
+ /usr/local/share/man \
+ ; \
+ \
+ runDeps="$( \
+ scanelf --needed --nobanner --recursive /usr/local \
+ | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \
+ | sort -u \
+ | xargs -r apk info --installed \
+ | sort -u \
+ )"; \
+ apk add --no-cache --virtual .bash-rundeps $runDeps; \
+ apk del .build-deps; \
+ \
+ [ "$(which bash)" = '/usr/local/bin/bash' ]; \
+ bash --version; \
+ [ "$(bash -c 'echo "${BASH_VERSION%%[^0-9.]*}"')" = "$_BASH_VERSION.$_BASH_LATEST_PATCH" ];
+
+CMD ["bash"] |
|
Build test of #2217; 5284d04 ( $ bashbrew build bash:4.4.0
Using bashbrew/cache:c3b3f6f6016965ff343249fcc7c884e6abefe6c38fbdb374d2a3e34a5488986a (bash:4.4.0)
Tagging bash:4.4.0
Tagging bash:4.4
Tagging bash:4
Tagging bash:latest
$ test/run.sh bash:4.4.0
testing bash:4.4.0
'utc' [1/4]...passed
'cve-2014--shellshock' [2/4]...passed
'no-hard-coded-passwords' [3/4]...passed
'override-cmd' [4/4]...passed
$ bashbrew build bash:4.3.48
Using bashbrew/cache:9b1d1bffa19a5067c4be2f9a3fe25dfb9babb1297f394512152caf0268bb3a9f (bash:4.3.48)
Tagging bash:4.3.48
Tagging bash:4.3
$ test/run.sh bash:4.3.48
testing bash:4.3.48
'utc' [1/4]...passed
'cve-2014--shellshock' [2/4]...passed
'no-hard-coded-passwords' [3/4]...passed
'override-cmd' [4/4]...passed
$ bashbrew build bash:4.2.53
Using bashbrew/cache:03bd173b25a74aa49566be461eabfbb4b376ba1feb3bb86e46c07e90f6011206 (bash:4.2.53)
Tagging bash:4.2.53
Tagging bash:4.2
$ test/run.sh bash:4.2.53
testing bash:4.2.53
'utc' [1/4]...passed
'cve-2014--shellshock' [2/4]...passed
'no-hard-coded-passwords' [3/4]...passed
'override-cmd' [4/4]...passed
$ bashbrew build bash:4.1.17
Using bashbrew/cache:e9473b1af3979866de3ed37c6925f5266c922fec5f565d280e9c868d8413a215 (bash:4.1.17)
Tagging bash:4.1.17
Tagging bash:4.1
$ test/run.sh bash:4.1.17
testing bash:4.1.17
'utc' [1/4]...passed
'cve-2014--shellshock' [2/4]...passed
'no-hard-coded-passwords' [3/4]...passed
'override-cmd' [4/4]...passed
$ bashbrew build bash:4.0.44
Using bashbrew/cache:ae85c7082ed0e6c41c4d0750faa62b695d18330e1394a6a3ca006018e35db6aa (bash:4.0.44)
Tagging bash:4.0.44
Tagging bash:4.0
$ test/run.sh bash:4.0.44
testing bash:4.0.44
'utc' [1/4]...passed
'cve-2014--shellshock' [2/4]...passed
'no-hard-coded-passwords' [3/4]...passed
'override-cmd' [4/4]...passed
$ bashbrew build bash:3.2.57
Using bashbrew/cache:809db5ee9b4f69ae7816e9854d9497089ada04b9a3500e7b0e7b85c3a2efacf2 (bash:3.2.57)
Tagging bash:3.2.57
Tagging bash:3.2
Tagging bash:3
$ test/run.sh bash:3.2.57
testing bash:3.2.57
'utc' [1/4]...passed
'cve-2014--shellshock' [2/4]...passed
'no-hard-coded-passwords' [3/4]...passed
'override-cmd' [4/4]...passed
$ bashbrew build bash:3.1.23
Using bashbrew/cache:d4215e442d685a47faf4396e8f47c0dcbcfcccfa78ae59fc2f951b342a9e43f1 (bash:3.1.23)
Tagging bash:3.1.23
Tagging bash:3.1
$ test/run.sh bash:3.1.23
testing bash:3.1.23
'utc' [1/4]...passed
'cve-2014--shellshock' [2/4]...passed
'no-hard-coded-passwords' [3/4]...passed
'override-cmd' [4/4]...passed
|
yosifkit
approved these changes
Oct 18, 2016
|
The following shows the level of support upstream provides in the face of high-severity issues (and the reason I plan to keep so many versions, and possibly even add 3.0 and 2.05b later): |
|
Ah right, Chet didn't start adding signature files until 2004, so only half of 2.05b's patches are signed (and the base tarball isn't), so only 3.0 will be coming soon. 😄 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Checklist for Review
NOTE: This checklist is intended for the use of the Official Images maintainers both to track the status of your PR and to help inform you and others of where we're at. As such, please leave the "checking" of items to the repository maintainers. If there is a point below for which you would like to provide additional information or note completion, please do so by commenting on the PR. Thanks! (and thanks for staying patient with us ❤️)
foobarneeds Node.js, hasFROM node:...instead of grabbingnodevia other means been considered?)ifFROM scratch, tarballs only exist in a single commit within the associated history?