├── .gitattributes ├── .github └── workflows │ ├── ci.yml │ └── verify-templating.yml ├── .gitignore ├── 6.0 ├── Dockerfile ├── docker-entrypoint.sh └── windows │ ├── nanoserver-ltsc2022 │ └── Dockerfile │ ├── windowsservercore-ltsc2022 │ └── Dockerfile │ └── windowsservercore-ltsc2025 │ └── Dockerfile ├── 7.0 ├── Dockerfile ├── docker-entrypoint.sh └── windows │ ├── nanoserver-ltsc2022 │ └── Dockerfile │ ├── windowsservercore-ltsc2022 │ └── Dockerfile │ └── windowsservercore-ltsc2025 │ └── Dockerfile ├── 8.0 ├── Dockerfile ├── docker-entrypoint.sh └── windows │ ├── nanoserver-ltsc2022 │ └── Dockerfile │ ├── windowsservercore-ltsc2022 │ └── Dockerfile │ └── windowsservercore-ltsc2025 │ └── Dockerfile ├── Dockerfile-linux.template ├── Dockerfile-windows.template ├── LICENSE ├── README.md ├── apply-templates.sh ├── docker-entrypoint.sh ├── generate-stackbrew-library.sh ├── pgp-keys.json ├── pgp-keys.sh ├── update.sh ├── versions.json └── versions.sh /.gitattributes: -------------------------------------------------------------------------------- 1 | /*/**/Dockerfile linguist-generated 2 | /*/**/docker-entrypoint.sh linguist-generated 3 | /Dockerfile*.template linguist-language=Dockerfile 4 | -------------------------------------------------------------------------------- /.github/workflows/ci.yml: -------------------------------------------------------------------------------- 1 | name: GitHub CI 2 | 3 | on: 4 | pull_request: 5 | push: 6 | schedule: 7 | - cron: 0 0 * * 0 8 | 9 | defaults: 10 | run: 11 | shell: 'bash -Eeuo pipefail -x {0}' 12 | 13 | jobs: 14 | 15 | generate-jobs: 16 | name: Generate Jobs 17 | runs-on: ubuntu-latest 18 | outputs: 19 | strategy: ${{ steps.generate-jobs.outputs.strategy }} 20 | steps: 21 | - uses: actions/checkout@v4 22 | - uses: docker-library/bashbrew@HEAD 23 | - id: generate-jobs 24 | name: Generate Jobs 25 | run: | 26 | strategy="$("$BASHBREW_SCRIPTS/github-actions/generate.sh")" 27 | echo "strategy=$strategy" >> "$GITHUB_OUTPUT" 28 | jq . <<<"$strategy" # sanity check / debugging aid 29 | 30 | test: 31 | needs: generate-jobs 32 | strategy: ${{ fromJson(needs.generate-jobs.outputs.strategy) }} 33 | name: ${{ matrix.name }} 34 | runs-on: ${{ matrix.os }} 35 | steps: 36 | - uses: actions/checkout@v4 37 | - name: Prepare Environment 38 | run: ${{ matrix.runs.prepare }} 39 | - name: Pull Dependencies 40 | run: ${{ matrix.runs.pull }} 41 | - name: Build ${{ matrix.name }} 42 | run: ${{ matrix.runs.build }} 43 | - name: History ${{ matrix.name }} 44 | run: ${{ matrix.runs.history }} 45 | - name: Test ${{ matrix.name }} 46 | run: ${{ matrix.runs.test }} 47 | - name: '"docker images"' 48 | run: ${{ matrix.runs.images }} 49 | -------------------------------------------------------------------------------- /.github/workflows/verify-templating.yml: -------------------------------------------------------------------------------- 1 | name: Verify Templating 2 | 3 | on: 4 | pull_request: 5 | push: 6 | workflow_dispatch: 7 | 8 | defaults: 9 | run: 10 | shell: 'bash -Eeuo pipefail -x {0}' 11 | 12 | jobs: 13 | apply-templates: 14 | name: Check For Uncomitted Changes 15 | runs-on: ubuntu-latest 16 | steps: 17 | - uses: actions/checkout@v4 18 | - run: ./apply-templates.sh 19 | - run: git diff --exit-code 20 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .jq-template.awk 2 | -------------------------------------------------------------------------------- /6.0/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" 3 | # 4 | # PLEASE DO NOT EDIT IT DIRECTLY. 5 | # 6 | 7 | FROM ubuntu:jammy 8 | 9 | # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added 10 | RUN set -eux; \ 11 | groupadd --gid 999 --system mongodb; \ 12 | useradd --uid 999 --system --gid mongodb --home-dir /data/db mongodb; \ 13 | mkdir -p /data/db /data/configdb; \ 14 | chown -R mongodb:mongodb /data/db /data/configdb 15 | 16 | RUN set -eux; \ 17 | apt-get update; \ 18 | apt-get install -y --no-install-recommends \ 19 | ca-certificates \ 20 | jq \ 21 | numactl \ 22 | procps \ 23 | ; \ 24 | rm -rf /var/lib/apt/lists/* 25 | 26 | # grab gosu for easy step-down from root (https://github.com/tianon/gosu/releases) 27 | ENV GOSU_VERSION 1.17 28 | # grab "js-yaml" for parsing mongod's YAML config files (https://github.com/nodeca/js-yaml/releases) 29 | ENV JSYAML_VERSION 3.13.1 30 | ENV JSYAML_CHECKSUM 662e32319bdd378e91f67578e56a34954b0a2e33aca11d70ab9f4826af24b941 31 | 32 | RUN set -eux; \ 33 | \ 34 | savedAptMark="$(apt-mark showmanual)"; \ 35 | apt-get update; \ 36 | apt-get install -y --no-install-recommends \ 37 | gnupg \ 38 | wget \ 39 | ; \ 40 | rm -rf /var/lib/apt/lists/*; \ 41 | \ 42 | # download/install gosu 43 | dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ 44 | wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ 45 | wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ 46 | export GNUPGHOME="$(mktemp -d)"; \ 47 | gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ 48 | gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ 49 | gpgconf --kill all; \ 50 | rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ 51 | \ 52 | # download/install js-yaml 53 | mkdir -p /opt/js-yaml/; \ 54 | wget -O /opt/js-yaml/js-yaml.tgz https://registry.npmjs.org/js-yaml/-/js-yaml-${JSYAML_VERSION}.tgz; \ 55 | echo "$JSYAML_CHECKSUM */opt/js-yaml/js-yaml.tgz" | sha256sum -c -; \ 56 | tar -xz --strip-components=1 -f /opt/js-yaml/js-yaml.tgz -C /opt/js-yaml package/dist/js-yaml.js package/package.json; \ 57 | rm /opt/js-yaml/js-yaml.tgz; \ 58 | ln -s /opt/js-yaml/dist/js-yaml.js /js-yaml.js; \ 59 | \ 60 | # download/install MongoDB PGP keys 61 | export GNUPGHOME="$(mktemp -d)"; \ 62 | wget -O KEYS 'https://pgp.mongodb.com/server-6.0.asc'; \ 63 | gpg --batch --import KEYS; \ 64 | mkdir -p /etc/apt/keyrings; \ 65 | gpg --batch --export --armor '39BD841E4BE5FB195A65400E6A26B1AE64C3C388' > /etc/apt/keyrings/mongodb.asc; \ 66 | gpgconf --kill all; \ 67 | rm -rf "$GNUPGHOME" KEYS; \ 68 | \ 69 | apt-mark auto '.*' > /dev/null; \ 70 | apt-mark manual $savedAptMark > /dev/null; \ 71 | apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ 72 | \ 73 | # smoke test 74 | chmod +x /usr/local/bin/gosu; \ 75 | gosu --version; \ 76 | gosu nobody true 77 | 78 | RUN mkdir /docker-entrypoint-initdb.d 79 | 80 | # Allow build-time overrides (eg. to build image with MongoDB Enterprise version) 81 | # Options for MONGO_PACKAGE: mongodb-org OR mongodb-enterprise 82 | # Options for MONGO_REPO: repo.mongodb.org OR repo.mongodb.com 83 | # Example: docker build --build-arg MONGO_PACKAGE=mongodb-enterprise --build-arg MONGO_REPO=repo.mongodb.com . 84 | ARG MONGO_PACKAGE=mongodb-org 85 | ARG MONGO_REPO=repo.mongodb.org 86 | ENV MONGO_PACKAGE=${MONGO_PACKAGE} MONGO_REPO=${MONGO_REPO} 87 | 88 | ENV MONGO_MAJOR 6.0 89 | RUN echo "deb [ signed-by=/etc/apt/keyrings/mongodb.asc ] http://$MONGO_REPO/apt/ubuntu jammy/${MONGO_PACKAGE%-unstable}/$MONGO_MAJOR multiverse" | tee "/etc/apt/sources.list.d/${MONGO_PACKAGE%-unstable}.list" 90 | 91 | # https://docs.mongodb.org/master/release-notes/6.0/ 92 | ENV MONGO_VERSION 6.0.24 93 | # 05/28/2025, https://github.com/mongodb/mongo/tree/1b052b94a23863fd12be97aaa4e4b1d96456e5cc 94 | 95 | RUN set -x \ 96 | # installing "mongodb-enterprise" pulls in "tzdata" which prompts for input 97 | && export DEBIAN_FRONTEND=noninteractive \ 98 | && apt-get update \ 99 | && apt-get install -y \ 100 | ${MONGO_PACKAGE}=$MONGO_VERSION \ 101 | ${MONGO_PACKAGE}-server=$MONGO_VERSION \ 102 | ${MONGO_PACKAGE}-shell=$MONGO_VERSION \ 103 | ${MONGO_PACKAGE}-mongos=$MONGO_VERSION \ 104 | ${MONGO_PACKAGE}-tools=$MONGO_VERSION \ 105 | ${MONGO_PACKAGE}-database=$MONGO_VERSION \ 106 | ${MONGO_PACKAGE}-database-tools-extra=$MONGO_VERSION \ 107 | && rm -rf /var/lib/apt/lists/* \ 108 | && rm -rf /var/lib/mongodb \ 109 | && mv /etc/mongod.conf /etc/mongod.conf.orig 110 | 111 | VOLUME /data/db /data/configdb 112 | 113 | # ensure that if running as custom user that "mongosh" has a valid "HOME" 114 | # https://github.com/docker-library/mongo/issues/524 115 | ENV HOME /data/db 116 | 117 | COPY docker-entrypoint.sh /usr/local/bin/ 118 | ENTRYPOINT ["docker-entrypoint.sh"] 119 | 120 | EXPOSE 27017 121 | CMD ["mongod"] 122 | -------------------------------------------------------------------------------- /6.0/docker-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | if [ "${1:0:1}" = '-' ]; then 5 | set -- mongod "$@" 6 | fi 7 | 8 | originalArgOne="$1" 9 | 10 | # allow the container to be started with `--user` 11 | # all mongo* commands should be dropped to the correct user 12 | if [[ "$originalArgOne" == mongo* ]] && [ "$(id -u)" = '0' ]; then 13 | if [ "$originalArgOne" = 'mongod' ]; then 14 | find /data/configdb /data/db \! -user mongodb -exec chown mongodb '{}' + 15 | fi 16 | 17 | # make sure we can write to stdout and stderr as "mongodb" 18 | # (for our "initdb" code later; see "--logpath" below) 19 | chown --dereference mongodb "/proc/$$/fd/1" "/proc/$$/fd/2" || : 20 | # ignore errors thanks to https://github.com/docker-library/mongo/issues/149 21 | 22 | exec gosu mongodb "$BASH_SOURCE" "$@" 23 | fi 24 | 25 | dpkgArch="$(dpkg --print-architecture)" 26 | case "$dpkgArch" in 27 | amd64) # https://github.com/docker-library/mongo/issues/485#issuecomment-891991814 28 | if ! grep -qE '^flags.* avx( .*|$)' /proc/cpuinfo; then 29 | { 30 | echo 31 | echo 'WARNING: MongoDB 5.0+ requires a CPU with AVX support, and your current system does not appear to have that!' 32 | echo ' see https://jira.mongodb.org/browse/SERVER-54407' 33 | echo ' see also https://www.mongodb.com/community/forums/t/mongodb-5-0-cpu-intel-g4650-compatibility/116610/2' 34 | echo ' see also https://github.com/docker-library/mongo/issues/485#issuecomment-891991814' 35 | echo 36 | } >&2 37 | fi 38 | ;; 39 | 40 | arm64) # https://github.com/docker-library/mongo/issues/485#issuecomment-970864306 41 | # https://en.wikichip.org/wiki/arm/armv8#ARMv8_Extensions_and_Processor_Features 42 | # http://javathunderx.blogspot.com/2018/11/cheat-sheet-for-cpuinfo-features-on.html 43 | if ! grep -qE '^Features.* (fphp|dcpop|sha3|sm3|sm4|asimddp|sha512|sve)( .*|$)' /proc/cpuinfo; then 44 | { 45 | echo 46 | echo 'WARNING: MongoDB requires ARMv8.2-A or higher, and your current system does not appear to implement any of the common features for that!' 47 | echo ' applies to all versions ≥5.0, any of 4.4 ≥4.4.19' 48 | echo ' see https://jira.mongodb.org/browse/SERVER-71772' 49 | echo ' see https://jira.mongodb.org/browse/SERVER-55178' 50 | echo ' see also https://en.wikichip.org/wiki/arm/armv8#ARMv8_Extensions_and_Processor_Features' 51 | echo ' see also https://github.com/docker-library/mongo/issues/485#issuecomment-970864306' 52 | echo 53 | } >&2 54 | fi 55 | ;; 56 | esac 57 | 58 | # you should use numactl to start your mongod instances, including the config servers, mongos instances, and any clients. 59 | # https://docs.mongodb.com/manual/administration/production-notes/#configuring-numa-on-linux 60 | if [[ "$originalArgOne" == mongo* ]]; then 61 | numa='numactl --interleave=all' 62 | if $numa true &> /dev/null; then 63 | set -- $numa "$@" 64 | fi 65 | fi 66 | 67 | # usage: file_env VAR [DEFAULT] 68 | # ie: file_env 'XYZ_DB_PASSWORD' 'example' 69 | # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of 70 | # "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) 71 | file_env() { 72 | local var="$1" 73 | local fileVar="${var}_FILE" 74 | local def="${2:-}" 75 | if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then 76 | echo >&2 "error: both $var and $fileVar are set (but are exclusive)" 77 | exit 1 78 | fi 79 | local val="$def" 80 | if [ "${!var:-}" ]; then 81 | val="${!var}" 82 | elif [ "${!fileVar:-}" ]; then 83 | val="$(< "${!fileVar}")" 84 | fi 85 | export "$var"="$val" 86 | unset "$fileVar" 87 | } 88 | 89 | # see https://github.com/docker-library/mongo/issues/147 (mongod is picky about duplicated arguments) 90 | _mongod_hack_have_arg() { 91 | local checkArg="$1"; shift 92 | local arg 93 | for arg; do 94 | case "$arg" in 95 | "$checkArg"|"$checkArg"=*) 96 | return 0 97 | ;; 98 | esac 99 | done 100 | return 1 101 | } 102 | # _mongod_hack_get_arg_val '--some-arg' "$@" 103 | _mongod_hack_get_arg_val() { 104 | local checkArg="$1"; shift 105 | while [ "$#" -gt 0 ]; do 106 | local arg="$1"; shift 107 | case "$arg" in 108 | "$checkArg") 109 | echo "$1" 110 | return 0 111 | ;; 112 | "$checkArg"=*) 113 | echo "${arg#$checkArg=}" 114 | return 0 115 | ;; 116 | esac 117 | done 118 | return 1 119 | } 120 | declare -a mongodHackedArgs 121 | # _mongod_hack_ensure_arg '--some-arg' "$@" 122 | # set -- "${mongodHackedArgs[@]}" 123 | _mongod_hack_ensure_arg() { 124 | local ensureArg="$1"; shift 125 | mongodHackedArgs=( "$@" ) 126 | if ! _mongod_hack_have_arg "$ensureArg" "$@"; then 127 | mongodHackedArgs+=( "$ensureArg" ) 128 | fi 129 | } 130 | # _mongod_hack_ensure_no_arg '--some-unwanted-arg' "$@" 131 | # set -- "${mongodHackedArgs[@]}" 132 | _mongod_hack_ensure_no_arg() { 133 | local ensureNoArg="$1"; shift 134 | mongodHackedArgs=() 135 | while [ "$#" -gt 0 ]; do 136 | local arg="$1"; shift 137 | if [ "$arg" = "$ensureNoArg" ]; then 138 | continue 139 | fi 140 | mongodHackedArgs+=( "$arg" ) 141 | done 142 | } 143 | # _mongod_hack_ensure_no_arg '--some-unwanted-arg' "$@" 144 | # set -- "${mongodHackedArgs[@]}" 145 | _mongod_hack_ensure_no_arg_val() { 146 | local ensureNoArg="$1"; shift 147 | mongodHackedArgs=() 148 | while [ "$#" -gt 0 ]; do 149 | local arg="$1"; shift 150 | case "$arg" in 151 | "$ensureNoArg") 152 | shift # also skip the value 153 | continue 154 | ;; 155 | "$ensureNoArg"=*) 156 | # value is already included 157 | continue 158 | ;; 159 | esac 160 | mongodHackedArgs+=( "$arg" ) 161 | done 162 | } 163 | # _mongod_hack_ensure_arg_val '--some-arg' 'some-val' "$@" 164 | # set -- "${mongodHackedArgs[@]}" 165 | _mongod_hack_ensure_arg_val() { 166 | local ensureArg="$1"; shift 167 | local ensureVal="$1"; shift 168 | _mongod_hack_ensure_no_arg_val "$ensureArg" "$@" 169 | mongodHackedArgs+=( "$ensureArg" "$ensureVal" ) 170 | } 171 | 172 | # _js_escape 'some "string" value' 173 | _js_escape() { 174 | jq --null-input --arg 'str' "$1" '$str' 175 | } 176 | 177 | : "${TMPDIR:=/tmp}" 178 | jsonConfigFile="$TMPDIR/docker-entrypoint-config.json" 179 | tempConfigFile="$TMPDIR/docker-entrypoint-temp-config.json" 180 | _parse_config() { 181 | if [ -s "$tempConfigFile" ]; then 182 | return 0 183 | fi 184 | 185 | local configPath 186 | if configPath="$(_mongod_hack_get_arg_val --config "$@")" && [ -s "$configPath" ]; then 187 | # if --config is specified, parse it into a JSON file so we can remove a few problematic keys (especially SSL-related keys) 188 | # see https://docs.mongodb.com/manual/reference/configuration-options/ 189 | if grep -vEm1 '^[[:space:]]*(#|$)' "$configPath" | grep -qE '^[[:space:]]*[^=:]+[[:space:]]*='; then 190 | # if the first non-comment/non-blank line of the config file looks like "foo = ...", this is probably the 2.4 and older "ini-style config format" 191 | # mongod tries to parse config as yaml and then falls back to ini-style parsing 192 | # https://github.com/mongodb/mongo/blob/r6.0.3/src/mongo/util/options_parser/options_parser.cpp#L1883-L1894 193 | echo >&2 194 | echo >&2 "WARNING: it appears that '$configPath' is in the older INI-style format (replaced by YAML in MongoDB 2.6)" 195 | echo >&2 ' This script does not parse the older INI-style format, and thus will ignore it.' 196 | echo >&2 197 | return 1 198 | fi 199 | if [ "$mongoShell" = 'mongo' ]; then 200 | "$mongoShell" --norc --nodb --quiet --eval "load('/js-yaml.js'); printjson(jsyaml.load(cat($(_js_escape "$configPath"))))" > "$jsonConfigFile" 201 | else 202 | # https://www.mongodb.com/docs/manual/reference/method/js-native/#std-label-native-in-mongosh 203 | "$mongoShell" --norc --nodb --quiet --eval "load('/js-yaml.js'); JSON.stringify(jsyaml.load(fs.readFileSync($(_js_escape "$configPath"), 'utf8')))" > "$jsonConfigFile" 204 | fi 205 | if [ "$(head -c1 "$jsonConfigFile")" != '{' ] || [ "$(tail -c2 "$jsonConfigFile")" != '}' ]; then 206 | # if the file doesn't start with "{" and end with "}", it's *probably* an error ("uncaught exception: YAMLException: foo" for example), so we should print it out 207 | echo >&2 'error: unexpected "js-yaml.js" output while parsing config:' 208 | cat >&2 "$jsonConfigFile" 209 | exit 1 210 | fi 211 | jq 'del(.systemLog, .processManagement, .net, .security, .replication)' "$jsonConfigFile" > "$tempConfigFile" 212 | return 0 213 | fi 214 | 215 | return 1 216 | } 217 | dbPath= 218 | _dbPath() { 219 | if [ -n "$dbPath" ]; then 220 | echo "$dbPath" 221 | return 222 | fi 223 | 224 | if ! dbPath="$(_mongod_hack_get_arg_val --dbpath "$@")"; then 225 | if _parse_config "$@"; then 226 | dbPath="$(jq -r '.storage.dbPath // empty' "$jsonConfigFile")" 227 | fi 228 | fi 229 | 230 | if [ -z "$dbPath" ]; then 231 | if _mongod_hack_have_arg --configsvr "$@" || { 232 | _parse_config "$@" \ 233 | && clusterRole="$(jq -r '.sharding.clusterRole // empty' "$jsonConfigFile")" \ 234 | && [ "$clusterRole" = 'configsvr' ] 235 | }; then 236 | # if running as config server, then the default dbpath is /data/configdb 237 | # https://docs.mongodb.com/manual/reference/program/mongod/#cmdoption-mongod-configsvr 238 | dbPath=/data/configdb 239 | fi 240 | fi 241 | 242 | : "${dbPath:=/data/db}" 243 | 244 | echo "$dbPath" 245 | } 246 | 247 | if [ "$originalArgOne" = 'mongod' ]; then 248 | file_env 'MONGO_INITDB_ROOT_USERNAME' 249 | file_env 'MONGO_INITDB_ROOT_PASSWORD' 250 | 251 | mongoShell='mongo' 252 | if ! command -v "$mongoShell" > /dev/null; then 253 | mongoShell='mongosh' 254 | fi 255 | 256 | # pre-check a few factors to see if it's even worth bothering with initdb 257 | shouldPerformInitdb= 258 | if [ "$MONGO_INITDB_ROOT_USERNAME" ] && [ "$MONGO_INITDB_ROOT_PASSWORD" ]; then 259 | # if we have a username/password, let's set "--auth" 260 | _mongod_hack_ensure_arg '--auth' "$@" 261 | set -- "${mongodHackedArgs[@]}" 262 | shouldPerformInitdb='true' 263 | elif [ "$MONGO_INITDB_ROOT_USERNAME" ] || [ "$MONGO_INITDB_ROOT_PASSWORD" ]; then 264 | cat >&2 <<-'EOF' 265 | 266 | error: missing 'MONGO_INITDB_ROOT_USERNAME' or 'MONGO_INITDB_ROOT_PASSWORD' 267 | both must be specified for a user to be created 268 | 269 | EOF 270 | exit 1 271 | fi 272 | 273 | if [ -z "$shouldPerformInitdb" ]; then 274 | # if we've got any /docker-entrypoint-initdb.d/* files to parse later, we should initdb 275 | for f in /docker-entrypoint-initdb.d/*; do 276 | case "$f" in 277 | *.sh|*.js) # this should match the set of files we check for below 278 | shouldPerformInitdb="$f" 279 | break 280 | ;; 281 | esac 282 | done 283 | fi 284 | 285 | # check for a few known paths (to determine whether we've already initialized and should thus skip our initdb scripts) 286 | if [ -n "$shouldPerformInitdb" ]; then 287 | dbPath="$(_dbPath "$@")" 288 | for path in \ 289 | "$dbPath/WiredTiger" \ 290 | "$dbPath/journal" \ 291 | "$dbPath/local.0" \ 292 | "$dbPath/storage.bson" \ 293 | ; do 294 | if [ -e "$path" ]; then 295 | shouldPerformInitdb= 296 | break 297 | fi 298 | done 299 | fi 300 | 301 | if [ -n "$shouldPerformInitdb" ]; then 302 | mongodHackedArgs=( "$@" ) 303 | if _parse_config "$@"; then 304 | _mongod_hack_ensure_arg_val --config "$tempConfigFile" "${mongodHackedArgs[@]}" 305 | fi 306 | _mongod_hack_ensure_arg_val --bind_ip 127.0.0.1 "${mongodHackedArgs[@]}" 307 | _mongod_hack_ensure_arg_val --port 27017 "${mongodHackedArgs[@]}" 308 | _mongod_hack_ensure_no_arg --bind_ip_all "${mongodHackedArgs[@]}" 309 | 310 | # remove "--auth" and "--replSet" for our initial startup (see https://docs.mongodb.com/manual/tutorial/enable-authentication/#start-mongodb-without-access-control) 311 | # https://github.com/docker-library/mongo/issues/211 312 | _mongod_hack_ensure_no_arg --auth "${mongodHackedArgs[@]}" 313 | # "keyFile implies security.authorization" 314 | # https://docs.mongodb.com/manual/reference/configuration-options/#mongodb-setting-security.keyFile 315 | _mongod_hack_ensure_no_arg_val --keyFile "${mongodHackedArgs[@]}" 316 | if [ "$MONGO_INITDB_ROOT_USERNAME" ] && [ "$MONGO_INITDB_ROOT_PASSWORD" ]; then 317 | _mongod_hack_ensure_no_arg_val --replSet "${mongodHackedArgs[@]}" 318 | fi 319 | 320 | # "BadValue: need sslPEMKeyFile when SSL is enabled" vs "BadValue: need to enable SSL via the sslMode flag when using SSL configuration parameters" 321 | tlsMode='disabled' 322 | if _mongod_hack_have_arg '--tlsCertificateKeyFile' "$@"; then 323 | tlsMode='allowTLS' 324 | fi 325 | _mongod_hack_ensure_arg_val --tlsMode "$tlsMode" "${mongodHackedArgs[@]}" 326 | 327 | if stat "/proc/$$/fd/1" > /dev/null && [ -w "/proc/$$/fd/1" ]; then 328 | # https://github.com/mongodb/mongo/blob/38c0eb538d0fd390c6cb9ce9ae9894153f6e8ef5/src/mongo/db/initialize_server_global_state.cpp#L237-L251 329 | # https://github.com/docker-library/mongo/issues/164#issuecomment-293965668 330 | _mongod_hack_ensure_arg_val --logpath "/proc/$$/fd/1" "${mongodHackedArgs[@]}" 331 | else 332 | initdbLogPath="$(_dbPath "$@")/docker-initdb.log" 333 | echo >&2 "warning: initdb logs cannot write to '/proc/$$/fd/1', so they are in '$initdbLogPath' instead" 334 | _mongod_hack_ensure_arg_val --logpath "$initdbLogPath" "${mongodHackedArgs[@]}" 335 | fi 336 | _mongod_hack_ensure_arg --logappend "${mongodHackedArgs[@]}" 337 | 338 | pidfile="$TMPDIR/docker-entrypoint-temp-mongod.pid" 339 | rm -f "$pidfile" 340 | _mongod_hack_ensure_arg_val --pidfilepath "$pidfile" "${mongodHackedArgs[@]}" 341 | 342 | "${mongodHackedArgs[@]}" --fork 343 | 344 | mongo=( "$mongoShell" --host 127.0.0.1 --port 27017 --quiet ) 345 | 346 | # check to see that our "mongod" actually did start up (catches "--help", "--version", slow prealloc, etc) 347 | # https://jira.mongodb.org/browse/SERVER-16292 348 | tries=30 349 | while true; do 350 | if ! { [ -s "$pidfile" ] && ps "$(< "$pidfile")" &> /dev/null; }; then 351 | # bail ASAP if "mongod" isn't even running 352 | echo >&2 353 | echo >&2 "error: $originalArgOne does not appear to have stayed running -- perhaps it had an error?" 354 | echo >&2 355 | exit 1 356 | fi 357 | if "${mongo[@]}" 'admin' --eval 'quit(0)' &> /dev/null; then 358 | # success! 359 | break 360 | fi 361 | (( tries-- )) 362 | if [ "$tries" -le 0 ]; then 363 | echo >&2 364 | echo >&2 "error: $originalArgOne does not appear to have accepted connections quickly enough -- perhaps it had an error?" 365 | echo >&2 366 | exit 1 367 | fi 368 | sleep 1 369 | done 370 | 371 | if [ "$MONGO_INITDB_ROOT_USERNAME" ] && [ "$MONGO_INITDB_ROOT_PASSWORD" ]; then 372 | rootAuthDatabase='admin' 373 | 374 | "${mongo[@]}" "$rootAuthDatabase" <<-EOJS 375 | db.createUser({ 376 | user: $(_js_escape "$MONGO_INITDB_ROOT_USERNAME"), 377 | pwd: $(_js_escape "$MONGO_INITDB_ROOT_PASSWORD"), 378 | roles: [ { role: 'root', db: $(_js_escape "$rootAuthDatabase") } ] 379 | }) 380 | EOJS 381 | fi 382 | 383 | export MONGO_INITDB_DATABASE="${MONGO_INITDB_DATABASE:-test}" 384 | 385 | echo 386 | for f in /docker-entrypoint-initdb.d/*; do 387 | case "$f" in 388 | *.sh) echo "$0: running $f"; . "$f" ;; 389 | *.js) echo "$0: running $f"; "${mongo[@]}" "$MONGO_INITDB_DATABASE" "$f"; echo ;; 390 | *) echo "$0: ignoring $f" ;; 391 | esac 392 | echo 393 | done 394 | 395 | "${mongodHackedArgs[@]}" --shutdown 396 | rm -f "$pidfile" 397 | 398 | echo 399 | echo 'MongoDB init process complete; ready for start up.' 400 | echo 401 | fi 402 | 403 | # MongoDB defaults to localhost-only binding 404 | haveBindIp= 405 | if _mongod_hack_have_arg --bind_ip "$@" || _mongod_hack_have_arg --bind_ip_all "$@"; then 406 | haveBindIp=1 407 | elif _parse_config "$@" && jq --exit-status '.net.bindIp // .net.bindIpAll' "$jsonConfigFile" > /dev/null; then 408 | haveBindIp=1 409 | fi 410 | if [ -z "$haveBindIp" ]; then 411 | # so if no "--bind_ip" is specified, let's add "--bind_ip_all" 412 | set -- "$@" --bind_ip_all 413 | fi 414 | 415 | unset "${!MONGO_INITDB_@}" 416 | fi 417 | 418 | rm -f "$jsonConfigFile" "$tempConfigFile" 419 | 420 | exec "$@" 421 | -------------------------------------------------------------------------------- /6.0/windows/nanoserver-ltsc2022/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" 3 | # 4 | # PLEASE DO NOT EDIT IT DIRECTLY. 5 | # 6 | 7 | FROM mcr.microsoft.com/windows/nanoserver:ltsc2022 8 | 9 | SHELL ["cmd", "/S", "/C"] 10 | 11 | # PATH isn't actually set in the Docker image, so we have to set it from within the container 12 | USER ContainerAdministrator 13 | RUN setx /m PATH "C:\mongodb\bin;%PATH%" 14 | USER ContainerUser 15 | # doing this first to share cache across versions more aggressively 16 | 17 | COPY --from=mongo:6.0.24-windowsservercore-ltsc2022 \ 18 | C:\\Windows\\System32\\msvcp140.dll \ 19 | C:\\Windows\\System32\\msvcp140_1.dll \ 20 | C:\\Windows\\System32\\vcruntime140.dll \ 21 | C:\\Windows\\System32\\vcruntime140_1.dll \ 22 | C:\\Windows\\System32\\ 23 | 24 | # https://docs.mongodb.org/master/release-notes/6.0/ 25 | ENV MONGO_VERSION 6.0.24 26 | # 05/28/2025, https://github.com/mongodb/mongo/tree/1b052b94a23863fd12be97aaa4e4b1d96456e5cc 27 | 28 | COPY --from=mongo:6.0.24-windowsservercore-ltsc2022 C:\\mongodb C:\\mongodb 29 | RUN mongod --version 30 | 31 | VOLUME C:\\data\\db C:\\data\\configdb 32 | 33 | EXPOSE 27017 34 | CMD ["mongod", "--bind_ip_all"] 35 | -------------------------------------------------------------------------------- /6.0/windows/windowsservercore-ltsc2022/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" 3 | # 4 | # PLEASE DO NOT EDIT IT DIRECTLY. 5 | # 6 | 7 | FROM mcr.microsoft.com/windows/servercore:ltsc2022 8 | 9 | SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop';"] 10 | 11 | # https://docs.mongodb.org/master/release-notes/6.0/ 12 | ENV MONGO_VERSION 6.0.24 13 | # 05/28/2025, https://github.com/mongodb/mongo/tree/1b052b94a23863fd12be97aaa4e4b1d96456e5cc 14 | 15 | ENV MONGO_DOWNLOAD_URL https://fastdl.mongodb.org/windows/mongodb-windows-x86_64-6.0.24-signed.msi 16 | ENV MONGO_DOWNLOAD_SHA256=29efc8ca87db8f2fe35af9398c612e5fb7c1deca1ff4ae336c242a69934c0f6c 17 | 18 | RUN Write-Host ('Downloading {0} ...' -f $env:MONGO_DOWNLOAD_URL); \ 19 | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; \ 20 | (New-Object System.Net.WebClient).DownloadFile($env:MONGO_DOWNLOAD_URL, 'mongo.msi'); \ 21 | \ 22 | if ($env:MONGO_DOWNLOAD_SHA256) { \ 23 | Write-Host ('Verifying sha256 ({0}) ...' -f $env:MONGO_DOWNLOAD_SHA256); \ 24 | if ((Get-FileHash mongo.msi -Algorithm sha256).Hash -ne $env:MONGO_DOWNLOAD_SHA256) { \ 25 | Write-Host 'FAILED!'; \ 26 | exit 1; \ 27 | }; \ 28 | }; \ 29 | \ 30 | Write-Host 'Installing ...'; \ 31 | # https://docs.mongodb.com/manual/tutorial/install-mongodb-on-windows/#install-mongodb-community-edition 32 | Start-Process msiexec -Wait \ 33 | -ArgumentList @( \ 34 | '/i', \ 35 | 'mongo.msi', \ 36 | '/quiet', \ 37 | '/qn', \ 38 | '/l*v', 'install.log', \ 39 | # https://docs.mongodb.com/manual/tutorial/install-mongodb-on-windows-unattended/#run-the-windows-installer-from-the-windows-command-interpreter 40 | 'INSTALLLOCATION=C:\mongodb', \ 41 | 'ADDLOCAL=MiscellaneousTools,Router,ServerNoService' \ 42 | ); \ 43 | if (-Not (Test-Path C:\mongodb\bin\mongod.exe -PathType Leaf)) { \ 44 | Write-Host 'Installer failed!'; \ 45 | Get-Content install.log; \ 46 | exit 1; \ 47 | }; \ 48 | Remove-Item install.log; \ 49 | \ 50 | $env:PATH = 'C:\mongodb\bin;' + $env:PATH; \ 51 | [Environment]::SetEnvironmentVariable('PATH', $env:PATH, [EnvironmentVariableTarget]::Machine); \ 52 | \ 53 | Write-Host 'Verifying install ...'; \ 54 | Write-Host ' mongod --version'; mongod --version; \ 55 | \ 56 | Write-Host 'Removing ...'; \ 57 | Remove-Item C:\windows\installer\*.msi -Force; \ 58 | Remove-Item mongo.msi -Force; \ 59 | \ 60 | Write-Host 'Complete.'; 61 | 62 | # TODO docker-entrypoint.ps1 ? (for "docker run --flag --flag --flag") 63 | 64 | VOLUME C:\\data\\db C:\\data\\configdb 65 | 66 | EXPOSE 27017 67 | CMD ["mongod", "--bind_ip_all"] 68 | -------------------------------------------------------------------------------- /6.0/windows/windowsservercore-ltsc2025/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" 3 | # 4 | # PLEASE DO NOT EDIT IT DIRECTLY. 5 | # 6 | 7 | FROM mcr.microsoft.com/windows/servercore:ltsc2025 8 | 9 | SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop';"] 10 | 11 | # https://docs.mongodb.org/master/release-notes/6.0/ 12 | ENV MONGO_VERSION 6.0.24 13 | # 05/28/2025, https://github.com/mongodb/mongo/tree/1b052b94a23863fd12be97aaa4e4b1d96456e5cc 14 | 15 | ENV MONGO_DOWNLOAD_URL https://fastdl.mongodb.org/windows/mongodb-windows-x86_64-6.0.24-signed.msi 16 | ENV MONGO_DOWNLOAD_SHA256=29efc8ca87db8f2fe35af9398c612e5fb7c1deca1ff4ae336c242a69934c0f6c 17 | 18 | RUN Write-Host ('Downloading {0} ...' -f $env:MONGO_DOWNLOAD_URL); \ 19 | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; \ 20 | (New-Object System.Net.WebClient).DownloadFile($env:MONGO_DOWNLOAD_URL, 'mongo.msi'); \ 21 | \ 22 | if ($env:MONGO_DOWNLOAD_SHA256) { \ 23 | Write-Host ('Verifying sha256 ({0}) ...' -f $env:MONGO_DOWNLOAD_SHA256); \ 24 | if ((Get-FileHash mongo.msi -Algorithm sha256).Hash -ne $env:MONGO_DOWNLOAD_SHA256) { \ 25 | Write-Host 'FAILED!'; \ 26 | exit 1; \ 27 | }; \ 28 | }; \ 29 | \ 30 | Write-Host 'Installing ...'; \ 31 | # https://docs.mongodb.com/manual/tutorial/install-mongodb-on-windows/#install-mongodb-community-edition 32 | Start-Process msiexec -Wait \ 33 | -ArgumentList @( \ 34 | '/i', \ 35 | 'mongo.msi', \ 36 | '/quiet', \ 37 | '/qn', \ 38 | '/l*v', 'install.log', \ 39 | # https://docs.mongodb.com/manual/tutorial/install-mongodb-on-windows-unattended/#run-the-windows-installer-from-the-windows-command-interpreter 40 | 'INSTALLLOCATION=C:\mongodb', \ 41 | 'ADDLOCAL=MiscellaneousTools,Router,ServerNoService' \ 42 | ); \ 43 | if (-Not (Test-Path C:\mongodb\bin\mongod.exe -PathType Leaf)) { \ 44 | Write-Host 'Installer failed!'; \ 45 | Get-Content install.log; \ 46 | exit 1; \ 47 | }; \ 48 | Remove-Item install.log; \ 49 | \ 50 | $env:PATH = 'C:\mongodb\bin;' + $env:PATH; \ 51 | [Environment]::SetEnvironmentVariable('PATH', $env:PATH, [EnvironmentVariableTarget]::Machine); \ 52 | \ 53 | Write-Host 'Verifying install ...'; \ 54 | Write-Host ' mongod --version'; mongod --version; \ 55 | \ 56 | Write-Host 'Removing ...'; \ 57 | Remove-Item C:\windows\installer\*.msi -Force; \ 58 | Remove-Item mongo.msi -Force; \ 59 | \ 60 | Write-Host 'Complete.'; 61 | 62 | # TODO docker-entrypoint.ps1 ? (for "docker run --flag --flag --flag") 63 | 64 | VOLUME C:\\data\\db C:\\data\\configdb 65 | 66 | EXPOSE 27017 67 | CMD ["mongod", "--bind_ip_all"] 68 | -------------------------------------------------------------------------------- /7.0/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" 3 | # 4 | # PLEASE DO NOT EDIT IT DIRECTLY. 5 | # 6 | 7 | FROM ubuntu:jammy 8 | 9 | # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added 10 | RUN set -eux; \ 11 | groupadd --gid 999 --system mongodb; \ 12 | useradd --uid 999 --system --gid mongodb --home-dir /data/db mongodb; \ 13 | mkdir -p /data/db /data/configdb; \ 14 | chown -R mongodb:mongodb /data/db /data/configdb 15 | 16 | RUN set -eux; \ 17 | apt-get update; \ 18 | apt-get install -y --no-install-recommends \ 19 | ca-certificates \ 20 | jq \ 21 | numactl \ 22 | procps \ 23 | ; \ 24 | rm -rf /var/lib/apt/lists/* 25 | 26 | # grab gosu for easy step-down from root (https://github.com/tianon/gosu/releases) 27 | ENV GOSU_VERSION 1.17 28 | # grab "js-yaml" for parsing mongod's YAML config files (https://github.com/nodeca/js-yaml/releases) 29 | ENV JSYAML_VERSION 3.13.1 30 | ENV JSYAML_CHECKSUM 662e32319bdd378e91f67578e56a34954b0a2e33aca11d70ab9f4826af24b941 31 | 32 | RUN set -eux; \ 33 | \ 34 | savedAptMark="$(apt-mark showmanual)"; \ 35 | apt-get update; \ 36 | apt-get install -y --no-install-recommends \ 37 | gnupg \ 38 | wget \ 39 | ; \ 40 | rm -rf /var/lib/apt/lists/*; \ 41 | \ 42 | # download/install gosu 43 | dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ 44 | wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ 45 | wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ 46 | export GNUPGHOME="$(mktemp -d)"; \ 47 | gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ 48 | gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ 49 | gpgconf --kill all; \ 50 | rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ 51 | \ 52 | # download/install js-yaml 53 | mkdir -p /opt/js-yaml/; \ 54 | wget -O /opt/js-yaml/js-yaml.tgz https://registry.npmjs.org/js-yaml/-/js-yaml-${JSYAML_VERSION}.tgz; \ 55 | echo "$JSYAML_CHECKSUM */opt/js-yaml/js-yaml.tgz" | sha256sum -c -; \ 56 | tar -xz --strip-components=1 -f /opt/js-yaml/js-yaml.tgz -C /opt/js-yaml package/dist/js-yaml.js package/package.json; \ 57 | rm /opt/js-yaml/js-yaml.tgz; \ 58 | ln -s /opt/js-yaml/dist/js-yaml.js /js-yaml.js; \ 59 | \ 60 | # download/install MongoDB PGP keys 61 | export GNUPGHOME="$(mktemp -d)"; \ 62 | wget -O KEYS 'https://pgp.mongodb.com/server-7.0.asc'; \ 63 | gpg --batch --import KEYS; \ 64 | mkdir -p /etc/apt/keyrings; \ 65 | gpg --batch --export --armor 'E58830201F7DD82CD808AA84160D26BB1785BA38' > /etc/apt/keyrings/mongodb.asc; \ 66 | gpgconf --kill all; \ 67 | rm -rf "$GNUPGHOME" KEYS; \ 68 | \ 69 | apt-mark auto '.*' > /dev/null; \ 70 | apt-mark manual $savedAptMark > /dev/null; \ 71 | apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ 72 | \ 73 | # smoke test 74 | chmod +x /usr/local/bin/gosu; \ 75 | gosu --version; \ 76 | gosu nobody true 77 | 78 | RUN mkdir /docker-entrypoint-initdb.d 79 | 80 | # Allow build-time overrides (eg. to build image with MongoDB Enterprise version) 81 | # Options for MONGO_PACKAGE: mongodb-org OR mongodb-enterprise 82 | # Options for MONGO_REPO: repo.mongodb.org OR repo.mongodb.com 83 | # Example: docker build --build-arg MONGO_PACKAGE=mongodb-enterprise --build-arg MONGO_REPO=repo.mongodb.com . 84 | ARG MONGO_PACKAGE=mongodb-org 85 | ARG MONGO_REPO=repo.mongodb.org 86 | ENV MONGO_PACKAGE=${MONGO_PACKAGE} MONGO_REPO=${MONGO_REPO} 87 | 88 | ENV MONGO_MAJOR 7.0 89 | RUN echo "deb [ signed-by=/etc/apt/keyrings/mongodb.asc ] http://$MONGO_REPO/apt/ubuntu jammy/${MONGO_PACKAGE%-unstable}/$MONGO_MAJOR multiverse" | tee "/etc/apt/sources.list.d/${MONGO_PACKAGE%-unstable}.list" 90 | 91 | # https://docs.mongodb.org/master/release-notes/7.0/ 92 | ENV MONGO_VERSION 7.0.21 93 | # 05/28/2025, https://github.com/mongodb/mongo/tree/a47b62aff2bae1914085c3ef1d90fc099acf000c 94 | 95 | RUN set -x \ 96 | # installing "mongodb-enterprise" pulls in "tzdata" which prompts for input 97 | && export DEBIAN_FRONTEND=noninteractive \ 98 | && apt-get update \ 99 | && apt-get install -y \ 100 | ${MONGO_PACKAGE}=$MONGO_VERSION \ 101 | ${MONGO_PACKAGE}-server=$MONGO_VERSION \ 102 | ${MONGO_PACKAGE}-shell=$MONGO_VERSION \ 103 | ${MONGO_PACKAGE}-mongos=$MONGO_VERSION \ 104 | ${MONGO_PACKAGE}-tools=$MONGO_VERSION \ 105 | ${MONGO_PACKAGE}-database=$MONGO_VERSION \ 106 | ${MONGO_PACKAGE}-database-tools-extra=$MONGO_VERSION \ 107 | && rm -rf /var/lib/apt/lists/* \ 108 | && rm -rf /var/lib/mongodb \ 109 | && mv /etc/mongod.conf /etc/mongod.conf.orig 110 | 111 | VOLUME /data/db /data/configdb 112 | 113 | # ensure that if running as custom user that "mongosh" has a valid "HOME" 114 | # https://github.com/docker-library/mongo/issues/524 115 | ENV HOME /data/db 116 | 117 | COPY docker-entrypoint.sh /usr/local/bin/ 118 | ENTRYPOINT ["docker-entrypoint.sh"] 119 | 120 | EXPOSE 27017 121 | CMD ["mongod"] 122 | -------------------------------------------------------------------------------- /7.0/docker-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | if [ "${1:0:1}" = '-' ]; then 5 | set -- mongod "$@" 6 | fi 7 | 8 | originalArgOne="$1" 9 | 10 | # allow the container to be started with `--user` 11 | # all mongo* commands should be dropped to the correct user 12 | if [[ "$originalArgOne" == mongo* ]] && [ "$(id -u)" = '0' ]; then 13 | if [ "$originalArgOne" = 'mongod' ]; then 14 | find /data/configdb /data/db \! -user mongodb -exec chown mongodb '{}' + 15 | fi 16 | 17 | # make sure we can write to stdout and stderr as "mongodb" 18 | # (for our "initdb" code later; see "--logpath" below) 19 | chown --dereference mongodb "/proc/$$/fd/1" "/proc/$$/fd/2" || : 20 | # ignore errors thanks to https://github.com/docker-library/mongo/issues/149 21 | 22 | exec gosu mongodb "$BASH_SOURCE" "$@" 23 | fi 24 | 25 | dpkgArch="$(dpkg --print-architecture)" 26 | case "$dpkgArch" in 27 | amd64) # https://github.com/docker-library/mongo/issues/485#issuecomment-891991814 28 | if ! grep -qE '^flags.* avx( .*|$)' /proc/cpuinfo; then 29 | { 30 | echo 31 | echo 'WARNING: MongoDB 5.0+ requires a CPU with AVX support, and your current system does not appear to have that!' 32 | echo ' see https://jira.mongodb.org/browse/SERVER-54407' 33 | echo ' see also https://www.mongodb.com/community/forums/t/mongodb-5-0-cpu-intel-g4650-compatibility/116610/2' 34 | echo ' see also https://github.com/docker-library/mongo/issues/485#issuecomment-891991814' 35 | echo 36 | } >&2 37 | fi 38 | ;; 39 | 40 | arm64) # https://github.com/docker-library/mongo/issues/485#issuecomment-970864306 41 | # https://en.wikichip.org/wiki/arm/armv8#ARMv8_Extensions_and_Processor_Features 42 | # http://javathunderx.blogspot.com/2018/11/cheat-sheet-for-cpuinfo-features-on.html 43 | if ! grep -qE '^Features.* (fphp|dcpop|sha3|sm3|sm4|asimddp|sha512|sve)( .*|$)' /proc/cpuinfo; then 44 | { 45 | echo 46 | echo 'WARNING: MongoDB requires ARMv8.2-A or higher, and your current system does not appear to implement any of the common features for that!' 47 | echo ' applies to all versions ≥5.0, any of 4.4 ≥4.4.19' 48 | echo ' see https://jira.mongodb.org/browse/SERVER-71772' 49 | echo ' see https://jira.mongodb.org/browse/SERVER-55178' 50 | echo ' see also https://en.wikichip.org/wiki/arm/armv8#ARMv8_Extensions_and_Processor_Features' 51 | echo ' see also https://github.com/docker-library/mongo/issues/485#issuecomment-970864306' 52 | echo 53 | } >&2 54 | fi 55 | ;; 56 | esac 57 | 58 | # you should use numactl to start your mongod instances, including the config servers, mongos instances, and any clients. 59 | # https://docs.mongodb.com/manual/administration/production-notes/#configuring-numa-on-linux 60 | if [[ "$originalArgOne" == mongo* ]]; then 61 | numa='numactl --interleave=all' 62 | if $numa true &> /dev/null; then 63 | set -- $numa "$@" 64 | fi 65 | fi 66 | 67 | # usage: file_env VAR [DEFAULT] 68 | # ie: file_env 'XYZ_DB_PASSWORD' 'example' 69 | # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of 70 | # "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) 71 | file_env() { 72 | local var="$1" 73 | local fileVar="${var}_FILE" 74 | local def="${2:-}" 75 | if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then 76 | echo >&2 "error: both $var and $fileVar are set (but are exclusive)" 77 | exit 1 78 | fi 79 | local val="$def" 80 | if [ "${!var:-}" ]; then 81 | val="${!var}" 82 | elif [ "${!fileVar:-}" ]; then 83 | val="$(< "${!fileVar}")" 84 | fi 85 | export "$var"="$val" 86 | unset "$fileVar" 87 | } 88 | 89 | # see https://github.com/docker-library/mongo/issues/147 (mongod is picky about duplicated arguments) 90 | _mongod_hack_have_arg() { 91 | local checkArg="$1"; shift 92 | local arg 93 | for arg; do 94 | case "$arg" in 95 | "$checkArg"|"$checkArg"=*) 96 | return 0 97 | ;; 98 | esac 99 | done 100 | return 1 101 | } 102 | # _mongod_hack_get_arg_val '--some-arg' "$@" 103 | _mongod_hack_get_arg_val() { 104 | local checkArg="$1"; shift 105 | while [ "$#" -gt 0 ]; do 106 | local arg="$1"; shift 107 | case "$arg" in 108 | "$checkArg") 109 | echo "$1" 110 | return 0 111 | ;; 112 | "$checkArg"=*) 113 | echo "${arg#$checkArg=}" 114 | return 0 115 | ;; 116 | esac 117 | done 118 | return 1 119 | } 120 | declare -a mongodHackedArgs 121 | # _mongod_hack_ensure_arg '--some-arg' "$@" 122 | # set -- "${mongodHackedArgs[@]}" 123 | _mongod_hack_ensure_arg() { 124 | local ensureArg="$1"; shift 125 | mongodHackedArgs=( "$@" ) 126 | if ! _mongod_hack_have_arg "$ensureArg" "$@"; then 127 | mongodHackedArgs+=( "$ensureArg" ) 128 | fi 129 | } 130 | # _mongod_hack_ensure_no_arg '--some-unwanted-arg' "$@" 131 | # set -- "${mongodHackedArgs[@]}" 132 | _mongod_hack_ensure_no_arg() { 133 | local ensureNoArg="$1"; shift 134 | mongodHackedArgs=() 135 | while [ "$#" -gt 0 ]; do 136 | local arg="$1"; shift 137 | if [ "$arg" = "$ensureNoArg" ]; then 138 | continue 139 | fi 140 | mongodHackedArgs+=( "$arg" ) 141 | done 142 | } 143 | # _mongod_hack_ensure_no_arg '--some-unwanted-arg' "$@" 144 | # set -- "${mongodHackedArgs[@]}" 145 | _mongod_hack_ensure_no_arg_val() { 146 | local ensureNoArg="$1"; shift 147 | mongodHackedArgs=() 148 | while [ "$#" -gt 0 ]; do 149 | local arg="$1"; shift 150 | case "$arg" in 151 | "$ensureNoArg") 152 | shift # also skip the value 153 | continue 154 | ;; 155 | "$ensureNoArg"=*) 156 | # value is already included 157 | continue 158 | ;; 159 | esac 160 | mongodHackedArgs+=( "$arg" ) 161 | done 162 | } 163 | # _mongod_hack_ensure_arg_val '--some-arg' 'some-val' "$@" 164 | # set -- "${mongodHackedArgs[@]}" 165 | _mongod_hack_ensure_arg_val() { 166 | local ensureArg="$1"; shift 167 | local ensureVal="$1"; shift 168 | _mongod_hack_ensure_no_arg_val "$ensureArg" "$@" 169 | mongodHackedArgs+=( "$ensureArg" "$ensureVal" ) 170 | } 171 | 172 | # _js_escape 'some "string" value' 173 | _js_escape() { 174 | jq --null-input --arg 'str' "$1" '$str' 175 | } 176 | 177 | : "${TMPDIR:=/tmp}" 178 | jsonConfigFile="$TMPDIR/docker-entrypoint-config.json" 179 | tempConfigFile="$TMPDIR/docker-entrypoint-temp-config.json" 180 | _parse_config() { 181 | if [ -s "$tempConfigFile" ]; then 182 | return 0 183 | fi 184 | 185 | local configPath 186 | if configPath="$(_mongod_hack_get_arg_val --config "$@")" && [ -s "$configPath" ]; then 187 | # if --config is specified, parse it into a JSON file so we can remove a few problematic keys (especially SSL-related keys) 188 | # see https://docs.mongodb.com/manual/reference/configuration-options/ 189 | if grep -vEm1 '^[[:space:]]*(#|$)' "$configPath" | grep -qE '^[[:space:]]*[^=:]+[[:space:]]*='; then 190 | # if the first non-comment/non-blank line of the config file looks like "foo = ...", this is probably the 2.4 and older "ini-style config format" 191 | # mongod tries to parse config as yaml and then falls back to ini-style parsing 192 | # https://github.com/mongodb/mongo/blob/r6.0.3/src/mongo/util/options_parser/options_parser.cpp#L1883-L1894 193 | echo >&2 194 | echo >&2 "WARNING: it appears that '$configPath' is in the older INI-style format (replaced by YAML in MongoDB 2.6)" 195 | echo >&2 ' This script does not parse the older INI-style format, and thus will ignore it.' 196 | echo >&2 197 | return 1 198 | fi 199 | if [ "$mongoShell" = 'mongo' ]; then 200 | "$mongoShell" --norc --nodb --quiet --eval "load('/js-yaml.js'); printjson(jsyaml.load(cat($(_js_escape "$configPath"))))" > "$jsonConfigFile" 201 | else 202 | # https://www.mongodb.com/docs/manual/reference/method/js-native/#std-label-native-in-mongosh 203 | "$mongoShell" --norc --nodb --quiet --eval "load('/js-yaml.js'); JSON.stringify(jsyaml.load(fs.readFileSync($(_js_escape "$configPath"), 'utf8')))" > "$jsonConfigFile" 204 | fi 205 | if [ "$(head -c1 "$jsonConfigFile")" != '{' ] || [ "$(tail -c2 "$jsonConfigFile")" != '}' ]; then 206 | # if the file doesn't start with "{" and end with "}", it's *probably* an error ("uncaught exception: YAMLException: foo" for example), so we should print it out 207 | echo >&2 'error: unexpected "js-yaml.js" output while parsing config:' 208 | cat >&2 "$jsonConfigFile" 209 | exit 1 210 | fi 211 | jq 'del(.systemLog, .processManagement, .net, .security, .replication)' "$jsonConfigFile" > "$tempConfigFile" 212 | return 0 213 | fi 214 | 215 | return 1 216 | } 217 | dbPath= 218 | _dbPath() { 219 | if [ -n "$dbPath" ]; then 220 | echo "$dbPath" 221 | return 222 | fi 223 | 224 | if ! dbPath="$(_mongod_hack_get_arg_val --dbpath "$@")"; then 225 | if _parse_config "$@"; then 226 | dbPath="$(jq -r '.storage.dbPath // empty' "$jsonConfigFile")" 227 | fi 228 | fi 229 | 230 | if [ -z "$dbPath" ]; then 231 | if _mongod_hack_have_arg --configsvr "$@" || { 232 | _parse_config "$@" \ 233 | && clusterRole="$(jq -r '.sharding.clusterRole // empty' "$jsonConfigFile")" \ 234 | && [ "$clusterRole" = 'configsvr' ] 235 | }; then 236 | # if running as config server, then the default dbpath is /data/configdb 237 | # https://docs.mongodb.com/manual/reference/program/mongod/#cmdoption-mongod-configsvr 238 | dbPath=/data/configdb 239 | fi 240 | fi 241 | 242 | : "${dbPath:=/data/db}" 243 | 244 | echo "$dbPath" 245 | } 246 | 247 | if [ "$originalArgOne" = 'mongod' ]; then 248 | file_env 'MONGO_INITDB_ROOT_USERNAME' 249 | file_env 'MONGO_INITDB_ROOT_PASSWORD' 250 | 251 | mongoShell='mongo' 252 | if ! command -v "$mongoShell" > /dev/null; then 253 | mongoShell='mongosh' 254 | fi 255 | 256 | # pre-check a few factors to see if it's even worth bothering with initdb 257 | shouldPerformInitdb= 258 | if [ "$MONGO_INITDB_ROOT_USERNAME" ] && [ "$MONGO_INITDB_ROOT_PASSWORD" ]; then 259 | # if we have a username/password, let's set "--auth" 260 | _mongod_hack_ensure_arg '--auth' "$@" 261 | set -- "${mongodHackedArgs[@]}" 262 | shouldPerformInitdb='true' 263 | elif [ "$MONGO_INITDB_ROOT_USERNAME" ] || [ "$MONGO_INITDB_ROOT_PASSWORD" ]; then 264 | cat >&2 <<-'EOF' 265 | 266 | error: missing 'MONGO_INITDB_ROOT_USERNAME' or 'MONGO_INITDB_ROOT_PASSWORD' 267 | both must be specified for a user to be created 268 | 269 | EOF 270 | exit 1 271 | fi 272 | 273 | if [ -z "$shouldPerformInitdb" ]; then 274 | # if we've got any /docker-entrypoint-initdb.d/* files to parse later, we should initdb 275 | for f in /docker-entrypoint-initdb.d/*; do 276 | case "$f" in 277 | *.sh|*.js) # this should match the set of files we check for below 278 | shouldPerformInitdb="$f" 279 | break 280 | ;; 281 | esac 282 | done 283 | fi 284 | 285 | # check for a few known paths (to determine whether we've already initialized and should thus skip our initdb scripts) 286 | if [ -n "$shouldPerformInitdb" ]; then 287 | dbPath="$(_dbPath "$@")" 288 | for path in \ 289 | "$dbPath/WiredTiger" \ 290 | "$dbPath/journal" \ 291 | "$dbPath/local.0" \ 292 | "$dbPath/storage.bson" \ 293 | ; do 294 | if [ -e "$path" ]; then 295 | shouldPerformInitdb= 296 | break 297 | fi 298 | done 299 | fi 300 | 301 | if [ -n "$shouldPerformInitdb" ]; then 302 | mongodHackedArgs=( "$@" ) 303 | if _parse_config "$@"; then 304 | _mongod_hack_ensure_arg_val --config "$tempConfigFile" "${mongodHackedArgs[@]}" 305 | fi 306 | _mongod_hack_ensure_arg_val --bind_ip 127.0.0.1 "${mongodHackedArgs[@]}" 307 | _mongod_hack_ensure_arg_val --port 27017 "${mongodHackedArgs[@]}" 308 | _mongod_hack_ensure_no_arg --bind_ip_all "${mongodHackedArgs[@]}" 309 | 310 | # remove "--auth" and "--replSet" for our initial startup (see https://docs.mongodb.com/manual/tutorial/enable-authentication/#start-mongodb-without-access-control) 311 | # https://github.com/docker-library/mongo/issues/211 312 | _mongod_hack_ensure_no_arg --auth "${mongodHackedArgs[@]}" 313 | # "keyFile implies security.authorization" 314 | # https://docs.mongodb.com/manual/reference/configuration-options/#mongodb-setting-security.keyFile 315 | _mongod_hack_ensure_no_arg_val --keyFile "${mongodHackedArgs[@]}" 316 | if [ "$MONGO_INITDB_ROOT_USERNAME" ] && [ "$MONGO_INITDB_ROOT_PASSWORD" ]; then 317 | _mongod_hack_ensure_no_arg_val --replSet "${mongodHackedArgs[@]}" 318 | fi 319 | 320 | # "BadValue: need sslPEMKeyFile when SSL is enabled" vs "BadValue: need to enable SSL via the sslMode flag when using SSL configuration parameters" 321 | tlsMode='disabled' 322 | if _mongod_hack_have_arg '--tlsCertificateKeyFile' "$@"; then 323 | tlsMode='allowTLS' 324 | fi 325 | _mongod_hack_ensure_arg_val --tlsMode "$tlsMode" "${mongodHackedArgs[@]}" 326 | 327 | if stat "/proc/$$/fd/1" > /dev/null && [ -w "/proc/$$/fd/1" ]; then 328 | # https://github.com/mongodb/mongo/blob/38c0eb538d0fd390c6cb9ce9ae9894153f6e8ef5/src/mongo/db/initialize_server_global_state.cpp#L237-L251 329 | # https://github.com/docker-library/mongo/issues/164#issuecomment-293965668 330 | _mongod_hack_ensure_arg_val --logpath "/proc/$$/fd/1" "${mongodHackedArgs[@]}" 331 | else 332 | initdbLogPath="$(_dbPath "$@")/docker-initdb.log" 333 | echo >&2 "warning: initdb logs cannot write to '/proc/$$/fd/1', so they are in '$initdbLogPath' instead" 334 | _mongod_hack_ensure_arg_val --logpath "$initdbLogPath" "${mongodHackedArgs[@]}" 335 | fi 336 | _mongod_hack_ensure_arg --logappend "${mongodHackedArgs[@]}" 337 | 338 | pidfile="$TMPDIR/docker-entrypoint-temp-mongod.pid" 339 | rm -f "$pidfile" 340 | _mongod_hack_ensure_arg_val --pidfilepath "$pidfile" "${mongodHackedArgs[@]}" 341 | 342 | "${mongodHackedArgs[@]}" --fork 343 | 344 | mongo=( "$mongoShell" --host 127.0.0.1 --port 27017 --quiet ) 345 | 346 | # check to see that our "mongod" actually did start up (catches "--help", "--version", slow prealloc, etc) 347 | # https://jira.mongodb.org/browse/SERVER-16292 348 | tries=30 349 | while true; do 350 | if ! { [ -s "$pidfile" ] && ps "$(< "$pidfile")" &> /dev/null; }; then 351 | # bail ASAP if "mongod" isn't even running 352 | echo >&2 353 | echo >&2 "error: $originalArgOne does not appear to have stayed running -- perhaps it had an error?" 354 | echo >&2 355 | exit 1 356 | fi 357 | if "${mongo[@]}" 'admin' --eval 'quit(0)' &> /dev/null; then 358 | # success! 359 | break 360 | fi 361 | (( tries-- )) 362 | if [ "$tries" -le 0 ]; then 363 | echo >&2 364 | echo >&2 "error: $originalArgOne does not appear to have accepted connections quickly enough -- perhaps it had an error?" 365 | echo >&2 366 | exit 1 367 | fi 368 | sleep 1 369 | done 370 | 371 | if [ "$MONGO_INITDB_ROOT_USERNAME" ] && [ "$MONGO_INITDB_ROOT_PASSWORD" ]; then 372 | rootAuthDatabase='admin' 373 | 374 | "${mongo[@]}" "$rootAuthDatabase" <<-EOJS 375 | db.createUser({ 376 | user: $(_js_escape "$MONGO_INITDB_ROOT_USERNAME"), 377 | pwd: $(_js_escape "$MONGO_INITDB_ROOT_PASSWORD"), 378 | roles: [ { role: 'root', db: $(_js_escape "$rootAuthDatabase") } ] 379 | }) 380 | EOJS 381 | fi 382 | 383 | export MONGO_INITDB_DATABASE="${MONGO_INITDB_DATABASE:-test}" 384 | 385 | echo 386 | for f in /docker-entrypoint-initdb.d/*; do 387 | case "$f" in 388 | *.sh) echo "$0: running $f"; . "$f" ;; 389 | *.js) echo "$0: running $f"; "${mongo[@]}" "$MONGO_INITDB_DATABASE" "$f"; echo ;; 390 | *) echo "$0: ignoring $f" ;; 391 | esac 392 | echo 393 | done 394 | 395 | "${mongodHackedArgs[@]}" --shutdown 396 | rm -f "$pidfile" 397 | 398 | echo 399 | echo 'MongoDB init process complete; ready for start up.' 400 | echo 401 | fi 402 | 403 | # MongoDB defaults to localhost-only binding 404 | haveBindIp= 405 | if _mongod_hack_have_arg --bind_ip "$@" || _mongod_hack_have_arg --bind_ip_all "$@"; then 406 | haveBindIp=1 407 | elif _parse_config "$@" && jq --exit-status '.net.bindIp // .net.bindIpAll' "$jsonConfigFile" > /dev/null; then 408 | haveBindIp=1 409 | fi 410 | if [ -z "$haveBindIp" ]; then 411 | # so if no "--bind_ip" is specified, let's add "--bind_ip_all" 412 | set -- "$@" --bind_ip_all 413 | fi 414 | 415 | unset "${!MONGO_INITDB_@}" 416 | fi 417 | 418 | rm -f "$jsonConfigFile" "$tempConfigFile" 419 | 420 | exec "$@" 421 | -------------------------------------------------------------------------------- /7.0/windows/nanoserver-ltsc2022/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" 3 | # 4 | # PLEASE DO NOT EDIT IT DIRECTLY. 5 | # 6 | 7 | FROM mcr.microsoft.com/windows/nanoserver:ltsc2022 8 | 9 | SHELL ["cmd", "/S", "/C"] 10 | 11 | # PATH isn't actually set in the Docker image, so we have to set it from within the container 12 | USER ContainerAdministrator 13 | RUN setx /m PATH "C:\mongodb\bin;%PATH%" 14 | USER ContainerUser 15 | # doing this first to share cache across versions more aggressively 16 | 17 | COPY --from=mongo:7.0.21-windowsservercore-ltsc2022 \ 18 | C:\\Windows\\System32\\msvcp140.dll \ 19 | C:\\Windows\\System32\\msvcp140_1.dll \ 20 | C:\\Windows\\System32\\vcruntime140.dll \ 21 | C:\\Windows\\System32\\vcruntime140_1.dll \ 22 | C:\\Windows\\System32\\ 23 | 24 | # https://docs.mongodb.org/master/release-notes/7.0/ 25 | ENV MONGO_VERSION 7.0.21 26 | # 05/28/2025, https://github.com/mongodb/mongo/tree/a47b62aff2bae1914085c3ef1d90fc099acf000c 27 | 28 | COPY --from=mongo:7.0.21-windowsservercore-ltsc2022 C:\\mongodb C:\\mongodb 29 | RUN mongod --version 30 | 31 | VOLUME C:\\data\\db C:\\data\\configdb 32 | 33 | EXPOSE 27017 34 | CMD ["mongod", "--bind_ip_all"] 35 | -------------------------------------------------------------------------------- /7.0/windows/windowsservercore-ltsc2022/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" 3 | # 4 | # PLEASE DO NOT EDIT IT DIRECTLY. 5 | # 6 | 7 | FROM mcr.microsoft.com/windows/servercore:ltsc2022 8 | 9 | SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop';"] 10 | 11 | # https://docs.mongodb.org/master/release-notes/7.0/ 12 | ENV MONGO_VERSION 7.0.21 13 | # 05/28/2025, https://github.com/mongodb/mongo/tree/a47b62aff2bae1914085c3ef1d90fc099acf000c 14 | 15 | ENV MONGO_DOWNLOAD_URL https://fastdl.mongodb.org/windows/mongodb-windows-x86_64-7.0.21-signed.msi 16 | ENV MONGO_DOWNLOAD_SHA256=35baeddf28f20f63a50d6a65bdb19492afdea42005bfb8621a8ec433ec9c748b 17 | 18 | RUN Write-Host ('Downloading {0} ...' -f $env:MONGO_DOWNLOAD_URL); \ 19 | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; \ 20 | (New-Object System.Net.WebClient).DownloadFile($env:MONGO_DOWNLOAD_URL, 'mongo.msi'); \ 21 | \ 22 | if ($env:MONGO_DOWNLOAD_SHA256) { \ 23 | Write-Host ('Verifying sha256 ({0}) ...' -f $env:MONGO_DOWNLOAD_SHA256); \ 24 | if ((Get-FileHash mongo.msi -Algorithm sha256).Hash -ne $env:MONGO_DOWNLOAD_SHA256) { \ 25 | Write-Host 'FAILED!'; \ 26 | exit 1; \ 27 | }; \ 28 | }; \ 29 | \ 30 | Write-Host 'Installing ...'; \ 31 | # https://docs.mongodb.com/manual/tutorial/install-mongodb-on-windows/#install-mongodb-community-edition 32 | Start-Process msiexec -Wait \ 33 | -ArgumentList @( \ 34 | '/i', \ 35 | 'mongo.msi', \ 36 | '/quiet', \ 37 | '/qn', \ 38 | '/l*v', 'install.log', \ 39 | # https://docs.mongodb.com/manual/tutorial/install-mongodb-on-windows-unattended/#run-the-windows-installer-from-the-windows-command-interpreter 40 | 'INSTALLLOCATION=C:\mongodb', \ 41 | 'ADDLOCAL=MiscellaneousTools,Router,ServerNoService' \ 42 | ); \ 43 | if (-Not (Test-Path C:\mongodb\bin\mongod.exe -PathType Leaf)) { \ 44 | Write-Host 'Installer failed!'; \ 45 | Get-Content install.log; \ 46 | exit 1; \ 47 | }; \ 48 | Remove-Item install.log; \ 49 | \ 50 | $env:PATH = 'C:\mongodb\bin;' + $env:PATH; \ 51 | [Environment]::SetEnvironmentVariable('PATH', $env:PATH, [EnvironmentVariableTarget]::Machine); \ 52 | \ 53 | Write-Host 'Verifying install ...'; \ 54 | Write-Host ' mongod --version'; mongod --version; \ 55 | \ 56 | Write-Host 'Removing ...'; \ 57 | Remove-Item C:\windows\installer\*.msi -Force; \ 58 | Remove-Item mongo.msi -Force; \ 59 | \ 60 | Write-Host 'Complete.'; 61 | 62 | # TODO docker-entrypoint.ps1 ? (for "docker run --flag --flag --flag") 63 | 64 | VOLUME C:\\data\\db C:\\data\\configdb 65 | 66 | EXPOSE 27017 67 | CMD ["mongod", "--bind_ip_all"] 68 | -------------------------------------------------------------------------------- /7.0/windows/windowsservercore-ltsc2025/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" 3 | # 4 | # PLEASE DO NOT EDIT IT DIRECTLY. 5 | # 6 | 7 | FROM mcr.microsoft.com/windows/servercore:ltsc2025 8 | 9 | SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop';"] 10 | 11 | # https://docs.mongodb.org/master/release-notes/7.0/ 12 | ENV MONGO_VERSION 7.0.21 13 | # 05/28/2025, https://github.com/mongodb/mongo/tree/a47b62aff2bae1914085c3ef1d90fc099acf000c 14 | 15 | ENV MONGO_DOWNLOAD_URL https://fastdl.mongodb.org/windows/mongodb-windows-x86_64-7.0.21-signed.msi 16 | ENV MONGO_DOWNLOAD_SHA256=35baeddf28f20f63a50d6a65bdb19492afdea42005bfb8621a8ec433ec9c748b 17 | 18 | RUN Write-Host ('Downloading {0} ...' -f $env:MONGO_DOWNLOAD_URL); \ 19 | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; \ 20 | (New-Object System.Net.WebClient).DownloadFile($env:MONGO_DOWNLOAD_URL, 'mongo.msi'); \ 21 | \ 22 | if ($env:MONGO_DOWNLOAD_SHA256) { \ 23 | Write-Host ('Verifying sha256 ({0}) ...' -f $env:MONGO_DOWNLOAD_SHA256); \ 24 | if ((Get-FileHash mongo.msi -Algorithm sha256).Hash -ne $env:MONGO_DOWNLOAD_SHA256) { \ 25 | Write-Host 'FAILED!'; \ 26 | exit 1; \ 27 | }; \ 28 | }; \ 29 | \ 30 | Write-Host 'Installing ...'; \ 31 | # https://docs.mongodb.com/manual/tutorial/install-mongodb-on-windows/#install-mongodb-community-edition 32 | Start-Process msiexec -Wait \ 33 | -ArgumentList @( \ 34 | '/i', \ 35 | 'mongo.msi', \ 36 | '/quiet', \ 37 | '/qn', \ 38 | '/l*v', 'install.log', \ 39 | # https://docs.mongodb.com/manual/tutorial/install-mongodb-on-windows-unattended/#run-the-windows-installer-from-the-windows-command-interpreter 40 | 'INSTALLLOCATION=C:\mongodb', \ 41 | 'ADDLOCAL=MiscellaneousTools,Router,ServerNoService' \ 42 | ); \ 43 | if (-Not (Test-Path C:\mongodb\bin\mongod.exe -PathType Leaf)) { \ 44 | Write-Host 'Installer failed!'; \ 45 | Get-Content install.log; \ 46 | exit 1; \ 47 | }; \ 48 | Remove-Item install.log; \ 49 | \ 50 | $env:PATH = 'C:\mongodb\bin;' + $env:PATH; \ 51 | [Environment]::SetEnvironmentVariable('PATH', $env:PATH, [EnvironmentVariableTarget]::Machine); \ 52 | \ 53 | Write-Host 'Verifying install ...'; \ 54 | Write-Host ' mongod --version'; mongod --version; \ 55 | \ 56 | Write-Host 'Removing ...'; \ 57 | Remove-Item C:\windows\installer\*.msi -Force; \ 58 | Remove-Item mongo.msi -Force; \ 59 | \ 60 | Write-Host 'Complete.'; 61 | 62 | # TODO docker-entrypoint.ps1 ? (for "docker run --flag --flag --flag") 63 | 64 | VOLUME C:\\data\\db C:\\data\\configdb 65 | 66 | EXPOSE 27017 67 | CMD ["mongod", "--bind_ip_all"] 68 | -------------------------------------------------------------------------------- /8.0/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" 3 | # 4 | # PLEASE DO NOT EDIT IT DIRECTLY. 5 | # 6 | 7 | FROM ubuntu:noble 8 | 9 | # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added 10 | RUN set -eux; \ 11 | groupadd --gid 999 --system mongodb; \ 12 | useradd --uid 999 --system --gid mongodb --home-dir /data/db mongodb; \ 13 | mkdir -p /data/db /data/configdb; \ 14 | chown -R mongodb:mongodb /data/db /data/configdb 15 | 16 | RUN set -eux; \ 17 | apt-get update; \ 18 | apt-get install -y --no-install-recommends \ 19 | ca-certificates \ 20 | jq \ 21 | numactl \ 22 | procps \ 23 | ; \ 24 | rm -rf /var/lib/apt/lists/* 25 | 26 | # grab gosu for easy step-down from root (https://github.com/tianon/gosu/releases) 27 | ENV GOSU_VERSION 1.17 28 | # grab "js-yaml" for parsing mongod's YAML config files (https://github.com/nodeca/js-yaml/releases) 29 | ENV JSYAML_VERSION 3.13.1 30 | ENV JSYAML_CHECKSUM 662e32319bdd378e91f67578e56a34954b0a2e33aca11d70ab9f4826af24b941 31 | 32 | RUN set -eux; \ 33 | \ 34 | savedAptMark="$(apt-mark showmanual)"; \ 35 | apt-get update; \ 36 | apt-get install -y --no-install-recommends \ 37 | gnupg \ 38 | wget \ 39 | ; \ 40 | rm -rf /var/lib/apt/lists/*; \ 41 | \ 42 | # download/install gosu 43 | dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ 44 | wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ 45 | wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ 46 | export GNUPGHOME="$(mktemp -d)"; \ 47 | gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ 48 | gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ 49 | gpgconf --kill all; \ 50 | rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ 51 | \ 52 | # download/install js-yaml 53 | mkdir -p /opt/js-yaml/; \ 54 | wget -O /opt/js-yaml/js-yaml.tgz https://registry.npmjs.org/js-yaml/-/js-yaml-${JSYAML_VERSION}.tgz; \ 55 | echo "$JSYAML_CHECKSUM */opt/js-yaml/js-yaml.tgz" | sha256sum -c -; \ 56 | tar -xz --strip-components=1 -f /opt/js-yaml/js-yaml.tgz -C /opt/js-yaml package/dist/js-yaml.js package/package.json; \ 57 | rm /opt/js-yaml/js-yaml.tgz; \ 58 | ln -s /opt/js-yaml/dist/js-yaml.js /js-yaml.js; \ 59 | \ 60 | # download/install MongoDB PGP keys 61 | export GNUPGHOME="$(mktemp -d)"; \ 62 | wget -O KEYS 'https://pgp.mongodb.com/server-8.0.asc'; \ 63 | gpg --batch --import KEYS; \ 64 | mkdir -p /etc/apt/keyrings; \ 65 | gpg --batch --export --armor '4B0752C1BCA238C0B4EE14DC41DE058A4E7DCA05' > /etc/apt/keyrings/mongodb.asc; \ 66 | gpgconf --kill all; \ 67 | rm -rf "$GNUPGHOME" KEYS; \ 68 | \ 69 | apt-mark auto '.*' > /dev/null; \ 70 | apt-mark manual $savedAptMark > /dev/null; \ 71 | apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ 72 | \ 73 | # smoke test 74 | chmod +x /usr/local/bin/gosu; \ 75 | gosu --version; \ 76 | gosu nobody true 77 | 78 | RUN mkdir /docker-entrypoint-initdb.d 79 | 80 | # Allow build-time overrides (eg. to build image with MongoDB Enterprise version) 81 | # Options for MONGO_PACKAGE: mongodb-org OR mongodb-enterprise 82 | # Options for MONGO_REPO: repo.mongodb.org OR repo.mongodb.com 83 | # Example: docker build --build-arg MONGO_PACKAGE=mongodb-enterprise --build-arg MONGO_REPO=repo.mongodb.com . 84 | ARG MONGO_PACKAGE=mongodb-org 85 | ARG MONGO_REPO=repo.mongodb.org 86 | ENV MONGO_PACKAGE=${MONGO_PACKAGE} MONGO_REPO=${MONGO_REPO} 87 | 88 | ENV MONGO_MAJOR 8.0 89 | RUN echo "deb [ signed-by=/etc/apt/keyrings/mongodb.asc ] http://$MONGO_REPO/apt/ubuntu noble/${MONGO_PACKAGE%-unstable}/$MONGO_MAJOR multiverse" | tee "/etc/apt/sources.list.d/${MONGO_PACKAGE%-unstable}.list" 90 | 91 | # https://docs.mongodb.org/master/release-notes/8.0/ 92 | ENV MONGO_VERSION 8.0.10 93 | # 05/28/2025, https://github.com/mongodb/mongo/tree/9d03076bb2d5147d5b6fe381c7118b0b0478b682 94 | 95 | RUN set -x \ 96 | # installing "mongodb-enterprise" pulls in "tzdata" which prompts for input 97 | && export DEBIAN_FRONTEND=noninteractive \ 98 | && apt-get update \ 99 | && apt-get install -y \ 100 | ${MONGO_PACKAGE}=$MONGO_VERSION \ 101 | ${MONGO_PACKAGE}-server=$MONGO_VERSION \ 102 | ${MONGO_PACKAGE}-shell=$MONGO_VERSION \ 103 | ${MONGO_PACKAGE}-mongos=$MONGO_VERSION \ 104 | ${MONGO_PACKAGE}-tools=$MONGO_VERSION \ 105 | ${MONGO_PACKAGE}-database=$MONGO_VERSION \ 106 | ${MONGO_PACKAGE}-database-tools-extra=$MONGO_VERSION \ 107 | && rm -rf /var/lib/apt/lists/* \ 108 | && rm -rf /var/lib/mongodb \ 109 | && mv /etc/mongod.conf /etc/mongod.conf.orig 110 | 111 | VOLUME /data/db /data/configdb 112 | 113 | # ensure that if running as custom user that "mongosh" has a valid "HOME" 114 | # https://github.com/docker-library/mongo/issues/524 115 | ENV HOME /data/db 116 | 117 | # ensure that glibc isn't using rseq so that google-tcmalloc can 118 | # https://www.mongodb.com/docs/manual/administration/tcmalloc-performance/#disable-glibc-rseq 119 | ENV GLIBC_TUNABLES glibc.pthread.rseq=0 120 | 121 | COPY docker-entrypoint.sh /usr/local/bin/ 122 | ENTRYPOINT ["docker-entrypoint.sh"] 123 | 124 | EXPOSE 27017 125 | CMD ["mongod"] 126 | -------------------------------------------------------------------------------- /8.0/docker-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | if [ "${1:0:1}" = '-' ]; then 5 | set -- mongod "$@" 6 | fi 7 | 8 | originalArgOne="$1" 9 | 10 | # allow the container to be started with `--user` 11 | # all mongo* commands should be dropped to the correct user 12 | if [[ "$originalArgOne" == mongo* ]] && [ "$(id -u)" = '0' ]; then 13 | if [ "$originalArgOne" = 'mongod' ]; then 14 | find /data/configdb /data/db \! -user mongodb -exec chown mongodb '{}' + 15 | fi 16 | 17 | # make sure we can write to stdout and stderr as "mongodb" 18 | # (for our "initdb" code later; see "--logpath" below) 19 | chown --dereference mongodb "/proc/$$/fd/1" "/proc/$$/fd/2" || : 20 | # ignore errors thanks to https://github.com/docker-library/mongo/issues/149 21 | 22 | exec gosu mongodb "$BASH_SOURCE" "$@" 23 | fi 24 | 25 | dpkgArch="$(dpkg --print-architecture)" 26 | case "$dpkgArch" in 27 | amd64) # https://github.com/docker-library/mongo/issues/485#issuecomment-891991814 28 | if ! grep -qE '^flags.* avx( .*|$)' /proc/cpuinfo; then 29 | { 30 | echo 31 | echo 'WARNING: MongoDB 5.0+ requires a CPU with AVX support, and your current system does not appear to have that!' 32 | echo ' see https://jira.mongodb.org/browse/SERVER-54407' 33 | echo ' see also https://www.mongodb.com/community/forums/t/mongodb-5-0-cpu-intel-g4650-compatibility/116610/2' 34 | echo ' see also https://github.com/docker-library/mongo/issues/485#issuecomment-891991814' 35 | echo 36 | } >&2 37 | fi 38 | ;; 39 | 40 | arm64) # https://github.com/docker-library/mongo/issues/485#issuecomment-970864306 41 | # https://en.wikichip.org/wiki/arm/armv8#ARMv8_Extensions_and_Processor_Features 42 | # http://javathunderx.blogspot.com/2018/11/cheat-sheet-for-cpuinfo-features-on.html 43 | if ! grep -qE '^Features.* (fphp|dcpop|sha3|sm3|sm4|asimddp|sha512|sve)( .*|$)' /proc/cpuinfo; then 44 | { 45 | echo 46 | echo 'WARNING: MongoDB requires ARMv8.2-A or higher, and your current system does not appear to implement any of the common features for that!' 47 | echo ' applies to all versions ≥5.0, any of 4.4 ≥4.4.19' 48 | echo ' see https://jira.mongodb.org/browse/SERVER-71772' 49 | echo ' see https://jira.mongodb.org/browse/SERVER-55178' 50 | echo ' see also https://en.wikichip.org/wiki/arm/armv8#ARMv8_Extensions_and_Processor_Features' 51 | echo ' see also https://github.com/docker-library/mongo/issues/485#issuecomment-970864306' 52 | echo 53 | } >&2 54 | fi 55 | ;; 56 | esac 57 | 58 | # you should use numactl to start your mongod instances, including the config servers, mongos instances, and any clients. 59 | # https://docs.mongodb.com/manual/administration/production-notes/#configuring-numa-on-linux 60 | if [[ "$originalArgOne" == mongo* ]]; then 61 | numa='numactl --interleave=all' 62 | if $numa true &> /dev/null; then 63 | set -- $numa "$@" 64 | fi 65 | fi 66 | 67 | # usage: file_env VAR [DEFAULT] 68 | # ie: file_env 'XYZ_DB_PASSWORD' 'example' 69 | # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of 70 | # "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) 71 | file_env() { 72 | local var="$1" 73 | local fileVar="${var}_FILE" 74 | local def="${2:-}" 75 | if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then 76 | echo >&2 "error: both $var and $fileVar are set (but are exclusive)" 77 | exit 1 78 | fi 79 | local val="$def" 80 | if [ "${!var:-}" ]; then 81 | val="${!var}" 82 | elif [ "${!fileVar:-}" ]; then 83 | val="$(< "${!fileVar}")" 84 | fi 85 | export "$var"="$val" 86 | unset "$fileVar" 87 | } 88 | 89 | # see https://github.com/docker-library/mongo/issues/147 (mongod is picky about duplicated arguments) 90 | _mongod_hack_have_arg() { 91 | local checkArg="$1"; shift 92 | local arg 93 | for arg; do 94 | case "$arg" in 95 | "$checkArg"|"$checkArg"=*) 96 | return 0 97 | ;; 98 | esac 99 | done 100 | return 1 101 | } 102 | # _mongod_hack_get_arg_val '--some-arg' "$@" 103 | _mongod_hack_get_arg_val() { 104 | local checkArg="$1"; shift 105 | while [ "$#" -gt 0 ]; do 106 | local arg="$1"; shift 107 | case "$arg" in 108 | "$checkArg") 109 | echo "$1" 110 | return 0 111 | ;; 112 | "$checkArg"=*) 113 | echo "${arg#$checkArg=}" 114 | return 0 115 | ;; 116 | esac 117 | done 118 | return 1 119 | } 120 | declare -a mongodHackedArgs 121 | # _mongod_hack_ensure_arg '--some-arg' "$@" 122 | # set -- "${mongodHackedArgs[@]}" 123 | _mongod_hack_ensure_arg() { 124 | local ensureArg="$1"; shift 125 | mongodHackedArgs=( "$@" ) 126 | if ! _mongod_hack_have_arg "$ensureArg" "$@"; then 127 | mongodHackedArgs+=( "$ensureArg" ) 128 | fi 129 | } 130 | # _mongod_hack_ensure_no_arg '--some-unwanted-arg' "$@" 131 | # set -- "${mongodHackedArgs[@]}" 132 | _mongod_hack_ensure_no_arg() { 133 | local ensureNoArg="$1"; shift 134 | mongodHackedArgs=() 135 | while [ "$#" -gt 0 ]; do 136 | local arg="$1"; shift 137 | if [ "$arg" = "$ensureNoArg" ]; then 138 | continue 139 | fi 140 | mongodHackedArgs+=( "$arg" ) 141 | done 142 | } 143 | # _mongod_hack_ensure_no_arg '--some-unwanted-arg' "$@" 144 | # set -- "${mongodHackedArgs[@]}" 145 | _mongod_hack_ensure_no_arg_val() { 146 | local ensureNoArg="$1"; shift 147 | mongodHackedArgs=() 148 | while [ "$#" -gt 0 ]; do 149 | local arg="$1"; shift 150 | case "$arg" in 151 | "$ensureNoArg") 152 | shift # also skip the value 153 | continue 154 | ;; 155 | "$ensureNoArg"=*) 156 | # value is already included 157 | continue 158 | ;; 159 | esac 160 | mongodHackedArgs+=( "$arg" ) 161 | done 162 | } 163 | # _mongod_hack_ensure_arg_val '--some-arg' 'some-val' "$@" 164 | # set -- "${mongodHackedArgs[@]}" 165 | _mongod_hack_ensure_arg_val() { 166 | local ensureArg="$1"; shift 167 | local ensureVal="$1"; shift 168 | _mongod_hack_ensure_no_arg_val "$ensureArg" "$@" 169 | mongodHackedArgs+=( "$ensureArg" "$ensureVal" ) 170 | } 171 | 172 | # _js_escape 'some "string" value' 173 | _js_escape() { 174 | jq --null-input --arg 'str' "$1" '$str' 175 | } 176 | 177 | : "${TMPDIR:=/tmp}" 178 | jsonConfigFile="$TMPDIR/docker-entrypoint-config.json" 179 | tempConfigFile="$TMPDIR/docker-entrypoint-temp-config.json" 180 | _parse_config() { 181 | if [ -s "$tempConfigFile" ]; then 182 | return 0 183 | fi 184 | 185 | local configPath 186 | if configPath="$(_mongod_hack_get_arg_val --config "$@")" && [ -s "$configPath" ]; then 187 | # if --config is specified, parse it into a JSON file so we can remove a few problematic keys (especially SSL-related keys) 188 | # see https://docs.mongodb.com/manual/reference/configuration-options/ 189 | if grep -vEm1 '^[[:space:]]*(#|$)' "$configPath" | grep -qE '^[[:space:]]*[^=:]+[[:space:]]*='; then 190 | # if the first non-comment/non-blank line of the config file looks like "foo = ...", this is probably the 2.4 and older "ini-style config format" 191 | # mongod tries to parse config as yaml and then falls back to ini-style parsing 192 | # https://github.com/mongodb/mongo/blob/r6.0.3/src/mongo/util/options_parser/options_parser.cpp#L1883-L1894 193 | echo >&2 194 | echo >&2 "WARNING: it appears that '$configPath' is in the older INI-style format (replaced by YAML in MongoDB 2.6)" 195 | echo >&2 ' This script does not parse the older INI-style format, and thus will ignore it.' 196 | echo >&2 197 | return 1 198 | fi 199 | if [ "$mongoShell" = 'mongo' ]; then 200 | "$mongoShell" --norc --nodb --quiet --eval "load('/js-yaml.js'); printjson(jsyaml.load(cat($(_js_escape "$configPath"))))" > "$jsonConfigFile" 201 | else 202 | # https://www.mongodb.com/docs/manual/reference/method/js-native/#std-label-native-in-mongosh 203 | "$mongoShell" --norc --nodb --quiet --eval "load('/js-yaml.js'); JSON.stringify(jsyaml.load(fs.readFileSync($(_js_escape "$configPath"), 'utf8')))" > "$jsonConfigFile" 204 | fi 205 | if [ "$(head -c1 "$jsonConfigFile")" != '{' ] || [ "$(tail -c2 "$jsonConfigFile")" != '}' ]; then 206 | # if the file doesn't start with "{" and end with "}", it's *probably* an error ("uncaught exception: YAMLException: foo" for example), so we should print it out 207 | echo >&2 'error: unexpected "js-yaml.js" output while parsing config:' 208 | cat >&2 "$jsonConfigFile" 209 | exit 1 210 | fi 211 | jq 'del(.systemLog, .processManagement, .net, .security, .replication)' "$jsonConfigFile" > "$tempConfigFile" 212 | return 0 213 | fi 214 | 215 | return 1 216 | } 217 | dbPath= 218 | _dbPath() { 219 | if [ -n "$dbPath" ]; then 220 | echo "$dbPath" 221 | return 222 | fi 223 | 224 | if ! dbPath="$(_mongod_hack_get_arg_val --dbpath "$@")"; then 225 | if _parse_config "$@"; then 226 | dbPath="$(jq -r '.storage.dbPath // empty' "$jsonConfigFile")" 227 | fi 228 | fi 229 | 230 | if [ -z "$dbPath" ]; then 231 | if _mongod_hack_have_arg --configsvr "$@" || { 232 | _parse_config "$@" \ 233 | && clusterRole="$(jq -r '.sharding.clusterRole // empty' "$jsonConfigFile")" \ 234 | && [ "$clusterRole" = 'configsvr' ] 235 | }; then 236 | # if running as config server, then the default dbpath is /data/configdb 237 | # https://docs.mongodb.com/manual/reference/program/mongod/#cmdoption-mongod-configsvr 238 | dbPath=/data/configdb 239 | fi 240 | fi 241 | 242 | : "${dbPath:=/data/db}" 243 | 244 | echo "$dbPath" 245 | } 246 | 247 | if [ "$originalArgOne" = 'mongod' ]; then 248 | file_env 'MONGO_INITDB_ROOT_USERNAME' 249 | file_env 'MONGO_INITDB_ROOT_PASSWORD' 250 | 251 | mongoShell='mongo' 252 | if ! command -v "$mongoShell" > /dev/null; then 253 | mongoShell='mongosh' 254 | fi 255 | 256 | # pre-check a few factors to see if it's even worth bothering with initdb 257 | shouldPerformInitdb= 258 | if [ "$MONGO_INITDB_ROOT_USERNAME" ] && [ "$MONGO_INITDB_ROOT_PASSWORD" ]; then 259 | # if we have a username/password, let's set "--auth" 260 | _mongod_hack_ensure_arg '--auth' "$@" 261 | set -- "${mongodHackedArgs[@]}" 262 | shouldPerformInitdb='true' 263 | elif [ "$MONGO_INITDB_ROOT_USERNAME" ] || [ "$MONGO_INITDB_ROOT_PASSWORD" ]; then 264 | cat >&2 <<-'EOF' 265 | 266 | error: missing 'MONGO_INITDB_ROOT_USERNAME' or 'MONGO_INITDB_ROOT_PASSWORD' 267 | both must be specified for a user to be created 268 | 269 | EOF 270 | exit 1 271 | fi 272 | 273 | if [ -z "$shouldPerformInitdb" ]; then 274 | # if we've got any /docker-entrypoint-initdb.d/* files to parse later, we should initdb 275 | for f in /docker-entrypoint-initdb.d/*; do 276 | case "$f" in 277 | *.sh|*.js) # this should match the set of files we check for below 278 | shouldPerformInitdb="$f" 279 | break 280 | ;; 281 | esac 282 | done 283 | fi 284 | 285 | # check for a few known paths (to determine whether we've already initialized and should thus skip our initdb scripts) 286 | if [ -n "$shouldPerformInitdb" ]; then 287 | dbPath="$(_dbPath "$@")" 288 | for path in \ 289 | "$dbPath/WiredTiger" \ 290 | "$dbPath/journal" \ 291 | "$dbPath/local.0" \ 292 | "$dbPath/storage.bson" \ 293 | ; do 294 | if [ -e "$path" ]; then 295 | shouldPerformInitdb= 296 | break 297 | fi 298 | done 299 | fi 300 | 301 | if [ -n "$shouldPerformInitdb" ]; then 302 | mongodHackedArgs=( "$@" ) 303 | if _parse_config "$@"; then 304 | _mongod_hack_ensure_arg_val --config "$tempConfigFile" "${mongodHackedArgs[@]}" 305 | fi 306 | _mongod_hack_ensure_arg_val --bind_ip 127.0.0.1 "${mongodHackedArgs[@]}" 307 | _mongod_hack_ensure_arg_val --port 27017 "${mongodHackedArgs[@]}" 308 | _mongod_hack_ensure_no_arg --bind_ip_all "${mongodHackedArgs[@]}" 309 | 310 | # remove "--auth" and "--replSet" for our initial startup (see https://docs.mongodb.com/manual/tutorial/enable-authentication/#start-mongodb-without-access-control) 311 | # https://github.com/docker-library/mongo/issues/211 312 | _mongod_hack_ensure_no_arg --auth "${mongodHackedArgs[@]}" 313 | # "keyFile implies security.authorization" 314 | # https://docs.mongodb.com/manual/reference/configuration-options/#mongodb-setting-security.keyFile 315 | _mongod_hack_ensure_no_arg_val --keyFile "${mongodHackedArgs[@]}" 316 | if [ "$MONGO_INITDB_ROOT_USERNAME" ] && [ "$MONGO_INITDB_ROOT_PASSWORD" ]; then 317 | _mongod_hack_ensure_no_arg_val --replSet "${mongodHackedArgs[@]}" 318 | fi 319 | 320 | # "BadValue: need sslPEMKeyFile when SSL is enabled" vs "BadValue: need to enable SSL via the sslMode flag when using SSL configuration parameters" 321 | tlsMode='disabled' 322 | if _mongod_hack_have_arg '--tlsCertificateKeyFile' "$@"; then 323 | tlsMode='allowTLS' 324 | fi 325 | _mongod_hack_ensure_arg_val --tlsMode "$tlsMode" "${mongodHackedArgs[@]}" 326 | 327 | if stat "/proc/$$/fd/1" > /dev/null && [ -w "/proc/$$/fd/1" ]; then 328 | # https://github.com/mongodb/mongo/blob/38c0eb538d0fd390c6cb9ce9ae9894153f6e8ef5/src/mongo/db/initialize_server_global_state.cpp#L237-L251 329 | # https://github.com/docker-library/mongo/issues/164#issuecomment-293965668 330 | _mongod_hack_ensure_arg_val --logpath "/proc/$$/fd/1" "${mongodHackedArgs[@]}" 331 | else 332 | initdbLogPath="$(_dbPath "$@")/docker-initdb.log" 333 | echo >&2 "warning: initdb logs cannot write to '/proc/$$/fd/1', so they are in '$initdbLogPath' instead" 334 | _mongod_hack_ensure_arg_val --logpath "$initdbLogPath" "${mongodHackedArgs[@]}" 335 | fi 336 | _mongod_hack_ensure_arg --logappend "${mongodHackedArgs[@]}" 337 | 338 | pidfile="$TMPDIR/docker-entrypoint-temp-mongod.pid" 339 | rm -f "$pidfile" 340 | _mongod_hack_ensure_arg_val --pidfilepath "$pidfile" "${mongodHackedArgs[@]}" 341 | 342 | "${mongodHackedArgs[@]}" --fork 343 | 344 | mongo=( "$mongoShell" --host 127.0.0.1 --port 27017 --quiet ) 345 | 346 | # check to see that our "mongod" actually did start up (catches "--help", "--version", slow prealloc, etc) 347 | # https://jira.mongodb.org/browse/SERVER-16292 348 | tries=30 349 | while true; do 350 | if ! { [ -s "$pidfile" ] && ps "$(< "$pidfile")" &> /dev/null; }; then 351 | # bail ASAP if "mongod" isn't even running 352 | echo >&2 353 | echo >&2 "error: $originalArgOne does not appear to have stayed running -- perhaps it had an error?" 354 | echo >&2 355 | exit 1 356 | fi 357 | if "${mongo[@]}" 'admin' --eval 'quit(0)' &> /dev/null; then 358 | # success! 359 | break 360 | fi 361 | (( tries-- )) 362 | if [ "$tries" -le 0 ]; then 363 | echo >&2 364 | echo >&2 "error: $originalArgOne does not appear to have accepted connections quickly enough -- perhaps it had an error?" 365 | echo >&2 366 | exit 1 367 | fi 368 | sleep 1 369 | done 370 | 371 | if [ "$MONGO_INITDB_ROOT_USERNAME" ] && [ "$MONGO_INITDB_ROOT_PASSWORD" ]; then 372 | rootAuthDatabase='admin' 373 | 374 | "${mongo[@]}" "$rootAuthDatabase" <<-EOJS 375 | db.createUser({ 376 | user: $(_js_escape "$MONGO_INITDB_ROOT_USERNAME"), 377 | pwd: $(_js_escape "$MONGO_INITDB_ROOT_PASSWORD"), 378 | roles: [ { role: 'root', db: $(_js_escape "$rootAuthDatabase") } ] 379 | }) 380 | EOJS 381 | fi 382 | 383 | export MONGO_INITDB_DATABASE="${MONGO_INITDB_DATABASE:-test}" 384 | 385 | echo 386 | for f in /docker-entrypoint-initdb.d/*; do 387 | case "$f" in 388 | *.sh) echo "$0: running $f"; . "$f" ;; 389 | *.js) echo "$0: running $f"; "${mongo[@]}" "$MONGO_INITDB_DATABASE" "$f"; echo ;; 390 | *) echo "$0: ignoring $f" ;; 391 | esac 392 | echo 393 | done 394 | 395 | "${mongodHackedArgs[@]}" --shutdown 396 | rm -f "$pidfile" 397 | 398 | echo 399 | echo 'MongoDB init process complete; ready for start up.' 400 | echo 401 | fi 402 | 403 | # MongoDB defaults to localhost-only binding 404 | haveBindIp= 405 | if _mongod_hack_have_arg --bind_ip "$@" || _mongod_hack_have_arg --bind_ip_all "$@"; then 406 | haveBindIp=1 407 | elif _parse_config "$@" && jq --exit-status '.net.bindIp // .net.bindIpAll' "$jsonConfigFile" > /dev/null; then 408 | haveBindIp=1 409 | fi 410 | if [ -z "$haveBindIp" ]; then 411 | # so if no "--bind_ip" is specified, let's add "--bind_ip_all" 412 | set -- "$@" --bind_ip_all 413 | fi 414 | 415 | unset "${!MONGO_INITDB_@}" 416 | fi 417 | 418 | rm -f "$jsonConfigFile" "$tempConfigFile" 419 | 420 | exec "$@" 421 | -------------------------------------------------------------------------------- /8.0/windows/nanoserver-ltsc2022/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" 3 | # 4 | # PLEASE DO NOT EDIT IT DIRECTLY. 5 | # 6 | 7 | FROM mcr.microsoft.com/windows/nanoserver:ltsc2022 8 | 9 | SHELL ["cmd", "/S", "/C"] 10 | 11 | # PATH isn't actually set in the Docker image, so we have to set it from within the container 12 | USER ContainerAdministrator 13 | RUN setx /m PATH "C:\mongodb\bin;%PATH%" 14 | USER ContainerUser 15 | # doing this first to share cache across versions more aggressively 16 | 17 | COPY --from=mongo:8.0.10-windowsservercore-ltsc2022 \ 18 | C:\\Windows\\System32\\msvcp140.dll \ 19 | C:\\Windows\\System32\\msvcp140_1.dll \ 20 | C:\\Windows\\System32\\vcruntime140.dll \ 21 | C:\\Windows\\System32\\vcruntime140_1.dll \ 22 | C:\\Windows\\System32\\ 23 | 24 | # https://docs.mongodb.org/master/release-notes/8.0/ 25 | ENV MONGO_VERSION 8.0.10 26 | # 05/28/2025, https://github.com/mongodb/mongo/tree/9d03076bb2d5147d5b6fe381c7118b0b0478b682 27 | 28 | COPY --from=mongo:8.0.10-windowsservercore-ltsc2022 C:\\mongodb C:\\mongodb 29 | RUN mongod --version 30 | 31 | VOLUME C:\\data\\db C:\\data\\configdb 32 | 33 | EXPOSE 27017 34 | CMD ["mongod", "--bind_ip_all"] 35 | -------------------------------------------------------------------------------- /8.0/windows/windowsservercore-ltsc2022/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" 3 | # 4 | # PLEASE DO NOT EDIT IT DIRECTLY. 5 | # 6 | 7 | FROM mcr.microsoft.com/windows/servercore:ltsc2022 8 | 9 | SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop';"] 10 | 11 | # https://docs.mongodb.org/master/release-notes/8.0/ 12 | ENV MONGO_VERSION 8.0.10 13 | # 05/28/2025, https://github.com/mongodb/mongo/tree/9d03076bb2d5147d5b6fe381c7118b0b0478b682 14 | 15 | ENV MONGO_DOWNLOAD_URL https://fastdl.mongodb.org/windows/mongodb-windows-x86_64-8.0.10-signed.msi 16 | ENV MONGO_DOWNLOAD_SHA256=ae5f02f81ba456ee9fcf819c362255ccae9a961f039435a09b6887f46732c940 17 | 18 | RUN Write-Host ('Downloading {0} ...' -f $env:MONGO_DOWNLOAD_URL); \ 19 | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; \ 20 | (New-Object System.Net.WebClient).DownloadFile($env:MONGO_DOWNLOAD_URL, 'mongo.msi'); \ 21 | \ 22 | if ($env:MONGO_DOWNLOAD_SHA256) { \ 23 | Write-Host ('Verifying sha256 ({0}) ...' -f $env:MONGO_DOWNLOAD_SHA256); \ 24 | if ((Get-FileHash mongo.msi -Algorithm sha256).Hash -ne $env:MONGO_DOWNLOAD_SHA256) { \ 25 | Write-Host 'FAILED!'; \ 26 | exit 1; \ 27 | }; \ 28 | }; \ 29 | \ 30 | Write-Host 'Installing ...'; \ 31 | # https://docs.mongodb.com/manual/tutorial/install-mongodb-on-windows/#install-mongodb-community-edition 32 | Start-Process msiexec -Wait \ 33 | -ArgumentList @( \ 34 | '/i', \ 35 | 'mongo.msi', \ 36 | '/quiet', \ 37 | '/qn', \ 38 | '/l*v', 'install.log', \ 39 | # https://docs.mongodb.com/manual/tutorial/install-mongodb-on-windows-unattended/#run-the-windows-installer-from-the-windows-command-interpreter 40 | 'INSTALLLOCATION=C:\mongodb', \ 41 | 'ADDLOCAL=MiscellaneousTools,Router,ServerNoService' \ 42 | ); \ 43 | if (-Not (Test-Path C:\mongodb\bin\mongod.exe -PathType Leaf)) { \ 44 | Write-Host 'Installer failed!'; \ 45 | Get-Content install.log; \ 46 | exit 1; \ 47 | }; \ 48 | Remove-Item install.log; \ 49 | \ 50 | $env:PATH = 'C:\mongodb\bin;' + $env:PATH; \ 51 | [Environment]::SetEnvironmentVariable('PATH', $env:PATH, [EnvironmentVariableTarget]::Machine); \ 52 | \ 53 | Write-Host 'Verifying install ...'; \ 54 | Write-Host ' mongod --version'; mongod --version; \ 55 | \ 56 | Write-Host 'Removing ...'; \ 57 | Remove-Item C:\windows\installer\*.msi -Force; \ 58 | Remove-Item mongo.msi -Force; \ 59 | \ 60 | Write-Host 'Complete.'; 61 | 62 | # TODO docker-entrypoint.ps1 ? (for "docker run --flag --flag --flag") 63 | 64 | VOLUME C:\\data\\db C:\\data\\configdb 65 | 66 | EXPOSE 27017 67 | CMD ["mongod", "--bind_ip_all"] 68 | -------------------------------------------------------------------------------- /8.0/windows/windowsservercore-ltsc2025/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" 3 | # 4 | # PLEASE DO NOT EDIT IT DIRECTLY. 5 | # 6 | 7 | FROM mcr.microsoft.com/windows/servercore:ltsc2025 8 | 9 | SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop';"] 10 | 11 | # https://docs.mongodb.org/master/release-notes/8.0/ 12 | ENV MONGO_VERSION 8.0.10 13 | # 05/28/2025, https://github.com/mongodb/mongo/tree/9d03076bb2d5147d5b6fe381c7118b0b0478b682 14 | 15 | ENV MONGO_DOWNLOAD_URL https://fastdl.mongodb.org/windows/mongodb-windows-x86_64-8.0.10-signed.msi 16 | ENV MONGO_DOWNLOAD_SHA256=ae5f02f81ba456ee9fcf819c362255ccae9a961f039435a09b6887f46732c940 17 | 18 | RUN Write-Host ('Downloading {0} ...' -f $env:MONGO_DOWNLOAD_URL); \ 19 | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; \ 20 | (New-Object System.Net.WebClient).DownloadFile($env:MONGO_DOWNLOAD_URL, 'mongo.msi'); \ 21 | \ 22 | if ($env:MONGO_DOWNLOAD_SHA256) { \ 23 | Write-Host ('Verifying sha256 ({0}) ...' -f $env:MONGO_DOWNLOAD_SHA256); \ 24 | if ((Get-FileHash mongo.msi -Algorithm sha256).Hash -ne $env:MONGO_DOWNLOAD_SHA256) { \ 25 | Write-Host 'FAILED!'; \ 26 | exit 1; \ 27 | }; \ 28 | }; \ 29 | \ 30 | Write-Host 'Installing ...'; \ 31 | # https://docs.mongodb.com/manual/tutorial/install-mongodb-on-windows/#install-mongodb-community-edition 32 | Start-Process msiexec -Wait \ 33 | -ArgumentList @( \ 34 | '/i', \ 35 | 'mongo.msi', \ 36 | '/quiet', \ 37 | '/qn', \ 38 | '/l*v', 'install.log', \ 39 | # https://docs.mongodb.com/manual/tutorial/install-mongodb-on-windows-unattended/#run-the-windows-installer-from-the-windows-command-interpreter 40 | 'INSTALLLOCATION=C:\mongodb', \ 41 | 'ADDLOCAL=MiscellaneousTools,Router,ServerNoService' \ 42 | ); \ 43 | if (-Not (Test-Path C:\mongodb\bin\mongod.exe -PathType Leaf)) { \ 44 | Write-Host 'Installer failed!'; \ 45 | Get-Content install.log; \ 46 | exit 1; \ 47 | }; \ 48 | Remove-Item install.log; \ 49 | \ 50 | $env:PATH = 'C:\mongodb\bin;' + $env:PATH; \ 51 | [Environment]::SetEnvironmentVariable('PATH', $env:PATH, [EnvironmentVariableTarget]::Machine); \ 52 | \ 53 | Write-Host 'Verifying install ...'; \ 54 | Write-Host ' mongod --version'; mongod --version; \ 55 | \ 56 | Write-Host 'Removing ...'; \ 57 | Remove-Item C:\windows\installer\*.msi -Force; \ 58 | Remove-Item mongo.msi -Force; \ 59 | \ 60 | Write-Host 'Complete.'; 61 | 62 | # TODO docker-entrypoint.ps1 ? (for "docker run --flag --flag --flag") 63 | 64 | VOLUME C:\\data\\db C:\\data\\configdb 65 | 66 | EXPOSE 27017 67 | CMD ["mongod", "--bind_ip_all"] 68 | -------------------------------------------------------------------------------- /Dockerfile-linux.template: -------------------------------------------------------------------------------- 1 | {{ def target: .targets[.linux] -}} 2 | FROM {{ target.image }} 3 | 4 | # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added 5 | RUN set -eux; \ 6 | groupadd --gid 999 --system mongodb; \ 7 | useradd --uid 999 --system --gid mongodb --home-dir /data/db mongodb; \ 8 | mkdir -p /data/db /data/configdb; \ 9 | chown -R mongodb:mongodb /data/db /data/configdb 10 | 11 | RUN set -eux; \ 12 | apt-get update; \ 13 | apt-get install -y --no-install-recommends \ 14 | ca-certificates \ 15 | jq \ 16 | numactl \ 17 | procps \ 18 | ; \ 19 | rm -rf /var/lib/apt/lists/* 20 | 21 | # grab gosu for easy step-down from root (https://github.com/tianon/gosu/releases) 22 | ENV GOSU_VERSION 1.17 23 | # grab "js-yaml" for parsing mongod's YAML config files (https://github.com/nodeca/js-yaml/releases) 24 | ENV JSYAML_VERSION 3.13.1 25 | ENV JSYAML_CHECKSUM 662e32319bdd378e91f67578e56a34954b0a2e33aca11d70ab9f4826af24b941 26 | 27 | RUN set -eux; \ 28 | \ 29 | savedAptMark="$(apt-mark showmanual)"; \ 30 | apt-get update; \ 31 | apt-get install -y --no-install-recommends \ 32 | gnupg \ 33 | wget \ 34 | ; \ 35 | rm -rf /var/lib/apt/lists/*; \ 36 | \ 37 | # download/install gosu 38 | dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ 39 | wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ 40 | wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ 41 | export GNUPGHOME="$(mktemp -d)"; \ 42 | gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ 43 | gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ 44 | gpgconf --kill all; \ 45 | rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ 46 | \ 47 | # download/install js-yaml 48 | mkdir -p /opt/js-yaml/; \ 49 | wget -O /opt/js-yaml/js-yaml.tgz https://registry.npmjs.org/js-yaml/-/js-yaml-${JSYAML_VERSION}.tgz; \ 50 | echo "$JSYAML_CHECKSUM */opt/js-yaml/js-yaml.tgz" | sha256sum -c -; \ 51 | tar -xz --strip-components=1 -f /opt/js-yaml/js-yaml.tgz -C /opt/js-yaml package/dist/js-yaml.js package/package.json; \ 52 | rm /opt/js-yaml/js-yaml.tgz; \ 53 | ln -s /opt/js-yaml/dist/js-yaml.js /js-yaml.js; \ 54 | \ 55 | # download/install MongoDB PGP keys 56 | export GNUPGHOME="$(mktemp -d)"; \ 57 | wget -O KEYS {{ [ .pgp[].url ] | map(@sh) | join(" ") }}; \ 58 | gpg --batch --import KEYS; \ 59 | mkdir -p /etc/apt/keyrings; \ 60 | gpg --batch --export --armor {{ [ .pgp[].fingerprints[] ] | map(@sh) | join(" ") }} > /etc/apt/keyrings/mongodb.asc; \ 61 | gpgconf --kill all; \ 62 | rm -rf "$GNUPGHOME" KEYS; \ 63 | \ 64 | apt-mark auto '.*' > /dev/null; \ 65 | apt-mark manual $savedAptMark > /dev/null; \ 66 | apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ 67 | \ 68 | # smoke test 69 | chmod +x /usr/local/bin/gosu; \ 70 | gosu --version; \ 71 | gosu nobody true 72 | 73 | RUN mkdir /docker-entrypoint-initdb.d 74 | 75 | # Allow build-time overrides (eg. to build image with MongoDB Enterprise version) 76 | # Options for MONGO_PACKAGE: mongodb-org OR mongodb-enterprise 77 | # Options for MONGO_REPO: repo.mongodb.org OR repo.mongodb.com 78 | # Example: docker build --build-arg MONGO_PACKAGE=mongodb-enterprise --build-arg MONGO_REPO=repo.mongodb.com . 79 | ARG MONGO_PACKAGE=mongodb-org{{ if (env.version != env.rcVersion) and (env.rcVersion | split(".")[1] | tonumber % 2 == 1) then "-unstable" else "" end }} 80 | ARG MONGO_REPO=repo.mongodb.org 81 | ENV MONGO_PACKAGE=${MONGO_PACKAGE} MONGO_REPO=${MONGO_REPO} 82 | 83 | ENV MONGO_MAJOR {{ if env.version != env.rcVersion then "testing" else env.version end }} 84 | RUN echo "deb [ signed-by=/etc/apt/keyrings/mongodb.asc ] http://$MONGO_REPO/apt/{{ target.image | gsub(":.*$"; "") }} {{ target.suite }}/${MONGO_PACKAGE%-unstable}/$MONGO_MAJOR {{ if target.image | test("^debian") then "main" else "multiverse" end }}" | tee "/etc/apt/sources.list.d/${MONGO_PACKAGE%-unstable}.list" 85 | {{ if env.version != env.rcVersion then ( -}} 86 | # add GA repo for mongodb-mongosh and mongodb-database-tools 87 | RUN echo "deb [ signed-by=/etc/apt/keyrings/mongodb.asc ] http://$MONGO_REPO/apt/{{ target.image | gsub(":.*$"; "") }} {{ target.suite }}/${MONGO_PACKAGE%-unstable}/{{ env.rcVersion }} {{ if target.image | test("^debian") then "main" else "multiverse" end }}" | tee "/etc/apt/sources.list.d/mongodb-{{ env.rcVersion }}.list" 88 | {{ ) else "" end -}} 89 | 90 | {{ if .notes then ( -}} 91 | # {{ .notes }} 92 | {{ ) else "" end -}} 93 | ENV MONGO_VERSION {{ .version | gsub("-"; "~") }} 94 | {{ if .date or .githash then ( -}} 95 | # {{ [ .date // empty, "https://github.com/mongodb/mongo/tree/" + .githash // empty ] | join(", ") }} 96 | {{ ) else "" end -}} 97 | 98 | RUN set -x \ 99 | # installing "mongodb-enterprise" pulls in "tzdata" which prompts for input 100 | && export DEBIAN_FRONTEND=noninteractive \ 101 | && apt-get update \ 102 | && apt-get install -y \ 103 | ${MONGO_PACKAGE}=$MONGO_VERSION \ 104 | ${MONGO_PACKAGE}-server=$MONGO_VERSION \ 105 | ${MONGO_PACKAGE}-shell=$MONGO_VERSION \ 106 | ${MONGO_PACKAGE}-mongos=$MONGO_VERSION \ 107 | ${MONGO_PACKAGE}-tools=$MONGO_VERSION \ 108 | {{ if (env.rcVersion | tonumber >= 6) then ( -}} 109 | {{ # TODO: auto update this list of packages or just pin them -}} 110 | ${MONGO_PACKAGE}-database=$MONGO_VERSION \ 111 | ${MONGO_PACKAGE}-database-tools-extra=$MONGO_VERSION \ 112 | {{ ) else "" end -}} 113 | && rm -rf /var/lib/apt/lists/* \ 114 | && rm -rf /var/lib/mongodb \ 115 | && mv /etc/mongod.conf /etc/mongod.conf.orig 116 | 117 | VOLUME /data/db /data/configdb 118 | 119 | # ensure that if running as custom user that "mongosh" has a valid "HOME" 120 | # https://github.com/docker-library/mongo/issues/524 121 | ENV HOME /data/db 122 | {{ if (env.rcVersion | tonumber >= 8) then ( -}} 123 | {{ # TODO remove this when it is no longer necessary: https://www.mongodb.com/docs/manual/administration/tcmalloc-performance/#enable-per-cpu-caches -}} 124 | 125 | # ensure that glibc isn't using rseq so that google-tcmalloc can 126 | # https://www.mongodb.com/docs/manual/administration/tcmalloc-performance/#disable-glibc-rseq 127 | ENV GLIBC_TUNABLES glibc.pthread.rseq=0 128 | {{ ) else "" end -}} 129 | 130 | COPY docker-entrypoint.sh /usr/local/bin/ 131 | ENTRYPOINT ["docker-entrypoint.sh"] 132 | 133 | EXPOSE 27017 134 | CMD ["mongod"] 135 | -------------------------------------------------------------------------------- /Dockerfile-windows.template: -------------------------------------------------------------------------------- 1 | {{ 2 | def has_client: 3 | .targets.windows.features | index("Client") 4 | -}} 5 | FROM mcr.microsoft.com/windows/{{ env.windowsVariant }}:{{ env.windowsRelease }} 6 | 7 | {{ if env.windowsVariant == "servercore" then ( -}} 8 | SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop';"] 9 | 10 | {{ if .notes then ( -}} 11 | # {{ .notes }} 12 | {{ ) else "" end -}} 13 | ENV MONGO_VERSION {{ .version }} 14 | {{ if .date or .githash then ( -}} 15 | # {{ [ .date // empty, "https://github.com/mongodb/mongo/tree/" + .githash // empty ] | join(", ") }} 16 | {{ ) else "" end -}} 17 | 18 | ENV MONGO_DOWNLOAD_URL {{ .targets.windows.msi }} 19 | ENV MONGO_DOWNLOAD_SHA256={{ .targets.windows.sha256 }} 20 | 21 | RUN Write-Host ('Downloading {0} ...' -f $env:MONGO_DOWNLOAD_URL); \ 22 | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; \ 23 | (New-Object System.Net.WebClient).DownloadFile($env:MONGO_DOWNLOAD_URL, 'mongo.msi'); \ 24 | \ 25 | if ($env:MONGO_DOWNLOAD_SHA256) { \ 26 | Write-Host ('Verifying sha256 ({0}) ...' -f $env:MONGO_DOWNLOAD_SHA256); \ 27 | if ((Get-FileHash mongo.msi -Algorithm sha256).Hash -ne $env:MONGO_DOWNLOAD_SHA256) { \ 28 | Write-Host 'FAILED!'; \ 29 | exit 1; \ 30 | }; \ 31 | }; \ 32 | \ 33 | Write-Host 'Installing ...'; \ 34 | # https://docs.mongodb.com/manual/tutorial/install-mongodb-on-windows/#install-mongodb-community-edition 35 | Start-Process msiexec -Wait \ 36 | -ArgumentList @( \ 37 | '/i', \ 38 | 'mongo.msi', \ 39 | '/quiet', \ 40 | '/qn', \ 41 | '/l*v', 'install.log', \ 42 | # https://docs.mongodb.com/manual/tutorial/install-mongodb-on-windows-unattended/#run-the-windows-installer-from-the-windows-command-interpreter 43 | 'INSTALLLOCATION=C:\mongodb', \ 44 | 'ADDLOCAL={{ .targets.windows.features | join(",") }}' \ 45 | ); \ 46 | if (-Not (Test-Path C:\mongodb\bin\mongod.exe -PathType Leaf)) { \ 47 | Write-Host 'Installer failed!'; \ 48 | Get-Content install.log; \ 49 | exit 1; \ 50 | }; \ 51 | Remove-Item install.log; \ 52 | \ 53 | $env:PATH = 'C:\mongodb\bin;' + $env:PATH; \ 54 | [Environment]::SetEnvironmentVariable('PATH', $env:PATH, [EnvironmentVariableTarget]::Machine); \ 55 | \ 56 | Write-Host 'Verifying install ...'; \ 57 | {{ if has_client then ( -}} 58 | Write-Host ' mongo --version'; mongo --version; \ 59 | {{ ) else "" end -}} 60 | Write-Host ' mongod --version'; mongod --version; \ 61 | \ 62 | Write-Host 'Removing ...'; \ 63 | Remove-Item C:\windows\installer\*.msi -Force; \ 64 | Remove-Item mongo.msi -Force; \ 65 | \ 66 | Write-Host 'Complete.'; 67 | 68 | # TODO docker-entrypoint.ps1 ? (for "docker run --flag --flag --flag") 69 | {{ ) else ( -}} 70 | SHELL ["cmd", "/S", "/C"] 71 | 72 | # PATH isn't actually set in the Docker image, so we have to set it from within the container 73 | USER ContainerAdministrator 74 | RUN setx /m PATH "C:\mongodb\bin;%PATH%" 75 | USER ContainerUser 76 | # doing this first to share cache across versions more aggressively 77 | 78 | {{ def copy_from: "mongo:" + .version + "-windowsservercore-" + env.windowsRelease -}} 79 | COPY --from={{ copy_from }} \ 80 | C:\\Windows\\System32\\msvcp140.dll \ 81 | C:\\Windows\\System32\\msvcp140_1.dll \ 82 | C:\\Windows\\System32\\vcruntime140.dll \ 83 | C:\\Windows\\System32\\vcruntime140_1.dll \ 84 | C:\\Windows\\System32\\ 85 | 86 | {{ if .notes then ( -}} 87 | # {{ .notes }} 88 | {{ ) else "" end -}} 89 | ENV MONGO_VERSION {{ .version }} 90 | {{ if .date or .githash then ( -}} 91 | # {{ [ .date // empty, "https://github.com/mongodb/mongo/tree/" + .githash // empty ] | join(", ") }} 92 | {{ ) else "" end -}} 93 | 94 | COPY --from={{ copy_from }} C:\\mongodb C:\\mongodb 95 | RUN {{ if has_client then ( }}mongo --version && {{ ) else "" end }}mongod --version 96 | {{ ) end -}} 97 | 98 | VOLUME C:\\data\\db C:\\data\\configdb 99 | 100 | EXPOSE 27017 101 | CMD ["mongod", "--bind_ip_all"] 102 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | 203 | 204 | 205 | APACHE HTTP SERVER SUBCOMPONENTS: 206 | 207 | The Apache HTTP Server includes a number of subcomponents with 208 | separate copyright notices and license terms. Your use of the source 209 | code for the these subcomponents is subject to the terms and 210 | conditions of the following licenses. 211 | 212 | For the mod_mime_magic component: 213 | 214 | /* 215 | * mod_mime_magic: MIME type lookup via file magic numbers 216 | * Copyright (c) 1996-1997 Cisco Systems, Inc. 217 | * 218 | * This software was submitted by Cisco Systems to the Apache Group in July 219 | * 1997. Future revisions and derivatives of this source code must 220 | * acknowledge Cisco Systems as the original contributor of this module. 221 | * All other licensing and usage conditions are those of the Apache Group. 222 | * 223 | * Some of this code is derived from the free version of the file command 224 | * originally posted to comp.sources.unix. Copyright info for that program 225 | * is included below as required. 226 | * --------------------------------------------------------------------------- 227 | * - Copyright (c) Ian F. Darwin, 1987. Written by Ian F. Darwin. 228 | * 229 | * This software is not subject to any license of the American Telephone and 230 | * Telegraph Company or of the Regents of the University of California. 231 | * 232 | * Permission is granted to anyone to use this software for any purpose on any 233 | * computer system, and to alter it and redistribute it freely, subject to 234 | * the following restrictions: 235 | * 236 | * 1. The author is not responsible for the consequences of use of this 237 | * software, no matter how awful, even if they arise from flaws in it. 238 | * 239 | * 2. The origin of this software must not be misrepresented, either by 240 | * explicit claim or by omission. Since few users ever read sources, credits 241 | * must appear in the documentation. 242 | * 243 | * 3. Altered versions must be plainly marked as such, and must not be 244 | * misrepresented as being the original software. Since few users ever read 245 | * sources, credits must appear in the documentation. 246 | * 247 | * 4. This notice may not be removed or altered. 248 | * ------------------------------------------------------------------------- 249 | * 250 | */ 251 | 252 | 253 | For the modules\mappers\mod_imagemap.c component: 254 | 255 | "macmartinized" polygon code copyright 1992 by Eric Haines, erich@eye.com 256 | 257 | For the server\util_md5.c component: 258 | 259 | /************************************************************************ 260 | * NCSA HTTPd Server 261 | * Software Development Group 262 | * National Center for Supercomputing Applications 263 | * University of Illinois at Urbana-Champaign 264 | * 605 E. Springfield, Champaign, IL 61820 265 | * httpd@ncsa.uiuc.edu 266 | * 267 | * Copyright (C) 1995, Board of Trustees of the University of Illinois 268 | * 269 | ************************************************************************ 270 | * 271 | * md5.c: NCSA HTTPd code which uses the md5c.c RSA Code 272 | * 273 | * Original Code Copyright (C) 1994, Jeff Hostetler, Spyglass, Inc. 274 | * Portions of Content-MD5 code Copyright (C) 1993, 1994 by Carnegie Mellon 275 | * University (see Copyright below). 276 | * Portions of Content-MD5 code Copyright (C) 1991 Bell Communications 277 | * Research, Inc. (Bellcore) (see Copyright below). 278 | * Portions extracted from mpack, John G. Myers - jgm+@cmu.edu 279 | * Content-MD5 Code contributed by Martin Hamilton (martin@net.lut.ac.uk) 280 | * 281 | */ 282 | 283 | 284 | /* these portions extracted from mpack, John G. Myers - jgm+@cmu.edu */ 285 | /* (C) Copyright 1993,1994 by Carnegie Mellon University 286 | * All Rights Reserved. 287 | * 288 | * Permission to use, copy, modify, distribute, and sell this software 289 | * and its documentation for any purpose is hereby granted without 290 | * fee, provided that the above copyright notice appear in all copies 291 | * and that both that copyright notice and this permission notice 292 | * appear in supporting documentation, and that the name of Carnegie 293 | * Mellon University not be used in advertising or publicity 294 | * pertaining to distribution of the software without specific, 295 | * written prior permission. Carnegie Mellon University makes no 296 | * representations about the suitability of this software for any 297 | * purpose. It is provided "as is" without express or implied 298 | * warranty. 299 | * 300 | * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO 301 | * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 302 | * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE 303 | * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 304 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN 305 | * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING 306 | * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS 307 | * SOFTWARE. 308 | */ 309 | 310 | /* 311 | * Copyright (c) 1991 Bell Communications Research, Inc. (Bellcore) 312 | * 313 | * Permission to use, copy, modify, and distribute this material 314 | * for any purpose and without fee is hereby granted, provided 315 | * that the above copyright notice and this permission notice 316 | * appear in all copies, and that the name of Bellcore not be 317 | * used in advertising or publicity pertaining to this 318 | * material without the specific, prior written permission 319 | * of an authorized representative of Bellcore. BELLCORE 320 | * MAKES NO REPRESENTATIONS ABOUT THE ACCURACY OR SUITABILITY 321 | * OF THIS MATERIAL FOR ANY PURPOSE. IT IS PROVIDED "AS IS", 322 | * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES. 323 | */ 324 | 325 | For the srclib\apr\include\apr_md5.h component: 326 | /* 327 | * This is work is derived from material Copyright RSA Data Security, Inc. 328 | * 329 | * The RSA copyright statement and Licence for that original material is 330 | * included below. This is followed by the Apache copyright statement and 331 | * licence for the modifications made to that material. 332 | */ 333 | 334 | /* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All 335 | rights reserved. 336 | 337 | License to copy and use this software is granted provided that it 338 | is identified as the "RSA Data Security, Inc. MD5 Message-Digest 339 | Algorithm" in all material mentioning or referencing this software 340 | or this function. 341 | 342 | License is also granted to make and use derivative works provided 343 | that such works are identified as "derived from the RSA Data 344 | Security, Inc. MD5 Message-Digest Algorithm" in all material 345 | mentioning or referencing the derived work. 346 | 347 | RSA Data Security, Inc. makes no representations concerning either 348 | the merchantability of this software or the suitability of this 349 | software for any particular purpose. It is provided "as is" 350 | without express or implied warranty of any kind. 351 | 352 | These notices must be retained in any copies of any part of this 353 | documentation and/or software. 354 | */ 355 | 356 | For the srclib\apr\passwd\apr_md5.c component: 357 | 358 | /* 359 | * This is work is derived from material Copyright RSA Data Security, Inc. 360 | * 361 | * The RSA copyright statement and Licence for that original material is 362 | * included below. This is followed by the Apache copyright statement and 363 | * licence for the modifications made to that material. 364 | */ 365 | 366 | /* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm 367 | */ 368 | 369 | /* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All 370 | rights reserved. 371 | 372 | License to copy and use this software is granted provided that it 373 | is identified as the "RSA Data Security, Inc. MD5 Message-Digest 374 | Algorithm" in all material mentioning or referencing this software 375 | or this function. 376 | 377 | License is also granted to make and use derivative works provided 378 | that such works are identified as "derived from the RSA Data 379 | Security, Inc. MD5 Message-Digest Algorithm" in all material 380 | mentioning or referencing the derived work. 381 | 382 | RSA Data Security, Inc. makes no representations concerning either 383 | the merchantability of this software or the suitability of this 384 | software for any particular purpose. It is provided "as is" 385 | without express or implied warranty of any kind. 386 | 387 | These notices must be retained in any copies of any part of this 388 | documentation and/or software. 389 | */ 390 | /* 391 | * The apr_md5_encode() routine uses much code obtained from the FreeBSD 3.0 392 | * MD5 crypt() function, which is licenced as follows: 393 | * ---------------------------------------------------------------------------- 394 | * "THE BEER-WARE LICENSE" (Revision 42): 395 | * wrote this file. As long as you retain this notice you 396 | * can do whatever you want with this stuff. If we meet some day, and you think 397 | * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp 398 | * ---------------------------------------------------------------------------- 399 | */ 400 | 401 | For the srclib\apr-util\crypto\apr_md4.c component: 402 | 403 | * This is derived from material copyright RSA Data Security, Inc. 404 | * Their notice is reproduced below in its entirety. 405 | * 406 | * Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All 407 | * rights reserved. 408 | * 409 | * License to copy and use this software is granted provided that it 410 | * is identified as the "RSA Data Security, Inc. MD4 Message-Digest 411 | * Algorithm" in all material mentioning or referencing this software 412 | * or this function. 413 | * 414 | * License is also granted to make and use derivative works provided 415 | * that such works are identified as "derived from the RSA Data 416 | * Security, Inc. MD4 Message-Digest Algorithm" in all material 417 | * mentioning or referencing the derived work. 418 | * 419 | * RSA Data Security, Inc. makes no representations concerning either 420 | * the merchantability of this software or the suitability of this 421 | * software for any particular purpose. It is provided "as is" 422 | * without express or implied warranty of any kind. 423 | * 424 | * These notices must be retained in any copies of any part of this 425 | * documentation and/or software. 426 | */ 427 | 428 | For the srclib\apr-util\include\apr_md4.h component: 429 | 430 | * 431 | * This is derived from material copyright RSA Data Security, Inc. 432 | * Their notice is reproduced below in its entirety. 433 | * 434 | * Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All 435 | * rights reserved. 436 | * 437 | * License to copy and use this software is granted provided that it 438 | * is identified as the "RSA Data Security, Inc. MD4 Message-Digest 439 | * Algorithm" in all material mentioning or referencing this software 440 | * or this function. 441 | * 442 | * License is also granted to make and use derivative works provided 443 | * that such works are identified as "derived from the RSA Data 444 | * Security, Inc. MD4 Message-Digest Algorithm" in all material 445 | * mentioning or referencing the derived work. 446 | * 447 | * RSA Data Security, Inc. makes no representations concerning either 448 | * the merchantability of this software or the suitability of this 449 | * software for any particular purpose. It is provided "as is" 450 | * without express or implied warranty of any kind. 451 | * 452 | * These notices must be retained in any copies of any part of this 453 | * documentation and/or software. 454 | */ 455 | 456 | 457 | For the srclib\apr-util\test\testmd4.c component: 458 | 459 | * 460 | * This is derived from material copyright RSA Data Security, Inc. 461 | * Their notice is reproduced below in its entirety. 462 | * 463 | * Copyright (C) 1990-2, RSA Data Security, Inc. Created 1990. All 464 | * rights reserved. 465 | * 466 | * RSA Data Security, Inc. makes no representations concerning either 467 | * the merchantability of this software or the suitability of this 468 | * software for any particular purpose. It is provided "as is" 469 | * without express or implied warranty of any kind. 470 | * 471 | * These notices must be retained in any copies of any part of this 472 | * documentation and/or software. 473 | */ 474 | 475 | For the srclib\apr-util\xml\expat\conftools\install-sh component: 476 | 477 | # 478 | # install - install a program, script, or datafile 479 | # This comes from X11R5 (mit/util/scripts/install.sh). 480 | # 481 | # Copyright 1991 by the Massachusetts Institute of Technology 482 | # 483 | # Permission to use, copy, modify, distribute, and sell this software and its 484 | # documentation for any purpose is hereby granted without fee, provided that 485 | # the above copyright notice appear in all copies and that both that 486 | # copyright notice and this permission notice appear in supporting 487 | # documentation, and that the name of M.I.T. not be used in advertising or 488 | # publicity pertaining to distribution of the software without specific, 489 | # written prior permission. M.I.T. makes no representations about the 490 | # suitability of this software for any purpose. It is provided "as is" 491 | # without express or implied warranty. 492 | # 493 | 494 | For the test\zb.c component: 495 | 496 | /* ZeusBench V1.01 497 | =============== 498 | 499 | This program is Copyright (C) Zeus Technology Limited 1996. 500 | 501 | This program may be used and copied freely providing this copyright notice 502 | is not removed. 503 | 504 | This software is provided "as is" and any express or implied waranties, 505 | including but not limited to, the implied warranties of merchantability and 506 | fitness for a particular purpose are disclaimed. In no event shall 507 | Zeus Technology Ltd. be liable for any direct, indirect, incidental, special, 508 | exemplary, or consequential damaged (including, but not limited to, 509 | procurement of substitute good or services; loss of use, data, or profits; 510 | or business interruption) however caused and on theory of liability. Whether 511 | in contract, strict liability or tort (including negligence or otherwise) 512 | arising in any way out of the use of this software, even if advised of the 513 | possibility of such damage. 514 | 515 | Written by Adam Twiss (adam@zeus.co.uk). March 1996 516 | 517 | Thanks to the following people for their input: 518 | Mike Belshe (mbelshe@netscape.com) 519 | Michael Campanella (campanella@stevms.enet.dec.com) 520 | 521 | */ 522 | 523 | For the expat xml parser component: 524 | 525 | Copyright (c) 1998, 1999, 2000 Thai Open Source Software Center Ltd 526 | and Clark Cooper 527 | 528 | Permission is hereby granted, free of charge, to any person obtaining 529 | a copy of this software and associated documentation files (the 530 | "Software"), to deal in the Software without restriction, including 531 | without limitation the rights to use, copy, modify, merge, publish, 532 | distribute, sublicense, and/or sell copies of the Software, and to 533 | permit persons to whom the Software is furnished to do so, subject to 534 | the following conditions: 535 | 536 | The above copyright notice and this permission notice shall be included 537 | in all copies or substantial portions of the Software. 538 | 539 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 540 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 541 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 542 | IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 543 | CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 544 | TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 545 | SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 546 | 547 | 548 | ==================================================================== 549 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # https://github.com/docker-library/mongo 2 | 3 | ## Maintained by: [the Docker Community](https://github.com/docker-library/mongo) 4 | 5 | This is the Git repo of the [Docker "Official Image"](https://github.com/docker-library/official-images#what-are-official-images) for [`mongo`](https://hub.docker.com/_/mongo/) (not to be confused with any official `mongo` image provided by `mongo` upstream). See [the Docker Hub page](https://hub.docker.com/_/mongo/) for the full readme on how to use this Docker image and for information regarding contributing and issues. 6 | 7 | The [full image description on Docker Hub](https://hub.docker.com/_/mongo/) is generated/maintained over in [the docker-library/docs repository](https://github.com/docker-library/docs), specifically in [the `mongo` directory](https://github.com/docker-library/docs/tree/master/mongo). 8 | 9 | ## See a change merged here that doesn't show up on Docker Hub yet? 10 | 11 | For more information about the full official images change lifecycle, see [the "An image's source changed in Git, now what?" FAQ entry](https://github.com/docker-library/faq#an-images-source-changed-in-git-now-what). 12 | 13 | For outstanding `mongo` image PRs, check [PRs with the "library/mongo" label on the official-images repository](https://github.com/docker-library/official-images/labels/library%2Fmongo). For the current "source of truth" for [`mongo`](https://hub.docker.com/_/mongo/), see [the `library/mongo` file in the official-images repository](https://github.com/docker-library/official-images/blob/master/library/mongo). 14 | 15 | 16 | -------------------------------------------------------------------------------- /apply-templates.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | [ -f versions.json ] # run "versions.sh" first 5 | 6 | jqt='.jq-template.awk' 7 | if [ -n "${BASHBREW_SCRIPTS:-}" ]; then 8 | jqt="$BASHBREW_SCRIPTS/jq-template.awk" 9 | elif [ "$BASH_SOURCE" -nt "$jqt" ]; then 10 | # https://github.com/docker-library/bashbrew/blob/master/scripts/jq-template.awk 11 | wget -qO "$jqt" 'https://github.com/docker-library/bashbrew/raw/9f6a35772ac863a0241f147c820354e4008edf38/scripts/jq-template.awk' 12 | fi 13 | 14 | if [ "$#" -eq 0 ]; then 15 | versions="$(jq -r 'keys | map(@sh) | join(" ")' versions.json)" 16 | eval "set -- $versions" 17 | fi 18 | 19 | generated_warning() { 20 | cat <<-EOH 21 | # 22 | # NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" 23 | # 24 | # PLEASE DO NOT EDIT IT DIRECTLY. 25 | # 26 | 27 | EOH 28 | } 29 | 30 | for version; do 31 | rcVersion="${version%-rc}" 32 | export version rcVersion 33 | 34 | rm -rf "$version" 35 | 36 | if jq -e '.[env.version] | not' versions.json > /dev/null; then 37 | echo "skipping $version ..." 38 | continue 39 | fi 40 | 41 | echo "processing $version ..." 42 | 43 | mkdir -p "$version" 44 | { 45 | generated_warning 46 | gawk -f "$jqt" Dockerfile-linux.template 47 | } > "$version/Dockerfile" 48 | 49 | cp -a docker-entrypoint.sh "$version/" 50 | 51 | variants="$(jq -r '.[env.version].targets.windows.variants | map(@sh) | join(" ")' versions.json)" 52 | eval "variants=( $variants )" 53 | for variant in "${variants[@]}"; do 54 | windowsVariant="${variant%%-*}" # "windowsservercore", "nanoserver" 55 | windowsRelease="${variant#$windowsVariant-}" # "ltsc2022", "1809", etc 56 | windowsVariant="${windowsVariant#windows}" # "servercore", "nanoserver" 57 | export windowsVariant windowsRelease 58 | 59 | dir="$version/windows/$variant" 60 | echo "processing $dir ..." 61 | 62 | mkdir -p "$dir" 63 | { 64 | generated_warning 65 | gawk -f "$jqt" Dockerfile-windows.template 66 | } > "$dir/Dockerfile" 67 | done 68 | done 69 | -------------------------------------------------------------------------------- /docker-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | if [ "${1:0:1}" = '-' ]; then 5 | set -- mongod "$@" 6 | fi 7 | 8 | originalArgOne="$1" 9 | 10 | # allow the container to be started with `--user` 11 | # all mongo* commands should be dropped to the correct user 12 | if [[ "$originalArgOne" == mongo* ]] && [ "$(id -u)" = '0' ]; then 13 | if [ "$originalArgOne" = 'mongod' ]; then 14 | find /data/configdb /data/db \! -user mongodb -exec chown mongodb '{}' + 15 | fi 16 | 17 | # make sure we can write to stdout and stderr as "mongodb" 18 | # (for our "initdb" code later; see "--logpath" below) 19 | chown --dereference mongodb "/proc/$$/fd/1" "/proc/$$/fd/2" || : 20 | # ignore errors thanks to https://github.com/docker-library/mongo/issues/149 21 | 22 | exec gosu mongodb "$BASH_SOURCE" "$@" 23 | fi 24 | 25 | dpkgArch="$(dpkg --print-architecture)" 26 | case "$dpkgArch" in 27 | amd64) # https://github.com/docker-library/mongo/issues/485#issuecomment-891991814 28 | if ! grep -qE '^flags.* avx( .*|$)' /proc/cpuinfo; then 29 | { 30 | echo 31 | echo 'WARNING: MongoDB 5.0+ requires a CPU with AVX support, and your current system does not appear to have that!' 32 | echo ' see https://jira.mongodb.org/browse/SERVER-54407' 33 | echo ' see also https://www.mongodb.com/community/forums/t/mongodb-5-0-cpu-intel-g4650-compatibility/116610/2' 34 | echo ' see also https://github.com/docker-library/mongo/issues/485#issuecomment-891991814' 35 | echo 36 | } >&2 37 | fi 38 | ;; 39 | 40 | arm64) # https://github.com/docker-library/mongo/issues/485#issuecomment-970864306 41 | # https://en.wikichip.org/wiki/arm/armv8#ARMv8_Extensions_and_Processor_Features 42 | # http://javathunderx.blogspot.com/2018/11/cheat-sheet-for-cpuinfo-features-on.html 43 | if ! grep -qE '^Features.* (fphp|dcpop|sha3|sm3|sm4|asimddp|sha512|sve)( .*|$)' /proc/cpuinfo; then 44 | { 45 | echo 46 | echo 'WARNING: MongoDB requires ARMv8.2-A or higher, and your current system does not appear to implement any of the common features for that!' 47 | echo ' applies to all versions ≥5.0, any of 4.4 ≥4.4.19' 48 | echo ' see https://jira.mongodb.org/browse/SERVER-71772' 49 | echo ' see https://jira.mongodb.org/browse/SERVER-55178' 50 | echo ' see also https://en.wikichip.org/wiki/arm/armv8#ARMv8_Extensions_and_Processor_Features' 51 | echo ' see also https://github.com/docker-library/mongo/issues/485#issuecomment-970864306' 52 | echo 53 | } >&2 54 | fi 55 | ;; 56 | esac 57 | 58 | # you should use numactl to start your mongod instances, including the config servers, mongos instances, and any clients. 59 | # https://docs.mongodb.com/manual/administration/production-notes/#configuring-numa-on-linux 60 | if [[ "$originalArgOne" == mongo* ]]; then 61 | numa='numactl --interleave=all' 62 | if $numa true &> /dev/null; then 63 | set -- $numa "$@" 64 | fi 65 | fi 66 | 67 | # usage: file_env VAR [DEFAULT] 68 | # ie: file_env 'XYZ_DB_PASSWORD' 'example' 69 | # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of 70 | # "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) 71 | file_env() { 72 | local var="$1" 73 | local fileVar="${var}_FILE" 74 | local def="${2:-}" 75 | if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then 76 | echo >&2 "error: both $var and $fileVar are set (but are exclusive)" 77 | exit 1 78 | fi 79 | local val="$def" 80 | if [ "${!var:-}" ]; then 81 | val="${!var}" 82 | elif [ "${!fileVar:-}" ]; then 83 | val="$(< "${!fileVar}")" 84 | fi 85 | export "$var"="$val" 86 | unset "$fileVar" 87 | } 88 | 89 | # see https://github.com/docker-library/mongo/issues/147 (mongod is picky about duplicated arguments) 90 | _mongod_hack_have_arg() { 91 | local checkArg="$1"; shift 92 | local arg 93 | for arg; do 94 | case "$arg" in 95 | "$checkArg"|"$checkArg"=*) 96 | return 0 97 | ;; 98 | esac 99 | done 100 | return 1 101 | } 102 | # _mongod_hack_get_arg_val '--some-arg' "$@" 103 | _mongod_hack_get_arg_val() { 104 | local checkArg="$1"; shift 105 | while [ "$#" -gt 0 ]; do 106 | local arg="$1"; shift 107 | case "$arg" in 108 | "$checkArg") 109 | echo "$1" 110 | return 0 111 | ;; 112 | "$checkArg"=*) 113 | echo "${arg#$checkArg=}" 114 | return 0 115 | ;; 116 | esac 117 | done 118 | return 1 119 | } 120 | declare -a mongodHackedArgs 121 | # _mongod_hack_ensure_arg '--some-arg' "$@" 122 | # set -- "${mongodHackedArgs[@]}" 123 | _mongod_hack_ensure_arg() { 124 | local ensureArg="$1"; shift 125 | mongodHackedArgs=( "$@" ) 126 | if ! _mongod_hack_have_arg "$ensureArg" "$@"; then 127 | mongodHackedArgs+=( "$ensureArg" ) 128 | fi 129 | } 130 | # _mongod_hack_ensure_no_arg '--some-unwanted-arg' "$@" 131 | # set -- "${mongodHackedArgs[@]}" 132 | _mongod_hack_ensure_no_arg() { 133 | local ensureNoArg="$1"; shift 134 | mongodHackedArgs=() 135 | while [ "$#" -gt 0 ]; do 136 | local arg="$1"; shift 137 | if [ "$arg" = "$ensureNoArg" ]; then 138 | continue 139 | fi 140 | mongodHackedArgs+=( "$arg" ) 141 | done 142 | } 143 | # _mongod_hack_ensure_no_arg '--some-unwanted-arg' "$@" 144 | # set -- "${mongodHackedArgs[@]}" 145 | _mongod_hack_ensure_no_arg_val() { 146 | local ensureNoArg="$1"; shift 147 | mongodHackedArgs=() 148 | while [ "$#" -gt 0 ]; do 149 | local arg="$1"; shift 150 | case "$arg" in 151 | "$ensureNoArg") 152 | shift # also skip the value 153 | continue 154 | ;; 155 | "$ensureNoArg"=*) 156 | # value is already included 157 | continue 158 | ;; 159 | esac 160 | mongodHackedArgs+=( "$arg" ) 161 | done 162 | } 163 | # _mongod_hack_ensure_arg_val '--some-arg' 'some-val' "$@" 164 | # set -- "${mongodHackedArgs[@]}" 165 | _mongod_hack_ensure_arg_val() { 166 | local ensureArg="$1"; shift 167 | local ensureVal="$1"; shift 168 | _mongod_hack_ensure_no_arg_val "$ensureArg" "$@" 169 | mongodHackedArgs+=( "$ensureArg" "$ensureVal" ) 170 | } 171 | 172 | # _js_escape 'some "string" value' 173 | _js_escape() { 174 | jq --null-input --arg 'str' "$1" '$str' 175 | } 176 | 177 | : "${TMPDIR:=/tmp}" 178 | jsonConfigFile="$TMPDIR/docker-entrypoint-config.json" 179 | tempConfigFile="$TMPDIR/docker-entrypoint-temp-config.json" 180 | _parse_config() { 181 | if [ -s "$tempConfigFile" ]; then 182 | return 0 183 | fi 184 | 185 | local configPath 186 | if configPath="$(_mongod_hack_get_arg_val --config "$@")" && [ -s "$configPath" ]; then 187 | # if --config is specified, parse it into a JSON file so we can remove a few problematic keys (especially SSL-related keys) 188 | # see https://docs.mongodb.com/manual/reference/configuration-options/ 189 | if grep -vEm1 '^[[:space:]]*(#|$)' "$configPath" | grep -qE '^[[:space:]]*[^=:]+[[:space:]]*='; then 190 | # if the first non-comment/non-blank line of the config file looks like "foo = ...", this is probably the 2.4 and older "ini-style config format" 191 | # mongod tries to parse config as yaml and then falls back to ini-style parsing 192 | # https://github.com/mongodb/mongo/blob/r6.0.3/src/mongo/util/options_parser/options_parser.cpp#L1883-L1894 193 | echo >&2 194 | echo >&2 "WARNING: it appears that '$configPath' is in the older INI-style format (replaced by YAML in MongoDB 2.6)" 195 | echo >&2 ' This script does not parse the older INI-style format, and thus will ignore it.' 196 | echo >&2 197 | return 1 198 | fi 199 | if [ "$mongoShell" = 'mongo' ]; then 200 | "$mongoShell" --norc --nodb --quiet --eval "load('/js-yaml.js'); printjson(jsyaml.load(cat($(_js_escape "$configPath"))))" > "$jsonConfigFile" 201 | else 202 | # https://www.mongodb.com/docs/manual/reference/method/js-native/#std-label-native-in-mongosh 203 | "$mongoShell" --norc --nodb --quiet --eval "load('/js-yaml.js'); JSON.stringify(jsyaml.load(fs.readFileSync($(_js_escape "$configPath"), 'utf8')))" > "$jsonConfigFile" 204 | fi 205 | if [ "$(head -c1 "$jsonConfigFile")" != '{' ] || [ "$(tail -c2 "$jsonConfigFile")" != '}' ]; then 206 | # if the file doesn't start with "{" and end with "}", it's *probably* an error ("uncaught exception: YAMLException: foo" for example), so we should print it out 207 | echo >&2 'error: unexpected "js-yaml.js" output while parsing config:' 208 | cat >&2 "$jsonConfigFile" 209 | exit 1 210 | fi 211 | jq 'del(.systemLog, .processManagement, .net, .security, .replication)' "$jsonConfigFile" > "$tempConfigFile" 212 | return 0 213 | fi 214 | 215 | return 1 216 | } 217 | dbPath= 218 | _dbPath() { 219 | if [ -n "$dbPath" ]; then 220 | echo "$dbPath" 221 | return 222 | fi 223 | 224 | if ! dbPath="$(_mongod_hack_get_arg_val --dbpath "$@")"; then 225 | if _parse_config "$@"; then 226 | dbPath="$(jq -r '.storage.dbPath // empty' "$jsonConfigFile")" 227 | fi 228 | fi 229 | 230 | if [ -z "$dbPath" ]; then 231 | if _mongod_hack_have_arg --configsvr "$@" || { 232 | _parse_config "$@" \ 233 | && clusterRole="$(jq -r '.sharding.clusterRole // empty' "$jsonConfigFile")" \ 234 | && [ "$clusterRole" = 'configsvr' ] 235 | }; then 236 | # if running as config server, then the default dbpath is /data/configdb 237 | # https://docs.mongodb.com/manual/reference/program/mongod/#cmdoption-mongod-configsvr 238 | dbPath=/data/configdb 239 | fi 240 | fi 241 | 242 | : "${dbPath:=/data/db}" 243 | 244 | echo "$dbPath" 245 | } 246 | 247 | if [ "$originalArgOne" = 'mongod' ]; then 248 | file_env 'MONGO_INITDB_ROOT_USERNAME' 249 | file_env 'MONGO_INITDB_ROOT_PASSWORD' 250 | 251 | mongoShell='mongo' 252 | if ! command -v "$mongoShell" > /dev/null; then 253 | mongoShell='mongosh' 254 | fi 255 | 256 | # pre-check a few factors to see if it's even worth bothering with initdb 257 | shouldPerformInitdb= 258 | if [ "$MONGO_INITDB_ROOT_USERNAME" ] && [ "$MONGO_INITDB_ROOT_PASSWORD" ]; then 259 | # if we have a username/password, let's set "--auth" 260 | _mongod_hack_ensure_arg '--auth' "$@" 261 | set -- "${mongodHackedArgs[@]}" 262 | shouldPerformInitdb='true' 263 | elif [ "$MONGO_INITDB_ROOT_USERNAME" ] || [ "$MONGO_INITDB_ROOT_PASSWORD" ]; then 264 | cat >&2 <<-'EOF' 265 | 266 | error: missing 'MONGO_INITDB_ROOT_USERNAME' or 'MONGO_INITDB_ROOT_PASSWORD' 267 | both must be specified for a user to be created 268 | 269 | EOF 270 | exit 1 271 | fi 272 | 273 | if [ -z "$shouldPerformInitdb" ]; then 274 | # if we've got any /docker-entrypoint-initdb.d/* files to parse later, we should initdb 275 | for f in /docker-entrypoint-initdb.d/*; do 276 | case "$f" in 277 | *.sh|*.js) # this should match the set of files we check for below 278 | shouldPerformInitdb="$f" 279 | break 280 | ;; 281 | esac 282 | done 283 | fi 284 | 285 | # check for a few known paths (to determine whether we've already initialized and should thus skip our initdb scripts) 286 | if [ -n "$shouldPerformInitdb" ]; then 287 | dbPath="$(_dbPath "$@")" 288 | for path in \ 289 | "$dbPath/WiredTiger" \ 290 | "$dbPath/journal" \ 291 | "$dbPath/local.0" \ 292 | "$dbPath/storage.bson" \ 293 | ; do 294 | if [ -e "$path" ]; then 295 | shouldPerformInitdb= 296 | break 297 | fi 298 | done 299 | fi 300 | 301 | if [ -n "$shouldPerformInitdb" ]; then 302 | mongodHackedArgs=( "$@" ) 303 | if _parse_config "$@"; then 304 | _mongod_hack_ensure_arg_val --config "$tempConfigFile" "${mongodHackedArgs[@]}" 305 | fi 306 | _mongod_hack_ensure_arg_val --bind_ip 127.0.0.1 "${mongodHackedArgs[@]}" 307 | _mongod_hack_ensure_arg_val --port 27017 "${mongodHackedArgs[@]}" 308 | _mongod_hack_ensure_no_arg --bind_ip_all "${mongodHackedArgs[@]}" 309 | 310 | # remove "--auth" and "--replSet" for our initial startup (see https://docs.mongodb.com/manual/tutorial/enable-authentication/#start-mongodb-without-access-control) 311 | # https://github.com/docker-library/mongo/issues/211 312 | _mongod_hack_ensure_no_arg --auth "${mongodHackedArgs[@]}" 313 | # "keyFile implies security.authorization" 314 | # https://docs.mongodb.com/manual/reference/configuration-options/#mongodb-setting-security.keyFile 315 | _mongod_hack_ensure_no_arg_val --keyFile "${mongodHackedArgs[@]}" 316 | if [ "$MONGO_INITDB_ROOT_USERNAME" ] && [ "$MONGO_INITDB_ROOT_PASSWORD" ]; then 317 | _mongod_hack_ensure_no_arg_val --replSet "${mongodHackedArgs[@]}" 318 | fi 319 | 320 | # "BadValue: need sslPEMKeyFile when SSL is enabled" vs "BadValue: need to enable SSL via the sslMode flag when using SSL configuration parameters" 321 | tlsMode='disabled' 322 | if _mongod_hack_have_arg '--tlsCertificateKeyFile' "$@"; then 323 | tlsMode='allowTLS' 324 | fi 325 | _mongod_hack_ensure_arg_val --tlsMode "$tlsMode" "${mongodHackedArgs[@]}" 326 | 327 | if stat "/proc/$$/fd/1" > /dev/null && [ -w "/proc/$$/fd/1" ]; then 328 | # https://github.com/mongodb/mongo/blob/38c0eb538d0fd390c6cb9ce9ae9894153f6e8ef5/src/mongo/db/initialize_server_global_state.cpp#L237-L251 329 | # https://github.com/docker-library/mongo/issues/164#issuecomment-293965668 330 | _mongod_hack_ensure_arg_val --logpath "/proc/$$/fd/1" "${mongodHackedArgs[@]}" 331 | else 332 | initdbLogPath="$(_dbPath "$@")/docker-initdb.log" 333 | echo >&2 "warning: initdb logs cannot write to '/proc/$$/fd/1', so they are in '$initdbLogPath' instead" 334 | _mongod_hack_ensure_arg_val --logpath "$initdbLogPath" "${mongodHackedArgs[@]}" 335 | fi 336 | _mongod_hack_ensure_arg --logappend "${mongodHackedArgs[@]}" 337 | 338 | pidfile="$TMPDIR/docker-entrypoint-temp-mongod.pid" 339 | rm -f "$pidfile" 340 | _mongod_hack_ensure_arg_val --pidfilepath "$pidfile" "${mongodHackedArgs[@]}" 341 | 342 | "${mongodHackedArgs[@]}" --fork 343 | 344 | mongo=( "$mongoShell" --host 127.0.0.1 --port 27017 --quiet ) 345 | 346 | # check to see that our "mongod" actually did start up (catches "--help", "--version", slow prealloc, etc) 347 | # https://jira.mongodb.org/browse/SERVER-16292 348 | tries=30 349 | while true; do 350 | if ! { [ -s "$pidfile" ] && ps "$(< "$pidfile")" &> /dev/null; }; then 351 | # bail ASAP if "mongod" isn't even running 352 | echo >&2 353 | echo >&2 "error: $originalArgOne does not appear to have stayed running -- perhaps it had an error?" 354 | echo >&2 355 | exit 1 356 | fi 357 | if "${mongo[@]}" 'admin' --eval 'quit(0)' &> /dev/null; then 358 | # success! 359 | break 360 | fi 361 | (( tries-- )) 362 | if [ "$tries" -le 0 ]; then 363 | echo >&2 364 | echo >&2 "error: $originalArgOne does not appear to have accepted connections quickly enough -- perhaps it had an error?" 365 | echo >&2 366 | exit 1 367 | fi 368 | sleep 1 369 | done 370 | 371 | if [ "$MONGO_INITDB_ROOT_USERNAME" ] && [ "$MONGO_INITDB_ROOT_PASSWORD" ]; then 372 | rootAuthDatabase='admin' 373 | 374 | "${mongo[@]}" "$rootAuthDatabase" <<-EOJS 375 | db.createUser({ 376 | user: $(_js_escape "$MONGO_INITDB_ROOT_USERNAME"), 377 | pwd: $(_js_escape "$MONGO_INITDB_ROOT_PASSWORD"), 378 | roles: [ { role: 'root', db: $(_js_escape "$rootAuthDatabase") } ] 379 | }) 380 | EOJS 381 | fi 382 | 383 | export MONGO_INITDB_DATABASE="${MONGO_INITDB_DATABASE:-test}" 384 | 385 | echo 386 | for f in /docker-entrypoint-initdb.d/*; do 387 | case "$f" in 388 | *.sh) echo "$0: running $f"; . "$f" ;; 389 | *.js) echo "$0: running $f"; "${mongo[@]}" "$MONGO_INITDB_DATABASE" "$f"; echo ;; 390 | *) echo "$0: ignoring $f" ;; 391 | esac 392 | echo 393 | done 394 | 395 | "${mongodHackedArgs[@]}" --shutdown 396 | rm -f "$pidfile" 397 | 398 | echo 399 | echo 'MongoDB init process complete; ready for start up.' 400 | echo 401 | fi 402 | 403 | # MongoDB defaults to localhost-only binding 404 | haveBindIp= 405 | if _mongod_hack_have_arg --bind_ip "$@" || _mongod_hack_have_arg --bind_ip_all "$@"; then 406 | haveBindIp=1 407 | elif _parse_config "$@" && jq --exit-status '.net.bindIp // .net.bindIpAll' "$jsonConfigFile" > /dev/null; then 408 | haveBindIp=1 409 | fi 410 | if [ -z "$haveBindIp" ]; then 411 | # so if no "--bind_ip" is specified, let's add "--bind_ip_all" 412 | set -- "$@" --bind_ip_all 413 | fi 414 | 415 | unset "${!MONGO_INITDB_@}" 416 | fi 417 | 418 | rm -f "$jsonConfigFile" "$tempConfigFile" 419 | 420 | exec "$@" 421 | -------------------------------------------------------------------------------- /generate-stackbrew-library.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | declare -A aliases=( 5 | [8.0]='8 latest' 6 | [7.0]='7' 7 | [6.0]='6' 8 | ) 9 | 10 | self="$(basename "$BASH_SOURCE")" 11 | cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" 12 | 13 | if [ "$#" -eq 0 ]; then 14 | versions="$(jq -r 'to_entries | map(if .value then .key | @sh else empty end) | join(" ")' versions.json)" 15 | eval "set -- $versions" 16 | fi 17 | 18 | # sort version numbers with highest first 19 | IFS=$'\n'; set -- $(sort -rV <<<"$*"); unset IFS 20 | 21 | # get the most recent commit which modified any of "$@" 22 | fileCommit() { 23 | git log -1 --format='format:%H' HEAD -- "$@" 24 | } 25 | 26 | # get the most recent commit which modified "$1/Dockerfile" or any file COPY'd from "$1/Dockerfile" 27 | dirCommit() { 28 | local dir="$1"; shift 29 | ( 30 | cd "$dir" 31 | fileCommit \ 32 | Dockerfile \ 33 | $(git show HEAD:./Dockerfile | awk ' 34 | toupper($1) == "COPY" { 35 | for (i = 2; i < NF; i++) { 36 | print $i 37 | } 38 | } 39 | ') 40 | ) 41 | } 42 | 43 | getArches() { 44 | local repo="$1"; shift 45 | local officialImagesBase="${BASHBREW_LIBRARY:-https://github.com/docker-library/official-images/raw/HEAD/library}/" 46 | 47 | local parentRepoToArchesStr 48 | parentRepoToArchesStr="$( 49 | find -name 'Dockerfile' -exec awk -v officialImagesBase="$officialImagesBase" ' 50 | toupper($1) == "FROM" && $2 !~ /^('"$repo"'|scratch|.*\/.*)(:|$)/ { 51 | printf "%s%s\n", officialImagesBase, $2 52 | } 53 | ' '{}' + \ 54 | | sort -u \ 55 | | xargs -r bashbrew cat --format '["{{ .RepoName }}:{{ .TagName }}"]="{{ join " " .TagEntry.Architectures }}"' 56 | )" 57 | eval "declare -g -A parentRepoToArches=( $parentRepoToArchesStr )" 58 | } 59 | getArches 'mongo' 60 | 61 | cat <<-EOH 62 | # this file is generated via https://github.com/docker-library/mongo/blob/$(fileCommit "$self")/$self 63 | 64 | Maintainers: Tianon Gravi (@tianon), 65 | Joseph Ferguson (@yosifkit) 66 | GitRepo: https://github.com/docker-library/mongo.git 67 | EOH 68 | 69 | # prints "$2$1$3$1...$N" 70 | join() { 71 | local sep="$1"; shift 72 | local out; printf -v out "${sep//%/%%}%s" "$@" 73 | echo "${out#$sep}" 74 | } 75 | 76 | for version; do 77 | rcVersion="${version%-rc}" 78 | export version rcVersion 79 | 80 | if ! fullVersion="$(jq -er '.[env.version] | if . then .version else empty end' versions.json)"; then 81 | continue 82 | fi 83 | 84 | if [ "$rcVersion" != "$version" ] && [ -e "$rcVersion/Dockerfile" ]; then 85 | # if this is a "-rc" release, let's make sure the release it contains isn't already GA (and thus something we should not publish anymore) 86 | rcFullVersion="$(jq -r '.[env.rcVersion].version' versions.json)" 87 | latestVersion="$({ echo "$fullVersion"; echo "$rcFullVersion"; } | sort -V | tail -1)" 88 | if [[ "$fullVersion" == "$rcFullVersion"* ]] || [ "$latestVersion" = "$rcFullVersion" ]; then 89 | # "x.y.z-rc1" == x.y.z* 90 | continue 91 | fi 92 | fi 93 | 94 | versionAliases=( 95 | $fullVersion 96 | $version 97 | ${aliases[$version]:-} 98 | ) 99 | 100 | variants="$(jq -r '.[env.version].targets.windows.variants | [""] + map("windows/" + .) | map(@sh) | join(" ")' versions.json)" 101 | eval "variants=( $variants )" 102 | 103 | for v in "${variants[@]}"; do 104 | dir="$version${v:+/$v}" 105 | commit="$(dirCommit "$dir")" 106 | 107 | if [ -z "$v" ]; then 108 | variant="$(jq -r '.[env.version] | .targets[.linux].suite' versions.json)" # "bionic", etc. 109 | else 110 | variant="$(basename "$v")" # windowsservercore-1809, etc. 111 | fi 112 | 113 | variantAliases=( "${versionAliases[@]/%/-$variant}" ) 114 | variantAliases=( "${variantAliases[@]//latest-/}" ) 115 | 116 | sharedTags=() 117 | for windowsShared in windowsservercore nanoserver; do 118 | if [[ "$variant" == "$windowsShared"* ]]; then 119 | sharedTags=( "${versionAliases[@]/%/-$windowsShared}" ) 120 | sharedTags=( "${sharedTags[@]//latest-/}" ) 121 | break 122 | fi 123 | done 124 | if [[ "$variant" == 'windowsservercore'* ]] || [ -z "$v" ]; then 125 | sharedTags+=( "${versionAliases[@]}" ) 126 | fi 127 | 128 | case "$v" in 129 | windows/*) 130 | # this is the really long way to say "windows-amd64" 131 | variantArches="$(jq -r '.[env.version] | .targets.windows.arches | map("windows-" + . | @sh) | join(" ")' versions.json)" 132 | ;; 133 | *) 134 | variantArches="$(jq -r '.[env.version] | .targets[.linux].arches | map(@sh) | join(" ")' versions.json)" 135 | ;; 136 | esac 137 | eval "variantArches=( $variantArches )" 138 | 139 | constraints= 140 | if [ -n "$v" ]; then 141 | constraints="$variant" 142 | if [[ "$variant" == nanoserver-* ]]; then 143 | # nanoserver variants "COPY --from=...:...-windowsservercore-... ..." 144 | constraints+=", windowsservercore-${variant#nanoserver-}" 145 | fi 146 | fi 147 | 148 | echo 149 | echo "Tags: $(join ', ' "${variantAliases[@]}")" 150 | if [ "${#sharedTags[@]}" -gt 0 ]; then 151 | echo "SharedTags: $(join ', ' "${sharedTags[@]}")" 152 | fi 153 | cat <<-EOE 154 | Architectures: $(join ', ' "${variantArches[@]}") 155 | GitCommit: $commit 156 | Directory: $dir 157 | EOE 158 | [ -z "$constraints" ] || echo "Constraints: $constraints" 159 | done 160 | done 161 | -------------------------------------------------------------------------------- /pgp-keys.json: -------------------------------------------------------------------------------- 1 | { 2 | "dev": { 3 | "url": "https://pgp.mongodb.com/server-dev.asc", 4 | "fingerprints": [ 5 | "28DE23AF08040FB24C33F36381B0EBBBADCEA95C" 6 | ] 7 | }, 8 | "8.0": { 9 | "url": "https://pgp.mongodb.com/server-8.0.asc", 10 | "fingerprints": [ 11 | "4B0752C1BCA238C0B4EE14DC41DE058A4E7DCA05" 12 | ] 13 | }, 14 | "7.0": { 15 | "url": "https://pgp.mongodb.com/server-7.0.asc", 16 | "fingerprints": [ 17 | "E58830201F7DD82CD808AA84160D26BB1785BA38" 18 | ] 19 | }, 20 | "6.0": { 21 | "url": "https://pgp.mongodb.com/server-6.0.asc", 22 | "fingerprints": [ 23 | "39BD841E4BE5FB195A65400E6A26B1AE64C3C388" 24 | ] 25 | }, 26 | "5.0": { 27 | "url": "https://pgp.mongodb.com/server-5.0.asc", 28 | "fingerprints": [ 29 | "F5679A222C647C87527C2F8CB00A0BD1E2C63C11" 30 | ] 31 | }, 32 | "4.4": { 33 | "url": "https://pgp.mongodb.com/server-4.4.asc", 34 | "fingerprints": [ 35 | "20691EEC35216C63CAF66CE1656408E390CFB1F5" 36 | ] 37 | }, 38 | "4.2": { 39 | "url": "https://pgp.mongodb.com/server-4.2.asc", 40 | "fingerprints": [ 41 | "E162F504A20CDF15827F718D4B7C549A058F8B6B" 42 | ] 43 | }, 44 | "4.0": { 45 | "url": "https://pgp.mongodb.com/server-4.0.asc", 46 | "fingerprints": [ 47 | "9DA31620334BD75D9DCB49F368818C72E52529D4" 48 | ] 49 | } 50 | } 51 | -------------------------------------------------------------------------------- /pgp-keys.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | versions="$(jq -r 'keys_unsorted | map(@sh) | join(" ")' pgp-keys.json)" 5 | eval "set -- $versions" 6 | 7 | json='{}' 8 | 9 | for version; do 10 | url="https://pgp.mongodb.com/server-$version.asc" 11 | export version url 12 | fingerprints="$( 13 | docker run --rm --env url buildpack-deps:bookworm-curl bash -Eeuo pipefail -xc ' 14 | wget -O key.asc "$url" >&2 15 | gpg --batch --import key.asc >&2 16 | gpg --batch --fingerprint --with-colons | grep "^fpr:" | cut -d: -f10 17 | ' 18 | )" 19 | export fingerprints 20 | json="$(jq <<<"$json" -c ' 21 | .[env.version] = { 22 | url: env.url, 23 | fingerprints: ( 24 | env.fingerprints 25 | | rtrimstr("\n") 26 | | split("\n") 27 | ), 28 | } 29 | ')" 30 | done 31 | 32 | jq <<<"$json" ' 33 | to_entries 34 | | sort_by(.key | split(".") | map(tonumber? // .)) 35 | | reverse 36 | | from_entries 37 | ' > pgp-keys.json 38 | -------------------------------------------------------------------------------- /update.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" 5 | 6 | ./versions.sh "$@" 7 | ./apply-templates.sh "$@" 8 | -------------------------------------------------------------------------------- /versions.json: -------------------------------------------------------------------------------- 1 | { 2 | "6.0": { 3 | "changes": "https://jira.mongodb.org/issues/?jql=project%20%3D%20SERVER%20AND%20fixVersion%20%3D%20%226.0.24%22%20ORDER%20BY%20status%20DESC%2C%20priority%20DESC", 4 | "date": "05/28/2025", 5 | "githash": "1b052b94a23863fd12be97aaa4e4b1d96456e5cc", 6 | "linux": "ubuntu2204", 7 | "notes": "https://docs.mongodb.org/master/release-notes/6.0/", 8 | "pgp": [ 9 | { 10 | "fingerprints": [ 11 | "39BD841E4BE5FB195A65400E6A26B1AE64C3C388" 12 | ], 13 | "url": "https://pgp.mongodb.com/server-6.0.asc" 14 | } 15 | ], 16 | "targets": { 17 | "debian10": { 18 | "arches": [ 19 | "amd64" 20 | ], 21 | "image": "debian:buster-slim", 22 | "suite": "buster" 23 | }, 24 | "debian11": { 25 | "arches": [ 26 | "amd64" 27 | ], 28 | "image": "debian:bullseye-slim", 29 | "suite": "bullseye" 30 | }, 31 | "ubuntu2004": { 32 | "arches": [ 33 | "amd64", 34 | "arm64v8" 35 | ], 36 | "image": "ubuntu:focal", 37 | "suite": "focal" 38 | }, 39 | "ubuntu2204": { 40 | "arches": [ 41 | "amd64", 42 | "arm64v8" 43 | ], 44 | "image": "ubuntu:jammy", 45 | "suite": "jammy" 46 | }, 47 | "windows": { 48 | "arches": [ 49 | "amd64" 50 | ], 51 | "features": [ 52 | "MiscellaneousTools", 53 | "Router", 54 | "ServerNoService" 55 | ], 56 | "msi": "https://fastdl.mongodb.org/windows/mongodb-windows-x86_64-6.0.24-signed.msi", 57 | "sha256": "29efc8ca87db8f2fe35af9398c612e5fb7c1deca1ff4ae336c242a69934c0f6c", 58 | "variants": [ 59 | "windowsservercore-ltsc2025", 60 | "windowsservercore-ltsc2022", 61 | "nanoserver-ltsc2022" 62 | ] 63 | } 64 | }, 65 | "version": "6.0.24" 66 | }, 67 | "6.0-rc": null, 68 | "7.0": { 69 | "changes": "https://jira.mongodb.org/issues/?jql=project%20%3D%20SERVER%20AND%20fixVersion%20%3D%20%227.0.21%22%20ORDER%20BY%20status%20DESC%2C%20priority%20DESC", 70 | "date": "05/28/2025", 71 | "githash": "a47b62aff2bae1914085c3ef1d90fc099acf000c", 72 | "linux": "ubuntu2204", 73 | "notes": "https://docs.mongodb.org/master/release-notes/7.0/", 74 | "pgp": [ 75 | { 76 | "fingerprints": [ 77 | "E58830201F7DD82CD808AA84160D26BB1785BA38" 78 | ], 79 | "url": "https://pgp.mongodb.com/server-7.0.asc" 80 | } 81 | ], 82 | "targets": { 83 | "debian11": { 84 | "arches": [ 85 | "amd64" 86 | ], 87 | "image": "debian:bullseye-slim", 88 | "suite": "bullseye" 89 | }, 90 | "debian12": { 91 | "arches": [ 92 | "amd64" 93 | ], 94 | "image": "debian:bookworm-slim", 95 | "suite": "bookworm" 96 | }, 97 | "ubuntu2004": { 98 | "arches": [ 99 | "amd64", 100 | "arm64v8" 101 | ], 102 | "image": "ubuntu:focal", 103 | "suite": "focal" 104 | }, 105 | "ubuntu2204": { 106 | "arches": [ 107 | "amd64", 108 | "arm64v8" 109 | ], 110 | "image": "ubuntu:jammy", 111 | "suite": "jammy" 112 | }, 113 | "windows": { 114 | "arches": [ 115 | "amd64" 116 | ], 117 | "features": [ 118 | "MiscellaneousTools", 119 | "Router", 120 | "ServerNoService" 121 | ], 122 | "msi": "https://fastdl.mongodb.org/windows/mongodb-windows-x86_64-7.0.21-signed.msi", 123 | "sha256": "35baeddf28f20f63a50d6a65bdb19492afdea42005bfb8621a8ec433ec9c748b", 124 | "variants": [ 125 | "windowsservercore-ltsc2025", 126 | "windowsservercore-ltsc2022", 127 | "nanoserver-ltsc2022" 128 | ] 129 | } 130 | }, 131 | "version": "7.0.21" 132 | }, 133 | "7.0-rc": null, 134 | "8.0": { 135 | "changes": "https://jira.mongodb.org/issues/?jql=project%20%3D%20SERVER%20AND%20fixVersion%20%3D%20%228.0.10%22%20ORDER%20BY%20status%20DESC%2C%20priority%20DESC", 136 | "date": "05/28/2025", 137 | "githash": "9d03076bb2d5147d5b6fe381c7118b0b0478b682", 138 | "linux": "ubuntu2404", 139 | "notes": "https://docs.mongodb.org/master/release-notes/8.0/", 140 | "pgp": [ 141 | { 142 | "fingerprints": [ 143 | "4B0752C1BCA238C0B4EE14DC41DE058A4E7DCA05" 144 | ], 145 | "url": "https://pgp.mongodb.com/server-8.0.asc" 146 | } 147 | ], 148 | "targets": { 149 | "debian12": { 150 | "arches": [ 151 | "amd64" 152 | ], 153 | "image": "debian:bookworm-slim", 154 | "suite": "bookworm" 155 | }, 156 | "ubuntu2004": { 157 | "arches": [ 158 | "amd64", 159 | "arm64v8" 160 | ], 161 | "image": "ubuntu:focal", 162 | "suite": "focal" 163 | }, 164 | "ubuntu2204": { 165 | "arches": [ 166 | "amd64", 167 | "arm64v8" 168 | ], 169 | "image": "ubuntu:jammy", 170 | "suite": "jammy" 171 | }, 172 | "ubuntu2404": { 173 | "arches": [ 174 | "amd64", 175 | "arm64v8" 176 | ], 177 | "image": "ubuntu:noble", 178 | "suite": "noble" 179 | }, 180 | "windows": { 181 | "arches": [ 182 | "amd64" 183 | ], 184 | "features": [ 185 | "MiscellaneousTools", 186 | "Router", 187 | "ServerNoService" 188 | ], 189 | "msi": "https://fastdl.mongodb.org/windows/mongodb-windows-x86_64-8.0.10-signed.msi", 190 | "sha256": "ae5f02f81ba456ee9fcf819c362255ccae9a961f039435a09b6887f46732c940", 191 | "variants": [ 192 | "windowsservercore-ltsc2025", 193 | "windowsservercore-ltsc2022", 194 | "nanoserver-ltsc2022" 195 | ] 196 | } 197 | }, 198 | "version": "8.0.10" 199 | }, 200 | "8.0-rc": null 201 | } 202 | -------------------------------------------------------------------------------- /versions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | shell="$( 5 | wget -qO- 'https://downloads.mongodb.org/current.json' \ 6 | | jq -r ' 7 | [ 8 | .versions[] 9 | 10 | # filter out download objects we are definitely not interested in (enterprise, rhel, etc) 11 | | del(.downloads[] | select( 12 | ( 13 | .edition == "base" 14 | or .edition == "targeted" 15 | ) 16 | and ( 17 | .target // "" 18 | | ( 19 | test("^(" + ([ 20 | "debian[0-9]+", # debian10, debian11, etc 21 | "ubuntu[0-9]{4}", # ubuntu2004, ubuntu1804, etc 22 | "windows.*" # windows, windows_x86_64, windows_x86_64-2012plus, etc 23 | ] | join("|")) + ")$") 24 | and ( 25 | # a few things old enough we do not want anything to do with them /o\ 26 | test("^(" + ([ 27 | "debian[89].*", 28 | "ubuntu1[0-9].*" 29 | ] | join("|")) + ")$") 30 | | not 31 | ) 32 | ) 33 | ) 34 | | not)) 35 | 36 | | { 37 | version: ( 38 | # convert "4.4.x" into "4.4" and "4.9.x-rcY" into "4.9-rc" 39 | (.version | split(".")[0:2] | join(".")) 40 | + if .release_candidate then "-rc" else "" end 41 | ), 42 | meta: ., 43 | } 44 | 45 | # filter out EOL versions 46 | # (for some reason "current.json" still lists all these, and as of 2021-05-13 there is not an included way to differentiate them) 47 | | select(.version as $v | [ 48 | # https://www.mongodb.com/support-policy/lifecycles 49 | "3.0", # February 2018 50 | "3.2", # September 2018 51 | "3.4", # January 2020 52 | "3.6", # April 2021 53 | "4.0", # April 2022 54 | "4.2", # April 2023 55 | empty 56 | ] | index($v) | not) 57 | 58 | # filter out so-called "rapid releases": https://docs.mongodb.com/upcoming/reference/versioning/ 59 | # "Rapid Releases are designed for use with MongoDB Atlas, and are not generally supported for use in an on-premise capacity." 60 | | select( 61 | (.version | split("[.-]"; "")) as $splitVersion 62 | | ($splitVersion[0] | tonumber) >= 5 and ($splitVersion[1] | tonumber) > 0 63 | | not 64 | ) 65 | ] 66 | 67 | # in case of duplicates that map to the same "X.Y[-rc]", prefer the first one (the upstream file is typically in descending sorted order, so we do not need to get much more complicated than this) 68 | # *not* doing this was actually totally fine/sane up until 2024-08-14, because prior to that there were never any duplicates in the upstream file so everything "just worked" 69 | # on 2024-08-14, upstream released 7.0.14-rc0, but (accidentally?) left 7.0.13-rc1 listed in the file, and without this fix, we prefer the later entry due to how we export the data below 70 | | unique_by(.version) 71 | 72 | # now convert all that data to a basic shell list + map so we can loop over/use it appropriately 73 | | "allVersions=( " + ( 74 | map(.version | ., if endswith("-rc") then rtrimstr("-rc") else . + "-rc" end) 75 | | unique 76 | | map(@sh) 77 | | join(" ") 78 | ) + " )\n" 79 | + "declare -A versionMeta=(\n" + ( 80 | map( 81 | "\t[" + (.version | @sh) + "]=" 82 | + (.meta | @json | @sh) 83 | ) | join("\n") 84 | ) + "\n)" 85 | ' 86 | )" 87 | eval "$shell" 88 | 89 | versions=( "$@" ) 90 | if [ ${#versions[@]} -eq 0 ]; then 91 | versions=( "${allVersions[@]}" ) 92 | json='{}' 93 | else 94 | versions=( "${versions[@]%/}" ) 95 | json="$(< versions.json)" 96 | fi 97 | 98 | for version in "${versions[@]}"; do 99 | export version 100 | 101 | if [ -z "${versionMeta[$version]:+foo}" ]; then 102 | echo >&2 "warning: skipping/removing '$version' (does not appear to exist upstream)" 103 | json="$(jq <<<"$json" -c '.[env.version] = null')" 104 | continue 105 | fi 106 | _jq() { jq <<<"${versionMeta[$version]}" "$@"; } 107 | 108 | #echo "$version: $fullVersion" 109 | _jq -r 'env.version + ": " + .version' 110 | 111 | # download the Windows MSI sha256 (so we can embed it) 112 | msiUrl="$(_jq -r '.downloads[] | select(.target | test("^windows")) | .msi // ""')" 113 | [ -n "$msiUrl" ] 114 | [[ "$msiUrl" != *$'\n'* ]] # just in case they do something wild like support windows-arm64 :D 115 | # 4.3 doesn't seem to have a sha256 file (403 forbidden), so this has to be optional :( 116 | msiSha256="$(wget -qO- "$msiUrl.sha256" || :)" 117 | msiSha256="${msiSha256%% *}" 118 | export msiUrl msiSha256 119 | 120 | json="$( 121 | { 122 | jq <<<"$json" -c . 123 | _jq --slurpfile pgpKeys pgp-keys.json '{ (env.version): ( 124 | $pgpKeys[0] as $pgp 125 | | (env.version | rtrimstr("-rc")) as $rcVersion 126 | | with_entries(select(.key as $key | [ 127 | # interesting bits of raw upstream metadata 128 | "changes", 129 | "date", 130 | "githash", 131 | "notes", 132 | "version", 133 | empty 134 | ] | index($key))) 135 | + { 136 | pgp: [ 137 | if env.version != $rcVersion then 138 | # the "testing" repository (used for RCs) has a dedicated PGP key (but still needs the "release" key for the release line) 139 | $pgp.dev 140 | else empty end, 141 | 142 | $pgp[$rcVersion], 143 | 144 | empty 145 | ], 146 | targets: ( 147 | reduce ( 148 | .downloads[] 149 | | .target |= sub("^windows.*$"; "windows") 150 | ) as $d ({}; $d.target as $t | 151 | .[$t].arches |= (. + [ 152 | { 153 | # mapping from "current.json" arch values to bashbrew arch values 154 | "aarch64": "arm64v8", 155 | "arm64": "arm64v8", 156 | "s390x": "s390x", 157 | "x86_64": "amd64", 158 | }[$d.arch] // ("unknown:" + $d.arch) 159 | ] | sort) 160 | | if $t | test("^(debian|ubuntu)") then 161 | .[$t].image = ( 162 | { 163 | "debian10": "debian:buster-slim", 164 | "debian11": "debian:bullseye-slim", 165 | "debian12": "debian:bookworm-slim", 166 | "debian13": "debian:trixie-slim", 167 | "debian14": "debian:forky-slim", 168 | "ubuntu1604": "ubuntu:xenial", 169 | "ubuntu1804": "ubuntu:bionic", 170 | "ubuntu2004": "ubuntu:focal", 171 | "ubuntu2204": "ubuntu:jammy", 172 | "ubuntu2404": "ubuntu:noble", 173 | }[$t] // "unknown" 174 | ) 175 | | .[$t].suite = ( 176 | .[$t].image 177 | | gsub("^.*:|-slim$"; "") 178 | ) 179 | else . end 180 | ) 181 | ), 182 | } 183 | | .targets.windows += { 184 | msi: env.msiUrl, 185 | sha256: env.msiSha256, 186 | variants: [ 187 | "windowsservercore-ltsc2025", 188 | "windowsservercore-ltsc2022", 189 | #"nanoserver-ltsc2025", # The command "cmd /S /C mongod --version" returned a non-zero code: 3221225785 190 | "nanoserver-ltsc2022", 191 | empty # trailing comma 192 | ], 193 | features: ([ 194 | # https://github.com/mongodb/mongo/blob/r6.0.0/src/mongo/installer/msi/wxs/FeatureFragment.wxs#L9-L85 (no Client) 195 | # https://github.com/mongodb/mongo/blob/r4.4.2/src/mongo/installer/msi/wxs/FeatureFragment.wxs#L9-L92 (no MonitoringTools,ImportExportTools) 196 | "ServerNoService", 197 | if [ "5.0" ] | index(env.version | rtrimstr("-rc")) then 198 | "Client" 199 | else empty end, 200 | "Router", 201 | "MiscellaneousTools", 202 | empty 203 | ] | sort), 204 | } 205 | # ignore anything that does not support amd64 206 | | del(.targets[] | select(.arches | index("amd64") | not)) 207 | | .linux = ( 208 | # automatically choose an appropriate linux target, preferring (in order): 209 | # - more supported architectures 210 | # - debian over ubuntu 211 | # - newer release over older 212 | .targets 213 | | to_entries 214 | | [ .[] | select(.key | test("^(debian|ubuntu)")) ] 215 | | sort_by([ 216 | (.value.arches | length), 217 | ( 218 | .key 219 | | if startswith("ubuntu") then 220 | 1 221 | elif startswith("debian") then 222 | 2 223 | else 0 end 224 | ), 225 | (.key | sub("^(debian|ubuntu)"; "") | tonumber), # 10, 11, 2004, 1804, etc 226 | .key 227 | ]) 228 | | reverse[0].key 229 | ) 230 | | . 231 | ) }' 232 | } | jq -cs add 233 | )" 234 | done 235 | 236 | jq <<<"$json" -S . > versions.json 237 | --------------------------------------------------------------------------------