Fix HTTP 403 when creating GitHub releases by adding workflow-level permissions

Co-authored-by: samip5 <1703002+samip5@users.noreply.github.com>

.github/workflows/main.yml

@@ -4,13 +4,18 @@ on:
     workflow_dispatch:
     release:
      types: [published]
+
+permissions:
+    contents: read
+    packages: write
+
 jobs:
     build:
         runs-on: ubuntu-latest
         if: "!contains(github.event.head_commit.message, '[ci-skip]')"
         steps:
           - name: Checkout
-            uses: actions/checkout@v2
+            uses: actions/checkout@v4
 
           - name: Prepare
             id: prep
@@ -21,6 +26,17 @@ jobs:
               PLATFORMS=amd64,arm,arm64
               TAGS="${DOCKER_IMAGE}:${GIT_BRANCH}, ghcr.io/${{ github.repository_owner }}/baseimage:${GIT_BRANCH}"
 
+              # Determine BASE_IMAGE from release tag prefix (e.g. noble-1.0.2 -> ubuntu:24.04)
+              if [[ "${GIT_BRANCH}" == noble-* ]]; then
+                BASE_IMAGE="ubuntu:24.04"
+              elif [[ "${GIT_BRANCH}" == jammy-* ]]; then
+                BASE_IMAGE="ubuntu:22.04"
+              else
+                # Default to noble (latest LTS) for unrecognised tag prefixes
+                echo "::warning::Unrecognized release tag prefix '${GIT_BRANCH}'. Expected it to start with 'noble-' or 'jammy-'. Defaulting BASE_IMAGE to ubuntu:24.04 (Noble)."
+                BASE_IMAGE="ubuntu:24.04"
+              fi
+              
               # Set output parameters.
               
               if [ "${{github.event_name}}" == "pull_request" ]; then
@@ -32,15 +48,16 @@ jobs:
                 echo "docker_image=${DOCKER_IMAGE}" >> $GITHUB_OUTPUT
               fi
               echo "platforms=${PLATFORMS}" >> $GITHUB_OUTPUT
+              echo "base_image=${BASE_IMAGE}" >> $GITHUB_OUTPUT
 
 
           - name: Set up QEMU
-            uses: docker/setup-qemu-action@v1
+            uses: docker/setup-qemu-action@v3
             with:
               platforms: ${{ steps.prep.outputs.platforms }}
 
           - name: Login to GHCR (Github Container Registry)
-            uses: docker/login-action@v1
+            uses: docker/login-action@v3
             if: github.event_name != 'pull_request'
             with:
              registry: ghcr.io
@@ -49,7 +66,7 @@ jobs:
 
           - name: Set up Docker Buildx
             id: buildx
-            uses: docker/setup-buildx-action@v1
+            uses: docker/setup-buildx-action@v3
             with:
               install: true
               version: latest
@@ -58,16 +75,17 @@ jobs:
 
           - name: Login to Docker Hub
             if: github.event_name != 'pull_request'
-            uses: docker/login-action@v1
+            uses: docker/login-action@v3
             with:
                 username: ${{ secrets.DOCKER_USERNAME }}
                 password: ${{ secrets.DOCKER_PASSWORD }}
 
           - name: Build and Push
-            uses: docker/build-push-action@v2
+            uses: docker/build-push-action@v6
             with:
               builder: ${{ steps.buildx.outputs.name }}
               context: image
               platforms: ${{ steps.prep.outputs.platforms }}
               push: ${{ steps.prep.outputs.push }}
               tags: ${{ steps.prep.outputs.tags }}
+              build-args: BASE_IMAGE=${{ steps.prep.outputs.base_image }}

.github/workflows/scheduled-build.yml

@@ -0,0 +1,121 @@
+name: Scheduled Security Build
+
+on:
+    schedule:
+        - cron: '0 2 * * 0'  # Every Sunday at 02:00 UTC
+    workflow_dispatch:
+
+permissions:
+    contents: write
+    packages: write
+
+jobs:
+    build:
+        runs-on: ubuntu-latest
+        permissions:
+            contents: write
+            packages: write
+        strategy:
+            fail-fast: false
+            matrix:
+                include:
+                    - ubuntu_codename: noble
+                      base_image: ubuntu:24.04
+                    - ubuntu_codename: jammy
+                      base_image: ubuntu:22.04
+        steps:
+          - name: Get latest release tag and compute next patch version
+            id: release
+            run: |
+              LATEST_TAG=$(gh release list \
+                --repo ${{ github.repository }} \
+                --exclude-pre-releases \
+                --exclude-drafts \
+                --json tagName \
+                --jq '[.[] | select(.tagName | startswith("${{ matrix.ubuntu_codename }}-"))] | first | .tagName')
+              if [ -z "${LATEST_TAG}" ]; then
+                echo "No release found for ${{ matrix.ubuntu_codename }} track" >&2
+                exit 1
+              fi
+              # Extract version and bump patch: noble-1.0.2 -> noble-1.0.3
+              if ! echo "${LATEST_TAG}" | grep -qE '^[a-z]+-[0-9]+\.[0-9]+\.[0-9]+$'; then
+                echo "Tag '${LATEST_TAG}' does not match expected format <codename>-<major>.<minor>.<patch>" >&2
+                exit 1
+              fi
+              PREFIX="${LATEST_TAG%.*}"            # noble-1.0
+              PATCH="${LATEST_TAG##*.}"            # 2
+              NEXT_PATCH=$((PATCH + 1))
+              NEXT_TAG="${PREFIX}.${NEXT_PATCH}"  # noble-1.0.3
+              echo "current_tag=${LATEST_TAG}" >> $GITHUB_OUTPUT
+              echo "next_tag=${NEXT_TAG}" >> $GITHUB_OUTPUT
+            env:
+              GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+          - name: Checkout release tag
+            uses: actions/checkout@v4
+            with:
+              ref: ${{ steps.release.outputs.current_tag }}
+
+          - name: Prepare
+            id: prep
+            run: |
+              DOCKER_IMAGE=phusion/baseimage
+              NEXT_TAG=${{ steps.release.outputs.next_tag }}
+              PLATFORMS=amd64,arm,arm64
+              TAGS="${DOCKER_IMAGE}:${NEXT_TAG}"
+              TAGS="${TAGS}, ${DOCKER_IMAGE}:${{ matrix.ubuntu_codename }}"
+              TAGS="${TAGS}, ghcr.io/${{ github.repository_owner }}/baseimage:${NEXT_TAG}"
+              TAGS="${TAGS}, ghcr.io/${{ github.repository_owner }}/baseimage:${{ matrix.ubuntu_codename }}"
+              echo "tags=${TAGS}" >> $GITHUB_OUTPUT
+              echo "platforms=${PLATFORMS}" >> $GITHUB_OUTPUT
+
+          - name: Set up QEMU
+            uses: docker/setup-qemu-action@v3
+            with:
+              platforms: ${{ steps.prep.outputs.platforms }}
+
+          - name: Set up Docker Buildx
+            uses: docker/setup-buildx-action@v3
+            with:
+              install: true
+              version: latest
+              driver-opts: image=moby/buildkit:latest
+
+          - name: Login to GHCR (Github Container Registry)
+            uses: docker/login-action@v3
+            with:
+              registry: ghcr.io
+              username: ${{ github.actor }}
+              password: ${{ secrets.GITHUB_TOKEN }}
+
+          - name: Login to Docker Hub
+            uses: docker/login-action@v3
+            with:
+              username: ${{ secrets.DOCKER_USERNAME }}
+              password: ${{ secrets.DOCKER_PASSWORD }}
+
+          - name: Build and Push
+            uses: docker/build-push-action@v6
+            with:
+              context: image
+              platforms: ${{ steps.prep.outputs.platforms }}
+              push: true
+              tags: ${{ steps.prep.outputs.tags }}
+              build-args: BASE_IMAGE=${{ matrix.base_image }}
+              no-cache: true
+
+          - name: Create GitHub Release
+            run: |
+              gh release create "${{ steps.release.outputs.next_tag }}" \
+                --repo "${{ github.repository }}" \
+                --target "${{ steps.release.outputs.current_tag }}" \
+                --title "${{ steps.release.outputs.next_tag }}" \
+                --notes "Automated weekly security rebuild of \`${{ steps.release.outputs.current_tag }}\` with latest \`${{ matrix.base_image }}\` packages.
+
+              Images pushed:
+              - \`phusion/baseimage:${{ steps.release.outputs.next_tag }}\`
+              - \`phusion/baseimage:${{ matrix.ubuntu_codename }}\`
+              - \`ghcr.io/${{ github.repository_owner }}/baseimage:${{ steps.release.outputs.next_tag }}\`
+              - \`ghcr.io/${{ github.repository_owner }}/baseimage:${{ matrix.ubuntu_codename }}\`"
+            env:
+              GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/stale.yml

@@ -7,9 +7,8 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v3
+      - uses: actions/stale@v9
         with:
-          repo-token: ${{ secrets.GITHUB_TOKEN }}
           stale-issue-message: 'This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.'
           stale-pr-message: 'This Pull Request has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thank you for your contribution.'
           close-issue-message: 'Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.'

LICENSE.txt

@@ -1,4 +1,4 @@
-Copyright (c) 2013-2015 Phusion Holding B.V.
+Copyright (c) 2013-2025 Phusion Holding B.V.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

Makefile

@@ -1,4 +1,4 @@
-VERSION ?= focal-1.0.0-pre
+VERSION ?= noble-1.0.2
 ifdef BASE_IMAGE
 	BUILD_ARG = --build-arg BASE_IMAGE=$(BASE_IMAGE)
 	ifndef NAME

README.md

@@ -1,6 +1,6 @@
 # A minimal Ubuntu base image modified for Docker-friendliness
 
-[![Release](https://github.com/phusion/baseimage-docker/actions/workflows/main.yml/badge.svg?branch=focal-1.1.0)](https://github.com/phusion/baseimage-docker/actions/workflows/main.yml)
+[![Release](https://github.com/phusion/baseimage-docker/actions/workflows/main.yml/badge.svg)](https://github.com/phusion/baseimage-docker/actions/workflows/main.yml)
 
 _Baseimage-docker only consumes 8.3 MB RAM and is much more powerful than Busybox or Alpine. See why below._
 
@@ -86,7 +86,7 @@ You can configure the stock `ubuntu` image yourself from your Dockerfile, so why
 
 | Component        | Why is it included? / Remarks |
 | ---------------- | ------------------- |
-| Ubuntu 22.04 LTS | The base system. |
+| Ubuntu 24.04 LTS | The base system. |
 | A **correct** init process | _Main article: [Docker and the PID 1 zombie reaping problem](http://blog.phusion.nl/2015/01/20/docker-and-the-pid-1-zombie-reaping-problem/)._ <br><br>According to the Unix process model, [the init process](https://en.wikipedia.org/wiki/Init) -- PID 1 -- inherits all [orphaned child processes](https://en.wikipedia.org/wiki/Orphan_process) and must [reap them](https://en.wikipedia.org/wiki/Wait_(system_call)). Most Docker containers do not have an init process that does this correctly. As a result, their containers become filled with [zombie processes](https://en.wikipedia.org/wiki/Zombie_process) over time. <br><br>Furthermore, `docker stop` sends SIGTERM to the init process, which stops all services. Unfortunately most init systems don't do this correctly within Docker since they're built for hardware shutdowns instead. This causes processes to be hard killed with SIGKILL, which doesn't give them a chance to correctly deinitialize things. This can cause file corruption. <br><br>Baseimage-docker comes with an init process `/sbin/my_init` that performs both of these tasks correctly. |
 | Fixes APT incompatibilities with Docker | See https://github.com/dotcloud/docker/issues/1024. |
 | syslog-ng | A syslog daemon is necessary so that many services - including the kernel itself - can correctly log to /var/log/syslog. If no syslog daemon is running, a lot of important messages are silently swallowed. <br><br>Only listens locally. All syslog messages are forwarded to "docker logs".<br><br>Why syslog-ng?<br>I've had bad experience with rsyslog. I regularly run into bugs with rsyslog, and once in a while it takes my log host down by entering a 100% CPU loop in which it can't do anything. Syslog-ng seems to be much more stable. |
@@ -586,7 +586,7 @@ Start a virtual machine with Docker in it. You can use the Vagrantfile that we'v
 
 First, install `vagrant-disksize` plug-in:
 
-    vagrant plugin install vagrant-disksize:
+    vagrant plugin install vagrant-disksize
 
 Then, start the virtual machine
 

README_ZH_cn_.md

@@ -82,7 +82,7 @@ Baseimage-docker让这一切完美。在"内容"部分描述了所有这些修
 
 | 模块        | 为什么包含这些？以及备注 |
 | ---------------- | ------------------- |
-| Ubuntu 22.04 LTS | 基础系统。 |
+| Ubuntu 24.04 LTS | 基础系统。 |
 | 一个**正确**的初始化进程  | *主要文章：[Docker和PID 1 僵尸进程回收问题](http://blog.phusion.nl/2015/01/20/docker-and-the-pid-1-zombie-reaping-problem/)*<br/><br/>根据Unix进程模型，[初始化进程](https://en.wikipedia.org/wiki/Init) -- PID 1 -- 继承了所有[孤立的子进程](https://en.wikipedia.org/wiki/Orphan_process)，并且必须[进行回收](https://en.wikipedia.org/wiki/Wait_(system_call))。大多数Docker容器没有一个初始化进程可以正确的完成此操作，随着时间的推移会导致他们的容器出现了大量的[僵尸进程](https://en.wikipedia.org/wiki/Zombie_process)。<br/><br/>而且，`docker stop`发送SIGTERM信号给初始化进程，照理说此信号应该可以停止所有服务。不幸的是由于它们对硬件进行了关闭操作，导致Docker内的大多数初始化系统没有正确执行。这会导致进程强行被SIGKILL信号关闭，从而丧失了一个正确取消初始化设置的机会。这会导致文件损坏。<br/><br/>Baseimage-docker配有一个名为`/sbin/my_init`的初始化进程来同时正确的完成这些任务。 |
 | 修复了APT与Docker不兼容的问题 | 详情参见：https://github.com/dotcloud/docker/issues/1024 。 |
 | syslog-ng | 对于很多服务－包括kernel自身，都需要一个syslog后台进程，以便可以正确的将log输出到/var/log/syslog中。如果没有运行syslog后台进程，很多重要的信息就会默默的丢失了。<br/><br/>只对本地进行监听。所有syslog信息会被转发给“docker logs”。 |

README_zh_tw.md

@@ -82,7 +82,7 @@ Baseimage-docker讓這一切完美。在"內容"部分描述了所有這些修
 
 | 模塊        | 爲什麼包含這些？以及備註 |
 | ---------------- | ------------------- |
-| Ubuntu 22.04 LTS | 基礎系統。 |
+| Ubuntu 24.04 LTS | 基礎系統。 |
 | 一個**正確**的初始化行程  | *主要文章：[Docker和PID 1 殭屍行程回收問題](http://blog.phusion.nl/2015/01/20/docker-and-the-pid-1-zombie-reaping-problem/)*<br/><br/>根據Unix行程模型，[初始化行程](https://en.wikipedia.org/wiki/Init) -- PID 1 -- 繼承了所有[孤立的子行程](https://en.wikipedia.org/wiki/Orphan_process)，並且必須[進行回收](https://en.wikipedia.org/wiki/Wait_(system_call))。大多數Docker容器沒有一個初始化行程可以正確的完成此操作，隨着時間的推移會導致他們的容器出現了大量的[殭屍行程](https://en.wikipedia.org/wiki/Zombie_process)。<br/><br/>而且，`docker stop`發送SIGTERM信號給初始化行程，照理說此信號應該可以停止所有服務。不幸的是由於它們對硬體進行了關閉操作，導致Docker內的大多數初始化系統沒有正確執行。這會導致行程強行被SIGKILL信號關閉，從而喪失了一個正確取消初始化設置的機會。這會導致文件損壞。<br/><br/>Baseimage-docker配有一個名爲`/sbin/my_init`的初始化行程來同時正確的完成這些任務。 |
 | 修復了APT與Docker不兼容的問題 | 詳情參見：https://github.com/dotcloud/docker/issues/1024 。 |
 | syslog-ng | 對於很多服務－包括kernel自身，都需要一個syslog後臺行程，以便可以正確的將log輸出到/var/log/syslog中。如果沒有運行syslog後臺行程，很多重要的信息就會默默的丟失了。<br/><br/>只對本地進行監聽。所有syslog信息會被轉發給“docker logs”。 |

Vagrantfile

@@ -12,7 +12,7 @@ Vagrant.configure("2") do |config|
 
 	# Every Vagrant development environment requires a box. You can search for
 	# boxes at https://atlas.hashicorp.com/search.
-	config.vm.box = "ubuntu/focal64"
+	config.vm.box = "ubuntu/noble64"
 	config.disksize.size = '50GB'
 
 	# Disable automatic box update checking. If you disable this, then
@@ -72,4 +72,3 @@ Vagrant.configure("2") do |config|
 	config.vm.provision :shell,
 	  path: "vagrant-libs/bootstrap.sh"
   end
-  

image/Dockerfile

@@ -1,4 +1,4 @@
-ARG BASE_IMAGE=ubuntu:22.04
+ARG BASE_IMAGE=ubuntu:24.04
 FROM $BASE_IMAGE
 
 ARG QEMU_ARCH

image/bin/my_init

@@ -22,7 +22,7 @@ LOG_LEVEL_WARN = 1
 LOG_LEVEL_INFO = 2
 LOG_LEVEL_DEBUG = 3
 
-SHENV_NAME_WHITELIST_REGEX = re.compile('\W')
+SHENV_NAME_WHITELIST_REGEX = re.compile(r'\W')
 
 log_level = None
 
@@ -93,7 +93,7 @@ def import_envvars(clear_existing_environment=True, override_existing_environmen
             # Text files often end with a trailing newline, which we
             # don't want to include in the env variable value. See
             # https://github.com/phusion/baseimage-docker/pull/49
-            value = re.sub('\n\Z', '', f.read())
+            value = re.sub('\n\\Z', '', f.read())
         new_env[name] = value
     if clear_existing_environment:
         os.environ.clear()

image/prepare.sh

@@ -50,6 +50,7 @@ case $(lsb_release -is) in
     ;;
   Debian)
     $minimal_apt_get_install locales locales-all
+    echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
     ;;
   *)
     ;;

image/services/syslog-ng/smart-multi-line.fsm

@@ -0,0 +1,83 @@
+#
+# Copyright 2023 Balazs Scheidler
+# Copyright 2016 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# The regular expressions were extracted from
+# https://github.com/GoogleCloudPlatform/fluent-plugin-detect-exceptions
+# and converted into a TSV format by Balazs Scheidler.
+#
+# List of tab separated fields
+#
+# comma-separated-states /regexp/ new_state
+#
+
+# java
+start_state,java_start_exception	/(?:Exception|Error|Throwable|V8 errors stack trace)[:\r\n]/	java_after_exception
+java_after_exception	/^[\t ]*nested exception is:[\t ]*/	java_start_exception
+java_after_exception	/^[\r\n]*$/	java_after_exception
+java_after_exception,java	/^[\t ]+(?:eval )?at /	java
+java_after_exception,java	/^[\t ]+--- End of inner exception stack trace ---$/	java
+java_after_exception,java	/^--- End of stack trace from previous location where exception was thrown ---$/	java
+java_after_exception,java	/^[\t ]*(?:Caused by|Suppressed):/	java_after_exception
+java_after_exception,java	/^[\t ]*... \d+ (?:more|common frames omitted)/	java
+
+# python
+start_state	/^Traceback \(most recent call last\):$/	python
+python	/^[\t ]*File /	python_code
+python_code	/[^\t ]/	python
+python	/^(?:[^\s.():]+\.)*[^\s.():]+:/	start_state
+
+# PHP
+start_state	/(?:PHP\ (?:Notice|Parse\ error|Fatal\ error|Warning):)|(?:exception\ '[^']+'\ with\ message\ ')/	php_stack_begin
+php_stack_begin	/^Stack trace:/	php_stack_frames
+php_stack_frames	/^#\d/	php_stack_frames
+php_stack_frames	/^\s+thrown in /	start_state
+
+# Go
+start_state	/\bpanic: /	go_after_panic
+start_state	/http: panic serving/	go_goroutine
+go_after_panic,go_after_signal,go_frame_1	/^$/	go_goroutine
+go_after_panic	/^\[signal /	go_after_signal
+go_goroutine	/^goroutine \d+ \[[^\]]+\]:$/	go_frame_1
+go_frame_1	/^(?:[^\s.:]+\.)*[^\s.():]+\(|^created by /	go_frame_2
+go_frame_2	/^\s/	go_frame_1
+
+# Ruby
+start_state	/Error \(.*\):$/	ruby_before_rails_trace
+ruby_before_rails_trace	/^  $/	ruby
+ruby_before_rails_trace	/^[\t ]+.*?\.rb:\d+:in `/	ruby
+ruby	/^[\t ]+.*?\.rb:\d+:in `/	ruby
+
+# Dart
+start_state	/^Unhandled exception:$/	dart_exc
+dart_exc	/^(Instance of)|(Exception)|(Bad state)|(IntegerDivisionByZeroException)|(Invalid argument)|(RangeError)|(Assertion failed)|(Cannot instantiate)|(Reading static variable)|(UnimplementedError)|(Unsupported operation)|(Concurrent modification)|(Out of Memory)|(Stack Overflow)/	dart_stack
+dart_exc	/^'.+?':.+?$/	dart_type_err_1
+dart_type_err_1	/^#\d+\s+.+?\(.+?\)$/	dart_stack
+dart_type_err_1	/^.+?$/	dart_type_err_2
+dart_type_err_2	/^.*?\^.*?$/	dart_type_err_3
+dart_type_err_3	/^$/	dart_type_err_4
+dart_type_err_4	/^$/	dart_stack
+dart_exc	/^FormatException/	dart_format_err_1
+dart_format_err_1	/^#\d+\s+.+?\(.+?\)$/	dart_stack
+dart_format_err_1	/^./	dart_format_err_2
+dart_format_err_2	/^.*?\^/	dart_format_err_3
+dart_format_err_3	/^$/	dart_stack
+dart_exc	/^NoSuchMethodError:/	dart_method_err_1
+dart_method_err_1	/^Receiver:/	dart_method_err_2
+dart_method_err_2	/^Tried calling:/	dart_method_err_3
+dart_method_err_3	/^Found:/	dart_stack
+dart_method_err_3	/^#\d+\s+.+?\(.+?\)$/	dart_stack
+dart_stack	/^#\d+\s+.+?\(.+?\)$/	dart_stack
+dart_stack	/^<asynchronous suspension>$/	dart_stack

image/services/syslog-ng/syslog-ng.conf

@@ -1,4 +1,4 @@
-@version: 3.35
+@version: 4.3
 @include "scl.conf"
 
 # Syslog-ng configuration file, compatible with default Debian syslogd
@@ -7,7 +7,7 @@
 # First, set some global options.
 options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);
 	  dns_cache(no); owner("root"); group("adm"); perm(0640);
-	  stats_freq(0); bad_hostname("^gconfd$");
+	  stats(freq(0)); bad_hostname("^gconfd$");
 };
 
 ########################

image/services/syslog-ng/syslog-ng.sh

@@ -9,6 +9,7 @@ SYSLOG_NG_BUILD_PATH=/bd_build/services/syslog-ng
 $minimal_apt_get_install syslog-ng-core
 cp $SYSLOG_NG_BUILD_PATH/syslog-ng.init /etc/my_init.d/10_syslog-ng.init
 cp $SYSLOG_NG_BUILD_PATH/syslog-ng.shutdown /etc/my_init.post_shutdown.d/10_syslog-ng.shutdown
+cp $SYSLOG_NG_BUILD_PATH/smart-multi-line.fsm /usr/share/syslog-ng/smart-multi-line.fsm
 mkdir -p /var/lib/syslog-ng
 cp $SYSLOG_NG_BUILD_PATH/syslog_ng_default /etc/default/syslog-ng
 touch /var/log/syslog