From 4ee139c112933497b26753935a1383011f8da872 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 28 Oct 2025 14:12:17 -0700 Subject: [PATCH 1/3] Added nginx-module-acme to the main image --- Dockerfile-alpine.template | 3 +++ Dockerfile-debian.template | 3 +++ update.sh | 17 ++++++++++++++--- 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index bc77dfd6..8d5c77c9 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -2,6 +2,7 @@ FROM nginx:%%NGINX_VERSION%%-alpine-slim ENV NJS_VERSION %%NJS_VERSION%% ENV NJS_RELEASE %%NJS_RELEASE%% +ENV ACME_VERSION %%ACME_VERSION%% RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -37,6 +38,8 @@ RUN set -x \ alpine-sdk \ findutils \ curl \ + cargo \ + clang-libclang \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 57abba1a..eceae24e 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -5,6 +5,7 @@ LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION %%NGINX_VERSION%% ENV NJS_VERSION %%NJS_VERSION%% ENV NJS_RELEASE %%NJS_RELEASE%% +ENV ACME_VERSION %%ACME_VERSION%% ENV PKG_RELEASE %%PKG_RELEASE%% ENV DYNPKG_RELEASE %%DYNPKG_RELEASE%% @@ -55,6 +56,7 @@ RUN set -x \ # build .deb files from upstream's packaging sources && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y \ + cargo \ curl \ devscripts \ equivs \ @@ -64,6 +66,7 @@ RUN set -x \ xsltproc \ && ( \ cd "$tempDir" \ + && export CARGO_HOME="$tempDir/.cargo" \ && REVISION="%%REVISION%%" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ diff --git a/update.sh b/update.sh index 50f9d2a1..0b0c537f 100755 --- a/update.sh +++ b/update.sh @@ -35,6 +35,12 @@ declare -A otel=( [stable]='0.1.2' ) +# Current acme versions +declare -A acme=( + [mainline]='0.2.0' + [stable]='0.2.0' +) + # Current nginx package patchlevel version # Remember to update pkgosschecksum when changing this. declare -A pkg=( @@ -122,7 +128,10 @@ get_packages() { echo -n ' '"$p"'=${NGINX_VERSION}-'"$r"'${DYNPKG_RELEASE} \\\n' done for p in nginx-module-njs; do - echo -n ' '"$p"'=${NGINX_VERSION}'"$sep"'${NJS_VERSION}-'"$r"'${NJS_RELEASE} \\'"$bn" + echo -n ' '"$p"'=${NGINX_VERSION}'"$sep"'${NJS_VERSION}-'"$r"'${NJS_RELEASE} \\\n' + done + for p in nginx-module-acme; do + echo -n ' '"$p"'=${NGINX_VERSION}'"$sep"'${ACME_VERSION}-'"$r"'${PKG_RELEASE} \\'"$bn" done for p in $otel; do echo -n ' '"$p"'=${NGINX_VERSION}'"$sep"'${OTEL_VERSION}-'"$r"'${PKG_RELEASE} \\' @@ -180,10 +189,10 @@ get_buildtarget() { echo base ;; alpine) - echo module-geoip module-image-filter module-njs module-xslt + echo module-geoip module-image-filter module-njs module-xslt module-acme ;; debian) - echo base module-geoip module-image-filter module-njs module-xslt + echo base module-geoip module-image-filter module-njs module-xslt module-acme ;; *-perl) echo module-perl @@ -225,6 +234,7 @@ for branch in "${branches[@]}"; do nginxver="${nginx[$branch]}" njsver="${njs[${branch}]}" otelver="${otel[${branch}]}" + acmever="${acme[${branch}]}" revver="${rev[${branch}]}" pkgosschecksumver="${pkgosschecksum[${branch}]}" @@ -243,6 +253,7 @@ for branch in "${branches[@]}"; do -e 's,%%NJS_VERSION%%,'"$njsver"',' \ -e 's,%%NJS_RELEASE%%,'"$njspkgver"',' \ -e 's,%%OTEL_VERSION%%,'"$otelver"',' \ + -e 's,%%ACME_VERSION%%,'"$acmever"',' \ -e 's,%%PKG_RELEASE%%,'"$packagever"',' \ -e 's,%%PACKAGES%%,'"$packages"',' \ -e 's,%%PACKAGEREPO%%,'"$packagerepo"',' \ From 9b1689e5906ac6eafc3d778393f13d9dbd3df244 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 28 Oct 2025 14:14:48 -0700 Subject: [PATCH 2/3] Moved stable images to contemporary distros It's now on Alpine 3.22 and Debian 13. While at it, bump njs on the stable images as well. --- update.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/update.sh b/update.sh index 0b0c537f..9ebe225a 100755 --- a/update.sh +++ b/update.sh @@ -19,7 +19,7 @@ declare -A nginx=( # Current njs versions declare -A njs=( [mainline]='0.9.4' - [stable]='0.8.10' + [stable]='0.9.4' ) # Current njs patchlevel version @@ -57,12 +57,12 @@ declare -A dynpkg=( declare -A debian=( [mainline]='trixie' - [stable]='bookworm' + [stable]='trixie' ) declare -A alpine=( [mainline]='3.22' - [stable]='3.21' + [stable]='3.22' ) # When we bump njs version in a stable release we don't move the tag in the @@ -71,7 +71,7 @@ declare -A alpine=( # Remember to update pkgosschecksum when changing this. declare -A rev=( [mainline]='${NGINX_VERSION}-${PKG_RELEASE}' - [stable]='${NGINX_VERSION}-${PKG_RELEASE}' + [stable]='37ef58ecfb8d38297af7db05b091c0c656e090f3' ) # Holds SHA512 checksum for the pkg-oss tarball produced by source code @@ -79,7 +79,7 @@ declare -A rev=( # Used in builds for architectures not packaged by nginx.org declare -A pkgosschecksum=( [mainline]='249858446828ace0c81ea3e057135aa368f3dab83430cf867bb9fc32598948f29c4bd50908491da704536af1106aa87553f6a76cc126c6833dc9b14dd00564b8' - [stable]='517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4' + [stable]='2c06e917e8c249b853c863e03b09f1d9e32bac2fda0486a81a0a2c7bcc6f57ca25bb3120d2a49a8893b4634f8c768a0700c9d8f3c36a1abca0c10ed622b12a12' ) get_packages() { From 99fe02bea1dec1484a995147e12a1222f21a34b8 Mon Sep 17 00:00:00 2001 From: Konstantin Pavlov Date: Tue, 28 Oct 2025 14:17:28 -0700 Subject: [PATCH 3/3] Regenerated Dockerfiles --- mainline/alpine-otel/Dockerfile | 1 + mainline/alpine-perl/Dockerfile | 1 + mainline/alpine/Dockerfile | 6 +++++- mainline/debian-otel/Dockerfile | 1 + mainline/debian-perl/Dockerfile | 1 + mainline/debian/Dockerfile | 8 ++++++-- stable/alpine-otel/Dockerfile | 11 ++++++----- stable/alpine-perl/Dockerfile | 11 ++++++----- stable/alpine-slim/Dockerfile | 12 ++++++------ stable/alpine/Dockerfile | 18 +++++++++++------- stable/debian-otel/Dockerfile | 7 ++++--- stable/debian-perl/Dockerfile | 7 ++++--- stable/debian/Dockerfile | 24 ++++++++++++++---------- 13 files changed, 66 insertions(+), 42 deletions(-) diff --git a/mainline/alpine-otel/Dockerfile b/mainline/alpine-otel/Dockerfile index 495c61e1..ce465c20 100644 --- a/mainline/alpine-otel/Dockerfile +++ b/mainline/alpine-otel/Dockerfile @@ -15,6 +15,7 @@ RUN set -x \ nginx-module-geoip=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ + nginx-module-acme=${NGINX_VERSION}.${ACME_VERSION}-r${PKG_RELEASE} \ nginx-module-otel=${NGINX_VERSION}.${OTEL_VERSION}-r${PKG_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index 837daac1..0a2a4cf8 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -14,6 +14,7 @@ RUN set -x \ nginx-module-image-filter=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-perl=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ + nginx-module-acme=${NGINX_VERSION}.${ACME_VERSION}-r${PKG_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks && apk add --no-cache --virtual .checksum-deps \ diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index ff89c3b2..b91f8ad4 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -7,6 +7,7 @@ FROM nginx:1.29.3-alpine-slim ENV NJS_VERSION 0.9.4 ENV NJS_RELEASE 1 +ENV ACME_VERSION 0.2.0 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -16,6 +17,7 @@ RUN set -x \ nginx-module-geoip=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ + nginx-module-acme=${NGINX_VERSION}.${ACME_VERSION}-r${PKG_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks && apk add --no-cache --virtual .checksum-deps \ @@ -47,6 +49,8 @@ RUN set -x \ alpine-sdk \ findutils \ curl \ + cargo \ + clang-libclang \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ @@ -61,7 +65,7 @@ RUN set -x \ && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ && cd alpine \ - && make module-geoip module-image-filter module-njs module-xslt \ + && make module-geoip module-image-filter module-njs module-xslt module-acme \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile index da68ae7c..ecf5b5b2 100644 --- a/mainline/debian-otel/Dockerfile +++ b/mainline/debian-otel/Dockerfile @@ -16,6 +16,7 @@ RUN set -x; \ nginx-module-geoip=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ + nginx-module-acme=${NGINX_VERSION}+${ACME_VERSION}-${PKG_RELEASE} \ nginx-module-otel=${NGINX_VERSION}+${OTEL_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile index ef0ad258..985bd457 100644 --- a/mainline/debian-perl/Dockerfile +++ b/mainline/debian-perl/Dockerfile @@ -15,6 +15,7 @@ RUN set -x; \ nginx-module-image-filter=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ + nginx-module-acme=${NGINX_VERSION}+${ACME_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ amd64|arm64) \ diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile index 27b4e131..cae3fd9c 100644 --- a/mainline/debian/Dockerfile +++ b/mainline/debian/Dockerfile @@ -10,6 +10,7 @@ LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.29.3 ENV NJS_VERSION 0.9.4 ENV NJS_RELEASE 1~trixie +ENV ACME_VERSION 0.2.0 ENV PKG_RELEASE 1~trixie ENV DYNPKG_RELEASE 1~trixie @@ -44,6 +45,7 @@ RUN set -x \ nginx-module-geoip=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ + nginx-module-acme=${NGINX_VERSION}+${ACME_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ amd64|arm64) \ @@ -65,6 +67,7 @@ RUN set -x \ # build .deb files from upstream's packaging sources && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y \ + cargo \ curl \ devscripts \ equivs \ @@ -74,6 +77,7 @@ RUN set -x \ xsltproc \ && ( \ cd "$tempDir" \ + && export CARGO_HOME="$tempDir/.cargo" \ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ @@ -87,12 +91,12 @@ RUN set -x \ && tar xzvf ${REVISION}.tar.gz \ && cd pkg-oss-${REVISION} \ && cd debian \ - && for target in base module-geoip module-image-filter module-njs module-xslt; do \ + && for target in base module-geoip module-image-filter module-njs module-xslt module-acme; do \ make rules-$target; \ mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \ debuild-$target/nginx-$NGINX_VERSION/debian/control; \ done \ - && make base module-geoip module-image-filter module-njs module-xslt \ + && make base module-geoip module-image-filter module-njs module-xslt module-acme \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \ diff --git a/stable/alpine-otel/Dockerfile b/stable/alpine-otel/Dockerfile index 7ca1a94b..a2072086 100644 --- a/stable/alpine-otel/Dockerfile +++ b/stable/alpine-otel/Dockerfile @@ -15,6 +15,7 @@ RUN set -x \ nginx-module-geoip=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ + nginx-module-acme=${NGINX_VERSION}.${ACME_VERSION}-r${PKG_RELEASE} \ nginx-module-otel=${NGINX_VERSION}.${OTEL_VERSION}-r${PKG_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks @@ -50,16 +51,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/37ef58ecfb8d38297af7db05b091c0c656e090f3.tar.gz \ + && PKGOSSCHECKSUM=\"2c06e917e8c249b853c863e03b09f1d9e32bac2fda0486a81a0a2c7bcc6f57ca25bb3120d2a49a8893b4634f8c768a0700c9d8f3c36a1abca0c10ed622b12a12 *37ef58ecfb8d38297af7db05b091c0c656e090f3.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 37ef58ecfb8d38297af7db05b091c0c656e090f3.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 37ef58ecfb8d38297af7db05b091c0c656e090f3.tar.gz \ + && cd pkg-oss-37ef58ecfb8d38297af7db05b091c0c656e090f3 \ && cd alpine \ && make module-otel \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 9676d8bc..6b0d2b24 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -14,6 +14,7 @@ RUN set -x \ nginx-module-image-filter=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-perl=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ + nginx-module-acme=${NGINX_VERSION}.${ACME_VERSION}-r${PKG_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks && apk add --no-cache --virtual .checksum-deps \ @@ -45,16 +46,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/37ef58ecfb8d38297af7db05b091c0c656e090f3.tar.gz \ + && PKGOSSCHECKSUM=\"2c06e917e8c249b853c863e03b09f1d9e32bac2fda0486a81a0a2c7bcc6f57ca25bb3120d2a49a8893b4634f8c768a0700c9d8f3c36a1abca0c10ed622b12a12 *37ef58ecfb8d38297af7db05b091c0c656e090f3.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 37ef58ecfb8d38297af7db05b091c0c656e090f3.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 37ef58ecfb8d38297af7db05b091c0c656e090f3.tar.gz \ + && cd pkg-oss-37ef58ecfb8d38297af7db05b091c0c656e090f3 \ && cd alpine \ && make module-perl \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 29bf5ba2..bfc8a8d4 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -3,7 +3,7 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM alpine:3.21 +FROM alpine:3.22 LABEL maintainer="NGINX Docker Maintainers " @@ -58,16 +58,16 @@ RUN set -x \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/37ef58ecfb8d38297af7db05b091c0c656e090f3.tar.gz \ + && PKGOSSCHECKSUM=\"2c06e917e8c249b853c863e03b09f1d9e32bac2fda0486a81a0a2c7bcc6f57ca25bb3120d2a49a8893b4634f8c768a0700c9d8f3c36a1abca0c10ed622b12a12 *37ef58ecfb8d38297af7db05b091c0c656e090f3.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 37ef58ecfb8d38297af7db05b091c0c656e090f3.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 37ef58ecfb8d38297af7db05b091c0c656e090f3.tar.gz \ + && cd pkg-oss-37ef58ecfb8d38297af7db05b091c0c656e090f3 \ && cd alpine \ && make base \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index fb0c900a..854c2502 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -5,8 +5,9 @@ # FROM nginx:1.28.0-alpine-slim -ENV NJS_VERSION 0.8.10 +ENV NJS_VERSION 0.9.4 ENV NJS_RELEASE 1 +ENV ACME_VERSION 0.2.0 RUN set -x \ && apkArch="$(cat /etc/apk/arch)" \ @@ -16,6 +17,7 @@ RUN set -x \ nginx-module-geoip=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-r${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} \ + nginx-module-acme=${NGINX_VERSION}.${ACME_VERSION}-r${PKG_RELEASE} \ " \ # install prerequisites for public key and pkg-oss checks && apk add --no-cache --virtual .checksum-deps \ @@ -47,21 +49,23 @@ RUN set -x \ alpine-sdk \ findutils \ curl \ + cargo \ + clang-libclang \ && su nobody -s /bin/sh -c " \ export HOME=${tempDir} \ && cd ${tempDir} \ - && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && PKGOSSCHECKSUM=\"517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\" \ - && if [ \"\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ + && curl -f -L -O https://github.com/nginx/pkg-oss/archive/37ef58ecfb8d38297af7db05b091c0c656e090f3.tar.gz \ + && PKGOSSCHECKSUM=\"2c06e917e8c249b853c863e03b09f1d9e32bac2fda0486a81a0a2c7bcc6f57ca25bb3120d2a49a8893b4634f8c768a0700c9d8f3c36a1abca0c10ed622b12a12 *37ef58ecfb8d38297af7db05b091c0c656e090f3.tar.gz\" \ + && if [ \"\$(openssl sha512 -r 37ef58ecfb8d38297af7db05b091c0c656e090f3.tar.gz)\" = \"\$PKGOSSCHECKSUM\" ]; then \ echo \"pkg-oss tarball checksum verification succeeded!\"; \ else \ echo \"pkg-oss tarball checksum verification failed!\"; \ exit 1; \ fi \ - && tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \ - && cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \ + && tar xzvf 37ef58ecfb8d38297af7db05b091c0c656e090f3.tar.gz \ + && cd pkg-oss-37ef58ecfb8d38297af7db05b091c0c656e090f3 \ && cd alpine \ - && make module-geoip module-image-filter module-njs module-xslt \ + && make module-geoip module-image-filter module-njs module-xslt module-acme \ && apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \ && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \ " \ diff --git a/stable/debian-otel/Dockerfile b/stable/debian-otel/Dockerfile index e4129a43..de6c5869 100644 --- a/stable/debian-otel/Dockerfile +++ b/stable/debian-otel/Dockerfile @@ -16,12 +16,13 @@ RUN set -x; \ nginx-module-geoip=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ + nginx-module-acme=${NGINX_VERSION}+${ACME_VERSION}-${PKG_RELEASE} \ nginx-module-otel=${NGINX_VERSION}+${OTEL_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ trixie nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ @@ -47,10 +48,10 @@ RUN set -x; \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION="37ef58ecfb8d38297af7db05b091c0c656e090f3" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="2c06e917e8c249b853c863e03b09f1d9e32bac2fda0486a81a0a2c7bcc6f57ca25bb3120d2a49a8893b4634f8c768a0700c9d8f3c36a1abca0c10ed622b12a12 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile index bda0e1b8..2725a622 100644 --- a/stable/debian-perl/Dockerfile +++ b/stable/debian-perl/Dockerfile @@ -15,11 +15,12 @@ RUN set -x; \ nginx-module-image-filter=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ + nginx-module-acme=${NGINX_VERSION}+${ACME_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ trixie nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ @@ -45,10 +46,10 @@ RUN set -x; \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && REVISION="37ef58ecfb8d38297af7db05b091c0c656e090f3" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="2c06e917e8c249b853c863e03b09f1d9e32bac2fda0486a81a0a2c7bcc6f57ca25bb3120d2a49a8893b4634f8c768a0700c9d8f3c36a1abca0c10ed622b12a12 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile index 99f34952..b8ee2582 100644 --- a/stable/debian/Dockerfile +++ b/stable/debian/Dockerfile @@ -3,15 +3,16 @@ # # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM debian:bookworm-slim +FROM debian:trixie-slim LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_VERSION 1.28.0 -ENV NJS_VERSION 0.8.10 -ENV NJS_RELEASE 1~bookworm -ENV PKG_RELEASE 1~bookworm -ENV DYNPKG_RELEASE 1~bookworm +ENV NJS_VERSION 0.9.4 +ENV NJS_RELEASE 1~trixie +ENV ACME_VERSION 0.2.0 +ENV PKG_RELEASE 1~trixie +ENV DYNPKG_RELEASE 1~trixie RUN set -x \ # create nginx user/group first, to be consistent throughout docker variants @@ -44,11 +45,12 @@ RUN set -x \ nginx-module-geoip=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-image-filter=${NGINX_VERSION}-${DYNPKG_RELEASE} \ nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \ + nginx-module-acme=${NGINX_VERSION}+${ACME_VERSION}-${PKG_RELEASE} \ " \ && case "$dpkgArch" in \ amd64|arm64) \ # arches officialy built by upstream - echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \ + echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ trixie nginx" >> /etc/apt/sources.list.d/nginx.list \ && apt-get update \ ;; \ *) \ @@ -65,6 +67,7 @@ RUN set -x \ # build .deb files from upstream's packaging sources && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y \ + cargo \ curl \ devscripts \ equivs \ @@ -74,10 +77,11 @@ RUN set -x \ xsltproc \ && ( \ cd "$tempDir" \ - && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \ + && export CARGO_HOME="$tempDir/.cargo" \ + && REVISION="37ef58ecfb8d38297af7db05b091c0c656e090f3" \ && REVISION=${REVISION%~*} \ && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \ - && PKGOSSCHECKSUM="517bc18954ccf4efddd51986584ca1f37966833ad342a297e1fe58fd0faf14c5a4dabcb23519dca433878a2927a95d6bea05a6749ee2fa67a33bf24cdc41b1e4 *${REVISION}.tar.gz" \ + && PKGOSSCHECKSUM="2c06e917e8c249b853c863e03b09f1d9e32bac2fda0486a81a0a2c7bcc6f57ca25bb3120d2a49a8893b4634f8c768a0700c9d8f3c36a1abca0c10ed622b12a12 *${REVISION}.tar.gz" \ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \ echo "pkg-oss tarball checksum verification succeeded!"; \ else \ @@ -87,12 +91,12 @@ RUN set -x \ && tar xzvf ${REVISION}.tar.gz \ && cd pkg-oss-${REVISION} \ && cd debian \ - && for target in base module-geoip module-image-filter module-njs module-xslt; do \ + && for target in base module-geoip module-image-filter module-njs module-xslt module-acme; do \ make rules-$target; \ mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \ debuild-$target/nginx-$NGINX_VERSION/debian/control; \ done \ - && make base module-geoip module-image-filter module-njs module-xslt \ + && make base module-geoip module-image-filter module-njs module-xslt module-acme \ ) \ # we don't remove APT lists here because they get re-downloaded and removed later \