├── fixes
    ├── pre_fetch
    │   ├── armhf
    │   │   └── cacert.sh
    │   └── README.md
    ├── pre_build
    │   ├── README.md
    │   └── arm64
    │   │   └── guess.sh
    └── post_build
    │   ├── README.md
    │   └── all
    │       └── icu63.sh
├── .github
    ├── dependabot.yml
    └── workflows
    │   ├── stale.yml
    │   ├── build.yml
    │   └── docker.yml
├── docker-healthcheck.sh
├── hooks
    └── post_push
├── install.sh
├── Dockerfile
├── docker-entrypoint.sh
└── README.md


/fixes/pre_fetch/armhf/cacert.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | c_rehash
3 | 


--------------------------------------------------------------------------------
/fixes/pre_fetch/README.md:
--------------------------------------------------------------------------------
1 | This folder is for adding build scripts for various architectures to apply quick fixes before downloading source files
2 | 
3 | To use you would create a subfolder (ie `armhf`, `amd64`, `arm64`) then place an appropriate shell script in that folder to build.
4 | 


--------------------------------------------------------------------------------
/fixes/pre_build/README.md:
--------------------------------------------------------------------------------
1 | This folder is for adding build scripts for various architectures to apply quick fixes for building on other architectures.
2 | 
3 | To use you would create a subfolder (ie `armhf`, `amd64`, `arm64`) then place an appropriate shell script in that folder to build.
4 | 


--------------------------------------------------------------------------------
/fixes/post_build/README.md:
--------------------------------------------------------------------------------
1 | This folder is for adding build scripts for various architectures to install any additional packages 
2 | 
3 | To use you would create a subfolder (ie `armhf`, `amd64`, `arm64`) then place an appropriate shell script in that folder to build.
4 | 
5 | the special folder `all` is build on all architectures.
6 | 


--------------------------------------------------------------------------------
/fixes/pre_build/arm64/guess.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # This updates config.guess to solve unable to guess system type.
3 | GUESSURL="https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=45e181800a6a27268a9c5d79dcc60492fef9a9a0"
4 | 
5 | curl -L -o /home/firebird/builds/make.new/config/config.guess -L \
6 |     "${GUESSURL}"
7 | 
8 | 


--------------------------------------------------------------------------------
/fixes/post_build/all/icu63.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | ICU_URL="https://github.com/unicode-org/icu/releases/download/release-63-2/icu4c-63_2-src.tgz"
 3 | 
 4 | CPUC=$(awk '/^processor/{n+=1}END{print n}' /proc/cpuinfo)
 5 | 
 6 | apt-get purge -qy --auto-remove libicu67
 7 | 
 8 | mkdir -p /home/icu63
 9 | cd /home/icu63
10 | curl -L -o icu4c.tar.gz -L "${ICU_URL}"
11 | tar --strip=1 -xf icu4c.tar.gz
12 | cd source
13 | ./configure
14 | make -j${CPUC}
15 | make install
16 | 
17 | cd /
18 | rm -rf /home/icu63
19 | 


--------------------------------------------------------------------------------
/.github/dependabot.yml:
--------------------------------------------------------------------------------
 1 | # Docs: <https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/customizing-dependency-updates>
 2 | 
 3 | version: 2
 4 | 
 5 | updates:
 6 |   - package-ecosystem: github-actions
 7 |     directory: /
 8 |     schedule: {interval: daily}
 9 |     reviewers: [jacobalberty]
10 |     assignees: [jacobalberty]
11 | 
12 |   - package-ecosystem: docker
13 |     directory: /
14 |     schedule: {interval: daily}
15 |     reviewers: [jacobalberty]
16 |     assignees: [jacobalberty]
17 | 


--------------------------------------------------------------------------------
/docker-healthcheck.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | CONFIG=/firebird/etc/docker-healthcheck.conf
 3 | ISQL=/usr/local/firebird/bin/isql
 4 | HC_IP=127.0.0.1
 5 | HC_PORT=3050
 6 | if [[ -f "${CONFIG}" ]]; then
 7 |     . "${CONFIG}"
 8 | # This is a "safer" option that does not allow shell scripting in the conf file
 9 | #    export $(cat "${CONFIG}" | grep -v ^# | xargs)
10 | fi
11 | if [[ -z "${HC_USER}" || -z "${HC_PASS}" || -z "${HC_DB}" ]]; then
12 |   # Default when no user/pass/db is specified
13 |   nc -z "${HC_IP}" "${HC_PORT}" < /dev/null
14 |   exit $?
15 | else
16 |   FB_RESULT=$(${ISQL} -user "${HC_USER}" -password "${HC_PASS}" "${HC_IP}/${HC_PORT}:${HC_DB}" << "EOF"
17 |   SHOW DATABASE;
18 | EOF
19 |   )
20 |   exit $?
21 | fi
22 | 


--------------------------------------------------------------------------------
/hooks/post_push:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | tag_branch() {
 4 |     docker tag "${IMAGE_NAME}" "${DOCKER_REPO}:$1"
 5 |     docker push "${DOCKER_REPO}:$1"
 6 | }
 7 | git_ref_type() {
 8 | 
 9 |     if git show-ref -q --verify "refs/heads/$1" 2>/dev/null; then
10 |         echo "branch"
11 |     elif git show-ref -q --verify "refs/tags/$1" 2>/dev/null; then
12 |         echo "tag"
13 |     elif git show-ref -q --verify "refs/remote/$1" 2>/dev/null; then
14 |         echo "remote"
15 |     elif git rev-parse --verify "$1^{commit}" >/dev/null 2>&1; then
16 |         echo "hash"
17 |     else
18 |         echo "unknown"
19 |     fi
20 |     return 0
21 | }
22 | 
23 | if [ $(git_ref_type "${SOURCE_BRANCH}") == "tag" ]; then
24 |     tag_branch "${SOURCE_BRANCH}-$(git rev-parse HEAD | cut -b-7)"
25 | fi
26 | 


--------------------------------------------------------------------------------
/.github/workflows/stale.yml:
--------------------------------------------------------------------------------
 1 | name: 'Close stale issues and PRs'
 2 | on:
 3 |   schedule:
 4 |     - cron: '30 1 * * *'
 5 | 
 6 | jobs:
 7 |   stale:
 8 |     runs-on: ubuntu-latest
 9 |     steps:
10 |       - uses: actions/stale@v5
11 |         with:
12 |           stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 14 days.'
13 |           stale-pr-message: 'This PR is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 14 days.'
14 |           stale-issue-label: 'no-issue-activity'
15 |           stale-pr-label: 'no-pr-activity'
16 |           days-before-stale: 30
17 |           days-before-close: 14
18 |           exempt-issue-labels: 'awaiting-approval,work-in-progress'
19 |           exempt-pr-labels: 'awaiting-approval,work-in-progress'
20 | 


--------------------------------------------------------------------------------
/install.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | set -e
 3 | 
 4 | apt-get update
 5 | apt-get install -qy --no-install-recommends \
 6 |     libatomic1 \
 7 |     libicu67 \
 8 |     libncurses6 \
 9 |     libtomcrypt1 \
10 |     libtommath1 \
11 |     netbase \
12 |     procps
13 | 
14 | cd /home/firebird
15 | tar --strip=1 -xf firebird.tar.gz
16 | ./install.sh -silent
17 | cd /
18 | rm -rf /home/firebird
19 | 
20 | if [ -d "/home/fixes/post_build/$(dpkg --print-architecture)" ]; then
21 |     find "/home/fixes/post_build/$(dpkg --print-architecture)" -type f -exec '{}' \;
22 | fi
23 | if [ -d "/home/fixes/post_build/all" ]; then
24 |     find "/home/fixes/post_build/all" -type f -exec '{}' \;
25 | fi
26 | find ${PREFIX} -name .debug -prune -exec rm -rf {} \;
27 | 
28 | rm -rf /var/lib/apt/lists/*
29 | 
30 | mkdir -p "${PREFIX}/skel/"
31 | 
32 | # This allows us to initialize a random value for sysdba password
33 | mv "${VOLUME}/system/security4.fdb" "${PREFIX}/skel/security4.fdb"
34 | 
35 | # Cleaning up to restrict access to specific path and allow changing that path easily to
36 | # something standard. See github issue https://github.com/jacobalberty/firebird-docker/issues/12
37 | sed -i 's/^#DatabaseAccess/DatabaseAccess/g' "${VOLUME}/etc/firebird.conf"
38 | sed -i "s~^\(DatabaseAccess\s*=\s*\).*$~\1Restrict ${DBPATH}~" "${VOLUME}/etc/firebird.conf"
39 | 
40 | mv "${VOLUME}/etc" "${PREFIX}/skel"
41 | 


--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM --platform=$BUILDPLATFORM debian:bullseye-slim as build
 2 | 
 3 | LABEL maintainer="jacob.alberty@foundigital.com"
 4 | 
 5 | ARG TARGETPLATFORM
 6 | ARG BUILDPLATFORM
 7 | 
 8 | ENV PREFIX=/usr/local/firebird
 9 | ENV VOLUME=/firebird
10 | ENV DEBIAN_FRONTEND noninteractive
11 | ENV FBURL=https://github.com/FirebirdSQL/firebird/releases/download/v4.0.2/Firebird-4.0.2.2816-0.tar.xz
12 | ENV DBPATH=/firebird/data
13 | 
14 | COPY fixes /home/fixes
15 | RUN chmod -R +x /home/fixes
16 | 
17 | COPY build.sh ./build.sh
18 | 
19 | RUN chmod +x ./build.sh && \
20 |     sync && \
21 |     ./build.sh && \
22 |     rm -f ./build.sh
23 | 
24 | FROM --platform=$TARGETPLATFORM debian:bullseye-slim
25 | 
26 | ENV PREFIX=/usr/local/firebird
27 | ENV VOLUME=/firebird
28 | ENV DEBIAN_FRONTEND noninteractive
29 | ENV DBPATH=/firebird/data
30 | 
31 | VOLUME ["/firebird"]
32 | 
33 | EXPOSE 3050/tcp
34 | 
35 | COPY --from=build /home/firebird/firebird.tar.gz /home/firebird/firebird.tar.gz
36 | 
37 | COPY install.sh ./install.sh
38 | 
39 | RUN chmod +x ./install.sh && \
40 |     sync && \
41 |     ./install.sh && \
42 |     rm -f ./install.sh
43 | 
44 | COPY docker-entrypoint.sh ${PREFIX}/docker-entrypoint.sh
45 | RUN chmod +x ${PREFIX}/docker-entrypoint.sh
46 | 
47 | COPY docker-healthcheck.sh ${PREFIX}/docker-healthcheck.sh
48 | RUN chmod +x ${PREFIX}/docker-healthcheck.sh \
49 |     && apt-get update \
50 |     && apt-get -qy install netcat \
51 |     && rm -rf /var/lib/apt/lists/*
52 | HEALTHCHECK CMD ${PREFIX}/docker-healthcheck.sh || exit 1
53 | 
54 | ENTRYPOINT ["/usr/local/firebird/docker-entrypoint.sh"]
55 | 
56 | CMD ["firebird"]
57 | 


--------------------------------------------------------------------------------
/.github/workflows/build.yml:
--------------------------------------------------------------------------------
 1 | name: Build Docker image
 2 | 
 3 | on:
 4 |   pull_request:
 5 |     types: [opened, synchronize, reopened]
 6 | 
 7 | env:
 8 |   TEST_TAG: jacobalberty/firebird:test
 9 | 
10 | jobs:
11 |   build:
12 |     runs-on: ubuntu-20.04
13 |     steps:
14 |       - name: Checkout
15 |         uses: actions/checkout@v3
16 |       - name: Prepare
17 |         id: prep
18 |         run: |
19 |           DOCKER_IMAGE=jacobalberty/firebird
20 |           VERSION=noop
21 |           if [ "${{ github.event_name }}" = "schedule" ]; then
22 |             VERSION=nightly
23 |           elif [[ $GITHUB_REF == refs/tags/* ]]; then
24 |             VERSION=${GITHUB_REF#refs/tags/}
25 |           elif [[ $GITHUB_REF == refs/heads/* ]]; then
26 |             VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g')
27 |             if [ "${{ github.event.repository.default_branch }}" = "$VERSION" ]; then
28 |               VERSION=latest
29 |             fi
30 |           elif [[ $GITHUB_REF == refs/pull/* ]]; then
31 |             VERSION=pr-${{ github.event.number }}
32 |           fi
33 |           TAGS="${DOCKER_IMAGE}:${VERSION}"
34 |           if [[ $VERSION =~ ^v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
35 |             MINOR=${VERSION%.*}
36 |             MAJOR=${MINOR%.*}
37 |             TAGS="$TAGS,${DOCKER_IMAGE}:${MINOR},${DOCKER_IMAGE}:${MAJOR}"
38 |           elif [ "${{ github.event_name }}" = "push" ]; then
39 |             TAGS="$TAGS,${DOCKER_IMAGE}:sha-${GITHUB_SHA::8}"
40 |           fi
41 |           echo ::set-output name=version::${VERSION}
42 |           echo ::set-output name=tags::${TAGS}
43 |           echo ::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ')
44 |       - name: Setup QEMU
45 |         uses: docker/setup-qemu-action@v2
46 |       - name: Setup Docker buildx
47 |         uses: docker/setup-buildx-action@v2
48 |       - name: Build and export to Docker
49 |         uses: docker/build-push-action@v3
50 |         with:
51 |           context: .
52 |           load: true
53 |           tags: ${{ env.TEST_TAG }}
54 |       - name: Test image
55 |         run: |
56 |           docker run -d --rm --name fbtest ${{env.TEST_TAG}} &&
57 |           sleep 35 &&
58 |           [ $(docker inspect --format='{{json .State.Health.Status}}' fbtest ) == \"healthy\" ] &&
59 |           docker stop fbtest
60 |       - name: Build Docker image
61 |         uses: docker/build-push-action@v3
62 |         with:
63 |           context: .
64 |           platforms: linux/arm/v7,linux/arm64/v8,linux/amd64
65 |           push: false
66 |           load: false
67 |           cache-from: type=gha
68 |           cache-to: type=gha,mode=max
69 |           tags: ${{ steps.prep.outputs.tags }}
70 |           labels: |
71 |             org.opencontainers.image.title=${{ github.event.repository.name }}
72 |             org.opencontainers.image.description=${{ github.event.repository.description }}
73 |             org.opencontainers.image.url=${{ github.event.repository.html_url }}
74 |             org.opencontainers.image.source=${{ github.event.repository.clone_url }}
75 |             org.opencontainers.image.version=${{ steps.prep.outputs.version }}
76 |             org.opencontainers.image.created=${{ steps.prep.outputs.created }}
77 |             org.opencontainers.image.revision=${{ github.sha }}
78 |             org.opencontainers.image.licenses=${{ github.event.repository.license.spdx_id }}
79 |       - name: Image digest
80 |         run: echo ${{ steps.docker_build.outputs.digest }}
81 | 


--------------------------------------------------------------------------------
/.github/workflows/docker.yml:
--------------------------------------------------------------------------------
 1 | name: Publish Docker image
 2 | on:
 3 |   push:
 4 |     branches:
 5 |       - 'master'
 6 |       - '3.0'
 7 |     tags:
 8 |       - 'v*.*.*'
 9 | 
10 | env:
11 |   TEST_TAG: jacobalberty/firebird:test
12 | 
13 | jobs:
14 |   build:
15 |     runs-on: ubuntu-20.04
16 |     steps:
17 |       - name: Checkout
18 |         uses: actions/checkout@v3
19 |       - name: Prepare
20 |         id: prep
21 |         run: |
22 |           DOCKER_IMAGE=jacobalberty/firebird
23 |           VERSION=noop
24 |           if [ "${{ github.event_name }}" = "schedule" ]; then
25 |             VERSION=nightly
26 |           elif [[ $GITHUB_REF == refs/tags/* ]]; then
27 |             VERSION=${GITHUB_REF#refs/tags/}
28 |           elif [[ $GITHUB_REF == refs/heads/* ]]; then
29 |             VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g')
30 |             if [ "${{ github.event.repository.default_branch }}" = "$VERSION" ]; then
31 |               VERSION=latest
32 |             fi
33 |           elif [[ $GITHUB_REF == refs/pull/* ]]; then
34 |             VERSION=pr-${{ github.event.number }}
35 |           fi
36 |           TAGS="${DOCKER_IMAGE}:${VERSION}"
37 |           if [[ $VERSION =~ ^v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
38 |             MINOR=${VERSION%.*}
39 |             MAJOR=${MINOR%.*}
40 |             TAGS="$TAGS,${DOCKER_IMAGE}:${MINOR},${DOCKER_IMAGE}:${MAJOR}"
41 |           elif [ "${{ github.event_name }}" = "push" ]; then
42 |             TAGS="$TAGS,${DOCKER_IMAGE}:sha-${GITHUB_SHA::8}"
43 |           fi
44 |           echo ::set-output name=version::${VERSION}
45 |           echo ::set-output name=tags::${TAGS}
46 |           echo ::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ')
47 |       - name: Set up QEMU
48 |         uses: docker/setup-qemu-action@v2
49 |         with:
50 |           platforms: all
51 |       - name: Set up Docker Buildx
52 |         uses: docker/setup-buildx-action@v2
53 |       - name: Login to DockerHub
54 |         uses: docker/login-action@v2 
55 |         with:
56 |           username: ${{ secrets.DOCKERHUB_USERNAME }}
57 |           password: ${{ secrets.DOCKERHUB_TOKEN }}
58 |       - name: Build and export to Docker
59 |         uses: docker/build-push-action@v3
60 |         with:
61 |           context: .
62 |           load: true
63 |           tags: ${{ env.TEST_TAG }}
64 |       - name: Test image
65 |         run: |
66 |           docker run -d --rm --name fbtest ${{env.TEST_TAG}} &&
67 |           sleep 35 &&
68 |           [ $(docker inspect --format='{{json .State.Health.Status}}' fbtest ) == \"healthy\" ] &&
69 |           docker stop fbtest
70 |       - name: Build container image
71 |         uses: docker/build-push-action@v3
72 |         with:
73 |           context: .
74 |           platforms: linux/arm/v7,linux/arm64/v8,linux/amd64
75 |           push: true
76 |           cache-from: type=gha
77 |           cache-to: type=gha,mode=max
78 |           tags: ${{ steps.prep.outputs.tags }}
79 |           labels: |
80 |             org.opencontainers.image.title=${{ github.event.repository.name }}
81 |             org.opencontainers.image.description=${{ github.event.repository.description }}
82 |             org.opencontainers.image.url=${{ github.event.repository.html_url }}
83 |             org.opencontainers.image.source=${{ github.event.repository.clone_url }}
84 |             org.opencontainers.image.version=${{ steps.prep.outputs.version }}
85 |             org.opencontainers.image.created=${{ steps.prep.outputs.created }}
86 |             org.opencontainers.image.revision=${{ github.sha }}
87 |             org.opencontainers.image.licenses=${{ github.event.repository.license.spdx_id }}
88 |       - name: Image digest
89 |         run: echo ${{ steps.docker_build.outputs.digest }}
90 | 


--------------------------------------------------------------------------------
/docker-entrypoint.sh:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env bash
  2 | set -e
  3 | 
  4 | PATH="${PATH}:${PREFIX}/bin"
  5 | 
  6 | build() {
  7 |     local var="$1"
  8 |     local stmt="$2"
  9 |     export "$var"+="$(printf "\n%s" "${stmt}")"
 10 | }
 11 | 
 12 | run() {
 13 |     echo "${!1}" | "${PREFIX}"/bin/isql
 14 | }
 15 | 
 16 | createNewPassword() {
 17 |     # openssl generates random data.
 18 |     if openssl </dev/null >/dev/null 2>/dev/null
 19 |     then
 20 |         # We generate 40 random chars, strip any '/''s and get the first 20
 21 |         NewPasswd=$(openssl rand -base64 40 | tr -d '/' | cut -c1-20)
 22 |     fi
 23 | 
 24 |         # If openssl is missing...
 25 |         if [ -z "$NewPasswd" ]
 26 |         then
 27 |                 NewPasswd=$(dd if=/dev/urandom bs=10 count=1 2>/dev/null | od -x | head -n 1 | tr -d ' ' | cut -c8-27)
 28 |         fi
 29 | 
 30 |         # On some systems even this routines may be missing. So if
 31 |         # the specific one isn't available then keep the original password.
 32 |     if [ -z "$NewPasswd" ]
 33 |     then
 34 |         NewPasswd="masterkey"
 35 |     fi
 36 | 
 37 |         echo "$NewPasswd"
 38 | }
 39 | 
 40 | # usage: file_env VAR [DEFAULT]
 41 | #    ie: file_env 'XYZ_DB_PASSWORD' 'example'
 42 | # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
 43 | #  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
 44 | file_env() {
 45 |     local var="$1"
 46 |     local fileVar="${var}_FILE"
 47 |     local def="${2:-}"
 48 |     if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
 49 |         echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
 50 |         exit 1
 51 |     fi
 52 |     local val="$def"
 53 |     if [ "${!var:-}" ]; then
 54 |         val="${!var}"
 55 |     elif [ "${!fileVar:-}" ]; then
 56 |         val="$(< "${!fileVar}")"
 57 |     fi
 58 |     export "$var"="$val"
 59 |     unset "$fileVar"
 60 | }
 61 | 
 62 | confSet() {
 63 |     confFile="${VOLUME}/etc/firebird.conf"
 64 |     # Uncomment specified value
 65 |     sed -i "s/^#${1}/${1}/g" "${confFile}"
 66 |     # Set Value to new value
 67 |     sed -i "s~^\(${1}\s*=\s*\).*$~\1${2}~" "${confFile}"
 68 | }
 69 | 
 70 | restoreBackups() {
 71 | 	if [ ! -f /firebird/etc/SYSDBA.password ]; then
 72 | 		echo "Will not attempt to restore backups because no '/firebird/etc/SYSDBA.password' found"
 73 | 		return
 74 | 	fi
 75 | 	(
 76 | 	shopt -s nullglob
 77 | 	set +e
 78 | 	. /firebird/etc/SYSDBA.password
 79 | 	for fbk in /firebird/restore/*.fbk; do
 80 | 		(
 81 | 		basename="$(basename -- $fbk)"
 82 | 		fname="${basename%.*}"
 83 | 		if [ ! -f "/firebird/data/${fname}.fdb" ]; then
 84 | 			if [ -f "/firebird/restore/${fname}.env" ]; then
 85 | 				. "/firebird/restore/${fname}.env"
 86 | 			fi
 87 | 			echo -n "Restoring '$fbk' "
 88 | 			"${PREFIX}/bin/gbak" -c -user "${RESTORE_USER:-$ISC_USER}" -password "${RESTORE_PASSWORD:-$ISC_PASSWORD}" "$fbk" "/firebird/data/${fname}.fdb"   
 89 | 			echo "to '/firebird/data/${fname}.fdb'"
 90 | 		fi
 91 | 		)
 92 | 	done
 93 | 	set -e
 94 | 	)
 95 | }
 96 | 
 97 | firebirdSetup() {
 98 |   # Create any missing folders
 99 |   mkdir -p "${VOLUME}/system"
100 |   mkdir -p "${VOLUME}/log"
101 |   mkdir -p "${VOLUME}/data"
102 |   if [[ ! -e "${VOLUME}/etc/firebird.conf" ]]; then
103 |       cp -R "${PREFIX}/skel/etc" "${VOLUME}/"
104 |       file_env 'EnableLegacyClientAuth'
105 |       file_env 'EnableWireCrypt'
106 |       file_env 'DataTypeCompatibility'
107 |       if [[ ${EnableLegacyClientAuth} == 'true' ]]; then
108 |           confSet AuthServer "Legacy_Auth, Srp, Win_Sspi"
109 |           confSet AuthClient "Legacy_Auth, Srp, Win_Sspi"
110 |           confSet UserManager "Legacy_UserManager, Srp"
111 |           confSet WireCrypt "enabled"
112 |       fi
113 |       if [[ ${EnableWireCrypt} == 'true' ]]; then
114 |           confSet WireCrypt "enabled"
115 |       fi
116 |       if [[ ${DataTypeCompatibility} != '' ]]; then
117 |           confSet DataTypeCompatibility "${DataTypeCompatibility}"
118 |       fi
119 |   fi
120 | 
121 |   if [ ! -f "${VOLUME}/system/security4.fdb" ]; then
122 |       cp "${PREFIX}/skel/security4.fdb" "${VOLUME}/system/security4.fdb"
123 |       file_env 'ISC_PASSWORD'
124 |       if [ -z "${ISC_PASSWORD}" ]; then
125 |          ISC_PASSWORD=$(createNewPassword)
126 |          echo "setting 'SYSDBA' password to '${ISC_PASSWORD}'"
127 |       fi
128 | 
129 |       # initialize SYSDBA user for Srp authentication
130 |       "${PREFIX}"/bin/isql -user sysdba security.db <<EOL
131 | create or alter user SYSDBA password '${ISC_PASSWORD}' using plugin Srp;
132 | commit;
133 | quit;
134 | EOL
135 | 
136 |       if [[ ${EnableLegacyClientAuth} == 'true' ]]; then
137 |           # also initialize/reset SYSDBA user for legacy authentication
138 |           "${PREFIX}"/bin/isql -user sysdba security.db <<EOL
139 | create or alter user SYSDBA password '${ISC_PASSWORD}' using plugin Legacy_UserManager;
140 | commit;
141 | quit;
142 | EOL
143 |       fi
144 |   # create or alter user SYSDBA password '${ISC_PASSWORD}';
145 | 
146 |       cat > "${VOLUME}/etc/SYSDBA.password" <<EOL
147 | # Firebird generated password for user SYSDBA is:
148 | #
149 | ISC_USER=sysdba
150 | ISC_PASSWORD=${ISC_PASSWORD}
151 | #
152 | # Also set legacy variable though it can't be exported directly
153 | #
154 | ISC_PASSWD=${ISC_PASSWORD}
155 | #
156 | # generated at time $(date)
157 | #
158 | # Your password can be changed to a more suitable one using
159 | # SQL operator ALTER USER.
160 | #
161 | 
162 | EOL
163 | 
164 |   fi
165 | 
166 |   if [ -f "${VOLUME}/etc/SYSDBA.password" ]; then
167 |       source "${VOLUME}/etc/SYSDBA.password"
168 |   fi;
169 | 
170 |   file_env 'FIREBIRD_USER'
171 |   file_env 'FIREBIRD_PASSWORD'
172 |   file_env 'FIREBIRD_DATABASE'
173 | 
174 |   build isql "set sql dialect 3;"
175 |   if [ -n "${FIREBIRD_DATABASE}" ] && [ ! -f "${DBPATH}/${FIREBIRD_DATABASE}" ]; then
176 |       if [ "${FIREBIRD_USER}" ];  then
177 |           build isql "CONNECT employee USER '${ISC_USER}' PASSWORD '${ISC_PASSWORD}';"
178 |           if [ -z "${FIREBIRD_PASSWORD}" ]; then
179 |               FIREBIRD_PASSWORD=$(createNewPassword)
180 |               echo "setting '${FIREBIRD_USER}' password to '${FIREBIRD_PASSWORD}'"
181 |           fi
182 |           build isql "CREATE USER ${FIREBIRD_USER} PASSWORD '${FIREBIRD_PASSWORD}';"
183 |           build isql "COMMIT;"
184 |       fi
185 | 
186 |       stmt="CREATE DATABASE '${DBPATH}/${FIREBIRD_DATABASE}'"
187 |       if [ "${FIREBIRD_USER}" ];  then
188 |           stmt+=" USER '${FIREBIRD_USER}' PASSWORD '${FIREBIRD_PASSWORD}'"
189 |       else
190 |           stmt+=" USER '${ISC_USER}' PASSWORD '${ISC_PASSWORD}'"
191 |       fi
192 |       stmt+=" DEFAULT CHARACTER SET UTF8;";
193 |       build isql "${stmt}";
194 |       build isql "COMMIT;"
195 |       if [ "${isql}" ]; then
196 |           build isql "QUIT;"
197 |           run isql
198 |       fi
199 |   fi
200 | 
201 |   while IFS=';' read -ra FBALIAS; do
202 |       for i in "${FBALIAS[@]}"; do
203 |   	if [ -z "${i##*=*}" ]; then
204 |               "${PREFIX}"/bin/registerDatabase.sh "${i%=*}" "${i#*=}"
205 |           fi
206 |       done
207 |   done <<< "$FIREBIRD_ALIASES"
208 | }
209 | 
210 | if [[ "$1" == "firebird" ]]; then
211 |   firebirdSetup
212 |   restoreBackups
213 |   trap 'kill -TERM "$FBPID"' SIGTERM
214 | 
215 |   /usr/local/firebird/bin/fbguard &
216 | 
217 |   FBPID=$!
218 |   wait "$FBPID"
219 | fi
220 | 
221 | 
222 | exec "$@"
223 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # Archived
  2 | 
  3 | This repo has been archived please get updates to your images from https://hub.docker.com/r/firebirdsql/firebird
  4 | 
  5 | # docker Firebird
  6 | 
  7 | ## Supported tags and respective `Dockerfile` links
  8 | 
  9 | [`2.5-sc`, `v2.5.9-sc` (*2.5-sc/Dockerfile*)](https://github.com/jacobalberty/firebird-docker/blob/2.5-sc/Dockerfile)
 10 | 
 11 | [`2.5-ss`, `v2.5.9-ss` (*2.5-ss/Dockerfile*)](https://github.com/jacobalberty/firebird-docker/blob/2.5-ss/Dockerfile)
 12 | 
 13 | [`3.0`, `v3.0`, `v3.0.10` (*Dockerfile*)](https://github.com/jacobalberty/firebird-docker/blob/3.0/Dockerfile)
 14 | 
 15 | [`v4.0`, `v4.0.1`, `latest` (*Dockerfile*)](https://github.com/jacobalberty/firebird-docker/blob/master/Dockerfile)
 16 | 
 17 | ## What's New
 18 | 
 19 | ### Firebird 4.0.2 sub-release is available
 20 | 
 21 | Firebird Project is happy to announce general availability of [Firebird 4.0.2](https://firebirdsql.org/en/firebird-4-0-2/) — the second point release in the Firebird 4.0 series.
 22 | 
 23 | This sub-release offers many bug fixes and also adds a few improvements, please refer to the [Release Notes](https://firebirdsql.org/file/documentation/release_notes/html/en/4_0/rlsnotes40.html) for the full list of changes.
 24 | Binary kits for Windows, Linux and Android platforms are immediately available for [download](https://firebirdsql.org/en/firebird-4-0-2/).
 25 | 
 26 | ### Firebird 3.0.10 sub-release is available
 27 | 
 28 | Firebird Project is happy to announce general availability of [Firebird 3.0.10](https://firebirdsql.org/en/firebird-3-0-10/) — the latest point release in the Firebird 3.0 series.
 29 | 
 30 | This sub-release offers many bug fixes and also adds a few improvements, please refer to the [Release Notes](https://firebirdsql.org/file/documentation/release_notes/html/en/3_0/rlsnotes30.html) for the full list of changes.
 31 | Binary kits for Windows, Linux and Android platforms are immediately available for [download](https://firebirdsql.org/en/firebird-3-0-10/), packages for Mac OS will follow shortly.
 32 | 
 33 | 
 34 | ### Automatic restore of backups in `/firebird/restore`
 35 | 
 36 | This image will now check for any backups in `/firebird/restore` ending in the file extension `.fbk` and attempt to restore them to the same filename but with the extension `.fdb` in `/firebird/data`. It will only attempt to restore backups if the equivalent `.fdb` does not already exist in `/firebird/data`. For more details on this feature please see the [`/firebird/restore` volume description](#firebirdrestore)
 37 | 
 38 | ### Firebird 3.0.9 sub-release is available
 39 | 
 40 | Firebird Project is happy to announce general availability of [Firebird 3.0.9](https://firebirdsql.org/en/firebird-3-0-9/) — the latest point release in the Firebird 3.0 series.
 41 | 
 42 | This sub-release offers a few important bugfixes, please refer to the [Release Notes](https://firebirdsql.org/file/documentation/release_notes/html/en/3_0/rlsnotes30.html) for the full list of changes.
 43 | Binary kits for Windows, Linux and Android platforms are immediately available for [download](https://firebirdsql.org/en/firebird-3-0-9/), packages for Mac OS will follow shortly.
 44 | 
 45 | ### Firebird Project is happy to announce general availability of [Firebird 4.0.1](https://firebirdsql.org/en/firebird-4-0-1/) — the first point release in the Firebird 4.0 series.
 46 | 
 47 | This sub-release offers many bug fixes and also adds a few improvements, please refer to the [Release Notes](https://firebirdsql.org/file/documentation/release_notes/html/en/4_0/rlsnotes40.html) for the full list of changes.
 48 | Binary kits for Windows, Linux and Android platforms are immediately available for [download](https://firebirdsql.org/en/firebird-4-0-1/).
 49 | 
 50 | ### Firebird 3.0.8 sub-release is available
 51 | 
 52 | Firebird Project is happy to announce general availability of [Firebird 3.0.8](https://firebirdsql.org/en/firebird-3-0-8/) — the latest point release in the Firebird 3.0 series.
 53 | 
 54 | This sub-release offers many bug fixes and also adds a few improvements, please refer to the [Release Notes](https://firebirdsql.org/file/documentation/release_notes/html/en/3_0/rlsnotes30.html) for the full list of changes.
 55 | Binary kits for Windows, Linux, Mac OS and Android platforms are immediately available for [download](https://firebirdsql.org/en/firebird-3-0-8/).
 56 | 
 57 | ### Base image is now on bullseye for 2.5-ss, 2.5-sc, 3.0 and 4.0 branches
 58 | 
 59 | This required a script to replace the libicu supplied by bullseye with the preferred one for the relevant firebird versions.
 60 | If for some reason you do get a [Collation unicode for character set utf8 is not installed](http://www.firebirdfaq.org/faq358/) error you can use
 61 | `gfix -icu <database>` to correct the issue as of firebird 3.0.
 62 | 
 63 | Both 2.5 branches are now included as well. Unfortunately the `gfix -icu <database>` option is not available for 2.5
 64 | so instead I have opted to add tags for `v2.5.9-sc-jessie` and `v2.5.9-ss-jessie`. If you find your setup works with the jessie tags but not the newer
 65 | `v2.5.9-sc` or `v2.5.9-ss` tags please switch back to the jessie tags and open an issue to let me know. This will probably be the last major update for v2.5 as 
 66 | version 2.5 has been [discontinued for 2 years now](https://firebirdsql.org/en/discontinued-versions/).
 67 | 
 68 | ### Firebird Project is happy to announce general availability of [Firebird 4.0](https://firebirdsql.org/en/firebird-4-0/) — the latest major release of the Firebird relational database.
 69 | 
 70 | Firebird 4.0 introduces new data types and many improvements without radical changes in architecture or operation, the most important are:
 71 | 
 72 | -   Built-in logical replication;
 73 | -   Extended length of metadata identifiers (up to 63 characters);
 74 | -   New INT128 and DECFLOAT data types, longer precision for NUMERIC/DECIMAL data types;
 75 | -   Support for international time zones;
 76 | -   Configurable time-outs for connections and statements;
 77 | -   Pooling of external connections;
 78 | -   Batch operations in the API;
 79 | -   Built-in cryptographic functions;
 80 | -   New ODS (version 13) with new system and monitoring tables;
 81 | -   Maximum page size increased to 32KB.
 82 | 
 83 | Please refer to the [Release Notes](https://firebirdsql.org/file/documentation/release_notes/html/en/4_0/rlsnotes40.html) for the full list of changes. The complete [Language Reference](https://firebirdsql.org/file/documentation/html/en/refdocs/fblangref40/firebird-40-language-reference.html) is also available.
 84 | 
 85 | Binary kits for Windows, Linux and Android platforms (both 32-bit and 64-bit) are immediately available for [download](https://firebirdsql.org/en/firebird-4-0/).
 86 | 
 87 | ### 3.0.7 Sub Release
 88 | Firebird Project is happy to announce general availability of Firebird [3.0.7](https://firebirdsql.org/en/firebird-3-0-7/) — the latest point release in the Firebird 3.0 series.
 89 | 
 90 | This sub-release offers many bug fixes and also adds a few improvements, please refer to the [Release Notes](https://firebirdsql.org/file/documentation/release_notes/html/en/3_0/rlsnotes30.html) for the full list of changes. Binary kits for Windows, Linux, Mac OS and Android platforms are immediately available for [download](https://firebirdsql.org/en/firebird-3-0-7/).
 91 | 
 92 | All users of Firebird v3.0.6 are strongly encouraged to upgrade to v3.0.7 as soon as possible due to several serious bugs found in v3.0.6 and fixed in this point release. 
 93 | 
 94 | 
 95 | ### 2.5.9 Sub Release
 96 | The Firebird Project is happy to announce the general availability of [Firebird 2.5.9](https://firebirdsql.org/en/firebird-2-5-9/) — the latest minor release in the Firebird 2.5 series.
 97 | 
 98 | This sub-release introduces several bug fixes and a few improvements, please refer to the [Release Notes](https://firebirdsql.org/file/documentation/release_notes/html/en/2_5/rlsnotes25.html) for the full list of changes. Binary kits for Windows, Linux and MacOS X (both 32-bit and 64-bit) are immediately available for [download](https://firebirdsql.org/en/firebird-2-5-9/).
 99 | 
100 | Also, in accordance with its release [lifetime policy](https://firebirdsql.org/en/release-policy/), the Firebird Project advises that the Firebird v2.5 series has reached its [end-of-life](http://en.wikipedia.org/wiki/End-of-life_(product)) and thus will not be maintained further. Once Firebird 4.0 is released, this last official release in the v.2.5 series, [Firebird 2.5.9](https://firebirdsql.org/en/firebird-2-5-9/), will be moved to the ["Discontinued Versions"](https://firebirdsql.org/en/discontinued-versions/) section of the download area.
101 | 
102 | ## Default password for `sysdba`
103 | The default password for `sysdba` is randomly generated when you first launch the container, 
104 | look in the docker log for your container or check `/firebird/etc/SYSDBA.password`.
105 | Alternatively you may pass the environment variable ISC_PASSWORD to set the default password.
106 | 
107 | ## Update policy
108 | ### Stable releases
109 | I will maintain current versions of Stable firebird releases. Each version of the stable branches
110 | will recieve a tag on both github and docker that will be semi permanent. The latest tagged
111 | versions will periodically be deleted and remade if a new feature for the image is created.
112 | Tags other than the latest release will not be updated as image specific features are implemented
113 | #### 3.0
114 | Any new image features will be developed on the 3.0 releases
115 | #### 2.5
116 | The 2.5 series was eol'd by the firebird guys as of the 2.5.9 release. I do not anticipate any further updates to the 2.5 images.
117 | ### Development policy
118 | 4.0 has finally entered beta and along with it has some pretty major changes including ODS changes requiring a complete backup and restore to upgrade.
119 | Because of this I am taking the opportunity to update the underlying debian image to debian buster. Currently the image builds but I have not tested using it yet.
120 | In the coming months I will start making it usable.
121 | I hope to have the 4.0 image usable by the time the official sources are at release candidate status.
122 | 
123 | ## Description
124 | This is a Firebird SQL Database container.
125 | 
126 | ## Default Login information
127 | Username: SYSDBA
128 | Password is either set by `ISC_PASSWORD` or randomized
129 | 
130 | ## Environment Variables:
131 | ### `TZ`
132 | TimeZone. (i.e. America/Chicago)
133 | 
134 | ### `ISC_PASSWORD`
135 | Default `sysdba` user password, if left blank a random 20 character password will be set instead.
136 | The password used will be placed in `/firebird/etc/SYSDBA.password`.
137 | If a random password is generated then it will be in the log for the container.
138 | 
139 | ### `FIREBIRD_DATABASE`
140 | If this is set then a database will be created with this name under the `/firebird/data` volume with the 'UTF8'
141 | default character set and if `FIREBIRD_USER` is also set then `FIREBIRD_USER` will be given ownership.
142 | 
143 | ### `FIREBIRD_USER`
144 | This user will be created and given ownership of `FIREBIRD_DATABASE`.
145 | This variable is only used if `FIREBIRD_DATABASE` is also set.
146 | 
147 | ### `FIREBIRD_PASSWORD`
148 | The password for `FIREBIRD_USER`, if left blank a random 20 character password will be set instead.
149 | If a random password is generated then it will be in the log for the container.
150 | 
151 | ### `EnableLegacyClientAuth`
152 | 
153 | If this is set to true then when launching without an existing /firebird/etc folder this will cause the newly created firebird.conf to have 
154 | the following defaults:
155 | ```
156 | AuthServer = Legacy_Auth, Srp, Win_Sspi 
157 | AuthClient = Legacy_Auth, Srp, Win_Sspi 
158 | UserManager = Legacy_UserManager, Srp 
159 | WireCrypt = enabled 
160 | ```
161 | This will allow legacy clients to connect and authenticate.
162 | 
163 | ### `DataTypeCompatibility`
164 | 
165 | If this is set then when launching without an existing /firebird/etc folder this will cause the newly created firebird.conf to set `DataTypeCompatibility` with the defined value supported by Firebird.
166 | ```
167 | # ----------------------------
168 | # Engine currently provides a number of new datatypes unknown to legacy clients.
169 | # In order to simplify use of old applications set this parameter to minor FB
170 | # version datatype compatibility with which you need. Currently two values are
171 | # supported: 3.0 & 2.5.
172 | # More precise (including per-session) tuning is possible via SQL and DPB.
173 | #
174 | # Per-database configurable.
175 | #
176 | #    Type: string
177 | #
178 | #DataTypeCompatibility =
179 | ```
180 | 
181 | ### `EnableWireCrypt`
182 | 
183 | If this is set to true then when launching without an existing /firebird/etc folder this will cause the newly created firebird.conf to have
184 | `WireCrypt = enabled` to allow compatibility with Jaybird 3
185 | 
186 | ### `<VARIABLE>_FILE`
187 | If set to the path to a file then the named variable minus the _FILE portion will contain the contents of that file.
188 | This is useful for using docker secrets to manage your password.
189 | This applies to all variables except `TZ`
190 | 
191 | ## Server Architectures
192 | At the moment only the "Super Classic" and "Super Server" architectures are available.
193 | 
194 | ### SC
195 | Super Classic.
196 | ### SS
197 | Super Server.
198 | ### CS
199 | Classic Server.
200 | 
201 | ## Volumes:
202 | 
203 | ### `/firebird`
204 | This single volume supercedes all of the old volumes with most of the old volumes existing as subdirectories under `/firebird`
205 | 
206 | #### `/firebird/data`
207 | Default location to put database files
208 | 
209 | #### `/firebird/restore`
210 | Any `.fbk` files located in here that do not have a matching `.fdb` file under `/firebird/data` will automatically be restored via `gbak` to `/firebird/data` on container start.
211 | The function that handles restoration starts by looking for `/firebird/etc/SYSDBA.password` if the file doesn't exist then no restoration attempts will be made.
212 | If that file exists then it will check for a `.env` file matching the `.fbk` file in `/firebird/restore` and attempt to load `RESTORE_USER` and `RESTORE_PASSWORD` from that file but will fall back to `ISC_USER` and `ISC_PASSWORD` from `/firebird/etc/SYSDBA.password` if those values do not exist in the `.env` file or the `.env` file is missing.
213 | 
214 | So for example if you have `/firebird/restore/database.fbk` the script will first check if `/firebird/etc/SYSDBA.password` exists and fail if it doesn't. It will then check if `/firebird/data/database.fdb` exists. If that file does not exist the script will then attempt to restore `/firebird/restore/database.fbk` to `/firebird/data/database.fdb` using either `RESTORE_USER` and `RESTORE_PASSWORD` from `/firebird/restore/database.env` or if that file does not exist it will use `ISC_USER` and `ISC_PASSWORD` from  `/firebird/etc/SYSDBA.password`.
215 | 
216 | #### `/firebird/system`
217 | security database DIR
218 | 
219 | #### `/firebird/etc`
220 | config files DIR
221 | message files DIR
222 | 
223 | #### `/firebird/log`
224 | log files DIR
225 | 
226 | ### Read Only root filesystem
227 | For some users they may prefer to run the filesystem in read only mode for additional security.
228 | These volumes would need to be created rw in order to do this.
229 | 
230 | #### `/var/firebird/run`
231 | This volume does not actually exist by default but you may want to create it if you wish to use a `read only` root filesystem
232 | guardian lock DIR
233 | 
234 | #### `/tmp`
235 | This volume does not actually exist by default but you may want to create it if you wish to use a `read only` root filesystem
236 | Database lock directory
237 | 
238 | ## Exposes: 
239 | ### 3050/tcp
240 | 
241 | ## Health Check0
242 | I have now added [HEALTHCHECK support](https://docs.docker.com/engine/reference/builder/#healthcheck) to the image. By default it uses nc to check port 3050.
243 | If you would like it to perform a more thorough check then you can create `/firebird/etc/docker-healthcheck.conf`
244 | If you add `HC_USER` `HC_PASS` and `HC_DB` to that file then the healthcheck will attempt a simple query against the specified database to determine server status.
245 | 
246 | Example `docker-healthcheck.conf`:
247 | ```
248 | HC_USER=SYSDBA
249 | HC_PASS=masterkey
250 | HC_DB=employee.fdb
251 | ```
252 | 
253 | ## Events
254 | Please note for events to work properly you must either configure RemoteAuxPort and forward it with -p using a direct mapping where both sides internal and external use the same port or use --net=host to allow the random port mapping to work.
255 | see: http://www.firebirdfaq.org/faq53/ for more information on event port mapping.
256 | 


--------------------------------------------------------------------------------