I can see how it's inconsistent that I don't also repeat the `ENTRYPOINT`/`CMD` lines, but I somehow managed to only miss the `chmod` when combining the steps.
add aliases to what uname would return
so it work with uname -m
like https://github.com/krallin/tini/pull/147
add x86_64 for uname -m
to make it work with uname -m
like krallin#147
Fixes#153. It doesn't hurt to have those, though in general clients
probably shouldn't rely too much on getting their binary and their
checksum from the same source.
Fixes#152. This doesn't hurt, and we already do it for e.g. unsuffixed
and amd64. We're pretty close to a more distinguished mechanism for
aliases being worth it, though.
Time to do this — Python 2 is EOL. This exposed a bug in one of the
tests that was stripping the entire environment from its subprocesses
(though they did sort of work on Python 2).
Something changed in recent version of the libraries within
openjdk:8-jdk-slim docker image and now the existing steps were failing
with erro `gpg: cannot open '/dev/tty': No such device or address`.
Add a new flag '-p', which sets up the parent death signal to `SIGKILL`.
This will cause the kernel to send us a `SIGKILL` as soon as the direct
parent process dies. This is useful e.g. in combination with unshare(1)
from util-linux when using PID namespaces. When unshare forks the child,
which is about to become PID 1, killing the unshare parent will not
cause the child to exit. When executing the command
$ unshare --pid --fork tini -- <prog>
then killing unshare will not cause tini to be killed. Since util-linux
v2.32, unshare has an option "--kill-child=<SIGNAL>" that will set up
the parent death signal for the forked process. This does not help
though in case either SELinux or AppArmor are in use and credentials of
the forked process change (e.g. by changing its UID), as these LSMs will
clear the parent death signal again. The following example would trigger
that situation:
$ unshare --pid --fork setpriv --reuid user tini -s -- <prog>
The parent death signal will get reset by the LSMs as soon as `setpriv`
switchets its user ID to that of "user", and killing unshare will again
not result in tini being killed. The new '-p' flag helps that exact
scenario:
$ unshare --pid --fork setpriv --reuid user tini -s -p SIGKILL -- <prog>
As soon as unshare is getting killed, tini will get signalled SIGKILL
and exit as well, tearing down <prog> with it.
Well designed software should not produce any zombie or re-parenting
processes.
This adds an option to warn in the logs when reaping of zombies is
happening so that it can be monitored and fixed in subsequent releases
of the software.
- `ARCH_SUFFIX` should not be passed at runtime: it's already passed as
a build argument, and it's consumed during the build (so it's too late
to change it at runtime).
- For consistency, pass `ARCH_NATIVE` and `CC` similarly at build time
as well: passing `CC` and `ARCH_SUFFIX` at different times is
particularly error-prone.
- Accept all parameters to `ddist.sh` via environment variables. It
doesn't make sense to accept exclusively `ARCH_SUFFIX` as a positional
argument when `ARCH_SUFFIX` alone doesn't accomplish anything (i.e.
you also need `CC`).
TODO: `CC` should be derived from `ARCH_SUFFIX` in the first place.
This required updating to Ubuntu Xenial for some of the cross compilers, but Travis doesn't support Xenial builders, so this instead converts Travis to use the already-existing "ddist.sh" script for building via Docker.
Also fixed a bug with the signals test, which didn't properly exercise
Tini: rather than check that Tini was properly exiting with 128 +
signal, it raced against Tini and was only successful if Tini didn't get
the change to spawn a subprocess!