Something changed in recent version of the libraries within
openjdk:8-jdk-slim docker image and now the existing steps were failing
with erro `gpg: cannot open '/dev/tty': No such device or address`.
This adds 1k of weight to the resulting binary, which is reasonable
(it's less than 5% for the smaller non-static binary), but alleviates
legitimate user concern that the license requires being included when
Tini is redistributed.
The GPG signing subkey and passphrase are respectively provided through
a Travis encrypted file and a Travis encrypted environment variable.
Signing is only done if there is a signing key present when the build is
complete (so as to not fail when e.g. building a PR that doesn't have
encrypted files available).
tini only kills the immediate child process. This means that if you
do, for example,
docker run krallin/ubuntu-tini sh -c 'sleep 10'
and ctrl-C it, nothing happens: SIGINT is sent to the 'sh' process,
but that shell won't react to it while it is waiting for the 'sleep'
to finish.
This change adds a -g option to put the child process of tini into a
new process group, and sends signals to that group, so that every
process in the group gets a signal. This corresponds more closely to
what happens when you do ctrl-C etc. in a terminal: The signal is sent
to the foreground process group.
So if you try the example above with a container image that passes -g
to tini, the SIGINT will be received by the 'sleep', and the container
promptly exits.
Using the child subreaper mechanism, we can actually run
tests inside the CI environment without depending on Docker.
While this does not replace the existing tests, it allows
at least some functional coverage within CI.
This allows the use of `tini` within even more minimal environments (such as images that are `FROM scratch` with a single application binary `COPY`'d in).