Document 0.9.9 release date

This prevents initramfs and initscripts updates from breaking.

Changelog.md

@@ -1,3 +1,10 @@
+## 0.9.9 (release date: 2014-03-25)
+
+ * Fixed a problem with rssh. (Slawomir Chodnicki)
+ * The `INITRD` environment variable is now set in the container by default. This prevents updates to the `initramfs` from running grub or lilo.
+ * The `ischroot` tool in Ubuntu has been modified to always return true. This prevents updates to the `initscripts` package from breaking /dev/shm.
+ * Various minor bug fixes, improvements and typo corrections. (Felix Hummel, Laurent Sarrazin, Dung Quang, Amir Gur)
+
 ## 0.9.8 (release date: 2014-02-26)
 
  * Fixed a regression in `my_init` which causes it to delete environment variables passed from Docker.

Makefile

@@ -1,12 +1,12 @@
 NAME = phusion/baseimage
-VERSION = 0.9.8
+VERSION = 0.9.9
 
 .PHONY: all build test tag_latest release ssh
 
 all: build
 
 build:
-	docker build -t $(NAME):$(VERSION) -rm image
+	docker build -t $(NAME):$(VERSION) --rm image
 
 test:
 	env NAME=$(NAME) VERSION=$(VERSION) ./test/runner.sh
@@ -15,7 +15,7 @@ tag_latest:
 	docker tag $(NAME):$(VERSION) $(NAME):latest
 
 release: test tag_latest
-	@if ! docker images phusion/baseimage | awk '{ print $$2 }' | grep -q -F $(VERSION); then echo "$(NAME) version $(VERSION) is not yet built. Please run 'make build'"; false; fi
+	@if ! docker images $(NAME) | awk '{ print $$2 }' | grep -q -F $(VERSION); then echo "$(NAME) version $(VERSION) is not yet built. Please run 'make build'"; false; fi
 	docker push $(NAME)
 	@echo "*** Don't forget to create a tag. git tag rel-$(VERSION) && git push origin rel-$(VERSION)"
 

README.md

@@ -131,7 +131,7 @@ You can add additional daemons (e.g. your own app) to the image by creating runi
 
 The shell script must be called `run`, must be executable, and is to be placed in the directory `/etc/service/<NAME>`.
 
-Here's an example showing you how to a memached server runit entry can be made.
+Here's an example showing you how a memached server runit entry can be made.
 
     ### In memcached.sh (make sure this file is chmod +x):
     #!/bin/sh
@@ -313,7 +313,7 @@ Once you have the ID, look for its IP address with:
 Now SSH into the container as follows:
 
     curl -o insecure_key -fSL https://github.com/phusion/baseimage-docker/raw/master/image/insecure_key
-    chmod 700 insecure_key
+    chmod 600 insecure_key
     ssh -i insecure_key root@<IP address>
 
 <a name="enabling_the_insecure_key_permanently"></a>

Vagrantfile

@@ -1,31 +1,54 @@
 # -*- mode: ruby -*-
 # vi: set ft=ruby :
-ROOT = File.dirname(File.expand_path(__FILE__))
+ROOT = File.dirname(File.absolute_path(__FILE__))
 
 # Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
-VAGRANTFILE_API_VERSION = "2"
+VAGRANTFILE_API_VERSION = '2'
+
+# Default env properties which can be overridden
+# Example overrides:
+#   echo "ENV['PASSENGER_DOCKER_PATH'] ||= '../../phusion/passenger-docker'   " >> ~/.vagrant.d/Vagrantfile
+#   echo "ENV['BASE_BOX_URL']          ||= 'd\:/dev/vm/vagrant/boxes/phusion/'" >> ~/.vagrant.d/Vagrantfile
+BASE_BOX_URL          = ENV['BASE_BOX_URL']    || 'https://oss-binaries.phusionpassenger.com/vagrant/boxes/'
+VAGRANT_BOX_URL       = ENV['VAGRANT_BOX_URL'] || BASE_BOX_URL + 'ubuntu-12.04.3-amd64-vbox.box'
+VMWARE_BOX_URL        = ENV['VMWARE_BOX_URL']  || BASE_BOX_URL + 'ubuntu-12.04.3-amd64-vmwarefusion.box'
+BASEIMAGE_PATH        = ENV['BASEIMAGE_PATH' ] || '.'
+PASSENGER_DOCKER_PATH = ENV['PASSENGER_PATH' ] || '../passenger-docker'
+DOCKERIZER_PATH       = ENV['DOCKERIZER_PATH'] || '../dockerizer'
+
+$script = <<SCRIPT
+wget -q -O - https://get.docker.io/gpg | apt-key add -
+echo deb http://get.docker.io/ubuntu docker main > /etc/apt/sources.list.d/docker.list
+apt-get update -qq
+apt-get install -q -y --force-yes lxc-docker
+usermod -a -G docker vagrant
+docker version
+su - vagrant -c 'echo alias d=docker >> ~/.bash_aliases'
+SCRIPT
 
 Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
-  config.vm.box = "phusion-open-ubuntu-12.04-amd64"
+  config.vm.box = 'phusion-open-ubuntu-12.04-amd64'
-  config.vm.box_url = "https://oss-binaries.phusionpassenger.com/vagrant/boxes/ubuntu-12.04.3-amd64-vbox.box"
+  config.vm.box_url = VAGRANT_BOX_URL
   config.ssh.forward_agent = true
-  if File.directory?("#{ROOT}/../passenger-docker")
+  passenger_docker_path = File.absolute_path(PASSENGER_DOCKER_PATH, ROOT)
-    config.vm.synced_folder File.expand_path("#{ROOT}/../passenger-docker"),
+  if File.directory?(passenger_docker_path)
-      "/vagrant/passenger-docker"
+    config.vm.synced_folder passenger_docker_path, '/vagrant/passenger-docker'
+  end
+  baseimage_path = File.absolute_path(BASEIMAGE_PATH, ROOT)
+  if File.directory?(baseimage_path)
+    config.vm.synced_folder baseimage_path, "/vagrant/baseimage-docker"
+  end
+  dockerizer_path = File.absolute_path(DOCKERIZER_PATH, ROOT)
+  if File.directory?(dockerizer_path)
+    config.vm.synced_folder dockerizer_path, '/vagrant/dockerizer'
   end
 
   config.vm.provider :vmware_fusion do |f, override|
-    override.vm.box_url = "https://oss-binaries.phusionpassenger.com/vagrant/boxes/ubuntu-12.04.3-amd64-vmwarefusion.box"
+    override.vm.box_url = VMWARE_BOX_URL
-    f.vmx["displayName"] = "baseimage-docker"
+    f.vmx['displayName'] = 'baseimage-docker'
   end
 
   if Dir.glob("#{File.dirname(__FILE__)}/.vagrant/machines/default/*/id").empty?
-    # Add lxc-docker package
+    config.vm.provision :shell, :inline => $script
-    pkg_cmd = "wget -q -O - https://get.docker.io/gpg | apt-key add -;" \
-      "echo deb http://get.docker.io/ubuntu docker main > /etc/apt/sources.list.d/docker.list;" \
-      "apt-get update -qq; apt-get install -q -y --force-yes lxc-docker; "
-    # Add vagrant user to the docker group
-    pkg_cmd << "usermod -a -G docker vagrant; "
-    config.vm.provision :shell, :inline => pkg_cmd
   end
 end

image/cleanup.sh

@@ -6,5 +6,7 @@ set -x
 apt-get clean
 rm -rf /build
 rm -rf /tmp/* /var/tmp/*
+rm -rf /var/lib/apt/lists/*
+rm -f /etc/dpkg/dpkg.cfg.d/02apt-speedup
 
 rm -f /etc/ssh/ssh_host_*

image/config/sshd_config

@@ -123,7 +123,7 @@ ChallengeResponseAuthentication no
 #Banner none
 
 # override default of no subsystems
-Subsystem	sftp	/usr/lib/sftp-server
+Subsystem	sftp	/usr/lib/openssh/sftp-server
 
 # Example of overriding settings on a per-user basis
 #Match User anoncvs

image/enable_insecure_key

@@ -21,7 +21,7 @@ else
 		|                                                                              |
 		| DO NOT expose port 22 on the Internet unless you know what you are doing!    |
 		|                                                                              |
-		| Use the private key bellow to connect with user root                         |
+		| Use the private key below to connect with user root                         |
 		+------------------------------------------------------------------------------+
 
 	EOF

image/prepare.sh

@@ -3,22 +3,37 @@ set -e
 source /build/buildconfig
 set -x
 
-## Enable Ubuntu Universe.
+## Temporarily disable dpkg fsync to make building faster.
-echo deb http://archive.ubuntu.com/ubuntu precise main universe > /etc/apt/sources.list
+echo force-unsafe-io > /etc/dpkg/dpkg.cfg.d/02apt-speedup
-echo deb http://archive.ubuntu.com/ubuntu precise-updates main universe >> /etc/apt/sources.list
-apt-get update
 
-## Install HTTPS support for APT.
+## Prevent initramfs updates from trying to run grub and lilo.
-$minimal_apt_get_install apt-transport-https
+## https://journal.paul.querna.org/articles/2013/10/15/docker-ubuntu-on-rackspace/
+## http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594189
+export INITRD=no
+mkdir -p /etc/container_environment
+echo -n no > /etc/container_environment/INITRD
+
+## Enable Ubuntu Universe and Multiverse.
+cp /build/sources.list /etc/apt/sources.list
+apt-get update
 
 ## Fix some issues with APT packages.
 ## See https://github.com/dotcloud/docker/issues/1024
 dpkg-divert --local --rename --add /sbin/initctl
 ln -sf /bin/true /sbin/initctl
 
+## Replace the 'ischroot' tool to make it always return true.
+## Prevent initscripts updates from breaking /dev/shm.
+## https://journal.paul.querna.org/articles/2013/10/15/docker-ubuntu-on-rackspace/
+## https://bugs.launchpad.net/launchpad/+bug/974584
+dpkg-divert --local --rename --add /usr/bin/ischroot
+ln -sf /bin/true /usr/bin/ischroot
+
+## Install HTTPS support for APT.
+$minimal_apt_get_install apt-transport-https
+
 ## Upgrade all packages.
-echo "initscripts hold" | dpkg --set-selections
+apt-get dist-upgrade -y --no-install-recommends
-apt-get upgrade -y --no-install-recommends
 
 ## Fix locale.
 $minimal_apt_get_install language-pack-en

image/sources.list

@@ -0,0 +1,25 @@
+deb http://archive.ubuntu.com/ubuntu precise main restricted
+deb-src http://archive.ubuntu.com/ubuntu precise main restricted
+
+deb http://archive.ubuntu.com/ubuntu precise-updates main restricted
+deb-src http://archive.ubuntu.com/ubuntu precise-updates main restricted
+
+deb http://archive.ubuntu.com/ubuntu precise universe
+deb-src http://archive.ubuntu.com/ubuntu precise universe
+deb http://archive.ubuntu.com/ubuntu precise-updates universe
+deb-src http://archive.ubuntu.com/ubuntu precise-updates universe
+
+deb http://archive.ubuntu.com/ubuntu precise multiverse
+deb-src http://archive.ubuntu.com/ubuntu precise multiverse
+deb http://archive.ubuntu.com/ubuntu precise-updates multiverse
+deb-src http://archive.ubuntu.com/ubuntu precise-updates multiverse
+
+deb http://archive.ubuntu.com/ubuntu precise-backports main restricted universe multiverse
+deb-src http://archive.ubuntu.com/ubuntu precise-backports main restricted universe multiverse
+
+deb http://archive.ubuntu.com/ubuntu precise-security main restricted
+deb-src http://archive.ubuntu.com/ubuntu precise-security main restricted
+deb http://archive.ubuntu.com/ubuntu precise-security universe
+deb-src http://archive.ubuntu.com/ubuntu precise-security universe
+deb http://archive.ubuntu.com/ubuntu precise-security multiverse
+deb-src http://archive.ubuntu.com/ubuntu precise-security multiverse