From a85814d20e48068fb8f329a51791eff2b6a514e5 Mon Sep 17 00:00:00 2001 From: Jess Frazelle Date: Wed, 6 Apr 2016 03:32:01 -0700 Subject: [PATCH] updates and cleanups Signed-off-by: Jess Frazelle --- buttslock/Dockerfile | 17 +++++++++--- gitiles/Dockerfile | 28 ++++++++++++++++++++ gitiles/start.sh | 12 +++++++++ gitserver/Dockerfile | 34 ++++++++++++++++++++++++ gitserver/start.sh | 61 ++++++++++++++++++++++++++++++++++++++++++++ mailman/Dockerfile | 4 +-- sentry/Dockerfile | 2 +- 7 files changed, 151 insertions(+), 7 deletions(-) create mode 100644 gitiles/Dockerfile create mode 100755 gitiles/start.sh create mode 100644 gitserver/Dockerfile create mode 100755 gitserver/start.sh diff --git a/buttslock/Dockerfile b/buttslock/Dockerfile index ee14255..0cb46a1 100644 --- a/buttslock/Dockerfile +++ b/buttslock/Dockerfile @@ -9,7 +9,16 @@ # And it also requires the USER and DISPLAY environment variables to be set. # FROM alpine -RUN apk update -RUN apk add i3lock imagemagick py-dbus py-gobject scrot ttf-liberation xkeyboard-config -ADD buttslock.py buttslock.sh lock.png / -CMD /buttslock.py +RUN apk --update add \ + i3lock \ + imagemagick \ + py-dbus \ + py-gobject \ + scrot \ + ttf-liberation \ + xkeyboard-config \ + && rm -rf /var/cache/apk/* + +COPY buttslock.py buttslock.sh lock.png / + +CMD ["/buttslock.py"] diff --git a/gitiles/Dockerfile b/gitiles/Dockerfile new file mode 100644 index 0000000..6843dbc --- /dev/null +++ b/gitiles/Dockerfile @@ -0,0 +1,28 @@ +FROM java:8-alpine +MAINTAINER Jessica Frazelle + +RUN apk --update add \ + apache-ant \ + bash \ + git \ + perl \ + python \ + zip \ + --update-cache --repository http://dl-3.alpinelinux.org/alpine/edge/testing/ \ + && rm -rf /var/cache/apk/* + +# install buck +RUN git clone --depth 1 https://github.com/facebook/buck.git /buck \ + && cd /buck \ + && ant \ + && ln -snfv ${PWD}/bin/buck /usr/bin/buck + +RUN git clone --depth 1 --recurse-submodules https://gerrit.googlesource.com/gitiles /gitiles \ + && cd /gitiles \ + && touch .nobuckcheck \ + && git submodule update --init \ + && buck build all + +COPY ./start.sh /start.sh + +ENTRYPOINT [ "/start.sh" ] diff --git a/gitiles/start.sh b/gitiles/start.sh new file mode 100755 index 0000000..99854b9 --- /dev/null +++ b/gitiles/start.sh @@ -0,0 +1,12 @@ +#!/bin/sh +set -e + +ROOT="/gitiles" +PROPERTIES= + +if [ "x$1" != "x" ]; then + PROPERTIES="-Dcom.google.gitiles.configPath=$1" +fi +PROPERTIES="$PROPERTIES -Dcom.google.gitiles.sourcePath=$ROOT" + +exec java $PROPERTIES -jar "$ROOT/buck-out/gen/gitiles-dev/dev.jar" diff --git a/gitserver/Dockerfile b/gitserver/Dockerfile new file mode 100644 index 0000000..204ba5c --- /dev/null +++ b/gitserver/Dockerfile @@ -0,0 +1,34 @@ +# Run a git server in a container. +# +# docker run --rm -it -p 1234:22 \ +# -e DEBUG=true \ +# -e "PUBKEY=$(cat ~/.ssh/id_ed25519.pub)" \ +# --name gitserver \ +# jess/gitserver +FROM alpine:latest +MAINTAINER Jessica Frazelle + +ENV HOME /root + +RUN apk update && apk add \ + git \ + openssh \ + && rm -rf /var/cache/apk/* \ + && sed -i "s/#PasswordAuthentication yes/PasswordAuthentication no/" /etc/ssh/sshd_config \ + && sed -i "s/#PubkeyAuthentication yes/PubkeyAuthentication yes/" /etc/ssh/sshd_config \ + && echo -e "AllowUsers git\n" >> /etc/ssh/sshd_config \ + && echo -e "Port 22\n" >> /etc/ssh/sshd_config \ + && addgroup git \ + && adduser -D -S -s /usr/bin/git-shell -h /home/git -g git git \ + && mkdir -p /home/git/.ssh \ + && chown -R git:git /home/git \ + && passwd -u git + +ENV HOME /home/git +EXPOSE 22 +WORKDIR $HOME + +COPY ./start.sh / + +ENTRYPOINT ["/start.sh"] +CMD ["/usr/sbin/sshd", "-D", "-e", "-f", "/etc/ssh/sshd_config"] diff --git a/gitserver/start.sh b/gitserver/start.sh new file mode 100755 index 0000000..9d9e33b --- /dev/null +++ b/gitserver/start.sh @@ -0,0 +1,61 @@ +#!/bin/sh +set -e + +[ "$DEBUG" == 'true' ] && set -x + +DAEMON=sshd +HOSTKEY=/etc/ssh/ssh_host_ed25519_key + +# create the host key if not already created +if [ ! -f "${HOSTKEY}" ]; then + ssh-keygen -A +fi + +[ "$PUBKEY" ] && echo "$PUBKEY" > ${HOME}/.ssh/authorized_keys + +# Fix permissions, if writable +if [ -w ${HOME}/.ssh ]; then + chown git:git ${HOME}/.ssh && chmod 700 ${HOME}/.ssh/ +fi +if [ -w ${HOME}/.ssh/authorized_keys ]; then + chown git:git ${HOME}/.ssh/authorized_keys + chmod 600 ${HOME}/.ssh/authorized_keys +fi + +# Warn if no config +if [ ! -e ${HOME}/.ssh/authorized_keys ]; then + echo "WARNING: No SSH authorized_keys found for git" +fi + +# set the default shell +mkdir -p $HOME/git-shell-commands +cat >$HOME/git-shell-commands/no-interactive-login <<\EOF +#!/bin/sh +printf '%s\n' "Hi $USER! You've successfully authenticated, but I do not" +printf '%s\n' "provide interactive shell access." +exit 128 +EOF +chmod +x $HOME/git-shell-commands/no-interactive-login + +stop() { + echo "Received SIGINT or SIGTERM. Shutting down $DAEMON" + # Get PID + pid=$(cat /var/run/$DAEMON/$DAEMON.pid) + # Set TERM + kill -SIGTERM "${pid}" + # Wait for exit + wait "${pid}" + # All done. + echo "Done." +} + +echo "Running $@" +if [ "$(basename $1)" == "$DAEMON" ]; then + trap stop SIGINT SIGTERM + $@ & + pid="$!" + mkdir -p /var/run/$DAEMON && echo "${pid}" > /var/run/$DAEMON/$DAEMON.pid + wait "${pid}" && exit $? +else + exec "$@" +fi diff --git a/mailman/Dockerfile b/mailman/Dockerfile index ad9e533..2dab835 100644 --- a/mailman/Dockerfile +++ b/mailman/Dockerfile @@ -17,9 +17,9 @@ RUN apt-get update && apt-get install -y \ && rm -rf /var/lib/apt/lists/* # Lighttpd configuration -ADD lighttpd.conf /etc/lighttpd/lighttpd.conf +COPY lighttpd.conf /etc/lighttpd/lighttpd.conf -ADD supervisord.conf /etc/supervisor/conf.d/supervisord.conf +COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf EXPOSE 25 80 diff --git a/sentry/Dockerfile b/sentry/Dockerfile index e61eb91..af7a920 100644 --- a/sentry/Dockerfile +++ b/sentry/Dockerfile @@ -29,7 +29,7 @@ RUN pip install psycopg2 sentry EXPOSE 9000 -ADD sentry.conf.py /sentry.conf.py +COPY sentry.conf.py /sentry.conf.py ENTRYPOINT ["/usr/local/bin/sentry", "--config=/sentry.conf.py"]