You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by va...@apache.org on 2023/04/25 07:47:54 UTC
[couchdb-docker] 01/01: 3.3.2 and 3.2.3 releases
This is an automated email from the ASF dual-hosted git repository.
vatamane pushed a commit to branch release-3.3.2-and-3.2.3
in repository https://gitbox.apache.org/repos/asf/couchdb-docker.git
commit b97c1fef574d90bfa8ddd4801aa8fb578730e01a
Author: Nick Vatamaniuc <va...@apache.org>
AuthorDate: Tue Apr 25 03:47:18 2023 -0400
3.3.2 and 3.2.3 releases
---
3.2.3/10-docker-default.ini | 8 +++
3.2.3/Dockerfile | 104 +++++++++++++++++++++++++++++++++++++
3.2.3/docker-entrypoint.sh | 122 ++++++++++++++++++++++++++++++++++++++++++++
3.2.3/vm.args | 35 +++++++++++++
3.3.2/10-docker-default.ini | 8 +++
3.3.2/Dockerfile | 104 +++++++++++++++++++++++++++++++++++++
3.3.2/docker-entrypoint.sh | 122 ++++++++++++++++++++++++++++++++++++++++++++
3.3.2/vm.args | 35 +++++++++++++
8 files changed, 538 insertions(+)
diff --git a/3.2.3/10-docker-default.ini b/3.2.3/10-docker-default.ini
new file mode 100644
index 0000000..1aa633c
--- /dev/null
+++ b/3.2.3/10-docker-default.ini
@@ -0,0 +1,8 @@
+; CouchDB Configuration Settings
+
+; Custom settings should be made in this file. They will override settings
+; in default.ini, but unlike changes made to default.ini, this file won't be
+; overwritten on server upgrade.
+
+[chttpd]
+bind_address = any
diff --git a/3.2.3/Dockerfile b/3.2.3/Dockerfile
new file mode 100644
index 0000000..d1d4d4f
--- /dev/null
+++ b/3.2.3/Dockerfile
@@ -0,0 +1,104 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy of
+# the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations under
+# the License.
+
+FROM debian:bullseye-slim
+
+LABEL maintainer="CouchDB Developers dev@couchdb.apache.org"
+
+# Add CouchDB user account to make sure the IDs are assigned consistently
+RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb
+
+# be sure GPG and apt-transport-https are available and functional
+RUN set -ex; \
+ apt-get update; \
+ apt-get install -y --no-install-recommends \
+ apt-transport-https \
+ ca-certificates \
+ dirmngr \
+ gnupg \
+ ; \
+ rm -rf /var/lib/apt/lists/*
+
+# grab tini for signal handling and zombie reaping
+# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407
+RUN set -eux; \
+ apt-get update; \
+ apt-get install -y --no-install-recommends tini; \
+ rm -rf /var/lib/apt/lists/*; \
+ tini --version
+
+# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages
+ENV GPG_COUCH_KEY \
+# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) <ro...@apache.org>
+ 390EF70BB1EA12B2773962950EE62FB37A00258D
+RUN set -eux; \
+ apt-get update; \
+ apt-get install -y curl; \
+ export GNUPGHOME="$(mktemp -d)"; \
+ curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \
+ gpg --batch --import keys.asc; \
+ gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \
+ command -v gpgconf && gpgconf --kill all || :; \
+ rm -rf "$GNUPGHOME"; \
+ apt-key list; \
+ apt purge -y --autoremove curl; \
+ rm -rf /var/lib/apt/lists/*
+
+ENV COUCHDB_VERSION 3.2.3
+
+RUN . /etc/os-release; \
+ echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \
+ tee /etc/apt/sources.list.d/couchdb.list >/dev/null
+
+# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian
+RUN set -eux; \
+ apt-get update; \
+ \
+ echo "couchdb couchdb/mode select none" | debconf-set-selections; \
+# we DO want recommends this time
+ DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \
+ couchdb="$COUCHDB_VERSION"~bullseye \
+ ; \
+# Undo symlinks to /var/log and /var/lib
+ rmdir /var/lib/couchdb /var/log/couchdb; \
+ rm /opt/couchdb/data /opt/couchdb/var/log; \
+ mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \
+ chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \
+ chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \
+# Remove file that sets logging to a file
+ rm /opt/couchdb/etc/default.d/10-filelog.ini; \
+# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh
+ find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \
+# Setup directories and permissions for config. Technically these could be 555 and 444 respectively
+# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh.
+ find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \
+ find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \
+# only local.d needs to be writable for the docker_entrypoint.sh
+ chmod -f 0777 /opt/couchdb/etc/local.d; \
+# apt clean-up
+ rm -rf /var/lib/apt/lists/*;
+
+# Add configuration
+COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/
+COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/
+
+COPY docker-entrypoint.sh /usr/local/bin
+RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat
+ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"]
+
+VOLUME /opt/couchdb/data
+
+# 5984: Main CouchDB endpoint
+# 4369: Erlang portmap daemon (epmd)
+# 9100: CouchDB cluster communication port
+EXPOSE 5984 4369 9100
+CMD ["/opt/couchdb/bin/couchdb"]
diff --git a/3.2.3/docker-entrypoint.sh b/3.2.3/docker-entrypoint.sh
new file mode 100755
index 0000000..a8544c7
--- /dev/null
+++ b/3.2.3/docker-entrypoint.sh
@@ -0,0 +1,122 @@
+#!/bin/bash
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy of
+# the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations under
+# the License.
+
+set -e
+
+# first arg is `-something` or `+something`
+if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then
+ set -- /opt/couchdb/bin/couchdb "$@"
+fi
+
+# first arg is the bare word `couchdb`
+if [ "$1" = 'couchdb' ]; then
+ shift
+ set -- /opt/couchdb/bin/couchdb "$@"
+fi
+
+if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then
+ # this is where runtime configuration changes will be written.
+ # we need to explicitly touch it here in case /opt/couchdb/etc has
+ # been mounted as an external volume, in which case it won't exist.
+ # If running as the couchdb user (i.e. container starts as root),
+ # write permissions will be granted below.
+ touch /opt/couchdb/etc/local.d/docker.ini
+
+ # if user is root, assume running under the couchdb user (default)
+ # and ensure it is able to access files and directories that may be mounted externally
+ if [ "$(id -u)" = '0' ]; then
+ # Check that we own everything in /opt/couchdb and fix if necessary. We also
+ # add the `-f` flag in all the following invocations because there may be
+ # cases where some of these ownership and permissions issues are non-fatal
+ # (e.g. a config file owned by root with o+r is actually fine), and we don't
+ # to be too aggressive about crashing here ...
+ find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +
+
+ # Ensure that data files have the correct permissions. We were previously
+ # preventing any access to these files outside of couchdb:couchdb, but it
+ # turns out that CouchDB itself does not set such restrictive permissions
+ # when it creates the files. The approach taken here ensures that the
+ # contents of the datadir have the same permissions as they had when they
+ # were initially created. This should minimize any startup delay.
+ find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' +
+ find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' +
+
+ # Do the same thing for configuration files and directories. Technically
+ # CouchDB only needs read access to the configuration files as all online
+ # changes will be applied to the "docker.ini" file below, but we set 644
+ # for the sake of consistency.
+ find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +
+ find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +
+ fi
+
+ if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then
+ echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args
+ fi
+
+ if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then
+ # Create admin only if not already present
+ if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then
+ printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini
+ fi
+ fi
+
+ if [ "$COUCHDB_SECRET" ]; then
+ # Set secret only if not already present
+ if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then
+ printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini
+ fi
+ fi
+
+ if [ "$COUCHDB_ERLANG_COOKIE" ]; then
+ cookieFile='/opt/couchdb/.erlang.cookie'
+ if [ -e "$cookieFile" ]; then
+ if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then
+ echo >&2
+ echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE"
+ echo >&2
+ fi
+ else
+ echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile"
+ fi
+ chown couchdb:couchdb "$cookieFile"
+ chmod 600 "$cookieFile"
+ fi
+
+ if [ "$(id -u)" = '0' ]; then
+ chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true
+ fi
+
+ # if we don't find an [admins] section followed by a non-comment, display a warning
+ if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then
+ # The - option suppresses leading tabs but *not* spaces. :)
+ cat >&2 <<-'EOWARN'
+*************************************************************
+ERROR: CouchDB 3.0+ will no longer run in "Admin Party"
+ mode. You *MUST* specify an admin user and
+ password, either via your own .ini file mapped
+ into the container at /opt/couchdb/etc/local.ini
+ or inside /opt/couchdb/etc/local.d, or with
+ "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password"
+ to set it via "docker run".
+*************************************************************
+EOWARN
+ exit 1
+ fi
+
+ if [ "$(id -u)" = '0' ]; then
+ export HOME=$(echo ~couchdb)
+ exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@"
+ fi
+fi
+
+exec "$@"
diff --git a/3.2.3/vm.args b/3.2.3/vm.args
new file mode 100644
index 0000000..d606217
--- /dev/null
+++ b/3.2.3/vm.args
@@ -0,0 +1,35 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy of
+# the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations under
+# the License.
+
+# Ensure that the Erlang VM listens on a known port
+-kernel inet_dist_listen_min 9100
+-kernel inet_dist_listen_max 9100
+
+# Tell kernel and SASL not to log anything
+-kernel error_logger silent
+-sasl sasl_error_logger false
+
+# This will toggle to true in Erlang 25+. However since we don't use global
+# any longer, and have our own auto-connection module, we can keep the
+# existing global behavior to avoid surprises. See
+# https://github.com/erlang/otp/issues/6470#issuecomment-1337421210 for more
+# information about possible increased coordination and messages being sent on
+# disconnections when this setting is enabled.
+#
+-kernel prevent_overlapping_partitions false
+
+# Increase the pool of dirty IO schedulers from 10 to 16
+# Dirty IO schedulers are used for file IO.
++SDio 16
+
+# Comment this line out to enable the interactive Erlang shell on startup
++Bd -noinput
diff --git a/3.3.2/10-docker-default.ini b/3.3.2/10-docker-default.ini
new file mode 100644
index 0000000..1aa633c
--- /dev/null
+++ b/3.3.2/10-docker-default.ini
@@ -0,0 +1,8 @@
+; CouchDB Configuration Settings
+
+; Custom settings should be made in this file. They will override settings
+; in default.ini, but unlike changes made to default.ini, this file won't be
+; overwritten on server upgrade.
+
+[chttpd]
+bind_address = any
diff --git a/3.3.2/Dockerfile b/3.3.2/Dockerfile
new file mode 100644
index 0000000..56393e8
--- /dev/null
+++ b/3.3.2/Dockerfile
@@ -0,0 +1,104 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy of
+# the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations under
+# the License.
+
+FROM debian:bullseye-slim
+
+LABEL maintainer="CouchDB Developers dev@couchdb.apache.org"
+
+# Add CouchDB user account to make sure the IDs are assigned consistently
+RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb
+
+# be sure GPG and apt-transport-https are available and functional
+RUN set -ex; \
+ apt-get update; \
+ apt-get install -y --no-install-recommends \
+ apt-transport-https \
+ ca-certificates \
+ dirmngr \
+ gnupg \
+ ; \
+ rm -rf /var/lib/apt/lists/*
+
+# grab tini for signal handling and zombie reaping
+# see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407
+RUN set -eux; \
+ apt-get update; \
+ apt-get install -y --no-install-recommends tini; \
+ rm -rf /var/lib/apt/lists/*; \
+ tini --version
+
+# http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages
+ENV GPG_COUCH_KEY \
+# gpg: rsa8192 205-01-19 The Apache Software Foundation (Package repository signing key) <ro...@apache.org>
+ 390EF70BB1EA12B2773962950EE62FB37A00258D
+RUN set -eux; \
+ apt-get update; \
+ apt-get install -y curl; \
+ export GNUPGHOME="$(mktemp -d)"; \
+ curl -fL -o keys.asc https://couchdb.apache.org/repo/keys.asc; \
+ gpg --batch --import keys.asc; \
+ gpg --batch --export "${GPG_COUCH_KEY}" > /usr/share/keyrings/couchdb-archive-keyring.gpg; \
+ command -v gpgconf && gpgconf --kill all || :; \
+ rm -rf "$GNUPGHOME"; \
+ apt-key list; \
+ apt purge -y --autoremove curl; \
+ rm -rf /var/lib/apt/lists/*
+
+ENV COUCHDB_VERSION 3.3.2
+
+RUN . /etc/os-release; \
+ echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" | \
+ tee /etc/apt/sources.list.d/couchdb.list >/dev/null
+
+# https://github.com/apache/couchdb-pkg/blob/master/debian/README.Debian
+RUN set -eux; \
+ apt-get update; \
+ \
+ echo "couchdb couchdb/mode select none" | debconf-set-selections; \
+# we DO want recommends this time
+ DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \
+ couchdb="$COUCHDB_VERSION"~bullseye \
+ ; \
+# Undo symlinks to /var/log and /var/lib
+ rmdir /var/lib/couchdb /var/log/couchdb; \
+ rm /opt/couchdb/data /opt/couchdb/var/log; \
+ mkdir -p /opt/couchdb/data /opt/couchdb/var/log; \
+ chown couchdb:couchdb /opt/couchdb/data /opt/couchdb/var/log; \
+ chmod 777 /opt/couchdb/data /opt/couchdb/var/log; \
+# Remove file that sets logging to a file
+ rm /opt/couchdb/etc/default.d/10-filelog.ini; \
+# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh
+ find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \
+# Setup directories and permissions for config. Technically these could be 555 and 444 respectively
+# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh.
+ find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \
+ find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \
+# only local.d needs to be writable for the docker_entrypoint.sh
+ chmod -f 0777 /opt/couchdb/etc/local.d; \
+# apt clean-up
+ rm -rf /var/lib/apt/lists/*;
+
+# Add configuration
+COPY --chown=couchdb:couchdb 10-docker-default.ini /opt/couchdb/etc/default.d/
+COPY --chown=couchdb:couchdb vm.args /opt/couchdb/etc/
+
+COPY docker-entrypoint.sh /usr/local/bin
+RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat
+ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"]
+
+VOLUME /opt/couchdb/data
+
+# 5984: Main CouchDB endpoint
+# 4369: Erlang portmap daemon (epmd)
+# 9100: CouchDB cluster communication port
+EXPOSE 5984 4369 9100
+CMD ["/opt/couchdb/bin/couchdb"]
diff --git a/3.3.2/docker-entrypoint.sh b/3.3.2/docker-entrypoint.sh
new file mode 100755
index 0000000..a8544c7
--- /dev/null
+++ b/3.3.2/docker-entrypoint.sh
@@ -0,0 +1,122 @@
+#!/bin/bash
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy of
+# the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations under
+# the License.
+
+set -e
+
+# first arg is `-something` or `+something`
+if [ "${1#-}" != "$1" ] || [ "${1#+}" != "$1" ]; then
+ set -- /opt/couchdb/bin/couchdb "$@"
+fi
+
+# first arg is the bare word `couchdb`
+if [ "$1" = 'couchdb' ]; then
+ shift
+ set -- /opt/couchdb/bin/couchdb "$@"
+fi
+
+if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then
+ # this is where runtime configuration changes will be written.
+ # we need to explicitly touch it here in case /opt/couchdb/etc has
+ # been mounted as an external volume, in which case it won't exist.
+ # If running as the couchdb user (i.e. container starts as root),
+ # write permissions will be granted below.
+ touch /opt/couchdb/etc/local.d/docker.ini
+
+ # if user is root, assume running under the couchdb user (default)
+ # and ensure it is able to access files and directories that may be mounted externally
+ if [ "$(id -u)" = '0' ]; then
+ # Check that we own everything in /opt/couchdb and fix if necessary. We also
+ # add the `-f` flag in all the following invocations because there may be
+ # cases where some of these ownership and permissions issues are non-fatal
+ # (e.g. a config file owned by root with o+r is actually fine), and we don't
+ # to be too aggressive about crashing here ...
+ find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +
+
+ # Ensure that data files have the correct permissions. We were previously
+ # preventing any access to these files outside of couchdb:couchdb, but it
+ # turns out that CouchDB itself does not set such restrictive permissions
+ # when it creates the files. The approach taken here ensures that the
+ # contents of the datadir have the same permissions as they had when they
+ # were initially created. This should minimize any startup delay.
+ find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' +
+ find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' +
+
+ # Do the same thing for configuration files and directories. Technically
+ # CouchDB only needs read access to the configuration files as all online
+ # changes will be applied to the "docker.ini" file below, but we set 644
+ # for the sake of consistency.
+ find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +
+ find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +
+ fi
+
+ if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then
+ echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args
+ fi
+
+ if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then
+ # Create admin only if not already present
+ if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then
+ printf "\n[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" >> /opt/couchdb/etc/local.d/docker.ini
+ fi
+ fi
+
+ if [ "$COUCHDB_SECRET" ]; then
+ # Set secret only if not already present
+ if ! grep -Pzoqr "\[chttpd_auth\]\nsecret =" /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then
+ printf "\n[chttpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini
+ fi
+ fi
+
+ if [ "$COUCHDB_ERLANG_COOKIE" ]; then
+ cookieFile='/opt/couchdb/.erlang.cookie'
+ if [ -e "$cookieFile" ]; then
+ if [ "$(cat "$cookieFile" 2>/dev/null)" != "$COUCHDB_ERLANG_COOKIE" ]; then
+ echo >&2
+ echo >&2 "warning: $cookieFile contents do not match COUCHDB_ERLANG_COOKIE"
+ echo >&2
+ fi
+ else
+ echo "$COUCHDB_ERLANG_COOKIE" > "$cookieFile"
+ fi
+ chown couchdb:couchdb "$cookieFile"
+ chmod 600 "$cookieFile"
+ fi
+
+ if [ "$(id -u)" = '0' ]; then
+ chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true
+ fi
+
+ # if we don't find an [admins] section followed by a non-comment, display a warning
+ if ! grep -Pzoqr '\[admins\]\n[^;]\w+' /opt/couchdb/etc/default.d/*.ini /opt/couchdb/etc/local.d/*.ini /opt/couchdb/etc/local.ini; then
+ # The - option suppresses leading tabs but *not* spaces. :)
+ cat >&2 <<-'EOWARN'
+*************************************************************
+ERROR: CouchDB 3.0+ will no longer run in "Admin Party"
+ mode. You *MUST* specify an admin user and
+ password, either via your own .ini file mapped
+ into the container at /opt/couchdb/etc/local.ini
+ or inside /opt/couchdb/etc/local.d, or with
+ "-e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password"
+ to set it via "docker run".
+*************************************************************
+EOWARN
+ exit 1
+ fi
+
+ if [ "$(id -u)" = '0' ]; then
+ export HOME=$(echo ~couchdb)
+ exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@"
+ fi
+fi
+
+exec "$@"
diff --git a/3.3.2/vm.args b/3.3.2/vm.args
new file mode 100644
index 0000000..d606217
--- /dev/null
+++ b/3.3.2/vm.args
@@ -0,0 +1,35 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy of
+# the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations under
+# the License.
+
+# Ensure that the Erlang VM listens on a known port
+-kernel inet_dist_listen_min 9100
+-kernel inet_dist_listen_max 9100
+
+# Tell kernel and SASL not to log anything
+-kernel error_logger silent
+-sasl sasl_error_logger false
+
+# This will toggle to true in Erlang 25+. However since we don't use global
+# any longer, and have our own auto-connection module, we can keep the
+# existing global behavior to avoid surprises. See
+# https://github.com/erlang/otp/issues/6470#issuecomment-1337421210 for more
+# information about possible increased coordination and messages being sent on
+# disconnections when this setting is enabled.
+#
+-kernel prevent_overlapping_partitions false
+
+# Increase the pool of dirty IO schedulers from 10 to 16
+# Dirty IO schedulers are used for file IO.
++SDio 16
+
+# Comment this line out to enable the interactive Erlang shell on startup
++Bd -noinput