From 756016631bfbafbcc5651abe1430e09ec7632bbd Mon Sep 17 00:00:00 2001 From: Grant Slater Date: Wed, 6 Feb 2019 10:23:09 +0000 Subject: [PATCH 1/2] Update tini install snippet * Update tini to v0.18.0 (current latest release) * Improve gpg recv-keys as unreliable otherwise * Add comment about Alpine, Debian and Ubuntu now having tini packages * Use tini --version instead of tini --help which is not available in TINI_MINIMAL releases Snippet tested on: * Ubuntu 12.04 to 18.10 * Debian * Alpine * Centos 6+ --- README.md | 35 +++++++++++++++++++++++------------ 1 file changed, 23 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 2214e7929a08d..2f73226420e92 100644 --- a/README.md +++ b/README.md @@ -184,20 +184,31 @@ Some examples at the time of writing: Following the Docker guidelines it is highly recommended that the resulting image be just one concern per container; predominantly this means just one process per container, so there is no need for a full init system. There are two situations where an init-like process would be helpful for the container. The first being signal handling. If the process launched does not handle `SIGTERM` by exiting, it will not be killed since it is PID 1 in the container (see "NOTE" at the end of the [Foreground section](https://docs.docker.com/engine/reference/run/#foreground) in the docker docs). The second situation would be zombie reaping. If the process spawns child processes and does not properly reap them it will lead to a full process table, which can prevent the whole system from spawning any new processes. For both of these concerns we recommend [tini](https://github.com/krallin/tini). It is incredibly small, has minimal external dependencies, fills each of these roles, and does only the necessary parts of reaping and signal forwarding. -Here is a snippet of a `Dockerfile` to add in tini (be sure to use it in `CMD` or `ENTRYPOINT` as appropriate): +Be sure to use tini in `CMD` or `ENTRYPOINT` as appropriate. + +It is best to install tini from a package. If tini is not available as a package here is a snippet of a `Dockerfile` to add in tini: ```Dockerfile -# grab tini for signal processing and zombie killing -ENV TINI_VERSION v0.9.0 -RUN set -x \ - && curl -fSL "https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini" -o /usr/local/bin/tini \ - && curl -fSL "https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini.asc" -o /usr/local/bin/tini.asc \ - && export GNUPGHOME="$(mktemp -d)" \ - && gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 6380DC428747F6C393FEACA59A84159D7001A4E5 \ - && gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini \ - && rm -r "$GNUPGHOME" /usr/local/bin/tini.asc \ - && chmod +x /usr/local/bin/tini \ - && tini -h +# alpine:3.4+ rather use: apk add --no-cache tini +# ubuntu:18.10+ rather use: apt-get install -y tini +# debian:10+ rather use: apt-get install -y tini +# +# Install tini for signal processing and zombie killing +ENV TINI_VERSION v0.18.0 +ENV TINI_SIGN_KEY 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 +RUN set -eux; \ + wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini"; \ + wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini.asc"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$TINI_SIGN_KEY" || \ + gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$TINI_SIGN_KEY" || \ + gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$TINI_SIGN_KEY" || \ + gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$TINI_SIGN_KEY"; \ + gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ + command -v gpgconf && gpgconf --kill all || :; \ + rm -r "$GNUPGHOME" /usr/local/bin/tini.asc; \ + chmod +x /usr/local/bin/tini; \ + tini --version ``` #### Cacheability From 52d85112b5d455d8c82fd4c149786804d0afd4c4 Mon Sep 17 00:00:00 2001 From: yosifkit Date: Mon, 18 Feb 2019 15:09:09 +0000 Subject: [PATCH 2/2] Update README.md Co-Authored-By: Firefishy --- README.md | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/README.md b/README.md index 2f73226420e92..d6258e247ed05 100644 --- a/README.md +++ b/README.md @@ -186,13 +186,9 @@ Following the Docker guidelines it is highly recommended that the resulting imag Be sure to use tini in `CMD` or `ENTRYPOINT` as appropriate. -It is best to install tini from a package. If tini is not available as a package here is a snippet of a `Dockerfile` to add in tini: +It is best to install tini from a distribution-provided package (ex. `apt-get install tini`). If tini is not available in your distribution or is too old, here is a snippet of a `Dockerfile` to add in tini: ```Dockerfile -# alpine:3.4+ rather use: apk add --no-cache tini -# ubuntu:18.10+ rather use: apt-get install -y tini -# debian:10+ rather use: apt-get install -y tini -# # Install tini for signal processing and zombie killing ENV TINI_VERSION v0.18.0 ENV TINI_SIGN_KEY 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 @@ -200,9 +196,6 @@ RUN set -eux; \ wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini"; \ wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$TINI_SIGN_KEY" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$TINI_SIGN_KEY" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$TINI_SIGN_KEY" || \ gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$TINI_SIGN_KEY"; \ gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ command -v gpgconf && gpgconf --kill all || :; \