Merge branch 'release-0.1.0' into stable

CHANGELOG.md

@@ -0,0 +1,4 @@
+# Changelog
+
+## 0.1.0
+  - Initial release

Makefile

@@ -0,0 +1,23 @@
+NAME = osixia/light-baseimage
+VERSION = 0.1.0
+
+.PHONY: all build test tag_latest release build-tool
+
+all: build
+
+build-tool:
+	./src/py_tool/build.sh
+
+build:
+	docker build -t $(NAME):$(VERSION) --rm image
+
+test:
+	env NAME=$(NAME) VERSION=$(VERSION) bats test/test.bats
+
+tag_latest:
+	docker tag -f $(NAME):$(VERSION) $(NAME):latest
+
+release: build test tag_latest
+	@if ! docker images $(NAME) | awk '{ print $$2 }' | grep -q -F $(VERSION); then echo "$(NAME) version $(VERSION) is not yet built. Please run 'make build'"; false; fi
+	docker push $(NAME)
+	@echo "*** Don't forget to run 'twgit release/hotfix finish' :)"

README.md

@@ -0,0 +1,8 @@
+# osixia/light-baseimage
+
+[![](https://badge.imagelayers.io/osixia/light-baseimage:latest.svg)](https://imagelayers.io/?images=osixia/light-baseimage:latest 'Get your own badge on imagelayers.io')
+
+Inspired by :
+> [phusion/baseimage-docker](https://github.com/phusion/baseimage-docker)
+
+Add optional service-available install, tool to automate service/process addition, and single process container capability.

image/Dockerfile

@@ -0,0 +1,7 @@
+FROM debian:jessie
+MAINTAINER Bertrand Gouny <[email protected]>
+
+ADD . /container
+RUN /container/build.sh
+
+CMD ["/container/tool/run"]

image/build.sh

@@ -0,0 +1,73 @@
+#!/bin/bash -ex
+
+## Add bash tools to /sbin
+ln -s /container/tool/add-host /sbin/add-host
+ln -s /container/tool/install-multiple-process-stack /sbin/install-multiple-process-stack
+ln -s /container/tool/install-service /sbin/install-service
+ln -s /container/tool/install-service-available /sbin/install-service-available
+ln -s /container/tool/remove-service /sbin/remove-service
+ln -s /container/tool/run /sbin/run
+
+# Add python tools and needed directories
+ln -s /container/tool/py_tool/my_init /sbin/my_init
+mkdir -p /etc/service
+mkdir -p /etc/my_init.d
+mkdir -p /etc/container_environment
+touch /etc/container_environment.sh
+chmod 700 /etc/container_environment
+
+groupadd -g 8377 docker_env
+chown :docker_env /etc/container_environment.sh
+chmod 640 /etc/container_environment.sh
+
+ln -s /container/tool/py_tool/setuser /sbin/setuser
+
+# dpkg
+cp /container/file/dpkg_nodoc /etc/dpkg/dpkg.cfg.d/01_nodoc
+cp /container/file/dpkg_nolocales /etc/dpkg/dpkg.cfg.d/01_nolocales
+
+# Remove useless files
+rm -rf /container/file
+rm -rf /container/build.sh /container/Dockerfile
+
+# General config
+export LC_ALL=C
+export DEBIAN_FRONTEND=noninteractive
+minimal_apt_get_install='apt-get install -y --no-install-recommends'
+
+## Temporarily disable dpkg fsync to make building faster.
+if [[ ! -e /etc/dpkg/dpkg.cfg.d/docker-apt-speedup ]]; then
+	echo force-unsafe-io > /etc/dpkg/dpkg.cfg.d/docker-apt-speedup
+fi
+
+## Prevent initramfs updates from trying to run grub and lilo.
+## https://journal.paul.querna.org/articles/2013/10/15/docker-ubuntu-on-rackspace/
+## http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594189
+export INITRD=no
+mkdir -p /etc/container_environment
+echo -n no > /etc/container_environment/INITRD
+
+apt-get update
+
+## Fix some issues with APT packages.
+## See https://github.com/dotcloud/docker/issues/1024
+dpkg-divert --local --rename --add /sbin/initctl
+ln -sf /bin/true /sbin/initctl
+
+## Replace the 'ischroot' tool to make it always return true.
+## Prevent initscripts updates from breaking /dev/shm.
+## https://journal.paul.querna.org/articles/2013/10/15/docker-ubuntu-on-rackspace/
+## https://bugs.launchpad.net/launchpad/+bug/974584
+dpkg-divert --local --rename --add /usr/bin/ischroot
+ln -sf /bin/true /usr/bin/ischroot
+
+## Install apt-utils.
+$minimal_apt_get_install apt-utils
+
+## Upgrade all packages.
+apt-get dist-upgrade -y --no-install-recommends
+
+apt-get clean
+rm -rf /tmp/* /var/tmp/*
+rm -rf /var/lib/apt/lists/*
+rm -f /etc/dpkg/dpkg.cfg.d/02apt-speedup

image/file/dpkg_nodoc

@@ -0,0 +1,9 @@
+path-exclude /usr/share/doc/*
+# we need to keep copyright files for legal reasons
+path-include /usr/share/doc/*/copyright
+path-exclude /usr/share/man/*
+path-exclude /usr/share/groff/*
+path-exclude /usr/share/info/*
+# lintian stuff is small, but really unnecessary
+path-exclude /usr/share/lintian/*
+path-exclude /usr/share/linda/*

image/file/dpkg_nolocales

@@ -0,0 +1,2 @@
+path-exclude /usr/share/locale/*
+path-include /usr/share/locale/en*

image/service-available/cron/daemon.sh

@@ -0,0 +1,2 @@
+#!/bin/bash -e
+exec /usr/sbin/cron -f

image/service-available/cron/install.sh

@@ -0,0 +1,13 @@
+#!/bin/bash -e
+
+# install cron
+LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends cron
+chmod 600 /etc/crontab
+
+## Remove useless cron entries.
+# Checks for lost+found and scans for mtab.
+rm -f /etc/cron.daily/standard
+rm -f /etc/cron.daily/upstart
+rm -f /etc/cron.daily/dpkg
+rm -f /etc/cron.daily/password
+rm -f /etc/cron.weekly/fstrim

image/service-available/logrotate/assets/config/logrotate_syslogng

@@ -0,0 +1,38 @@
+/var/log/syslog
+{
+	rotate 7
+	daily
+	missingok
+	notifempty
+	delaycompress
+	compress
+	postrotate
+		sv reload syslog-ng > /dev/null
+	endscript
+}
+
+/var/log/mail.info
+/var/log/mail.warn
+/var/log/mail.err
+/var/log/mail.log
+/var/log/daemon.log
+/var/log/kern.log
+/var/log/auth.log
+/var/log/user.log
+/var/log/lpr.log
+/var/log/cron.log
+/var/log/debug
+/var/log/messages
+{
+	rotate 4
+	weekly
+	missingok
+	notifempty
+	compress
+	delaycompress
+	sharedscripts
+	postrotate
+		sv reload syslog-ng > /dev/null
+		sv restart cron-log-forwarder > /dev/null
+	endscript
+}

image/service-available/logrotate/install.sh

@@ -0,0 +1,6 @@
+#!/bin/bash -e
+
+# install logrotate
+LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends logrotate
+rm -f /etc/logrotate.d/syslog-ng
+ln -s /container/service-available/logrotate/assets/config/logrotate_syslogng /etc/logrotate.d/syslog-ng

image/service-available/runit/install.sh

@@ -0,0 +1,4 @@
+#!/bin/bash -e
+
+# install runit
+LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends runit

image/service-available/ssl-helper-gnutls/assets/certificate-authority/README.md

@@ -0,0 +1,6 @@
+# To create a new CA with gnutls 
+sh -c "certtool --generate-privkey > docker_baseimage_gnutls_cakey.pem"
+sudo certtool --generate-self-signed  --load-privkey docker_baseimage_gnutls_cakey.pem --outfile docker_baseimage_gnutls_cacert.pem
+
+Does the certificate belong to an authority? (y/N): -> y
+Will the certificate be used to sign other certificates? (y/N): -> y

image/service-available/ssl-helper-gnutls/assets/certificate-authority/docker_baseimage_gnutls_cacert.pem

@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEHzCCAtegAwIBAgIEVFyEFjANBgkqhkiG9w0BAQsFADB/MQswCQYDVQQGEwJG
+UjEWMBQGA1UEChMNRXhhbXBsZSBDb3JwLjEVMBMGA1UECxMMQ0EgQXV0aG9yaXR5
+MQ8wDQYDVQQHEwZOYW50ZXMxGTAXBgNVBAgTEFBheXMgZGUgbGEgTG9pcmUxFTAT
+BgNVBAMTDENBIEF1dGhvcml0eTAeFw0xNDExMDcwODM0MzJaFw0yNDExMDQwODM0
+MzdaMH8xCzAJBgNVBAYTAkZSMRYwFAYDVQQKEw1FeGFtcGxlIENvcnAuMRUwEwYD
+VQQLEwxDQSBBdXRob3JpdHkxDzANBgNVBAcTBk5hbnRlczEZMBcGA1UECBMQUGF5
+cyBkZSBsYSBMb2lyZTEVMBMGA1UEAxMMQ0EgQXV0aG9yaXR5MIIBUjANBgkqhkiG
+9w0BAQEFAAOCAT8AMIIBOgKCATEApYPsj6fBnRp03YPRqwRpq4Xe4PIBKhLjZx9G
+VyKdHRL1g4UUrimVXMQgIIdlr5Kb4XSvrLCO9giPeNG4bmG9viEjGWODr0krF3gr
++sUgJ49ufB3ti67NxbptckhF8tOU0icdvyaSrlOM/6fQXwn4PQ/0zE5pajomZ+Kc
+gpdftAHH/OJhN2JeQlh4TqquLUAKp/z/DjOssr0d6mjKWEVlf8vlvYIWM9kVNsCm
+CxGarHqETFPrK02akBcdEhd32praATezYXF3V2HQT/S1Mnamk9iT743SGVrpLx4s
+nwvzkpeZEjlhFHfEyiyi0lsZucaBxKX1IZdAcj3t6DbcNTBcacpqYOdcqykMj5m1
+PnbcyXPfndwjHNGCAtkeVHkNIviYK4d1v1YixhUXFk+FF7xDdwIDAQABo0MwQTAP
+BgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBAAwHQYDVR0OBBYEFNDAYqRu
+emxWOsrKTszI4ZkaB0bPMA0GCSqGSIb3DQEBCwUAA4IBMQCMPI+mdnEMBpOT5+2X
+wvRGmgGiXoTiB5jQ4xquk2b40rH6vlRW0dkP9fHf4DYEyIp0EVlEe1iBVURNoRjd
+9Yf/uYwbG8P23ZXJYuTZKLsGL2G8XkHCUyfztYyhZqi2I97cJdH1QLqSljKfxF7a
+DPVh88p7RTwDe0w+j1XELELdYCnn7YcamU/cBu7pPqm+QDpZAO4B/7+HlZvxsAfc
+m2vQRpgRLXAB32QixowK2cZQVB1ScT0Rbj9uKIDXXLnofOfvk7yCJvBuEDLex0gh
+orCm+bduZozNkLwl7yRwLxPj+BMY4xzmqFPz+IRLs9nLaT+irlSdODQMLw6OZG1n
+hVkV54HIfN4QLiuvhJKlzJFtfH7sVWkNUEBP3eX4UyeyohpHhrbPytBbTdqpbmNb
+ryej
+-----END CERTIFICATE-----

image/service-available/ssl-helper-gnutls/assets/certificate-authority/docker_baseimage_gnutls_cakey.pem

@@ -0,0 +1,32 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIFfAIBAAKCATEApYPsj6fBnRp03YPRqwRpq4Xe4PIBKhLjZx9GVyKdHRL1g4UU
+rimVXMQgIIdlr5Kb4XSvrLCO9giPeNG4bmG9viEjGWODr0krF3gr+sUgJ49ufB3t
+i67NxbptckhF8tOU0icdvyaSrlOM/6fQXwn4PQ/0zE5pajomZ+KcgpdftAHH/OJh
+N2JeQlh4TqquLUAKp/z/DjOssr0d6mjKWEVlf8vlvYIWM9kVNsCmCxGarHqETFPr
+K02akBcdEhd32praATezYXF3V2HQT/S1Mnamk9iT743SGVrpLx4snwvzkpeZEjlh
+FHfEyiyi0lsZucaBxKX1IZdAcj3t6DbcNTBcacpqYOdcqykMj5m1PnbcyXPfndwj
+HNGCAtkeVHkNIviYK4d1v1YixhUXFk+FF7xDdwIDAQABAoIBME7RXk7gc34lMZ6k
+3azjOpDP/J1BERXgjcK3LW9kD85fD2QUdQ8kxTg6OxRSdbVgivOXdeq13zZBSFUg
+BYQm7kzCiezWq0hG/wq7krHlulSsZFAdjle0o8+zYdgIm6qxX86divhSXYo/Rkce
+Okdvv3MQjKHX+zH3Q/+3dZFolU3qhToi8WmG4d0VNSE8/RmWRBzQCQNRzz0DtpWU
+mRt8DoGrXIO/7TlvMz+5BwtVXK8wuMFSne5cFKlEtcxntMvRtWzGqQhW6u1ilbw5
+5wRDgBulKIeCLvppFvgg5rWsDD+vBa92TQdiHKUXDadcg2GNyXeQlQS2blhmQ/aM
+f75KP5LeTbsSahZtJsVHG8AsKLbIDtAjCQdcSgwQNpDMxzw90fW3kJ3TdPlSsZX3
+DE+KKGkCgZkAw7bF2gizx5odr4h6XjFapdmYeXjtUAQnXH3NWcUR6RrChsKe8Ohb
+uHZGl3FM0a+332UW7qaQEaUfjp3pbHDw7cpCMFilPNH2ImyRKI8MZovmqw91MBwL
+zlwXKrvgp9Zbw/WbZlZq1T3/kKGbRk5OhLhK7r8dHiqTnQMeL47HBFBTOGE0BTmE
+NEYzVN0MzLl9jfpTPzRZa88CgZkA2H/OmvNpfQF+VpEQIIDhbh0T6BtHTB4BGjbU
+ogCP9AFqmE+dRCh51DS7mm06v2KKw9cJ7gR3eYFD5wyCsyEbUTcH439gXIO/ImhZ
+SukZjWAbzpqf5ym0yU6pLK6VhpOFCqjF+T/dfm8cRYz6vwP4HvaqDYcyhwraQkyi
+omeL2fTdrBhcPZ7GadSOv2jrgkwiX9jzRrllT9kCgZgq+RjcVQjUjPxzrG3h/MhA
+nlSiZ3EEHsVdw6mxSloyatPHrzgjAYISMLYzTodli0W+YX31jNEZbr5NHFNColHk
+hIKgBvbRMfDvghMlarN4WMOfT9eVZrMY7pOPqI0djS29C1LB17vBcsmIwlNLzqni
+7mxVm9US6Jpc4XBhVOJSCikbugwoEYb7y2Y9/gNveFMfN5XLzPzNdQKBmQCPYV1o
+G2qyYinUlO/URuaFMXa8kkxOqdRbExMRU0QC+mkpBBkISbIdiurv5AUzOMTj3Gd0
+HbsuWiCpRQzOK0/XIpXz4ajkvE/6LpdsWCIXEh54Xsklo+ZaJ+E8eUcHwG0s2Qd8
+AgLjuBxGJ47ssGlDwGJw4SfibZqMrApNejwRley1C9ES8jM/ZYlAVPEb8uYVCi5b
+mW7ySQKBmQCT8b6I0JXwHUgs+hfG2W7wShePkrs/JLFwblhlaBXeiiJeXRoYFU+x
+/TnDdrcMS1c2OnoDuFOOQarDWB4wj/so8xAT4I1YUyGiNrZbHojCxVKV6ywO9us1
+yxNXDvbG3H9KJLPeu9b9nx5xTomnzgU/fS5SZzJIQFmQTSqqAVL/Mvpqli02uT/T
+rALcYDw10phR16z1Kzs5rA==
+-----END RSA PRIVATE KEY-----

image/service-available/ssl-helper-gnutls/assets/tool/create-gnutls-crt-file-infos.sh

@@ -0,0 +1,37 @@
+#!/bin/bash -e
+
+create_gnutls_crt_file_infos() {
+
+	CA_INFOS=$1
+	touch $CA_INFOS
+
+	if [ ! -z "$SSL_ORGANIZATION" ]; then
+	  echo "organization = \"$SSL_ORGANIZATION\"" >> $CA_INFOS
+	fi
+
+	if [ ! -z "$SSL_ORGANIZATIONAL_UNIT" ]; then
+	  echo "unit = \"$SSL_ORGANIZATIONAL_UNIT\"" >> $CA_INFOS
+	fi
+
+	if [ ! -z "$SSL_LOCATION" ]; then
+	  echo "locality = \"$SSL_LOCATION\"" >> $CA_INFOS
+	fi
+
+	if [ ! -z "$SSL_STATE" ]; then
+	  echo "state = \"$SSL_STATE\"" >> $CA_INFOS
+	fi
+	if [ ! -z "$SSL_COUNTRY" ]; then
+	  echo "country = $SSL_COUNTRY" >> $CA_INFOS
+	fi
+	if [ ! -z "$SSL_COMMON_NAME" ]; then
+	  echo "cn = \"$SSL_COMMON_NAME\"" >> $CA_INFOS
+	fi
+	if [ ! -z "$SSL_EMAIL" ]; then
+	  echo "email = \"$SSL_EMAIL\"" >> $CA_INFOS
+	fi
+
+	echo "tls_www_server" >> $CA_INFOS
+	echo "encryption_key" >> $CA_INFOS
+	echo "signing_key" >> $CA_INFOS
+	echo "expiration_days = 3650" >> $CA_INFOS
+}

image/service-available/ssl-helper-gnutls/install.sh

@@ -0,0 +1,12 @@
+#!/bin/bash -e
+/container/tool/install-service-available ssl-helper
+
+LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends gnutls-bin
+
+# Fix files permission
+chmod 600 /container/service-available/ssl-helper-gnutls/assets/certificate-authority/docker_baseimage_gnutls_cakey.pem
+chmod 644 /container/service-available/ssl-helper-gnutls/assets/certificate-authority/docker_baseimage_gnutls_cacert.pem
+
+# Link certificats et private keys
+ln -s /container/service-available/ssl-helper-gnutls/assets/certificate-authority/docker_baseimage_gnutls_cacert.pem /etc/ssl/certs/docker_baseimage_gnutls_cacert.pem
+ln -s /container/service-available/ssl-helper-gnutls/assets/certificate-authority/docker_baseimage_gnutls_cakey.pem /etc/ssl/private/docker_baseimage_gnutls_cakey.pem

image/service-available/ssl-helper-openssl/assets/certificate-authority/README.md

@@ -0,0 +1,2 @@
+# To create a new CA with openssl
+openssl req -new -x509 -nodes -days 3650 -extensions v3_ca -keyout /etc/ssl/private/docker_baseimage_cakey.pem -out /etc/ssl/certs/docker_baseimage_cacert.pem

image/service-available/ssl-helper-openssl/assets/certificate-authority/docker_baseimage_cacert.pem

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID0TCCArmgAwIBAgIJAJRf+u8cOgcRMA0GCSqGSIb3DQEBCwUAMH8xCzAJBgNV
+BAYTAkZSMRkwFwYDVQQIDBBQYXlzIGRlIGxhIExvaXJlMQ8wDQYDVQQHDAZOYW50
+ZXMxFjAUBgNVBAoMDUV4YW1wbGUgQ29ycC4xFTATBgNVBAsMDENBIEF1dGhvcml0
+eTEVMBMGA1UEAwwMQ0EgQXV0aG9yaXR5MB4XDTE0MTEwNTEzNTU0NFoXDTI0MTEw
+MjEzNTU0NFowfzELMAkGA1UEBhMCRlIxGTAXBgNVBAgMEFBheXMgZGUgbGEgTG9p
+cmUxDzANBgNVBAcMBk5hbnRlczEWMBQGA1UECgwNRXhhbXBsZSBDb3JwLjEVMBMG
+A1UECwwMQ0EgQXV0aG9yaXR5MRUwEwYDVQQDDAxDQSBBdXRob3JpdHkwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKk249Qz10n6Fa9BR1BYOkQYIVT/Mh
+zJvcRgRE5o1t8qjLJHXNjTWeuWjuKRP/Df26BByKsLg3aAwMjUxewsRKFUpyZYtH
+jwFaVuQOz4JpWqDW+v4gZGNHBFFKKCubUpOLfSb4WCMN020wMomFzfa8WHL9tryB
+DlFeCiCLIOafwgRTxVlusb7PP9FmhCA14OgwFARHNk9k9/V5wv3APOICxwokeMEI
+2QKueM2fGIPg1LMy4SIrcMw9M7fuQGhpiZb+ayetTbDOxx09YqHJYiA7MSvNaAgC
+GJjBCIq3DgGVUesxYigK2nFplRxN4f2SWTAp3j9qdGruagKmdibo728jAgMBAAGj
+UDBOMB0GA1UdDgQWBBRtUW+btx3xymlqtcVS3ZEYES1jDjAfBgNVHSMEGDAWgBRt
+UW+btx3xymlqtcVS3ZEYES1jDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUA
+A4IBAQDG5ujNxYQmcRyxQBqAcY3+07Ras/WUS8aByltcKOoqImQ5a7CrD/zNVgUz
+2E25Dsj2/mG25zCBYxof4sj/6xjJhROI3GJ3NKDv68OufkQcM/fK9Y3rwMko+gCi
+H9RooSJdcegPUiAPubHOjPJI9C2y77PgXw3to+Ryf9WdSO5w8yvAx7vafDJoaVNe
+Fr0Gg0KK4CGeNpYvL0X71DJIAqftaN7HKuOOjZxszl80h0HD6Jr0ujtk+Rx9vI3Q
+AbeCnIsWi8UzxsV9vM2C9qKZ6zehjPJ8IoUG/xEUgd/8Jmd32SIfMkWNw8DylDDX
+pPjjEoxEIdOAsNnii03wUdKYfd7e
+-----END CERTIFICATE-----

image/service-available/ssl-helper-openssl/assets/certificate-authority/docker_baseimage_cakey.pem

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDKk249Qz10n6Fa
+9BR1BYOkQYIVT/MhzJvcRgRE5o1t8qjLJHXNjTWeuWjuKRP/Df26BByKsLg3aAwM
+jUxewsRKFUpyZYtHjwFaVuQOz4JpWqDW+v4gZGNHBFFKKCubUpOLfSb4WCMN020w
+MomFzfa8WHL9tryBDlFeCiCLIOafwgRTxVlusb7PP9FmhCA14OgwFARHNk9k9/V5
+wv3APOICxwokeMEI2QKueM2fGIPg1LMy4SIrcMw9M7fuQGhpiZb+ayetTbDOxx09
+YqHJYiA7MSvNaAgCGJjBCIq3DgGVUesxYigK2nFplRxN4f2SWTAp3j9qdGruagKm
+dibo728jAgMBAAECggEAe5ghzUzmBO6T8rsydAdOPvwc0sX5sCh2+5jYZ/VGWsuP
+gomXOjcqfNHgnFYBtj6iDEkP5OpXKq7XkxzueG5adlyxFESyCpHMoIKdGBAxH/hE
+Y4W1YKv/CkgvFJCXsmdaT+Om0CRuFrRlTN+4miOEo3tPhU5lilPi/v4sxtXm/5a3
+6DCFwWqJLrSwWUM41nnjjRH7ZA2ZSu1Yq0TiSeSkQbz+5ktfCvEUWB5U0rEcbe8d
+LtGMMHAs97TX8/UbZID+mJRorGHitIzBptzxj7ShJBgbV8kB0+Dct0YKF0N/Uua5
+7f9wQhKvocaC1DleNUunM1alVZpdSbGwkmGdyGrSgQKBgQD7tx2nIoHKsvKRKucH
+v3yaxyJV7krSZ6tdEAf9bmY7N3BMwOd+pLtbyl8Ky84kb08XYip9vZJAOdYET/cy
+3cmHYeLKhgrmuwIZunSkFMwH0tLJ+9Ut4J3UlRXNTFJVGrq+S1QZPW6MyVozTAng
+jycYUE9GNS8AZl6UDQJYWG1RQQKBgQDOBi7e502FvO6zLOxCtr58hoUOEcUiuZvi
+odGAir/3hQ05LXCV8mH+509wa37GlFWt9cqeJGFWxycUGpAGHO245mqVrnaVj9uj
+dWqxvJ0bYVMPUwwSOrahn5pNHEfdBPIzC/YPWy1oU6TIZsbbKNe5+/qRYpoiJuNr
+9g/YXCVDYwKBgQChmyMylvj1hoYtpXnGg64gQRFOUjs/cseWbCB1GVgRVLqIzKDT
+sjeH6xmx+L9UrRH+VUwqhndLPNam1iBDTBmDDdlpZT3CfPYQRqF0ZtXHgBdNDp4D
+Yl5yiXUB5apGcW7LldlcixBa2ztKC9ubjMzw0z7SOHsAqri2HNQQnFUzAQKBgQCx
+PBp4Qa2sHoOOelfpcIJgZ+zw1JKts9UJ20F6fmJ0ke51QMT5CeIJwn3RbXhLZvJq
+S+d5sjxWxc61ecBqsdpD1Vzd1Y9ITNCbRvh5XJQfKNOmfEAHMqFIWyAHtAuSdJ3T
+Ejgkr8BZXpOEnv31Laaf5ciB57xHIwNELhMlgue/lwKBgB5TBeiizxnPQ/i8zPoP
+x+pA1gcbcuPo24Iak2MiPux7pR8GdQjlrqUu6ry0RqdZbI8PSBrvHASnmYdcpm22
+ePoH+XBvdrTrPToqIT7vdKrURezQ4PSP9QElS6Y8He5BaWpMlvPp/AzRuMsb1La7
+pIwWS3yReemOux9/zoTABq/N
+-----END PRIVATE KEY-----

image/service-available/ssl-helper-openssl/install.sh

@@ -0,0 +1,12 @@
+#!/bin/bash -e
+/container/tool/install-service-available ssl-helper
+
+LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends openssl
+
+# Fix files permission
+chmod 600 /container/service-available/ssl-helper-openssl/assets/certificate-authority/docker_baseimage_cakey.pem
+chmod 644 /container/service-available/ssl-helper-openssl/assets/certificate-authority/docker_baseimage_cacert.pem
+
+# Link certificats et private keys
+ln -s /container/service-available/ssl-helper-openssl/assets/certificate-authority/docker_baseimage_cacert.pem /etc/ssl/certs/docker_baseimage_cacert.pem
+ln -s /container/service-available/ssl-helper-openssl/assets/certificate-authority/docker_baseimage_cakey.pem /etc/ssl/private/docker_baseimage_cakey.pem