From 4f65f0a270e0583baee895d38282334d970716af Mon Sep 17 00:00:00 2001 From: Matyas Markovics Date: Tue, 12 Mar 2019 23:28:58 +0100 Subject: [PATCH 01/10] build-arg to define base-image, fix locale for Debian --- Makefile | 15 +++++++++++---- image/Dockerfile | 3 ++- image/prepare.sh | 11 ++++++++++- 3 files changed, 23 insertions(+), 6 deletions(-) diff --git a/Makefile b/Makefile index 1b00a21b7..0913ad8e0 100644 --- a/Makefile +++ b/Makefile @@ -1,12 +1,19 @@ -NAME = phusion/baseimage -VERSION = 0.11 +NAME ?= phusion/baseimage +VERSION ?= 0.11 + +ifeq ($(origin BASE_IMAGE), undefined) +BASE_IMAGE = ubuntu:18.04 +else +NAME := $(NAME)-$(subst :,-,${BASE_IMAGE}) +endif + .PHONY: all build test tag_latest release ssh all: build build: - docker build -t $(NAME):$(VERSION) --rm image + docker build -t $(NAME):$(VERSION) --build-arg BASE_IMAGE=$(BASE_IMAGE) --rm image test: env NAME=$(NAME) VERSION=$(VERSION) ./test/runner.sh @@ -23,7 +30,7 @@ ssh: chmod 600 image/services/sshd/keys/insecure_key @ID=$$(docker ps | grep -F "$(NAME):$(VERSION)" | awk '{ print $$1 }') && \ if test "$$ID" = ""; then echo "Container is not running."; exit 1; fi && \ - IP=$$(docker inspect $$ID | grep IPAddr | sed 's/.*: "//; s/".*//') && \ + IP=$$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' $$ID) && \ echo "SSHing into $$IP" && \ ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i image/services/sshd/keys/insecure_key root@$$IP diff --git a/image/Dockerfile b/image/Dockerfile index da5b41d9f..75835105f 100644 --- a/image/Dockerfile +++ b/image/Dockerfile @@ -1,4 +1,5 @@ -FROM ubuntu:18.04 +ARG BASE_IMAGE +FROM $BASE_IMAGE MAINTAINER Phusion COPY . /bd_build diff --git a/image/prepare.sh b/image/prepare.sh index c2926a5d3..d7a383b56 100755 --- a/image/prepare.sh +++ b/image/prepare.sh @@ -41,7 +41,16 @@ $minimal_apt_get_install software-properties-common apt-get dist-upgrade -y --no-install-recommends -o Dpkg::Options::="--force-confold" ## Fix locale. -$minimal_apt_get_install language-pack-en +case $(lsb_release -is) in + Ubuntu) + $minimal_apt_get_install language-pack-en + ;; + Debian) + $minimal_apt_get_install locales locales-all + ;; + *) + ;; +esac locale-gen en_US update-locale LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 echo -n en_US.UTF-8 > /etc/container_environment/LANG From 089258a7463b1d4c6fb605db8c651b2bd9f80875 Mon Sep 17 00:00:00 2001 From: Matyas Markovics Date: Wed, 13 Mar 2019 01:00:13 +0100 Subject: [PATCH 02/10] if both NAME and BASE_IMAGE are defined, don't append variant to baseimage --- Makefile | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Makefile b/Makefile index 0913ad8e0..732707b8b 100644 --- a/Makefile +++ b/Makefile @@ -1,11 +1,11 @@ -NAME ?= phusion/baseimage -VERSION ?= 0.11 - -ifeq ($(origin BASE_IMAGE), undefined) -BASE_IMAGE = ubuntu:18.04 +ifndef BASE_IMAGE + BASE_IMAGE = ubuntu:18.04 + NAME ?= phusion/baseimage +else ifdef NAME else -NAME := $(NAME)-$(subst :,-,${BASE_IMAGE}) + NAME = phusion/baseimage-$(subst :,-,${BASE_IMAGE}) endif +VERSION ?= 0.11 .PHONY: all build test tag_latest release ssh From 9d29b23db225966714f48258eff3dafa8586fbd7 Mon Sep 17 00:00:00 2001 From: Matyas Markovics Date: Wed, 13 Mar 2019 09:59:33 +0100 Subject: [PATCH 03/10] exclude mounts (e.g.: /proc) from cleanup --- image/cleanup.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/image/cleanup.sh b/image/cleanup.sh index cfe72468f..57e8c7b8c 100755 --- a/image/cleanup.sh +++ b/image/cleanup.sh @@ -9,7 +9,7 @@ rm -rf /tmp/* /var/tmp/* rm -rf /var/lib/apt/lists/* # clean up python bytecode -find / -name *.pyc -delete -find / -name *__pycache__* -delete +find / -mount -name *.pyc -delete +find / -mount -name *__pycache__* -delete rm -f /etc/ssh/ssh_host_* From 17a737f47bf496bb02b1fdf93842bdc575a66fd4 Mon Sep 17 00:00:00 2001 From: Matyas Markovics Date: Wed, 13 Mar 2019 10:12:22 +0100 Subject: [PATCH 04/10] remove interactive and TTY flags when Enabling SSH in test --- test/runner.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/runner.sh b/test/runner.sh index 5a3c98d88..46969caab 100755 --- a/test/runner.sh +++ b/test/runner.sh @@ -29,9 +29,9 @@ fi trap cleanup EXIT echo " --> Enabling SSH in the container" -docker exec -t -i $ID /etc/my_init.d/00_regen_ssh_host_keys.sh -f -docker exec -t -i $ID rm /etc/service/sshd/down -docker exec -t -i $ID sv start /etc/service/sshd +docker exec $ID /etc/my_init.d/00_regen_ssh_host_keys.sh -f +docker exec $ID rm /etc/service/sshd/down +docker exec $ID sv start /etc/service/sshd sleep 1 echo " --> Logging into container and running tests" From ad88ec922616ec6526b544bfd1e37e615cda5371 Mon Sep 17 00:00:00 2001 From: Matyas Markovics Date: Wed, 13 Mar 2019 10:37:56 +0100 Subject: [PATCH 05/10] ssh by IP in test; verbose SSH into container --- Makefile | 8 +++++--- test/runner.sh | 7 +++---- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index 732707b8b..585d2d5f0 100644 --- a/Makefile +++ b/Makefile @@ -26,13 +26,15 @@ release: test tag_latest docker push $(NAME) @echo "*** Don't forget to create a tag by creating an official GitHub release." +ssh: SSH_COMMAND?= +ssh: SSH_IDENTITY_FILE?=image/services/sshd/keys/insecure_key ssh: - chmod 600 image/services/sshd/keys/insecure_key - @ID=$$(docker ps | grep -F "$(NAME):$(VERSION)" | awk '{ print $$1 }') && \ + chmod 600 ${SSH_IDENTITY_FILE} + ID=$$(docker ps | grep -F "$(NAME):$(VERSION)" | awk '{ print $$1 }') && \ if test "$$ID" = ""; then echo "Container is not running."; exit 1; fi && \ IP=$$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' $$ID) && \ echo "SSHing into $$IP" && \ - ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i image/services/sshd/keys/insecure_key root@$$IP + ssh -v -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ${SSH_IDENTITY_FILE} root@$$IP ${SSH_COMMAND} test_release: echo test_release diff --git a/test/runner.sh b/test/runner.sh index 46969caab..941c7845e 100755 --- a/test/runner.sh +++ b/test/runner.sh @@ -34,9 +34,8 @@ docker exec $ID rm /etc/service/sshd/down docker exec $ID sv start /etc/service/sshd sleep 1 -echo " --> Logging into container and running tests" +echo " --> Logging into container and running test" cp image/services/sshd/keys/insecure_key /tmp/insecure_key -chmod 600 /tmp/insecure_key sleep 1 # Give container some more time to start up. -ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /tmp/insecure_key -p $SSHPORT root@127.0.0.1 \ - /bin/bash /test/test.sh +NAME=$NAME VERSION=$VERSION SSH_IDENTITY_FILE=/tmp/insecure_key \ + SSH_COMMAND="/bin/bash /test/test.sh" make ssh From 4a3476b6a6f6002476d5cf97d9c875987e7c04ec Mon Sep 17 00:00:00 2001 From: Matyas Markovics Date: Wed, 13 Mar 2019 11:09:41 +0100 Subject: [PATCH 06/10] send tests over in ssh, instead of mounting them --- test/runner.sh | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/test/runner.sh b/test/runner.sh index 941c7845e..e257eab31 100755 --- a/test/runner.sh +++ b/test/runner.sh @@ -14,10 +14,8 @@ function cleanup() docker rm $ID >/dev/null } -PWD=`pwd` - echo " --> Starting insecure container" -ID=`docker run -d -p 22 -v $PWD/test:/test $NAME:$VERSION /sbin/my_init --enable-insecure-key` +ID=`docker run -d -p 22 $NAME:$VERSION /sbin/my_init --enable-insecure-key` sleep 1 echo " --> Obtaining SSH port number" @@ -34,8 +32,9 @@ docker exec $ID rm /etc/service/sshd/down docker exec $ID sv start /etc/service/sshd sleep 1 -echo " --> Logging into container and running test" +echo " --> Logging into container and running tests" cp image/services/sshd/keys/insecure_key /tmp/insecure_key sleep 1 # Give container some more time to start up. +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" NAME=$NAME VERSION=$VERSION SSH_IDENTITY_FILE=/tmp/insecure_key \ - SSH_COMMAND="/bin/bash /test/test.sh" make ssh + SSH_COMMAND="'/bin/bash -s' < $DIR/test.sh" make ssh From 6d6395c58f5a6fcde852039191b0812dbc2dafda Mon Sep 17 00:00:00 2001 From: Matyas Markovics Date: Wed, 13 Mar 2019 11:34:47 +0100 Subject: [PATCH 07/10] invoke make from travis --- .travis.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 09101ce59..f904a2915 100644 --- a/.travis.yml +++ b/.travis.yml @@ -10,8 +10,7 @@ env: - VERSION=${TRAVIS_BRANCH} script: - - docker build -t ${NAME}:${VERSION} --rm image - - env NAME=${NAME} VERSION=${VERSION} ./test/runner.sh + - make build test after_success: - docker login -u "${DOCKER_USERNAME}" -p "${DOCKER_PASSWORD}"; From 36bd41108f67686d2ebd019b6b00421a95330bef Mon Sep 17 00:00:00 2001 From: Matyas Markovics Date: Mon, 8 Apr 2019 09:45:37 +0200 Subject: [PATCH 08/10] Default to ubuntu BASE_IMAGE in Dockerfile, modify make to only add --build-arg to build target if BASE_IMAGE is defined, document the use of BASE_IMAGE in README --- Makefile | 13 +++++++------ README.md | 13 +++++++++++++ image/Dockerfile | 2 +- 3 files changed, 21 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index 585d2d5f0..0aef4efc4 100644 --- a/Makefile +++ b/Makefile @@ -1,10 +1,11 @@ -ifndef BASE_IMAGE - BASE_IMAGE = ubuntu:18.04 - NAME ?= phusion/baseimage -else ifdef NAME -else +ifdef BASE_IMAGE + BUILD_ARG = --build-arg BASE_IMAGE=$(BASE_IMAGE) +ifndef NAME NAME = phusion/baseimage-$(subst :,-,${BASE_IMAGE}) endif +else + NAME ?= phusion/baseimage +endif VERSION ?= 0.11 @@ -13,7 +14,7 @@ VERSION ?= 0.11 all: build build: - docker build -t $(NAME):$(VERSION) --build-arg BASE_IMAGE=$(BASE_IMAGE) --rm image + docker build -t $(NAME):$(VERSION) $(BUILD_ARG) --rm image test: env NAME=$(NAME) VERSION=$(VERSION) ./test/runner.sh diff --git a/README.md b/README.md index 76baa0fb2..57d978005 100644 --- a/README.md +++ b/README.md @@ -597,6 +597,19 @@ If you want to call the resulting image something else, pass the NAME variable, make build NAME=joe/baseimage +You can also change the `ubuntu` base-image to `debian` as these distributions are quite similar. + + make build BASE_IMAGE=debian:stretch + +The image will be: `phusion/baseimage-debian-stretch`. Use the `NAME` variable in combination with the `BASE_IMAGE` one to call it `joe/stretch`. + + make build BASE_IMAGE=debian:stretch NAME=joe/stretch + +To verify that the various services are started, when the image is run as a container, add `test` to the end of your make invocations, e.g.: + + make build BASE_IMAGE=debian:stretch NAME=joe/stretch test + + ### Removing optional services diff --git a/image/Dockerfile b/image/Dockerfile index 75835105f..07a72417d 100644 --- a/image/Dockerfile +++ b/image/Dockerfile @@ -1,4 +1,4 @@ -ARG BASE_IMAGE +ARG BASE_IMAGE=ubuntu:18.04 FROM $BASE_IMAGE MAINTAINER Phusion From 89597c5bc5d5fa140f607fb999de046cffdcf231 Mon Sep 17 00:00:00 2001 From: Matyas Markovics Date: Mon, 8 Apr 2019 09:49:13 +0200 Subject: [PATCH 09/10] Use tools/docker-ssh in make ssh and in test/runner.sh to connect to container via SSH, fix SSH connection by IP issue on Mac-OS --- Makefile | 6 +----- test/runner.sh | 4 +--- tools/docker-ssh | 8 ++++++++ 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/Makefile b/Makefile index 0aef4efc4..da0e6bed8 100644 --- a/Makefile +++ b/Makefile @@ -28,14 +28,10 @@ release: test tag_latest @echo "*** Don't forget to create a tag by creating an official GitHub release." ssh: SSH_COMMAND?= -ssh: SSH_IDENTITY_FILE?=image/services/sshd/keys/insecure_key ssh: - chmod 600 ${SSH_IDENTITY_FILE} ID=$$(docker ps | grep -F "$(NAME):$(VERSION)" | awk '{ print $$1 }') && \ if test "$$ID" = ""; then echo "Container is not running."; exit 1; fi && \ - IP=$$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' $$ID) && \ - echo "SSHing into $$IP" && \ - ssh -v -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ${SSH_IDENTITY_FILE} root@$$IP ${SSH_COMMAND} + tools/docker-ssh $$ID ${SSH_COMMAND} test_release: echo test_release diff --git a/test/runner.sh b/test/runner.sh index e257eab31..21122ca84 100755 --- a/test/runner.sh +++ b/test/runner.sh @@ -33,8 +33,6 @@ docker exec $ID sv start /etc/service/sshd sleep 1 echo " --> Logging into container and running tests" -cp image/services/sshd/keys/insecure_key /tmp/insecure_key sleep 1 # Give container some more time to start up. DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" -NAME=$NAME VERSION=$VERSION SSH_IDENTITY_FILE=/tmp/insecure_key \ - SSH_COMMAND="'/bin/bash -s' < $DIR/test.sh" make ssh +tools/docker-ssh $ID < test/test.sh diff --git a/tools/docker-ssh b/tools/docker-ssh index 599a13249..715f345a3 100755 --- a/tools/docker-ssh +++ b/tools/docker-ssh @@ -58,6 +58,13 @@ fi KNOWN_HOSTS_FILE=`mktemp /tmp/docker-ssh.XXXXXXXXX` IP=`docker inspect -f "{{ .NetworkSettings.IPAddress }}" "$CONTAINER_ID"` +PORT=`docker inspect -f '{{(index (index .NetworkSettings.Ports "22/tcp") 0).HostPort}}' "$CONTAINER_ID"` +if test "`uname`" = "Darwin"; then + IP="127.0.0.1" +else + PORT=22 +fi +echo "SSHing into $IP:$PORT" # Prevent SSH from warning about adding a host to the known_hosts file. ssh-keyscan "$IP" >"$KNOWN_HOSTS_FILE" 2>&1 @@ -68,6 +75,7 @@ if ! ssh -i ~/.baseimage_docker_insecure_key \ -o PasswordAuthentication=no \ -o KbdInteractiveAuthentication=no \ -o ChallengeResponseAuthentication=no \ + -p $PORT \ "root@$IP" "$@" then STATUS=$? From d616b3bafb6dcdceeb010ee5762dcbf0750aedfe Mon Sep 17 00:00:00 2001 From: Matyas Markovics Date: Wed, 17 Apr 2019 10:08:26 +0200 Subject: [PATCH 10/10] fix for 'ttyname failed: Inappropriate ioctl for device' during make test --- test/runner.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/runner.sh b/test/runner.sh index 21122ca84..322318189 100755 --- a/test/runner.sh +++ b/test/runner.sh @@ -35,4 +35,4 @@ sleep 1 echo " --> Logging into container and running tests" sleep 1 # Give container some more time to start up. DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" -tools/docker-ssh $ID < test/test.sh +tools/docker-ssh $ID bash < test/test.sh