copr / copr

Clone

#2339 Use tini as backend and keygen-signd containers' entrypoint
Merged 2 years ago by praiskup. Opened 2 years ago by tommylike.
copr/ tommylike/copr feature/add-container-entrypoint  into  main

file modified
+2 
@@ -27,6 +27,7 @@ 
 

                     nginx \
 

                     python3-ipdb \
 

                     findutils \
 

+                    tini \
 

  # to get more entropy for generation of gpg keys
 

                     rng-tools \
 

  # for unbuffer package
 
@@ -79,4 +80,5 @@ 
 

  # using /dev/urandom is a hack just for devel, /dev/hwrandom or /dev/hwrng should be used in production
 

  RUN rngd -r /dev/urandom
 

  

+ ENTRYPOINT ["/usr/bin/tini", "--"]
 

  CMD ["/bin/run.sh"]

file modified
+3 -2 
@@ -9,7 +9,8 @@ 
 

  RUN groupadd -r copr-signer -g 992
 

  RUN useradd -r copr-signer -u 993 -g 992 -d /var/lib/copr-keygen
 

  

- # Install copr-keygen package
 

- RUN dnf -y update gnupg2 && dnf -y install copr-keygen && dnf clean all
 

+ # Install copr-keygen package and tini
 

+ RUN dnf -y update gnupg2 && dnf -y install copr-keygen tini && dnf clean all
 

  

+ ENTRYPOINT ["/usr/bin/tini", "--"]
 

  CMD ["/usr/sbin/signd"]

Introduce tini as backend and keygen-signd containers' entrypoint to avoid zombies process.

Build succeeded.

Thank you for the PR, this is really needed!

Can you please just use /bin/sh as the zombie reaper?

Can you please just use /bin/sh as the zombie reaper?

Really? Can we use /bin/sh to reap zombie process, I don't know about this @praiskup

Yes, if /bin/sh is PID=1.
Edited 2 years ago by praiskup

Yes, if /bin/sh is PID=1.

@praiskup , Great, let me check, will it forward signal to its children as well?

Yeah, signaling is needed, too!

Can you use some software that is natively in Fedora? Downloading scripts from the internet is not acceptable here, I'm afraid.

Both dumb-init and tiny seem to be in Fedora.

Both dumb-init and tiny seem to be in Fedora.

Sure!

Both dumb-init and tiny seem to be in Fedora.

By that I mean: we should just dnf -y install tiny and use that

rebased onto bfc6948560dee3172795d0e6eab27eaf8007626c
2 years ago

Both dumb-init and tiny seem to be in Fedora.

By that I mean: we should just dnf -y install tiny and use that

the tini and dumb-init document should be updated:)
Edited 2 years ago by tommylike

Build succeeded.

One last little thing, can you please
- prefix your title line in commit message with docker:
- dump somewhere in commit message Merges: #2339
- document that tini is needed also for handling signals
Otherwise lgtm.

rebased onto d5115e0
2 years ago

Build succeeded.

+1

Commit edfc6bd fixes this pull-request

Pull-Request has been merged by praiskup
2 years ago

Thank you!
Metadata
None
No Tags
Changes Summary 2
+2 -0
file changed
docker/backend/Dockerfile
+3 -2
file changed
docker/keygen-signd/Dockerfile
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.