Merge pull request #27 from devilbox/release-0.19

Feature: Disable PHP modules

Dockerfiles/prod/data/docker-entrypoint.d/38-disable-modules.sh

@@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+
+set -e
+set -u
+set -o pipefail
+
+
+############################################################
+# Functions
+############################################################
+
+###
+### Disable PHP Modules
+###
+disable_modules() {
+	local mod_varname="${1}"
+	local debug="${2}"
+	local mod_path="/usr/local/etc/php/conf.d"
+
+	if ! env_set "${mod_varname}"; then
+		log "info" "\$${mod_varname} not set. Not disabling any PHP modules." "${debug}"
+	else
+		mods="$( env_get "${mod_varname}" )"
+
+		if [ -z "${mods}" ]; then
+			log "warn" "\$${mod_varname} set, but empty. Not disabling any PHP modules." "${debug}"
+		else
+			log "info" "Disabling the following PHP modules: ${mods}" "${debug}"
+		fi
+
+		while read -r mod; do
+		#for mod in ${mods//,/ }; do
+			mod="$( echo "${mod}" | xargs )" # trim
+
+			# Find all config files that enable that module
+			files="$( grep -Er "^(zend_)?extension.*(=|/)${mod}\.so" "${mod_path}" || true )"
+
+			if [ -n "${files}" ]; then
+				while read -r f; do
+					# Get filename
+					f="$( echo "${f}" | awk -F':' '{ print $1 }' )"
+					# Remove file
+					run "rm ${f}" "${debug}"
+				done <<< "${files}"
+			fi
+		done <<< "$( echo "${mods}" | tr ',' '\n' )"
+		#done
+	fi
+}

Dockerfiles/prod/data/docker-entrypoint.sh

@@ -160,6 +160,12 @@ copy_ini_files "${PHP_CUST_INI_DIR}" "${PHP_INI_DIR}" "${DEBUG_LEVEL}"
 copy_fpm_files "${PHP_CUST_FPM_DIR}" "${PHP_FPM_DIR}" "${DEBUG_LEVEL}"
 
 
+###
+### Disable PHP Modules
+###
+disable_modules "DISABLE_MODULES" "${DEBUG_LEVEL}"
+
+
 ###
 ### Startup
 ###

Dockerfiles/work/data/docker-entrypoint.d/41-update-ca-certificates.sh

@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+
+set -e
+set -u
+set -o pipefail
+
+
+############################################################
+# Functions
+############################################################
+
+###
+### Include certificates/CAs into own system
+###
+update_ca_certificates() {
+	local dir="${1}"
+	local debug="${2}"
+
+	if [ -d "${dir}" ]; then
+		for cert in $( find "${dir}" -name \*.crt ); do
+			name="$( basename "${cert}" )"
+			run "cp ${cert} /usr/local/share/ca-certificates/devilbox-${name}" "${debug}"
+		done
+	fi
+	run "update-ca-certificates" "${debug}"
+}

Dockerfiles/work/data/docker-entrypoint.sh

@@ -160,6 +160,12 @@ copy_ini_files "${PHP_CUST_INI_DIR}" "${PHP_INI_DIR}" "${DEBUG_LEVEL}"
 copy_fpm_files "${PHP_CUST_FPM_DIR}" "${PHP_FPM_DIR}" "${DEBUG_LEVEL}"
 
 
+###
+### Disable PHP Modules
+###
+disable_modules "DISABLE_MODULES" "${DEBUG_LEVEL}"
+
+
 ###
 ### mysqldump-secure
 ###
@@ -182,6 +188,12 @@ run "chmod 0755 /shared/backups" "${DEBUG_LEVEL}"
 run "chmod 0755 /shared/httpd" "${DEBUG_LEVEL}"
 
 
+###
+### Update ca-certificates
+###
+update_ca_certificates "/ca" "${DEBUG_LEVEL}"
+
+
 ###
 ### Startup
 ###

README.md

@@ -610,7 +610,7 @@ Have a look at the following table to see all supported environment variables fo
    <td colspan="5"></td>
   </tr>
   <tr>
-   <td rowspan="4"><strong>prod</strong><br/><br/><strong>work</strong></td>
+   <td rowspan="5"><strong>prod</strong><br/><br/><strong>work</strong></td>
    <td><code>TIMEZONE</code></td>
    <td>string</td>
    <td><code>UTC</code></td>
@@ -622,6 +622,12 @@ Have a look at the following table to see all supported environment variables fo
    <td><code>1</code></td>
    <td>By default all Docker images are configured to output their PHP-FPM access and error logs to stdout and stderr. Those which support it can change the behaviour to log into files inside the container. Their respective directories are available as volumes that can be mounted to the host computer. This feature might help developer who are more comfortable with tailing or searching through actual files instead of using docker logs.<br/><br/>Set this variable to <code>0</code> in order to enable logging to files. Log files are avilable under <code>/var/log/php/</code> which is also a docker volume that can be mounted locally.</td>
   </tr>
+  <tr>
+   <td><code>DISABLE_MODULES</code></td>
+   <td>string</td>
+   <td><code>''</code></td>
+   <td>Comma separated list of PHP modules to disable.<br/><strong>Example:</strong><br/><code>DISABLE_MODULES=swoole,imagick</code></td>
+  </tr>
   <tr>
    <td><code>ENABLE_MAIL</code></td>
    <td>bool</td>
@@ -697,7 +703,7 @@ Have a look at the following table to see all offered volumes for each Docker im
    <td colspan="3"></td>
   </tr>
   <tr>
-   <td rowspan="2"><strong>work</strong></td>
+   <td rowspan="3"><strong>work</strong></td>
    <td><code>/etc/bashrc-devilbox.d</code></td>
    <td>Mount this directory into your host computer and add custom configuration files for <code>bash</code> and other tools.</td>
   </tr>
@@ -705,6 +711,10 @@ Have a look at the following table to see all offered volumes for each Docker im
    <td><code>/shared/backups</code></td>
    <td>Mount this directory into your host computer to access MySQL backups created by <a href="https://mysqldump-secure.org" >mysqldump-secure</a>.</td>
   </tr>
+  <tr>
+   <td><code>/ca</code></td>
+   <td>Mount this directory into your host computer to bake any *.crt file that is located in there as a trusted SSL entity.</td>
+  </tr>
  </tbody>
 </table>