Merge pull request #10 from skarnet/master

New version of the overlay, designed together with Gorka

Dockerfile

@@ -6,9 +6,9 @@ ENV DEBIAN_FRONTEND noninteractive
 
 RUN apt-get update && apt-get install -y curl
 COPY rootfs /
-RUN chmod +x /build-latest
+RUN chmod +x /build-*
 
 ENV OVERLAY_ROOTFS_PATH /overlay-rootfs
 COPY overlay-rootfs $OVERLAY_ROOTFS_PATH
 
-CMD [ "/build-latest" ]
+CMD [ "/build-wrapper" ]

overlay-rootfs/etc/fix-attrs.d/00-runscripts

@@ -0,0 +1,4 @@
+/etc/services.d/*/run false root 0755 0755
+/etc/services.d/*/finish false root 0755 0755
+/etc/services.d/*/log/run false root 0755 0755
+/etc/services.d/*/log/finish false root 0755 0755

overlay-rootfs/etc/s6/init/env/PATH

@@ -0,0 +1 @@
+/usr/bin:/usr/sbin:/bin:/sbin

overlay-rootfs/etc/s6/init/init-stage1

@@ -0,0 +1,69 @@
+#!/usr/bin/execlineb -S0
+
+##
+## dump environment into an envdir
+##
+
+/usr/bin/if { /usr/bin/s6-mkdir -pm 0755 -- /var/run/s6/container_environment }
+/usr/bin/if { /usr/bin/s6-dumpenv -- /var/run/s6/container_environment }
+
+
+##
+## run everything else with only the environment defined in
+## /etc/s6/init/env. Programs can get back the container
+## environment by using "with-contenv program".
+##
+
+/usr/bin/exec -c --
+/usr/bin/s6-envdir /etc/s6/init/env
+/usr/bin/exec --
+
+
+##
+## ensure our vital fifo exists
+##
+
+if { s6-mkfifo -m 0600 -- /var/run/s6/uncaught-logs-fifo }
+
+
+##
+## init the scandir with our base services
+##
+
+if { s6-rmrf /var/run/s6/service }
+if { s6-hiercopy /etc/s6/service /var/run/s6/service }
+
+
+##
+## fork the "init-stage2" script
+##
+
+background
+{
+  # add some environment
+  s6-envdir -- /etc/s6/init/env-stage2
+
+  # block until the supervision tree is running
+  redirfd -w 3 /var/run/s6/uncaught-logs-fifo
+  fdclose 3
+
+  # run the script
+  /etc/s6/init/init-stage2 $@
+}
+unexport !
+
+
+##
+## run the rest of stage 1 with sanitized descriptors
+##
+
+redirfd -r 0 /dev/null
+redirfd -wnb 1 /var/run/s6/uncaught-logs-fifo
+fdmove -c 2 1
+
+
+##
+## start the supervision tree
+##
+
+s6-svscan -t0 /var/run/s6/service

overlay-rootfs/etc/s6/init/init-stage2

@@ -0,0 +1,89 @@
+#!/usr/bin/execlineb -S0
+
+# This file is executed (not as process 1!) as soon as s6-svscan
+# starts, with the original stdin/out/err, but NOT the original
+# environment.
+# Purpose of this file: to perform all the one-time initialization tasks.
+
+if -nt
+{
+  if
+  {
+    redirfd -w 1 /var/run/s6/uncaught-logs-fifo
+    fdmove -c 2 1
+
+
+    ##
+    ## fix-attrs.d: ensure owners and permissions are correct
+    ##
+
+    if { s6-echo "[fix-attrs.d] applying owners & permissions fixes..." }
+    if
+    {
+      pipeline { s6-ls -0 -- /etc/fix-attrs.d }
+      pipeline { s6-sort -0 -- }
+      forstdin -0 -- i
+      import -u i
+      if { s6-echo -n -- "[fix-attrs.d] applying ${i}... " }
+      foreground { redirfd -r 0 /etc/fix-attrs.d/${i} fix-attrs }
+      import -u ? s6-echo -- " exited ${?}"
+    }
+    if { s6-echo -- "[fix-attrs.d] done." }
+
+
+    ##
+    ## cont-init.d: one-time init scripts
+    ##
+
+    if { s6-echo "[cont-init.d] executing container initialization scripts..." }
+    if
+    {
+      pipeline { s6-ls -0 -- /etc/cont-init.d }
+      pipeline { s6-sort -0 -- }
+      forstdin -0 -- i
+      import -u i
+      if { s6-echo -n -- "[cont-init.d] executing ${i}... " }
+      foreground { with-contenv /etc/cont-init.d/${i} }
+      import -u ? s6-echo -- " ... exited ${?}"
+    }
+    if { s6-echo -- "[cont-init.d] done." }
+
+
+    ##
+    ## services.d: long-lived processes to be supervised
+    ##
+
+    if { s6-echo "[services.d] starting services" }
+    if
+    {
+      pipeline { s6-ls -0 -- /etc/services.d }
+      forstdin -0 -p -- i
+      import -u i
+      if { s6-test -d /etc/services.d/${i} }
+      s6-hiercopy /etc/services.d/${i} /var/run/s6/service/${i}
+    }
+    if { s6-svscanctl -a /var/run/s6/service }
+    if { s6-echo -- "[services.d] done." }
+
+  }
+
+
+  ##
+  ## The init is complete. If the user has given a CMD, run it now, then
+  ## kill everything when it exits.
+  ##
+
+  if -t { s6-test $# -ne 0 }
+  foreground { s6-setsid -gq -- with-contenv $@ }
+  foreground { import -u ? s6-echo "${1} exited ${?}. Stopping the supervision tree." }
+  foreground { s6-svscanctl -t /var/run/s6/service }
+
+  # Race condition here, but it's ok: the sync in stage 3 takes ages,
+  # and if we get killed by the SIGTERM instead of the SIGKILL, meh, who cares.
+
+  # Wait to be nuked
+  s6-pause -th
+}
+
+# if anything in the if -nt { } block fails, control jumps here.
+s6-echo -- "\n!!!!!\n init-stage2 failed.\n Logs are in /var/log/s6-uncaught-logs\n!!!!!"