mariadb/11.4/Dockerfile

# We pin alpine version and MariaDB version here, because they go together.

ARG VERSION=11.4
ARG ALPINE=3.21
ARG UID=200011
ARG GID=200011

FROM mariadb:${VERSION}-ubi AS extract

FROM alpine:${ALPINE}

LABEL maintainer="Lukas Raub titanz@pm.me"

ARG UID
ARG GID

# Pinning UID and GID here because the UID automatically created
# might change over time.
RUN --network=none \
    addgroup -g ${GID} mysql \
    && adduser -u ${UID} --ingroup mysql --disabled-password --system --home /var/lib/mysql mysql

RUN apk -U upgrade \
    && apk add --no-cache bash ca-certificates coreutils libstdc++ mariadb mariadb-backup mariadb-client mariadb-server-utils pwgen rsync tzdata xz zstd \
    && update-ca-certificates \
    # Alpine does not provide an aarch64 package for galera
    && if [ $(arch) = 'x86_64' ]; then apk add --no-cache galera procps-ng pv; fi \
    && rm -rf /var/cache/apk/* /etc/my.cnf /etc/my.cnf.d/mariadb-server.cnf

COPY --from=extract --chown=mysql /etc/my.cnf /etc/my.cnf
COPY --from=extract --chown=mysql /etc/my.cnf.d /etc/my.cnf.d
COPY --from=extract --chown=mysql /etc/mysql /etc/mysql
COPY --from=extract /usr/local/bin/healthcheck.sh /usr/local/bin/healthcheck.sh
COPY --from=extract /usr/local/bin/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh 

RUN mkdir /run/mariadb
RUN mkdir /docker-entrypoint-initdb.d
RUN chown mysql:mysql /run/mariadb /docker-entrypoint-initdb.d

COPY --from=git.conorz.at/titanz-containers/hardened_malloc:latest /install /usr/local/lib/
ENV LD_PRELOAD="/usr/local/lib/libhardened_malloc.so"

USER mysql

VOLUME /var/lib/mysql

EXPOSE 3306/tcp

ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["mariadbd"]
Initial commit 2025-02-07 09:41:17 +01:00			`# We pin alpine version and MariaDB version here, because they go together.`

			`ARG VERSION=11.4`
			`ARG ALPINE=3.21`
			`ARG UID=200011`
			`ARG GID=200011`

			`FROM mariadb:${VERSION}-ubi AS extract`

			`FROM alpine:${ALPINE}`

			`LABEL maintainer="Lukas Raub titanz@pm.me"`

			`ARG UID`
			`ARG GID`

			`# Pinning UID and GID here because the UID automatically created`
			`# might change over time.`
			`RUN --network=none \`
			`addgroup -g ${GID} mysql \`
			`&& adduser -u ${UID} --ingroup mysql --disabled-password --system --home /var/lib/mysql mysql`

			`RUN apk -U upgrade \`
			`&& apk add --no-cache bash ca-certificates coreutils libstdc++ mariadb mariadb-backup mariadb-client mariadb-server-utils pwgen rsync tzdata xz zstd \`
			`&& update-ca-certificates \`
			`# Alpine does not provide an aarch64 package for galera`
			`&& if [ $(arch) = 'x86_64' ]; then apk add --no-cache galera procps-ng pv; fi \`
			`&& rm -rf /var/cache/apk/* /etc/my.cnf /etc/my.cnf.d/mariadb-server.cnf`

			`COPY --from=extract --chown=mysql /etc/my.cnf /etc/my.cnf`
			`COPY --from=extract --chown=mysql /etc/my.cnf.d /etc/my.cnf.d`
			`COPY --from=extract --chown=mysql /etc/mysql /etc/mysql`
			`COPY --from=extract /usr/local/bin/healthcheck.sh /usr/local/bin/healthcheck.sh`
			`COPY --from=extract /usr/local/bin/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh`

			`RUN mkdir /run/mariadb`
			`RUN mkdir /docker-entrypoint-initdb.d`
			`RUN chown mysql:mysql /run/mariadb /docker-entrypoint-initdb.d`

			`COPY --from=git.conorz.at/titanz-containers/hardened_malloc:latest /install /usr/local/lib/`
			`ENV LD_PRELOAD="/usr/local/lib/libhardened_malloc.so"`

			`USER mysql`

			`VOLUME /var/lib/mysql`

			`EXPOSE 3306/tcp`

			`ENTRYPOINT ["docker-entrypoint.sh"]`
			`CMD ["mariadbd"]`