Update Makefile

Ubuntu 18.04

.travis.yml

@@ -3,17 +3,20 @@ sudo: required
 services:
   - docker
 
-script:
+env:
-  - make build
+  global:
+    - NAME=phusion/baseimage
+    # - VERSION=${TRAVIS_TAG}
+    - VERSION=${TRAVIS_BRANCH}
 
-deploy:
+script:
-  - provider: script
+  - docker build -t ${NAME}:${VERSION} --rm image
-    script: make test_release
+  - env NAME=${NAME} VERSION=${VERSION} ./test/runner.sh
-    on:
+
-      branch: master
+after_success:
-      tags: true
+  - docker login -u "${DOCKER_USERNAME}" -p "${DOCKER_PASSWORD}";
-      condition: '$TRAVIS_TAG =~ ^[0-9]+(\.[0-9]+)*$'
+    docker push ${NAME}:${VERSION};
-  - provider: script
+  # - if [ "${TRAVIS_BRANCH}" == "master" ]; then
-    script: make test_master
+  #   docker tag ${NAME}:${VERSION} ${NAME}:latest
-    on:
+  #   docker push ${NAME}:latest;
-      branch: master
+  #   fi

CODE_OF_CONDUCT.md

@@ -34,7 +34,13 @@ This Code of Conduct applies both within project spaces and in public spaces whe
 
 ## Enforcement
 
-Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at info@phusion.nl. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at Phusion Passenger:
+
+[FloorD](https://github.com/floord) (she/her), floor@phusion.nl, English / Dutch / German
+
+[OnixGH](https://github.com/OnixGH) (he/his), daniel@phusion.nl, English / Dutch
+
+The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
 
 Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
 

Makefile

@@ -1,5 +1,5 @@
 NAME = phusion/baseimage
-VERSION = 0.10.0
+VERSION = 0.11
 
 .PHONY: all build test tag_latest release ssh
 

README.md

@@ -3,7 +3,7 @@
 [![](https://badge.imagelayers.io/phusion/baseimage:latest.svg)](https://imagelayers.io/?images=phusion/baseimage:latest 'Get your own badge on imagelayers.io')
 [![Travis](https://img.shields.io/travis/phusion/baseimage-docker.svg)](https://travis-ci.org/phusion/baseimage-docker)
 
-_Baseimage-docker only consumes 6 MB RAM and is much more powerful than Busybox or Alpine. See why below._
+_Baseimage-docker only consumes 8.3 MB RAM and is much more powerful than Busybox or Alpine. See why below._
 
 Baseimage-docker is a special [Docker](https://www.docker.com) image that is configured for correct use within Docker containers. It is Ubuntu, plus:
 
@@ -98,7 +98,7 @@ You can configure the stock `ubuntu` image yourself from your Dockerfile, so why
 | `setuser` | A tool for running a command as another user. Easier to use than `su`, has a smaller attack vector than `sudo`, and unlike `chpst` this tool sets `$HOME` correctly. Available as `/sbin/setuser`. |
 | `install_clean` | A tool for installing `apt` packages that automatically cleans up after itself.  All arguments are passed to `apt-get -y install --no-install-recommends` and after installation the apt caches are cleared.  To include recommended packages, add `--install-recommends`. |
 
-Baseimage-docker is very lightweight: it only consumes 6 MB of memory.
+Baseimage-docker is very lightweight: it only consumes 8.3 MB of memory.
 
 <a name="docker_single_process"></a>
 ### Wait, I thought Docker is about running a single process in a container?
@@ -307,7 +307,7 @@ If you are sure that your environment variables don't contain sensitive data, th
 <a name="logging"></a>
 ### System logging
 
-Baseimage-docker uses syslog-ng to provide a syslog facility to the container. Syslog-ng is not managed as an runit service (see below). Syslog messages are forwarded to the console via the service at /etc/service/syslog-forwarder.
+Baseimage-docker uses syslog-ng to provide a syslog facility to the container. Syslog-ng is not managed as an runit service (see below). Syslog messages are forwarded to the console.
 
 #### Log startup/shutdown sequence
 In order to ensure that all application log messages are captured by syslog-ng, syslog-ng is started separately before the runit supervisor process, and shutdown after runit exits. This uses the [startup script facility](#running_startup_scripts) provided by this image. This avoids a race condition which would exist if syslog-ng were managed as an runit service, where runit kills syslog-ng in parallel with the container's other services, causing log messages to be dropped during a graceful shutdown if syslog-ng exits while logs are still being produced by other services.
@@ -450,7 +450,7 @@ Then, you can start your container with
 
     docker run -d -v `pwd`/myfolder:/etc/my_init.d my/dockerimage
 
-This will initialize sshd on container boot.  You can then access it with the insecure key as below, or using the methods to add a secure key.  Further, you can publish the port to your machine with -p 22:2222 allowing you to ssh to localhost:2222 instead of looking up the ip address.
+This will initialize sshd on container boot.  You can then access it with the insecure key as below, or using the methods to add a secure key.  Further, you can publish the port to your machine with -p 2222:22 allowing you to ssh to 127.0.0.1:2222 instead of looking up the ip address of the container.
 
 <a name="ssh_keys"></a>
 #### About SSH keys

image/Dockerfile

@@ -1,4 +1,4 @@
-FROM ubuntu:16.04
+FROM ubuntu:18.04
 MAINTAINER Phusion <info@phusion.nl>
 
 COPY . /bd_build

image/bin/my_init

@@ -296,11 +296,8 @@ def start_runit():
 
 
 def wait_for_runit_or_interrupt(pid):
-    try:
 	status = waitpid_reap_other_children(pid)
 	return (True, status)
-    except KeyboardInterrupt:
-        return (False, None)
 
 
 def shutdown_runit_services(quiet=False):

image/services/syslog-ng/logrotate_syslogng

@@ -7,7 +7,9 @@
 	delaycompress
 	compress
 	postrotate
-		sv reload syslog-ng > /dev/null
+		if [ -f /var/run/syslog-ng.pid ]; then
+			kill -HUP `cat /var/run/syslog-ng.pid`
+		fi
 	endscript
 }
 
@@ -32,6 +34,8 @@
 	delaycompress
 	sharedscripts
 	postrotate
-		sv reload syslog-ng > /dev/null
+		if [ -f /var/run/syslog-ng.pid ]; then
+			kill -HUP `cat /var/run/syslog-ng.pid`
+		fi
 	endscript
 }

image/services/syslog-ng/syslog-ng.conf

@@ -1,6 +1,5 @@
-@version: 3.5
+@version: 3.13
 @include "scl.conf"
-@include "`scl-root`/system/tty10.conf"
 
 # Syslog-ng configuration file, compatible with default Debian syslogd
 # installation.
@@ -54,7 +53,7 @@ destination d_newscrit { file("/var/log/news/news.crit"); };
 destination d_newserr { file("/var/log/news/news.err"); };
 destination d_newsnotice { file("/var/log/news/news.notice"); };
 
-# Some `catch-all' logfiles.
+# Some 'catch-all' logfiles.
 #
 destination d_debug { file("/var/log/debug"); };
 destination d_error { file("/var/log/error"); };
@@ -75,7 +74,7 @@ destination d_xconsole { pipe("/dev/xconsole"); };
 destination d_ppp { file("/var/log/ppp.log"); };
 
 # stdout for docker
-destination d_stdout { pipe("/dev/stdout"); };
+destination d_stdout { ##SYSLOG_OUTPUT_MODE_DEV_STDOUT##("/dev/stdout"); };
 
 ########################
 # Filters
@@ -134,6 +133,8 @@ log { source(s_src); filter(f_mail); destination(d_mail); };
 log { source(s_src); filter(f_news); filter(f_crit); destination(d_newscrit); };
 log { source(s_src); filter(f_news); filter(f_err); destination(d_newserr); };
 log { source(s_src); filter(f_news); filter(f_notice); destination(d_newsnotice); };
+#log { source(s_src); filter(f_cnews); destination(d_console_all); };
+#log { source(s_src); filter(f_cother); destination(d_console_all); };
 
 #log { source(s_src); filter(f_ppp); destination(d_ppp); };
 

image/services/syslog-ng/syslog-ng.init

@@ -7,6 +7,17 @@ set -em
 if [ ! -S /dev/log ]; then rm -f /dev/log; fi
 if [ ! -S /var/lib/syslog-ng/syslog-ng.ctl ]; then rm -f /var/lib/syslog-ng/syslog-ng.ctl; fi
 
+# determine output mode on /dev/stdout because of the issue documented at https://github.com/phusion/baseimage-docker/issues/468
+if [ -p /dev/stdout ]; then
+  sed -i 's/##SYSLOG_OUTPUT_MODE_DEV_STDOUT##/pipe/' /etc/syslog-ng/syslog-ng.conf
+else
+  sed -i 's/##SYSLOG_OUTPUT_MODE_DEV_STDOUT##/file/' /etc/syslog-ng/syslog-ng.conf
+fi
+
+# If /var/log is writable by another user logrotate will fail
+/bin/chown root:root /var/log
+/bin/chmod 0755 /var/log
+
 PIDFILE="/var/run/syslog-ng.pid"
 SYSLOGNG_OPTS=""
 

image/utilities.sh

@@ -4,7 +4,7 @@ source /bd_build/buildconfig
 set -x
 
 ## Often used tools.
-$minimal_apt_get_install curl less vim-tiny psmisc
+$minimal_apt_get_install curl less vim-tiny psmisc gpg-agent dirmngr
 ln -s /usr/bin/vim.tiny /usr/bin/vim
 
 ## This tool runs a command as another user and sets $HOME.

test/runner.sh

@@ -17,13 +17,13 @@ function cleanup()
 PWD=`pwd`
 
 echo " --> Starting insecure container"
-ID=`docker run -d -v $PWD/test:/test $NAME:$VERSION /sbin/my_init --enable-insecure-key`
+ID=`docker run -d -p 22 -v $PWD/test:/test $NAME:$VERSION /sbin/my_init --enable-insecure-key`
 sleep 1
 
-echo " --> Obtaining IP"
+echo " --> Obtaining SSH port number"
-IP=`docker inspect -f "{{ .NetworkSettings.IPAddress }}" "$ID"`
+SSHPORT=`docker inspect --format='{{(index (index .NetworkSettings.Ports "22/tcp") 0).HostPort}}' "$ID"`
-if [[ "$IP" = "" ]]; then
+if [[ "$SSHPORT" = "" ]]; then
-	abort "Unable to obtain container IP"
+	abort "Unable to obtain container SSH port number"
 fi
 
 trap cleanup EXIT
@@ -38,5 +38,5 @@ echo " --> Logging into container and running tests"
 cp image/services/sshd/keys/insecure_key /tmp/insecure_key
 chmod 600 /tmp/insecure_key
 sleep 1 # Give container some more time to start up.
-ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /tmp/insecure_key root@$IP \
+ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /tmp/insecure_key -p $SSHPORT root@127.0.0.1 \
 	/bin/bash /test/test.sh