Document 0.9.9 release date

This prevents initramfs and initscripts updates from breaking.

Changelog.md

@@ -1,3 +1,15 @@
+## 0.9.9 (release date: 2014-03-25)
+
+ * Fixed a problem with rssh. (Slawomir Chodnicki)
+ * The `INITRD` environment variable is now set in the container by default. This prevents updates to the `initramfs` from running grub or lilo.
+ * The `ischroot` tool in Ubuntu has been modified to always return true. This prevents updates to the `initscripts` package from breaking /dev/shm.
+ * Various minor bug fixes, improvements and typo corrections. (Felix Hummel, Laurent Sarrazin, Dung Quang, Amir Gur)
+
+## 0.9.8 (release date: 2014-02-26)
+
+ * Fixed a regression in `my_init` which causes it to delete environment variables passed from Docker.
+ * Fixed `my_init` not properly forcing Runit to shut down if Runit appears to refuse to respond to SIGTERM.
+
 ## 0.9.7 (release date: 2014-02-25)
 
  * Improved and fixed bugs in `my_init` (Thomas LÉVEIL):

Makefile

@@ -1,12 +1,12 @@
 NAME = phusion/baseimage
-VERSION = 0.9.7
+VERSION = 0.9.9
 
 .PHONY: all build test tag_latest release ssh
 
 all: build
 
 build:
-	docker build -t $(NAME):$(VERSION) -rm image
+	docker build -t $(NAME):$(VERSION) --rm image
 
 test:
 	env NAME=$(NAME) VERSION=$(VERSION) ./test/runner.sh
@@ -15,7 +15,7 @@ tag_latest:
 	docker tag $(NAME):$(VERSION) $(NAME):latest
 
 release: test tag_latest
-	@if ! docker images phusion/baseimage | awk '{ print $$2 }' | grep -q -F $(VERSION); then echo "$(NAME) version $(VERSION) is not yet built. Please run 'make build'"; false; fi
+	@if ! docker images $(NAME) | awk '{ print $$2 }' | grep -q -F $(VERSION); then echo "$(NAME) version $(VERSION) is not yet built. Please run 'make build'"; false; fi
 	docker push $(NAME)
 	@echo "*** Don't forget to create a tag. git tag rel-$(VERSION) && git push origin rel-$(VERSION)"
 

README.md

@@ -131,7 +131,7 @@ You can add additional daemons (e.g. your own app) to the image by creating runi
 
 The shell script must be called `run`, must be executable, and is to be placed in the directory `/etc/service/<NAME>`.
 
-Here's an example showing you how to a memached server runit entry can be made.
+Here's an example showing you how a memached server runit entry can be made.
 
     ### In memcached.sh (make sure this file is chmod +x):
     #!/bin/sh
@@ -313,7 +313,7 @@ Once you have the ID, look for its IP address with:
 Now SSH into the container as follows:
 
     curl -o insecure_key -fSL https://github.com/phusion/baseimage-docker/raw/master/image/insecure_key
-    chmod 700 insecure_key
+    chmod 600 insecure_key
     ssh -i insecure_key root@<IP address>
 
 <a name="enabling_the_insecure_key_permanently"></a>

Vagrantfile

@@ -1,31 +1,54 @@
 # -*- mode: ruby -*-
 # vi: set ft=ruby :
-ROOT = File.dirname(File.expand_path(__FILE__))
+ROOT = File.dirname(File.absolute_path(__FILE__))
 
 # Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
-VAGRANTFILE_API_VERSION = "2"
+VAGRANTFILE_API_VERSION = '2'
+
+# Default env properties which can be overridden
+# Example overrides:
+#   echo "ENV['PASSENGER_DOCKER_PATH'] ||= '../../phusion/passenger-docker'   " >> ~/.vagrant.d/Vagrantfile
+#   echo "ENV['BASE_BOX_URL']          ||= 'd\:/dev/vm/vagrant/boxes/phusion/'" >> ~/.vagrant.d/Vagrantfile
+BASE_BOX_URL          = ENV['BASE_BOX_URL']    || 'https://oss-binaries.phusionpassenger.com/vagrant/boxes/'
+VAGRANT_BOX_URL       = ENV['VAGRANT_BOX_URL'] || BASE_BOX_URL + 'ubuntu-12.04.3-amd64-vbox.box'
+VMWARE_BOX_URL        = ENV['VMWARE_BOX_URL']  || BASE_BOX_URL + 'ubuntu-12.04.3-amd64-vmwarefusion.box'
+BASEIMAGE_PATH        = ENV['BASEIMAGE_PATH' ] || '.'
+PASSENGER_DOCKER_PATH = ENV['PASSENGER_PATH' ] || '../passenger-docker'
+DOCKERIZER_PATH       = ENV['DOCKERIZER_PATH'] || '../dockerizer'
+
+$script = <<SCRIPT
+wget -q -O - https://get.docker.io/gpg | apt-key add -
+echo deb http://get.docker.io/ubuntu docker main > /etc/apt/sources.list.d/docker.list
+apt-get update -qq
+apt-get install -q -y --force-yes lxc-docker
+usermod -a -G docker vagrant
+docker version
+su - vagrant -c 'echo alias d=docker >> ~/.bash_aliases'
+SCRIPT
 
 Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
-  config.vm.box = "phusion-open-ubuntu-12.04-amd64"
-  config.vm.box_url = "https://oss-binaries.phusionpassenger.com/vagrant/boxes/ubuntu-12.04.3-amd64-vbox.box"
+  config.vm.box = 'phusion-open-ubuntu-12.04-amd64'
+  config.vm.box_url = VAGRANT_BOX_URL
   config.ssh.forward_agent = true
-  if File.directory?("#{ROOT}/../passenger-docker")
-    config.vm.synced_folder File.expand_path("#{ROOT}/../passenger-docker"),
-      "/vagrant/passenger-docker"
+  passenger_docker_path = File.absolute_path(PASSENGER_DOCKER_PATH, ROOT)
+  if File.directory?(passenger_docker_path)
+    config.vm.synced_folder passenger_docker_path, '/vagrant/passenger-docker'
+  end
+  baseimage_path = File.absolute_path(BASEIMAGE_PATH, ROOT)
+  if File.directory?(baseimage_path)
+    config.vm.synced_folder baseimage_path, "/vagrant/baseimage-docker"
+  end
+  dockerizer_path = File.absolute_path(DOCKERIZER_PATH, ROOT)
+  if File.directory?(dockerizer_path)
+    config.vm.synced_folder dockerizer_path, '/vagrant/dockerizer'
   end
 
   config.vm.provider :vmware_fusion do |f, override|
-    override.vm.box_url = "https://oss-binaries.phusionpassenger.com/vagrant/boxes/ubuntu-12.04.3-amd64-vmwarefusion.box"
-    f.vmx["displayName"] = "baseimage-docker"
+    override.vm.box_url = VMWARE_BOX_URL
+    f.vmx['displayName'] = 'baseimage-docker'
   end
 
   if Dir.glob("#{File.dirname(__FILE__)}/.vagrant/machines/default/*/id").empty?
-    # Add lxc-docker package
-    pkg_cmd = "wget -q -O - https://get.docker.io/gpg | apt-key add -;" \
-      "echo deb http://get.docker.io/ubuntu docker main > /etc/apt/sources.list.d/docker.list;" \
-      "apt-get update -qq; apt-get install -q -y --force-yes lxc-docker; "
-    # Add vagrant user to the docker group
-    pkg_cmd << "usermod -a -G docker vagrant; "
-    config.vm.provision :shell, :inline => pkg_cmd
+    config.vm.provision :shell, :inline => $script
   end
 end

image/cleanup.sh

@@ -6,5 +6,7 @@ set -x
 apt-get clean
 rm -rf /build
 rm -rf /tmp/* /var/tmp/*
+rm -rf /var/lib/apt/lists/*
+rm -f /etc/dpkg/dpkg.cfg.d/02apt-speedup
 
 rm -f /etc/ssh/ssh_host_*

image/config/sshd_config

@@ -123,7 +123,7 @@ ChallengeResponseAuthentication no
 #Banner none
 
 # override default of no subsystems
-Subsystem	sftp	/usr/lib/sftp-server
+Subsystem	sftp	/usr/lib/openssh/sftp-server
 
 # Example of overriding settings on a per-user basis
 #Match User anoncvs

image/enable_insecure_key

@@ -21,7 +21,7 @@ else
 		|                                                                              |
 		| DO NOT expose port 22 on the Internet unless you know what you are doing!    |
 		|                                                                              |
-		| Use the private key bellow to connect with user root                         |
+		| Use the private key below to connect with user root                         |
 		+------------------------------------------------------------------------------+
 
 	EOF

image/my_init

@@ -54,14 +54,15 @@ def is_exe(path):
 	except OSError:
 		return False
 
-def import_envvars():
+def import_envvars(clear_existing_environment = True):
 	new_env = {}
 	for envfile in listdir("/etc/container_environment"):
 		name = os.path.basename(envfile)
 		with open("/etc/container_environment/" + envfile, "r") as f:
 			value = f.read()
 		new_env[name] = value
-	os.environ.clear()
+	if clear_existing_environment:
+		os.environ.clear()
 	for name, value in new_env.items():
 		os.environ[name] = value
 
@@ -93,6 +94,13 @@ def shquote(s):
 def waitpid_reap_other_children(pid):
 	done = False
 	status = None
+	try:
+		this_pid, status = os.waitpid(pid, os.WNOHANG)
+	except OSError as e:
+		if e.errno == errno.ECHILD or e.errno == errno.ESRCH:
+			return None
+		else:
+			raise
 	while not done:
 		this_pid, status = os.waitpid(-1, 0)
 		done = this_pid == pid
@@ -134,7 +142,10 @@ def run_command_killable(*argv):
 		stop_child_process(filename, pid)
 		raise
 	if status != 0:
-		error("%s failed with exit code %d\n" % (filename, status))
+		if status is None:
+			error("%s exited with unknown exit code\n" % filename)
+		else:
+			error("%s failed with exit code %d\n" % (filename, status))
 		sys.exit(1)
 
 def run_command_killable_and_import_envvars(*argv):
@@ -213,7 +224,7 @@ def install_insecure_key():
 	run_command_killable("/usr/sbin/enable_insecure_key")
 
 def main(args):
-	import_envvars()
+	import_envvars(False)
 	export_envvars()
 
 	if args.enable_insecure_key:
@@ -231,13 +242,21 @@ def main(args):
 		if len(args.main_command) == 0:
 			runit_exited, exit_code = wait_for_runit_or_interrupt(runit_pid)
 			if runit_exited:
-				info("Runit exited with code %d" % exit_code)
+				if exit_code is None:
+					info("Runit exited with unknown exit code")
+					exit_code = 1
+				else:
+					info("Runit exited with code %d" % exit_code)
 		else:
 			info("Running %s..." % " ".join(args.main_command))
 			pid = os.spawnvp(os.P_NOWAIT, args.main_command[0], args.main_command)
 			try:
 				exit_code = waitpid_reap_other_children(pid)
-				info("%s exited with exit code %d." % (args.main_command[0], exit_code))
+				if exit_code is None:
+					info("%s exited with unknown exit code." % args.main_command[0])
+					exit_code = 1
+				else:
+					info("%s exited with exit code %d." % (args.main_command[0], exit_code))
 			except KeyboardInterrupt:
 				stop_child_process(args.main_command[0], pid)
 			except BaseException as s:

image/prepare.sh

@@ -3,22 +3,37 @@ set -e
 source /build/buildconfig
 set -x
 
-## Enable Ubuntu Universe.
-echo deb http://archive.ubuntu.com/ubuntu precise main universe > /etc/apt/sources.list
-echo deb http://archive.ubuntu.com/ubuntu precise-updates main universe >> /etc/apt/sources.list
-apt-get update
+## Temporarily disable dpkg fsync to make building faster.
+echo force-unsafe-io > /etc/dpkg/dpkg.cfg.d/02apt-speedup
 
-## Install HTTPS support for APT.
-$minimal_apt_get_install apt-transport-https
+## Prevent initramfs updates from trying to run grub and lilo.
+## https://journal.paul.querna.org/articles/2013/10/15/docker-ubuntu-on-rackspace/
+## http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594189
+export INITRD=no
+mkdir -p /etc/container_environment
+echo -n no > /etc/container_environment/INITRD
+
+## Enable Ubuntu Universe and Multiverse.
+cp /build/sources.list /etc/apt/sources.list
+apt-get update
 
 ## Fix some issues with APT packages.
 ## See https://github.com/dotcloud/docker/issues/1024
 dpkg-divert --local --rename --add /sbin/initctl
 ln -sf /bin/true /sbin/initctl
 
+## Replace the 'ischroot' tool to make it always return true.
+## Prevent initscripts updates from breaking /dev/shm.
+## https://journal.paul.querna.org/articles/2013/10/15/docker-ubuntu-on-rackspace/
+## https://bugs.launchpad.net/launchpad/+bug/974584
+dpkg-divert --local --rename --add /usr/bin/ischroot
+ln -sf /bin/true /usr/bin/ischroot
+
+## Install HTTPS support for APT.
+$minimal_apt_get_install apt-transport-https
+
 ## Upgrade all packages.
-echo "initscripts hold" | dpkg --set-selections
-apt-get upgrade -y --no-install-recommends
+apt-get dist-upgrade -y --no-install-recommends
 
 ## Fix locale.
 $minimal_apt_get_install language-pack-en

image/sources.list

@@ -0,0 +1,25 @@
+deb http://archive.ubuntu.com/ubuntu precise main restricted
+deb-src http://archive.ubuntu.com/ubuntu precise main restricted
+
+deb http://archive.ubuntu.com/ubuntu precise-updates main restricted
+deb-src http://archive.ubuntu.com/ubuntu precise-updates main restricted
+
+deb http://archive.ubuntu.com/ubuntu precise universe
+deb-src http://archive.ubuntu.com/ubuntu precise universe
+deb http://archive.ubuntu.com/ubuntu precise-updates universe
+deb-src http://archive.ubuntu.com/ubuntu precise-updates universe
+
+deb http://archive.ubuntu.com/ubuntu precise multiverse
+deb-src http://archive.ubuntu.com/ubuntu precise multiverse
+deb http://archive.ubuntu.com/ubuntu precise-updates multiverse
+deb-src http://archive.ubuntu.com/ubuntu precise-updates multiverse
+
+deb http://archive.ubuntu.com/ubuntu precise-backports main restricted universe multiverse
+deb-src http://archive.ubuntu.com/ubuntu precise-backports main restricted universe multiverse
+
+deb http://archive.ubuntu.com/ubuntu precise-security main restricted
+deb-src http://archive.ubuntu.com/ubuntu precise-security main restricted
+deb http://archive.ubuntu.com/ubuntu precise-security universe
+deb-src http://archive.ubuntu.com/ubuntu precise-security universe
+deb http://archive.ubuntu.com/ubuntu precise-security multiverse
+deb-src http://archive.ubuntu.com/ubuntu precise-security multiverse