From cfb6f358e264a7a8785c69cc076d326b75cdf776 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Thu, 26 Dec 2024 02:08:30 +0900 Subject: [PATCH] Merge changes with 7.2 --- .github/workflows/scorecard.yml | 78 -------- Dockerfiles/agent/centos/Dockerfile | 2 +- Dockerfiles/agent/ol/Dockerfile | 4 +- Dockerfiles/agent/rhel/Dockerfile | 2 +- Dockerfiles/build-mysql/alpine/Dockerfile | 6 + Dockerfiles/build-mysql/centos/Dockerfile | 6 + Dockerfiles/build-mysql/ol/Dockerfile | 6 + Dockerfiles/build-mysql/rhel/Dockerfile | 6 + Dockerfiles/build-mysql/ubuntu/Dockerfile | 6 + Dockerfiles/build-pgsql/alpine/Dockerfile | 6 + Dockerfiles/build-pgsql/centos/Dockerfile | 6 + Dockerfiles/build-pgsql/ol/Dockerfile | 6 + Dockerfiles/build-pgsql/rhel/Dockerfile | 184 ++++++++++++++++++ Dockerfiles/build-pgsql/ubuntu/Dockerfile | 6 + Dockerfiles/build-sqlite3/alpine/Dockerfile | 6 + .../alpine/{src => patches}/.gitkeep | 0 Dockerfiles/build-sqlite3/centos/Dockerfile | 6 + .../centos/{src => patches}/.gitkeep | 0 Dockerfiles/build-sqlite3/ol/Dockerfile | 6 + .../{ubuntu/src => ol/patches}/.gitkeep | 0 Dockerfiles/build-sqlite3/rhel/Dockerfile | 6 + .../build-sqlite3/rhel/patches/.gitkeep | 0 Dockerfiles/build-sqlite3/ubuntu/Dockerfile | 6 + .../build-sqlite3/ubuntu/patches/.gitkeep | 0 Dockerfiles/proxy-mysql/ubuntu/Dockerfile | 2 +- Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile | 2 +- Dockerfiles/server-pgsql/centos/Dockerfile | 2 +- Dockerfiles/server-pgsql/ol/Dockerfile | 2 +- Dockerfiles/server-pgsql/rhel/Dockerfile | 177 +++++++++++++++++ build.sh | 6 +- 30 files changed, 458 insertions(+), 87 deletions(-) delete mode 100644 .github/workflows/scorecard.yml create mode 100644 Dockerfiles/build-pgsql/rhel/Dockerfile rename Dockerfiles/build-sqlite3/alpine/{src => patches}/.gitkeep (100%) rename Dockerfiles/build-sqlite3/centos/{src => patches}/.gitkeep (100%) rename Dockerfiles/build-sqlite3/{ubuntu/src => ol/patches}/.gitkeep (100%) create mode 100644 Dockerfiles/build-sqlite3/rhel/patches/.gitkeep create mode 100644 Dockerfiles/build-sqlite3/ubuntu/patches/.gitkeep create mode 100644 Dockerfiles/server-pgsql/rhel/Dockerfile diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml deleted file mode 100644 index f8a373d3a..000000000 --- a/.github/workflows/scorecard.yml +++ /dev/null @@ -1,78 +0,0 @@ -# This workflow uses actions that are not certified by GitHub. They are provided -# by a third-party and are governed by separate terms of service, privacy -# policy, and support documentation. - -name: Scorecard supply-chain security -on: - # For Branch-Protection check. Only the default branch is supported. See - # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection - branch_protection_rule: - # To guarantee Maintained check is occasionally updated. See - # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained - schedule: - - cron: '39 3 * * 2' - push: - branches: - - '7.0' - -# Declare default permissions as read only. -permissions: read-all - -jobs: - analysis: - name: Scorecard analysis - runs-on: ubuntu-latest - permissions: - # Needed to upload the results to code-scanning dashboard. - security-events: write - # Needed to publish results and get a badge (see publish_results below). - id-token: write - # Uncomment the permissions below if installing in a private repository. - # contents: read - # actions: read - - steps: - - name: Harden Runner - uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 - with: - egress-policy: audit - - - name: "Checkout code" - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - persist-credentials: false - - - name: "Run analysis" - uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 - with: - results_file: results.sarif - results_format: sarif - # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: - # - you want to enable the Branch-Protection check on a *public* repository, or - # - you are installing Scorecard on a *private* repository - # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat. - # repo_token: ${{ secrets.SCORECARD_TOKEN }} - - # Public repositories: - # - Publish results to OpenSSF REST API for easy access by consumers - # - Allows the repository to include the Scorecard badge. - # - See https://github.com/ossf/scorecard-action#publishing-results. - # For private repositories: - # - `publish_results` will always be set to `false`, regardless - # of the value entered here. - publish_results: true - - # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF - # format to the repository Actions tab. - - name: "Upload artifact" - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 - with: - name: SARIF file - path: results.sarif - retention-days: 5 - - # Upload the results to GitHub's code scanning dashboard. - - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@29d86d22a34ea372b1bbf3b2dced2e25ca6b3384 # v3.26.1 - with: - sarif_file: results.sarif diff --git a/Dockerfiles/agent/centos/Dockerfile b/Dockerfiles/agent/centos/Dockerfile index 320ffc71b..dd7bed0cd 100644 --- a/Dockerfiles/agent/centos/Dockerfile +++ b/Dockerfiles/agent/centos/Dockerfile @@ -64,7 +64,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ --shell /sbin/nologin \ --home-dir ${ZABBIX_USER_HOME_DIR} \ zabbix && \ - mkdir -p ZABBIX_CONF_DIR/ && \ + mkdir -p ${ZABBIX_CONF_DIR}/ && \ mkdir -p ${ZABBIX_CONF_DIR}/zabbix_agentd.d && \ mkdir -p ${ZABBIX_USER_HOME_DIR} && \ mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \ diff --git a/Dockerfiles/agent/ol/Dockerfile b/Dockerfiles/agent/ol/Dockerfile index 0bf84e6a4..f8b94b31c 100644 --- a/Dockerfiles/agent/ol/Dockerfile +++ b/Dockerfiles/agent/ol/Dockerfile @@ -30,7 +30,7 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent/sbin/zabbix_agentd", "/usr/sbin/zabbix_agentd"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/general/bin/*", "/usr/bin/"] -COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent/conf/", "/etc/zabbix/"] +COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent/conf/", "${ZABBIX_CONF_DIR}/"] COPY ["conf/etc/yum.repos.d/oracle-epel-ol8.repo", "/etc/yum.repos.d/oracle-epel-ol8.repo"] RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ @@ -66,7 +66,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ --shell /sbin/nologin \ --home-dir ${ZABBIX_USER_HOME_DIR} \ zabbix && \ - mkdir -p ZABBIX_CONF_DIR/ && \ + mkdir -p ${ZABBIX_CONF_DIR}/ && \ mkdir -p ${ZABBIX_CONF_DIR}/zabbix_agentd.d && \ mkdir -p ${ZABBIX_USER_HOME_DIR} && \ mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \ diff --git a/Dockerfiles/agent/rhel/Dockerfile b/Dockerfiles/agent/rhel/Dockerfile index 48df58ba4..0e95b743c 100644 --- a/Dockerfiles/agent/rhel/Dockerfile +++ b/Dockerfiles/agent/rhel/Dockerfile @@ -92,7 +92,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ --shell /sbin/nologin \ --home-dir ${ZABBIX_USER_HOME_DIR} \ zabbix && \ - mkdir -p ZABBIX_CONF_DIR/ && \ + mkdir -p ${ZABBIX_CONF_DIR}/ && \ mkdir -p ${ZABBIX_CONF_DIR}/zabbix_agentd.d && \ mkdir -p ${ZABBIX_USER_HOME_DIR} && \ mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \ diff --git a/Dockerfiles/build-mysql/alpine/Dockerfile b/Dockerfiles/build-mysql/alpine/Dockerfile index 40a41ab1e..15d3673f5 100644 --- a/Dockerfiles/build-mysql/alpine/Dockerfile +++ b/Dockerfiles/build-mysql/alpine/Dockerfile @@ -29,6 +29,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ ARCH_SUFFIX="$(arch)"; \ case "$ARCH_SUFFIX" in \ @@ -70,6 +71,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-mysql/centos/Dockerfile b/Dockerfiles/build-mysql/centos/Dockerfile index ff386e7d4..22981c827 100644 --- a/Dockerfiles/build-mysql/centos/Dockerfile +++ b/Dockerfiles/build-mysql/centos/Dockerfile @@ -29,6 +29,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ ARCH_SUFFIX="$(arch)"; \ case "$ARCH_SUFFIX" in \ @@ -64,6 +65,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-mysql/ol/Dockerfile b/Dockerfiles/build-mysql/ol/Dockerfile index 7d5b3d2c9..02fc737cb 100644 --- a/Dockerfiles/build-mysql/ol/Dockerfile +++ b/Dockerfiles/build-mysql/ol/Dockerfile @@ -29,6 +29,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -51,6 +52,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-mysql/rhel/Dockerfile b/Dockerfiles/build-mysql/rhel/Dockerfile index 3d858a963..0a64cb89d 100644 --- a/Dockerfiles/build-mysql/rhel/Dockerfile +++ b/Dockerfiles/build-mysql/rhel/Dockerfile @@ -39,6 +39,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ ARCH_SUFFIX="$(arch)"; \ case "$ARCH_SUFFIX" in \ @@ -74,6 +75,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-mysql/ubuntu/Dockerfile b/Dockerfiles/build-mysql/ubuntu/Dockerfile index f83c02127..3cc7dba14 100644 --- a/Dockerfiles/build-mysql/ubuntu/Dockerfile +++ b/Dockerfiles/build-mysql/ubuntu/Dockerfile @@ -29,6 +29,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ ARCH_SUFFIX="$(arch)"; \ case "$ARCH_SUFFIX" in \ @@ -70,6 +71,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-pgsql/alpine/Dockerfile b/Dockerfiles/build-pgsql/alpine/Dockerfile index 0ca224aa5..b3bc349d9 100644 --- a/Dockerfiles/build-pgsql/alpine/Dockerfile +++ b/Dockerfiles/build-pgsql/alpine/Dockerfile @@ -29,6 +29,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ ARCH_SUFFIX="$(arch)"; \ case "$ARCH_SUFFIX" in \ @@ -70,6 +71,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-pgsql/centos/Dockerfile b/Dockerfiles/build-pgsql/centos/Dockerfile index f109bd059..46e250947 100644 --- a/Dockerfiles/build-pgsql/centos/Dockerfile +++ b/Dockerfiles/build-pgsql/centos/Dockerfile @@ -29,6 +29,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ ARCH_SUFFIX="$(arch)"; \ case "$ARCH_SUFFIX" in \ @@ -64,6 +65,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-pgsql/ol/Dockerfile b/Dockerfiles/build-pgsql/ol/Dockerfile index cb44360b5..fbed18500 100644 --- a/Dockerfiles/build-pgsql/ol/Dockerfile +++ b/Dockerfiles/build-pgsql/ol/Dockerfile @@ -29,6 +29,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -51,6 +52,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-pgsql/rhel/Dockerfile b/Dockerfiles/build-pgsql/rhel/Dockerfile new file mode 100644 index 000000000..abf373b69 --- /dev/null +++ b/Dockerfiles/build-pgsql/rhel/Dockerfile @@ -0,0 +1,184 @@ +# syntax=docker/dockerfile:1 +ARG MAJOR_VERSION=7.0 +ARG RELEASE=7 +ARG ZBX_VERSION=${MAJOR_VERSION}.7 +ARG BUILD_BASE_IMAGE=zabbix-build-base:rhel-${ZBX_VERSION} + +FROM ${BUILD_BASE_IMAGE} AS builder + +ARG MAJOR_VERSION +ARG RELEASE +ARG ZBX_VERSION +ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git +ARG GIT_BRANCH + +ARG ZBX_PLUGINS_VERSION=${GIT_BRANCH:-$ZBX_VERSION} +ARG CFLAGS + +LABEL description="Zabbix build base for PostgreSQL based images" \ + maintainer="alexey.pustovalov@zabbix.com" \ + name="zabbix/zabbix-build-pgsql-70" \ + release="${RELEASE}" \ + summary="Zabbix build base (PostgreSQL)" \ + url="https://www.zabbix.com/" \ + vendor="Zabbix SIA" \ + version="${MAJOR_VERSION}" \ + io.k8s.description="Zabbix build base for PostgreSQL based images" \ + io.k8s.display-name="Zabbix build base (PostgreSQL)" \ + io.openshift.expose-services="" \ + io.openshift.tags="zabbix,build,pgsql" \ + org.label-schema.description="Zabbix build base for PostgreSQL based images" \ + org.label-schema.license="AGPL v3.0" \ + org.label-schema.name="zabbix-build-pgsql-rhel" \ + org.label-schema.url="https://zabbix.com/" \ + org.label-schema.vcs-ref="${VCS_REF}" \ + org.label-schema.vendor="Zabbix SIA" + +ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_VERSION}-output \ + DB_TYPE=postgresql \ + CFLAGS=${CFLAGS:-"-fPIC -pie -Wl,-z,relro,-z,now,-z,defs -D_FORTIFY_SOURCE=2 -fexceptions -O2 -pipe"} \ + MONGODB_PLUGIN_SOURCES=https://git.zabbix.com/scm/ap/mongodb.git MONGODB_PLUGIN_VERSION=${ZBX_PLUGINS_VERSION} \ + POSTGRESQL_PLUGIN_SOURCES=https://git.zabbix.com/scm/ap/postgresql.git POSTGRESQL_PLUGIN_VERSION=${ZBX_PLUGINS_VERSION} \ + MSSQL_PLUGIN_SOURCES=https://git.zabbix.com/scm/ap/mssql.git MSSQL_PLUGIN_VERSION=${ZBX_PLUGINS_VERSION} \ + EMBER_PLUS_PLUGIN_SOURCES=https://git.zabbix.com/scm/ap/ember-plus.git EMBER_PLUS_PLUGIN_VERSION=${ZBX_PLUGINS_VERSION} + +RUN --mount=type=cache,target=/root/.cache/go-build/ \ + --mount=type=cache,target=/root/go/ \ + --mount=from=sources,target=/tmp/src \ + --mount=type=bind,source=patches/,target=/tmp/patches \ + set -eux && \ + cd /tmp/ && \ + mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ + mkdir -p ${ZBX_OUTPUT_DIR}/agent/conf/ && \ + mkdir -p ${ZBX_OUTPUT_DIR}/agent2/sbin/ && \ + mkdir -p ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ + mkdir -p ${ZBX_OUTPUT_DIR}/agent2/conf/zabbix_agent2.d/plugins.d/ && \ + mkdir -p ${ZBX_OUTPUT_DIR}/proxy/sbin/ && \ + mkdir -p ${ZBX_OUTPUT_DIR}/proxy/conf/ && \ + mkdir -p ${ZBX_OUTPUT_DIR}/proxy/database/${DB_TYPE}/ && \ + mkdir -p ${ZBX_OUTPUT_DIR}/server/database/${DB_TYPE}/option-patches/with-compression/ && \ + mkdir -p ${ZBX_OUTPUT_DIR}/server/database/${DB_TYPE}/option-patches/without-compression/ && \ + mkdir -p ${ZBX_OUTPUT_DIR}/server/sbin/ && \ + mkdir -p ${ZBX_OUTPUT_DIR}/server/conf/ && \ + mkdir -p ${ZBX_OUTPUT_DIR}/server/database/${DB_TYPE}/ && \ + mkdir -p ${ZBX_OUTPUT_DIR}/java_gateway/sbin/ && \ + mkdir -p ${ZBX_OUTPUT_DIR}/web_service/sbin/ && \ + mkdir -p ${ZBX_OUTPUT_DIR}/web_service/conf/ && \ + mkdir -p ${ZBX_OUTPUT_DIR}/general/sbin/ && \ + mkdir -p ${ZBX_OUTPUT_DIR}/general/bin/ && \ + mkdir -p ${ZBX_OUTPUT_DIR}/general/conf/ && \ + if [ -f "/tmp/src/bootstrap.sh" ]; then \ + cp -R /tmp/src ${ZBX_SOURCES_DIR}; \ + else \ + git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ + fi && \ + cd ${ZBX_SOURCES_DIR} && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ + zabbix_revision=`git rev-parse --short HEAD` && \ + sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ + sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ + sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/zabbix_java/src/com/zabbix/gateway/GeneralInformation.java && \ + ./bootstrap.sh && \ + ./configure \ + --datadir=/usr/lib \ + --libdir=/usr/lib/zabbix \ + --prefix=/usr \ + --sysconfdir=/etc/zabbix \ + --enable-ipv6 \ + --enable-agent \ + --enable-agent2 \ + --enable-java \ + --enable-proxy \ + --enable-server \ + --enable-webservice \ + --with-ldap \ + --with-libcurl \ + --with-libmodbus \ + --with-libpcre2 \ + --with-libxml2 \ + --with-${DB_TYPE} \ + --with-net-snmp \ + --with-openipmi \ + --with-openssl \ + --with-ssh \ + --with-unixodbc \ + --silent && \ + make -j"$(nproc)" -s dbschema && \ + make -j"$(nproc)" -s && \ + make -j"$(nproc)" -s gettext && \ + cat database/${DB_TYPE}/schema.sql > database/${DB_TYPE}/create.sql && \ + gzip -c database/${DB_TYPE}/create.sql > ${ZBX_OUTPUT_DIR}/proxy/database/${DB_TYPE}/create.sql.gz && \ + cat database/${DB_TYPE}/images.sql >> database/${DB_TYPE}/create.sql && \ + cat database/${DB_TYPE}/data.sql >> database/${DB_TYPE}/create.sql && \ + gzip -c database/${DB_TYPE}/create.sql > ${ZBX_OUTPUT_DIR}/server/database/${DB_TYPE}/create.sql.gz && \ + rm -rf database/${DB_TYPE}/create.sql && \ + cp -R ${ZBX_SOURCES_DIR}/database/postgresql/timescaledb/schema.sql ${ZBX_OUTPUT_DIR}/server/database/${DB_TYPE}/timescaledb.sql && \ + cp -R ${ZBX_SOURCES_DIR}/database/postgresql/timescaledb/option-patches/with-compression/*.sql ${ZBX_OUTPUT_DIR}/server/database/${DB_TYPE}/option-patches/with-compression/ && \ + cp -R ${ZBX_SOURCES_DIR}/database/postgresql/timescaledb/option-patches/without-compression/*.sql ${ZBX_OUTPUT_DIR}/server/database/${DB_TYPE}/option-patches/without-compression/ && \ + mkdir /tmp/fonts/ && \ + curl --tlsv1.2 -sSf -L "https://noto-website-2.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ + unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ + cp /tmp/fonts/NotoSansCJKjp-Regular.otf ${ZBX_SOURCES_DIR}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ + cp /tmp/fonts/LICENSE_OFL.txt ${ZBX_SOURCES_DIR}/ui/assets/fonts/ && \ + rm -f ${ZBX_SOURCES_DIR}/ui/assets/fonts/DejaVuSans.ttf && \ + sed -i -r "s/(define\(.*_FONT_NAME.*)DejaVuSans/\1NotoSansCJKjp-Regular/" ${ZBX_SOURCES_DIR}/ui/include/defines.inc.php && \ + rm -rf /tmp/fonts/ && \ + chmod o+r ${ZBX_SOURCES_DIR}/ui/assets/fonts/* && \ + strip ${ZBX_SOURCES_DIR}/src/zabbix_agent/zabbix_agentd && \ + strip ${ZBX_SOURCES_DIR}/src/zabbix_server/zabbix_server && \ + strip ${ZBX_SOURCES_DIR}/src/zabbix_proxy/zabbix_proxy && \ + strip ${ZBX_SOURCES_DIR}/src/go/bin/zabbix_agent2 && \ + strip ${ZBX_SOURCES_DIR}/src/zabbix_get/zabbix_get && \ + strip ${ZBX_SOURCES_DIR}/src/zabbix_sender/zabbix_sender && \ + strip ${ZBX_SOURCES_DIR}/src/go/bin/zabbix_web_service && \ + cp ${ZBX_SOURCES_DIR}/src/zabbix_agent/zabbix_agentd ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_agentd.conf ${ZBX_OUTPUT_DIR}/agent/conf/ && \ + cp -R ${ZBX_SOURCES_DIR}/conf/zabbix_agentd/ ${ZBX_OUTPUT_DIR}/agent/conf/ && \ + cp ${ZBX_SOURCES_DIR}/src/go/bin/zabbix_agent2 ${ZBX_OUTPUT_DIR}/agent2/sbin/ && \ + cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.conf ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ + cp -R ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.d/ ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ + cp ${ZBX_SOURCES_DIR}/src/zabbix_server/zabbix_server ${ZBX_OUTPUT_DIR}/server/sbin/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_server.conf ${ZBX_OUTPUT_DIR}/server/conf/ && \ + cp ${ZBX_SOURCES_DIR}/src/zabbix_proxy/zabbix_proxy ${ZBX_OUTPUT_DIR}/proxy/sbin/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_proxy.conf ${ZBX_OUTPUT_DIR}/proxy/conf/ && \ + cp -R ${ZBX_SOURCES_DIR}/src/zabbix_java/bin/ ${ZBX_OUTPUT_DIR}/java_gateway/sbin/ && \ + cp -R ${ZBX_SOURCES_DIR}/src/zabbix_java/lib/ ${ZBX_OUTPUT_DIR}/java_gateway/sbin/ && \ + cp ${ZBX_SOURCES_DIR}/src/go/bin/zabbix_web_service ${ZBX_OUTPUT_DIR}/web_service/sbin/ && \ + cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_web_service.conf ${ZBX_OUTPUT_DIR}/web_service/conf/ && \ + cp ${ZBX_SOURCES_DIR}/src/zabbix_get/zabbix_get ${ZBX_OUTPUT_DIR}/general/bin/ && \ + cp ${ZBX_SOURCES_DIR}/src/zabbix_sender/zabbix_sender ${ZBX_OUTPUT_DIR}/general/bin/ && \ + make -s distclean && \ + cd /tmp/ && \ + mkdir -p ${ZBX_OUTPUT_DIR}/agent2/sbin/zabbix-agent2-plugin/ && \ + mkdir -p ${ZBX_OUTPUT_DIR}/agent2/conf/zabbix_agent2.d/plugins.d/ && \ + git -c advice.detachedHead=false clone ${MONGODB_PLUGIN_SOURCES} --branch ${MONGODB_PLUGIN_VERSION} --depth 1 --single-branch /tmp/mongodb-plugin-${MONGODB_PLUGIN_VERSION} && \ + cd /tmp/mongodb-plugin-${MONGODB_PLUGIN_VERSION} && \ + make && \ + strip /tmp/mongodb-plugin-${MONGODB_PLUGIN_VERSION}/zabbix-agent2-plugin-mongodb && \ + cp /tmp/mongodb-plugin-${MONGODB_PLUGIN_VERSION}/zabbix-agent2-plugin-mongodb ${ZBX_OUTPUT_DIR}/agent2/sbin/zabbix-agent2-plugin/mongodb && \ + cp /tmp/mongodb-plugin-${MONGODB_PLUGIN_VERSION}/mongodb.conf ${ZBX_OUTPUT_DIR}/agent2/conf/zabbix_agent2.d/plugins.d/ && \ + cd /tmp/ && \ + git -c advice.detachedHead=false clone ${POSTGRESQL_PLUGIN_SOURCES} --branch ${POSTGRESQL_PLUGIN_VERSION} --depth 1 --single-branch /tmp/postgresql-plugin-${POSTGRESQL_PLUGIN_VERSION} && \ + cd /tmp/postgresql-plugin-${POSTGRESQL_PLUGIN_VERSION} && \ + make && \ + strip /tmp/postgresql-plugin-${POSTGRESQL_PLUGIN_VERSION}/zabbix-agent2-plugin-postgresql && \ + cp /tmp/postgresql-plugin-${POSTGRESQL_PLUGIN_VERSION}/zabbix-agent2-plugin-postgresql ${ZBX_OUTPUT_DIR}/agent2/sbin/zabbix-agent2-plugin/postgresql && \ + cp /tmp/postgresql-plugin-${POSTGRESQL_PLUGIN_VERSION}/postgresql.conf ${ZBX_OUTPUT_DIR}/agent2/conf/zabbix_agent2.d/plugins.d/ && \ + cd /tmp/ && \ + git -c advice.detachedHead=false clone ${MSSQL_PLUGIN_SOURCES} --branch ${MSSQL_PLUGIN_VERSION} --depth 1 --single-branch /tmp/mssql-plugin-${MSSQL_PLUGIN_VERSION} && \ + cd /tmp/mssql-plugin-${MSSQL_PLUGIN_VERSION} && \ + make && \ + strip /tmp/mssql-plugin-${MSSQL_PLUGIN_VERSION}/zabbix-agent2-plugin-mssql && \ + cp /tmp/mssql-plugin-${MSSQL_PLUGIN_VERSION}/zabbix-agent2-plugin-mssql ${ZBX_OUTPUT_DIR}/agent2/sbin/zabbix-agent2-plugin/mssql && \ + cp /tmp/mssql-plugin-${MSSQL_PLUGIN_VERSION}/mssql.conf ${ZBX_OUTPUT_DIR}/agent2/conf/zabbix_agent2.d/plugins.d/ && \ + cd /tmp/ && \ + git -c advice.detachedHead=false clone ${EMBER_PLUS_PLUGIN_SOURCES} --branch ${EMBER_PLUS_PLUGIN_VERSION} --depth 1 --single-branch /tmp/ember-plugin-${EMBER_PLUS_PLUGIN_VERSION} && \ + cd /tmp/ember-plugin-${EMBER_PLUS_PLUGIN_VERSION} && \ + make && \ + strip /tmp/ember-plugin-${EMBER_PLUS_PLUGIN_VERSION}/zabbix-agent2-plugin-ember-plus && \ + cp /tmp/ember-plugin-${EMBER_PLUS_PLUGIN_VERSION}/zabbix-agent2-plugin-ember-plus ${ZBX_OUTPUT_DIR}/agent2/sbin/zabbix-agent2-plugin/ember-plus && \ + cp /tmp/ember-plugin-${EMBER_PLUS_PLUGIN_VERSION}/ember.conf ${ZBX_OUTPUT_DIR}/agent2/conf/zabbix_agent2.d/plugins.d/ diff --git a/Dockerfiles/build-pgsql/ubuntu/Dockerfile b/Dockerfiles/build-pgsql/ubuntu/Dockerfile index 9e84faad6..4bde19bb6 100644 --- a/Dockerfiles/build-pgsql/ubuntu/Dockerfile +++ b/Dockerfiles/build-pgsql/ubuntu/Dockerfile @@ -29,6 +29,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ ARCH_SUFFIX="$(arch)"; \ case "$ARCH_SUFFIX" in \ @@ -70,6 +71,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-sqlite3/alpine/Dockerfile b/Dockerfiles/build-sqlite3/alpine/Dockerfile index b8380f0f2..b0e2d878a 100644 --- a/Dockerfiles/build-sqlite3/alpine/Dockerfile +++ b/Dockerfiles/build-sqlite3/alpine/Dockerfile @@ -29,6 +29,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ ARCH_SUFFIX="$(arch)"; \ case "$ARCH_SUFFIX" in \ @@ -66,6 +67,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-sqlite3/alpine/src/.gitkeep b/Dockerfiles/build-sqlite3/alpine/patches/.gitkeep similarity index 100% rename from Dockerfiles/build-sqlite3/alpine/src/.gitkeep rename to Dockerfiles/build-sqlite3/alpine/patches/.gitkeep diff --git a/Dockerfiles/build-sqlite3/centos/Dockerfile b/Dockerfiles/build-sqlite3/centos/Dockerfile index 79df904e2..4ea173cfc 100644 --- a/Dockerfiles/build-sqlite3/centos/Dockerfile +++ b/Dockerfiles/build-sqlite3/centos/Dockerfile @@ -29,6 +29,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ ARCH_SUFFIX="$(arch)"; \ case "$ARCH_SUFFIX" in \ @@ -60,6 +61,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-sqlite3/centos/src/.gitkeep b/Dockerfiles/build-sqlite3/centos/patches/.gitkeep similarity index 100% rename from Dockerfiles/build-sqlite3/centos/src/.gitkeep rename to Dockerfiles/build-sqlite3/centos/patches/.gitkeep diff --git a/Dockerfiles/build-sqlite3/ol/Dockerfile b/Dockerfiles/build-sqlite3/ol/Dockerfile index 5fb110aea..a43e2151c 100644 --- a/Dockerfiles/build-sqlite3/ol/Dockerfile +++ b/Dockerfiles/build-sqlite3/ol/Dockerfile @@ -29,6 +29,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -47,6 +48,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-sqlite3/ubuntu/src/.gitkeep b/Dockerfiles/build-sqlite3/ol/patches/.gitkeep similarity index 100% rename from Dockerfiles/build-sqlite3/ubuntu/src/.gitkeep rename to Dockerfiles/build-sqlite3/ol/patches/.gitkeep diff --git a/Dockerfiles/build-sqlite3/rhel/Dockerfile b/Dockerfiles/build-sqlite3/rhel/Dockerfile index eb8fb0c2c..25841b111 100644 --- a/Dockerfiles/build-sqlite3/rhel/Dockerfile +++ b/Dockerfiles/build-sqlite3/rhel/Dockerfile @@ -39,6 +39,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=from=sources,target=/tmp/src \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ ARCH_SUFFIX="$(arch)"; \ case "$ARCH_SUFFIX" in \ @@ -70,6 +71,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-sqlite3/rhel/patches/.gitkeep b/Dockerfiles/build-sqlite3/rhel/patches/.gitkeep new file mode 100644 index 000000000..e69de29bb diff --git a/Dockerfiles/build-sqlite3/ubuntu/Dockerfile b/Dockerfiles/build-sqlite3/ubuntu/Dockerfile index 3b2632fdb..9b5f596ae 100644 --- a/Dockerfiles/build-sqlite3/ubuntu/Dockerfile +++ b/Dockerfiles/build-sqlite3/ubuntu/Dockerfile @@ -29,6 +29,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=type=bind,source=src/,target=/tmp/src \ + --mount=type=bind,source=patches/,target=/tmp/patches \ set -eux && \ ARCH_SUFFIX="$(arch)"; \ case "$ARCH_SUFFIX" in \ @@ -66,6 +67,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ diff --git a/Dockerfiles/build-sqlite3/ubuntu/patches/.gitkeep b/Dockerfiles/build-sqlite3/ubuntu/patches/.gitkeep new file mode 100644 index 000000000..e69de29bb diff --git a/Dockerfiles/proxy-mysql/ubuntu/Dockerfile b/Dockerfiles/proxy-mysql/ubuntu/Dockerfile index 48f406bd7..b3507b32b 100644 --- a/Dockerfiles/proxy-mysql/ubuntu/Dockerfile +++ b/Dockerfiles/proxy-mysql/ubuntu/Dockerfile @@ -14,7 +14,7 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ MIBDIRS=/var/lib/snmp/mibs/ietf:/var/lib/snmp/mibs/iana:/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ - NMAP_PRIVILEGED="" \ + NMAP_PRIVILEGED="" \ ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ ZABBIX_CONF_DIR="/etc/zabbix" \ ZBX_FPINGLOCATION="/usr/bin/fping" diff --git a/Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile b/Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile index 2b3c93b0e..43e7f7f5e 100644 --- a/Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile +++ b/Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile @@ -14,7 +14,7 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ MIBDIRS=/var/lib/snmp/mibs/ietf:/var/lib/snmp/mibs/iana:/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ - NMAP_PRIVILEGED="" \ + NMAP_PRIVILEGED="" \ ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ ZABBIX_CONF_DIR="/etc/zabbix" \ ZBX_FPINGLOCATION="/usr/bin/fping" diff --git a/Dockerfiles/server-pgsql/centos/Dockerfile b/Dockerfiles/server-pgsql/centos/Dockerfile index eb0e23538..99a1cbd8b 100644 --- a/Dockerfiles/server-pgsql/centos/Dockerfile +++ b/Dockerfiles/server-pgsql/centos/Dockerfile @@ -81,7 +81,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ -G dialout \ --uid 1997 \ --shell /sbin/nologin \ - --home-dir ${ZABBIX_USER_HOME_DIR}/ \ + --home-dir ${ZABBIX_USER_HOME_DIR} \ zabbix && \ chgrp zabbix /usr/bin/nmap && \ setcap cap_net_raw+eip /usr/bin/nmap && \ diff --git a/Dockerfiles/server-pgsql/ol/Dockerfile b/Dockerfiles/server-pgsql/ol/Dockerfile index cbcb09f35..cd76f7534 100644 --- a/Dockerfiles/server-pgsql/ol/Dockerfile +++ b/Dockerfiles/server-pgsql/ol/Dockerfile @@ -81,7 +81,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ -G dialout \ --uid 1997 \ --shell /sbin/nologin \ - --home-dir ${ZABBIX_USER_HOME_DIR}/ \ + --home-dir ${ZABBIX_USER_HOME_DIR} \ zabbix && \ chgrp zabbix /usr/bin/nmap && \ setcap cap_net_raw+eip /usr/bin/nmap && \ diff --git a/Dockerfiles/server-pgsql/rhel/Dockerfile b/Dockerfiles/server-pgsql/rhel/Dockerfile new file mode 100644 index 000000000..75c18285c --- /dev/null +++ b/Dockerfiles/server-pgsql/rhel/Dockerfile @@ -0,0 +1,177 @@ +# syntax=docker/dockerfile:1 +ARG MAJOR_VERSION=7.0 +ARG RELEASE=7 +ARG ZBX_VERSION=${MAJOR_VERSION}.7 +ARG BUILD_BASE_IMAGE=zabbix-build-pgsql:rhel-${ZBX_VERSION} + +FROM ${BUILD_BASE_IMAGE} AS builder + +FROM registry.access.redhat.com/ubi9/ubi-minimal:9.5 + +ARG MAJOR_VERSION +ARG RELEASE +ARG ZBX_VERSION +ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git + +ENV TERM=xterm \ + ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ + MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ + NMAP_PRIVILEGED="" \ + ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ + ZABBIX_CONF_DIR="/etc/zabbix" \ + ZBX_FPINGLOCATION="/usr/sbin/fping" + +LABEL description="Zabbix server with PostgreSQL database support" \ + maintainer="alexey.pustovalov@zabbix.com" \ + name="zabbix/zabbix-server-pgsql-70" \ + release="${RELEASE}" \ + run="docker run --name zabbix-server --link postgresql:pgsql-server -p 10051:10051 -d registry.connect.redhat.com/zabbix/zabbix-server-pgsql-70:${ZBX_VERSION}" \ + summary="Zabbix server (PostgreSQL)" \ + url="https://www.zabbix.com/" \ + vendor="Zabbix SIA" \ + version="${MAJOR_VERSION}" \ + io.k8s.description="Zabbix server with PostgreSQL database support" \ + io.k8s.display-name="Zabbix server (PostgreSQL)" \ + io.openshift.expose-services="10051:10051" \ + io.openshift.tags="zabbix,zabbix-server,pgsql" \ + org.label-schema.build-date="${BUILD_DATE}" \ + org.label-schema.description="Zabbix server with PostgreSQL database support" \ + org.label-schema.docker.cmd="docker run --name zabbix-server --link postgresql:pgsql-server -p 10051:10051 -d registry.connect.redhat.com/zabbix/zabbix-server-pgsql-70:${ZBX_VERSION}" \ + org.label-schema.license="AGPL v3.0" \ + org.label-schema.name="zabbix-server-pgsql-rhel" \ + org.label-schema.schema-version="1.0" \ + org.label-schema.url="https://zabbix.com/" \ + org.label-schema.usage="https://www.zabbix.com/documentation/${MAJOR_VERSION}/manual/installation/containers" \ + org.label-schema.vcs-ref="${VCS_REF}" \ + org.label-schema.vcs-url="${ZBX_SOURCES}" \ + org.label-schema.vendor="Zabbix SIA" \ + org.label-schema.version="${ZBX_VERSION}" + +STOPSIGNAL SIGTERM + +COPY ["licenses", "/licenses"] +COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/sbin/zabbix_server", "/usr/sbin/zabbix_server"] +COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/general/bin/*", "/usr/bin/"] +COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/conf/", "${ZABBIX_CONF_DIR}/"] +COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/database/postgresql/", "/usr/share/doc/zabbix-server-postgresql/"] + +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + --mount=type=tmpfs,target=/var/cache/yum/ \ + --mount=type=bind,target=/run/secrets/,src=secrets/ \ + set -eux && \ + INSTALL_PKGS="bash \ + traceroute \ + nmap \ + fping \ + shadow-utils \ + iputils \ + hostname \ + libssh \ + libpsl \ + libbrotli \ + libevent \ + openldap \ + libssh \ + libxml2 \ + net-snmp-agent-libs \ + OpenIPMI-libs \ + pcre2 \ + postgresql \ + postgresql-private-libs \ + gzip \ + unixODBC \ + zlib" && \ + curl --tlsv1.2 -sSf -L https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm -o /tmp/epel-release-latest-9.noarch.rpm && \ + rpm -ivh /tmp/epel-release-latest-9.noarch.rpm && \ + rm -rf /tmp/epel-release-latest-9.noarch.rpm && \ + ARCH_SUFFIX="$(arch)"; \ + microdnf -y module enable \ + --disablerepo "*" \ + --enablerepo "rhel-9-for-$ARCH_SUFFIX-appstream-rpms" \ + --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ + postgresql:16 && \ + microdnf -y install \ + --disablerepo "*" \ + --enablerepo "ubi-9-baseos-rpms" \ + --enablerepo "ubi-9-appstream-rpms" \ + --enablerepo "rhel-9-for-$ARCH_SUFFIX-baseos-rpms" \ + --enablerepo "rhel-9-for-$ARCH_SUFFIX-appstream-rpms" \ + --enablerepo "codeready-builder-for-rhel-9-$ARCH_SUFFIX-rpms" \ + --enablerepo "epel" \ + --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ + --best \ + --setopt=tsflags=nodocs \ + ${INSTALL_PKGS} && \ + microdnf -y update \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ + --enablerepo "ubi-9-baseos-rpms" \ + --setopt=install_weak_deps=0 \ + --best \ + --setopt=tsflags=nodocs \ + tzdata && \ + microdnf -y reinstall \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ + --enablerepo "ubi-9-baseos-rpms" \ + --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ + --best \ + --setopt=tsflags=nodocs \ + tzdata && \ + microdnf download libcurl && \ + rpm -Uvh --nodeps --replacefiles "*curl*$( uname -i ).rpm" && \ + microdnf remove -y libcurl-minimal && \ + rm -rf "*curl*$( uname -i ).rpm" && \ + groupadd \ + --system \ + --gid 1995 \ + zabbix && \ + useradd \ + --system \ + --comment "Zabbix monitoring system" \ + -g zabbix \ + -G dialout \ + --uid 1997 \ + --shell /sbin/nologin \ + --home-dir ${ZABBIX_USER_HOME_DIR} \ + zabbix && \ + chgrp zabbix /usr/bin/nmap && \ + setcap cap_net_raw+eip /usr/bin/nmap && \ + mkdir -p ${ZABBIX_CONF_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/dbscripts && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/export && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/mibs && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/modules && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/snmptraps && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssh_keys && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/certs && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/keys && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca && \ + mkdir -p /usr/lib/zabbix/alertscripts && \ + mkdir -p /usr/lib/zabbix/externalscripts && \ + mkdir -p /usr/share/doc/zabbix-server-postgresql && \ + chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_USER_HOME_DIR}/ && \ + chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_USER_HOME_DIR}/ && \ + chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_USER_HOME_DIR}/ && \ + /usr/sbin/zabbix_server -V + +EXPOSE 10051/TCP + +WORKDIR ${ZABBIX_USER_HOME_DIR} + +VOLUME ["${ZABBIX_USER_HOME_DIR}/snmptraps", "${ZABBIX_USER_HOME_DIR}/export"] + +COPY ["docker-entrypoint.sh", "/usr/bin/"] + +ENTRYPOINT ["/usr/bin/docker-entrypoint.sh"] + +USER 1997 + +CMD ["/usr/sbin/zabbix_server", "--foreground", "-c", "/etc/zabbix/zabbix_server.conf"] diff --git a/build.sh b/build.sh index ee2a36882..a64b02dfe 100755 --- a/build.sh +++ b/build.sh @@ -42,7 +42,11 @@ else exit 1 fi -DOCKER_BUILDKIT=1 $exec_command build -t "zabbix-$app_component:$os-$version" --build-context sources="../../../sources" --build-arg VCS_REF="$VCS_REF" --build-arg BUILD_DATE="$(date -u +"%Y-%m-%dT%H:%M:%SZ")" -f Dockerfile . +DOCKER_BUILDKIT=1 $exec_command build -t "zabbix-$app_component:$os-$version" \ + --build-context sources="../../../sources" \ + --build-arg VCS_REF="$VCS_REF" \ + --build-arg BUILD_DATE="$(date -u +"%Y-%m-%dT%H:%M:%SZ")" \ + -f Dockerfile . if [ "$type" != "build" ]; then links=""