Fix HTTP 403 when creating GitHub releases by adding workflow-level permissions

Co-authored-by: samip5 <1703002+samip5@users.noreply.github.com>

.circleci/config.yml

@@ -1,21 +0,0 @@
-version: 2
-jobs:
-  build:
-    machine: true
-    steps:
-      - checkout
-      #- run:
-      #    name : Getting docker
-      #    command: curl https://get.docker.com | sh
-      - run:
-          name: Enabling qemu
-          command: docker run --rm --privileged multiarch/qemu-user-static:register --reset
-      - run:
-          name: Building arm based image.
-          command: docker build -t arm-test .
-      - run:
-          name: Listing built images
-          command: docker images
-      # - run:
-      #     name: Running arm based image.
-      #     command: docker run --rm arm-test 

.github/FUNDING.yml

@@ -0,0 +1,2 @@
+github: samip5
+custom: https://www.buymeacoffee.com/skykrypt

.github/ISSUE_TEMPLATE/bug.md

@@ -0,0 +1,29 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels:kind: possible bug
+assignees: ''
+---
+
+# Details
+
+**Image version:**
+
+<!-- Note: This should be the docker image version you're referring to -->
+
+**What steps did you take and what happened:**
+
+<!-- Note: This should be a clear and concise description of what the bug is. -->
+
+**What did you expect to happen:**
+
+<!-- Note: This should be a clear and concise description of what you expected to happen. -->
+
+**Anything else you would like to add:**
+
+<!-- Note: Miscellaneous information that will assist in solving the issue. -->
+
+**Additional Information:**
+
+<!-- Note: Anything to give further context to the bug report. -->

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,6 @@
+---
+blank_issues_enabled: false
+contact_links:
+    - name: Discuss on Discord
+      url: https://discord.gg/PRT86Cdgnr
+      about: Join our Discord community

.github/ISSUE_TEMPLATE/enhancement.md

@@ -0,0 +1,21 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: kind:enhancement
+assignees: ''
+---
+
+# Details
+
+**Describe the solution you'd like:**
+
+<!-- Note: A clear and concise description of what you want to happen. -->
+
+**Anything else you would like to add:**
+
+<!-- Note: Miscellaneous information that will assist in solving the issue. -->
+
+**Additional Information:**
+
+<!-- Note: Anything to give further context to the requested new feature. -->

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,32 @@
+<!--
+Before you open the request please review the following guidelines and tips to help it be more easily integrated:
+
+- Describe the scope of your change - i.e. what the change does.
+- Describe any known limitations with your change.
+- Please run any tests or examples that can exercise your modified code.
+
+Thank you for contributing! We will try to test and integrate the change as soon as we can. There is no need to bump or check in on a pull request (it will clutter the discussion of the request).
+
+Also don't be worried if the request is closed or not integrated sometimes our priorities might not match the priorities of the pull request. Don't fret, the open source community thrives on forks and GitHub makes it easy to keep your changes in a forked repo.
+-->
+
+**Description of the change**
+
+<!-- Describe the scope of your change - i.e. what the change does. -->
+
+**Benefits**
+
+<!-- What benefits will be realized by the code change? -->
+
+**Possible drawbacks**
+
+<!-- Describe any known limitations with your change -->
+
+**Applicable issues**
+
+<!-- Enter any applicable Issues here (You can reference an issue using #) -->
+- fixes #
+
+**Additional information**
+
+<!-- If there's anything else that's important and relevant to your pull request, mention that information here.-->

.github/workflows/main.yml

@@ -0,0 +1,91 @@
+name: Release
+
+on:
+    workflow_dispatch:
+    release:
+     types: [published]
+
+permissions:
+    contents: read
+    packages: write
+
+jobs:
+    build:
+        runs-on: ubuntu-latest
+        if: "!contains(github.event.head_commit.message, '[ci-skip]')"
+        steps:
+          - name: Checkout
+            uses: actions/checkout@v4
+
+          - name: Prepare
+            id: prep
+            run: |
+              DOCKER_IMAGE=phusion/baseimage
+              GIT_BRANCH=${GITHUB_REF##*/}
+              # Set the platforms to build for here and thus reduce duplicating it.
+              PLATFORMS=amd64,arm,arm64
+              TAGS="${DOCKER_IMAGE}:${GIT_BRANCH}, ghcr.io/${{ github.repository_owner }}/baseimage:${GIT_BRANCH}"
+
+              # Determine BASE_IMAGE from release tag prefix (e.g. noble-1.0.2 -> ubuntu:24.04)
+              if [[ "${GIT_BRANCH}" == noble-* ]]; then
+                BASE_IMAGE="ubuntu:24.04"
+              elif [[ "${GIT_BRANCH}" == jammy-* ]]; then
+                BASE_IMAGE="ubuntu:22.04"
+              else
+                # Default to noble (latest LTS) for unrecognised tag prefixes
+                echo "::warning::Unrecognized release tag prefix '${GIT_BRANCH}'. Expected it to start with 'noble-' or 'jammy-'. Defaulting BASE_IMAGE to ubuntu:24.04 (Noble)."
+                BASE_IMAGE="ubuntu:24.04"
+              fi
+              
+              # Set output parameters.
+              
+              if [ "${{github.event_name}}" == "pull_request" ]; then
+                echo "push=false" >> $GITHUB_OUTPUT
+              else
+                echo "push=true" >> $GITHUB_OUTPUT
+                echo "tags=${TAGS}" >> $GITHUB_OUTPUT
+                echo "branch=${GIT_BRANCH}" >> $GITHUB_OUTPUT
+                echo "docker_image=${DOCKER_IMAGE}" >> $GITHUB_OUTPUT
+              fi
+              echo "platforms=${PLATFORMS}" >> $GITHUB_OUTPUT
+              echo "base_image=${BASE_IMAGE}" >> $GITHUB_OUTPUT
+
+
+          - name: Set up QEMU
+            uses: docker/setup-qemu-action@v3
+            with:
+              platforms: ${{ steps.prep.outputs.platforms }}
+
+          - name: Login to GHCR (Github Container Registry)
+            uses: docker/login-action@v3
+            if: github.event_name != 'pull_request'
+            with:
+             registry: ghcr.io
+             username: ${{ github.actor }}
+             password: ${{ secrets.GITHUB_TOKEN }}
+
+          - name: Set up Docker Buildx
+            id: buildx
+            uses: docker/setup-buildx-action@v3
+            with:
+              install: true
+              version: latest
+              driver-opts: image=moby/buildkit:latest
+
+
+          - name: Login to Docker Hub
+            if: github.event_name != 'pull_request'
+            uses: docker/login-action@v3
+            with:
+                username: ${{ secrets.DOCKER_USERNAME }}
+                password: ${{ secrets.DOCKER_PASSWORD }}
+
+          - name: Build and Push
+            uses: docker/build-push-action@v6
+            with:
+              builder: ${{ steps.buildx.outputs.name }}
+              context: image
+              platforms: ${{ steps.prep.outputs.platforms }}
+              push: ${{ steps.prep.outputs.push }}
+              tags: ${{ steps.prep.outputs.tags }}
+              build-args: BASE_IMAGE=${{ steps.prep.outputs.base_image }}

.github/workflows/scheduled-build.yml

@@ -0,0 +1,121 @@
+name: Scheduled Security Build
+
+on:
+    schedule:
+        - cron: '0 2 * * 0'  # Every Sunday at 02:00 UTC
+    workflow_dispatch:
+
+permissions:
+    contents: write
+    packages: write
+
+jobs:
+    build:
+        runs-on: ubuntu-latest
+        permissions:
+            contents: write
+            packages: write
+        strategy:
+            fail-fast: false
+            matrix:
+                include:
+                    - ubuntu_codename: noble
+                      base_image: ubuntu:24.04
+                    - ubuntu_codename: jammy
+                      base_image: ubuntu:22.04
+        steps:
+          - name: Get latest release tag and compute next patch version
+            id: release
+            run: |
+              LATEST_TAG=$(gh release list \
+                --repo ${{ github.repository }} \
+                --exclude-pre-releases \
+                --exclude-drafts \
+                --json tagName \
+                --jq '[.[] | select(.tagName | startswith("${{ matrix.ubuntu_codename }}-"))] | first | .tagName')
+              if [ -z "${LATEST_TAG}" ]; then
+                echo "No release found for ${{ matrix.ubuntu_codename }} track" >&2
+                exit 1
+              fi
+              # Extract version and bump patch: noble-1.0.2 -> noble-1.0.3
+              if ! echo "${LATEST_TAG}" | grep -qE '^[a-z]+-[0-9]+\.[0-9]+\.[0-9]+$'; then
+                echo "Tag '${LATEST_TAG}' does not match expected format <codename>-<major>.<minor>.<patch>" >&2
+                exit 1
+              fi
+              PREFIX="${LATEST_TAG%.*}"            # noble-1.0
+              PATCH="${LATEST_TAG##*.}"            # 2
+              NEXT_PATCH=$((PATCH + 1))
+              NEXT_TAG="${PREFIX}.${NEXT_PATCH}"  # noble-1.0.3
+              echo "current_tag=${LATEST_TAG}" >> $GITHUB_OUTPUT
+              echo "next_tag=${NEXT_TAG}" >> $GITHUB_OUTPUT
+            env:
+              GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+          - name: Checkout release tag
+            uses: actions/checkout@v4
+            with:
+              ref: ${{ steps.release.outputs.current_tag }}
+
+          - name: Prepare
+            id: prep
+            run: |
+              DOCKER_IMAGE=phusion/baseimage
+              NEXT_TAG=${{ steps.release.outputs.next_tag }}
+              PLATFORMS=amd64,arm,arm64
+              TAGS="${DOCKER_IMAGE}:${NEXT_TAG}"
+              TAGS="${TAGS}, ${DOCKER_IMAGE}:${{ matrix.ubuntu_codename }}"
+              TAGS="${TAGS}, ghcr.io/${{ github.repository_owner }}/baseimage:${NEXT_TAG}"
+              TAGS="${TAGS}, ghcr.io/${{ github.repository_owner }}/baseimage:${{ matrix.ubuntu_codename }}"
+              echo "tags=${TAGS}" >> $GITHUB_OUTPUT
+              echo "platforms=${PLATFORMS}" >> $GITHUB_OUTPUT
+
+          - name: Set up QEMU
+            uses: docker/setup-qemu-action@v3
+            with:
+              platforms: ${{ steps.prep.outputs.platforms }}
+
+          - name: Set up Docker Buildx
+            uses: docker/setup-buildx-action@v3
+            with:
+              install: true
+              version: latest
+              driver-opts: image=moby/buildkit:latest
+
+          - name: Login to GHCR (Github Container Registry)
+            uses: docker/login-action@v3
+            with:
+              registry: ghcr.io
+              username: ${{ github.actor }}
+              password: ${{ secrets.GITHUB_TOKEN }}
+
+          - name: Login to Docker Hub
+            uses: docker/login-action@v3
+            with:
+              username: ${{ secrets.DOCKER_USERNAME }}
+              password: ${{ secrets.DOCKER_PASSWORD }}
+
+          - name: Build and Push
+            uses: docker/build-push-action@v6
+            with:
+              context: image
+              platforms: ${{ steps.prep.outputs.platforms }}
+              push: true
+              tags: ${{ steps.prep.outputs.tags }}
+              build-args: BASE_IMAGE=${{ matrix.base_image }}
+              no-cache: true
+
+          - name: Create GitHub Release
+            run: |
+              gh release create "${{ steps.release.outputs.next_tag }}" \
+                --repo "${{ github.repository }}" \
+                --target "${{ steps.release.outputs.current_tag }}" \
+                --title "${{ steps.release.outputs.next_tag }}" \
+                --notes "Automated weekly security rebuild of \`${{ steps.release.outputs.current_tag }}\` with latest \`${{ matrix.base_image }}\` packages.
+
+              Images pushed:
+              - \`phusion/baseimage:${{ steps.release.outputs.next_tag }}\`
+              - \`phusion/baseimage:${{ matrix.ubuntu_codename }}\`
+              - \`ghcr.io/${{ github.repository_owner }}/baseimage:${{ steps.release.outputs.next_tag }}\`
+              - \`ghcr.io/${{ github.repository_owner }}/baseimage:${{ matrix.ubuntu_codename }}\`"
+            env:
+              GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/stale.yml

@@ -0,0 +1,20 @@
+name: 'Close stale issues and PRs'
+on:
+  schedule:
+    - cron: '0 1 * * *'
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/stale@v9
+        with:
+          stale-issue-message: 'This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.'
+          stale-pr-message: 'This Pull Request has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thank you for your contribution.'
+          close-issue-message: 'Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.'
+          close-pr-message: 'Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Pull Request. Do not hesitate to reopen it later if necessary.'
+          days-before-stale: 15
+          days-before-close: 5
+          exempt-issue-labels: 'on-hold'
+          exempt-pr-labels: 'on-hold'
+          operations-per-run: 50

.travis.yml

@@ -1,53 +0,0 @@
-os: linux
-
-dist: bionic
-
-language: c
-
-services:
-  - docker
-
-addons:
-  apt:
-    packages:
-      - docker-ce
-      - qemu-user-static
-
-env:
-  global:
-    # - VERSION=${TRAVIS_TAG}
-    - VERSION=${TRAVIS_BRANCH}
-    - DOCKER_CLI_EXPERIMENTAL=enabled
-    - QEMU_VERSION=v4.0.0
-
-  matrix:
-    # PLATFORM = Base image architecture to be used
-    # QEMU_ARCH = qemu binary to be downloaded from https://github.com/multiarch/qemu-user-static/releases
-    # TAG_ARCH = Tag to be applied to the image when upload to DockerHub
-    - PLATFORM=amd64 QEMU_ARCH=i386   TAG_ARCH=386
-    - PLATFORM=amd64 QEMU_ARCH=amd64   TAG_ARCH=amd64
-    - PLATFORM=arm64 QEMU_ARCH=aarch64 TAG_ARCH=arm64
-#     - PLATFORM=arm   QEMU_ARCH=arm     TAG_ARCH=arm
-    - PLATFORM=ppc64le   QEMU_ARCH=ppc64le     TAG_ARCH=ppc64le
-#     - PLATFORM=s390x   QEMU_ARCH=s390x     TAG_ARCH=s390x
-
-before_script:
-  - echo '{"experimental":true}' | sudo tee /etc/docker/daemon.json
-  - sudo service docker restart
-
-script:
-  - make build test
-  - if [[ $TRAVIS_PULL_REQUEST == 'false' ]]; then
-    docker login -u "${DOCKER_USERNAME}" -p "${DOCKER_PASSWORD}";
-    make release;
-    fi
-
-jobs:
-  include:
-    - stage: deploy
-      env:
-        - ARCHS="amd64 arm64 386 ppc64le"
-      script:
-        - echo $NAME:$VERSION_TAG
-        - echo "$DOCKER_PASSWORD" | docker login --username "$DOCKER_USERNAME" --password-stdin
-        - make build_multiarch

LICENSE.txt

@@ -1,4 +1,4 @@
-Copyright (c) 2013-2015 Phusion Holding B.V.
+Copyright (c) 2013-2025 Phusion Holding B.V.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

Makefile

@@ -1,4 +1,4 @@
-VERSION ?= focal-1.0.0-pre
+VERSION ?= noble-1.0.2
 ifdef BASE_IMAGE
 	BUILD_ARG = --build-arg BASE_IMAGE=$(BASE_IMAGE)
 	ifndef NAME
@@ -23,7 +23,6 @@ VERSION_ARG ?= $(VERSION)
 all: build
 
 build:
-	./build.sh
 	docker build --no-cache -t $(NAME):$(VERSION_ARG) $(BUILD_ARG) --build-arg QEMU_ARCH=$(QEMU_ARCH) --platform $(PLATFORM) --rm image
 
 build_multiarch:

README.md

@@ -1,7 +1,6 @@
 # A minimal Ubuntu base image modified for Docker-friendliness
 
-[![](https://badge.imagelayers.io/phusion/baseimage:latest.svg)](https://imagelayers.io/?images=phusion/baseimage:latest 'Get your own badge on imagelayers.io')
+[![Release](https://github.com/phusion/baseimage-docker/actions/workflows/main.yml/badge.svg)](https://github.com/phusion/baseimage-docker/actions/workflows/main.yml)
-[![Travis](https://img.shields.io/travis/phusion/baseimage-docker.svg)](https://travis-ci.org/phusion/baseimage-docker)
 
 _Baseimage-docker only consumes 8.3 MB RAM and is much more powerful than Busybox or Alpine. See why below._
 
@@ -13,7 +12,7 @@ Baseimage-docker is a special [Docker](https://www.docker.com) image that is con
 
 You can use it as a base for your own Docker images.
 
-Baseimage-docker is available for pulling from [the Docker registry](https://registry.hub.docker.com/r/phusion/baseimage/)!
+Baseimage-docker is available for pulling from [the Docker registry](https://hub.docker.com/r/phusion/baseimage) and [GHCR (GitHub Container Registry)](https://github.com/phusion/baseimage-docker/pkgs/container/baseimage)!
 
 ### What are the problems with the stock Ubuntu base image?
 
@@ -36,7 +35,7 @@ You can configure the stock `ubuntu` image yourself from your Dockerfile, so why
 **Related resources**:
   [Website](http://phusion.github.io/baseimage-docker/) |
   [Github](https://github.com/phusion/baseimage-docker) |
-  [Docker registry](https://index.docker.io/u/phusion/baseimage/) |
+  [Docker registry](https://registry.hub.docker.com/r/phusion/baseimage/) |
   [Discussion forum](https://groups.google.com/d/forum/passenger-docker) |
   [Twitter](https://twitter.com/phusion_nl) |
   [Blog](http://blog.phusion.nl/)
@@ -87,7 +86,7 @@ You can configure the stock `ubuntu` image yourself from your Dockerfile, so why
 
 | Component        | Why is it included? / Remarks |
 | ---------------- | ------------------- |
-| Ubuntu 20.04 LTS | The base system. |
+| Ubuntu 24.04 LTS | The base system. |
 | A **correct** init process | _Main article: [Docker and the PID 1 zombie reaping problem](http://blog.phusion.nl/2015/01/20/docker-and-the-pid-1-zombie-reaping-problem/)._ <br><br>According to the Unix process model, [the init process](https://en.wikipedia.org/wiki/Init) -- PID 1 -- inherits all [orphaned child processes](https://en.wikipedia.org/wiki/Orphan_process) and must [reap them](https://en.wikipedia.org/wiki/Wait_(system_call)). Most Docker containers do not have an init process that does this correctly. As a result, their containers become filled with [zombie processes](https://en.wikipedia.org/wiki/Zombie_process) over time. <br><br>Furthermore, `docker stop` sends SIGTERM to the init process, which stops all services. Unfortunately most init systems don't do this correctly within Docker since they're built for hardware shutdowns instead. This causes processes to be hard killed with SIGKILL, which doesn't give them a chance to correctly deinitialize things. This can cause file corruption. <br><br>Baseimage-docker comes with an init process `/sbin/my_init` that performs both of these tasks correctly. |
 | Fixes APT incompatibilities with Docker | See https://github.com/dotcloud/docker/issues/1024. |
 | syslog-ng | A syslog daemon is necessary so that many services - including the kernel itself - can correctly log to /var/log/syslog. If no syslog daemon is running, a lot of important messages are silently swallowed. <br><br>Only listens locally. All syslog messages are forwarded to "docker logs".<br><br>Why syslog-ng?<br>I've had bad experience with rsyslog. I regularly run into bugs with rsyslog, and once in a while it takes my log host down by entering a 100% CPU loop in which it can't do anything. Syslog-ng seems to be much more stable. |
@@ -587,7 +586,7 @@ Start a virtual machine with Docker in it. You can use the Vagrantfile that we'v
 
 First, install `vagrant-disksize` plug-in:
 
-    vagrant plugin install vagrant-disksize:
+    vagrant plugin install vagrant-disksize
 
 Then, start the virtual machine
 
@@ -645,6 +644,6 @@ Then you can proceed with `make build` command.
  * Looking for a more complete base image, one that is ideal for Ruby, Python, Node.js and Meteor web apps? Take a look at [passenger-docker](https://github.com/phusion/passenger-docker).
  * Need a helping hand? Phusion also offers [consulting](https://www.phusion.nl/consultancy) on a wide range of topics, including Web Development, UI/UX Research & Design, Technology Migration and Auditing. 
 
-[<img src="https://www.phusion.nl/images/mark_logotype.svg">](https://www.phusion.nl/)
+[<img src="https://avatars.githubusercontent.com/u/830588?s=200&v=4">](https://www.phusion.nl/)
 
 Please enjoy baseimage-docker, a product by [Phusion](http://www.phusion.nl/). :-)

README_ZH_cn_.md

@@ -82,7 +82,7 @@ Baseimage-docker让这一切完美。在"内容"部分描述了所有这些修
 
 | 模块        | 为什么包含这些？以及备注 |
 | ---------------- | ------------------- |
-| Ubuntu 20.04 LTS | 基础系统。 |
+| Ubuntu 24.04 LTS | 基础系统。 |
 | 一个**正确**的初始化进程  | *主要文章：[Docker和PID 1 僵尸进程回收问题](http://blog.phusion.nl/2015/01/20/docker-and-the-pid-1-zombie-reaping-problem/)*<br/><br/>根据Unix进程模型，[初始化进程](https://en.wikipedia.org/wiki/Init) -- PID 1 -- 继承了所有[孤立的子进程](https://en.wikipedia.org/wiki/Orphan_process)，并且必须[进行回收](https://en.wikipedia.org/wiki/Wait_(system_call))。大多数Docker容器没有一个初始化进程可以正确的完成此操作，随着时间的推移会导致他们的容器出现了大量的[僵尸进程](https://en.wikipedia.org/wiki/Zombie_process)。<br/><br/>而且，`docker stop`发送SIGTERM信号给初始化进程，照理说此信号应该可以停止所有服务。不幸的是由于它们对硬件进行了关闭操作，导致Docker内的大多数初始化系统没有正确执行。这会导致进程强行被SIGKILL信号关闭，从而丧失了一个正确取消初始化设置的机会。这会导致文件损坏。<br/><br/>Baseimage-docker配有一个名为`/sbin/my_init`的初始化进程来同时正确的完成这些任务。 |
 | 修复了APT与Docker不兼容的问题 | 详情参见：https://github.com/dotcloud/docker/issues/1024 。 |
 | syslog-ng | 对于很多服务－包括kernel自身，都需要一个syslog后台进程，以便可以正确的将log输出到/var/log/syslog中。如果没有运行syslog后台进程，很多重要的信息就会默默的丢失了。<br/><br/>只对本地进行监听。所有syslog信息会被转发给“docker logs”。 |

README_zh_tw.md

@@ -82,7 +82,7 @@ Baseimage-docker讓這一切完美。在"內容"部分描述了所有這些修
 
 | 模塊        | 爲什麼包含這些？以及備註 |
 | ---------------- | ------------------- |
-| Ubuntu 20.04 LTS | 基礎系統。 |
+| Ubuntu 24.04 LTS | 基礎系統。 |
 | 一個**正確**的初始化行程  | *主要文章：[Docker和PID 1 殭屍行程回收問題](http://blog.phusion.nl/2015/01/20/docker-and-the-pid-1-zombie-reaping-problem/)*<br/><br/>根據Unix行程模型，[初始化行程](https://en.wikipedia.org/wiki/Init) -- PID 1 -- 繼承了所有[孤立的子行程](https://en.wikipedia.org/wiki/Orphan_process)，並且必須[進行回收](https://en.wikipedia.org/wiki/Wait_(system_call))。大多數Docker容器沒有一個初始化行程可以正確的完成此操作，隨着時間的推移會導致他們的容器出現了大量的[殭屍行程](https://en.wikipedia.org/wiki/Zombie_process)。<br/><br/>而且，`docker stop`發送SIGTERM信號給初始化行程，照理說此信號應該可以停止所有服務。不幸的是由於它們對硬體進行了關閉操作，導致Docker內的大多數初始化系統沒有正確執行。這會導致行程強行被SIGKILL信號關閉，從而喪失了一個正確取消初始化設置的機會。這會導致文件損壞。<br/><br/>Baseimage-docker配有一個名爲`/sbin/my_init`的初始化行程來同時正確的完成這些任務。 |
 | 修復了APT與Docker不兼容的問題 | 詳情參見：https://github.com/dotcloud/docker/issues/1024 。 |
 | syslog-ng | 對於很多服務－包括kernel自身，都需要一個syslog後臺行程，以便可以正確的將log輸出到/var/log/syslog中。如果沒有運行syslog後臺行程，很多重要的信息就會默默的丟失了。<br/><br/>只對本地進行監聽。所有syslog信息會被轉發給“docker logs”。 |

Vagrantfile

@@ -9,37 +9,37 @@ Vagrant.configure("2") do |config|
 	# The most common configuration options are documented and commented below.
 	# For a complete reference, please see the online documentation at
 	# https://docs.vagrantup.com.
-  
+
 	# Every Vagrant development environment requires a box. You can search for
 	# boxes at https://atlas.hashicorp.com/search.
-	config.vm.box = "ubuntu/focal64"
+	config.vm.box = "ubuntu/noble64"
 	config.disksize.size = '50GB'
-  
+
 	# Disable automatic box update checking. If you disable this, then
 	# boxes will only be checked for updates when the user runs
 	# `vagrant box outdated`. This is not recommended.
 	# config.vm.box_check_update = false
-  
+
 	# Create a forwarded port mapping which allows access to a specific port
 	# within the machine from a port on the host machine. In the example below,
 	# accessing "localhost:8080" will access port 80 on the guest machine.
 	# config.vm.network "forwarded_port", guest: 80, host: 8080
-  
+
 	# Create a private network, which allows host-only access to the machine
 	# using a specific IP.
 	# config.vm.network "private_network", ip: "192.168.33.10"
-  
+
 	# Create a public network, which generally matched to bridged network.
 	# Bridged networks make the machine appear as another physical device on
 	# your network.
 	# config.vm.network "public_network"
-  
+
 	# Share an additional folder to the guest VM. The first argument is
 	# the path on the host to the actual folder. The second argument is
 	# the path on the guest to mount the folder. And the optional third
 	# argument is a set of non-required options.
 	# config.vm.synced_folder "../data", "/vagrant_data"
-  
+
 	# Provider-specific configuration so you can fine-tune various
 	# backing providers for Vagrant. These expose provider-specific options.
 	# Example for VirtualBox:
@@ -54,14 +54,14 @@ Vagrant.configure("2") do |config|
 	#
 	# View the documentation for the provider you are using for more
 	# information on available options.
-  
+
 	# Define a Vagrant Push strategy for pushing to Atlas. Other push strategies
 	# such as FTP and Heroku are also available. See the documentation at
 	# https://docs.vagrantup.com/v2/push/atlas.html for more information.
 	# config.push.define "atlas" do |push|
 	#   push.app = "YOUR_ATLAS_USERNAME/YOUR_APPLICATION_NAME"
 	# end
-  
+
 	# Enable provisioning with a shell script. Additional provisioners such as
 	# Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the
 	# documentation for more information about their specific syntax and use.
@@ -72,4 +72,3 @@ Vagrant.configure("2") do |config|
 	config.vm.provision :shell,
 	  path: "vagrant-libs/bootstrap.sh"
   end
-  

image/Dockerfile

@@ -1,8 +1,8 @@
-ARG BASE_IMAGE=ubuntu:20.04
+ARG BASE_IMAGE=ubuntu:24.04
 FROM $BASE_IMAGE
 
 ARG QEMU_ARCH
-ADD x86_64_qemu-${QEMU_ARCH}-static.tar.gz /usr/bin
+#ADD x86_64_qemu-${QEMU_ARCH}-static.tar.gz /usr/bin
 
 COPY . /bd_build
 

image/bin/my_init

@@ -22,7 +22,7 @@ LOG_LEVEL_WARN = 1
 LOG_LEVEL_INFO = 2
 LOG_LEVEL_DEBUG = 3
 
-SHENV_NAME_WHITELIST_REGEX = re.compile('\W')
+SHENV_NAME_WHITELIST_REGEX = re.compile(r'\W')
 
 log_level = None
 
@@ -93,7 +93,7 @@ def import_envvars(clear_existing_environment=True, override_existing_environmen
             # Text files often end with a trailing newline, which we
             # don't want to include in the env variable value. See
             # https://github.com/phusion/baseimage-docker/pull/49
-            value = re.sub('\n\Z', '', f.read())
+            value = re.sub('\n\\Z', '', f.read())
         new_env[name] = value
     if clear_existing_environment:
         os.environ.clear()

image/prepare.sh

@@ -11,9 +11,12 @@ mkdir -p /etc/container_environment
 echo -n no > /etc/container_environment/INITRD
 
 ## Enable Ubuntu Universe, Multiverse, and deb-src for main.
-sed -i 's/^#\s*\(deb.*main restricted\)$/\1/g' /etc/apt/sources.list
+if grep -E '^ID=' /etc/os-release | grep -q ubuntu; then
-sed -i 's/^#\s*\(deb.*universe\)$/\1/g' /etc/apt/sources.list
+  sed -i 's/^#\s*\(deb.*main restricted\)$/\1/g' /etc/apt/sources.list
-sed -i 's/^#\s*\(deb.*multiverse\)$/\1/g' /etc/apt/sources.list
+  sed -i 's/^#\s*\(deb.*universe\)$/\1/g' /etc/apt/sources.list
+  sed -i 's/^#\s*\(deb.*multiverse\)$/\1/g' /etc/apt/sources.list
+fi
+
 apt-get update
 
 ## Fix some issues with APT packages.
@@ -47,6 +50,7 @@ case $(lsb_release -is) in
     ;;
   Debian)
     $minimal_apt_get_install locales locales-all
+    echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
     ;;
   *)
     ;;

image/services/cron/cron.sh

@@ -17,3 +17,4 @@ rm -f /etc/cron.daily/upstart
 rm -f /etc/cron.daily/dpkg
 rm -f /etc/cron.daily/password
 rm -f /etc/cron.weekly/fstrim
+rm -f /etc/cron.d/e2scrub_all

image/services/syslog-ng/logrotate.conf

@@ -18,19 +18,4 @@ create
 # packages drop log rotation information into this directory
 include /etc/logrotate.d
 
-# no packages own wtmp, or btmp -- we'll rotate them here
-/var/log/wtmp {
-    missingok
-    monthly
-    create 0664 root utmp
-    rotate 1
-}
-
-/var/log/btmp {
-    missingok
-    monthly
-    create 0660 root utmp
-    rotate 1
-}
-
 # system-specific logs may be configured here

image/services/syslog-ng/smart-multi-line.fsm

@@ -0,0 +1,83 @@
+#
+# Copyright 2023 Balazs Scheidler
+# Copyright 2016 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# The regular expressions were extracted from
+# https://github.com/GoogleCloudPlatform/fluent-plugin-detect-exceptions
+# and converted into a TSV format by Balazs Scheidler.
+#
+# List of tab separated fields
+#
+# comma-separated-states /regexp/ new_state
+#
+
+# java
+start_state,java_start_exception	/(?:Exception|Error|Throwable|V8 errors stack trace)[:\r\n]/	java_after_exception
+java_after_exception	/^[\t ]*nested exception is:[\t ]*/	java_start_exception
+java_after_exception	/^[\r\n]*$/	java_after_exception
+java_after_exception,java	/^[\t ]+(?:eval )?at /	java
+java_after_exception,java	/^[\t ]+--- End of inner exception stack trace ---$/	java
+java_after_exception,java	/^--- End of stack trace from previous location where exception was thrown ---$/	java
+java_after_exception,java	/^[\t ]*(?:Caused by|Suppressed):/	java_after_exception
+java_after_exception,java	/^[\t ]*... \d+ (?:more|common frames omitted)/	java
+
+# python
+start_state	/^Traceback \(most recent call last\):$/	python
+python	/^[\t ]*File /	python_code
+python_code	/[^\t ]/	python
+python	/^(?:[^\s.():]+\.)*[^\s.():]+:/	start_state
+
+# PHP
+start_state	/(?:PHP\ (?:Notice|Parse\ error|Fatal\ error|Warning):)|(?:exception\ '[^']+'\ with\ message\ ')/	php_stack_begin
+php_stack_begin	/^Stack trace:/	php_stack_frames
+php_stack_frames	/^#\d/	php_stack_frames
+php_stack_frames	/^\s+thrown in /	start_state
+
+# Go
+start_state	/\bpanic: /	go_after_panic
+start_state	/http: panic serving/	go_goroutine
+go_after_panic,go_after_signal,go_frame_1	/^$/	go_goroutine
+go_after_panic	/^\[signal /	go_after_signal
+go_goroutine	/^goroutine \d+ \[[^\]]+\]:$/	go_frame_1
+go_frame_1	/^(?:[^\s.:]+\.)*[^\s.():]+\(|^created by /	go_frame_2
+go_frame_2	/^\s/	go_frame_1
+
+# Ruby
+start_state	/Error \(.*\):$/	ruby_before_rails_trace
+ruby_before_rails_trace	/^  $/	ruby
+ruby_before_rails_trace	/^[\t ]+.*?\.rb:\d+:in `/	ruby
+ruby	/^[\t ]+.*?\.rb:\d+:in `/	ruby
+
+# Dart
+start_state	/^Unhandled exception:$/	dart_exc
+dart_exc	/^(Instance of)|(Exception)|(Bad state)|(IntegerDivisionByZeroException)|(Invalid argument)|(RangeError)|(Assertion failed)|(Cannot instantiate)|(Reading static variable)|(UnimplementedError)|(Unsupported operation)|(Concurrent modification)|(Out of Memory)|(Stack Overflow)/	dart_stack
+dart_exc	/^'.+?':.+?$/	dart_type_err_1
+dart_type_err_1	/^#\d+\s+.+?\(.+?\)$/	dart_stack
+dart_type_err_1	/^.+?$/	dart_type_err_2
+dart_type_err_2	/^.*?\^.*?$/	dart_type_err_3
+dart_type_err_3	/^$/	dart_type_err_4
+dart_type_err_4	/^$/	dart_stack
+dart_exc	/^FormatException/	dart_format_err_1
+dart_format_err_1	/^#\d+\s+.+?\(.+?\)$/	dart_stack
+dart_format_err_1	/^./	dart_format_err_2
+dart_format_err_2	/^.*?\^/	dart_format_err_3
+dart_format_err_3	/^$/	dart_stack
+dart_exc	/^NoSuchMethodError:/	dart_method_err_1
+dart_method_err_1	/^Receiver:/	dart_method_err_2
+dart_method_err_2	/^Tried calling:/	dart_method_err_3
+dart_method_err_3	/^Found:/	dart_stack
+dart_method_err_3	/^#\d+\s+.+?\(.+?\)$/	dart_stack
+dart_stack	/^#\d+\s+.+?\(.+?\)$/	dart_stack
+dart_stack	/^<asynchronous suspension>$/	dart_stack

image/services/syslog-ng/syslog-ng.conf

@@ -1,4 +1,4 @@
-@version: 3.13
+@version: 4.3
 @include "scl.conf"
 
 # Syslog-ng configuration file, compatible with default Debian syslogd
@@ -6,8 +6,8 @@
 
 # First, set some global options.
 options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);
-    owner("root"); group("adm"); perm(0640); stats_freq(0);
+	  dns_cache(no); owner("root"); group("adm"); perm(0640);
-    bad_hostname("^gconfd$");
+	  stats(freq(0)); bad_hostname("^gconfd$");
 };
 
 ########################

image/services/syslog-ng/syslog-ng.sh

@@ -9,6 +9,7 @@ SYSLOG_NG_BUILD_PATH=/bd_build/services/syslog-ng
 $minimal_apt_get_install syslog-ng-core
 cp $SYSLOG_NG_BUILD_PATH/syslog-ng.init /etc/my_init.d/10_syslog-ng.init
 cp $SYSLOG_NG_BUILD_PATH/syslog-ng.shutdown /etc/my_init.post_shutdown.d/10_syslog-ng.shutdown
+cp $SYSLOG_NG_BUILD_PATH/smart-multi-line.fsm /usr/share/syslog-ng/smart-multi-line.fsm
 mkdir -p /var/lib/syslog-ng
 cp $SYSLOG_NG_BUILD_PATH/syslog_ng_default /etc/default/syslog-ng
 touch /var/log/syslog