Initial commit

2025-12-30 08:01:31 +01:00 · 2013-11-12 11:39:25 +01:00 · 2013-11-12 11:39:25 +01:00 · 9661f84da9
commit 9661f84da9
16 changed files with 320 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
 .DS_Store
 .vagrant
--- a/12
+++ b/12
@ -0,0 +1,12 @@
 NAME = phusion/baseimage
 VERSION = 0.9.0
 .PHONY: all build tag_latest
 all: build
 build:
 	docker build -t $(NAME):$(VERSION) -rm image
 tag_latest:
 	docker tag $(NAME):$(VERSION) $(NAME):latest
--- a/31
+++ b/31
@ -0,0 +1,31 @@
 # -*- mode: ruby -*-
 # vi: set ft=ruby :
 ROOT = File.dirname(File.expand_path(__FILE__))
 # Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
 VAGRANTFILE_API_VERSION = "2"
 Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
  config.vm.box = "phusion-open-ubuntu-12.04-amd64"
  config.vm.box_url = "https://oss-binaries.phusionpassenger.com/vagrant/boxes/ubuntu-12.04.3-amd64-vbox.box"
  config.ssh.forward_agent = true
  if File.directory?("#{ROOT}/passenger-docker")
    config.vm.synced_folder File.expand_path("#{ROOT}/../passenger-docker"),
      "/vagrant/passenger-docker"
  end
  config.vm.provider :vmware_fusion do |f, override|
    override.vm.box_url = "https://oss-binaries.phusionpassenger.com/vagrant/boxes/ubuntu-12.04.3-amd64-vmwarefusion.box"
    f.vmx["displayName"] = "baseimage-docker"
  end
  if Dir.glob("#{File.dirname(__FILE__)}/.vagrant/machines/default/*/id").empty?
    # Add lxc-docker package
    pkg_cmd = "wget -q -O - https://get.docker.io/gpg | apt-key add -;" \
      "echo deb http://get.docker.io/ubuntu docker main > /etc/apt/sources.list.d/docker.list;" \
      "apt-get update -qq; apt-get install -q -y --force-yes lxc-docker; "
    # Add vagrant user to the docker group
    pkg_cmd << "usermod -a -G docker vagrant; "
    config.vm.provision :shell, :inline => pkg_cmd
  end
 end
--- a/image/Dockerfile
+++ b/image/Dockerfile
@ -0,0 +1,14 @@
 FROM ubuntu:12.04
 MAINTAINER Phusion <info@phusion.nl>
 ENV HOME /root
 RUN mkdir /build
 ADD . /build
 RUN /build/prepare.sh && \
 	/build/system_services.sh && \
 	/build/utilities.sh && \
 	/build/cleanup.sh
 CMD ["/sbin/my_init"]
 EXPOSE 22 80 443
--- a/image/buildconfig
+++ b/image/buildconfig
@ -0,0 +1,2 @@
 export LC_ALL=C
 export DEBIAN_FRONTEND=noninteractive
--- a/image/cleanup.sh
+++ b/image/cleanup.sh
@ -0,0 +1,8 @@
 #!/bin/bash
 set -e
 source /build/buildconfig
 set -x
 apt-get clean
 rm -rf /var/lib/apt/lists/*
 rm -rf /build
--- a/image/config/sshd_config
+++ b/image/config/sshd_config
@ -0,0 +1,135 @@
 #	$OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
 # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
 # The strategy used for options in the default sshd_config shipped with
 # OpenSSH is to specify options with their default value where
 # possible, but leave them commented.  Uncommented options change a
 # default value.
 UseDNS no
 #Port 22
 #AddressFamily any
 #ListenAddress 0.0.0.0
 #ListenAddress ::
 # Disable legacy (protocol version 1) support in the server for new
 # installations. In future the default will change to require explicit
 # activation of protocol 1
 Protocol 2
 # HostKey for protocol version 1
 #HostKey /etc/ssh_host_key
 # HostKeys for protocol version 2
 #HostKey /etc/ssh_host_rsa_key
 #HostKey /etc/ssh_host_dsa_key
 # Lifetime and size of ephemeral version 1 server key
 #KeyRegenerationInterval 1h
 #ServerKeyBits 1024
 # Logging
 # obsoletes QuietMode and FascistLogging
 SyslogFacility AUTHPRIV
 #LogLevel INFO
 # Authentication:
 #LoginGraceTime 2m
 #PermitRootLogin yes
 #StrictModes yes
 #MaxAuthTries 6
 #MaxSessions 10
 #RSAAuthentication yes
 #PubkeyAuthentication yes
 #AuthorizedKeysFile	.ssh/authorized_keys
 # For this to work you will also need host keys in /etc/ssh_known_hosts
 #RhostsRSAAuthentication no
 # similar for protocol version 2
 #HostbasedAuthentication no
 # Change to yes if you don't trust ~/.ssh/known_hosts for
 # RhostsRSAAuthentication and HostbasedAuthentication
 #IgnoreUserKnownHosts no
 # Don't read the user's ~/.rhosts and ~/.shosts files
 #IgnoreRhosts yes
 # To disable tunneled clear text passwords, change to no here! Also,
 # remember to set the UsePAM setting to 'no'.
 #PasswordAuthentication no
 #PermitEmptyPasswords no
 # SACL options
 # The default for the SACLSupport option is now "no", as this option has been
 # depreciated in favor of SACL enforcement in the PAM configuration (/etc/pam.d/sshd).
 #SACLSupport no
 # Change to no to disable s/key passwords
 # Disabled for passenger-docker. We only allow key authentication.
 ChallengeResponseAuthentication no
 # Kerberos options
 #KerberosAuthentication no
 #KerberosOrLocalPasswd yes
 #KerberosTicketCleanup yes
 # GSSAPI options
 #GSSAPIAuthentication no
 #GSSAPICleanupCredentials yes
 #GSSAPIStrictAcceptorCheck yes
 #GSSAPIKeyExchange no
 # Set this to 'yes' to enable PAM authentication, account processing, 
 # and session processing. If this is enabled, PAM authentication will 
 # be allowed through the ChallengeResponseAuthentication and
 # PasswordAuthentication.  Depending on your PAM configuration,
 # PAM authentication via ChallengeResponseAuthentication may bypass
 # the setting of "PermitRootLogin without-password".
 # If you just want the PAM account and session checks to run without
 # PAM authentication, then enable this but set PasswordAuthentication
 # and ChallengeResponseAuthentication to 'no'.
 # Also, PAM will deny null passwords by default.  If you need to allow
 # null passwords, add the "	nullok" option to the end of the
 # securityserver.so line in /etc/pam.d/sshd.
 #UsePAM yes
 #AllowAgentForwarding yes
 #AllowTcpForwarding yes
 #GatewayPorts no
 #X11Forwarding no
 #X11DisplayOffset 10
 #X11UseLocalhost yes
 #PrintMotd yes
 #PrintLastLog yes
 #TCPKeepAlive yes
 #UseLogin no
 #UsePrivilegeSeparation yes
 #PermitUserEnvironment no
 #Compression delayed
 #ClientAliveInterval 0
 #ClientAliveCountMax 3
 #UseDNS yes
 #PidFile /var/run/sshd.pid
 #MaxStartups 10
 #PermitTunnel no
 #ChrootDirectory none
 # no default banner path
 #Banner none
 # override default of no subsystems
 Subsystem	sftp	/usr/libexec/sftp-server
 # Example of overriding settings on a per-user basis
 #Match User anoncvs
 #	X11Forwarding no
 #	AllowTcpForwarding no
 #	ForceCommand cvs server
 # XAuthLocation added by XQuartz (http://xquartz.macosforge.org)
 XAuthLocation /opt/X11/bin/xauth
--- a/image/insecure_key
+++ b/image/insecure_key
@ -0,0 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
 MIIEpQIBAAKCAQEA1ZswRub+3DvSEnBiyM5YRpRzRYV88vO1X2j867u6pyCHUNXv
 RRCr7ahMLPIVYsZwlHb4sF+Zb3DJOBH+E265o93chdMxbWG44k0spf10JRevA0JX
 NrEwHR8vesCR74e5MuddbSic88lsEqnnn+Fo3lStvE6nBp6tbqdEu7GhTtHSYejn
 wwINnA5ocsHkd1YE9L2Scqw1e4bXveTAQnSvhqe33QshGXFpt0tQwRWngah887f2
 P54wFSm2C/UyFT7pvIjINKzIi4vUoXz/nU+V7neTmt3XDdjloYg3ycOaX4RSVneO
 HCf7hkcEKbzbPzzSrGAAYYC5UzFB+ImsIbtV2wIDAQABAoIBAQCjROxgtX2Gft7y
 Ix8Ol9IXmK6HLCI2XZt7ovb3hFWGGzHy0qMBql2P2Tzoed1o038Hq+woe9n+uTnE
 dtQ6rD6PByzgyW2VSsWTjCOdeJ5HH9Qw7ItXDZZWHBkhfYHOkXI4e2oI3qshGAtY
 NLALn7KVhioJriCyyaSM2KOLx5khcY+EJ1inQfwQJKqPGsdKc72liz07T8ifRj+m
 NLKtwrxlK3IXYfIdgLp/1pCKdrC80DhprMsD4xvNgq4pCR9jd4FoqM9t/Up5ppTm
 +p6A/bDwdIPh6cFFeyMP+G3+bTlW1Gg7RLoNCc6qh53WWVgEOQqdLHcQ8Ge4RLmb
 wLUmnRuRAoGBAPfXYfjpPZi8rPIQpux13Bs7xaS1/Fa9WqrEfrPptFdUVHeFCGY8
 qOUVewPviHdbs0nB71Ynk9/e96agFYijQdqTQzVnpYI4i8GiGk5gPMiB2UYeJ/HZ
 mIB3jtWyf6Z/GO0hJ1a6mX0XD3zJGNqFaiwqaYgdO1Fwh9gcH3O2lHyjAoGBANyj
 TGDBYHpxPu6uKcGreLd0SgO61PEj7aOSNfrBB2PK83A+zjZCFZRIWqjfrkxGG6+a
 2WuHbEHuCGvu2V5juHYxbAD/38iV/lQl/2xyvN1eR/baE3US06qn6idxjnmeNZDy
 DelAx1RGuEvLX1TNAzDTxBwYyzH3W2RpKAUAD11pAoGAN38YJhd8Pn5JL68A4cQG
 dGau/BHwHjAqZEC5qmmzgzaT72tvlQ0SOLHVqOzzHt7+x45QnHciSqfvxnTkPYNp
 FJuTGhtKWV12FfbJczFjivZgg63u/d3eoy2iY0GkCdE98KNS3r3L7tHCGwwgr5Xe
 T2Nz3BHHnZXYJVEuzcddeocCgYEAnhDjPAHtw2p0Inxlb9kPb6aBC/ECcwtBSUkL
 IOy/BZA1HPnxs89eNFAtmwQ8k2o6lXDDSJTJSuZj5CdGVKfuU8aOUJz/Tm2eudxL
 A/+jLJhJyCBthhcJyx3m04E4CAr+5ytyKeP9qXPMvoghcNg66/UabuKYV+CU+feX
 8xUa7NkCgYEAlX8HGvWMmiG+ZRFB//3Loy87bBxGlN0pUtCEScabZxdB2HkI9Vp7
 Yr67QIZ3y7T88Mhkwam54JCjiV+3TZbSyRMOjkqf7UhTCZC6hHNqdUnlpv4bJWeW
 i5Eun8ltYxBnemNc2QGxA4r+KCspi+pRvWNGzL3PFVBGXiLsmOMul78=
 -----END RSA PRIVATE KEY-----
--- a/image/insecure_key.pub
+++ b/image/insecure_key.pub
@ -0,0 +1 @@
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVmzBG5v7cO9IScGLIzlhGlHNFhXzy87VfaPzru7qnIIdQ1e9FEKvtqEws8hVixnCUdviwX5lvcMk4Ef4Tbrmj3dyF0zFtYbjiTSyl/XQlF68DQlc2sTAdHy96wJHvh7ky511tKJzzyWwSqeef4WjeVK28TqcGnq1up0S7saFO0dJh6OfDAg2cDmhyweR3VgT0vZJyrDV7hte95MBCdK+Gp7fdCyEZcWm3S1DBFaeBqHzzt/Y/njAVKbYL9TIVPum8iMg0rMiLi9ShfP+dT5Xud5Oa3dcN2OWhiDfJw5pfhFJWd44cJ/uGRwQpvNs/PNKsYABhgLlTMUH4iawhu1Xb hongli@asuna-3939
--- a/image/my_init
+++ b/image/my_init
@ -0,0 +1,5 @@
 #!/bin/bash
 set -e
 # No exec. We want bash to be the init process so that it can kill
 # zombie processes.
 /usr/sbin/runsvdir-start
--- a/image/prepare.sh
+++ b/image/prepare.sh
@ -0,0 +1,25 @@
 #!/bin/bash
 set -e
 source /build/buildconfig
 set -x
 ## Enable Ubuntu Universe.
 echo deb http://archive.ubuntu.com/ubuntu precise main universe > /etc/apt/sources.list
 echo deb http://archive.ubuntu.com/ubuntu precise-updates main universe >> /etc/apt/sources.list
 apt-get update
 ## Install HTTPS support for APT.
 apt-get install -y apt-transport-https
 ## Fix some issues with APT packages.
 ## See https://github.com/dotcloud/docker/issues/1024
 dpkg-divert --local --rename --add /sbin/initctl
 ln -s /bin/true /sbin/initctl
 ## Upgrade all packages.
 echo "initscripts hold" | dpkg --set-selections
 apt-get upgrade -y
 ## Fix locale.
 apt-get install -y language-pack-en
 locale-gen en_US
--- a/image/runit/sshd
+++ b/image/runit/sshd
@ -0,0 +1,3 @@
 #!/bin/sh
 set -e
 exec /usr/sbin/sshd -D
--- a/image/runit/syslog-ng
+++ b/image/runit/syslog-ng
@ -0,0 +1,3 @@
 #!/bin/sh
 set -e
 exec syslog-ng -F -p /var/run/syslog-ng.pid
--- a/image/setuser
+++ b/image/setuser
@ -0,0 +1,12 @@
 #!/bin/bash
 set -e
 user="$1"
 shift
 if [[ "$user" == "root" ]]; then
 	export HOME=/root
 else
 	export HOME=/home/$user
 fi
 exec chpst -u "$user" "$@"
--- a/image/system_services.sh
+++ b/image/system_services.sh
@ -0,0 +1,30 @@
 #!/bin/bash
 set -e
 source /build/buildconfig
 set -x
 ## Install init process.
 cp /build/my_init /sbin/
 ## Install runit.
 apt-get install -y runit
 ## Install a syslog daemon.
 apt-get install -y syslog-ng
 mkdir /etc/service/syslog-ng
 cp /build/runit/syslog-ng /etc/service/syslog-ng/run
 ## Install the SSH server.
 apt-get install -y openssh-server
 mkdir /var/run/sshd
 mkdir /etc/service/sshd
 cp /build/runit/sshd /etc/service/sshd/run
 cp /build/config/sshd_config /etc/ssh/sshd_config
 ## Install default SSH key for root and app.
 mkdir -p /root/.ssh /home/app/.ssh
 chmod 700 /root/.ssh /home/app/.ssh
 chown root:root /root/.ssh
 chown app:app /home/app/.ssh
 cat /build/insecure_key.pub > /root/.ssh/authorized_keys
 cat /build/insecure_key.pub > /home/app/.ssh/authorized_keys
--- a/image/utilities.sh
+++ b/image/utilities.sh
@ -0,0 +1,10 @@
 #!/bin/bash
 set -e
 source /build/buildconfig
 set -x
 ## Often used tools.
 apt-get install -y curl less nano vim psmisc
 ## This tool runs a command as another user and sets $HOME.
 cp /build/setuser /sbin/setuser
		`@ -0,0 +1,2 @@`
							`export LC_ALL=C`
							`export DEBIAN_FRONTEND=noninteractive`
		`@ -0,0 +1 @@`
							`ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVmzBG5v7cO9IScGLIzlhGlHNFhXzy87VfaPzru7qnIIdQ1e9FEKvtqEws8hVixnCUdviwX5lvcMk4Ef4Tbrmj3dyF0zFtYbjiTSyl/XQlF68DQlc2sTAdHy96wJHvh7ky511tKJzzyWwSqeef4WjeVK28TqcGnq1up0S7saFO0dJh6OfDAg2cDmhyweR3VgT0vZJyrDV7hte95MBCdK+Gp7fdCyEZcWm3S1DBFaeBqHzzt/Y/njAVKbYL9TIVPum8iMg0rMiLi9ShfP+dT5Xud5Oa3dcN2OWhiDfJw5pfhFJWd44cJ/uGRwQpvNs/PNKsYABhgLlTMUH4iawhu1Xb hongli@asuna-3939`