From 8e7065f9c08d467bbf84f9701976bec65624f3fe Mon Sep 17 00:00:00 2001
From: Guillaume Quintard <guillaume.quintard@varnish-software.com>
Date: Thu, 25 Jan 2024 15:39:05 -0800
Subject: [PATCH] add next/ in preparation of the March release

---
 fresh/alpine/Dockerfile                       |  2 +-
 fresh/debian/Dockerfile                       |  2 +-
 next/alpine/Dockerfile                        | 73 +++++++++++++++++++
 next/alpine/Dockerfile.tmpl                   | 73 +++++++++++++++++++
 next/alpine/default.vcl                       | 52 +++++++++++++
 next/alpine/scripts/docker-varnish-entrypoint | 18 +++++
 next/debian/Dockerfile                        | 71 ++++++++++++++++++
 next/debian/Dockerfile.tmpl                   | 71 ++++++++++++++++++
 next/debian/scripts/docker-varnish-entrypoint | 18 +++++
 old/alpine/Dockerfile                         |  2 +-
 old/debian/Dockerfile                         |  2 +-
 populate.sh                                   | 15 +++-
 12 files changed, 394 insertions(+), 5 deletions(-)
 create mode 100644 next/alpine/Dockerfile
 create mode 100644 next/alpine/Dockerfile.tmpl
 create mode 100644 next/alpine/default.vcl
 create mode 100755 next/alpine/scripts/docker-varnish-entrypoint
 create mode 100644 next/debian/Dockerfile
 create mode 100644 next/debian/Dockerfile.tmpl
 create mode 100755 next/debian/scripts/docker-varnish-entrypoint

diff --git a/fresh/alpine/Dockerfile b/fresh/alpine/Dockerfile
index c27b122dad..9fcbac8016 100644
--- a/fresh/alpine/Dockerfile
+++ b/fresh/alpine/Dockerfile
@@ -8,7 +8,7 @@ ARG  VARNISH_MODULES_SHA512SUM=597ac1161224a25c11183fbaaf25412c8f8e0af3bf58fa761
 ARG  VMOD_DYNAMIC_VERSION=2.8.0-1
 ARG  VMOD_DYNAMIC_COMMIT=15e32fb8cf96752c90d895b0ca31451bd05d92d9
 ARG  VMOD_DYNAMIC_SHA512SUM=d62d7af87770ef370c2e78e5b464f4f7712ebb50281728ca157ff38303f5455f1afdc0f8efaf0040febdf2d0aedbfa4c3369fe0f9d634ed34f185b54876cb4d1
-ARG  TOOLBOX_COMMIT=01ff3ec18a955f93880afe18167f17d0bc36cd55
+ARG  TOOLBOX_COMMIT=cfa9ec43a47429ef94f7e04e4abc58c67ad50add
 ENV  VMOD_DEPS="autoconf-archive automake curl libtool make pkgconfig py3-sphinx"
 
 ENV VARNISH_SIZE 100M
diff --git a/fresh/debian/Dockerfile b/fresh/debian/Dockerfile
index 98ecac3d22..21719838b0 100644
--- a/fresh/debian/Dockerfile
+++ b/fresh/debian/Dockerfile
@@ -8,7 +8,7 @@ ARG  VARNISH_MODULES_SHA512SUM=597ac1161224a25c11183fbaaf25412c8f8e0af3bf58fa761
 ARG  VMOD_DYNAMIC_VERSION=2.8.0-1
 ARG  VMOD_DYNAMIC_COMMIT=15e32fb8cf96752c90d895b0ca31451bd05d92d9
 ARG  VMOD_DYNAMIC_SHA512SUM=d62d7af87770ef370c2e78e5b464f4f7712ebb50281728ca157ff38303f5455f1afdc0f8efaf0040febdf2d0aedbfa4c3369fe0f9d634ed34f185b54876cb4d1
-ARG  TOOLBOX_COMMIT=01ff3ec18a955f93880afe18167f17d0bc36cd55
+ARG  TOOLBOX_COMMIT=cfa9ec43a47429ef94f7e04e4abc58c67ad50add
 ENV  VMOD_DEPS="autoconf-archive automake curl libtool make pkg-config python3-sphinx"
 
 ENV VARNISH_SIZE 100M
diff --git a/next/alpine/Dockerfile b/next/alpine/Dockerfile
new file mode 100644
index 0000000000..03b4121fe0
--- /dev/null
+++ b/next/alpine/Dockerfile
@@ -0,0 +1,73 @@
+FROM alpine:3.19
+
+ARG  PKG_COMMIT=cfa8cb3724e4ca6398f60b09157715bcb99d189d
+ARG  VARNISH_VERSION=7.4.2
+ARG  DIST_SHA512=acd61a852ac7d66b268ab831d3a771d7a063a6a257b5e7c25c5a2ec9bccefa845279b9bd5fc85dd0b4f1d56da59164a13149355d1e6187e71ad76463687f7971
+ARG  VARNISH_MODULES_VERSION=0.22.0
+ARG  VARNISH_MODULES_SHA512SUM=597ac1161224a25c11183fbaaf25412c8f8e0af3bf58fa76161328d8ae97aa7c485cfa6ed50e9f24ce73eca9ddeeb87ee4998427382c0fce633bf43eaf08068a
+ARG  VMOD_DYNAMIC_VERSION=2.8.0-1
+ARG  VMOD_DYNAMIC_COMMIT=15e32fb8cf96752c90d895b0ca31451bd05d92d9
+ARG  VMOD_DYNAMIC_SHA512SUM=d62d7af87770ef370c2e78e5b464f4f7712ebb50281728ca157ff38303f5455f1afdc0f8efaf0040febdf2d0aedbfa4c3369fe0f9d634ed34f185b54876cb4d1
+ARG  TOOLBOX_COMMIT=cfa9ec43a47429ef94f7e04e4abc58c67ad50add
+ENV  VMOD_DEPS="autoconf-archive automake curl libtool make pkgconfig py3-sphinx"
+
+ENV VARNISH_SIZE 100M
+
+RUN set -e;\
+    BASE_PKGS="tar alpine-sdk sudo py3-docutils python3 autoconf automake libtool"; \
+    apk add --virtual varnish-build-deps -q --no-progress --update $BASE_PKGS; \
+    \
+    # create users and groups with fixed IDs
+    addgroup -g 1000 -S varnish; \
+    adduser -u 1000 -S -D -H -s /sbin/nologin -G varnish -g varnish varnish; \
+    adduser -u 1001 -S -D -H -s /sbin/nologin -G varnish -g varnish vcache; \
+    adduser -u 1002 -S -D -H -s /sbin/nologin -G varnish -g varnish varnishlog; \
+    \
+    adduser -D builder; \
+    echo "builder ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/builder; \
+    addgroup builder abuild; \
+    su builder -c "abuild-keygen -nai"; \
+    \
+    # varnish tarball and packaging
+    git clone https://github.com/varnishcache/pkg-varnish-cache.git; \
+    cd pkg-varnish-cache/alpine; \
+    git checkout $PKG_COMMIT; \
+    sed -i APKBUILD \
+        -e "s/pkgver=@VERSION@/pkgver=$VARNISH_VERSION/" \
+	-e 's@^source=.*@source="http://varnish-cache.org/_downloads/varnish-$pkgver.tgz"@' \
+	-e "s/^sha512sums=.*/sha512sums=\"$DIST_SHA512  varnish-\$pkgver.tgz\"/"; \
+    \
+    # build and install varnish package
+    chown builder -R .; \
+    su builder -c "abuild -r"; \
+    apk add --allow-untrusted ~builder/packages/pkg-varnish-cache/*/*.apk; \
+    echo -e 'vcl 4.1;\nbackend default none;' > /etc/varnish/default.vcl; \
+    \
+    git clone https://github.com/varnish/toolbox.git; \
+    cd toolbox; \
+    git checkout $TOOLBOX_COMMIT; \
+    cp install-vmod/install-vmod /usr/local/bin/; \
+    cp vcls/verbose_builtin/verbose_builtin.vcl vcls/hit-miss/hit-miss.vcl /etc/varnish/; \
+    \
+    # varnish-modules
+    install-vmod https://github.com/varnish/varnish-modules/releases/download/$VARNISH_MODULES_VERSION/varnish-modules-$VARNISH_MODULES_VERSION.tar.gz $VARNISH_MODULES_SHA512SUM; \
+    \
+    # vmod-dynamic
+    install-vmod https://github.com/nigoroll/libvmod-dynamic/archive/$VMOD_DYNAMIC_COMMIT.tar.gz $VMOD_DYNAMIC_SHA512SUM; \
+    \
+    # cleanup
+    apk del --no-network varnish-build-deps; \
+    rm -rf ~builder /pkg-varnish-cache /varnish-modules /vmod-dynamic /etc/sudoers.d/builder; \
+    deluser --remove-home builder; \
+    chown varnish /var/lib/varnish;
+
+WORKDIR /etc/varnish
+
+COPY scripts/ /usr/local/bin/
+COPY default.vcl /etc/varnish/
+
+ENTRYPOINT ["/usr/local/bin/docker-varnish-entrypoint"]
+
+USER varnish
+EXPOSE 80 8443
+CMD []
diff --git a/next/alpine/Dockerfile.tmpl b/next/alpine/Dockerfile.tmpl
new file mode 100644
index 0000000000..f217411547
--- /dev/null
+++ b/next/alpine/Dockerfile.tmpl
@@ -0,0 +1,73 @@
+FROM alpine:3.19
+
+ARG  PKG_COMMIT=@PKG_COMMIT@
+ARG  VARNISH_VERSION=@VARNISH_VERSION@
+ARG  DIST_SHA512=@DIST_SHA512@
+ARG  VARNISH_MODULES_VERSION=@VARNISH_MODULES_VERSION@
+ARG  VARNISH_MODULES_SHA512SUM=@VARNISH_MODULES_SHA512SUM@
+ARG  VMOD_DYNAMIC_VERSION=@VMOD_DYNAMIC_VERSION@
+ARG  VMOD_DYNAMIC_COMMIT=@VMOD_DYNAMIC_COMMIT@
+ARG  VMOD_DYNAMIC_SHA512SUM=@VMOD_DYNAMIC_SHA512SUM@
+ARG  TOOLBOX_COMMIT=@TOOLBOX_COMMIT@
+ENV  VMOD_DEPS="autoconf-archive automake curl libtool make pkgconfig py3-sphinx"
+
+ENV VARNISH_SIZE 100M
+
+RUN set -e;\
+    BASE_PKGS="tar alpine-sdk sudo py3-docutils python3 autoconf automake libtool"; \
+    apk add --virtual varnish-build-deps -q --no-progress --update $BASE_PKGS; \
+    \
+    # create users and groups with fixed IDs
+    addgroup -g 1000 -S varnish; \
+    adduser -u 1000 -S -D -H -s /sbin/nologin -G varnish -g varnish varnish; \
+    adduser -u 1001 -S -D -H -s /sbin/nologin -G varnish -g varnish vcache; \
+    adduser -u 1002 -S -D -H -s /sbin/nologin -G varnish -g varnish varnishlog; \
+    \
+    adduser -D builder; \
+    echo "builder ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/builder; \
+    addgroup builder abuild; \
+    su builder -c "abuild-keygen -nai"; \
+    \
+    # varnish tarball and packaging
+    git clone https://github.com/varnishcache/pkg-varnish-cache.git; \
+    cd pkg-varnish-cache/alpine; \
+    git checkout $PKG_COMMIT; \
+    sed -i APKBUILD \
+        -e "s/pkgver=@VERSION@/pkgver=$VARNISH_VERSION/" \
+	-e 's@^source=.*@source="http://varnish-cache.org/_downloads/varnish-$pkgver.tgz"@' \
+	-e "s/^sha512sums=.*/sha512sums=\"$DIST_SHA512  varnish-\$pkgver.tgz\"/"; \
+    \
+    # build and install varnish package
+    chown builder -R .; \
+    su builder -c "abuild -r"; \
+    apk add --allow-untrusted ~builder/packages/pkg-varnish-cache/*/*.apk; \
+    echo -e 'vcl 4.1;\nbackend default none;' > /etc/varnish/default.vcl; \
+    \
+    git clone https://github.com/varnish/toolbox.git; \
+    cd toolbox; \
+    git checkout $TOOLBOX_COMMIT; \
+    cp install-vmod/install-vmod /usr/local/bin/; \
+    cp vcls/verbose_builtin/verbose_builtin.vcl vcls/hit-miss/hit-miss.vcl /etc/varnish/; \
+    \
+    # varnish-modules
+    install-vmod https://github.com/varnish/varnish-modules/releases/download/$VARNISH_MODULES_VERSION/varnish-modules-$VARNISH_MODULES_VERSION.tar.gz $VARNISH_MODULES_SHA512SUM; \
+    \
+    # vmod-dynamic
+    install-vmod https://github.com/nigoroll/libvmod-dynamic/archive/$VMOD_DYNAMIC_COMMIT.tar.gz $VMOD_DYNAMIC_SHA512SUM; \
+    \
+    # cleanup
+    apk del --no-network varnish-build-deps; \
+    rm -rf ~builder /pkg-varnish-cache /varnish-modules /vmod-dynamic /etc/sudoers.d/builder; \
+    deluser --remove-home builder; \
+    chown varnish /var/lib/varnish;
+
+WORKDIR /etc/varnish
+
+COPY scripts/ /usr/local/bin/
+COPY default.vcl /etc/varnish/
+
+ENTRYPOINT ["/usr/local/bin/docker-varnish-entrypoint"]
+
+USER varnish
+EXPOSE 80 8443
+CMD []
diff --git a/next/alpine/default.vcl b/next/alpine/default.vcl
new file mode 100644
index 0000000000..8b1b9e3cf7
--- /dev/null
+++ b/next/alpine/default.vcl
@@ -0,0 +1,52 @@
+# Important documentation links:
+# - general entry point: https://www.varnish-cache.org/docs/
+# - VCL primer: https://varnish-cache.org/docs/2.1/tutorial/vcl.html
+# - more VCL information: https://www.varnish-software.com/developers/tutorials/varnish-configuration-language-vcl/
+# - logging: https://docs.varnish-software.com/tutorials/vsl-query/
+
+vcl 4.1;
+
+# https://github.com/varnish/toolbox/tree/master/vcls/hit-miss
+include "hit-miss.vcl";
+
+# Before you configure anything, we just disable the backend to avoid
+# any mistake, but you can delete that line and uncomment the following
+# ones to define a proper backend to fetch content from
+backend default none;
+
+#backend default {
+#    .host = "127.0.0.1";
+#    .port = "8080";
+#}
+
+# VCL allows you to implement a series of callback to dictate how to process
+# each request. vcl_recv is the first one being called, right after Varnish
+# receives some request headers. It's usually used to sanitize the request
+sub vcl_recv {
+	# if no backend is configured, generate a welcome message by sending
+	# processing to `vcl_synth
+	if (!req.backend_hint) {
+		return(synth(200));
+	}
+}
+
+# Just fill the response body and deliver it
+sub vcl_synth {
+	synthetic("""<!DOCTYPE html>
+			<html><body>
+
+				<h1>Varnish is running!</h1>
+				<p>Please edit <code>/etc/varnish/default.vcl</code> to setup a backend.</p>
+
+			</body></html>""");
+	return (deliver);
+}
+
+# if no synthetic response was generated, the request will go the the backend.
+# vcl_backend_response is your chance to sanitize the response and possibly to
+# set a TTL
+sub vcl_backend_response {
+}
+
+# https://github.com/varnish/toolbox/tree/master/vcls/verbose_builtin
+include "verbose_builtin.vcl";
diff --git a/next/alpine/scripts/docker-varnish-entrypoint b/next/alpine/scripts/docker-varnish-entrypoint
new file mode 100755
index 0000000000..94073545eb
--- /dev/null
+++ b/next/alpine/scripts/docker-varnish-entrypoint
@@ -0,0 +1,18 @@
+#!/bin/sh
+set -e
+
+# this will check if the first argument is a flag
+# but only works if all arguments require a hyphenated flag
+# -v; -SL; -f arg; etc will work, but not arg1 arg2
+if [ "$#" -eq 0 ] || [ "${1#-}" != "$1" ]; then
+    set -- varnishd \
+	    -F \
+	    -f /etc/varnish/default.vcl \
+	    -a http=:${VARNISH_HTTP_PORT:-80},HTTP \
+	    -a proxy=:${VARNISH_PROXY_PORT:-8443},PROXY \
+	    -p feature=+http2 \
+	    -s malloc,$VARNISH_SIZE \
+	    "$@"
+fi
+
+exec "$@"
diff --git a/next/debian/Dockerfile b/next/debian/Dockerfile
new file mode 100644
index 0000000000..55189ec3a9
--- /dev/null
+++ b/next/debian/Dockerfile
@@ -0,0 +1,71 @@
+FROM debian:bookworm-slim
+
+ARG  PKG_COMMIT=cfa8cb3724e4ca6398f60b09157715bcb99d189d
+ARG  VARNISH_VERSION=7.4.2
+ARG  DIST_SHA512=acd61a852ac7d66b268ab831d3a771d7a063a6a257b5e7c25c5a2ec9bccefa845279b9bd5fc85dd0b4f1d56da59164a13149355d1e6187e71ad76463687f7971
+ARG  VARNISH_MODULES_VERSION=0.22.0
+ARG  VARNISH_MODULES_SHA512SUM=597ac1161224a25c11183fbaaf25412c8f8e0af3bf58fa76161328d8ae97aa7c485cfa6ed50e9f24ce73eca9ddeeb87ee4998427382c0fce633bf43eaf08068a
+ARG  VMOD_DYNAMIC_VERSION=2.8.0-1
+ARG  VMOD_DYNAMIC_COMMIT=15e32fb8cf96752c90d895b0ca31451bd05d92d9
+ARG  VMOD_DYNAMIC_SHA512SUM=d62d7af87770ef370c2e78e5b464f4f7712ebb50281728ca157ff38303f5455f1afdc0f8efaf0040febdf2d0aedbfa4c3369fe0f9d634ed34f185b54876cb4d1
+ARG  TOOLBOX_COMMIT=cfa9ec43a47429ef94f7e04e4abc58c67ad50add
+ENV  VMOD_DEPS="autoconf-archive automake curl libtool make pkg-config python3-sphinx"
+
+ENV VARNISH_SIZE 100M
+
+RUN set -e; \
+    BASE_PKGS="curl dpkg-dev debhelper devscripts equivs git pkg-config apt-utils fakeroot libgetdns-dev"; \
+    export DEBIAN_FRONTEND=noninteractive; \
+    export DEBCONF_NONINTERACTIVE_SEEN=true; \
+    mkdir -p /work/varnish /pkgs; \
+    apt-get update; \
+    apt-get install -y --no-install-recommends $BASE_PKGS libgetdns10; \
+    \
+    # create users and groups with fixed IDs
+    adduser --uid 1000 --quiet --system --no-create-home --home /nonexistent --group varnish; \
+    adduser --uid 1001 --quiet --system --no-create-home --home /nonexistent --ingroup varnish vcache; \
+    adduser --uid 1002 --quiet --system --no-create-home --home /nonexistent --ingroup varnish varnishlog; \
+    \
+    # varnish
+    cd /work/varnish; \
+    git clone https://github.com/varnishcache/pkg-varnish-cache.git; \
+    cd pkg-varnish-cache; \
+    git checkout cfa8cb3724e4ca6398f60b09157715bcb99d189d; \
+    rm -rf .git; \
+    curl -f https://varnish-cache.org/downloads/varnish-7.4.2.tgz -o $tmpdir/orig.tgz; \
+    echo "acd61a852ac7d66b268ab831d3a771d7a063a6a257b5e7c25c5a2ec9bccefa845279b9bd5fc85dd0b4f1d56da59164a13149355d1e6187e71ad76463687f7971  $tmpdir/orig.tgz" | sha512sum -c -; \
+    tar xavf $tmpdir/orig.tgz --strip 1; \
+    sed -i -e "s|@VERSION@|$VARNISH_VERSION|"  "debian/changelog"; \
+    mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --yes" debian/control; \
+    sed -i '' debian/varnish*; \
+    dpkg-buildpackage -us -uc -j"$(nproc)"; \
+    apt-get -y --no-install-recommends install ../*.deb; \
+    mv ../*dev*.deb /pkgs; \
+    \
+    git clone https://github.com/varnish/toolbox.git; \
+    cd toolbox; \
+    git checkout $TOOLBOX_COMMIT; \
+    cp install-vmod/install-vmod /usr/local/bin/; \
+    cp vcls/verbose_builtin/verbose_builtin.vcl vcls/hit-miss/hit-miss.vcl /etc/varnish/; \
+    \
+    # varnish-modules
+    install-vmod https://github.com/varnish/varnish-modules/releases/download/$VARNISH_MODULES_VERSION/varnish-modules-$VARNISH_MODULES_VERSION.tar.gz $VARNISH_MODULES_SHA512SUM; \
+    \
+    # vmod-dynamic
+    install-vmod https://github.com/nigoroll/libvmod-dynamic/archive/$VMOD_DYNAMIC_COMMIT.tar.gz $VMOD_DYNAMIC_SHA512SUM; \
+    \
+    # clean up
+    apt-get -y purge --auto-remove varnish-build-deps $BASE_PKGS; \
+    rm -rf /var/lib/apt/lists/* /work/ /usr/lib/varnish/vmods/libvmod_*.la; \
+    chown varnish /var/lib/varnish;
+
+WORKDIR /etc/varnish
+
+COPY scripts/ /usr/local/bin/
+COPY default.vcl /etc/varnish/
+
+ENTRYPOINT ["/usr/local/bin/docker-varnish-entrypoint"]
+
+USER varnish
+EXPOSE 80 8443
+CMD []
diff --git a/next/debian/Dockerfile.tmpl b/next/debian/Dockerfile.tmpl
new file mode 100644
index 0000000000..3c0d53e278
--- /dev/null
+++ b/next/debian/Dockerfile.tmpl
@@ -0,0 +1,71 @@
+FROM debian:@DEBIAN@-slim
+
+ARG  PKG_COMMIT=@PKG_COMMIT@
+ARG  VARNISH_VERSION=@VARNISH_VERSION@
+ARG  DIST_SHA512=@DIST_SHA512@
+ARG  VARNISH_MODULES_VERSION=@VARNISH_MODULES_VERSION@
+ARG  VARNISH_MODULES_SHA512SUM=@VARNISH_MODULES_SHA512SUM@
+ARG  VMOD_DYNAMIC_VERSION=@VMOD_DYNAMIC_VERSION@
+ARG  VMOD_DYNAMIC_COMMIT=@VMOD_DYNAMIC_COMMIT@
+ARG  VMOD_DYNAMIC_SHA512SUM=@VMOD_DYNAMIC_SHA512SUM@
+ARG  TOOLBOX_COMMIT=@TOOLBOX_COMMIT@
+ENV  VMOD_DEPS="autoconf-archive automake curl libtool make pkg-config python3-sphinx"
+
+ENV VARNISH_SIZE 100M
+
+RUN set -e; \
+    BASE_PKGS="curl dpkg-dev debhelper devscripts equivs git pkg-config apt-utils fakeroot libgetdns-dev"; \
+    export DEBIAN_FRONTEND=noninteractive; \
+    export DEBCONF_NONINTERACTIVE_SEEN=true; \
+    mkdir -p /work/varnish /pkgs; \
+    apt-get update; \
+    apt-get install -y --no-install-recommends $BASE_PKGS libgetdns10; \
+    \
+    # create users and groups with fixed IDs
+    adduser --uid 1000 --quiet --system --no-create-home --home /nonexistent --group varnish; \
+    adduser --uid 1001 --quiet --system --no-create-home --home /nonexistent --ingroup varnish vcache; \
+    adduser --uid 1002 --quiet --system --no-create-home --home /nonexistent --ingroup varnish varnishlog; \
+    \
+    # varnish
+    cd /work/varnish; \
+    git clone https://github.com/varnishcache/pkg-varnish-cache.git; \
+    cd pkg-varnish-cache; \
+    git checkout @PKG_COMMIT@; \
+    rm -rf .git; \
+    curl -f https://varnish-cache.org/downloads/varnish-@VARNISH_VERSION@.tgz -o $tmpdir/orig.tgz; \
+    echo "@DIST_SHA512@  $tmpdir/orig.tgz" | sha512sum -c -; \
+    tar xavf $tmpdir/orig.tgz --strip 1; \
+    sed -i -e "s|@VERSION@|$VARNISH_VERSION|"  "debian/changelog"; \
+    mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --yes" debian/control; \
+    sed -i '' debian/varnish*; \
+    dpkg-buildpackage -us -uc -j"$(nproc)"; \
+    apt-get -y --no-install-recommends install ../*.deb; \
+    mv ../*dev*.deb /pkgs; \
+    \
+    git clone https://github.com/varnish/toolbox.git; \
+    cd toolbox; \
+    git checkout $TOOLBOX_COMMIT; \
+    cp install-vmod/install-vmod /usr/local/bin/; \
+    cp vcls/verbose_builtin/verbose_builtin.vcl vcls/hit-miss/hit-miss.vcl /etc/varnish/; \
+    \
+    # varnish-modules
+    install-vmod https://github.com/varnish/varnish-modules/releases/download/$VARNISH_MODULES_VERSION/varnish-modules-$VARNISH_MODULES_VERSION.tar.gz $VARNISH_MODULES_SHA512SUM; \
+    \
+    # vmod-dynamic
+    install-vmod https://github.com/nigoroll/libvmod-dynamic/archive/$VMOD_DYNAMIC_COMMIT.tar.gz $VMOD_DYNAMIC_SHA512SUM; \
+    \
+    # clean up
+    apt-get -y purge --auto-remove varnish-build-deps $BASE_PKGS; \
+    rm -rf /var/lib/apt/lists/* /work/ /usr/lib/varnish/vmods/libvmod_*.la; \
+    chown varnish /var/lib/varnish;
+
+WORKDIR /etc/varnish
+
+COPY scripts/ /usr/local/bin/
+COPY default.vcl /etc/varnish/
+
+ENTRYPOINT ["/usr/local/bin/docker-varnish-entrypoint"]
+
+USER varnish
+EXPOSE 80 8443
+CMD []
diff --git a/next/debian/scripts/docker-varnish-entrypoint b/next/debian/scripts/docker-varnish-entrypoint
new file mode 100755
index 0000000000..94073545eb
--- /dev/null
+++ b/next/debian/scripts/docker-varnish-entrypoint
@@ -0,0 +1,18 @@
+#!/bin/sh
+set -e
+
+# this will check if the first argument is a flag
+# but only works if all arguments require a hyphenated flag
+# -v; -SL; -f arg; etc will work, but not arg1 arg2
+if [ "$#" -eq 0 ] || [ "${1#-}" != "$1" ]; then
+    set -- varnishd \
+	    -F \
+	    -f /etc/varnish/default.vcl \
+	    -a http=:${VARNISH_HTTP_PORT:-80},HTTP \
+	    -a proxy=:${VARNISH_PROXY_PORT:-8443},PROXY \
+	    -p feature=+http2 \
+	    -s malloc,$VARNISH_SIZE \
+	    "$@"
+fi
+
+exec "$@"
diff --git a/old/alpine/Dockerfile b/old/alpine/Dockerfile
index fc019d3295..ffb640a357 100644
--- a/old/alpine/Dockerfile
+++ b/old/alpine/Dockerfile
@@ -8,7 +8,7 @@ ARG  VARNISH_MODULES_SHA512SUM=597ac1161224a25c11183fbaaf25412c8f8e0af3bf58fa761
 ARG  VMOD_DYNAMIC_VERSION=2.8.0
 ARG  VMOD_DYNAMIC_COMMIT=af9c51cb53982b42eed6116960015c09171838b0
 ARG  VMOD_DYNAMIC_SHA512SUM=4a91de4a1fc3e6eb925ac5e8c9d56d9786c368fbbb3b957285bd0edf4e955ee19ad1ee6b4b3c4754cf5885be6593c269419c19fea36760513397d92085e105de
-ARG  TOOLBOX_COMMIT=01ff3ec18a955f93880afe18167f17d0bc36cd55
+ARG  TOOLBOX_COMMIT=cfa9ec43a47429ef94f7e04e4abc58c67ad50add
 ENV  VMOD_DEPS="autoconf-archive automake curl libtool make pkgconfig py3-sphinx"
 
 ENV VARNISH_SIZE 100M
diff --git a/old/debian/Dockerfile b/old/debian/Dockerfile
index 537537cc35..4d213d5fae 100644
--- a/old/debian/Dockerfile
+++ b/old/debian/Dockerfile
@@ -8,7 +8,7 @@ ARG  VARNISH_MODULES_SHA512SUM=597ac1161224a25c11183fbaaf25412c8f8e0af3bf58fa761
 ARG  VMOD_DYNAMIC_VERSION=2.8.0
 ARG  VMOD_DYNAMIC_COMMIT=af9c51cb53982b42eed6116960015c09171838b0
 ARG  VMOD_DYNAMIC_SHA512SUM=4a91de4a1fc3e6eb925ac5e8c9d56d9786c368fbbb3b957285bd0edf4e955ee19ad1ee6b4b3c4754cf5885be6593c269419c19fea36760513397d92085e105de
-ARG  TOOLBOX_COMMIT=01ff3ec18a955f93880afe18167f17d0bc36cd55
+ARG  TOOLBOX_COMMIT=cfa9ec43a47429ef94f7e04e4abc58c67ad50add
 ENV  VMOD_DEPS="autoconf-archive automake curl libtool make pkg-config python3-sphinx"
 
 ENV VARNISH_SIZE 100M
diff --git a/populate.sh b/populate.sh
index c3b8a76d2c..453617ec89 100755
--- a/populate.sh
+++ b/populate.sh
@@ -35,10 +35,23 @@ CONFIG='
 		"vmod-dynamic-version": "2.8.0-1",
 		"vmod-dynamic-commit": "15e32fb8cf96752c90d895b0ca31451bd05d92d9",
 		"vmod-dynamic-sha512sum": "d62d7af87770ef370c2e78e5b464f4f7712ebb50281728ca157ff38303f5455f1afdc0f8efaf0040febdf2d0aedbfa4c3369fe0f9d634ed34f185b54876cb4d1"
+	},
+	"next": {
+		"debian": "bookworm",
+		"version": "7.4.2",
+		"tags": "7.4 latest",
+		"pkg-commit": "cfa8cb3724e4ca6398f60b09157715bcb99d189d",
+		"dist-sha512": "acd61a852ac7d66b268ab831d3a771d7a063a6a257b5e7c25c5a2ec9bccefa845279b9bd5fc85dd0b4f1d56da59164a13149355d1e6187e71ad76463687f7971",
+		"varnish-modules-version": "0.22.0",
+		"varnish-modules-sha512sum": "597ac1161224a25c11183fbaaf25412c8f8e0af3bf58fa76161328d8ae97aa7c485cfa6ed50e9f24ce73eca9ddeeb87ee4998427382c0fce633bf43eaf08068a",
+		"vmod-dynamic-version": "2.8.0-1",
+		"vmod-dynamic-commit": "15e32fb8cf96752c90d895b0ca31451bd05d92d9",
+		"vmod-dynamic-sha512sum": "d62d7af87770ef370c2e78e5b464f4f7712ebb50281728ca157ff38303f5455f1afdc0f8efaf0040febdf2d0aedbfa4c3369fe0f9d634ed34f185b54876cb4d1"
+
 	}
 }'
 
-TOOLBOX_COMMIT=01ff3ec18a955f93880afe18167f17d0bc36cd55
+TOOLBOX_COMMIT=cfa9ec43a47429ef94f7e04e4abc58c67ad50add
 
 resolve_json() {
 	echo $CONFIG | jq -r ".[\"$1\"][\"$2\"]"