Fix permissions on test scripts

Closes GH-23.

Changelog.md

@@ -1,3 +1,39 @@
+## 0.9.8 (release date: 2014-02-26)
+
+ * Fixed a regression in `my_init` which causes it to delete environment variables passed from Docker.
+ * Fixed `my_init` not properly forcing Runit to shut down if Runit appears to refuse to respond to SIGTERM.
+
+## 0.9.7 (release date: 2014-02-25)
+
+ * Improved and fixed bugs in `my_init` (Thomas LÉVEIL):
+   * It is now possible to enable the insecure key by passing `--enable-insecure-key` to `my_init`. This allows users to easily enable the insecure key for convenience reasons, without having the insecure key enabled permanently in the image.
+   * `my_init` now exports environment variables to the directory `/etc/container_environment` and to the files `/etc/container_environment.sh`, `/etc/container_environment.json`. This allows all applications to query what the original environment variables were. It is also possible to change the environment variables in `my_init` by modifying `/etc/container_environment`. More information can be found in the README, section "Environment variables".
+   * Fixed a bug that causes it not to print messages to stdout when there is no pseudo terminal. This is because Python buffers stdout by default.
+   * Fixed an incorrectly printed message.
+ * The insecure key is now also available in PuTTY format. (Thomas LÉVEIL)
+ * Fixed `enable_insecure_key` removing already installed SSH keys. (Thomas LÉVEIL)
+ * The baseimage-docker image no longer EXPOSEs any ports by default. The EXPOSE entries were originally there to enable some default guest-to-host port forwarding entries, but in recent Docker versions they changed the meaning of EXPOSE, and now EXPOSE is used for linking containers. As such, we no longer have a reason to EXPOSE any ports by default. Fixes GH-15.
+ * Fixed syslog-ng not being able to start because of a missing afsql module. Fixes the issue described in [pull request 7](https://github.com/phusion/baseimage-docker/pull/7).
+ * Removed some default Ubuntu cron jobs which are not useful in Docker containers.
+ * Added the logrotate service. Fixes GH-22.
+ * Fixed some warnings in `/etc/my_init.d/00_regen_ssh_host_keys.sh`.
+ * Fixed some typos in the documentation. (Dr Nic Williams, Tomer Cohen)
+
+## 0.9.6 (release date: 2014-02-17)
+
+ * Fixed a bug in `my_init`: child processes that have been adopted during execution of init scripts are now properly reaped.
+ * Much improved `my_init`:
+   * It is now possible to run and watch a custom command, possibly in addition to running runit. See "Running a one-shot command in the container" in the README.
+   * It is now possible to skip running startup files such as /etc/rc.local.
+   * Shutdown is now much faster. It previously took a few seconds, but it is now almost instantaneous.
+   * It ensures that all processes in the container are properly shut down with SIGTERM, even those that are not direct child processes of `my_init`.
+ * `setuser` now also sets auxilliary groups, as well as more environment variables such as `USER` and `UID`.
+
+## 0.9.5 (release date: 2014-02-06)
+
+ * Environment variables are now no longer reset by runit. This is achieved by running `runsvdir` directly instead of through Debian's `runsvdir-start`.
+ * The insecure SSH key is now disabled by default. You have to explicitly opt-in to use it.
+
 ## 0.9.4 (release date: 2014-02-03)
 
  * Fixed syslog-ng startup problem.

Makefile

@@ -1,7 +1,7 @@
 NAME = phusion/baseimage
-VERSION = 0.9.4
+VERSION = 0.9.8
 
-.PHONY: all build test tag_latest release
+.PHONY: all build test tag_latest release ssh
 
 all: build
 
@@ -18,3 +18,11 @@ release: test tag_latest
 	@if ! docker images phusion/baseimage | awk '{ print $$2 }' | grep -q -F $(VERSION); then echo "$(NAME) version $(VERSION) is not yet built. Please run 'make build'"; false; fi
 	docker push $(NAME)
 	@echo "*** Don't forget to create a tag. git tag rel-$(VERSION) && git push origin rel-$(VERSION)"
+
+ssh:
+	chmod 600 image/insecure_key.pub
+	@ID=$$(docker ps | grep -F "$(NAME):$(VERSION)" | awk '{ print $$1 }') && \
+		if test "$$ID" = ""; then echo "Container is not running."; exit 1; fi && \
+		IP=$$(docker inspect $$ID | grep IPAddr | sed 's/.*: "//; s/".*//') && \
+		echo "SSHing into $$IP" && \
+		ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i image/insecure_key root@$$IP

README.md

@@ -40,7 +40,17 @@ You can configure the stock `ubuntu` image yourself from your Dockerfile, so why
    * [Getting started](#getting_started)
    * [Adding additional daemons](#adding_additional_daemons)
    * [Running scripts during container startup](#running_startup_scripts)
-   * [Login to the container](#login)
+   * [Running a one-shot command in the container](#oneshot)
+   * [Environment variables](#environment_variables)
+     * [Centrally defining your own environment variables](#envvar_central_definition)
+     * [Environment variable dumps](#envvar_dumps)
+     * [Modifying environment variables](#modifying_envvars)
+     * [Security](#envvar_security)
+   * [Login to the container via SSH](#login)
+     * [Using the insecure key for one container only](#using_the_insecure_key_for_one_container_only)
+     * [Enabling the insecure key permanently](#enabling_the_insecure_key_permanently)
+     * [Using your own key](#using_your_own_key)
+   * [Disabling SSH](#disabling_ssh)
  * [Building the image yourself](#building)
  * [Conclusion](#conclusion)
 
@@ -57,10 +67,11 @@ You can configure the stock `ubuntu` image yourself from your Dockerfile, so why
 | Component        | Why is it included? / Remarks |
 | ---------------- | ------------------- |
 | Ubuntu 12.04 LTS | The base system. |
-| A **correct** init process | According to the Unix process model, [the init process](https://en.wikipedia.org/wiki/Init) -- PID 1 -- inherits all [orphaned child processes](https://en.wikipedia.org/wiki/Orphan_process) and must [reap them](https://en.wikipedia.org/wiki/Wait_(system_call). Most Docker containers do not have an init process that does this correctly, and as a result their containers become filled with [zombie processes](https://en.wikipedia.org/wiki/Zombie_process) over time. <br><br>Furthermore, `docker stop` sends SIGTERM to the init process, which is then supposed to stop all services. Unfortunately most init systems don't do this correctly within Docker since they're built for hardware shutdowns instead. This causes processes to be hard killed with SIGKILL, which doesn't give them a chance to correctly deinitialize things. This can cause file corruption. <br><br>Baseimage-docker comes with an init process `/sbin/my_init` that performs both of these tasks correctly. |
+| A **correct** init process | According to the Unix process model, [the init process](https://en.wikipedia.org/wiki/Init) -- PID 1 -- inherits all [orphaned child processes](https://en.wikipedia.org/wiki/Orphan_process) and must [reap them](https://en.wikipedia.org/wiki/Wait_(system_call)). Most Docker containers do not have an init process that does this correctly, and as a result their containers become filled with [zombie processes](https://en.wikipedia.org/wiki/Zombie_process) over time. <br><br>Furthermore, `docker stop` sends SIGTERM to the init process, which is then supposed to stop all services. Unfortunately most init systems don't do this correctly within Docker since they're built for hardware shutdowns instead. This causes processes to be hard killed with SIGKILL, which doesn't give them a chance to correctly deinitialize things. This can cause file corruption. <br><br>Baseimage-docker comes with an init process `/sbin/my_init` that performs both of these tasks correctly. |
 | Fixes APT incompatibilities with Docker | See https://github.com/dotcloud/docker/issues/1024. |
 | syslog-ng | A syslog daemon is necessary so that many services - including the kernel itself - can correctly log to /var/log/syslog. If no syslog daemon is running, a lot of important messages are silently swallowed. <br><br>Only listens locally. |
-| ssh server | Allows you to easily login to your container to inspect or administer things. <br><br>Password and challenge-response authentication are disabled by default. Only key authentication is allowed.<br>By default, it allows a predefined key, in order to make debugging easy. You should replace this ASAP. See instructions. |
+| logrotate | Rotates and compresses logs on a regular basis. |
+| ssh server | Allows you to easily login to your container to inspect or administer things. <br><br>Password and challenge-response authentication are disabled by default. Only key authentication is allowed.<br><br>SSH access can be easily disabled if you so wish. Read on for instructions. |
 | cron | The cron daemon must be running for cron jobs to work. |
 | [runit](http://smarden.org/runit/) | Replaces Ubuntu's Upstart. Used for service supervision and management. Much easier to use than SysV init and supports restarting daemons when they crash. Much easier to use and more lightweight than Upstart. |
 | `setuser` | A tool for running a command as another user. Easier to use than `su`, has a smaller attack vector than `sudo`, and unlike `chpst` this tool sets `$HOME` correctly. Available as `/sbin/setuser`. |
@@ -79,7 +90,7 @@ Baseimage-docker *encourages* multiple processes through the use of runit.
 
 To look around in the image, run:
 
-    docker run -rm -t -i phusion/baseimage bash -l
+    docker run -rm -t -i phusion/baseimage /sbin/my_init -- bash -l
 
 You don't have to download anything manually. The above command will automatically pull the baseimage-docker image from the Docker registry.
 
@@ -91,8 +102,6 @@ You don't have to download anything manually. The above command will automatical
 
 The image is called `phusion/baseimage`, and is available on the Docker registry.
 
-By default, it allows SSH access for the key in `image/insecure_key`. This makes it easy for you to login to the container, but you should replace this key as soon as possible.
-
     # Use phusion/baseimage as base image. To make your builds reproducible, make
     # sure you lock down to a specific version, not to `latest`!
     # See https://github.com/phusion/baseimage-docker/blob/master/Changelog.md for
@@ -102,9 +111,6 @@ By default, it allows SSH access for the key in `image/insecure_key`. This makes
     # Set correct environment variables.
     ENV HOME /root
     
-    # Remove authentication rights for insecure_key.
-    RUN rm -f /root/.ssh/authorized_keys /home/*/.ssh/authorized_keys
-    
     # Regenerate SSH host keys. baseimage-docker does not contain any, so you
     # have to do that yourself. You may also comment out this instruction; the
     # init system will auto-generate one during boot.
@@ -121,7 +127,7 @@ By default, it allows SSH access for the key in `image/insecure_key`. This makes
 <a name="adding_additional_daemons"></a>
 ### Adding additional daemons
 
-You can add additional daemons to the image by creating runit entries. You only have to write a small shell script which runs your daemon, and runit will keep it up and running for you, restarting it when it crashes, etc.
+You can add additional daemons (e.g. your own app) to the image by creating runit entries. You only have to write a small shell script which runs your daemon, and runit will keep it up and running for you, restarting it when it crashes, etc.
 
 The shell script must be called `run`, must be executable, and is to be placed in the directory `/etc/service/<NAME>`.
 
@@ -129,9 +135,9 @@ Here's an example showing you how to a memached server runit entry can be made.
 
     ### In memcached.sh (make sure this file is chmod +x):
     #!/bin/sh
-    # `chpst` is part of running. `chpst -u memcache` runs the given command
-    # as the user `memcache`. If you omit this, the command will be run as root.
-    exec chpst -u memcache /usr/bin/memcached >>/var/log/memcached.log 2>&1
+    # `/sbin/setuser memcache` runs the given command as the user `memcache`.
+    # If you omit that part, the command will be run as root.
+    exec /sbin/setuser memcache /usr/bin/memcached >>/var/log/memcached.log 2>&1
 
     ### In Dockerfile:
     RUN mkdir /etc/service/memcached
@@ -159,14 +165,142 @@ The following example shows how you can add a startup script. This script simply
     RUN mkdir -p /etc/my_init.d
     ADD logtime.sh /etc/my_init.d/logtime.sh
 
+<a name="oneshot"></a>
+### Running a one-shot command in the container
+
+Normally, when you want to run a single command in a container, and exit immediately after the command, you invoke Docker like this:
+
+    docker run YOUR_IMAGE COMMAND ARGUMENTS...
+
+However the downside of this approach is that the init system is not started. That is, while invoking `COMMAND`, important daemons such as cron and syslog are not running. Also, orphaned child processes are not properly reaped, because `COMMAND` is PID 1.
+
+Baseimage-docker provides a facility to run a single one-shot command, while solving all of the aforementioned problems. Run a single command in the following manner:
+
+    docker run YOUR_IMAGE /sbin/my_init -- COMMAND ARGUMENTS ...
+
+This will perform the following:
+
+ * Runs all system startup files, such as /etc/my_init.d/* and /etc/rc.local.
+ * Starts all runit services.
+ * Runs the specified command.
+ * When the specified command exits, stops all runit services.
+
+For example:
+
+    $ docker run phusion/baseimage:<VERSION> /sbin/my_init -- ls
+    *** Running /etc/my_init.d/00_regen_ssh_host_keys.sh...
+    No SSH host key available. Generating one...
+    Creating SSH2 RSA key; this may take some time ...
+    Creating SSH2 DSA key; this may take some time ...
+    Creating SSH2 ECDSA key; this may take some time ...
+    *** Running /etc/rc.local...
+    *** Booting runit daemon...
+    *** Runit started as PID 80
+    *** Running ls...
+    bin  boot  dev  etc  home  image  lib  lib64  media  mnt  opt  proc  root  run  sbin  selinux  srv  sys  tmp  usr  var
+    *** ls exited with exit code 0.
+    *** Shutting down runit daemon (PID 80)...
+    *** Killing all processes...
+
+You may find that the default invocation is too noisy. Or perhaps you don't want to run the startup files. You can customize all this by passing arguments to `my_init`. Invoke `docker run YOUR_IMAGE /sbin/my_init --help` for more information.
+
+The following example runs `ls` without running the startup files and with less messages, while running all runit services:
+
+    $ docker run phusion/baseimage:<VERSION> /sbin/my_init --skip-startup-files --quiet -- ls
+    bin  boot  dev  etc  home  image  lib  lib64  media  mnt  opt  proc  root  run  sbin  selinux  srv  sys  tmp  usr  var
+
+<a name="environment_variables"></a>
+### Environment variables
+
+If you use `/sbin/my_init` as the main container command, then any environment variables set with `docker run --env` or with the `ENV` command in the Dockerfile, will be picked up by `my_init`. These variables will also be passed to all child processes, including `/etc/my_init.d` startup scripts, Runit and Runit-managed services. There are however a few caveats you should be aware of:
+
+ * Environment variables on Unix are inherited on a per-process basis. This means that it is generally not possible for a child process to change the environment variables of other processes.
+ * Because of the aforementioned point, there is no good central place for defining environment variables for all applications and services. Debian has the `/etc/environment` file but it only works in some situations.
+ * Some services change environment variables for child processes. Nginx is one such example: it removes all environment variables unless you explicitly instruct it to retain them through the `env` configuration option. If you host any applications on Nginx (e.g. using the [passenger-docker](https://github.com/phusion/passenger-docker) image, or using Phusion Passenger in your own image) then they will not see the environment variables that were originally passed by Docker.
+
+`my_init` provides a solution for all these caveats.
+
+<a name="envvar_central_definition"></a>
+#### Centrally defining your own environment variables
+
+During startup, before running any [startup scripts](#running_startup_scripts), `my_init` imports environment variables from the directory `/etc/container_environment`. This directory contains files who are named after the environment variable names. The file contents contain the environment variable values. This directory is therefore a good place to centrally define your own environment variables, which will be inherited by all startup scripts and Runit services.
+
+For example, here's how you can define an environment variable from your Dockerfile:
+
+    RUN echo -n Apachai Hopachai > /etc/container_environment/MY_NAME
+
+You can verify that it works, as follows:
+
+    $ docker run -t -i <YOUR_NAME_IMAGE> /sbin/my_init -- bash -l
+    ...
+    *** Running bash -l...
+    # echo $MY_NAME
+    Apachai Hopachai
+
+<a name="envvar_dumps"></a>
+#### Environment variable dumps
+
+While the previously mentioned mechanism is good for centrally defining environment variables, it by itself does not prevent services (e.g. Nginx) from changing and resetting environment variables from child processes. However, the `my_init` mechanism does make it easy for you to query what the original environment variables are.
+
+During startup, right after importing environment variables from `/etc/container_environment`, `my_init` will dump all its environment variables (that is, all variables imported from `container_environment`, as well as all variables it picked up from `docker run --env`) to the following locations, in the following formats:
+
+ * `/etc/container_environment`
+ * `/etc/container_environment.sh` - a dump of the environment variables in Bash format. You can source the file directly from a Bash shell script.
+ * `/etc/container_environment.json` - a dump of the environment variables in JSON format.
+
+The multiple formats makes it easy for you to query the original environment variables no matter which language your scripts/apps are written in.
+
+Here is an example shell session showing you how the dumps look like:
+
+    $ docker run -t -i \
+      --env FOO=bar --env HELLO='my beautiful world' \
+      phusion/baseimage:<VERSION> /sbin/my_init -- \
+      bash -l
+    ...
+    *** Running bash -l...
+    # ls /etc/container_environment
+    FOO  HELLO  HOME  HOSTNAME  PATH  TERM  container
+    # cat /etc/container_environment/HELLO; echo
+    my beautiful world
+    # cat /etc/container_environment.json; echo
+    {"TERM": "xterm", "container": "lxc", "HOSTNAME": "f45449f06950", "HOME": "/root", "PATH": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "FOO": "bar", "HELLO": "my beautiful world"}
+    # source /etc/container_environment.sh
+    # echo $HELLO
+    my beautiful world
+
+<a name="modifying_envvars"></a>
+#### Modifying environment variables
+
+It is even possible to modify the environment variables in `my_init` (and therefore the environment variables in all child processes that are spawned after that point in time), by altering the files in `/etc/container_environment`. After each time `my_init` runs a [startup script](#running_startup_scripts), it resets its own environment variables to the state in `/etc/container_environment`, and re-dumps the new environment variables to `container_environment.sh` and `container_environment.json`.
+
+But note that:
+
+ * modifying `container_environment.sh` and `container_environment.json` has no effect.
+ * Runit services cannot modify the environment like that. `my_init` only activates changes in `/etc/container_environment` when running startup scripts.
+
+<a name="envvar_security"></a>
+#### Security
+
+Because environment variables can potentially contain sensitive information, `/etc/container_environment` and its Bash and JSON dumps are by default owned by root, and root-accessible only. If you are sure that your environment variables don't contain sensitive data, then you can relax the permissions on that directory and those files by making them world-readable:
+
+    RUN chmod 755 /etc/container_environment
+    RUN chmod 644 /etc/container_environment.sh /etc/container_environment.json
+
 <a name="login"></a>
-### Login to the container
+### Login to the container via SSH
 
 You can use SSH to login to any container that is based on baseimage-docker.
 
-Start a container based on baseimage-docker (or a container based on an image based on baseimage-docker):
+The first thing that you need to do is to ensure that you have the right SSH keys installed inside the container. By default, no keys are installed, so you can't login. For convenience reasons, we provide [a pregenerated, insecure key](https://github.com/phusion/baseimage-docker/blob/master/image/insecure_key) [(PuTTY format)](https://github.com/phusion/baseimage-docker/blob/master/image/insecure_key.ppk) that you can easily enable. However, please be aware that using this key is for convenience only. It does not provide any security because this key (both the public and the private side) is publicly available. **In production environments, you should use your own keys**.
 
-    docker run phusion/baseimage
+<a name="using_the_insecure_key_for_one_container_only"></a>
+#### Using the insecure key for one container only
+
+You can temporarily enable the insecure key for one container only. This means that the insecure key is installed at container boot. If you `docker stop` and `docker start` the container, the insecure key will still be there, but if you use `docker run` to start a new container then that container will not contain the insecure key.
+
+Start a container with `--enable-insecure-key`:
+
+    docker run YOUR_IMAGE /sbin/my_init --enable-insecure-key
 
 Find out the ID of the container that you just ran:
 
@@ -176,10 +310,49 @@ Once you have the ID, look for its IP address with:
 
     docker inspect <ID> | grep IPAddress
 
-Now SSH into the container. In this example we're using [the default insecure key](https://github.com/phusion/baseimage-docker/blob/master/image/insecure_key), but if you're followed the instructions well then you've already replaced that with your own key. You did replace the key, didn't you?
+Now SSH into the container as follows:
 
+    curl -o insecure_key -fSL https://github.com/phusion/baseimage-docker/raw/master/image/insecure_key
+    chmod 700 insecure_key
     ssh -i insecure_key root@<IP address>
 
+<a name="enabling_the_insecure_key_permanently"></a>
+#### Enabling the insecure key permanently
+
+It is also possible to enable the insecure key in the image permanently. This is not generally recommended, but it suitable for e.g. temporary development or demo environments where security does not matter.
+
+Edit your Dockerfile to install the insecure key permanently:
+
+    RUN /usr/sbin/enable_insecure_key
+
+Instructions for logging in the container is the same as in section [Using the insecure key for one container only](#using_the_insecure_key_for_one_container_only).
+
+<a name="using_your_own_key"></a>
+#### Using your own key
+
+Edit your Dockerfile to install an SSH key:
+
+    ## Install an SSH of your choice.
+    ADD your_key /tmp/your_key
+    RUN cat /tmp/your_key >> /root/.ssh/authorized_keys && rm -f /tmp/your_key
+
+Then rebuild your image. Once you have that, start a container based on that image:
+
+    docker run your-image-name
+
+Find out the ID of the container that you just ran:
+
+    docker ps
+
+Once you have the ID, look for its IP address with:
+
+    docker inspect <ID> | grep IPAddress
+
+Now SSH into the container as follows:
+
+    ssh -i /path-to/your_key root@<IP address>
+
+
 <a name="building"></a>
 ## Building the image yourself
 
@@ -204,6 +377,13 @@ If you want to call the resulting image something else, pass the NAME variable,
 
     make build NAME=joe/baseimage
 
+<a name="disabling_ssh"></a>
+### Disabling SSH
+
+In case you do not want to enable SSH, here's how you can disable it:
+
+    RUN rm -rf /etc/service/sshd /etc/my_init.d/00_regen_ssh_host_keys.sh
+
 <a name="conclusion"></a>
 ## Conclusion
 

image/00_regen_ssh_host_keys.sh

@@ -2,5 +2,7 @@
 set -e
 if [[ ! -e /etc/ssh/ssh_host_rsa_key ]]; then
 	echo "No SSH host key available. Generating one..."
+	export LC_ALL=C
+	export DEBIAN_FRONTEND=noninteractive
 	dpkg-reconfigure openssh-server
 fi

image/Dockerfile

@@ -11,4 +11,3 @@ RUN /build/prepare.sh && \
 	/build/cleanup.sh
 
 CMD ["/sbin/my_init"]
-EXPOSE 22 80 443

image/config/syslog_ng_default

@@ -0,0 +1,13 @@
+# If a variable is not set here, then the corresponding
+# parameter will not be changed.
+# If a variables is set, then every invocation of
+# syslog-ng's init script will set them using dmesg.
+
+# log level of messages which should go to console
+# see syslog(3) for details
+#
+#CONSOLE_LOG_LEVEL=1
+
+# Command line options to syslog-ng
+# We set --default-modules because of https://github.com/phusion/baseimage-docker/pull/7.
+SYSLOGNG_OPTS="--no-caps --default-modules=affile,afprog,afsocket,afuser,basicfuncs,csvparser,dbparser,syslogformat"

image/enable_insecure_key

@@ -0,0 +1,30 @@
+#!/bin/bash
+set -e
+
+AUTHORIZED_KEYS=/root/.ssh/authorized_keys
+
+if [[ -e "$AUTHORIZED_KEYS" ]] && grep -q baseimage-docker-insecure-key "$AUTHORIZED_KEYS"; then
+	echo "Insecure key has already been added to $AUTHORIZED_KEYS."
+else
+	DIR=`dirname "$AUTHORIZED_KEYS"`
+	echo "Creating directory $DIR..."
+	mkdir -p "$DIR"
+	chmod 700 "$DIR"
+	chown root:root "$DIR"
+	echo "Editing $AUTHORIZED_KEYS..."
+	cat /etc/insecure_key.pub >> "$AUTHORIZED_KEYS"
+	echo "Success: insecure key has been added to $AUTHORIZED_KEYS"
+	cat <<-EOF
+
+		+------------------------------------------------------------------------------+
+		| Insecure SSH key installed                                                   |
+		|                                                                              |
+		| DO NOT expose port 22 on the Internet unless you know what you are doing!    |
+		|                                                                              |
+		| Use the private key bellow to connect with user root                         |
+		+------------------------------------------------------------------------------+
+
+	EOF
+	cat /etc/insecure_key
+	echo -e "\n\n"
+fi

image/insecure_key.ppk

@@ -0,0 +1,26 @@
+PuTTY-User-Key-File-2: ssh-rsa
+Encryption: none
+Comment: imported-openssh-key
+Public-Lines: 6
+AAAAB3NzaC1yc2EAAAADAQABAAABAQDVmzBG5v7cO9IScGLIzlhGlHNFhXzy87Vf
+aPzru7qnIIdQ1e9FEKvtqEws8hVixnCUdviwX5lvcMk4Ef4Tbrmj3dyF0zFtYbji
+TSyl/XQlF68DQlc2sTAdHy96wJHvh7ky511tKJzzyWwSqeef4WjeVK28TqcGnq1u
+p0S7saFO0dJh6OfDAg2cDmhyweR3VgT0vZJyrDV7hte95MBCdK+Gp7fdCyEZcWm3
+S1DBFaeBqHzzt/Y/njAVKbYL9TIVPum8iMg0rMiLi9ShfP+dT5Xud5Oa3dcN2OWh
+iDfJw5pfhFJWd44cJ/uGRwQpvNs/PNKsYABhgLlTMUH4iawhu1Xb
+Private-Lines: 14
+AAABAQCjROxgtX2Gft7yIx8Ol9IXmK6HLCI2XZt7ovb3hFWGGzHy0qMBql2P2Tzo
+ed1o038Hq+woe9n+uTnEdtQ6rD6PByzgyW2VSsWTjCOdeJ5HH9Qw7ItXDZZWHBkh
+fYHOkXI4e2oI3qshGAtYNLALn7KVhioJriCyyaSM2KOLx5khcY+EJ1inQfwQJKqP
+GsdKc72liz07T8ifRj+mNLKtwrxlK3IXYfIdgLp/1pCKdrC80DhprMsD4xvNgq4p
+CR9jd4FoqM9t/Up5ppTm+p6A/bDwdIPh6cFFeyMP+G3+bTlW1Gg7RLoNCc6qh53W
+WVgEOQqdLHcQ8Ge4RLmbwLUmnRuRAAAAgQD312H46T2YvKzyEKbsddwbO8WktfxW
+vVqqxH6z6bRXVFR3hQhmPKjlFXsD74h3W7NJwe9WJ5Pf3vemoBWIo0Hak0M1Z6WC
+OIvBohpOYDzIgdlGHifx2ZiAd47Vsn+mfxjtISdWupl9Fw98yRjahWosKmmIHTtR
+cIfYHB9ztpR8owAAAIEA3KNMYMFgenE+7q4pwat4t3RKA7rU8SPto5I1+sEHY8rz
+cD7ONkIVlEhaqN+uTEYbr5rZa4dsQe4Ia+7ZXmO4djFsAP/fyJX+VCX/bHK83V5H
+9toTdRLTqqfqJ3GOeZ41kPIN6UDHVEa4S8tfVM0DMNPEHBjLMfdbZGkoBQAPXWkA
+AACBAJV/Bxr1jJohvmURQf/9y6MvO2wcRpTdKVLQhEnGm2cXQdh5CPVae2K+u0CG
+d8u0/PDIZMGpueCQo4lft02W0skTDo5Kn+1IUwmQuoRzanVJ5ab+GyVnlouRLp/J
+bWMQZ3pjXNkBsQOK/igrKYvqUb1jRsy9zxVQRl4i7JjjLpe/
+Private-MAC: ef1e472b5254ae2c5319a522d39ad31d432dde75

image/insecure_key.pub

@@ -1 +1 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVmzBG5v7cO9IScGLIzlhGlHNFhXzy87VfaPzru7qnIIdQ1e9FEKvtqEws8hVixnCUdviwX5lvcMk4Ef4Tbrmj3dyF0zFtYbjiTSyl/XQlF68DQlc2sTAdHy96wJHvh7ky511tKJzzyWwSqeef4WjeVK28TqcGnq1up0S7saFO0dJh6OfDAg2cDmhyweR3VgT0vZJyrDV7hte95MBCdK+Gp7fdCyEZcWm3S1DBFaeBqHzzt/Y/njAVKbYL9TIVPum8iMg0rMiLi9ShfP+dT5Xud5Oa3dcN2OWhiDfJw5pfhFJWd44cJ/uGRwQpvNs/PNKsYABhgLlTMUH4iawhu1Xb hongli@asuna-3939
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVmzBG5v7cO9IScGLIzlhGlHNFhXzy87VfaPzru7qnIIdQ1e9FEKvtqEws8hVixnCUdviwX5lvcMk4Ef4Tbrmj3dyF0zFtYbjiTSyl/XQlF68DQlc2sTAdHy96wJHvh7ky511tKJzzyWwSqeef4WjeVK28TqcGnq1up0S7saFO0dJh6OfDAg2cDmhyweR3VgT0vZJyrDV7hte95MBCdK+Gp7fdCyEZcWm3S1DBFaeBqHzzt/Y/njAVKbYL9TIVPum8iMg0rMiLi9ShfP+dT5Xud5Oa3dcN2OWhiDfJw5pfhFJWd44cJ/uGRwQpvNs/PNKsYABhgLlTMUH4iawhu1Xb baseimage-docker-insecure-key

image/my_init

@@ -1,8 +1,42 @@
-#!/usr/bin/python2
-import os, sys, stat, signal, errno
+#!/usr/bin/python2 -u
+import os, os.path, sys, stat, signal, errno, argparse, time, json, re, posixfile
 
-pid = None
-status = None
+KILL_PROCESS_TIMEOUT = 5
+KILL_ALL_PROCESSES_TIMEOUT = 5
+
+LOG_LEVEL_ERROR = 1
+LOG_LEVEL_WARN  = 1
+LOG_LEVEL_INFO  = 2
+LOG_LEVEL_DEBUG = 3
+
+log_level = None
+
+class AlarmException(Exception):
+	pass
+
+def error(message):
+	if log_level >= LOG_LEVEL_ERROR:
+		sys.stderr.write("*** %s\n" % message)
+
+def warn(message):
+	if log_level >= LOG_LEVEL_WARN:
+		print("*** %s" % message)
+
+def info(message):
+	if log_level >= LOG_LEVEL_INFO:
+		print("*** %s" % message)
+
+def debug(message):
+	if log_level >= LOG_LEVEL_DEBUG:
+		print("*** %s" % message)
+
+def ignore_signals_and_raise_keyboard_interrupt(signame):
+	signal.signal(signal.SIGTERM, signal.SIG_IGN)
+	signal.signal(signal.SIGINT, signal.SIG_IGN)
+	raise KeyboardInterrupt(signame)
+
+def raise_alarm_exception():
+	raise AlarmException('Alarm')
 
 def listdir(path):
 	try:
@@ -20,97 +54,258 @@ def is_exe(path):
 	except OSError:
 		return False
 
-def reap_child(signum, frame):
-	global pid, status, waiting_for_runit
-	try:
-		result = os.wait3(os.WNOHANG)
-		if result is not None and pid == result[0]:
-			status = result[1]
-	except OSError:
-		pass
+def import_envvars(clear_existing_environment = True):
+	new_env = {}
+	for envfile in listdir("/etc/container_environment"):
+		name = os.path.basename(envfile)
+		with open("/etc/container_environment/" + envfile, "r") as f:
+			value = f.read()
+		new_env[name] = value
+	if clear_existing_environment:
+		os.environ.clear()
+	for name, value in new_env.items():
+		os.environ[name] = value
 
-def stop_child_process(name):
-	global pid
-	print("*** Shutting down %s (PID %d)..." % (name, pid))
-	try:
-		os.kill(pid, signal.SIGHUP)
-	except OSError:
-		pass
+def export_envvars(to_dir = True):
+	shell_dump = ""
+	for name, value in os.environ.items():
+		if to_dir:
+			with open("/etc/container_environment/" + name, "w") as f:
+				f.write(value)
+		shell_dump += "export " + shquote(name) + "=" + shquote(value) + "\n"
+	with open("/etc/container_environment.sh", "w") as f:
+		f.write(shell_dump)
+	with open("/etc/container_environment.json", "w") as f:
+		f.write(json.dumps(dict(os.environ)))
 
-def run_command_killable(*argv):
-	global pid
-	filename = argv[0]
-	pid = os.spawnvp(os.P_NOWAIT, filename, argv)
-	signal.signal(signal.SIGINT, lambda signum, frame: stop_child_process(filename))
-	signal.signal(signal.SIGTERM, lambda signum, frame: stop_child_process(filename))
+_find_unsafe = re.compile(r'[^\w@%+=:,./-]').search
+
+def shquote(s):
+	"""Return a shell-escaped version of the string *s*."""
+	if not s:
+		return "''"
+	if _find_unsafe(s) is None:
+		return s
+
+	# use single quotes, and put single quotes into double quotes
+	# the string $'b is then quoted as '$'"'"'b'
+	return "'" + s.replace("'", "'\"'\"'") + "'"
+
+def waitpid_reap_other_children(pid):
+	done = False
+	status = None
 	try:
-		this_pid, status = os.waitpid(pid, 0)
+		this_pid, status = os.waitpid(pid, os.WNOHANG)
 	except OSError as e:
-		if e.errno == errno.EINTR:
-			sys.exit(2)
+		if e.errno == errno.ECHILD or e.errno == errno.ESRCH:
+			return None
 		else:
 			raise
+	while not done:
+		this_pid, status = os.waitpid(-1, 0)
+		done = this_pid == pid
+	return status
+
+def stop_child_process(name, pid, signo = signal.SIGTERM, time_limit = KILL_PROCESS_TIMEOUT):
+	info("Shutting down %s (PID %d)..." % (name, pid))
+	try:
+		os.kill(pid, signo)
+	except OSError:
+		pass
+	signal.alarm(time_limit)
+	try:
+		try:
+			waitpid_reap_other_children(pid)
+		except OSError:
+			pass
+	except AlarmException:
+		warn("%s (PID %d) did not shut down in time. Forcing it to exit." % (name, pid))
+		try:
+			os.kill(pid, signal.SIGKILL)
+		except OSError:
+			pass
+		try:
+			waitpid_reap_other_children(pid)
+		except OSError:
+			pass
 	finally:
-		signal.signal(signal.SIGINT, signal.SIG_DFL)
-		signal.signal(signal.SIGTERM, signal.SIG_DFL)
+		signal.alarm(0)
+
+def run_command_killable(*argv):
+	filename = argv[0]
+	status = None
+	pid = os.spawnvp(os.P_NOWAIT, filename, argv)
+	try:
+		status = waitpid_reap_other_children(pid)
+	except BaseException as s:
+		warn("An error occurred. Aborting.")
+		stop_child_process(filename, pid)
+		raise
 	if status != 0:
-		sys.stderr.write("*** %s failed with exit code %d\n" % (filename, status))
+		if status is None:
+			error("%s exited with unknown exit code\n" % filename)
+		else:
+			error("%s failed with exit code %d\n" % (filename, status))
 		sys.exit(1)
 
-# Run /etc/my_init.d/*
-for name in listdir("/etc/my_init.d"):
+def run_command_killable_and_import_envvars(*argv):
+	run_command_killable(*argv)
+	import_envvars()
+	export_envvars(False)
+
+def kill_all_processes(time_limit):
+	info("Killing all processes...")
+	try:
+		os.kill(-1, signal.SIGTERM)
+	except OSError:
+		pass
+	signal.alarm(time_limit)
+	try:
+		# Wait until no more child processes exist.
+		done = False
+		while not done:
+			try:
+				os.waitpid(-1, 0)
+			except OSError as e:
+				if e.errno == errno.ECHILD:
+					done = True
+				else:
+					raise
+	except AlarmException:
+		warn("Not all processes have exited in time. Forcing them to exit.")
+		try:
+			os.kill(-1, signal.SIGKILL)
+		except OSError:
+			pass
+	finally:
+		signal.alarm(0)
+
+def run_startup_files():
+	# Run /etc/my_init.d/*
+	for name in listdir("/etc/my_init.d"):
 		filename = "/etc/my_init.d/" + name
 		if is_exe(filename):
-		print("*** Running %s..." % filename)
-		run_command_killable(filename)
+			info("Running %s..." % filename)
+			run_command_killable_and_import_envvars(filename)
 
-# Run /etc/rc.local.
-if is_exe("/etc/rc.local"):
-	print("*** Running /etc/rc.local...")
-	run_command_killable("/etc/rc.local")
+	# Run /etc/rc.local.
+	if is_exe("/etc/rc.local"):
+		info("Running /etc/rc.local...")
+		run_command_killable_and_import_envvars("/etc/rc.local")
 
-# Start runit.
-signal.signal(signal.SIGCHLD, reap_child)
-print("*** Booting runit...")
-pid = os.spawnl(os.P_NOWAIT, "/usr/sbin/runsvdir-start", "/usr/sbin/runsvdir-start")
-print("*** Runit started as PID %d" % pid)
-signal.signal(signal.SIGTERM, lambda signum, frame: stop_child_process("runit"))
+def start_runit():
+	info("Booting runit daemon...")
+	pid = os.spawnl(os.P_NOWAIT, "/usr/bin/runsvdir", "/usr/bin/runsvdir",
+		"-P", "/etc/service", "log: %s" % ('.' * 395))
+	info("Runit started as PID %d" % pid)
+	return pid
 
-# Wait for runit, and while waiting, reap any adopted orphans.
-done = False
-while not done:
+def wait_for_runit_or_interrupt(pid):
 	try:
-		this_pid, status = os.waitpid(pid, 0)
-		done = True
-	except OSError as e:
-		if e.errno == errno.EINTR:
-			# Try again
-			pass
-		else:
-			# The SIGCHLD handler probably caught it.
-			done = True
+		status = waitpid_reap_other_children(pid)
+		return (True, status)
+	except KeyboardInterrupt:
+		return (False, None)
 
-# Runit has exited. Reset signal handlers.
-print("*** Runit exited with code %s. Waiting for all services to shut down..." % status)
-signal.signal(signal.SIGCHLD, signal.SIG_DFL)
-signal.signal(signal.SIGTERM, signal.SIG_DFL)
-signal.siginterrupt(signal.SIGCHLD, False)
-signal.siginterrupt(signal.SIGTERM, False)
+def shutdown_runit_services():
+	debug("Begin shutting down runit services...")
+	os.system("/usr/bin/sv down /etc/service/*")
 
-# Wait at most 5 seconds for services to shut down.
-import time
-
-def shutdown(signum = None, frame = None):
-	global status
-	if status is not None:
-		sys.exit(status)
-
-signal.signal(signal.SIGALRM, shutdown)
-signal.alarm(5)
-done = False
-while not done:
+def wait_for_runit_services():
+	debug("Waiting for runit services to exit...")
+	done = False
+	while not done:
 		done = os.system("/usr/bin/sv status /etc/service/* | grep -q '^run:'") != 0
 		if not done:
-		time.sleep(0.5)
-shutdown()
+			time.sleep(0.1)
 
+def install_insecure_key():
+	info("Installing insecure SSH key for user root")
+	run_command_killable("/usr/sbin/enable_insecure_key")
+
+def main(args):
+	import_envvars(False)
+	export_envvars()
+
+	if args.enable_insecure_key:
+		install_insecure_key()
+
+	if not args.skip_startup_files:
+		run_startup_files()
+	
+	runit_exited = False
+	exit_code = None
+
+	if not args.skip_runit:
+		runit_pid = start_runit()
+	try:
+		if len(args.main_command) == 0:
+			runit_exited, exit_code = wait_for_runit_or_interrupt(runit_pid)
+			if runit_exited:
+				if exit_code is None:
+					info("Runit exited with unknown exit code")
+					exit_code = 1
+				else:
+					info("Runit exited with code %d" % exit_code)
+		else:
+			info("Running %s..." % " ".join(args.main_command))
+			pid = os.spawnvp(os.P_NOWAIT, args.main_command[0], args.main_command)
+			try:
+				exit_code = waitpid_reap_other_children(pid)
+				if exit_code is None:
+					info("%s exited with unknown exit code." % args.main_command[0])
+					exit_code = 1
+				else:
+					info("%s exited with exit code %d." % (args.main_command[0], exit_code))
+			except KeyboardInterrupt:
+				stop_child_process(args.main_command[0], pid)
+			except BaseException as s:
+				warn("An error occurred. Aborting.")
+				stop_child_process(args.main_command[0], pid)
+				raise
+		sys.exit(exit_code)
+	finally:
+		if not args.skip_runit:
+			shutdown_runit_services()
+			if not runit_exited:
+				stop_child_process("runit daemon", runit_pid)
+			wait_for_runit_services()
+
+# Parse options.
+parser = argparse.ArgumentParser(description = 'Initialize the system.')
+parser.add_argument('main_command', metavar = 'MAIN_COMMAND', type = str, nargs = '*',
+	help = 'The main command to run. (default: runit)')
+parser.add_argument('--enable-insecure-key', dest = 'enable_insecure_key',
+	action = 'store_const', const = True, default = False,
+	help = 'Install the insecure SSH key')
+parser.add_argument('--skip-startup-files', dest = 'skip_startup_files',
+	action = 'store_const', const = True, default = False,
+	help = 'Skip running /etc/my_init.d/* and /etc/rc.local')
+parser.add_argument('--skip-runit', dest = 'skip_runit',
+	action = 'store_const', const = True, default = False,
+	help = 'Do not run runit services')
+parser.add_argument('--no-kill-all-on-exit', dest = 'kill_all_on_exit',
+	action = 'store_const', const = False, default = True,
+	help = 'Don\'t kill all processes on the system upon exiting')
+parser.add_argument('--quiet', dest = 'log_level',
+	action = 'store_const', const = LOG_LEVEL_WARN, default = LOG_LEVEL_INFO,
+	help = 'Only print warnings and errors')
+args = parser.parse_args()
+log_level = args.log_level
+
+if args.skip_runit and len(args.main_command) == 0:
+	error("When --skip-runit is given, you must also pass a main command.")
+	sys.exit(1)
+
+# Run main function.
+signal.signal(signal.SIGTERM, lambda signum, frame: ignore_signals_and_raise_keyboard_interrupt('SIGTERM'))
+signal.signal(signal.SIGINT, lambda signum, frame: ignore_signals_and_raise_keyboard_interrupt('SIGINT'))
+signal.signal(signal.SIGALRM, lambda signum, frame: raise_alarm_exception())
+try:
+	main(args)
+except KeyboardInterrupt:
+	warn("Init system aborted.")
+	exit(2)
+finally:
+	if args.kill_all_on_exit:
+		kill_all_processes(KILL_ALL_PROCESSES_TIMEOUT)

image/runit/syslog-ng

@@ -1,3 +1,24 @@
 #!/bin/sh
 set -e
-exec syslog-ng -F -p /var/run/syslog-ng.pid
+
+SYSLOGNG_OPTS=""
+
+[ -r /etc/default/syslog-ng ] && . /etc/default/syslog-ng
+
+case "x$CONSOLE_LOG_LEVEL" in
+  x[1-8])
+    dmesg -n $CONSOLE_LOG_LEVEL
+    ;;
+  x)
+    ;;
+  *)
+    echo "CONSOLE_LOG_LEVEL is of unaccepted value."
+    ;;
+esac
+
+if [ ! -e /dev/xconsole ]
+then
+  mknod -m 640 /dev/xconsole p
+fi
+
+exec syslog-ng -F -p /var/run/syslog-ng.pid $SYSLOGNG_OPTS

image/setuser

@@ -1,12 +1,26 @@
-#!/bin/bash
-set -e
+#!/usr/bin/python2
+import sys, os, pwd
 
-user="$1"
-shift
+if len(sys.argv) < 3:
+	sys.stderr.write("Usage: /sbin/setuser USERNAME COMMAND [args..]\n")
+	sys.exit(1)
 
-if [[ "$user" == "root" ]]; then
-	export HOME=/root
-else
-	export HOME=/home/$user
-fi
-exec chpst -u "$user" "$@"
+def abort(message):
+	sys.stderr.write("setuser: %s\n" % message)
+	sys.exit(1)
+
+username = sys.argv[1]
+try:
+	user = pwd.getpwnam(username)
+except KeyError:
+	abort("user %s not found" % username)
+os.initgroups(username, user.pw_gid)
+os.setgid(user.pw_gid)
+os.setuid(user.pw_uid)
+os.environ['USER'] = username
+os.environ['HOME'] = user.pw_dir
+os.environ['UID']  = str(user.pw_uid)
+try:
+	os.execvp(sys.argv[2], sys.argv[2:])
+except OSError as e:
+	abort("cannot execute %s: %s" % (sys.argv[2], str(e)))

image/system_services.sh

@@ -6,6 +6,11 @@ set -x
 ## Install init process.
 cp /build/my_init /sbin/
 mkdir -p /etc/my_init.d
+mkdir -p /etc/container_environment
+touch /etc/container_environment.sh
+touch /etc/container_environment.json
+chmod 700 /etc/container_environment
+chmod 600 /etc/container_environment.sh /etc/container_environment.json
 
 ## Install runit.
 $minimal_apt_get_install runit
@@ -15,6 +20,10 @@ $minimal_apt_get_install syslog-ng-core
 mkdir /etc/service/syslog-ng
 cp /build/runit/syslog-ng /etc/service/syslog-ng/run
 mkdir -p /var/lib/syslog-ng
+cp /build/config/syslog_ng_default /etc/default/syslog-ng
+
+## Install logrotate.
+$minimal_apt_get_install logrotate
 
 ## Install the SSH server.
 $minimal_apt_get_install openssh-server
@@ -28,9 +37,17 @@ cp /build/00_regen_ssh_host_keys.sh /etc/my_init.d/
 mkdir -p /root/.ssh
 chmod 700 /root/.ssh
 chown root:root /root/.ssh
-cat /build/insecure_key.pub > /root/.ssh/authorized_keys
+cp /build/insecure_key.pub /etc/insecure_key.pub
+cp /build/insecure_key /etc/insecure_key
+chmod 644 /etc/insecure_key*
+chown root:root /etc/insecure_key*
+cp /build/enable_insecure_key /usr/sbin/
 
 ## Install cron daemon.
 $minimal_apt_get_install cron
 mkdir /etc/service/cron
 cp /build/runit/cron /etc/service/cron/run
+
+## Remove useless cron entries.
+# Checks for lost+found and scans for mtab.
+rm -f /etc/cron.daily/standard

test/runner.sh

@@ -14,9 +14,10 @@ function cleanup()
 	docker rm $ID >/dev/null
 }
 
-echo " --> Starting container"
 PWD=`pwd`
-ID=`docker run -d -v $PWD/test:/test $NAME:$VERSION`
+
+echo " --> Starting insecure container"
+ID=`docker run -d -v $PWD/test:/test $NAME:$VERSION /sbin/my_init --enable-insecure-key`
 sleep 1
 
 echo " --> Obtaining IP"