You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by wo...@apache.org on 2020/01/31 22:41:33 UTC
[couchdb-docker] branch 3.0.0 created (now bedf88f)
This is an automated email from the ASF dual-hosted git repository.
wohali pushed a change to branch 3.0.0
in repository https://gitbox.apache.org/repos/asf/couchdb-docker.git.
at bedf88f 3.0.0: move to buster, no admin party
This branch includes the following new commits:
new bedf88f 3.0.0: move to buster, no admin party
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[couchdb-docker] 01/01: 3.0.0: move to buster, no admin party
Posted by wo...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
wohali pushed a commit to branch 3.0.0
in repository https://gitbox.apache.org/repos/asf/couchdb-docker.git
commit bedf88ff598a1db9706e422c57928f9fdbe87728
Author: Joan Touzet <wo...@apache.org>
AuthorDate: Fri Jan 31 14:41:01 2020 -0800
3.0.0: move to buster, no admin party
---
.travis.yml | 2 +-
2.3.0/Dockerfile | 129 ------------------------------
2.3.0/docker-entrypoint.sh | 95 ----------------------
{2.3.0 => 3.0.0}/10-docker-default.ini | 3 -
3.0.0/Dockerfile | 140 +++++++++++++++++++++++++++++++++
3.0.0/docker-entrypoint.sh | 106 +++++++++++++++++++++++++
{2.3.0 => 3.0.0}/vm.args | 0
dev/Dockerfile | 2 +-
8 files changed, 248 insertions(+), 229 deletions(-)
diff --git a/.travis.yml b/.travis.yml
index 18aa8c5..a3957d6 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -11,9 +11,9 @@ services:
- docker
env:
- - RELEASES=2.3.0
- RELEASES=2.3.1
- RELEASES=2.3.1-ubi
+ - RELEASES=3.0.0
- RELEASES=dev
- RELEASES=dev-cluster
diff --git a/2.3.0/Dockerfile b/2.3.0/Dockerfile
deleted file mode 100644
index 710f3c9..0000000
--- a/2.3.0/Dockerfile
+++ /dev/null
@@ -1,129 +0,0 @@
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy of
-# the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-
-FROM debian:stretch-slim
-
-LABEL maintainer="CouchDB Developers dev@couchdb.apache.org"
-
-# Add CouchDB user account to make sure the IDs are assigned consistently
-RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb
-
-# be sure GPG and apt-transport-https are available and functional
-RUN set -ex; \
- apt-get update; \
- apt-get install -y --no-install-recommends \
- apt-transport-https \
- ca-certificates \
- dirmngr \
- gnupg \
- ; \
- rm -rf /var/lib/apt/lists/*
-
-# grab gosu for easy step-down from root and tini for signal handling and zombie reaping
-# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407
-ENV GOSU_VERSION 1.11
-ENV TINI_VERSION 0.18.0
-RUN set -ex; \
- \
- apt-get update; \
- apt-get install -y --no-install-recommends wget; \
- rm -rf /var/lib/apt/lists/*; \
- \
- dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
- \
-# install gosu
- wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-$dpkgArch"; \
- wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
- export GNUPGHOME="$(mktemp -d)"; \
- for server in $(shuf -e pgpkeys.mit.edu \
- ha.pool.sks-keyservers.net \
- hkp://p80.pool.sks-keyservers.net:80 \
- pgp.mit.edu) ; do \
- gpg --batch --keyserver $server --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \
- done; \
- gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
- rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
- chmod +x /usr/local/bin/gosu; \
- gosu nobody true; \
- \
-# install tini
- wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch"; \
- wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch.asc"; \
- export GNUPGHOME="$(mktemp -d)"; \
- for server in $(shuf -e pgpkeys.mit.edu \
- ha.pool.sks-keyservers.net \
- hkp://p80.pool.sks-keyservers.net:80 \
- pgp.mit.edu) ; do \
- gpg --batch --keyserver $server --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \
- done; \
- gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \
- rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \
- chmod +x /usr/local/bin/tini; \
- apt-get purge -y --auto-remove wget; \
- tini --version
-
-# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages
-ENV GPG_COUCH_KEY \
-# gpg: key D401AB61: public key "Bintray (by JFrog) <bi...@bintray.com> imported
- 8756C4F765C9AC3CB6B85D62379CE192D401AB61
-RUN set -xe; \
- export GNUPGHOME="$(mktemp -d)"; \
- for server in $(shuf -e pgpkeys.mit.edu \
- ha.pool.sks-keyservers.net \
- hkp://p80.pool.sks-keyservers.net:80 \
- pgp.mit.edu) ; do \
- gpg --batch --keyserver $server --recv-keys $GPG_COUCH_KEY && break || : ; \
- done; \
- gpg --batch --export $GPG_COUCH_KEY > /etc/apt/trusted.gpg.d/couchdb.gpg; \
- command -v gpgconf && gpgconf --kill all || :; \
- rm -rf "$GNUPGHOME"; \
- apt-key list
-
-ENV COUCHDB_VERSION 2.3.0
-
-RUN echo "deb https://apache.bintray.com/couchdb-deb stretch main" > /etc/apt/sources.list.d/couchdb.list
-
-# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian
-RUN set -xe; \
- apt-get update; \
- \
- echo "couchdb couchdb/mode select none" | debconf-set-selections; \
-# we DO want recommends this time
- DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \
- couchdb="$COUCHDB_VERSION"~stretch \
- ; \
-# Undo symlinks to /var/log and /var/lib
- rmdir /var/lib/couchdb /var/log/couchdb; \
- rm /opt/couchdb/data /opt/couchdb/var/log; \
- mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \
- chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \
- chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \
-# Remove file that sets logging to a file
- rm /opt/couchdb/etc/default.d/10-filelog.ini; \
- rm -rf /var/lib/apt/lists/*
-
-# Add configuration
-COPY 10-docker-default.ini /opt/couchdb/etc/default.d/
-COPY vm.args /opt/couchdb/etc/
-COPY docker-entrypoint.sh /usr/local/bin
-RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat
-ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"]
-
-# Setup directories and permissions
-RUN find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +
-VOLUME /opt/couchdb/data
-
-# 5984: Main CouchDB endpoint
-# 4369: Erlang portmap daemon (epmd)
-# 9100: CouchDB cluster communication port
-EXPOSE 5984 4369 9100
-CMD ["/opt/couchdb/bin/couchdb"]
diff --git a/2.3.0/docker-entrypoint.sh b/2.3.0/docker-entrypoint.sh
deleted file mode 100755
index 7fdb04b..0000000
--- a/2.3.0/docker-entrypoint.sh
+++ /dev/null
@@ -1,95 +0,0 @@
-#!/bin/bash
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy of
-# the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-
-set -e
-
-# first arg is `-something` or `+something`
-if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then
- set -- /opt/couchdb/bin/couchdb "$@"
-fi
-
-# first arg is the bare word `couchdb`
-if [ "$1" = 'couchdb' ]; then
- shift
- set -- /opt/couchdb/bin/couchdb "$@"
-fi
-
-if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then
- # Check that we own everything in /opt/couchdb and fix if necessary. We also
- # add the `-f` flag in all the following invocations because there may be
- # cases where some of these ownership and permissions issues are non-fatal
- # (e.g. a config file owned by root with o+r is actually fine), and we don't
- # to be too aggressive about crashing here ...
- find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +
-
- # Ensure that data files have the correct permissions. We were previously
- # preventing any access to these files outside of couchdb:couchdb, but it
- # turns out that CouchDB itself does not set such restrictive permissions
- # when it creates the files. The approach taken here ensures that the
- # contents of the datadir have the same permissions as they had when they
- # were initially created. This should minimize any startup delay.
- find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' +
- find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' +
-
- # Do the same thing for configuration files and directories. Technically
- # CouchDB only needs read access to the configuration files as all online
- # changes will be applied to the "docker.ini" file below, but we set 644
- # for the sake of consistency.
- find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +
- find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +
-
- if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then
- echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args
- fi
-
- # Ensure that CouchDB will write custom settings in this file
- touch /opt/couchdb/etc/local.d/docker.ini
-
- if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then
- # Create admin only if not already present
- if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini; then
- printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini
- fi
- fi
-
- if [ "$COUCHDB_SECRET" ]; then
- # Set secret only if not already present
- if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini; then
- printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini
- fi
- fi
-
- chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true
-
- # if we don't find an [admins] section followed by a non-comment, display a warning
- if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini; then
- # The - option suppresses leading tabs but *not* spaces. :)
- cat >&2 <<-'EOWARN'
- ****************************************************
- WARNING: CouchDB is running in Admin Party mode.
- This will allow anyone with access to the
- CouchDB port to access your database. In
- Docker's default configuration, this is
- effectively any other container on the same
- system.
- Use "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password"
- to set it in "docker run".
- ****************************************************
- EOWARN
- fi
-
-
- exec gosu couchdb "$@"
-fi
-
-exec "$@"
diff --git a/2.3.0/10-docker-default.ini b/3.0.0/10-docker-default.ini
similarity index 89%
rename from 2.3.0/10-docker-default.ini
rename to 3.0.0/10-docker-default.ini
index c1bac9e..1aa633c 100644
--- a/2.3.0/10-docker-default.ini
+++ b/3.0.0/10-docker-default.ini
@@ -6,6 +6,3 @@
[chttpd]
bind_address = any
-
-[httpd]
-bind_address = any
diff --git a/3.0.0/Dockerfile b/3.0.0/Dockerfile
new file mode 100644
index 0000000..74d1c46
--- /dev/null
+++ b/3.0.0/Dockerfile
@@ -0,0 +1,140 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy of
+# the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations under
+# the License.
+
+FROM debian:buster-slim
+
+LABEL maintainer="CouchDB Developers dev@couchdb.apache.org"
+
+# Add CouchDB user account to make sure the IDs are assigned consistently
+RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb
+
+# be sure GPG and apt-transport-https are available and functional
+RUN set -ex; \
+ apt-get update; \
+ apt-get install -y --no-install-recommends \
+ apt-transport-https \
+ ca-certificates \
+ dirmngr \
+ gnupg \
+ ; \
+ rm -rf /var/lib/apt/lists/*
+
+# grab gosu for easy step-down from root and tini for signal handling and zombie reaping
+# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407
+ENV GOSU_VERSION 1.11
+ENV TINI_VERSION 0.18.0
+RUN set -ex; \
+ \
+ apt-get update; \
+ apt-get install -y --no-install-recommends wget; \
+ rm -rf /var/lib/apt/lists/*; \
+ \
+ dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
+ \
+# install gosu
+ wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-$dpkgArch"; \
+ wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
+ export GNUPGHOME="$(mktemp -d)"; \
+ echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \
+ for server in $(shuf -e pgpkeys.mit.edu \
+ ha.pool.sks-keyservers.net \
+ hkp://p80.pool.sks-keyservers.net:80 \
+ pgp.mit.edu) ; do \
+ gpg --batch --keyserver $server --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \
+ done; \
+ gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
+ rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
+ chmod +x /usr/local/bin/gosu; \
+ gosu nobody true; \
+ \
+# install tini
+ wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch"; \
+ wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch.asc"; \
+ export GNUPGHOME="$(mktemp -d)"; \
+ echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \
+ for server in $(shuf -e pgpkeys.mit.edu \
+ ha.pool.sks-keyservers.net \
+ hkp://p80.pool.sks-keyservers.net:80 \
+ pgp.mit.edu) ; do \
+ gpg --batch --keyserver $server --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \
+ done; \
+ gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \
+ rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \
+ chmod +x /usr/local/bin/tini; \
+ apt-get purge -y --auto-remove wget; \
+ tini --version
+
+# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages
+ENV GPG_COUCH_KEY \
+# gpg: key D401AB61: public key "Bintray (by JFrog) <bi...@bintray.com> imported
+ 8756C4F765C9AC3CB6B85D62379CE192D401AB61
+RUN set -xe; \
+ export GNUPGHOME="$(mktemp -d)"; \
+ echo "disable-ipv6" >> ${GNUPGHOME}/dirmngr.conf; \
+ for server in $(shuf -e pgpkeys.mit.edu \
+ ha.pool.sks-keyservers.net \
+ hkp://p80.pool.sks-keyservers.net:80 \
+ pgp.mit.edu) ; do \
+ gpg --batch --keyserver $server --recv-keys $GPG_COUCH_KEY && break || : ; \
+ done; \
+ gpg --batch --export $GPG_COUCH_KEY > /etc/apt/trusted.gpg.d/couchdb.gpg; \
+ command -v gpgconf && gpgconf --kill all || :; \
+ rm -rf "$GNUPGHOME"; \
+ apt-key list
+
+ENV COUCHDB_VERSION 3.0.0
+
+RUN echo "deb https://apache.bintray.com/couchdb-deb buster main" > /etc/apt/sources.list.d/couchdb.list
+
+# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian
+RUN set -xe; \
+ apt-get update; \
+ \
+ echo "couchdb couchdb/mode select none" | debconf-set-selections; \
+# we DO want recommends this time
+ DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \
+ couchdb="$COUCHDB_VERSION"~buster \
+ ; \
+# Undo symlinks to /var/log and /var/lib
+ rmdir /var/lib/couchdb /var/log/couchdb; \
+ rm /opt/couchdb/data /opt/couchdb/var/log; \
+ mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \
+ chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \
+ chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \
+# Remove file that sets logging to a file
+ rm /opt/couchdb/etc/default.d/10-filelog.ini; \
+# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh
+ find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \
+# Setup directories and permissions for config. Technically these could be 555 and 444 respectively
+# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh.
+ find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \
+ find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \
+# only local.d needs to be writable for the docker_entrypoint.sh
+ chmod -f 0777 /opt/couchdb/etc/local.d; \
+# apt clean-up
+ rm -rf /var/lib/apt/lists/*;
+
+# Add configuration
+COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/
+COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/
+
+COPY docker-entrypoint.sh /usr/local/bin
+RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat
+ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"]
+
+VOLUME /opt/couchdb/data
+
+# 5984: Main CouchDB endpoint
+# 4369: Erlang portmap daemon (epmd)
+# 9100: CouchDB cluster communication port
+EXPOSE 5984 4369 9100
+CMD ["/opt/couchdb/bin/couchdb"]
diff --git a/3.0.0/docker-entrypoint.sh b/3.0.0/docker-entrypoint.sh
new file mode 100755
index 0000000..d7353f2
--- /dev/null
+++ b/3.0.0/docker-entrypoint.sh
@@ -0,0 +1,106 @@
+#!/bin/bash
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy of
+# the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations under
+# the License.
+
+set -e
+
+# first arg is `-something` or `+something`
+if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then
+ set -- /opt/couchdb/bin/couchdb "$@"
+fi
+
+# first arg is the bare word `couchdb`
+if [ "$1" = 'couchdb' ]; then
+ shift
+ set -- /opt/couchdb/bin/couchdb "$@"
+fi
+
+if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then
+ # this is where runtime configuration changes will be written.
+ # we need to explicitly touch it here in case /opt/couchdb/etc has
+ # been mounted as an external volume, in which case it won't exist.
+ # If running as the couchdb user (i.e. container starts as root),
+ # write permissions will be granted below.
+ touch /opt/couchdb/etc/local.d/docker.ini
+
+ # if user is root, assume running under the couchdb user (default)
+ # and ensure it is able to access files and directories that may be mounted externally
+ if [ "$(id -u)" = '0' ]; then
+ # Check that we own everything in /opt/couchdb and fix if necessary. We also
+ # add the `-f` flag in all the following invocations because there may be
+ # cases where some of these ownership and permissions issues are non-fatal
+ # (e.g. a config file owned by root with o+r is actually fine), and we don't
+ # to be too aggressive about crashing here ...
+ find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +
+
+ # Ensure that data files have the correct permissions. We were previously
+ # preventing any access to these files outside of couchdb:couchdb, but it
+ # turns out that CouchDB itself does not set such restrictive permissions
+ # when it creates the files. The approach taken here ensures that the
+ # contents of the datadir have the same permissions as they had when they
+ # were initially created. This should minimize any startup delay.
+ find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' +
+ find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' +
+
+ # Do the same thing for configuration files and directories. Technically
+ # CouchDB only needs read access to the configuration files as all online
+ # changes will be applied to the "docker.ini" file below, but we set 644
+ # for the sake of consistency.
+ find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +
+ find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +
+ fi
+
+ if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then
+ echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args
+ fi
+
+ if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then
+ # Create admin only if not already present
+ if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini; then
+ printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini
+ fi
+ fi
+
+ if [ "$COUCHDB_SECRET" ]; then
+ # Set secret only if not already present
+ if ! grep -Pzoqr "\[couch_httpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini; then
+ printf "\n[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini
+ fi
+ fi
+
+ if [ "$(id -u)" = '0' ]; then
+ chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true
+ fi
+
+ # if we don't find an [admins] section followed by a non-comment, display a warning
+ if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini; then
+ # The - option suppresses leading tabs but *not* spaces. :)
+ cat >&2 <<-'EOWARN'
+*************************************************************
+ERROR: CouchDB 3.0+ will no longer run in "Admin Party"
+ mode. You *MUST* specify an admin user and
+ password, either via your own .ini file mapped
+ into the container at /opt/couchdb/etc/local.ini
+ or inside /opt/couchdb/etc/local.d, or with
+ "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password"
+ to set it via "docker run".
+*************************************************************
+EOWARN
+ exit 1
+ fi
+
+ if [ "$(id -u)" = '0' ]; then
+ exec gosu couchdb "$@"
+ fi
+fi
+
+exec "$@"
diff --git a/2.3.0/vm.args b/3.0.0/vm.args
similarity index 100%
rename from 2.3.0/vm.args
rename to 3.0.0/vm.args
diff --git a/dev/Dockerfile b/dev/Dockerfile
index 4f4cdce..f1ec18b 100644
--- a/dev/Dockerfile
+++ b/dev/Dockerfile
@@ -28,7 +28,7 @@ RUN apt-get update -y && apt-get install -y \
libicu63 \
libssl1.1 \
openssl \
- && echo "deb https://apache.bintray.com/couchdb-deb stretch main" \
+ && echo "deb https://apache.bintray.com/couchdb-deb buster main" \
| tee /etc/apt/sources.list.d/couchdb.list \
&& cat /etc/apt/sources.list.d/couchdb.list \
&& for server in $(shuf -e pgpkeys.mit.edu \