You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by wo...@apache.org on 2020/01/31 22:41:34 UTC
[couchdb-docker] 01/01: 3.0.0: move to buster, no admin party
This is an automated email from the ASF dual-hosted git repository.
wohali pushed a commit to branch 3.0.0
in repository https://gitbox.apache.org/repos/asf/couchdb-docker.git
commit bedf88ff598a1db9706e422c57928f9fdbe87728
Author: Joan Touzet <wo...@apache.org>
AuthorDate: Fri Jan 31 14:41:01 2020 -0800
3.0.0: move to buster, no admin party
---
.travis.yml | 2 +-
2.3.0/Dockerfile | 129 ------------------------------
2.3.0/docker-entrypoint.sh | 95 ----------------------
{2.3.0 => 3.0.0}/10-docker-default.ini | 3 -
3.0.0/Dockerfile | 140 +++++++++++++++++++++++++++++++++
3.0.0/docker-entrypoint.sh | 106 +++++++++++++++++++++++++
{2.3.0 => 3.0.0}/vm.args | 0
dev/Dockerfile | 2 +-
8 files changed, 248 insertions(+), 229 deletions(-)
diff --git a/.travis.yml b/.travis.yml
index 18aa8c5..a3957d6 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -11,9 +11,9 @@ services:
- docker
env:
- - RELEASES=2.3.0
- RELEASES=2.3.1
- RELEASES=2.3.1-ubi
+ - RELEASES=3.0.0
- RELEASES=dev
- RELEASES=dev-cluster
diff --git a/2.3.0/Dockerfile b/2.3.0/Dockerfile
deleted file mode 100644
index 710f3c9..0000000
--- a/2.3.0/Dockerfile
+++ /dev/null
@@ -1,129 +0,0 @@
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy of
-# the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-
-FROM debian:stretch-slim
-
-LABEL maintainer="CouchDB Developers dev@couchdb.apache.org"
-
-# Add CouchDB user account to make sure the IDs are assigned consistently
-RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb
-
-# be sure GPG and apt-transport-https are available and functional
-RUN set -ex; \
- apt-get update; \
- apt-get install -y --no-install-recommends \
- apt-transport-https \
- ca-certificates \
- dirmngr \
- gnupg \
- ; \
- rm -rf /var/lib/apt/lists/*
-
-# grab gosu for easy step-down from root and tini for signal handling and zombie reaping
-# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407
-ENV GOSU_VERSION 1.11
-ENV TINI_VERSION 0.18.0
-RUN set -ex; \
- \
- apt-get update; \
- apt-get install -y --no-install-recommends wget; \
- rm -rf /var/lib/apt/lists/*; \
- \
- dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
- \
-# install gosu
- wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-$dpkgArch"; \
- wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
- export GNUPGHOME="$(mktemp -d)"; \
- for server in $(shuf -e pgpkeys.mit.edu \
- ha.pool.sks-keyservers.net \
- hkp://p80.pool.sks-keyservers.net:80 \
- pgp.mit.edu) ; do \
- gpg --batch --keyserver $server --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \
- done; \
- gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
- rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
- chmod +x /usr/local/bin/gosu; \
- gosu nobody true; \
- \
-# install tini
- wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch"; \
- wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch.asc"; \
- export GNUPGHOME="$(mktemp -d)"; \
- for server in $(shuf -e pgpkeys.mit.edu \
- ha.pool.sks-keyservers.net \
- hkp://p80.pool.sks-keyservers.net:80 \
- pgp.mit.edu) ; do \
- gpg --batch --keyserver $server --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \
- done; \
- gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \
- rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \
- chmod +x /usr/local/bin/tini; \
- apt-get purge -y --auto-remove wget; \
- tini --version
-
-# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages
-ENV GPG_COUCH_KEY \
-# gpg: key D401AB61: public key "Bintray (by JFrog) <bi...@bintray.com> imported
- 8756C4F765C9AC3CB6B85D62379CE192D401AB61
-RUN set -xe; \
- export GNUPGHOME="$(mktemp -d)"; \
- for server in $(shuf -e pgpkeys.mit.edu \
- ha.pool.sks-keyservers.net \
- hkp://p80.pool.sks-keyservers.net:80 \
- pgp.mit.edu) ; do \
- gpg --batch --keyserver $server --recv-keys $GPG_COUCH_KEY && break || : ; \
- done; \
- gpg --batch --export $GPG_COUCH_KEY > /etc/apt/trusted.gpg.d/couchdb.gpg; \
- command -v gpgconf && gpgconf --kill all || :; \
- rm -rf "$GNUPGHOME"; \
- apt-key list
-
-ENV COUCHDB_VERSION 2.3.0
-
-RUN echo "deb https://apache.bintray.com/couchdb-deb stretch main" > /etc/apt/sources.list.d/couchdb.list
-
-# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian
-RUN set -xe; \
- apt-get update; \
- \
- echo "couchdb couchdb/mode select none" | debconf-set-selections; \
-# we DO want recommends this time
- DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \
- couchdb="$COUCHDB_VERSION"~stretch \
- ; \
-# Undo symlinks to /var/log and /var/lib
- rmdir /var/lib/couchdb /var/log/couchdb; \
- rm /opt/couchdb/data /opt/couchdb/var/log; \
- mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \
- chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \
- chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \
-# Remove file that sets logging to a file
- rm /opt/couchdb/etc/default.d/10-filelog.ini; \
- rm -rf /var/lib/apt/lists/*
-
-# Add configuration
-COPY 10-docker-default.ini /opt/couchdb/etc/default.d/
-COPY vm.args /opt/couchdb/etc/
-COPY docker-entrypoint.sh /usr/local/bin
-RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat
-ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"]
-
-# Setup directories and permissions
-RUN find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +
-VOLUME /opt/couchdb/data
-
-# 5984: Main CouchDB endpoint
-# 4369: Erlang portmap daemon (epmd)
-# 9100: CouchDB cluster communication port
-EXPOSE 5984 4369 9100
-CMD ["/opt/couchdb/bin/couchdb"]
diff --git a/2.3.0/docker-entrypoint.sh b/2.3.0/docker-entrypoint.sh
deleted file mode 100755
index 7fdb04b..0000000
--- a/2.3.0/docker-entrypoint.sh
+++ /dev/null
@@ -1,95 +0,0 @@
-#!/bin/bash
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy of
-# the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-
-set -e
-
-# first arg is `-something` or `+something`
-if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then
- set -- /opt/couchdb/bin/couchdb "$@"
-fi
-
-# first arg is the bare word `couchdb`
-if [ "$1" = 'couchdb' ]; then
- shift
- set -- /opt/couchdb/bin/couchdb "$@"
-fi
-
-if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then
- # Check that we own everything in /opt/couchdb and fix if necessary. We also
- # add the `-f` flag in all the following invocations because there may be
- # cases where some of these ownership and permissions issues are non-fatal
- # (e.g. a config file owned by root with o+r is actually fine), and we don't
- # to be too aggressive about crashing here ...
- find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +
-
- # Ensure that data files have the correct permissions. We were previously
- # preventing any access to these files outside of couchdb:couchdb, but it
- # turns out that CouchDB itself does not set such restrictive permissions
- # when it creates the files. The approach taken here ensures that the
- # contents of the datadir have the same permissions as they had when they
- # were initially created. This should minimize any startup delay.
- find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' +
- find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' +
-
- # Do the same thing for configuration files and directories. Technically
- # CouchDB only needs read access to the configuration files as all online
- # changes will be applied to the "docker.ini" file below, but we set 644
- # for the sake of consistency.
- find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +
- find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +
-
- if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then
- echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args
- fi
-
- # Ensure that CouchDB will write custom settings in this file
- touch /opt/couchdb/etc/local.d/docker.ini
-
- if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then
- # Create admin only if not already present
- if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini; then
- printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini
- fi
- fi
-
- if [ "$COUCHDB_SECRET" ]; then
- # Set secret only if not already present
- if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini; then
- printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini
- fi
- fi
-
- chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true
-
- # if we don't find an [admins] section followed by a non-comment, display a warning
- if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini; then
- # The - option suppresses leading tabs but *not* spaces. :)
- cat >&2 <<-'EOWARN'
- ****************************************************
- WARNING: CouchDB is running in Admin Party mode.
- This will allow anyone with access to the
- CouchDB port to access your database. In
- Docker's default configuration, this is
- effectively any other container on the same
- system.
- Use "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password"
- to set it in "docker run".
- ****************************************************
- EOWARN
- fi
-
-
- exec gosu couchdb "$@"
-fi
-
-exec "$@"
diff --git a/2.3.0/10-docker-default.ini b/3.0.0/10-docker-default.ini
similarity index 89%
rename from 2.3.0/10-docker-default.ini
rename to 3.0.0/10-docker-default.ini
index c1bac9e..1aa633c 100644
--- a/2.3.0/10-docker-default.ini
+++ b/3.0.0/10-docker-default.ini
@@ -6,6 +6,3 @@
[chttpd]
bind_address = any
-
-[httpd]
-bind_address = any
diff --git a/3.0.0/Dockerfile b/3.0.0/Dockerfile
new file mode 100644
index 0000000..74d1c46
--- /dev/null
+++ b/3.0.0/Dockerfile
@@ -0,0 +1,140 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy of
+# the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations under
+# the License.
+
+FROM debian:buster-slim
+
+LABEL maintainer="CouchDB Developers dev@couchdb.apache.org"
+
+# Add CouchDB user account to make sure the IDs are assigned consistently
+RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb
+
+# be sure GPG and apt-transport-https are available and functional
+RUN set -ex; \
+ apt-get update; \
+ apt-get install -y --no-install-recommends \
+ apt-transport-https \
+ ca-certificates \
+ dirmngr \
+ gnupg \
+ ; \
+ rm -rf /var/lib/apt/lists/*
+
+# grab gosu for easy step-down from root and tini for signal handling and zombie reaping
+# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407
+ENV GOSU_VERSION 1.11
+ENV TINI_VERSION 0.18.0
+RUN set -ex; \
+ \
+ apt-get update; \
+ apt-get install -y --no-install-recommends wget; \
+ rm -rf /var/lib/apt/lists/*; \
+ \
+ dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
+ \
+# install gosu
+ wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-$dpkgArch"; \
+ wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
+ export GNUPGHOME="$(mktemp -d)"; \
+ echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \
+ for server in $(shuf -e pgpkeys.mit.edu \
+ ha.pool.sks-keyservers.net \
+ hkp://p80.pool.sks-keyservers.net:80 \
+ pgp.mit.edu) ; do \
+ gpg --batch --keyserver $server --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \
+ done; \
+ gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
+ rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
+ chmod +x /usr/local/bin/gosu; \
+ gosu nobody true; \
+ \
+# install tini
+ wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch"; \
+ wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch.asc"; \
+ export GNUPGHOME="$(mktemp -d)"; \
+ echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \
+ for server in $(shuf -e pgpkeys.mit.edu \
+ ha.pool.sks-keyservers.net \
+ hkp://p80.pool.sks-keyservers.net:80 \
+ pgp.mit.edu) ; do \
+ gpg --batch --keyserver $server --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \
+ done; \
+ gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \
+ rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \
+ chmod +x /usr/local/bin/tini; \
+ apt-get purge -y --auto-remove wget; \
+ tini --version
+
+# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages
+ENV GPG_COUCH_KEY \
+# gpg: key D401AB61: public key "Bintray (by JFrog) <bi...@bintray.com> imported
+ 8756C4F765C9AC3CB6B85D62379CE192D401AB61
+RUN set -xe; \
+ export GNUPGHOME="$(mktemp -d)"; \
+ echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \
+ for server in $(shuf -e pgpkeys.mit.edu \
+ ha.pool.sks-keyservers.net \
+ hkp://p80.pool.sks-keyservers.net:80 \
+ pgp.mit.edu) ; do \
+ gpg --batch --keyserver $server --recv-keys $GPG_COUCH_KEY && break || : ; \
+ done; \
+ gpg --batch --export $GPG_COUCH_KEY > /etc/apt/trusted.gpg.d/couchdb.gpg; \
+ command -v gpgconf && gpgconf --kill all || :; \
+ rm -rf "$GNUPGHOME"; \
+ apt-key list
+
+ENV COUCHDB_VERSION 3.0.0
+
+RUN echo "deb https://apache.bintray.com/couchdb-deb buster main" > /etc/apt/sources.list.d/couchdb.list
+
+# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian
+RUN set -xe; \
+ apt-get update; \
+ \
+ echo "couchdb couchdb/mode select none" | debconf-set-selections; \
+# we DO want recommends this time
+ DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \
+ couchdb="$COUCHDB_VERSION"~buster \
+ ; \
+# Undo symlinks to /var/log and /var/lib
+ rmdir /var/lib/couchdb /var/log/couchdb; \
+ rm /opt/couchdb/data /opt/couchdb/var/log; \
+ mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \
+ chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \
+ chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \
+# Remove file that sets logging to a file
+ rm /opt/couchdb/etc/default.d/10-filelog.ini; \
+# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh
+ find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \
+# Setup directories and permissions for config. Technically these could be 555 and 444 respectively
+# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh.
+ find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \
+ find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \
+# only local.d needs to be writable for the docker_entrypoint.sh
+ chmod -f 0777 /opt/couchdb/etc/local.d; \
+# apt clean-up
+ rm -rf /var/lib/apt/lists/*;
+
+# Add configuration
+COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/
+COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/
+
+COPY docker-entrypoint.sh /usr/local/bin
+RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat
+ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"]
+
+VOLUME /opt/couchdb/data
+
+# 5984: Main CouchDB endpoint
+# 4369: Erlang portmap daemon (epmd)
+# 9100: CouchDB cluster communication port
+EXPOSE 5984 4369 9100
+CMD ["/opt/couchdb/bin/couchdb"]
diff --git a/3.0.0/docker-entrypoint.sh b/3.0.0/docker-entrypoint.sh
new file mode 100755
index 0000000..d7353f2
--- /dev/null
+++ b/3.0.0/docker-entrypoint.sh
@@ -0,0 +1,106 @@
+#!/bin/bash
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy of
+# the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations under
+# the License.
+
+set -e
+
+# first arg is `-something` or `+something`
+if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then
+ set -- /opt/couchdb/bin/couchdb "$@"
+fi
+
+# first arg is the bare word `couchdb`
+if [ "$1" = 'couchdb' ]; then
+ shift
+ set -- /opt/couchdb/bin/couchdb "$@"
+fi
+
+if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then
+ # this is where runtime configuration changes will be written.
+ # we need to explicitly touch it here in case /opt/couchdb/etc has
+ # been mounted as an external volume, in which case it won't exist.
+ # If running as the couchdb user (i.e. container starts as root),
+ # write permissions will be granted below.
+ touch /opt/couchdb/etc/local.d/docker.ini
+
+ # if user is root, assume running under the couchdb user (default)
+ # and ensure it is able to access files and directories that may be mounted externally
+ if [ "$(id -u)" = '0' ]; then
+ # Check that we own everything in /opt/couchdb and fix if necessary. We also
+ # add the `-f` flag in all the following invocations because there may be
+ # cases where some of these ownership and permissions issues are non-fatal
+ # (e.g. a config file owned by root with o+r is actually fine), and we don't
+ # to be too aggressive about crashing here ...
+ find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +
+
+ # Ensure that data files have the correct permissions. We were previously
+ # preventing any access to these files outside of couchdb:couchdb, but it
+ # turns out that CouchDB itself does not set such restrictive permissions
+ # when it creates the files. The approach taken here ensures that the
+ # contents of the datadir have the same permissions as they had when they
+ # were initially created. This should minimize any startup delay.
+ find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' +
+ find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' +
+
+ # Do the same thing for configuration files and directories. Technically
+ # CouchDB only needs read access to the configuration files as all online
+ # changes will be applied to the "docker.ini" file below, but we set 644
+ # for the sake of consistency.
+ find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +
+ find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +
+ fi
+
+ if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then
+ echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args
+ fi
+
+ if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then
+ # Create admin only if not already present
+ if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini; then
+ printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini
+ fi
+ fi
+
+ if [ "$COUCHDB_SECRET" ]; then
+ # Set secret only if not already present
+ if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini; then
+ printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini
+ fi
+ fi
+
+ if [ "$(id -u)" = '0' ]; then
+ chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true
+ fi
+
+ # if we don't find an [admins] section followed by a non-comment, display a warning
+ if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini; then
+ # The - option suppresses leading tabs but *not* spaces. :)
+ cat >&2 <<-'EOWARN'
+*************************************************************
+ERROR: CouchDB 3.0+ will no longer run in "Admin Party"
+ mode. You *MUST* specify an admin user and
+ password, either via your own .ini file mapped
+ into the container at /opt/couchdb/etc/local.ini
+ or inside /opt/couchdb/etc/local.d, or with
+ "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password"
+ to set it via "docker run".
+*************************************************************
+EOWARN
+ exit 1
+ fi
+
+ if [ "$(id -u)" = '0' ]; then
+ exec gosu couchdb "$@"
+ fi
+fi
+
+exec "$@"
diff --git a/2.3.0/vm.args b/3.0.0/vm.args
similarity index 100%
rename from 2.3.0/vm.args
rename to 3.0.0/vm.args
diff --git a/dev/Dockerfile b/dev/Dockerfile
index 4f4cdce..f1ec18b 100644
--- a/dev/Dockerfile
+++ b/dev/Dockerfile
@@ -28,7 +28,7 @@ RUN apt-get update -y && apt-get install -y \
libicu63 \
libssl1.1 \
openssl \
- && echo "deb https://apache.bintray.com/couchdb-deb stretch main" \
+ && echo "deb https://apache.bintray.com/couchdb-deb buster main" \
| tee /etc/apt/sources.list.d/couchdb.list \
&& cat /etc/apt/sources.list.d/couchdb.list \
&& for server in $(shuf -e pgpkeys.mit.edu \