diff --git a/Dockerfile b/Dockerfile index 4734210a..f01e8625 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:xenial-20190720 +FROM ubuntu:bionic-20190807 ARG BUILD_DATE ARG VCS_REF @@ -6,7 +6,7 @@ ARG VERSION=12.2.0 ENV GITLAB_VERSION=${VERSION} \ RUBY_VERSION=2.6 \ - GOLANG_VERSION=1.12.6 \ + GOLANG_VERSION=1.12.9 \ GITLAB_SHELL_VERSION=9.3.0 \ GITLAB_WORKHORSE_VERSION=8.8.0 \ GITLAB_PAGES_VERSION=1.7.1 \ @@ -27,27 +27,29 @@ ENV GITLAB_INSTALL_DIR="${GITLAB_HOME}/gitlab" \ RUN apt-get update \ && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \ - wget ca-certificates apt-transport-https \ - && apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv E1DD270288B4E6030699E45FA1715D88E1DF1F24 \ - && echo "deb http://ppa.launchpad.net/git-core/ppa/ubuntu xenial main" >> /etc/apt/sources.list \ + wget ca-certificates apt-transport-https gnupg2 +RUN set -ex && \ + apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv E1DD270288B4E6030699E45FA1715D88E1DF1F24 \ + && echo "deb http://ppa.launchpad.net/git-core/ppa/ubuntu bionic main" >> /etc/apt/sources.list \ && apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 80F70E11F0F0D5F10CB20E62F5DA5F09C3173AA6 \ - && echo "deb http://ppa.launchpad.net/brightbox/ruby-ng/ubuntu xenial main" >> /etc/apt/sources.list \ + && echo "deb http://ppa.launchpad.net/brightbox/ruby-ng/ubuntu bionic main" >> /etc/apt/sources.list \ && apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 8B3981E7A6852F782CC4951600A6F0A3C300EE8C \ - && echo "deb http://ppa.launchpad.net/nginx/stable/ubuntu xenial main" >> /etc/apt/sources.list \ + && echo "deb http://ppa.launchpad.net/nginx/stable/ubuntu bionic main" >> /etc/apt/sources.list \ && wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - \ - && echo 'deb http://apt.postgresql.org/pub/repos/apt/ xenial-pgdg main' > /etc/apt/sources.list.d/pgdg.list \ + && echo 'deb http://apt.postgresql.org/pub/repos/apt/ bionic-pgdg main' > /etc/apt/sources.list.d/pgdg.list \ && wget --quiet -O - https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - \ - && echo 'deb https://deb.nodesource.com/node_8.x xenial main' > /etc/apt/sources.list.d/nodesource.list \ + && echo 'deb https://deb.nodesource.com/node_12.x bionic main' > /etc/apt/sources.list.d/nodesource.list \ && wget --quiet -O - https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - \ && echo 'deb https://dl.yarnpkg.com/debian/ stable main' > /etc/apt/sources.list.d/yarn.list \ + && set -ex \ && apt-get update \ && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \ sudo supervisor logrotate locales curl \ - nginx openssh-server postgresql-client-10 redis-tools \ - git-core gnupg2 ruby${RUBY_VERSION} python3 python3-docutils nodejs yarn gettext-base \ + nginx openssh-server postgresql-client-10 postgresql-contrib-10 redis-tools \ + git-core ruby${RUBY_VERSION} python3 python3-docutils nodejs yarn gettext-base graphicsmagick \ libpq5 zlib1g libyaml-0-2 libssl1.0.0 \ - libgdbm3 libreadline6 libncurses5 libffi6 \ - libxml2 libxslt1.1 libcurl3 libicu55 libre2-dev tzdata unzip libimage-exiftool-perl \ + libgdbm5 libreadline7 libncurses5 libffi6 \ + libxml2 libxslt1.1 libcurl4 libicu60 libre2-dev tzdata unzip libimage-exiftool-perl \ && update-locale LANG=C.UTF-8 LC_MESSAGES=POSIX \ && locale-gen en_US.UTF-8 \ && DEBIAN_FRONTEND=noninteractive dpkg-reconfigure locales \ diff --git a/assets/build/install.sh b/assets/build/install.sh index a6ca7941..734432f0 100755 --- a/assets/build/install.sh +++ b/assets/build/install.sh @@ -42,9 +42,9 @@ DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y ${BUIL # Applying the mark late here does make the build usable on PaX kernels, but # still the build itself must be executed on a non-PaX kernel. It's done here # only for simplicity. -paxctl -Cm "$(command -v ruby${RUBY_VERSION})" +paxctl -cvm "$(command -v ruby${RUBY_VERSION})" # https://en.wikibooks.org/wiki/Grsecurity/Application-specific_Settings#Node.js -paxctl -Cm "$(command -v nodejs)" +paxctl -cvm "$(command -v nodejs)" # remove the host keys generated during openssh-server installation rm -rf /etc/ssh/ssh_host_*_key /etc/ssh/ssh_host_*_key.pub