diff --git a/Dockerfile b/Dockerfile index 272b225..7e29691 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,9 +6,9 @@ ENV DEBIAN_FRONTEND noninteractive RUN apt-get update && apt-get install -y curl COPY rootfs / -RUN chmod +x /build-latest +RUN chmod +x /build-* ENV OVERLAY_ROOTFS_PATH /overlay-rootfs COPY overlay-rootfs $OVERLAY_ROOTFS_PATH -CMD [ "/build-latest" ] +CMD [ "/build-wrapper" ] diff --git a/overlay-rootfs/etc/fix-attrs.d/00-base b/overlay-rootfs/etc/fix-attrs.d/00-base deleted file mode 100644 index 85b5de0..0000000 --- a/overlay-rootfs/etc/fix-attrs.d/00-base +++ /dev/null @@ -1,26 +0,0 @@ -[ - { - "path": "/etc/fix-attrs.d/*", - "attr": "root:root:0600" - }, - { - "path": "/etc/s6/*/finish", - "attr": "root:root:0700" - }, - { - "path": "/etc/s6/*/run", - "attr": "root:root:0700" - }, - { - "path": "/etc/s6/*/log/run", - "attr": "root:root:0700" - }, - { - "path": "/etc/cont-init.d/*", - "attr": "root:root:0700" - }, - { - "path": "/etc/s6/.s6-svscan/crash", - "attr": "root:root:0700" - } -] diff --git a/overlay-rootfs/etc/fix-attrs.d/00-runscripts b/overlay-rootfs/etc/fix-attrs.d/00-runscripts new file mode 100644 index 0000000..309d41e --- /dev/null +++ b/overlay-rootfs/etc/fix-attrs.d/00-runscripts @@ -0,0 +1,4 @@ +/etc/services.d/*/run false root 0755 0755 +/etc/services.d/*/finish false root 0755 0755 +/etc/services.d/*/log/run false root 0755 0755 +/etc/services.d/*/log/finish false root 0755 0755 diff --git a/overlay-rootfs/etc/s6/.s6-init/init-stage1 b/overlay-rootfs/etc/s6/.s6-init/init-stage1 deleted file mode 100644 index 789fba8..0000000 --- a/overlay-rootfs/etc/s6/.s6-init/init-stage1 +++ /dev/null @@ -1,59 +0,0 @@ -#!/usr/bin/execlineb - -## -## dump environment into files and a bash script -## - -# base for file and path -define contenvsdir /etc/container_environment - -# assure folder does exist -foreground { mkdir -p ${contenvsdir} } - -foreground { - forbacktickx i { - pipeline { s6-env } s6-cut -d"=" -f1 - } - import i import ${i} - foreground { - redirfd -w 1 ${contenvsdir}/${i} - s6-echo ${${i}} - } -} - -## -## fix attributes (ownership and permissions) -## - -foreground { s6-echo "[fix-attrs] fixing file attributes (ownership & permission)..." } -foreground { - forbacktickx i { - find /etc/fix-attrs.d -maxdepth 1 -type f ! -name ".*" ! -path /etc/fix-attrs.d - } - import i - foreground { s6-echo "[fix-attrs] ${i}: applying..." } - foreground { fix-attrs fix ${i} } - foreground { s6-echo "[fix-attrs] ${i}: done." } -} -foreground { s6-echo "[fix-attrs] done." } - -# i don't know why but, it seems like 'fix-attrs' is not freeing file -# handles and therefore files which were accesed/modified cannot be used -# for execution. We flush all the dirty system buffers, and blocks until -# they're clean. -foreground { s6-sync } - -## -## fork the "init-stage2" script -## - -background -{ - elgetpositionals - /etc/s6/.s6-init/init-stage2 $@ -} -unexport ! - -# start stage 2. -s6-envdir ${contenvsdir} -s6-svscan -t0 /etc/s6 diff --git a/overlay-rootfs/etc/s6/.s6-init/init-stage2 b/overlay-rootfs/etc/s6/.s6-init/init-stage2 deleted file mode 100644 index 4879d44..0000000 --- a/overlay-rootfs/etc/s6/.s6-init/init-stage2 +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/bin/execlineb - -# this file is executed (not as process 1!) as soon as s6-svscan -# starts. It should perform all the remaining one-time initialization -# tasks. - -if -nt -{ - elgetpositionals - ifelse { s6-test $# -ne 0 } - { foreground { $@ } s6-svscanctl -t /etc/s6 } - - ## - ## cont-init.d - ## - - foreground { s6-echo "[cont-init.d] executing container initialization scripts..." } - foreground { - forbacktickx i { - find /etc/cont-init.d -maxdepth 1 -type f ! -name ".*" ! -path /etc/cont-init.d - } - import i - foreground { s6-echo "[cont-init.d] ${i}: executing..." } - foreground { with-contenv ${i} } - foreground { s6-echo "[cont-init.d] ${i}: done." } - } - foreground { s6-echo "[cont-init.d] done." } -} - -# if anything in the if -nt { } block fails, control jumps here. -# no need to do much because there's already an operational getty running. - -redirfd -w 1 /dev/console -s6-echo "\n!!!!!\ninit-stage2 failed, please log in and investigate.\n!!!!!" diff --git a/overlay-rootfs/etc/s6/.s6-init/init-stage3 b/overlay-rootfs/etc/s6/.s6-init/init-stage3 deleted file mode 100644 index 630f569..0000000 --- a/overlay-rootfs/etc/s6/.s6-init/init-stage3 +++ /dev/null @@ -1,54 +0,0 @@ -#!/usr/bin/execlineb -S0 - -# This is the shutdown script, running as process 1. - -foreground { - forbacktickx i { find /etc/s6 -maxdepth 1 -type d ! -name ".*" ! -path /etc/s6 } - import i - foreground { - if { s6-test -f ${i}/finish } - foreground { s6-echo "[s6-finish] executing ${i}/finish ..." } - foreground { ${i}/finish } - foreground { s6-echo "[s6-finish] done." } - } -} - -# Make sure we have no open handle to anywhere else than /dev/console - -cd / -redirfd -w 1 /dev/console -fdmove -c 2 1 - -# Sync before TERM'n - -foreground { s6-echo "[s6-finish] syncing disks." } -foreground { s6-sync } - -# Even if s6-svscan properly brought all the services down -# before exec'ing into this script, users might have launched -# background nohup processes, so we have to kill everything. - -foreground { s6-echo "[s6-finish] sending all processes the TERM signal." } -foreground { s6-nuke -th } -foreground { s6-sleep 1 } -foreground { s6-echo "[s6-finish] sending all processes the KILL signal." } -foreground { s6-nuke -k } - -# Close stdin here cause we wanted to pipe to echo in order to -# get timestamped lines. - -fdclose 0 - -# Yes, it helps. - -foreground { s6-echo "[s6-finish] syncing disks." } -foreground { s6-sync } - -# Here, s6-nuke sends a SIGKILL to every process on the system. -# It kills itself, but not before the SIGKILL has been broadcast. -# The "foreground" process runs as process 1, so it survives, -# and execs into the rest of the script when s6-nuke dies. - -# Reap the huge army of zombies we just created - -wait { } diff --git a/overlay-rootfs/etc/s6/.s6-svscan/finish b/overlay-rootfs/etc/s6/.s6-svscan/finish deleted file mode 100644 index 4e64a60..0000000 --- a/overlay-rootfs/etc/s6/.s6-svscan/finish +++ /dev/null @@ -1,2 +0,0 @@ -#!/usr/bin/execlineb -/etc/s6/.s6-init/init-stage3 diff --git a/overlay-rootfs/etc/s6/fdholderd/rules/uid/default/env/S6_FDHOLDER_RETRIEVE_REGEX b/overlay-rootfs/etc/s6/fdholderd/rules/uid/default/env/S6_FDHOLDER_RETRIEVE_REGEX deleted file mode 100644 index 8452c8c..0000000 --- a/overlay-rootfs/etc/s6/fdholderd/rules/uid/default/env/S6_FDHOLDER_RETRIEVE_REGEX +++ /dev/null @@ -1 +0,0 @@ -^.*$ \ No newline at end of file diff --git a/overlay-rootfs/etc/s6/fdholderd/rules/uid/default/env/S6_FDHOLDER_STORE_REGEX b/overlay-rootfs/etc/s6/fdholderd/rules/uid/default/env/S6_FDHOLDER_STORE_REGEX deleted file mode 100644 index 8452c8c..0000000 --- a/overlay-rootfs/etc/s6/fdholderd/rules/uid/default/env/S6_FDHOLDER_STORE_REGEX +++ /dev/null @@ -1 +0,0 @@ -^.*$ \ No newline at end of file diff --git a/overlay-rootfs/etc/s6/fdholderd/run b/overlay-rootfs/etc/s6/fdholderd/run deleted file mode 100644 index 4613be2..0000000 --- a/overlay-rootfs/etc/s6/fdholderd/run +++ /dev/null @@ -1,2 +0,0 @@ -#!/usr/bin/execlineb -s6-notifywhenup s6-fdholder-daemon -1 -i /etc/s6/fdholderd/rules /etc/s6/fdholderd/socket \ No newline at end of file diff --git a/overlay-rootfs/etc/s6/init/env/PATH b/overlay-rootfs/etc/s6/init/env/PATH new file mode 100644 index 0000000..d46ff70 --- /dev/null +++ b/overlay-rootfs/etc/s6/init/env/PATH @@ -0,0 +1 @@ +/usr/bin:/usr/sbin:/bin:/sbin diff --git a/overlay-rootfs/etc/s6/init/init-stage1 b/overlay-rootfs/etc/s6/init/init-stage1 new file mode 100755 index 0000000..8762a3c --- /dev/null +++ b/overlay-rootfs/etc/s6/init/init-stage1 @@ -0,0 +1,69 @@ +#!/usr/bin/execlineb -S0 + +## +## dump environment into an envdir +## + +/usr/bin/if { /usr/bin/s6-mkdir -pm 0755 -- /var/run/s6/container_environment } +/usr/bin/if { /usr/bin/s6-dumpenv -- /var/run/s6/container_environment } + + +## +## run everything else with only the environment defined in +## /etc/s6/init/env. Programs can get back the container +## environment by using "with-contenv program". +## + +/usr/bin/exec -c -- +/usr/bin/s6-envdir /etc/s6/init/env +/usr/bin/exec -- + + +## +## ensure our vital fifo exists +## + +if { s6-mkfifo -m 0600 -- /var/run/s6/uncaught-logs-fifo } + + +## +## init the scandir with our base services +## + +if { s6-rmrf /var/run/s6/service } +if { s6-hiercopy /etc/s6/service /var/run/s6/service } + + +## +## fork the "init-stage2" script +## + +background +{ + # add some environment + s6-envdir -- /etc/s6/init/env-stage2 + + # block until the supervision tree is running + redirfd -w 3 /var/run/s6/uncaught-logs-fifo + fdclose 3 + + # run the script + /etc/s6/init/init-stage2 $@ +} +unexport ! + + +## +## run the rest of stage 1 with sanitized descriptors +## + +redirfd -r 0 /dev/null +redirfd -wnb 1 /var/run/s6/uncaught-logs-fifo +fdmove -c 2 1 + + +## +## start the supervision tree +## + +s6-svscan -t0 /var/run/s6/service diff --git a/overlay-rootfs/etc/s6/init/init-stage2 b/overlay-rootfs/etc/s6/init/init-stage2 new file mode 100755 index 0000000..cd678ec --- /dev/null +++ b/overlay-rootfs/etc/s6/init/init-stage2 @@ -0,0 +1,89 @@ +#!/usr/bin/execlineb -S0 + +# This file is executed (not as process 1!) as soon as s6-svscan +# starts, with the original stdin/out/err, but NOT the original +# environment. +# Purpose of this file: to perform all the one-time initialization tasks. + +if -nt +{ + if + { + redirfd -w 1 /var/run/s6/uncaught-logs-fifo + fdmove -c 2 1 + + + ## + ## fix-attrs.d: ensure owners and permissions are correct + ## + + if { s6-echo "[fix-attrs.d] applying owners & permissions fixes..." } + if + { + pipeline { s6-ls -0 -- /etc/fix-attrs.d } + pipeline { s6-sort -0 -- } + forstdin -0 -- i + import -u i + if { s6-echo -n -- "[fix-attrs.d] applying ${i}... " } + foreground { redirfd -r 0 /etc/fix-attrs.d/${i} fix-attrs } + import -u ? s6-echo -- " exited ${?}" + } + if { s6-echo -- "[fix-attrs.d] done." } + + + ## + ## cont-init.d: one-time init scripts + ## + + if { s6-echo "[cont-init.d] executing container initialization scripts..." } + if + { + pipeline { s6-ls -0 -- /etc/cont-init.d } + pipeline { s6-sort -0 -- } + forstdin -0 -- i + import -u i + if { s6-echo -n -- "[cont-init.d] executing ${i}... " } + foreground { with-contenv /etc/cont-init.d/${i} } + import -u ? s6-echo -- " ... exited ${?}" + } + if { s6-echo -- "[cont-init.d] done." } + + + ## + ## services.d: long-lived processes to be supervised + ## + + if { s6-echo "[services.d] starting services" } + if + { + pipeline { s6-ls -0 -- /etc/services.d } + forstdin -0 -p -- i + import -u i + if { s6-test -d /etc/services.d/${i} } + s6-hiercopy /etc/services.d/${i} /var/run/s6/service/${i} + } + if { s6-svscanctl -a /var/run/s6/service } + if { s6-echo -- "[services.d] done." } + + } + + + ## + ## The init is complete. If the user has given a CMD, run it now, then + ## kill everything when it exits. + ## + + if -t { s6-test $# -ne 0 } + foreground { s6-setsid -gq -- with-contenv $@ } + foreground { import -u ? s6-echo "${1} exited ${?}. Stopping the supervision tree." } + foreground { s6-svscanctl -t /var/run/s6/service } + + # Race condition here, but it's ok: the sync in stage 3 takes ages, + # and if we get killed by the SIGTERM instead of the SIGKILL, meh, who cares. + + # Wait to be nuked + s6-pause -th +} + +# if anything in the if -nt { } block fails, control jumps here. +s6-echo -- "\n!!!!!\n init-stage2 failed.\n Logs are in /var/log/s6-uncaught-logs\n!!!!!" diff --git a/overlay-rootfs/etc/s6/init/init-stage3 b/overlay-rootfs/etc/s6/init/init-stage3 new file mode 100755 index 0000000..b374627 --- /dev/null +++ b/overlay-rootfs/etc/s6/init/init-stage3 @@ -0,0 +1,37 @@ +#!/usr/bin/execlineb -S0 + +# This is the shutdown script, running as process 1. + +cd / + + +# Sync before TERM'n + +foreground { s6-echo "[s6-finish] syncing disks." } +foreground { s6-sync } + + +# Kill everything, gently. + +foreground { s6-echo "[s6-finish] sending all processes the TERM signal." } +foreground { s6-nuke -th } # foreground is process 1: it survives +foreground +{ + with-contenv + /usr/bin/import -u -D 3000 S6_KILL_GRACETIME + /usr/bin/s6-sleep -m -- ${S6_KILL_GRACETIME} +} + +# Last message, then close our pipes and give the logger some time. +foreground { s6-echo "[s6-finish] sending all processes the KILL signal and exiting." } +fdclose 1 fdclose 2 +s6-sleep -m 200 + +# Kill everything, brutally. +foreground { s6-nuke -k } # foreground is process 1: it survives again + + +# Reap all the zombies then sync, and we're done. + +wait { } +s6-sync diff --git a/overlay-rootfs/etc/s6/.s6-svscan/crash b/overlay-rootfs/etc/s6/service/.s6-svscan/crash old mode 100644 new mode 100755 similarity index 79% rename from overlay-rootfs/etc/s6/.s6-svscan/crash rename to overlay-rootfs/etc/s6/service/.s6-svscan/crash index bbf9977..2c5a327 --- a/overlay-rootfs/etc/s6/.s6-svscan/crash +++ b/overlay-rootfs/etc/s6/service/.s6-svscan/crash @@ -3,11 +3,6 @@ # This file is run when an unrecoverable error happens # to s6-svscan. Edit it to suit your needs. -cd / -redirfd -r 0 /dev/console -redirfd -w 1 /dev/console fdmove -c 2 1 - foreground { s6-echo "s6-svscan panicked! Dropping to a root shell.\n" } - /bin/sh -i diff --git a/overlay-rootfs/etc/s6/service/.s6-svscan/finish b/overlay-rootfs/etc/s6/service/.s6-svscan/finish new file mode 100755 index 0000000..994a322 --- /dev/null +++ b/overlay-rootfs/etc/s6/service/.s6-svscan/finish @@ -0,0 +1,2 @@ +#!/usr/bin/execlineb -S0 +/etc/s6/init/init-stage3 $@ diff --git a/overlay-rootfs/etc/s6/service/s6-fdholderd/log/run b/overlay-rootfs/etc/s6/service/s6-fdholderd/log/run new file mode 100755 index 0000000..c465890 --- /dev/null +++ b/overlay-rootfs/etc/s6/service/s6-fdholderd/log/run @@ -0,0 +1,4 @@ +#!/usr/bin/execlineb -P +s6-setuidgid nobody +exec -c -- +s6-log -- t /var/log/s6-fdholderd diff --git a/overlay-rootfs/etc/s6/fdholderd/rules/uid/default/allow b/overlay-rootfs/etc/s6/service/s6-fdholderd/rules/uid/0/allow similarity index 100% rename from overlay-rootfs/etc/s6/fdholderd/rules/uid/default/allow rename to overlay-rootfs/etc/s6/service/s6-fdholderd/rules/uid/0/allow diff --git a/overlay-rootfs/etc/s6/service/s6-fdholderd/rules/uid/0/env/S6_FDHOLDER_GETDUMP b/overlay-rootfs/etc/s6/service/s6-fdholderd/rules/uid/0/env/S6_FDHOLDER_GETDUMP new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/overlay-rootfs/etc/s6/service/s6-fdholderd/rules/uid/0/env/S6_FDHOLDER_GETDUMP @@ -0,0 +1 @@ + diff --git a/overlay-rootfs/etc/s6/service/s6-fdholderd/rules/uid/0/env/S6_FDHOLDER_LIST b/overlay-rootfs/etc/s6/service/s6-fdholderd/rules/uid/0/env/S6_FDHOLDER_LIST new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/overlay-rootfs/etc/s6/service/s6-fdholderd/rules/uid/0/env/S6_FDHOLDER_LIST @@ -0,0 +1 @@ + diff --git a/overlay-rootfs/etc/s6/service/s6-fdholderd/rules/uid/0/env/S6_FDHOLDER_RETRIEVE_REGEX b/overlay-rootfs/etc/s6/service/s6-fdholderd/rules/uid/0/env/S6_FDHOLDER_RETRIEVE_REGEX new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/overlay-rootfs/etc/s6/service/s6-fdholderd/rules/uid/0/env/S6_FDHOLDER_RETRIEVE_REGEX @@ -0,0 +1 @@ + diff --git a/overlay-rootfs/etc/s6/service/s6-fdholderd/rules/uid/0/env/S6_FDHOLDER_SETDUMP b/overlay-rootfs/etc/s6/service/s6-fdholderd/rules/uid/0/env/S6_FDHOLDER_SETDUMP new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/overlay-rootfs/etc/s6/service/s6-fdholderd/rules/uid/0/env/S6_FDHOLDER_SETDUMP @@ -0,0 +1 @@ + diff --git a/overlay-rootfs/etc/s6/service/s6-fdholderd/rules/uid/0/env/S6_FDHOLDER_STORE_REGEX b/overlay-rootfs/etc/s6/service/s6-fdholderd/rules/uid/0/env/S6_FDHOLDER_STORE_REGEX new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/overlay-rootfs/etc/s6/service/s6-fdholderd/rules/uid/0/env/S6_FDHOLDER_STORE_REGEX @@ -0,0 +1 @@ + diff --git a/overlay-rootfs/etc/s6/fdholderd/rules/uid/default/env/S6_FDHOLDER_LIST b/overlay-rootfs/etc/s6/service/s6-fdholderd/rules/uid/default/allow similarity index 100% rename from overlay-rootfs/etc/s6/fdholderd/rules/uid/default/env/S6_FDHOLDER_LIST rename to overlay-rootfs/etc/s6/service/s6-fdholderd/rules/uid/default/allow diff --git a/overlay-rootfs/etc/s6/service/s6-fdholderd/rules/uid/default/env/S6_FDHOLDER_LIST b/overlay-rootfs/etc/s6/service/s6-fdholderd/rules/uid/default/env/S6_FDHOLDER_LIST new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/overlay-rootfs/etc/s6/service/s6-fdholderd/rules/uid/default/env/S6_FDHOLDER_LIST @@ -0,0 +1 @@ + diff --git a/overlay-rootfs/etc/s6/service/s6-fdholderd/run b/overlay-rootfs/etc/s6/service/s6-fdholderd/run new file mode 100755 index 0000000..9f1f292 --- /dev/null +++ b/overlay-rootfs/etc/s6/service/s6-fdholderd/run @@ -0,0 +1,4 @@ +#!/usr/bin/execlineb -P +s6-notifywhenup +s6-envuidgid daemon +s6-fdholder-daemon -U -1 -i rules -- /var/run/s6/fdholderd-socket diff --git a/overlay-rootfs/etc/s6/service/s6-svscan-log/run b/overlay-rootfs/etc/s6/service/s6-svscan-log/run new file mode 100755 index 0000000..73a28c3 --- /dev/null +++ b/overlay-rootfs/etc/s6/service/s6-svscan-log/run @@ -0,0 +1,5 @@ +#!/usr/bin/execlineb -P +redirfd -rnb 0 /var/run/s6/uncaught-logs-fifo +s6-setuidgid nobody +exec -c +s6-log -bp -- t /var/log/s6-uncaught-logs diff --git a/overlay-rootfs/init b/overlay-rootfs/init old mode 100644 new mode 100755 index aec130d..fdce1a6 --- a/overlay-rootfs/init +++ b/overlay-rootfs/init @@ -1,3 +1,2 @@ -#!/usr/bin/execlineb -elgetpositionals -/etc/s6/.s6-init/init-stage1 $@ +#!/usr/bin/execlineb -S0 +/etc/s6/init/init-stage1 $@ diff --git a/overlay-rootfs/usr/bin/fix-attrs b/overlay-rootfs/usr/bin/fix-attrs new file mode 100755 index 0000000..f4a8e47 --- /dev/null +++ b/overlay-rootfs/usr/bin/fix-attrs @@ -0,0 +1,30 @@ +#!/usr/bin/execlineb -P + +/usr/bin/export PATH /usr/bin:/bin +/usr/bin/export recfunction "\ +foreground { s6-envuidgid ${3} s6-chown -U -- ${1} } +ifelse -- { if { s6-${2} } s6-test -d ${1} } +{ + foreground { s6-chmod ${5} ${1} } + forbacktickx -0 subfile { s6-ls -0 ${1} } + multisubstitute + { + import -u subfile + import recfunction + } + execlineb -S5 -c ${recfunction} ${1}/${subfile} true ${3} ${4} ${5} +} +s6-chmod ${4} ${1}" + +forstdin -d"\n" -- line +import -u line +if { s6-test -n ${line} } +multidefine -0 -Cd" \t" -- ${line} { globex recurse user fmode dmode } +elglob -0 -- files ${globex} +forx -p -- file { ${files} } +multisubstitute +{ + import -u file + import recfunction +} +execlineb -S5 -c ${recfunction} ${file} ${recurse} ${user} ${fmode} ${dmode} diff --git a/overlay-rootfs/usr/bin/with-contenv b/overlay-rootfs/usr/bin/with-contenv old mode 100644 new mode 100755 index 7be4eff..2ba5915 --- a/overlay-rootfs/usr/bin/with-contenv +++ b/overlay-rootfs/usr/bin/with-contenv @@ -1,6 +1,5 @@ -#!/usr/bin/execlineb - -elgetpositionals -emptyenv -s6-envdir /etc/container_environment +#!/usr/bin/execlineb -S0 +/usr/bin/exec -c -- +/usr/bin/s6-envdir -fn -- /var/run/s6/container_environment +/usr/bin/exec -- $@ diff --git a/overlay-rootfs/usr/bin/with-notifywhenup b/overlay-rootfs/usr/bin/with-notifywhenup old mode 100644 new mode 100755 index 1cf7d54..06a8c3f --- a/overlay-rootfs/usr/bin/with-notifywhenup +++ b/overlay-rootfs/usr/bin/with-notifywhenup @@ -1,5 +1,4 @@ #!/usr/bin/execlineb -S0 - -s6-notifywhenup -foreground { printf "\n" } +foreground { s6-notifywhenup -f s6-echo } +unexport ? $@ diff --git a/rootfs/build-latest b/rootfs/build-latest old mode 100644 new mode 100755 index 605c26e..d601da8 --- a/rootfs/build-latest +++ b/rootfs/build-latest @@ -1,11 +1,13 @@ -#!/bin/bash +#!/usr/bin/env bash +set -e +set -x ## ## PARAMS ## OVERLAY_ROOTFS_PATH=${1:-/overlay-rootfs} -RELEASE_VERSION=${2:-1.5.0} +RELEASE_VERSION=${2:-1.6.0} outputs=( linux @@ -51,8 +53,10 @@ for package in "${packages[@]}"; do curl -R -L -O https://github.com/just-containers/skaware-builder/releases/download/v$RELEASE_VERSION/$file done -# fix-attrs -curl -R -L -o /tmp/fix-attrs https://github.com/glerchundi/fix-attrs/releases/download/v0.4.0/fix-attrs-0.4.0-linux-amd64 +# strace (if we want to debug) +if [ -n "$DEBUG" ]; then + curl -R -L -o /tmp/strace http://landley.net/aboriginal/downloads/binaries/extras/strace-x86_64 +fi ## ## OVERLAYS @@ -69,9 +73,6 @@ do # copy overlay files cp -a $OVERLAY_ROOTFS_PATH/. $overlaypath/ - # create cont-init.d directory always - mkdir -p $overlaypath/etc/cont-init.d - # skarnet versions manifest packages=($(get_packages_with_versions_from_manifest "manifest-$output.txt")) @@ -81,19 +82,32 @@ do tar xvfz /tmp/$package-linux-amd64-bin.tar.gz -C $overlaypath done - # install fix-attrs - cp /tmp/fix-attrs $overlaypath/usr/bin/fix-attrs + # create must exist directories + mkdir -p $overlaypath/etc/s6/init/env-stage2 + mkdir -p $overlaypath/etc/{cont-init.d,fix-attrs.d,services.d} + mkdir -p $overlaypath/var/log/{s6-uncaught-logs,s6-fdholderd} + + # copy strace & fix permissions + if [ -n "$DEBUG" ]; then + cp /tmp/strace $overlaypath/usr/bin/strace + chmod 0755 $overlaypath/usr/bin/strace + fi + + # fix fix-attrs perms + chmod 0755 $overlaypath/usr/bin/fix-attrs - # fix perms - chmod +x $overlaypath/init \ - $overlaypath/etc/s6/.s6-svscan/finish \ - $overlaypath/etc/s6/.s6-init/init-stage* \ - $overlaypath/usr/bin/fix-attrs + # fix init perms + chmod 0755 $overlaypath/init + chmod 0755 $overlaypath/etc/s6/init/init-stage* + chmod 0755 $overlaypath/etc/s6/service/.s6-svscan/{crash,finish} + chmod 0755 $overlaypath/etc/s6/service/s6-fdholderd/run + chmod 0755 $overlaypath/etc/s6/service/s6-svscan-log/run - ## - ## DIST! - ## + # fix log folder perms + chmod 2700 $overlaypath/var/log/{s6-uncaught-logs,s6-fdholderd} + chown nobody:nogroup $overlaypath/var/log/{s6-uncaught-logs,s6-fdholderd} + # dist! mkdir -p /dist tar -zcvf /dist/s6-overlay-$RELEASE_VERSION-$output-amd64.tar.gz -C $overlaypath ./ done diff --git a/rootfs/build-wrapper b/rootfs/build-wrapper new file mode 100755 index 0000000..ca4542d --- /dev/null +++ b/rootfs/build-wrapper @@ -0,0 +1,4 @@ +#!/usr/bin/env bash + +rm -f /dist/* +/build-latest 2>&1 | tee "/dist/build-latest-$(date +'%Y%m%d%H%M%S').log"