Release new versions of Neo4j #4136

spacecowboy · 2018-03-16T15:13:04Z

No description provided.

tianon · 2018-03-16T16:58:56Z

+    && apk del curl

This is happening in a separate layer from the one which installed curl, so it won't save any space (and in fact will make the image slightly larger) -- I don't think that was the intention. 😄

addgroup -S neo4j

Creating this group at runtime is a little hacky (requires write access to /etc/passwd, for example) -- why not just pre-create this group in the Dockerfile? (same with the adduser later)

-    exec neo4j console
+    su-exec "${user_name}" neo4j console
 else
-    exec "$@"
+    su-exec "${user_name}" "$@"

Despite their similar names, exec and su-exec are slightly different. exec is a shell built-in which replaces the shell process with the listed process, and su-exec is a separate program which executes a program as a less privileged user, so you'll want both exec and su-exec here, ala:

-    exec neo4j console
+    exec su-exec "${user_name}" neo4j console
 else
-    exec "$@"
+    exec su-exec "${user_name}" "$@"

spacecowboy · 2018-03-16T17:13:34Z

This is happening in a separate layer from the one which installed curl, so it won't save any space (and in fact will make the image slightly larger) -- I don't think that was the intention. smile

Indeed it was not. Good catch.

Creating this group at runtime is a little hacky (requires write access to /etc/passwd, for example) -- why not just pre-create this group in the Dockerfile? (same with the adduser later)

We do it at runtime to make sure the user matches the UID of the mounted data directory (if such a mount exists). That way we can be certain that a) the created user has write access to the directory and b) files created will be owned by an actual user and not be owned by random non-existing UID on the host machine once the container exits.

... so you'll want both exec and su-exec here, ala:.

Didn't realize this. Thanks for the tip. I'll change that.

From review at docker hub: docker-library/official-images#4136 > Despite their similar names, exec and su-exec are slightly > different. exec is a shell built-in which replaces the shell process > with the listed process, and su-exec is a separate program which > executes a program as a less privileged user, so you'll want both > exec and su-exec here [...]

spacecowboy · 2018-03-19T08:51:25Z

Updated now @tianon

tianon · 2018-03-19T19:31:40Z

We do it at runtime to make sure the user matches the UID of the mounted data directory (if such a mount exists). That way we can be certain that a) the created user has write access to the directory and b) files created will be owned by an actual user and not be owned by random non-existing UID on the host machine once the container exits.

Most other official images take the opposite approach -- if we're root, chown the directory to what we expect before we gosu/su-exec, otherwise assume that the user has used --user appropriately for the volume they've mounted.

See docker-library/rabbitmq#60, docker-library/cassandra#48, docker-library/mongo#81, redis/docker-library-redis#48, docker-library/mysql#161, MariaDB/mariadb-docker#59, docker-library/percona#21, docker-library/ghost#54, and docker-library/postgres#253 for some explicit implementation examples from other official images.

spacecowboy · 2018-03-20T13:10:24Z

Updated the user code @tianon

yosifkit · 2018-03-20T17:47:33Z

Diff:

diff --git a/_bashbrew-arches b/_bashbrew-arches
index 1dcc6db..38cba51 100644
--- a/_bashbrew-arches
+++ b/_bashbrew-arches
@@ -66,6 +66,8 @@ neo4j:3.1.5 @ amd64
 neo4j:3.1.5-enterprise @ amd64
 neo4j:3.1.6 @ amd64
 neo4j:3.1.6-enterprise @ amd64
+neo4j:3.1.7 @ amd64
+neo4j:3.1.7-enterprise @ amd64
 neo4j:3.2 @ amd64
 neo4j:3.2-enterprise @ amd64
 neo4j:3.2.0 @ amd64
@@ -84,11 +86,15 @@ neo4j:3.2.7 @ amd64
 neo4j:3.2.7-enterprise @ amd64
 neo4j:3.2.8 @ amd64
 neo4j:3.2.8-enterprise @ amd64
+neo4j:3.2.9 @ amd64
+neo4j:3.2.9-enterprise @ amd64
 neo4j:3.3.0 @ amd64
 neo4j:3.3.0-enterprise @ amd64
 neo4j:3.3.1 @ amd64
 neo4j:3.3.1-enterprise @ amd64
 neo4j:3.3.2 @ amd64
 neo4j:3.3.2-enterprise @ amd64
+neo4j:3.3.3 @ amd64
+neo4j:3.3.3-enterprise @ amd64
 neo4j:enterprise @ amd64
 neo4j:latest @ amd64
diff --git a/_bashbrew-list b/_bashbrew-list
index bc38ec5..8bbe993 100644
--- a/_bashbrew-list
+++ b/_bashbrew-list
@@ -72,6 +72,8 @@ neo4j:3.1.6
 neo4j:3.1.6-enterprise
 neo4j:3.1.7
 neo4j:3.1.7-enterprise
+neo4j:3.1.8
+neo4j:3.1.8-enterprise
 neo4j:3.2
 neo4j:3.2-enterprise
 neo4j:3.2.0
@@ -92,6 +94,8 @@ neo4j:3.2.8
 neo4j:3.2.8-enterprise
 neo4j:3.2.9
 neo4j:3.2.9-enterprise
+neo4j:3.2.10
+neo4j:3.2.10-enterprise
 neo4j:3.3
 neo4j:3.3-enterprise
 neo4j:3.3.0
@@ -102,5 +106,7 @@ neo4j:3.3.2
 neo4j:3.3.2-enterprise
 neo4j:3.3.3
 neo4j:3.3.3-enterprise
+neo4j:3.3.4
+neo4j:3.3.4-enterprise
 neo4j:enterprise
 neo4j:latest
diff --git a/neo4j_3.1-enterprise/Dockerfile b/neo4j_3.1-enterprise/Dockerfile
index 6c9c12d..37ceb07 100644
--- a/neo4j_3.1-enterprise/Dockerfile
+++ b/neo4j_3.1-enterprise/Dockerfile
@@ -1,25 +1,34 @@
 FROM openjdk:8-jre-alpine
 
-RUN apk add --no-cache --quiet \
-    bash \
-    curl
+RUN addgroup -S neo4j && adduser -S -H -h /var/lib/neo4j -G neo4j neo4j
 
-ENV NEO4J_SHA256=185076d1b1d589fd3415de80babbd2fb555c2ed641cae6ea799c7d393d099884 \
-    NEO4J_TARBALL=neo4j-enterprise-3.1.7-unix.tar.gz
-ARG NEO4J_URI=http://dist.neo4j.org/neo4j-enterprise-3.1.7-unix.tar.gz
+ENV NEO4J_SHA256=0d20324c8a64b463c5ad59576f3f2348e5b9193d04d80ee49523394e29bfb755 \
+    NEO4J_TARBALL=neo4j-enterprise-3.1.8-unix.tar.gz
+ARG NEO4J_URI=http://dist.neo4j.org/neo4j-enterprise-3.1.8-unix.tar.gz
 
 COPY ./local-package/* /tmp/
 
-RUN curl --fail --silent --show-error --location --remote-name ${NEO4J_URI} \
+RUN apk add --no-cache --quiet \
+    bash \
+    curl \
+    tini \
+    su-exec \
+    && curl --fail --silent --show-error --location --remote-name ${NEO4J_URI} \
     && echo "${NEO4J_SHA256}  ${NEO4J_TARBALL}" | sha256sum -csw - \
     && tar --extract --file ${NEO4J_TARBALL} --directory /var/lib \
     && mv /var/lib/neo4j-* /var/lib/neo4j \
-    && rm ${NEO4J_TARBALL}
+    && rm ${NEO4J_TARBALL} \
+    && mv /var/lib/neo4j/data /data \
+    && chown -R neo4j:neo4j /data \
+    && chmod -R 777 /data \
+    && chown -R neo4j:neo4j /var/lib/neo4j \
+    && chmod -R 777 /var/lib/neo4j \
+    && ln -s /data /var/lib/neo4j/data \
+    && apk del curl
 
-WORKDIR /var/lib/neo4j
+ENV PATH /var/lib/neo4j/bin:$PATH
 
-RUN mv data /data \
-    && ln -s /data
+WORKDIR /var/lib/neo4j
 
 VOLUME /data
 
@@ -27,5 +36,5 @@ COPY docker-entrypoint.sh /docker-entrypoint.sh
 
 EXPOSE 7474 7473 7687
 
-ENTRYPOINT ["/docker-entrypoint.sh"]
+ENTRYPOINT ["/sbin/tini", "-g", "--", "/docker-entrypoint.sh"]
 CMD ["neo4j"]
diff --git a/neo4j_3.1-enterprise/docker-entrypoint.sh b/neo4j_3.1-enterprise/docker-entrypoint.sh
index 1fac31e..0da7bde 100755
--- a/neo4j_3.1-enterprise/docker-entrypoint.sh
+++ b/neo4j_3.1-enterprise/docker-entrypoint.sh
@@ -1,120 +1,174 @@
 #!/bin/bash -eu
 
-if [ "$1" == "neo4j" ]; then
-
-    # Env variable naming convention:
-    # - prefix NEO4J_
-    # - double underscore char '__' instead of single underscore '_' char in the setting name
-    # - underscore char '_' instead of dot '.' char in the setting name
-    # Example:
-    # NEO4J_dbms_tx__log_rotation_retention__policy env variable to set
-    #       dbms.tx_log.rotation.retention_policy setting
-
-    # Backward compatibility - map old hardcoded env variables into new naming convention (if they aren't set already)
-    # Set some to default values if unset
-    : ${NEO4J_dbms_tx__log_rotation_retention__policy:=${NEO4J_dbms_txLog_rotation_retentionPolicy:-"100M size"}}
-    : ${NEO4J_wrapper_java_additional:=${NEO4J_UDC_SOURCE:-"-Dneo4j.ext.udc.source=docker"}}
-    : ${NEO4J_dbms_memory_heap_initial__size:=${NEO4J_dbms_memory_heap_maxSize:-"512M"}}
-    : ${NEO4J_dbms_memory_heap_max__size:=${NEO4J_dbms_memory_heap_maxSize:-"512M"}}
-    : ${NEO4J_dbms_unmanaged__extension__classes:=${NEO4J_dbms_unmanagedExtensionClasses:-}}
-    : ${NEO4J_dbms_allow__format__migration:=${NEO4J_dbms_allowFormatMigration:-}}
-    : ${NEO4J_dbms_connectors_default__advertised__address:=${NEO4J_dbms_connectors_defaultAdvertisedAddress:-}}
-    : ${NEO4J_ha_server__id:=${NEO4J_ha_serverId:-}}
-    : ${NEO4J_ha_initial__hosts:=${NEO4J_ha_initialHosts:-}}
-    : ${NEO4J_causal__clustering_expected__core__cluster__size:=${NEO4J_causalClustering_expectedCoreClusterSize:-}}
-    : ${NEO4J_causal__clustering_initial__discovery__members:=${NEO4J_causalClustering_initialDiscoveryMembers:-}}
-    : ${NEO4J_causal__clustering_discovery__listen__address:=${NEO4J_causalClustering_discoveryListenAddress:-"0.0.0.0:5000"}}
-    : ${NEO4J_causal__clustering_discovery__advertised__address:=${NEO4J_causalClustering_discoveryAdvertisedAddress:-"$(hostname):5000"}}
-    : ${NEO4J_causal__clustering_transaction__listen__address:=${NEO4J_causalClustering_transactionListenAddress:-"0.0.0.0:6000"}}
-    : ${NEO4J_causal__clustering_transaction__advertised__address:=${NEO4J_causalClustering_transactionAdvertisedAddress:-"$(hostname):6000"}}
-    : ${NEO4J_causal__clustering_raft__listen__address:=${NEO4J_causalClustering_raftListenAddress:-"0.0.0.0:7000"}}
-    : ${NEO4J_causal__clustering_raft__advertised__address:=${NEO4J_causalClustering_raftAdvertisedAddress:-"$(hostname):7000"}}
-
-    : ${NEO4J_dbms_connectors_default__listen__address:="0.0.0.0"}
-    : ${NEO4J_dbms_connector_http_listen__address:="0.0.0.0:7474"}
-    : ${NEO4J_dbms_connector_https_listen__address:="0.0.0.0:7473"}
-    : ${NEO4J_dbms_connector_bolt_listen__address:="0.0.0.0:7687"}
-    : ${NEO4J_ha_host_coordination:="$(hostname):5001"}
-    : ${NEO4J_ha_host_data:="$(hostname):6001"}
-
-    # unset old hardcoded unsupported env variables
-    unset NEO4J_dbms_txLog_rotation_retentionPolicy NEO4J_UDC_SOURCE \
-        NEO4J_dbms_memory_heap_maxSize NEO4J_dbms_memory_heap_maxSize \
-        NEO4J_dbms_unmanagedExtensionClasses NEO4J_dbms_allowFormatMigration \
-        NEO4J_dbms_connectors_defaultAdvertisedAddress NEO4J_ha_serverId \
-        NEO4J_ha_initialHosts NEO4J_causalClustering_expectedCoreClusterSize \
-        NEO4J_causalClustering_initialDiscoveryMembers \
-        NEO4J_causalClustering_discoveryListenAddress \
-        NEO4J_causalClustering_discoveryAdvertisedAddress \
-        NEO4J_causalClustering_transactionListenAddress \
-        NEO4J_causalClustering_transactionAdvertisedAddress \
-        NEO4J_causalClustering_raftListenAddress \
-        NEO4J_causalClustering_raftAdvertisedAddress
-
-    if [ -d /conf ]; then
-        find /conf -type f -exec cp {} conf \;
-    fi
+cmd="$1"
 
-    if [ -d /ssl ]; then
-        NEO4J_dbms_directories_certificates="/ssl"
-    fi
+# If we're running as root, then run as the neo4j user. Otherwise
+# docker is running with --user and we simply use that user.  Note
+# that su-exec, despite its name, does not replicate the functionality
+# of exec, so we need to use both
+if [ "$(id -u)" = "0" ]; then
+  userid="neo4j"
+  groupid="neo4j"
+  exec_cmd="exec su-exec neo4j"
+else
+  userid="$(id -u)"
+  groupid="$(id -g)"
+  exec_cmd="exec"
+fi
+readonly userid
+readonly groupid
+readonly exec_cmd
 
-    if [ -d /plugins ]; then
-        NEO4J_dbms_directories_plugins="/plugins"
-    fi
+# Need to chown the home directory - but a user might have mounted a
+# volume here (notably a conf volume). So take care not to chown
+# volumes (stuff not owned by neo4j)
+if [[ "$(id -u)" = "0" ]]; then
+  # Non-recursive chown for the base directory
+  chown "${userid}":"${groupid}" /var/lib/neo4j
+  chmod 700 /var/lib/neo4j
+fi
 
-    if [ -d /logs ]; then
-        NEO4J_dbms_directories_logs="/logs"
-    fi
+while IFS= read -r -d '' dir
+do
+  if [[ "$(id -u)" = "0" ]] && [[ "$(stat -c %U "${dir}")" = "neo4j" ]]; then
+    # Using mindepth 1 to avoid the base directory here so recursive is OK
+    chown -R "${userid}":"${groupid}" "${dir}"
+    chmod -R 700 "${dir}"
+  fi
+done <   <(find /var/lib/neo4j -type d -mindepth 1 -maxdepth 1 -print0)
 
-    if [ -d /import ]; then
-        NEO4J_dbms_directories_import="/import"
-    fi
+# Data dir is chowned later
 
-    if [ -d /metrics ]; then
-        NEO4J_dbms_directories_metrics="/metrics"
-    fi
+if [ "${cmd}" == "dump-config" ]; then
+  if [ -d /conf ]; then
+    ${exec_cmd} cp --recursive conf/* /conf
+    exit 0
+  else
+    echo >&2 "You must provide a /conf volume"
+    exit 1
+  fi
+fi
+
+# Env variable naming convention:
+# - prefix NEO4J_
+# - double underscore char '__' instead of single underscore '_' char in the setting name
+# - underscore char '_' instead of dot '.' char in the setting name
+# Example:
+# NEO4J_dbms_tx__log_rotation_retention__policy env variable to set
+#       dbms.tx_log.rotation.retention_policy setting
+
+# Backward compatibility - map old hardcoded env variables into new naming convention (if they aren't set already)
+# Set some to default values if unset
+: ${NEO4J_dbms_tx__log_rotation_retention__policy:=${NEO4J_dbms_txLog_rotation_retentionPolicy:-"100M size"}}
+: ${NEO4J_wrapper_java_additional:=${NEO4J_UDC_SOURCE:-"-Dneo4j.ext.udc.source=docker"}}
+: ${NEO4J_dbms_memory_heap_initial__size:=${NEO4J_dbms_memory_heap_maxSize:-"512M"}}
+: ${NEO4J_dbms_memory_heap_max__size:=${NEO4J_dbms_memory_heap_maxSize:-"512M"}}
+: ${NEO4J_dbms_unmanaged__extension__classes:=${NEO4J_dbms_unmanagedExtensionClasses:-}}
+: ${NEO4J_dbms_allow__format__migration:=${NEO4J_dbms_allowFormatMigration:-}}
+: ${NEO4J_dbms_connectors_default__advertised__address:=${NEO4J_dbms_connectors_defaultAdvertisedAddress:-}}
+: ${NEO4J_ha_server__id:=${NEO4J_ha_serverId:-}}
+: ${NEO4J_ha_initial__hosts:=${NEO4J_ha_initialHosts:-}}
+: ${NEO4J_causal__clustering_expected__core__cluster__size:=${NEO4J_causalClustering_expectedCoreClusterSize:-}}
+: ${NEO4J_causal__clustering_initial__discovery__members:=${NEO4J_causalClustering_initialDiscoveryMembers:-}}
+: ${NEO4J_causal__clustering_discovery__listen__address:=${NEO4J_causalClustering_discoveryListenAddress:-"0.0.0.0:5000"}}
+: ${NEO4J_causal__clustering_discovery__advertised__address:=${NEO4J_causalClustering_discoveryAdvertisedAddress:-"$(hostname):5000"}}
+: ${NEO4J_causal__clustering_transaction__listen__address:=${NEO4J_causalClustering_transactionListenAddress:-"0.0.0.0:6000"}}
+: ${NEO4J_causal__clustering_transaction__advertised__address:=${NEO4J_causalClustering_transactionAdvertisedAddress:-"$(hostname):6000"}}
+: ${NEO4J_causal__clustering_raft__listen__address:=${NEO4J_causalClustering_raftListenAddress:-"0.0.0.0:7000"}}
+: ${NEO4J_causal__clustering_raft__advertised__address:=${NEO4J_causalClustering_raftAdvertisedAddress:-"$(hostname):7000"}}
+
+: ${NEO4J_dbms_connectors_default__listen__address:="0.0.0.0"}
+: ${NEO4J_dbms_connector_http_listen__address:="0.0.0.0:7474"}
+: ${NEO4J_dbms_connector_https_listen__address:="0.0.0.0:7473"}
+: ${NEO4J_dbms_connector_bolt_listen__address:="0.0.0.0:7687"}
+: ${NEO4J_ha_host_coordination:="$(hostname):5001"}
+: ${NEO4J_ha_host_data:="$(hostname):6001"}
+
+# unset old hardcoded unsupported env variables
+unset NEO4J_dbms_txLog_rotation_retentionPolicy NEO4J_UDC_SOURCE \
+    NEO4J_dbms_memory_heap_maxSize NEO4J_dbms_memory_heap_maxSize \
+    NEO4J_dbms_unmanagedExtensionClasses NEO4J_dbms_allowFormatMigration \
+    NEO4J_dbms_connectors_defaultAdvertisedAddress NEO4J_ha_serverId \
+    NEO4J_ha_initialHosts NEO4J_causalClustering_expectedCoreClusterSize \
+    NEO4J_causalClustering_initialDiscoveryMembers \
+    NEO4J_causalClustering_discoveryListenAddress \
+    NEO4J_causalClustering_discoveryAdvertisedAddress \
+    NEO4J_causalClustering_transactionListenAddress \
+    NEO4J_causalClustering_transactionAdvertisedAddress \
+    NEO4J_causalClustering_raftListenAddress \
+    NEO4J_causalClustering_raftAdvertisedAddress
+
+if [ -d /conf ]; then
+    find /conf -type f -exec cp {} conf \;
+fi
 
+if [ -d /ssl ]; then
+    NEO4J_dbms_directories_certificates="/ssl"
+fi
+
+if [ -d /plugins ]; then
+    NEO4J_dbms_directories_plugins="/plugins"
+fi
+
+if [ -d /logs ]; then
+    NEO4J_dbms_directories_logs="/logs"
+fi
+
+if [ -d /import ]; then
+    NEO4J_dbms_directories_import="/import"
+fi
+
+if [ -d /metrics ]; then
+    NEO4J_dbms_directories_metrics="/metrics"
+fi
+
+# set the neo4j initial password only if you run the database server
+if [ "${cmd}" == "neo4j" ]; then
     if [ "${NEO4J_AUTH:-}" == "none" ]; then
         NEO4J_dbms_security_auth__enabled=false
     elif [[ "${NEO4J_AUTH:-}" == neo4j/* ]]; then
         password="${NEO4J_AUTH#neo4j/}"
         if [ "${password}" == "neo4j" ]; then
-            echo "Invalid value for password. It cannot be 'neo4j', which is the default."
+            echo >&2 "Invalid value for password. It cannot be 'neo4j', which is the default."
             exit 1
         fi
         # Will exit with error if users already exist (and print a message explaining that)
         bin/neo4j-admin set-initial-password "${password}" || true
     elif [ -n "${NEO4J_AUTH:-}" ]; then
-        echo "Invalid value for NEO4J_AUTH: '${NEO4J_AUTH}'"
+        echo >&2 "Invalid value for NEO4J_AUTH: '${NEO4J_AUTH}'"
         exit 1
     fi
+fi
 
-    # list env variables with prefix NEO4J_ and create settings from them
-    unset NEO4J_AUTH NEO4J_SHA256 NEO4J_TARBALL
-    for i in $( set | grep ^NEO4J_ | awk -F'=' '{print $1}' | sort -rn ); do
-        setting=$(echo ${i} | sed 's|^NEO4J_||' | sed 's|_|.|g' | sed 's|\.\.|_|g')
-        value=$(echo ${!i})
-        if [[ -n ${value} ]]; then
-            if grep -q -F "${setting}=" conf/neo4j.conf; then
-                # Remove any lines containing the setting already
-                sed --in-place "/${setting}=.*/d" conf/neo4j.conf
-            fi
-            # Then always append setting to file
-            echo "${setting}=${value}" >> conf/neo4j.conf
+# list env variables with prefix NEO4J_ and create settings from them
+unset NEO4J_AUTH NEO4J_SHA256 NEO4J_TARBALL
+for i in $( set | grep ^NEO4J_ | awk -F'=' '{print $1}' | sort -rn ); do
+    setting=$(echo ${i} | sed 's|^NEO4J_||' | sed 's|_|.|g' | sed 's|\.\.|_|g')
+    value=$(echo ${!i})
+    if [[ -n ${value} ]]; then
+        if grep -q -F "${setting}=" conf/neo4j.conf; then
+            # Remove any lines containing the setting already
+            sed --in-place "/${setting}=.*/d" conf/neo4j.conf
         fi
-    done
+        # Then always append setting to file
+        echo "${setting}=${value}" >> conf/neo4j.conf
+    fi
+done
 
-    [ -f "${EXTENSION_SCRIPT:-}" ] && . ${EXTENSION_SCRIPT}
+# Chown the data dir now that (maybe) an initial password has been
+# set (this is a file in the data dir)
+if [[ "$(id -u)" = "0" ]]; then
+  chmod -R 755 /data
+  chown -R "${userid}":"${groupid}" /data
+fi
 
-    exec bin/neo4j console
-elif [ "$1" == "dump-config" ]; then
-    if [ -d /conf ]; then
-        cp --recursive conf/* /conf
-    else
-        echo "You must provide a /conf volume"
-        exit 1
-    fi
+[ -f "${EXTENSION_SCRIPT:-}" ] && . ${EXTENSION_SCRIPT}
+
+# Use su-exec to drop privileges to neo4j user
+# Note that su-exec, despite its name, does not replicate the
+# functionality of exec, so we need to use both
+if [ "${cmd}" == "neo4j" ]; then
+  ${exec_cmd} neo4j console
 else
-    exec "$@"
+  ${exec_cmd} "$@"
 fi
diff --git a/neo4j_3.1-enterprise/Dockerfile b/neo4j_3.1.7-enterprise/Dockerfile
similarity index 100%
copy from neo4j_3.1-enterprise/Dockerfile
copy to neo4j_3.1.7-enterprise/Dockerfile
diff --git a/neo4j_3.1-enterprise/docker-entrypoint.sh b/neo4j_3.1.7-enterprise/docker-entrypoint.sh
similarity index 100%
copy from neo4j_3.1-enterprise/docker-entrypoint.sh
copy to neo4j_3.1.7-enterprise/docker-entrypoint.sh
diff --git a/neo4j_2.3-enterprise/local-package/.sentinel b/neo4j_3.1.7-enterprise/local-package/.sentinel
similarity index 100%
copy from neo4j_2.3-enterprise/local-package/.sentinel
copy to neo4j_3.1.7-enterprise/local-package/.sentinel
diff --git a/neo4j_3.1/Dockerfile b/neo4j_3.1.7/Dockerfile
similarity index 100%
copy from neo4j_3.1/Dockerfile
copy to neo4j_3.1.7/Dockerfile
diff --git a/neo4j_3.1-enterprise/docker-entrypoint.sh b/neo4j_3.1.7/docker-entrypoint.sh
similarity index 100%
copy from neo4j_3.1-enterprise/docker-entrypoint.sh
copy to neo4j_3.1.7/docker-entrypoint.sh
diff --git a/neo4j_2.3-enterprise/local-package/.sentinel b/neo4j_3.1.7/local-package/.sentinel
similarity index 100%
copy from neo4j_2.3-enterprise/local-package/.sentinel
copy to neo4j_3.1.7/local-package/.sentinel
diff --git a/neo4j_3.1/Dockerfile b/neo4j_3.1/Dockerfile
index 2568085..7967859 100644
--- a/neo4j_3.1/Dockerfile
+++ b/neo4j_3.1/Dockerfile
@@ -1,25 +1,34 @@
 FROM openjdk:8-jre-alpine
 
-RUN apk add --no-cache --quiet \
-    bash \
-    curl
+RUN addgroup -S neo4j && adduser -S -H -h /var/lib/neo4j -G neo4j neo4j
 
-ENV NEO4J_SHA256=609758161b27ab9c993bc4b6428c9937168da56e61c7c098d1d1dcb018a3d6b2 \
-    NEO4J_TARBALL=neo4j-community-3.1.7-unix.tar.gz
-ARG NEO4J_URI=http://dist.neo4j.org/neo4j-community-3.1.7-unix.tar.gz
+ENV NEO4J_SHA256=94f074996c70d9b01ea936b8ca9aba31689ab8ca4757f8bda17cd9926cdeaa3d \
+    NEO4J_TARBALL=neo4j-community-3.1.8-unix.tar.gz
+ARG NEO4J_URI=http://dist.neo4j.org/neo4j-community-3.1.8-unix.tar.gz
 
 COPY ./local-package/* /tmp/
 
-RUN curl --fail --silent --show-error --location --remote-name ${NEO4J_URI} \
+RUN apk add --no-cache --quiet \
+    bash \
+    curl \
+    tini \
+    su-exec \
+    && curl --fail --silent --show-error --location --remote-name ${NEO4J_URI} \
     && echo "${NEO4J_SHA256}  ${NEO4J_TARBALL}" | sha256sum -csw - \
     && tar --extract --file ${NEO4J_TARBALL} --directory /var/lib \
     && mv /var/lib/neo4j-* /var/lib/neo4j \
-    && rm ${NEO4J_TARBALL}
+    && rm ${NEO4J_TARBALL} \
+    && mv /var/lib/neo4j/data /data \
+    && chown -R neo4j:neo4j /data \
+    && chmod -R 777 /data \
+    && chown -R neo4j:neo4j /var/lib/neo4j \
+    && chmod -R 777 /var/lib/neo4j \
+    && ln -s /data /var/lib/neo4j/data \
+    && apk del curl
 
-WORKDIR /var/lib/neo4j
+ENV PATH /var/lib/neo4j/bin:$PATH
 
-RUN mv data /data \
-    && ln -s /data
+WORKDIR /var/lib/neo4j
 
 VOLUME /data
 
@@ -27,5 +36,5 @@ COPY docker-entrypoint.sh /docker-entrypoint.sh
 
 EXPOSE 7474 7473 7687
 
-ENTRYPOINT ["/docker-entrypoint.sh"]
+ENTRYPOINT ["/sbin/tini", "-g", "--", "/docker-entrypoint.sh"]
 CMD ["neo4j"]
diff --git a/neo4j_3.1/docker-entrypoint.sh b/neo4j_3.1/docker-entrypoint.sh
index 1fac31e..0da7bde 100755
--- a/neo4j_3.1/docker-entrypoint.sh
+++ b/neo4j_3.1/docker-entrypoint.sh
@@ -1,120 +1,174 @@
 #!/bin/bash -eu
 
-if [ "$1" == "neo4j" ]; then
-
-    # Env variable naming convention:
-    # - prefix NEO4J_
-    # - double underscore char '__' instead of single underscore '_' char in the setting name
-    # - underscore char '_' instead of dot '.' char in the setting name
-    # Example:
-    # NEO4J_dbms_tx__log_rotation_retention__policy env variable to set
-    #       dbms.tx_log.rotation.retention_policy setting
-
-    # Backward compatibility - map old hardcoded env variables into new naming convention (if they aren't set already)
-    # Set some to default values if unset
-    : ${NEO4J_dbms_tx__log_rotation_retention__policy:=${NEO4J_dbms_txLog_rotation_retentionPolicy:-"100M size"}}
-    : ${NEO4J_wrapper_java_additional:=${NEO4J_UDC_SOURCE:-"-Dneo4j.ext.udc.source=docker"}}
-    : ${NEO4J_dbms_memory_heap_initial__size:=${NEO4J_dbms_memory_heap_maxSize:-"512M"}}
-    : ${NEO4J_dbms_memory_heap_max__size:=${NEO4J_dbms_memory_heap_maxSize:-"512M"}}
-    : ${NEO4J_dbms_unmanaged__extension__classes:=${NEO4J_dbms_unmanagedExtensionClasses:-}}
-    : ${NEO4J_dbms_allow__format__migration:=${NEO4J_dbms_allowFormatMigration:-}}
-    : ${NEO4J_dbms_connectors_default__advertised__address:=${NEO4J_dbms_connectors_defaultAdvertisedAddress:-}}
-    : ${NEO4J_ha_server__id:=${NEO4J_ha_serverId:-}}
-    : ${NEO4J_ha_initial__hosts:=${NEO4J_ha_initialHosts:-}}
-    : ${NEO4J_causal__clustering_expected__core__cluster__size:=${NEO4J_causalClustering_expectedCoreClusterSize:-}}
-    : ${NEO4J_causal__clustering_initial__discovery__members:=${NEO4J_causalClustering_initialDiscoveryMembers:-}}
-    : ${NEO4J_causal__clustering_discovery__listen__address:=${NEO4J_causalClustering_discoveryListenAddress:-"0.0.0.0:5000"}}
-    : ${NEO4J_causal__clustering_discovery__advertised__address:=${NEO4J_causalClustering_discoveryAdvertisedAddress:-"$(hostname):5000"}}
-    : ${NEO4J_causal__clustering_transaction__listen__address:=${NEO4J_causalClustering_transactionListenAddress:-"0.0.0.0:6000"}}
-    : ${NEO4J_causal__clustering_transaction__advertised__address:=${NEO4J_causalClustering_transactionAdvertisedAddress:-"$(hostname):6000"}}
-    : ${NEO4J_causal__clustering_raft__listen__address:=${NEO4J_causalClustering_raftListenAddress:-"0.0.0.0:7000"}}
-    : ${NEO4J_causal__clustering_raft__advertised__address:=${NEO4J_causalClustering_raftAdvertisedAddress:-"$(hostname):7000"}}
-
-    : ${NEO4J_dbms_connectors_default__listen__address:="0.0.0.0"}
-    : ${NEO4J_dbms_connector_http_listen__address:="0.0.0.0:7474"}
-    : ${NEO4J_dbms_connector_https_listen__address:="0.0.0.0:7473"}
-    : ${NEO4J_dbms_connector_bolt_listen__address:="0.0.0.0:7687"}
-    : ${NEO4J_ha_host_coordination:="$(hostname):5001"}
-    : ${NEO4J_ha_host_data:="$(hostname):6001"}
-
-    # unset old hardcoded unsupported env variables
-    unset NEO4J_dbms_txLog_rotation_retentionPolicy NEO4J_UDC_SOURCE \
-        NEO4J_dbms_memory_heap_maxSize NEO4J_dbms_memory_heap_maxSize \
-        NEO4J_dbms_unmanagedExtensionClasses NEO4J_dbms_allowFormatMigration \
-        NEO4J_dbms_connectors_defaultAdvertisedAddress NEO4J_ha_serverId \
-        NEO4J_ha_initialHosts NEO4J_causalClustering_expectedCoreClusterSize \
-        NEO4J_causalClustering_initialDiscoveryMembers \
-        NEO4J_causalClustering_discoveryListenAddress \
-        NEO4J_causalClustering_discoveryAdvertisedAddress \
-        NEO4J_causalClustering_transactionListenAddress \
-        NEO4J_causalClustering_transactionAdvertisedAddress \
-        NEO4J_causalClustering_raftListenAddress \
-        NEO4J_causalClustering_raftAdvertisedAddress
-
-    if [ -d /conf ]; then
-        find /conf -type f -exec cp {} conf \;
-    fi
+cmd="$1"
 
-    if [ -d /ssl ]; then
-        NEO4J_dbms_directories_certificates="/ssl"
-    fi
+# If we're running as root, then run as the neo4j user. Otherwise
+# docker is running with --user and we simply use that user.  Note
+# that su-exec, despite its name, does not replicate the functionality
+# of exec, so we need to use both
+if [ "$(id -u)" = "0" ]; then
+  userid="neo4j"
+  groupid="neo4j"
+  exec_cmd="exec su-exec neo4j"
+else
+  userid="$(id -u)"
+  groupid="$(id -g)"
+  exec_cmd="exec"
+fi
+readonly userid
+readonly groupid
+readonly exec_cmd
 
-    if [ -d /plugins ]; then
-        NEO4J_dbms_directories_plugins="/plugins"
-    fi
+# Need to chown the home directory - but a user might have mounted a
+# volume here (notably a conf volume). So take care not to chown
+# volumes (stuff not owned by neo4j)
+if [[ "$(id -u)" = "0" ]]; then
+  # Non-recursive chown for the base directory
+  chown "${userid}":"${groupid}" /var/lib/neo4j
+  chmod 700 /var/lib/neo4j
+fi
 
-    if [ -d /logs ]; then
-        NEO4J_dbms_directories_logs="/logs"
-    fi
+while IFS= read -r -d '' dir
+do
+  if [[ "$(id -u)" = "0" ]] && [[ "$(stat -c %U "${dir}")" = "neo4j" ]]; then
+    # Using mindepth 1 to avoid the base directory here so recursive is OK
+    chown -R "${userid}":"${groupid}" "${dir}"
+    chmod -R 700 "${dir}"
+  fi
+done <   <(find /var/lib/neo4j -type d -mindepth 1 -maxdepth 1 -print0)
 
-    if [ -d /import ]; then
-        NEO4J_dbms_directories_import="/import"
-    fi
+# Data dir is chowned later
 
-    if [ -d /metrics ]; then
-        NEO4J_dbms_directories_metrics="/metrics"
-    fi
+if [ "${cmd}" == "dump-config" ]; then
+  if [ -d /conf ]; then
+    ${exec_cmd} cp --recursive conf/* /conf
+    exit 0
+  else
+    echo >&2 "You must provide a /conf volume"
+    exit 1
+  fi
+fi
+
+# Env variable naming convention:
+# - prefix NEO4J_
+# - double underscore char '__' instead of single underscore '_' char in the setting name
+# - underscore char '_' instead of dot '.' char in the setting name
+# Example:
+# NEO4J_dbms_tx__log_rotation_retention__policy env variable to set
+#       dbms.tx_log.rotation.retention_policy setting
+
+# Backward compatibility - map old hardcoded env variables into new naming convention (if they aren't set already)
+# Set some to default values if unset
+: ${NEO4J_dbms_tx__log_rotation_retention__policy:=${NEO4J_dbms_txLog_rotation_retentionPolicy:-"100M size"}}
+: ${NEO4J_wrapper_java_additional:=${NEO4J_UDC_SOURCE:-"-Dneo4j.ext.udc.source=docker"}}
+: ${NEO4J_dbms_memory_heap_initial__size:=${NEO4J_dbms_memory_heap_maxSize:-"512M"}}
+: ${NEO4J_dbms_memory_heap_max__size:=${NEO4J_dbms_memory_heap_maxSize:-"512M"}}
+: ${NEO4J_dbms_unmanaged__extension__classes:=${NEO4J_dbms_unmanagedExtensionClasses:-}}
+: ${NEO4J_dbms_allow__format__migration:=${NEO4J_dbms_allowFormatMigration:-}}
+: ${NEO4J_dbms_connectors_default__advertised__address:=${NEO4J_dbms_connectors_defaultAdvertisedAddress:-}}
+: ${NEO4J_ha_server__id:=${NEO4J_ha_serverId:-}}
+: ${NEO4J_ha_initial__hosts:=${NEO4J_ha_initialHosts:-}}
+: ${NEO4J_causal__clustering_expected__core__cluster__size:=${NEO4J_causalClustering_expectedCoreClusterSize:-}}
+: ${NEO4J_causal__clustering_initial__discovery__members:=${NEO4J_causalClustering_initialDiscoveryMembers:-}}
+: ${NEO4J_causal__clustering_discovery__listen__address:=${NEO4J_causalClustering_discoveryListenAddress:-"0.0.0.0:5000"}}
+: ${NEO4J_causal__clustering_discovery__advertised__address:=${NEO4J_causalClustering_discoveryAdvertisedAddress:-"$(hostname):5000"}}
+: ${NEO4J_causal__clustering_transaction__listen__address:=${NEO4J_causalClustering_transactionListenAddress:-"0.0.0.0:6000"}}
+: ${NEO4J_causal__clustering_transaction__advertised__address:=${NEO4J_causalClustering_transactionAdvertisedAddress:-"$(hostname):6000"}}
+: ${NEO4J_causal__clustering_raft__listen__address:=${NEO4J_causalClustering_raftListenAddress:-"0.0.0.0:7000"}}
+: ${NEO4J_causal__clustering_raft__advertised__address:=${NEO4J_causalClustering_raftAdvertisedAddress:-"$(hostname):7000"}}
+
+: ${NEO4J_dbms_connectors_default__listen__address:="0.0.0.0"}
+: ${NEO4J_dbms_connector_http_listen__address:="0.0.0.0:7474"}
+: ${NEO4J_dbms_connector_https_listen__address:="0.0.0.0:7473"}
+: ${NEO4J_dbms_connector_bolt_listen__address:="0.0.0.0:7687"}
+: ${NEO4J_ha_host_coordination:="$(hostname):5001"}
+: ${NEO4J_ha_host_data:="$(hostname):6001"}
+
+# unset old hardcoded unsupported env variables
+unset NEO4J_dbms_txLog_rotation_retentionPolicy NEO4J_UDC_SOURCE \
+    NEO4J_dbms_memory_heap_maxSize NEO4J_dbms_memory_heap_maxSize \
+    NEO4J_dbms_unmanagedExtensionClasses NEO4J_dbms_allowFormatMigration \
+    NEO4J_dbms_connectors_defaultAdvertisedAddress NEO4J_ha_serverId \
+    NEO4J_ha_initialHosts NEO4J_causalClustering_expectedCoreClusterSize \
+    NEO4J_causalClustering_initialDiscoveryMembers \
+    NEO4J_causalClustering_discoveryListenAddress \
+    NEO4J_causalClustering_discoveryAdvertisedAddress \
+    NEO4J_causalClustering_transactionListenAddress \
+    NEO4J_causalClustering_transactionAdvertisedAddress \
+    NEO4J_causalClustering_raftListenAddress \
+    NEO4J_causalClustering_raftAdvertisedAddress
+
+if [ -d /conf ]; then
+    find /conf -type f -exec cp {} conf \;
+fi
 
+if [ -d /ssl ]; then
+    NEO4J_dbms_directories_certificates="/ssl"
+fi
+
+if [ -d /plugins ]; then
+    NEO4J_dbms_directories_plugins="/plugins"
+fi
+
+if [ -d /logs ]; then
+    NEO4J_dbms_directories_logs="/logs"
+fi
+
+if [ -d /import ]; then
+    NEO4J_dbms_directories_import="/import"
+fi
+
+if [ -d /metrics ]; then
+    NEO4J_dbms_directories_metrics="/metrics"
+fi
+
+# set the neo4j initial password only if you run the database server
+if [ "${cmd}" == "neo4j" ]; then
     if [ "${NEO4J_AUTH:-}" == "none" ]; then
         NEO4J_dbms_security_auth__enabled=false
     elif [[ "${NEO4J_AUTH:-}" == neo4j/* ]]; then
         password="${NEO4J_AUTH#neo4j/}"
         if [ "${password}" == "neo4j" ]; then
-            echo "Invalid value for password. It cannot be 'neo4j', which is the default."
+            echo >&2 "Invalid value for password. It cannot be 'neo4j', which is the default."
             exit 1
         fi
         # Will exit with error if users already exist (and print a message explaining that)
         bin/neo4j-admin set-initial-password "${password}" || true
     elif [ -n "${NEO4J_AUTH:-}" ]; then
-        echo "Invalid value for NEO4J_AUTH: '${NEO4J_AUTH}'"
+        echo >&2 "Invalid value for NEO4J_AUTH: '${NEO4J_AUTH}'"
         exit 1
     fi
+fi
 
-    # list env variables with prefix NEO4J_ and create settings from them
-    unset NEO4J_AUTH NEO4J_SHA256 NEO4J_TARBALL
-    for i in $( set | grep ^NEO4J_ | awk -F'=' '{print $1}' | sort -rn ); do
-        setting=$(echo ${i} | sed 's|^NEO4J_||' | sed 's|_|.|g' | sed 's|\.\.|_|g')
-        value=$(echo ${!i})
-        if [[ -n ${value} ]]; then
-            if grep -q -F "${setting}=" conf/neo4j.conf; then
-                # Remove any lines containing the setting already
-                sed --in-place "/${setting}=.*/d" conf/neo4j.conf
-            fi
-            # Then always append setting to file
-            echo "${setting}=${value}" >> conf/neo4j.conf
+# list env variables with prefix NEO4J_ and create settings from them
+unset NEO4J_AUTH NEO4J_SHA256 NEO4J_TARBALL
+for i in $( set | grep ^NEO4J_ | awk -F'=' '{print $1}' | sort -rn ); do
+    setting=$(echo ${i} | sed 's|^NEO4J_||' | sed 's|_|.|g' | sed 's|\.\.|_|g')
+    value=$(echo ${!i})
+    if [[ -n ${value} ]]; then
+        if grep -q -F "${setting}=" conf/neo4j.conf; then
+            # Remove any lines containing the setting already
+            sed --in-place "/${setting}=.*/d" conf/neo4j.conf
         fi
-    done
+        # Then always append setting to file
+        echo "${setting}=${value}" >> conf/neo4j.conf
+    fi
+done
 
-    [ -f "${EXTENSION_SCRIPT:-}" ] && . ${EXTENSION_SCRIPT}
+# Chown the data dir now that (maybe) an initial password has been
+# set (this is a file in the data dir)
+if [[ "$(id -u)" = "0" ]]; then
+  chmod -R 755 /data
+  chown -R "${userid}":"${groupid}" /data
+fi
 
-    exec bin/neo4j console
-elif [ "$1" == "dump-config" ]; then
-    if [ -d /conf ]; then
-        cp --recursive conf/* /conf
-    else
-        echo "You must provide a /conf volume"
-        exit 1
-    fi
+[ -f "${EXTENSION_SCRIPT:-}" ] && . ${EXTENSION_SCRIPT}
+
+# Use su-exec to drop privileges to neo4j user
+# Note that su-exec, despite its name, does not replicate the
+# functionality of exec, so we need to use both
+if [ "${cmd}" == "neo4j" ]; then
+  ${exec_cmd} neo4j console
 else
-    exec "$@"
+  ${exec_cmd} "$@"
 fi
diff --git a/neo4j_3.2-enterprise/Dockerfile b/neo4j_3.2-enterprise/Dockerfile
index 851de26..4ae0e40 100644
--- a/neo4j_3.2-enterprise/Dockerfile
+++ b/neo4j_3.2-enterprise/Dockerfile
@@ -1,21 +1,28 @@
 FROM openjdk:8-jre-alpine
 
-RUN apk add --no-cache --quiet \
-    bash \
-    curl
+RUN addgroup -S neo4j && adduser -S -H -h /var/lib/neo4j -G neo4j neo4j
 
-ENV NEO4J_SHA256=370d563213b8df164a886d81e1f81a91ecadb90334b6f47af3607529e10b5113 \
-    NEO4J_TARBALL=neo4j-enterprise-3.2.9-unix.tar.gz
-ARG NEO4J_URI=http://dist.neo4j.org/neo4j-enterprise-3.2.9-unix.tar.gz
+ENV NEO4J_SHA256=38d42372720839b1009700ddeef64f28dc315f9e5e4435120d07ac64b7f03161 \
+    NEO4J_TARBALL=neo4j-enterprise-3.2.10-unix.tar.gz
+ARG NEO4J_URI=http://dist.neo4j.org/neo4j-enterprise-3.2.10-unix.tar.gz
 
 COPY ./local-package/* /tmp/
 
-RUN curl --fail --silent --show-error --location --remote-name ${NEO4J_URI} \
+RUN apk add --no-cache --quiet \
+    bash \
+    curl \
+    tini \
+    su-exec \
+    && curl --fail --silent --show-error --location --remote-name ${NEO4J_URI} \
     && echo "${NEO4J_SHA256}  ${NEO4J_TARBALL}" | sha256sum -csw - \
     && tar --extract --file ${NEO4J_TARBALL} --directory /var/lib \
     && mv /var/lib/neo4j-* /var/lib/neo4j \
     && rm ${NEO4J_TARBALL} \
     && mv /var/lib/neo4j/data /data \
+    && chown -R neo4j:neo4j /data \
+    && chmod -R 777 /data \
+    && chown -R neo4j:neo4j /var/lib/neo4j \
+    && chmod -R 777 /var/lib/neo4j \
     && ln -s /data /var/lib/neo4j/data \
     && apk del curl
 
@@ -29,5 +36,5 @@ COPY docker-entrypoint.sh /docker-entrypoint.sh
 
 EXPOSE 7474 7473 7687
 
-ENTRYPOINT ["/docker-entrypoint.sh"]
+ENTRYPOINT ["/sbin/tini", "-g", "--", "/docker-entrypoint.sh"]
 CMD ["neo4j"]
diff --git a/neo4j_3.2-enterprise/docker-entrypoint.sh b/neo4j_3.2-enterprise/docker-entrypoint.sh
index d36d70b..0da7bde 100755
--- a/neo4j_3.2-enterprise/docker-entrypoint.sh
+++ b/neo4j_3.2-enterprise/docker-entrypoint.sh
@@ -2,20 +2,51 @@
 
 cmd="$1"
 
-if [[ "${cmd}" != *"neo4j"* ]]; then
-    [ -f "${EXTENSION_SCRIPT:-}" ] && . ${EXTENSION_SCRIPT}
-
-    if [ "${cmd}" == "dump-config" ]; then
-        if [ -d /conf ]; then
-            cp --recursive conf/* /conf
-            exit 0
-        else
-            echo "You must provide a /conf volume"
-            exit 1
-        fi
-    fi
-    exec "$@"
-    exit $?
+# If we're running as root, then run as the neo4j user. Otherwise
+# docker is running with --user and we simply use that user.  Note
+# that su-exec, despite its name, does not replicate the functionality
+# of exec, so we need to use both
+if [ "$(id -u)" = "0" ]; then
+  userid="neo4j"
+  groupid="neo4j"
+  exec_cmd="exec su-exec neo4j"
+else
+  userid="$(id -u)"
+  groupid="$(id -g)"
+  exec_cmd="exec"
+fi
+readonly userid
+readonly groupid
+readonly exec_cmd
+
+# Need to chown the home directory - but a user might have mounted a
+# volume here (notably a conf volume). So take care not to chown
+# volumes (stuff not owned by neo4j)
+if [[ "$(id -u)" = "0" ]]; then
+  # Non-recursive chown for the base directory
+  chown "${userid}":"${groupid}" /var/lib/neo4j
+  chmod 700 /var/lib/neo4j
+fi
+
+while IFS= read -r -d '' dir
+do
+  if [[ "$(id -u)" = "0" ]] && [[ "$(stat -c %U "${dir}")" = "neo4j" ]]; then
+    # Using mindepth 1 to avoid the base directory here so recursive is OK
+    chown -R "${userid}":"${groupid}" "${dir}"
+    chmod -R 700 "${dir}"
+  fi
+done <   <(find /var/lib/neo4j -type d -mindepth 1 -maxdepth 1 -print0)
+
+# Data dir is chowned later
+
+if [ "${cmd}" == "dump-config" ]; then
+  if [ -d /conf ]; then
+    ${exec_cmd} cp --recursive conf/* /conf
+    exit 0
+  else
+    echo >&2 "You must provide a /conf volume"
+    exit 1
+  fi
 fi
 
 # Env variable naming convention:
@@ -92,19 +123,19 @@ if [ -d /metrics ]; then
 fi
 
 # set the neo4j initial password only if you run the database server
-if [ "${cmd}" == "neo4j" ] ; then
+if [ "${cmd}" == "neo4j" ]; then
     if [ "${NEO4J_AUTH:-}" == "none" ]; then
         NEO4J_dbms_security_auth__enabled=false
     elif [[ "${NEO4J_AUTH:-}" == neo4j/* ]]; then
         password="${NEO4J_AUTH#neo4j/}"
         if [ "${password}" == "neo4j" ]; then
-            echo "Invalid value for password. It cannot be 'neo4j', which is the default."
+            echo >&2 "Invalid value for password. It cannot be 'neo4j', which is the default."
             exit 1
         fi
         # Will exit with error if users already exist (and print a message explaining that)
         bin/neo4j-admin set-initial-password "${password}" || true
     elif [ -n "${NEO4J_AUTH:-}" ]; then
-        echo "Invalid value for NEO4J_AUTH: '${NEO4J_AUTH}'"
+        echo >&2 "Invalid value for NEO4J_AUTH: '${NEO4J_AUTH}'"
         exit 1
     fi
 fi
@@ -124,10 +155,20 @@ for i in $( set | grep ^NEO4J_ | awk -F'=' '{print $1}' | sort -rn ); do
     fi
 done
 
+# Chown the data dir now that (maybe) an initial password has been
+# set (this is a file in the data dir)
+if [[ "$(id -u)" = "0" ]]; then
+  chmod -R 755 /data
+  chown -R "${userid}":"${groupid}" /data
+fi
+
 [ -f "${EXTENSION_SCRIPT:-}" ] && . ${EXTENSION_SCRIPT}
 
-if [ "${cmd}" == "neo4j" ] ; then
-    exec neo4j console
+# Use su-exec to drop privileges to neo4j user
+# Note that su-exec, despite its name, does not replicate the
+# functionality of exec, so we need to use both
+if [ "${cmd}" == "neo4j" ]; then
+  ${exec_cmd} neo4j console
 else
-    exec "$@"
+  ${exec_cmd} "$@"
 fi
diff --git a/neo4j_3.2-enterprise/Dockerfile b/neo4j_3.2.9-enterprise/Dockerfile
similarity index 66%
copy from neo4j_3.2-enterprise/Dockerfile
copy to neo4j_3.2.9-enterprise/Dockerfile
index 851de26..d1404f4 100644
--- a/neo4j_3.2-enterprise/Dockerfile
+++ b/neo4j_3.2.9-enterprise/Dockerfile
@@ -1,8 +1,6 @@
 FROM openjdk:8-jre-alpine
 
-RUN apk add --no-cache --quiet \
-    bash \
-    curl
+RUN addgroup -S neo4j && adduser -S -H -h /var/lib/neo4j -G neo4j neo4j
 
 ENV NEO4J_SHA256=370d563213b8df164a886d81e1f81a91ecadb90334b6f47af3607529e10b5113 \
     NEO4J_TARBALL=neo4j-enterprise-3.2.9-unix.tar.gz
@@ -10,12 +8,21 @@ ARG NEO4J_URI=http://dist.neo4j.org/neo4j-enterprise-3.2.9-unix.tar.gz
 
 COPY ./local-package/* /tmp/
 
-RUN curl --fail --silent --show-error --location --remote-name ${NEO4J_URI} \
+RUN apk add --no-cache --quiet \
+    bash \
+    curl \
+    tini \
+    su-exec \
+    && curl --fail --silent --show-error --location --remote-name ${NEO4J_URI} \
     && echo "${NEO4J_SHA256}  ${NEO4J_TARBALL}" | sha256sum -csw - \
     && tar --extract --file ${NEO4J_TARBALL} --directory /var/lib \
     && mv /var/lib/neo4j-* /var/lib/neo4j \
     && rm ${NEO4J_TARBALL} \
     && mv /var/lib/neo4j/data /data \
+    && chown -R neo4j:neo4j /data \
+    && chmod -R 777 /data \
+    && chown -R neo4j:neo4j /var/lib/neo4j \
+    && chmod -R 777 /var/lib/neo4j \
     && ln -s /data /var/lib/neo4j/data \
     && apk del curl
 
@@ -29,5 +36,5 @@ COPY docker-entrypoint.sh /docker-entrypoint.sh
 
 EXPOSE 7474 7473 7687
 
-ENTRYPOINT ["/docker-entrypoint.sh"]
+ENTRYPOINT ["/sbin/tini", "-g", "--", "/docker-entrypoint.sh"]
 CMD ["neo4j"]
diff --git a/neo4j_3.2-enterprise/docker-entrypoint.sh b/neo4j_3.2.9-enterprise/docker-entrypoint.sh
similarity index 71%
copy from neo4j_3.2-enterprise/docker-entrypoint.sh
copy to neo4j_3.2.9-enterprise/docker-entrypoint.sh
index d36d70b..0da7bde 100755
--- a/neo4j_3.2-enterprise/docker-entrypoint.sh
+++ b/neo4j_3.2.9-enterprise/docker-entrypoint.sh
@@ -2,20 +2,51 @@
 
 cmd="$1"
 
-if [[ "${cmd}" != *"neo4j"* ]]; then
-    [ -f "${EXTENSION_SCRIPT:-}" ] && . ${EXTENSION_SCRIPT}
-
-    if [ "${cmd}" == "dump-config" ]; then
-        if [ -d /conf ]; then
-            cp --recursive conf/* /conf
-            exit 0
-        else
-            echo "You must provide a /conf volume"
-            exit 1
-        fi
-    fi
-    exec "$@"
-    exit $?
+# If we're running as root, then run as the neo4j user. Otherwise
+# docker is running with --user and we simply use that user.  Note
+# that su-exec, despite its name, does not replicate the functionality
+# of exec, so we need to use both
+if [ "$(id -u)" = "0" ]; then
+  userid="neo4j"
+  groupid="neo4j"
+  exec_cmd="exec su-exec neo4j"
+else
+  userid="$(id -u)"
+  groupid="$(id -g)"
+  exec_cmd="exec"
+fi
+readonly userid
+readonly groupid
+readonly exec_cmd
+
+# Need to chown the home directory - but a user might have mounted a
+# volume here (notably a conf volume). So take care not to chown
+# volumes (stuff not owned by neo4j)
+if [[ "$(id -u)" = "0" ]]; then
+  # Non-recursive chown for the base directory
+  chown "${userid}":"${groupid}" /var/lib/neo4j
+  chmod 700 /var/lib/neo4j
+fi
+
+while IFS= read -r -d '' dir
+do
+  if [[ "$(id -u)" = "0" ]] && [[ "$(stat -c %U "${dir}")" = "neo4j" ]]; then
+    # Using mindepth 1 to avoid the base directory here so recursive is OK
+    chown -R "${userid}":"${groupid}" "${dir}"
+    chmod -R 700 "${dir}"
+  fi
+done <   <(find /var/lib/neo4j -type d -mindepth 1 -maxdepth 1 -print0)
+
+# Data dir is chowned later
+
+if [ "${cmd}" == "dump-config" ]; then
+  if [ -d /conf ]; then
+    ${exec_cmd} cp --recursive conf/* /conf
+    exit 0
+  else
+    echo >&2 "You must provide a /conf volume"
+    exit 1
+  fi
 fi
 
 # Env variable naming convention:
@@ -92,19 +123,19 @@ if [ -d /metrics ]; then
 fi
 
 # set the neo4j initial password only if you run the database server
-if [ "${cmd}" == "neo4j" ] ; then
+if [ "${cmd}" == "neo4j" ]; then
     if [ "${NEO4J_AUTH:-}" == "none" ]; then
         NEO4J_dbms_security_auth__enabled=false
     elif [[ "${NEO4J_AUTH:-}" == neo4j/* ]]; then
         password="${NEO4J_AUTH#neo4j/}"
         if [ "${password}" == "neo4j" ]; then
-            echo "Invalid value for password. It cannot be 'neo4j', which is the default."
+            echo >&2 "Invalid value for password. It cannot be 'neo4j', which is the default."
             exit 1
         fi
         # Will exit with error if users already exist (and print a message explaining that)
         bin/neo4j-admin set-initial-password "${password}" || true
     elif [ -n "${NEO4J_AUTH:-}" ]; then
-        echo "Invalid value for NEO4J_AUTH: '${NEO4J_AUTH}'"
+        echo >&2 "Invalid value for NEO4J_AUTH: '${NEO4J_AUTH}'"
         exit 1
     fi
 fi
@@ -124,10 +155,20 @@ for i in $( set | grep ^NEO4J_ | awk -F'=' '{print $1}' | sort -rn ); do
     fi
 done
 
+# Chown the data dir now that (maybe) an initial password has been
+# set (this is a file in the data dir)
+if [[ "$(id -u)" = "0" ]]; then
+  chmod -R 755 /data
+  chown -R "${userid}":"${groupid}" /data
+fi
+
 [ -f "${EXTENSION_SCRIPT:-}" ] && . ${EXTENSION_SCRIPT}
 
-if [ "${cmd}" == "neo4j" ] ; then
-    exec neo4j console
+# Use su-exec to drop privileges to neo4j user
+# Note that su-exec, despite its name, does not replicate the
+# functionality of exec, so we need to use both
+if [ "${cmd}" == "neo4j" ]; then
+  ${exec_cmd} neo4j console
 else
-    exec "$@"
+  ${exec_cmd} "$@"
 fi
diff --git a/neo4j_2.3-enterprise/local-package/.sentinel b/neo4j_3.2.9-enterprise/local-package/.sentinel
similarity index 100%
copy from neo4j_2.3-enterprise/local-package/.sentinel
copy to neo4j_3.2.9-enterprise/local-package/.sentinel
diff --git a/neo4j_3.2/Dockerfile b/neo4j_3.2.9/Dockerfile
similarity index 66%
copy from neo4j_3.2/Dockerfile
copy to neo4j_3.2.9/Dockerfile
index d3ad58d..c29adf2 100644
--- a/neo4j_3.2/Dockerfile
+++ b/neo4j_3.2.9/Dockerfile
@@ -1,8 +1,6 @@
 FROM openjdk:8-jre-alpine
 
-RUN apk add --no-cache --quiet \
-    bash \
-    curl
+RUN addgroup -S neo4j && adduser -S -H -h /var/lib/neo4j -G neo4j neo4j
 
 ENV NEO4J_SHA256=6bcf88935e262b9ffa62ce7bf3c8b0887a19abbe6a5b615e4bcc724942e140fa \
     NEO4J_TARBALL=neo4j-community-3.2.9-unix.tar.gz
@@ -10,12 +8,21 @@ ARG NEO4J_URI=http://dist.neo4j.org/neo4j-community-3.2.9-unix.tar.gz
 
 COPY ./local-package/* /tmp/
 
-RUN curl --fail --silent --show-error --location --remote-name ${NEO4J_URI} \
+RUN apk add --no-cache --quiet \
+    bash \
+    curl \
+    tini \
+    su-exec \
+    && curl --fail --silent --show-error --location --remote-name ${NEO4J_URI} \
     && echo "${NEO4J_SHA256}  ${NEO4J_TARBALL}" | sha256sum -csw - \
     && tar --extract --file ${NEO4J_TARBALL} --directory /var/lib \
     && mv /var/lib/neo4j-* /var/lib/neo4j \
     && rm ${NEO4J_TARBALL} \
     && mv /var/lib/neo4j/data /data \
+    && chown -R neo4j:neo4j /data \
+    && chmod -R 777 /data \
+    && chown -R neo4j:neo4j /var/lib/neo4j \
+    && chmod -R 777 /var/lib/neo4j \
     && ln -s /data /var/lib/neo4j/data \
     && apk del curl
 
@@ -29,5 +36,5 @@ COPY docker-entrypoint.sh /docker-entrypoint.sh
 
 EXPOSE 7474 7473 7687
 
-ENTRYPOINT ["/docker-entrypoint.sh"]
+ENTRYPOINT ["/sbin/tini", "-g", "--", "/docker-entrypoint.sh"]
 CMD ["neo4j"]
diff --git a/neo4j_3.2-enterprise/docker-entrypoint.sh b/neo4j_3.2.9/docker-entrypoint.sh
similarity index 71%
copy from neo4j_3.2-enterprise/docker-entrypoint.sh
copy to neo4j_3.2.9/docker-entrypoint.sh
index d36d70b..0da7bde 100755
--- a/neo4j_3.2-enterprise/docker-entrypoint.sh
+++ b/neo4j_3.2.9/docker-entrypoint.sh
@@ -2,20 +2,51 @@
 
 cmd="$1"
 
-if [[ "${cmd}" != *"neo4j"* ]]; then
-    [ -f "${EXTENSION_SCRIPT:-}" ] && . ${EXTENSION_SCRIPT}
-
-    if [ "${cmd}" == "dump-config" ]; then
-        if [ -d /conf ]; then
-            cp --recursive conf/* /conf
-            exit 0
-        else
-            echo "You must provide a /conf volume"
-            exit 1
-        fi
-    fi
-    exec "$@"
-    exit $?
+# If we're running as root, then run as the neo4j user. Otherwise
+# docker is running with --user and we simply use that user.  Note
+# that su-exec, despite its name, does not replicate the functionality
+# of exec, so we need to use both
+if [ "$(id -u)" = "0" ]; then
+  userid="neo4j"
+  groupid="neo4j"
+  exec_cmd="exec su-exec neo4j"
+else
+  userid="$(id -u)"
+  groupid="$(id -g)"
+  exec_cmd="exec"
+fi
+readonly userid
+readonly groupid
+readonly exec_cmd
+
+# Need to chown the home directory - but a user might have mounted a
+# volume here (notably a conf volume). So take care not to chown
+# volumes (stuff not owned by neo4j)
+if [[ "$(id -u)" = "0" ]]; then
+  # Non-recursive chown for the base directory
+  chown "${userid}":"${groupid}" /var/lib/neo4j
+  chmod 700 /var/lib/neo4j
+fi
+
+while IFS= read -r -d '' dir
+do
+  if [[ "$(id -u)" = "0" ]] && [[ "$(stat -c %U "${dir}")" = "neo4j" ]]; then
+    # Using mindepth 1 to avoid the base directory here so recursive is OK
+    chown -R "${userid}":"${groupid}" "${dir}"
+    chmod -R 700 "${dir}"
+  fi
+done <   <(find /var/lib/neo4j -type d -mindepth 1 -maxdepth 1 -print0)
+
+# Data dir is chowned later
+
+if [ "${cmd}" == "dump-config" ]; then
+  if [ -d /conf ]; then
+    ${exec_cmd} cp --recursive conf/* /conf
+    exit 0
+  else
+    echo >&2 "You must provide a /conf volume"
+    exit 1
+  fi
 fi
 
 # Env variable naming convention:
@@ -92,19 +123,19 @@ if [ -d /metrics ]; then
 fi
 
 # set the neo4j initial password only if you run the database server
-if [ "${cmd}" == "neo4j" ] ; then
+if [ "${cmd}" == "neo4j" ]; then
     if [ "${NEO4J_AUTH:-}" == "none" ]; then
         NEO4J_dbms_security_auth__enabled=false
     elif [[ "${NEO4J_AUTH:-}" == neo4j/* ]]; then
         password="${NEO4J_AUTH#neo4j/}"
         if [ "${password}" == "neo4j" ]; then
-            echo "Invalid value for password. It cannot be 'neo4j', which is the default."
+            echo >&2 "Invalid value for password. It cannot be 'neo4j', which is the default."
             exit 1
         fi
         # Will exit with error if users already exist (and print a message explaining that)
         bin/neo4j-admin set-initial-password "${password}" || true
     elif [ -n "${NEO4J_AUTH:-}" ]; then
-        echo "Invalid value for NEO4J_AUTH: '${NEO4J_AUTH}'"
+        echo >&2 "Invalid value for NEO4J_AUTH: '${NEO4J_AUTH}'"
         exit 1
     fi
 fi
@@ -124,10 +155,20 @@ for i in $( set | grep ^NEO4J_ | awk -F'=' '{print $1}' | sort -rn ); do
     fi
 done
 
+# Chown the data dir now that (maybe) an initial password has been
+# set (this is a file in the data dir)
+if [[ "$(id -u)" = "0" ]]; then
+  chmod -R 755 /data
+  chown -R "${userid}":"${groupid}" /data
+fi
+
 [ -f "${EXTENSION_SCRIPT:-}" ] && . ${EXTENSION_SCRIPT}
 
-if [ "${cmd}" == "neo4j" ] ; then
-    exec neo4j console
+# Use su-exec to drop privileges to neo4j user
+# Note that su-exec, despite its name, does not replicate the
+# functionality of exec, so we need to use both
+if [ "${cmd}" == "neo4j" ]; then
+  ${exec_cmd} neo4j console
 else
-    exec "$@"
+  ${exec_cmd} "$@"
 fi
diff --git a/neo4j_2.3-enterprise/local-package/.sentinel b/neo4j_3.2.9/local-package/.sentinel
similarity index 100%
copy from neo4j_2.3-enterprise/local-package/.sentinel
copy to neo4j_3.2.9/local-package/.sentinel
diff --git a/neo4j_3.2/Dockerfile b/neo4j_3.2/Dockerfile
index d3ad58d..f527eb8 100644
--- a/neo4j_3.2/Dockerfile
+++ b/neo4j_3.2/Dockerfile
@@ -1,21 +1,28 @@
 FROM openjdk:8-jre-alpine
 
-RUN apk add --no-cache --quiet \
-    bash \
-    curl
+RUN addgroup -S neo4j && adduser -S -H -h /var/lib/neo4j -G neo4j neo4j
 
-ENV NEO4J_SHA256=6bcf88935e262b9ffa62ce7bf3c8b0887a19abbe6a5b615e4bcc724942e140fa \
-    NEO4J_TARBALL=neo4j-community-3.2.9-unix.tar.gz
-ARG NEO4J_URI=http://dist.neo4j.org/neo4j-community-3.2.9-unix.tar.gz
+ENV NEO4J_SHA256=7095457c7f27ee3653f66504ae67b5c3a18c51e6a96b986341850897d45696d5 \
+    NEO4J_TARBALL=neo4j-community-3.2.10-unix.tar.gz
+ARG NEO4J_URI=http://dist.neo4j.org/neo4j-community-3.2.10-unix.tar.gz
 
 COPY ./local-package/* /tmp/
 
-RUN curl --fail --silent --show-error --location --remote-name ${NEO4J_URI} \
+RUN apk add --no-cache --quiet \
+    bash \
+    curl \
+    tini \
+    su-exec \
+    && curl --fail --silent --show-error --location --remote-name ${NEO4J_URI} \
     && echo "${NEO4J_SHA256}  ${NEO4J_TARBALL}" | sha256sum -csw - \
     && tar --extract --file ${NEO4J_TARBALL} --directory /var/lib \
     && mv /var/lib/neo4j-* /var/lib/neo4j \
     && rm ${NEO4J_TARBALL} \
     && mv /var/lib/neo4j/data /data \
+    && chown -R neo4j:neo4j /data \
+    && chmod -R 777 /data \
+    && chown -R neo4j:neo4j /var/lib/neo4j \
+    && chmod -R 777 /var/lib/neo4j \
     && ln -s /data /var/lib/neo4j/data \
     && apk del curl
 
@@ -29,5 +36,5 @@ COPY docker-entrypoint.sh /docker-entrypoint.sh
 
 EXPOSE 7474 7473 7687
 
-ENTRYPOINT ["/docker-entrypoint.sh"]
+ENTRYPOINT ["/sbin/tini", "-g", "--", "/docker-entrypoint.sh"]
 CMD ["neo4j"]
diff --git a/neo4j_3.2/docker-entrypoint.sh b/neo4j_3.2/docker-entrypoint.sh
index d36d70b..0da7bde 100755
--- a/neo4j_3.2/docker-entrypoint.sh
+++ b/neo4j_3.2/docker-entrypoint.sh
@@ -2,20 +2,51 @@
 
 cmd="$1"
 
-if [[ "${cmd}" != *"neo4j"* ]]; then
-    [ -f "${EXTENSION_SCRIPT:-}" ] && . ${EXTENSION_SCRIPT}
-
-    if [ "${cmd}" == "dump-config" ]; then
-        if [ -d /conf ]; then
-            cp --recursive conf/* /conf
-            exit 0
-        else
-            echo "You must provide a /conf volume"
-            exit 1
-        fi
-    fi
-    exec "$@"
-    exit $?
+# If we're running as root, then run as the neo4j user. Otherwise
+# docker is running with --user and we simply use that user.  Note
+# that su-exec, despite its name, does not replicate the functionality
+# of exec, so we need to use both
+if [ "$(id -u)" = "0" ]; then
+  userid="neo4j"
+  groupid="neo4j"
+  exec_cmd="exec su-exec neo4j"
+else
+  userid="$(id -u)"
+  groupid="$(id -g)"
+  exec_cmd="exec"
+fi
+readonly userid
+readonly groupid
+readonly exec_cmd
+
+# Need to chown the home directory - but a user might have mounted a
+# volume here (notably a conf volume). So take care not to chown
+# volumes (stuff not owned by neo4j)
+if [[ "$(id -u)" = "0" ]]; then
+  # Non-recursive chown for the base directory
+  chown "${userid}":"${groupid}" /var/lib/neo4j
+  chmod 700 /var/lib/neo4j
+fi
+
+while IFS= read -r -d '' dir
+do
+  if [[ "$(id -u)" = "0" ]] && [[ "$(stat -c %U "${dir}")" = "neo4j" ]]; then
+    # Using mindepth 1 to avoid the base directory here so recursive is OK
+    chown -R "${userid}":"${groupid}" "${dir}"
+    chmod -R 700 "${dir}"
+  fi
+done <   <(find /var/lib/neo4j -type d -mindepth 1 -maxdepth 1 -print0)
+
+# Data dir is chowned later
+
+if [ "${cmd}" == "dump-config" ]; then
+  if [ -d /conf ]; then
+    ${exec_cmd} cp --recursive conf/* /conf
+    exit 0
+  else
+    echo >&2 "You must provide a /conf volume"
+    exit 1
+  fi
 fi
 
 # Env variable naming convention:
@@ -92,19 +123,19 @@ if [ -d /metrics ]; then
 fi
 
 # set the neo4j initial password only if you run the database server
-if [ "${cmd}" == "neo4j" ] ; then
+if [ "${cmd}" == "neo4j" ]; then
     if [ "${NEO4J_AUTH:-}" == "none" ]; then
         NEO4J_dbms_security_auth__enabled=false
     elif [[ "${NEO4J_AUTH:-}" == neo4j/* ]]; then
         password="${NEO4J_AUTH#neo4j/}"
         if [ "${password}" == "neo4j" ]; then
-            echo "Invalid value for password. It cannot be 'neo4j', which is the default."
+            echo >&2 "Invalid value for password. It cannot be 'neo4j', which is the default."
             exit 1
         fi
         # Will exit with error if users already exist (and print a message explaining that)
         bin/neo4j-admin set-initial-password "${password}" || true
     elif [ -n "${NEO4J_AUTH:-}" ]; then
-        echo "Invalid value for NEO4J_AUTH: '${NEO4J_AUTH}'"
+        echo >&2 "Invalid value for NEO4J_AUTH: '${NEO4J_AUTH}'"
         exit 1
     fi
 fi
@@ -124,10 +155,20 @@ for i in $( set | grep ^NEO4J_ | awk -F'=' '{print $1}' | sort -rn ); do
     fi
 done
 
+# Chown the data dir now that (maybe) an initial password has been
+# set (this is a file in the data dir)
+if [[ "$(id -u)" = "0" ]]; then
+  chmod -R 755 /data
+  chown -R "${userid}":"${groupid}" /data
+fi
+
 [ -f "${EXTENSION_SCRIPT:-}" ] && . ${EXTENSION_SCRIPT}
 
-if [ "${cmd}" == "neo4j" ] ; then
-    exec neo4j console
+# Use su-exec to drop privileges to neo4j user
+# Note that su-exec, despite its name, does not replicate the
+# functionality of exec, so we need to use both
+if [ "${cmd}" == "neo4j" ]; then
+  ${exec_cmd} neo4j console
 else
-    exec "$@"
+  ${exec_cmd} "$@"
 fi
diff --git a/neo4j_enterprise/Dockerfile b/neo4j_3.3.3-enterprise/Dockerfile
similarity index 100%
copy from neo4j_enterprise/Dockerfile
copy to neo4j_3.3.3-enterprise/Dockerfile
diff --git a/neo4j_3.3.1-enterprise/docker-entrypoint.sh b/neo4j_3.3.3-enterprise/docker-entrypoint.sh
similarity index 100%
copy from neo4j_3.3.1-enterprise/docker-entrypoint.sh
copy to neo4j_3.3.3-enterprise/docker-entrypoint.sh
diff --git a/neo4j_2.3-enterprise/local-package/.sentinel b/neo4j_3.3.3-enterprise/local-package/.sentinel
similarity index 100%
copy from neo4j_2.3-enterprise/local-package/.sentinel
copy to neo4j_3.3.3-enterprise/local-package/.sentinel
diff --git a/neo4j_latest/Dockerfile b/neo4j_3.3.3/Dockerfile
similarity index 100%
copy from neo4j_latest/Dockerfile
copy to neo4j_3.3.3/Dockerfile
diff --git a/neo4j_3.3.1-enterprise/docker-entrypoint.sh b/neo4j_3.3.3/docker-entrypoint.sh
similarity index 100%
copy from neo4j_3.3.1-enterprise/docker-entrypoint.sh
copy to neo4j_3.3.3/docker-entrypoint.sh
diff --git a/neo4j_2.3-enterprise/local-package/.sentinel b/neo4j_3.3.3/local-package/.sentinel
similarity index 100%
copy from neo4j_2.3-enterprise/local-package/.sentinel
copy to neo4j_3.3.3/local-package/.sentinel
diff --git a/neo4j_enterprise/Dockerfile b/neo4j_enterprise/Dockerfile
index 37efa3c..73148e3 100644
--- a/neo4j_enterprise/Dockerfile
+++ b/neo4j_enterprise/Dockerfile
@@ -1,22 +1,29 @@
 FROM openjdk:8-jre-alpine
 
-RUN apk add --no-cache --quiet \
-    bash \
-    curl
+RUN addgroup -S neo4j && adduser -S -H -h /var/lib/neo4j -G neo4j neo4j
 
-ENV NEO4J_SHA256=6901832c63bb3d9af150a1c3da3a88a4d15ad4b4a130611df138648d4c25f1a8 \
-    NEO4J_TARBALL=neo4j-enterprise-3.3.3-unix.tar.gz \
+ENV NEO4J_SHA256=9c4438466e2a3b4ef7b4a8f4b9564b963b5059aa36fea547521eef88cc384653 \
+    NEO4J_TARBALL=neo4j-enterprise-3.3.4-unix.tar.gz \
     NEO4J_EDITION=enterprise
-ARG NEO4J_URI=http://dist.neo4j.org/neo4j-enterprise-3.3.3-unix.tar.gz
+ARG NEO4J_URI=http://dist.neo4j.org/neo4j-enterprise-3.3.4-unix.tar.gz
 
 COPY ./local-package/* /tmp/
 
-RUN curl --fail --silent --show-error --location --remote-name ${NEO4J_URI} \
+RUN apk add --no-cache --quiet \
+    bash \
+    curl \
+    tini \
+    su-exec \
+    && curl --fail --silent --show-error --location --remote-name ${NEO4J_URI} \
     && echo "${NEO4J_SHA256}  ${NEO4J_TARBALL}" | sha256sum -csw - \
     && tar --extract --file ${NEO4J_TARBALL} --directory /var/lib \
     && mv /var/lib/neo4j-* /var/lib/neo4j \
     && rm ${NEO4J_TARBALL} \
     && mv /var/lib/neo4j/data /data \
+    && chown -R neo4j:neo4j /data \
+    && chmod -R 777 /data \
+    && chown -R neo4j:neo4j /var/lib/neo4j \
+    && chmod -R 777 /var/lib/neo4j \
     && ln -s /data /var/lib/neo4j/data \
     && apk del curl
 
@@ -30,5 +37,5 @@ COPY docker-entrypoint.sh /docker-entrypoint.sh
 
 EXPOSE 7474 7473 7687
 
-ENTRYPOINT ["/docker-entrypoint.sh"]
+ENTRYPOINT ["/sbin/tini", "-g", "--", "/docker-entrypoint.sh"]
 CMD ["neo4j"]
diff --git a/neo4j_enterprise/docker-entrypoint.sh b/neo4j_enterprise/docker-entrypoint.sh
index ef19722..e6c28f4 100755
--- a/neo4j_enterprise/docker-entrypoint.sh
+++ b/neo4j_enterprise/docker-entrypoint.sh
@@ -2,25 +2,58 @@
 
 cmd="$1"
 
-if [[ "${cmd}" != *"neo4j"* ]]; then
-    [ -f "${EXTENSION_SCRIPT:-}" ] && . ${EXTENSION_SCRIPT}
-
-    if [ "${cmd}" == "dump-config" ]; then
-        if [ -d /conf ]; then
-            cp --recursive conf/* /conf
-            exit 0
-        else
-            echo "You must provide a /conf volume"
-            exit 1
-        fi
-    fi
-    exec "$@"
-    exit $?
+# If we're running as root, then run as the neo4j user. Otherwise
+# docker is running with --user and we simply use that user.  Note
+# that su-exec, despite its name, does not replicate the functionality
+# of exec, so we need to use both
+if [ "$(id -u)" = "0" ]; then
+  userid="neo4j"
+  groupid="neo4j"
+  exec_cmd="exec su-exec neo4j"
+else
+  userid="$(id -u)"
+  groupid="$(id -g)"
+  exec_cmd="exec"
+fi
+readonly userid
+readonly groupid
+readonly exec_cmd
+
+# Need to chown the home directory - but a user might have mounted a
+# volume here (notably a conf volume). So take care not to chown
+# volumes (stuff not owned by neo4j)
+if [[ "$(id -u)" = "0" ]]; then
+  # Non-recursive chown for the base directory
+  chown "${userid}":"${groupid}" /var/lib/neo4j
+  chmod 700 /var/lib/neo4j
 fi
 
-if [ "$NEO4J_EDITION" == "enterprise" ]; then
+while IFS= read -r -d '' dir
+do
+  if [[ "$(id -u)" = "0" ]] && [[ "$(stat -c %U "${dir}")" = "neo4j" ]]; then
+    # Using mindepth 1 to avoid the base directory here so recursive is OK
+    chown -R "${userid}":"${groupid}" "${dir}"
+    chmod -R 700 "${dir}"
+  fi
+done <   <(find /var/lib/neo4j -type d -mindepth 1 -maxdepth 1 -print0)
+
+# Data dir is chowned later
+
+if [[ "${cmd}" != *"neo4j"* ]]; then
+  if [ "${cmd}" == "dump-config" ]; then
+    if [ -d /conf ]; then
+      ${exec_cmd} cp --recursive conf/* /conf
+      exit 0
+    else
+      echo >&2 "You must provide a /conf volume"
+      exit 1
+    fi
+  fi
+else
+  # Only prompt for license agreement if command contains "neo4j" in it
+  if [ "$NEO4J_EDITION" == "enterprise" ]; then
     if [ "${NEO4J_ACCEPT_LICENSE_AGREEMENT:=no}" != "yes" ]; then
-        echo "
+      echo >&2 "
 In order to use Neo4j Enterprise Edition you must accept the license agreement.
 
 (c) Network Engine for Objects in Lund AB.  2017.  All Rights Reserved.
@@ -32,15 +65,16 @@ Email inquiries can be directed to: licensing@neo4j.com
 More information is also available at: https://neo4j.com/licensing/
 
 
-To accept the license agreemnt set the environment variable
+To accept the license agreement set the environment variable
 NEO4J_ACCEPT_LICENSE_AGREEMENT=yes
 
 To do this you can use the following docker argument:
 
         --env=NEO4J_ACCEPT_LICENSE_AGREEMENT=yes
 "
-        exit 1
+      exit 1
     fi
+  fi
 fi
 
 # Env variable naming convention:
@@ -142,13 +176,13 @@ if [ "${cmd}" == "neo4j" ]; then
     elif [[ "${NEO4J_AUTH:-}" == neo4j/* ]]; then
         password="${NEO4J_AUTH#neo4j/}"
         if [ "${password}" == "neo4j" ]; then
-            echo "Invalid value for password. It cannot be 'neo4j', which is the default."
+            echo >&2 "Invalid value for password. It cannot be 'neo4j', which is the default."
             exit 1
         fi
         # Will exit with error if users already exist (and print a message explaining that)
         bin/neo4j-admin set-initial-password "${password}" || true
     elif [ -n "${NEO4J_AUTH:-}" ]; then
-        echo "Invalid value for NEO4J_AUTH: '${NEO4J_AUTH}'"
+        echo >&2 "Invalid value for NEO4J_AUTH: '${NEO4J_AUTH}'"
         exit 1
     fi
 fi
@@ -168,10 +202,20 @@ for i in $( set | grep ^NEO4J_ | awk -F'=' '{print $1}' | sort -rn ); do
     fi
 done
 
+# Chown the data dir now that (maybe) an initial password has been
+# set (this is a file in the data dir)
+if [[ "$(id -u)" = "0" ]]; then
+  chmod -R 755 /data
+  chown -R "${userid}":"${groupid}" /data
+fi
+
 [ -f "${EXTENSION_SCRIPT:-}" ] && . ${EXTENSION_SCRIPT}
 
+# Use su-exec to drop privileges to neo4j user
+# Note that su-exec, despite its name, does not replicate the
+# functionality of exec, so we need to use both
 if [ "${cmd}" == "neo4j" ]; then
-    exec neo4j console
+  ${exec_cmd} neo4j console
 else
-    exec "$@"
+  ${exec_cmd} "$@"
 fi
diff --git a/neo4j_latest/Dockerfile b/neo4j_latest/Dockerfile
index 9bfef58..50fe470 100644
--- a/neo4j_latest/Dockerfile
+++ b/neo4j_latest/Dockerfile
@@ -1,22 +1,29 @@
 FROM openjdk:8-jre-alpine
 
-RUN apk add --no-cache --quiet \
-    bash \
-    curl
+RUN addgroup -S neo4j && adduser -S -H -h /var/lib/neo4j -G neo4j neo4j
 
-ENV NEO4J_SHA256=a57be049906cc871b59d7a8283d265485b2c31de47b208ef18636901859232f9 \
-    NEO4J_TARBALL=neo4j-community-3.3.3-unix.tar.gz \
+ENV NEO4J_SHA256=cc2fda6ededfc4678d1fc9be9dc1c5c2902fe2bc184125b59ae6f9183a98571c \
+    NEO4J_TARBALL=neo4j-community-3.3.4-unix.tar.gz \
     NEO4J_EDITION=community
-ARG NEO4J_URI=http://dist.neo4j.org/neo4j-community-3.3.3-unix.tar.gz
+ARG NEO4J_URI=http://dist.neo4j.org/neo4j-community-3.3.4-unix.tar.gz
 
 COPY ./local-package/* /tmp/
 
-RUN curl --fail --silent --show-error --location --remote-name ${NEO4J_URI} \
+RUN apk add --no-cache --quiet \
+    bash \
+    curl \
+    tini \
+    su-exec \
+    && curl --fail --silent --show-error --location --remote-name ${NEO4J_URI} \
     && echo "${NEO4J_SHA256}  ${NEO4J_TARBALL}" | sha256sum -csw - \
     && tar --extract --file ${NEO4J_TARBALL} --directory /var/lib \
     && mv /var/lib/neo4j-* /var/lib/neo4j \
     && rm ${NEO4J_TARBALL} \
     && mv /var/lib/neo4j/data /data \
+    && chown -R neo4j:neo4j /data \
+    && chmod -R 777 /data \
+    && chown -R neo4j:neo4j /var/lib/neo4j \
+    && chmod -R 777 /var/lib/neo4j \
     && ln -s /data /var/lib/neo4j/data \
     && apk del curl
 
@@ -30,5 +37,5 @@ COPY docker-entrypoint.sh /docker-entrypoint.sh
 
 EXPOSE 7474 7473 7687
 
-ENTRYPOINT ["/docker-entrypoint.sh"]
+ENTRYPOINT ["/sbin/tini", "-g", "--", "/docker-entrypoint.sh"]
 CMD ["neo4j"]
diff --git a/neo4j_latest/docker-entrypoint.sh b/neo4j_latest/docker-entrypoint.sh
index ef19722..e6c28f4 100755
--- a/neo4j_latest/docker-entrypoint.sh
+++ b/neo4j_latest/docker-entrypoint.sh
@@ -2,25 +2,58 @@
 
 cmd="$1"
 
-if [[ "${cmd}" != *"neo4j"* ]]; then
-    [ -f "${EXTENSION_SCRIPT:-}" ] && . ${EXTENSION_SCRIPT}
-
-    if [ "${cmd}" == "dump-config" ]; then
-        if [ -d /conf ]; then
-            cp --recursive conf/* /conf
-            exit 0
-        else
-            echo "You must provide a /conf volume"
-            exit 1
-        fi
-    fi
-    exec "$@"
-    exit $?
+# If we're running as root, then run as the neo4j user. Otherwise
+# docker is running with --user and we simply use that user.  Note
+# that su-exec, despite its name, does not replicate the functionality
+# of exec, so we need to use both
+if [ "$(id -u)" = "0" ]; then
+  userid="neo4j"
+  groupid="neo4j"
+  exec_cmd="exec su-exec neo4j"
+else
+  userid="$(id -u)"
+  groupid="$(id -g)"
+  exec_cmd="exec"
+fi
+readonly userid
+readonly groupid
+readonly exec_cmd
+
+# Need to chown the home directory - but a user might have mounted a
+# volume here (notably a conf volume). So take care not to chown
+# volumes (stuff not owned by neo4j)
+if [[ "$(id -u)" = "0" ]]; then
+  # Non-recursive chown for the base directory
+  chown "${userid}":"${groupid}" /var/lib/neo4j
+  chmod 700 /var/lib/neo4j
 fi
 
-if [ "$NEO4J_EDITION" == "enterprise" ]; then
+while IFS= read -r -d '' dir
+do
+  if [[ "$(id -u)" = "0" ]] && [[ "$(stat -c %U "${dir}")" = "neo4j" ]]; then
+    # Using mindepth 1 to avoid the base directory here so recursive is OK
+    chown -R "${userid}":"${groupid}" "${dir}"
+    chmod -R 700 "${dir}"
+  fi
+done <   <(find /var/lib/neo4j -type d -mindepth 1 -maxdepth 1 -print0)
+
+# Data dir is chowned later
+
+if [[ "${cmd}" != *"neo4j"* ]]; then
+  if [ "${cmd}" == "dump-config" ]; then
+    if [ -d /conf ]; then
+      ${exec_cmd} cp --recursive conf/* /conf
+      exit 0
+    else
+      echo >&2 "You must provide a /conf volume"
+      exit 1
+    fi
+  fi
+else
+  # Only prompt for license agreement if command contains "neo4j" in it
+  if [ "$NEO4J_EDITION" == "enterprise" ]; then
     if [ "${NEO4J_ACCEPT_LICENSE_AGREEMENT:=no}" != "yes" ]; then
-        echo "
+      echo >&2 "
 In order to use Neo4j Enterprise Edition you must accept the license agreement.
 
 (c) Network Engine for Objects in Lund AB.  2017.  All Rights Reserved.
@@ -32,15 +65,16 @@ Email inquiries can be directed to: licensing@neo4j.com
 More information is also available at: https://neo4j.com/licensing/
 
 
-To accept the license agreemnt set the environment variable
+To accept the license agreement set the environment variable
 NEO4J_ACCEPT_LICENSE_AGREEMENT=yes
 
 To do this you can use the following docker argument:
 
         --env=NEO4J_ACCEPT_LICENSE_AGREEMENT=yes
 "
-        exit 1
+      exit 1
     fi
+  fi
 fi
 
 # Env variable naming convention:
@@ -142,13 +176,13 @@ if [ "${cmd}" == "neo4j" ]; then
     elif [[ "${NEO4J_AUTH:-}" == neo4j/* ]]; then
         password="${NEO4J_AUTH#neo4j/}"
         if [ "${password}" == "neo4j" ]; then
-            echo "Invalid value for password. It cannot be 'neo4j', which is the default."
+            echo >&2 "Invalid value for password. It cannot be 'neo4j', which is the default."
             exit 1
         fi
         # Will exit with error if users already exist (and print a message explaining that)
         bin/neo4j-admin set-initial-password "${password}" || true
     elif [ -n "${NEO4J_AUTH:-}" ]; then
-        echo "Invalid value for NEO4J_AUTH: '${NEO4J_AUTH}'"
+        echo >&2 "Invalid value for NEO4J_AUTH: '${NEO4J_AUTH}'"
         exit 1
     fi
 fi
@@ -168,10 +202,20 @@ for i in $( set | grep ^NEO4J_ | awk -F'=' '{print $1}' | sort -rn ); do
     fi
 done
 
+# Chown the data dir now that (maybe) an initial password has been
+# set (this is a file in the data dir)
+if [[ "$(id -u)" = "0" ]]; then
+  chmod -R 755 /data
+  chown -R "${userid}":"${groupid}" /data
+fi
+
 [ -f "${EXTENSION_SCRIPT:-}" ] && . ${EXTENSION_SCRIPT}
 
+# Use su-exec to drop privileges to neo4j user
+# Note that su-exec, despite its name, does not replicate the
+# functionality of exec, so we need to use both
 if [ "${cmd}" == "neo4j" ]; then
-    exec neo4j console
+  ${exec_cmd} neo4j console
 else
-    exec "$@"
+  ${exec_cmd} "$@"
 fi

tianon · 2018-03-20T18:08:28Z

LGTM!

yosifkit · 2018-03-20T20:44:55Z

Build test of #4136; 09966e5; amd64 (neo4j):

$ bashbrew build neo4j:3.3.4
Building bashbrew/cache:be2f0bfdc8e0ddce308871353368fe2903d43cfe1fa84d02391c0da71ecf28b2 (neo4j:3.3.4)
Tagging neo4j:3.3.4
Tagging neo4j:3.3
Tagging neo4j:latest

$ test/run.sh neo4j:3.3.4
testing neo4j:3.3.4
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.3.4-enterprise
Building bashbrew/cache:2a603217d85cd2ff685471b2057a5a179bdb467edb215a9c5083fe5291e8a616 (neo4j:3.3.4-enterprise)
Tagging neo4j:3.3.4-enterprise
Tagging neo4j:3.3-enterprise
Tagging neo4j:enterprise

$ test/run.sh neo4j:3.3.4-enterprise
testing neo4j:3.3.4-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.3.3
Using bashbrew/cache:0d1da6a4d2feae980a3044a0427e17d213211ef79ff2cf43f293920fbc76a941 (neo4j:3.3.3)
Tagging neo4j:3.3.3

$ test/run.sh neo4j:3.3.3
testing neo4j:3.3.3
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.3.3-enterprise
Using bashbrew/cache:de258e19190be34a1262c7cad92d5182a5df2ae92dcb33ac21a5d03081b832bc (neo4j:3.3.3-enterprise)
Tagging neo4j:3.3.3-enterprise

$ test/run.sh neo4j:3.3.3-enterprise
testing neo4j:3.3.3-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.3.2
Using bashbrew/cache:11f683afd6200d00b91d1e479a4217e9cab58a8d3411d12726358c060d1a2895 (neo4j:3.3.2)
Tagging neo4j:3.3.2

$ test/run.sh neo4j:3.3.2
testing neo4j:3.3.2
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.3.2-enterprise
Using bashbrew/cache:cc502d4b2ddf0f0db5242946e28c7857d61e2b8b919d4a29e055dd795deb4283 (neo4j:3.3.2-enterprise)
Tagging neo4j:3.3.2-enterprise

$ test/run.sh neo4j:3.3.2-enterprise
testing neo4j:3.3.2-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.3.1
Using bashbrew/cache:6336eef6e83d9b9fc4c8979ecfeec0127ae2aca797874553b8ee48893e65ca4d (neo4j:3.3.1)
Tagging neo4j:3.3.1

$ test/run.sh neo4j:3.3.1
testing neo4j:3.3.1
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.3.1-enterprise
Using bashbrew/cache:c3386b3d81872e9db0ded6eecf10b15fa2b90dfc8d4d84fb00b287fa32c376ba (neo4j:3.3.1-enterprise)
Tagging neo4j:3.3.1-enterprise

$ test/run.sh neo4j:3.3.1-enterprise
testing neo4j:3.3.1-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.3.0
Using bashbrew/cache:7359f4eb6c3dd5ad1540afa6afdce03a0a771ed654fcb74097bdc01a0ee03471 (neo4j:3.3.0)
Tagging neo4j:3.3.0

$ test/run.sh neo4j:3.3.0
testing neo4j:3.3.0
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.3.0-enterprise
Using bashbrew/cache:81893d091b73b479c8b10495090b8c691806b232ad059de3b37efe64d97e0b69 (neo4j:3.3.0-enterprise)
Tagging neo4j:3.3.0-enterprise

$ test/run.sh neo4j:3.3.0-enterprise
testing neo4j:3.3.0-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.2.10
Building bashbrew/cache:8fd2afa5d42aa9b277e9ed1554e8522a0bdc2b0ced69af1d049494c333669d65 (neo4j:3.2.10)
Tagging neo4j:3.2.10
Tagging neo4j:3.2

$ test/run.sh neo4j:3.2.10
testing neo4j:3.2.10
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.2.10-enterprise
Building bashbrew/cache:379671acad0eed30e5cb50d6a2283cc4fb869f310c2c947d4166a0f29548c7e1 (neo4j:3.2.10-enterprise)
Tagging neo4j:3.2.10-enterprise
Tagging neo4j:3.2-enterprise

$ test/run.sh neo4j:3.2.10-enterprise
testing neo4j:3.2.10-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.2.9
Building bashbrew/cache:deed41506056480ffbf5b43c088b6a22455c379f1ca2fcc10fbe3500c3571471 (neo4j:3.2.9)
Tagging neo4j:3.2.9

$ test/run.sh neo4j:3.2.9
testing neo4j:3.2.9
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.2.9-enterprise
Building bashbrew/cache:6e78ca435ae4f9bc578f4bf9bbfd54d961b4e666f843e5601265509f3659e53b (neo4j:3.2.9-enterprise)
Tagging neo4j:3.2.9-enterprise

$ test/run.sh neo4j:3.2.9-enterprise
testing neo4j:3.2.9-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.2.8
Using bashbrew/cache:f50b61d56278e2d753359888e2fafa27064172e1a2dc62a1142a97578b3df8b1 (neo4j:3.2.8)
Tagging neo4j:3.2.8

$ test/run.sh neo4j:3.2.8
testing neo4j:3.2.8
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.2.8-enterprise
Using bashbrew/cache:821d83c3848b90a253b920994041a29de366d1f1f181f5c1ee09e8d33987e77d (neo4j:3.2.8-enterprise)
Tagging neo4j:3.2.8-enterprise

$ test/run.sh neo4j:3.2.8-enterprise
testing neo4j:3.2.8-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.2.7
Using bashbrew/cache:97da4101a98f721fd181f83aaaa1b653b776fb6553318bf7494345df3b6332dc (neo4j:3.2.7)
Tagging neo4j:3.2.7

$ test/run.sh neo4j:3.2.7
testing neo4j:3.2.7
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.2.7-enterprise
Using bashbrew/cache:81843dcddc5a7254631d1ae562f4fa762814948a19cf7be342298b557d87753c (neo4j:3.2.7-enterprise)
Tagging neo4j:3.2.7-enterprise

$ test/run.sh neo4j:3.2.7-enterprise
testing neo4j:3.2.7-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.2.6
Using bashbrew/cache:ff433b2202ff7adec9633607898bb3dc79393a05b265dee7775954e2db145413 (neo4j:3.2.6)
Tagging neo4j:3.2.6

$ test/run.sh neo4j:3.2.6
testing neo4j:3.2.6
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.2.6-enterprise
Using bashbrew/cache:d23f1f076c4ddf72ed11178c4c6bf56e046f2cd94496bc1f436d62e2cee52bab (neo4j:3.2.6-enterprise)
Tagging neo4j:3.2.6-enterprise

$ test/run.sh neo4j:3.2.6-enterprise
testing neo4j:3.2.6-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.2.5
Using bashbrew/cache:33994f742d1da55ff879e5df1bbb608e5d762d724e0d05809eb9f820e7a3046f (neo4j:3.2.5)
Tagging neo4j:3.2.5

$ test/run.sh neo4j:3.2.5
testing neo4j:3.2.5
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.2.5-enterprise
Using bashbrew/cache:a115894af2952c4047607f07211653ab1b6d5134d0807c0b2ca57e17b8bd9a26 (neo4j:3.2.5-enterprise)
Tagging neo4j:3.2.5-enterprise

$ test/run.sh neo4j:3.2.5-enterprise
testing neo4j:3.2.5-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.2.3
Using bashbrew/cache:28260991c56b8655a7b16d3279f811c5560e5ec8c0d90ca2aed612ab22904e00 (neo4j:3.2.3)
Tagging neo4j:3.2.3

$ test/run.sh neo4j:3.2.3
testing neo4j:3.2.3
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.2.3-enterprise
Using bashbrew/cache:21ba3c6ab877ed50639c9f4e155ce5ba7cd33e68b46aa76f9a1c7a666b295996 (neo4j:3.2.3-enterprise)
Tagging neo4j:3.2.3-enterprise

$ test/run.sh neo4j:3.2.3-enterprise
testing neo4j:3.2.3-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.2.2
Using bashbrew/cache:1ad1e252e22752e047323e017d8c64b81f668dd910dc2e2967c6fb97b49da98f (neo4j:3.2.2)
Tagging neo4j:3.2.2

$ test/run.sh neo4j:3.2.2
testing neo4j:3.2.2
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.2.2-enterprise
Using bashbrew/cache:5e6dd976cbab57a1648fc95478ccdc289d7590087696ea84ddd17368db63bf6d (neo4j:3.2.2-enterprise)
Tagging neo4j:3.2.2-enterprise

$ test/run.sh neo4j:3.2.2-enterprise
testing neo4j:3.2.2-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.2.1
Using bashbrew/cache:11661b73e7f4c771ccba318f48dc100a831740c91107bacb66482a5ba2efbf87 (neo4j:3.2.1)
Tagging neo4j:3.2.1

$ test/run.sh neo4j:3.2.1
testing neo4j:3.2.1
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.2.1-enterprise
Using bashbrew/cache:ab0671a8955e2afa44ca1d2b617e20bd2f7669db9eaa775b126a26094b7ad128 (neo4j:3.2.1-enterprise)
Tagging neo4j:3.2.1-enterprise

$ test/run.sh neo4j:3.2.1-enterprise
testing neo4j:3.2.1-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.2.0
Using bashbrew/cache:f1ad1186bfd523f331eeca1fc692cb791d0a54dce975fbe89314fd5e2d245e37 (neo4j:3.2.0)
Tagging neo4j:3.2.0

$ test/run.sh neo4j:3.2.0
testing neo4j:3.2.0
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.2.0-enterprise
Using bashbrew/cache:61d0bef9e1995889c492e724b65aad364cf13ebcc73c3721640bd70103cd0fe0 (neo4j:3.2.0-enterprise)
Tagging neo4j:3.2.0-enterprise

$ test/run.sh neo4j:3.2.0-enterprise
testing neo4j:3.2.0-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.1.8
Building bashbrew/cache:2fb5b68b0aafaea79fcc4047a0e58d0916a058161f3bc4bca477b72c3f49eea0 (neo4j:3.1.8)
Tagging neo4j:3.1.8
Tagging neo4j:3.1

$ test/run.sh neo4j:3.1.8
testing neo4j:3.1.8
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.1.8-enterprise
Building bashbrew/cache:9ac542d4f2ef3ec823e8e77a3a08bffd39eb215983de2046ae4236d49f9ff0cb (neo4j:3.1.8-enterprise)
Tagging neo4j:3.1.8-enterprise
Tagging neo4j:3.1-enterprise

$ test/run.sh neo4j:3.1.8-enterprise
testing neo4j:3.1.8-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.1.7
Using bashbrew/cache:a04ec0ab7d885f2ed407eefa796b86e5d0c639a8ef060d99c183cb27fb356c89 (neo4j:3.1.7)
Tagging neo4j:3.1.7

$ test/run.sh neo4j:3.1.7
testing neo4j:3.1.7
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.1.7-enterprise
Using bashbrew/cache:9f66edccbf556983c7d05cae34c62eb350e6aec10680937f9b757362e8f0aa6d (neo4j:3.1.7-enterprise)
Tagging neo4j:3.1.7-enterprise

$ test/run.sh neo4j:3.1.7-enterprise
testing neo4j:3.1.7-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.1.6
Using bashbrew/cache:725f8db49aeb2d89fdb4dc4c50b8f30922a6ca5fc16caf85ddea91b0b68bb942 (neo4j:3.1.6)
Tagging neo4j:3.1.6

$ test/run.sh neo4j:3.1.6
testing neo4j:3.1.6
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.1.6-enterprise
Using bashbrew/cache:b340e06c301262af5f384e1669694425ece4567170f03ef95eebb46b29464db7 (neo4j:3.1.6-enterprise)
Tagging neo4j:3.1.6-enterprise

$ test/run.sh neo4j:3.1.6-enterprise
testing neo4j:3.1.6-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.1.5
Using bashbrew/cache:aff6dbece5b3946635ad56923b639b94f24a6389c4854a540ddba61e1703b100 (neo4j:3.1.5)
Tagging neo4j:3.1.5

$ test/run.sh neo4j:3.1.5
testing neo4j:3.1.5
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.1.5-enterprise
Using bashbrew/cache:ab8299a35b7a512116101ba25094722c841e62601882a9c9b201759e512bf313 (neo4j:3.1.5-enterprise)
Tagging neo4j:3.1.5-enterprise

$ test/run.sh neo4j:3.1.5-enterprise
testing neo4j:3.1.5-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.1.4
Using bashbrew/cache:42b47338b23ef474b02b25a4c654b948dde3172dc43654afb0908b3b81a52f6e (neo4j:3.1.4)
Tagging neo4j:3.1.4

$ test/run.sh neo4j:3.1.4
testing neo4j:3.1.4
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.1.4-enterprise
Using bashbrew/cache:91454424a496d319fdd4fecbc3f0a5b0586bf6ff493cdf15395896f3fc7bf296 (neo4j:3.1.4-enterprise)
Tagging neo4j:3.1.4-enterprise

$ test/run.sh neo4j:3.1.4-enterprise
testing neo4j:3.1.4-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.1.3
Using bashbrew/cache:b90338a348d5d34e36c0e2dd17aec000b046af120073a55d230dd730a0a1d880 (neo4j:3.1.3)
Tagging neo4j:3.1.3

$ test/run.sh neo4j:3.1.3
testing neo4j:3.1.3
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.1.3-enterprise
Using bashbrew/cache:4b723c9b80fe0267e2f643721bc3b695b9efd1a50a6f968488cb785d41741907 (neo4j:3.1.3-enterprise)
Tagging neo4j:3.1.3-enterprise

$ test/run.sh neo4j:3.1.3-enterprise
testing neo4j:3.1.3-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.1.2
Using bashbrew/cache:732d7576faabff08c967c897de373d9912218e540fa825e82e0b7ffbdbd7a777 (neo4j:3.1.2)
Tagging neo4j:3.1.2

$ test/run.sh neo4j:3.1.2
testing neo4j:3.1.2
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.1.2-enterprise
Using bashbrew/cache:6f7aa14371e803b0aa1e493ff80e9f864213c790461f674cb01d00647601100f (neo4j:3.1.2-enterprise)
Tagging neo4j:3.1.2-enterprise

$ test/run.sh neo4j:3.1.2-enterprise
testing neo4j:3.1.2-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.1.1
Using bashbrew/cache:76d9cc67e90ec56b0df7986b94ef55bd2cb1cbfdc71bb01c968a08ae7cbbe24c (neo4j:3.1.1)
Tagging neo4j:3.1.1

$ test/run.sh neo4j:3.1.1
testing neo4j:3.1.1
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.1.1-enterprise
Using bashbrew/cache:e42dc7ca11e32a8eaf0e9381fb7eb86aaf6b22719980bbc0232610b7b7f69d63 (neo4j:3.1.1-enterprise)
Tagging neo4j:3.1.1-enterprise

$ test/run.sh neo4j:3.1.1-enterprise
testing neo4j:3.1.1-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.1.0
Using bashbrew/cache:1cde7628d3ce2c3210e0b9230728e4e9637bcaa29f4198f5ef0a67994331102d (neo4j:3.1.0)
Tagging neo4j:3.1.0

$ test/run.sh neo4j:3.1.0
testing neo4j:3.1.0
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.1.0-enterprise
Using bashbrew/cache:90924756d97dc7547275240b415c365413ab181f970cf3e82256b3b103313072 (neo4j:3.1.0-enterprise)
Tagging neo4j:3.1.0-enterprise

$ test/run.sh neo4j:3.1.0-enterprise
testing neo4j:3.1.0-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.0.12
Building bashbrew/cache:fd63cd5e2afffe7397958b2fd6675f46b0f946ca1ea6f1ce5ae8015eba19c1c4 (neo4j:3.0.12)
Tagging neo4j:3.0.12
Tagging neo4j:3.0

$ test/run.sh neo4j:3.0.12
testing neo4j:3.0.12
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.0.12-enterprise
Building bashbrew/cache:9764b3a7775867269fc4164bbc03aeda98456798261e7a765dae38aa95493bb9 (neo4j:3.0.12-enterprise)
Tagging neo4j:3.0.12-enterprise
Tagging neo4j:3.0-enterprise

$ test/run.sh neo4j:3.0.12-enterprise
testing neo4j:3.0.12-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.0.11
Building bashbrew/cache:482f0633463d1a736038b975ba777a8d4b698b1696e2fb6dbdd658674dc1a56a (neo4j:3.0.11)
Tagging neo4j:3.0.11

$ test/run.sh neo4j:3.0.11
testing neo4j:3.0.11
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.0.11-enterprise
Building bashbrew/cache:572f36ee8c2b210ed97df7ec17aa8fef73a0421fed229ebfe5846e2c807a338e (neo4j:3.0.11-enterprise)
Tagging neo4j:3.0.11-enterprise

$ test/run.sh neo4j:3.0.11-enterprise
testing neo4j:3.0.11-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.0.10
Building bashbrew/cache:683fe665a07696c01fcd854e4d5903103c4e18319569e56bad15f385d307c28e (neo4j:3.0.10)
Tagging neo4j:3.0.10

$ test/run.sh neo4j:3.0.10
testing neo4j:3.0.10
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.0.10-enterprise
Building bashbrew/cache:1b16c8467cd130fc9cd915ef0f3cc0e5a7e3178849a17cdf9601337c6f758e10 (neo4j:3.0.10-enterprise)
Tagging neo4j:3.0.10-enterprise

$ test/run.sh neo4j:3.0.10-enterprise
testing neo4j:3.0.10-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.0.9
Building bashbrew/cache:5050729c69d448f7e29e956c762547362e1d4f5889d6d5cd5277c68dea411db1 (neo4j:3.0.9)
Tagging neo4j:3.0.9

$ test/run.sh neo4j:3.0.9
testing neo4j:3.0.9
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.0.9-enterprise
Building bashbrew/cache:cd180439367c3ca5e3ed35651bd07310843f4b744509c5c7fe3162cb7d35124d (neo4j:3.0.9-enterprise)
Tagging neo4j:3.0.9-enterprise

$ test/run.sh neo4j:3.0.9-enterprise
testing neo4j:3.0.9-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.0.8
Building bashbrew/cache:096de5b0b1e838e2ee7c91fffa6ab87ada5cdd3a8757b2d897ddde6082a38c3c (neo4j:3.0.8)
Tagging neo4j:3.0.8

$ test/run.sh neo4j:3.0.8
testing neo4j:3.0.8
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.0.8-enterprise
Building bashbrew/cache:6710feb154ea0d1c04b7724f499f1cbd253c5ab7885e76dad45d48c8c262f24e (neo4j:3.0.8-enterprise)
Tagging neo4j:3.0.8-enterprise

$ test/run.sh neo4j:3.0.8-enterprise
testing neo4j:3.0.8-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.0.7
Building bashbrew/cache:2f0e1b9a67868bcd9869712f211680634e22df86110c994685d7a67dfec2f5db (neo4j:3.0.7)
Tagging neo4j:3.0.7

$ test/run.sh neo4j:3.0.7
testing neo4j:3.0.7
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.0.7-enterprise
Building bashbrew/cache:b85b0514683645e6dc331e608a9b9d78f38f63de1f34745bd5e087d5ea7e9e5a (neo4j:3.0.7-enterprise)
Tagging neo4j:3.0.7-enterprise

$ test/run.sh neo4j:3.0.7-enterprise
testing neo4j:3.0.7-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.0.6
Building bashbrew/cache:8e24fc13d7dbf21a33f7bef6ca22aea07f83ace7055947da3eb686b67cc86ad1 (neo4j:3.0.6)
Tagging neo4j:3.0.6

$ test/run.sh neo4j:3.0.6
testing neo4j:3.0.6
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.0.6-enterprise
Building bashbrew/cache:7b74744678fd9d467ba0e62c85ec61e40df71c14013c859fa1bb474e14e3a216 (neo4j:3.0.6-enterprise)
Tagging neo4j:3.0.6-enterprise

$ test/run.sh neo4j:3.0.6-enterprise
testing neo4j:3.0.6-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.0.5
Building bashbrew/cache:258c613490164dccae97185ae1a2717de9aac2752368e223b3b81740e28b03e3 (neo4j:3.0.5)
Tagging neo4j:3.0.5

$ test/run.sh neo4j:3.0.5
testing neo4j:3.0.5
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.0.5-enterprise
Building bashbrew/cache:0f1f77e0b754e1c439eff0b4029462c80411675692fed643658ce38e830d0a1e (neo4j:3.0.5-enterprise)
Tagging neo4j:3.0.5-enterprise

$ test/run.sh neo4j:3.0.5-enterprise
testing neo4j:3.0.5-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.0.4
Building bashbrew/cache:00d4c95e4bceb8553658ce4230da72cec1200918888b911a4abe832217bdef52 (neo4j:3.0.4)
Tagging neo4j:3.0.4

$ test/run.sh neo4j:3.0.4
testing neo4j:3.0.4
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.0.4-enterprise
Building bashbrew/cache:77bc651952d8fd38b6c42c4774aa4ea0c6c13a5aad528072e169b5eb98ca4356 (neo4j:3.0.4-enterprise)
Tagging neo4j:3.0.4-enterprise

$ test/run.sh neo4j:3.0.4-enterprise
testing neo4j:3.0.4-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.0.3
Building bashbrew/cache:80a6c7566fbdfd89f3a357a4bd0da0756afb3dbb9a55e8d3d3935e1fb3692b4f (neo4j:3.0.3)
Tagging neo4j:3.0.3

$ test/run.sh neo4j:3.0.3
testing neo4j:3.0.3
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.0.3-enterprise
Building bashbrew/cache:d999aaad22dc4729d9eec273912b637eee1b2f5f25c4787df47917fb8b49e208 (neo4j:3.0.3-enterprise)
Tagging neo4j:3.0.3-enterprise

$ test/run.sh neo4j:3.0.3-enterprise
testing neo4j:3.0.3-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.0.2
Building bashbrew/cache:6549c9256daeb790c1fa76dd56608aa7809ac894f961804d8aa250c96517390c (neo4j:3.0.2)
Tagging neo4j:3.0.2

$ test/run.sh neo4j:3.0.2
testing neo4j:3.0.2
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.0.2-enterprise
Building bashbrew/cache:e15519939c7b779726f01c6e1474ed0c9fe092dbb6a13d2f0b3ee5320c828533 (neo4j:3.0.2-enterprise)
Tagging neo4j:3.0.2-enterprise

$ test/run.sh neo4j:3.0.2-enterprise
testing neo4j:3.0.2-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.0.1
Building bashbrew/cache:60f0e4cc50a9d3ee0075d769992e4b07d00a20ecb14cc96be0643edde6a24728 (neo4j:3.0.1)
Tagging neo4j:3.0.1

$ test/run.sh neo4j:3.0.1
testing neo4j:3.0.1
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.0.1-enterprise
Building bashbrew/cache:708cafd6246e24fc9432282d1855b104e5c17584f69581b3ddb392b5c64a7628 (neo4j:3.0.1-enterprise)
Tagging neo4j:3.0.1-enterprise

$ test/run.sh neo4j:3.0.1-enterprise
testing neo4j:3.0.1-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.0.0
Building bashbrew/cache:c274fc053058440811eaf196a77512bc1e0ede42433f5b2e94bdb0bd2fb94a3e (neo4j:3.0.0)
Tagging neo4j:3.0.0

$ test/run.sh neo4j:3.0.0
testing neo4j:3.0.0
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:3.0.0-enterprise
Building bashbrew/cache:09cc7ffe2a659e675eebb538ded01541be3dcd9100f7763afeb06d1e73261024 (neo4j:3.0.0-enterprise)
Tagging neo4j:3.0.0-enterprise

$ test/run.sh neo4j:3.0.0-enterprise
testing neo4j:3.0.0-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:2.3.12
Building bashbrew/cache:65e82b1c9c407eaa80963355c5c61db2c28faa88f40fa281b175153357b3070e (neo4j:2.3.12)
Tagging neo4j:2.3.12
Tagging neo4j:2.3

$ test/run.sh neo4j:2.3.12
testing neo4j:2.3.12
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:2.3.12-enterprise
Building bashbrew/cache:8c4270a71ad877ff8048a32a68a9b124f26394b0d366334711d58e354ee73729 (neo4j:2.3.12-enterprise)
Tagging neo4j:2.3.12-enterprise
Tagging neo4j:2.3-enterprise

$ test/run.sh neo4j:2.3.12-enterprise
testing neo4j:2.3.12-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:2.3.11
Building bashbrew/cache:fbb753d26fe457ec4219f127ed8c0b3c97763d9cdda8a0c35c620df8d1fc9981 (neo4j:2.3.11)
Tagging neo4j:2.3.11

$ test/run.sh neo4j:2.3.11
testing neo4j:2.3.11
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:2.3.11-enterprise
Building bashbrew/cache:72ee10906aafc066adb67552ae3b6c6514381d81f023ba679848fb6e212f236d (neo4j:2.3.11-enterprise)
Tagging neo4j:2.3.11-enterprise

$ test/run.sh neo4j:2.3.11-enterprise
testing neo4j:2.3.11-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:2.3.10
Building bashbrew/cache:2ac924b685eb877e907332fe57a26b65c7548cae7cc97b47e65cf1401c0c082f (neo4j:2.3.10)
Tagging neo4j:2.3.10

$ test/run.sh neo4j:2.3.10
testing neo4j:2.3.10
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:2.3.10-enterprise
Building bashbrew/cache:b8e316e0304eb40aafa5cb5440a591583bfb305a798421be471e3d391a7457c5 (neo4j:2.3.10-enterprise)
Tagging neo4j:2.3.10-enterprise

$ test/run.sh neo4j:2.3.10-enterprise
testing neo4j:2.3.10-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:2.3.9
Building bashbrew/cache:fa9f1386e6bd15b2e36ad31a47e0bcd99f6e51773114829822c865705e965c03 (neo4j:2.3.9)
Tagging neo4j:2.3.9

$ test/run.sh neo4j:2.3.9
testing neo4j:2.3.9
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:2.3.9-enterprise
Building bashbrew/cache:485c1cd7e9c3024ec945590717169b87f440ff54734d687b6adeb102e6b55651 (neo4j:2.3.9-enterprise)
Tagging neo4j:2.3.9-enterprise

$ test/run.sh neo4j:2.3.9-enterprise
testing neo4j:2.3.9-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:2.3.8
Building bashbrew/cache:2e6c952797168ce1c3fe6e42b7b3bd214f0f58520a4731f6fa6de9272ff8a6f2 (neo4j:2.3.8)
Tagging neo4j:2.3.8

$ test/run.sh neo4j:2.3.8
testing neo4j:2.3.8
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:2.3.8-enterprise
Building bashbrew/cache:0f427789320667521ee16729db56fcabc0c685d0bb4e0ceb988c1d1dcee39588 (neo4j:2.3.8-enterprise)
Tagging neo4j:2.3.8-enterprise

$ test/run.sh neo4j:2.3.8-enterprise
testing neo4j:2.3.8-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:2.3.7
Building bashbrew/cache:89da6fad4fa1b85575317590766d6d9ce856e7f3382591aef155e8d4bf56f5a4 (neo4j:2.3.7)
Tagging neo4j:2.3.7

$ test/run.sh neo4j:2.3.7
testing neo4j:2.3.7
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:2.3.7-enterprise
Building bashbrew/cache:aad4efe1eaba719b30c3121c12907dd056970ddd657de78ca29ee5bd05c3ef3e (neo4j:2.3.7-enterprise)
Tagging neo4j:2.3.7-enterprise

$ test/run.sh neo4j:2.3.7-enterprise
testing neo4j:2.3.7-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:2.3.6
Building bashbrew/cache:1ea06e3c740b4cd9bad825418a5fde3447e91744c7c2a470cad94d2c78743f1f (neo4j:2.3.6)
Tagging neo4j:2.3.6

$ test/run.sh neo4j:2.3.6
testing neo4j:2.3.6
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:2.3.6-enterprise
Building bashbrew/cache:7508dfcc1c9bbad604b5b017ce0ed75bd6988aefd412b95da4b868e955908f38 (neo4j:2.3.6-enterprise)
Tagging neo4j:2.3.6-enterprise

$ test/run.sh neo4j:2.3.6-enterprise
testing neo4j:2.3.6-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:2.3.5
Building bashbrew/cache:e2b002c44b01a6dbd96d5fbc681f88f7d13a790a1729f74782b247e20984e881 (neo4j:2.3.5)
Tagging neo4j:2.3.5

$ test/run.sh neo4j:2.3.5
testing neo4j:2.3.5
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:2.3.5-enterprise
Building bashbrew/cache:3036cb283a1f3ce9c22b40fe25562f8547a227652eb19aaeeb12c3702418a7e4 (neo4j:2.3.5-enterprise)
Tagging neo4j:2.3.5-enterprise

$ test/run.sh neo4j:2.3.5-enterprise
testing neo4j:2.3.5-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:2.3.4
Building bashbrew/cache:f7952ea809381ce2d443da9875bf84cbf8bf487c6fdd948803c94488ae2ba735 (neo4j:2.3.4)
Tagging neo4j:2.3.4

$ test/run.sh neo4j:2.3.4
testing neo4j:2.3.4
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:2.3.4-enterprise
Building bashbrew/cache:60e360c4b2e3f6e27cc493c0fff2b864aeb0bb14792835aee35680482ae9ef97 (neo4j:2.3.4-enterprise)
Tagging neo4j:2.3.4-enterprise

$ test/run.sh neo4j:2.3.4-enterprise
testing neo4j:2.3.4-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:2.3.3
Building bashbrew/cache:c2d1506f45f08c9f93881aea71f48b603699f22b4c6591ae62b74b56b07c9a08 (neo4j:2.3.3)
Tagging neo4j:2.3.3

$ test/run.sh neo4j:2.3.3
testing neo4j:2.3.3
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:2.3.3-enterprise
Building bashbrew/cache:d34173dcdad1ebb716a8182b504a58e53bc319e727558399abd818d66d653aee (neo4j:2.3.3-enterprise)
Tagging neo4j:2.3.3-enterprise

$ test/run.sh neo4j:2.3.3-enterprise
testing neo4j:2.3.3-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:2.3.2
Building bashbrew/cache:355839c7b4e2e195e67aed60ab91357bac2b48a3f1516176c299e14ef30c3521 (neo4j:2.3.2)
Tagging neo4j:2.3.2

$ test/run.sh neo4j:2.3.2
testing neo4j:2.3.2
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:2.3.2-enterprise
Building bashbrew/cache:4263c21ba99afebfa04d936dc5fe82456159e2e89d63827c72e8a381c8cd3110 (neo4j:2.3.2-enterprise)
Tagging neo4j:2.3.2-enterprise

$ test/run.sh neo4j:2.3.2-enterprise
testing neo4j:2.3.2-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:2.3.1
Building bashbrew/cache:af75fa98da7ec17e83a065910d9d988710f2ea2a34d1e9de3ec2bb6021eb12c5 (neo4j:2.3.1)
Tagging neo4j:2.3.1

$ test/run.sh neo4j:2.3.1
testing neo4j:2.3.1
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:2.3.1-enterprise
Building bashbrew/cache:5869a66fce2f2f382550775b048359937bbbbb8c7e87697ae74270baa9dcec05 (neo4j:2.3.1-enterprise)
Tagging neo4j:2.3.1-enterprise

$ test/run.sh neo4j:2.3.1-enterprise
testing neo4j:2.3.1-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:2.3.0
Building bashbrew/cache:4f566dca10741f4cdd5e39e9b461700a1f6cb690c8c6640eaf7d04c7f8fd77de (neo4j:2.3.0)
Tagging neo4j:2.3.0

$ test/run.sh neo4j:2.3.0
testing neo4j:2.3.0
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed


$ bashbrew build neo4j:2.3.0-enterprise
Building bashbrew/cache:7d6a050f56affb8a5a9c63a00df81faa0b6f5c09bef53843bcfa8cd40088f15a (neo4j:2.3.0-enterprise)
Tagging neo4j:2.3.0-enterprise

$ test/run.sh neo4j:2.3.0-enterprise
testing neo4j:2.3.0-enterprise
	'utc' [1/4]...passed
	'cve-2014--shellshock' [2/4]...passed
	'no-hard-coded-passwords' [3/4]...passed
	'override-cmd' [4/4]...passed

spacecowboy added 3 commits March 16, 2018 16:07

Release neo4j 3.3.4

da0bf65

Release neo4j 3.1.8

c73b7be

Update Neo4j 3.2.9

225e480

docker-library-bot added the library/neo4j label Mar 16, 2018

This comment has been minimized.

Sign in to view

Include fixes

6e902f1

This comment has been minimized.

Sign in to view

digitalstain and others added 2 commits March 20, 2018 12:23

Release Neo4j 3.2.10

66f137f

Even more non-root improvements - now allow docker --user

09966e5

yosifkit merged commit d78ec3e into docker-library:master Mar 20, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Release new versions of Neo4j #4136

Release new versions of Neo4j #4136

spacecowboy commented Mar 16, 2018

This comment has been minimized.

tianon commented Mar 16, 2018

spacecowboy commented Mar 16, 2018

spacecowboy commented Mar 19, 2018

This comment has been minimized.

tianon commented Mar 19, 2018

spacecowboy commented Mar 20, 2018

yosifkit commented Mar 20, 2018

tianon commented Mar 20, 2018 via email

yosifkit commented Mar 20, 2018

Release new versions of Neo4j #4136

Release new versions of Neo4j #4136

Conversation

spacecowboy commented Mar 16, 2018

This comment has been minimized.

tianon commented Mar 16, 2018

spacecowboy commented Mar 16, 2018

spacecowboy commented Mar 19, 2018

This comment has been minimized.

tianon commented Mar 19, 2018

spacecowboy commented Mar 20, 2018

yosifkit commented Mar 20, 2018

tianon commented Mar 20, 2018 via email

yosifkit commented Mar 20, 2018