mirror of
/repos/baseimage-docker.git
synced 2025-12-30 08:01:31 +01:00
949bd1d89f
`chmod 600` is for the benefit of ssh client, which will otherwise spew: ``` chmod 600 image/insecure_key.pub SSHing into 172.17.0.2 Warning: Permanently added '172.17.0.2' (ECDSA) to the list of known hosts. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions 0664 for 'image/insecure_key' are too open. It is required that your private key files are NOT accessible by others. This private key will be ignored. bad permissions: ignore key: image/insecure_key ``` As you can see though, the wrong file is `chmod`'ed -- it's the private key that SSH will insist should be protected with a more restrictive mode. After this, `CMD ["/sbin/my_init", "--enable-insecure-key"]` works as expected.
29 lines
986 B
Makefile
29 lines
986 B
Makefile
NAME = phusion/baseimage
|
|
VERSION = 0.9.10
|
|
|
|
.PHONY: all build test tag_latest release ssh
|
|
|
|
all: build
|
|
|
|
build:
|
|
docker build -t $(NAME):$(VERSION) --rm image
|
|
|
|
test:
|
|
env NAME=$(NAME) VERSION=$(VERSION) ./test/runner.sh
|
|
|
|
tag_latest:
|
|
docker tag $(NAME):$(VERSION) $(NAME):latest
|
|
|
|
release: test tag_latest
|
|
@if ! docker images $(NAME) | awk '{ print $$2 }' | grep -q -F $(VERSION); then echo "$(NAME) version $(VERSION) is not yet built. Please run 'make build'"; false; fi
|
|
docker push $(NAME)
|
|
@echo "*** Don't forget to create a tag. git tag rel-$(VERSION) && git push origin rel-$(VERSION)"
|
|
|
|
ssh:
|
|
chmod 600 image/insecure_key
|
|
@ID=$$(docker ps | grep -F "$(NAME):$(VERSION)" | awk '{ print $$1 }') && \
|
|
if test "$$ID" = ""; then echo "Container is not running."; exit 1; fi && \
|
|
IP=$$(docker inspect $$ID | grep IPAddr | sed 's/.*: "//; s/".*//') && \
|
|
echo "SSHing into $$IP" && \
|
|
ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i image/insecure_key root@$$IP
|