From 4e354361270176d8ecca0db7131b70c354d7c1cf Mon Sep 17 00:00:00 2001 From: Philipp Wiendl Date: Thu, 5 Jan 2017 16:56:48 +0700 Subject: [PATCH 1/2] Replace openssl with libressl --- 2.1/alpine/Dockerfile | 6 +++--- 2.2/alpine/Dockerfile | 6 +++--- 2.3/alpine/Dockerfile | 6 +++--- 2.4/alpine/Dockerfile | 6 +++--- Dockerfile-alpine.template | 6 +++--- 5 files changed, 15 insertions(+), 15 deletions(-) diff --git a/2.1/alpine/Dockerfile b/2.1/alpine/Dockerfile index a862639b72..02dda9fc3c 100644 --- a/2.1/alpine/Dockerfile +++ b/2.1/alpine/Dockerfile @@ -34,8 +34,8 @@ RUN set -ex \ linux-headers \ make \ ncurses-dev \ - openssl \ - openssl-dev \ + libressl \ + libressl-dev \ procps \ readline-dev \ ruby \ @@ -80,7 +80,7 @@ RUN set -ex \ bzip2 \ ca-certificates \ libffi-dev \ - openssl-dev \ + libressl-dev \ yaml-dev \ procps \ zlib-dev \ diff --git a/2.2/alpine/Dockerfile b/2.2/alpine/Dockerfile index f438cb5e23..d25d4fc758 100644 --- a/2.2/alpine/Dockerfile +++ b/2.2/alpine/Dockerfile @@ -34,8 +34,8 @@ RUN set -ex \ linux-headers \ make \ ncurses-dev \ - openssl \ - openssl-dev \ + libressl \ + libressl-dev \ procps \ readline-dev \ ruby \ @@ -80,7 +80,7 @@ RUN set -ex \ bzip2 \ ca-certificates \ libffi-dev \ - openssl-dev \ + libressl-dev \ yaml-dev \ procps \ zlib-dev \ diff --git a/2.3/alpine/Dockerfile b/2.3/alpine/Dockerfile index ab77b912b3..132fbf627b 100644 --- a/2.3/alpine/Dockerfile +++ b/2.3/alpine/Dockerfile @@ -34,8 +34,8 @@ RUN set -ex \ linux-headers \ make \ ncurses-dev \ - openssl \ - openssl-dev \ + libressl \ + libressl-dev \ procps \ readline-dev \ ruby \ @@ -80,7 +80,7 @@ RUN set -ex \ bzip2 \ ca-certificates \ libffi-dev \ - openssl-dev \ + libressl-dev \ yaml-dev \ procps \ zlib-dev \ diff --git a/2.4/alpine/Dockerfile b/2.4/alpine/Dockerfile index 240b0c5e8f..6305f99e69 100644 --- a/2.4/alpine/Dockerfile +++ b/2.4/alpine/Dockerfile @@ -34,8 +34,8 @@ RUN set -ex \ linux-headers \ make \ ncurses-dev \ - openssl \ - openssl-dev \ + libressl \ + libressl-dev \ procps \ readline-dev \ ruby \ @@ -80,7 +80,7 @@ RUN set -ex \ bzip2 \ ca-certificates \ libffi-dev \ - openssl-dev \ + libressl-dev \ yaml-dev \ procps \ zlib-dev \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 710a3cf0ed..838c6bfecb 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -34,8 +34,8 @@ RUN set -ex \ linux-headers \ make \ ncurses-dev \ - openssl \ - openssl-dev \ + libressl \ + libressl-dev \ procps \ readline-dev \ ruby \ @@ -80,7 +80,7 @@ RUN set -ex \ bzip2 \ ca-certificates \ libffi-dev \ - openssl-dev \ + libressl-dev \ yaml-dev \ procps \ zlib-dev \ From 646def59294fca07da12bd730870309bfae901ab Mon Sep 17 00:00:00 2001 From: Philipp Wiendl Date: Thu, 5 Jan 2017 18:38:02 +0700 Subject: [PATCH 2/2] add conditional randegd patch for ruby 2.1 alpine --- 2.1/alpine/Dockerfile | 5 ++++ 2.1/alpine/patch/ruby-randegd.patch | 44 +++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+) create mode 100644 2.1/alpine/patch/ruby-randegd.patch diff --git a/2.1/alpine/Dockerfile b/2.1/alpine/Dockerfile index 02dda9fc3c..84fc95f1f0 100644 --- a/2.1/alpine/Dockerfile +++ b/2.1/alpine/Dockerfile @@ -12,6 +12,8 @@ ENV RUBY_VERSION 2.1.10 ENV RUBY_DOWNLOAD_SHA256 5be9f8d5d29d252cd7f969ab7550e31bbb001feb4a83532301c0dd3b5006e148 ENV RUBYGEMS_VERSION 2.6.8 +ADD patch/ruby-randegd.patch /tmp/ruby-randegd.patch + # some of ruby's build scripts are written in ruby # we purge system ruby later to make sure our final image uses what we just built # readline-dev vs libedit-dev: https://bugs.ruby-lang.org/issues/11869 and https://github.com/docker-library/ruby/issues/75 @@ -62,6 +64,9 @@ RUN set -ex \ } > file.c.new \ && mv file.c.new file.c \ \ + && patch -p0 < /tmp/ruby-randegd.patch \ + && rm /tmp/ruby-randegd.patch \ + \ && autoconf \ # the configure script does not detect isnan/isinf as macros && ac_cv_func_isnan=yes ac_cv_func_isinf=yes \ diff --git a/2.1/alpine/patch/ruby-randegd.patch b/2.1/alpine/patch/ruby-randegd.patch new file mode 100644 index 0000000000..64673de116 --- /dev/null +++ b/2.1/alpine/patch/ruby-randegd.patch @@ -0,0 +1,44 @@ +diff --git ext/openssl/extconf.rb ext/openssl/extconf.rb +index c2fc8b0..39e091d 100644 +--- ext/openssl/extconf.rb ++++ ext/openssl/extconf.rb +@@ -87,6 +87,7 @@ have_func("HMAC_CTX_init") + have_func("PEM_def_callback") + have_func("PKCS5_PBKDF2_HMAC") + have_func("PKCS5_PBKDF2_HMAC_SHA1") ++have_func("RAND_egd") + have_func("X509V3_set_nconf") + have_func("X509V3_EXT_nconf_nid") + have_func("X509_CRL_add0_revoked") +diff --git ext/openssl/ossl_rand.c ext/openssl/ossl_rand.c +index abd1809..63c3c20 100644 +--- ext/openssl/ossl_rand.c ++++ ext/openssl/ossl_rand.c +@@ -125,6 +125,8 @@ ossl_rand_pseudo_bytes(VALUE self, VALUE len) + return str; + } + ++#ifdef HAVE_RAND_EGD ++ + /* + * call-seq: + * egd(filename) -> true +@@ -158,6 +160,7 @@ ossl_rand_egd_bytes(VALUE self, VALUE filename, VALUE len) + } + return Qtrue; + } ++#endif /* HAVE_RAND_EGD */ + + /* + * call-seq: +@@ -195,8 +198,10 @@ Init_ossl_rand() + DEFMETH(mRandom, "write_random_file", ossl_rand_write_file, 1); + DEFMETH(mRandom, "random_bytes", ossl_rand_bytes, 1); + DEFMETH(mRandom, "pseudo_bytes", ossl_rand_pseudo_bytes, 1); ++#ifdef HAVE_RAND_EGD + DEFMETH(mRandom, "egd", ossl_rand_egd, 1); + DEFMETH(mRandom, "egd_bytes", ossl_rand_egd_bytes, 2); ++#endif /* HAVE_RAND_EGD */ + DEFMETH(mRandom, "status?", ossl_rand_status, 0) + } +