From ca2c0ce48ee3a046b0b132d015aed836badf9ed6 Mon Sep 17 00:00:00 2001 From: aptalca Date: Sun, 2 Feb 2020 15:54:30 -0500 Subject: [PATCH 1/3] create template branch --- .dockerignore | 6 ++ .gitattributes | 17 +++++ .gitignore | 43 +++++++++++++ .travis.yml | 25 +++++--- README.md | 166 ++++--------------------------------------------- blacklist.txt | 2 - 6 files changed, 95 insertions(+), 164 deletions(-) create mode 100644 .dockerignore create mode 100644 .gitattributes create mode 100644 .gitignore delete mode 100644 blacklist.txt diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 00000000..cdb1a82f --- /dev/null +++ b/.dockerignore @@ -0,0 +1,6 @@ +.git +.gitignore +.github +.gitattributes +READMETEMPLATE.md +README.md diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 00000000..bdb0cabc --- /dev/null +++ b/.gitattributes @@ -0,0 +1,17 @@ +# Auto detect text files and perform LF normalization +* text=auto + +# Custom for Visual Studio +*.cs diff=csharp + +# Standard to msysgit +*.doc diff=astextplain +*.DOC diff=astextplain +*.docx diff=astextplain +*.DOCX diff=astextplain +*.dot diff=astextplain +*.DOT diff=astextplain +*.pdf diff=astextplain +*.PDF diff=astextplain +*.rtf diff=astextplain +*.RTF diff=astextplain diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..96374c4e --- /dev/null +++ b/.gitignore @@ -0,0 +1,43 @@ +# Windows image file caches +Thumbs.db +ehthumbs.db + +# Folder config file +Desktop.ini + +# Recycle Bin used on file shares +$RECYCLE.BIN/ + +# Windows Installer files +*.cab +*.msi +*.msm +*.msp + +# Windows shortcuts +*.lnk + +# ========================= +# Operating System Files +# ========================= + +# OSX +# ========================= + +.DS_Store +.AppleDouble +.LSOverride + +# Thumbnails +._* + +# Files that might appear on external disk +.Spotlight-V100 +.Trashes + +# Directories potentially created on remote AFP share +.AppleDB +.AppleDesktop +Network Trash Folder +Temporary Items +.apdisk diff --git a/.travis.yml b/.travis.yml index 388a81b2..e6e5b1fb 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,24 +1,35 @@ -sudo: true +os: linux -language: bash +language: shell + +branches: + only: + - - #replace variables, omit brackets services: - docker env: global: - - DOCKERHUB="user/endpoint" + - DOCKERHUB="linuxserver/mods" #don't modify + - BASEIMAGE="baseimagename" #replace + - MODNAME="modname" #replace jobs: include: + - stage: PR-BuildImage + if: (type IN (pull_request)) + script: + # Build image + - docker build --no-cache -t ${DOCKERHUB}:${BASEIMAGE}-${MODNAME}-${TRAVIS_COMMIT} . - stage: BuildImage if: (NOT (type IN (pull_request))) script: # Build image - - docker build --no-cache -t ${DOCKERHUB}:${TRAVIS_COMMIT} . - - docker tag ${DOCKERHUB}:${TRAVIS_COMMIT} ${DOCKERHUB}:latest + - docker build --no-cache -t ${DOCKERHUB}:${BASEIMAGE}-${MODNAME}-${TRAVIS_COMMIT} . + - docker tag ${DOCKERHUB}:${BASEIMAGE}-${MODNAME}-${TRAVIS_COMMIT} ${DOCKERHUB}:${BASEIMAGE}-${MODNAME} # Login to DockerHub - echo $DOCKERPASS | docker login -u $DOCKERUSER --password-stdin # Push all of the tags - - docker push ${DOCKERHUB}:${TRAVIS_COMMIT} - - docker push ${DOCKERHUB}:latest + - docker push ${DOCKERHUB}:${BASEIMAGE}-${MODNAME}-${TRAVIS_COMMIT} + - docker push ${DOCKERHUB}:${BASEIMAGE}-${MODNAME} \ No newline at end of file diff --git a/README.md b/README.md index 413c5005..867a00c1 100644 --- a/README.md +++ b/README.md @@ -1,159 +1,15 @@ -# Intro +# Docker mod for openssh-server -The purpose of the repository is to provide examples and guidance in creating and storing a user consumable modification layer for the Library of Linuxserver.io Dockerhub Containers. -At it's core a Docker Mod is a tarball of files stored on Dockerhub that is downloaded and extracted on container boot before any init logic is run. -This allows: +This mod adds rsync to openssh-server, to be installed/updated during container start. -* Developers and community users to modify base containers to suit their needs without the need to maintain a fork of the main docker repository -* Mods to be shared with the Linuxserver.io userbase as individual independent projects with their own support channels and development ideologies -* Zero cost hosting and build pipelines for these modifications leveraging Github and Dockerhub -* Full custom configuration management layers for hooking containers into each other using environment variables contained in a compose file +In openssh-server docker arguments, set an environment variable `DOCKER_MODS=linuxserver/mods:openssh-server-rsync` -It is important to note to end users of this system that there are not only extreme security implications to consuming files from souces outside of our control, but by leveraging community Mods you essentially lose direct support from the core LinuxServer team. Our first and foremost troubleshooting step will be to remove the `DOCKER_MODS` environment variable when running into issues and replace the container with a clean LSIO one. +# Mod creation instructions -Again, when pulling in logic from external sources practice caution and trust the sources/community you get them from. - -## Using a Docker Mod - -Before consuming a Docker Mod ensure that the source code for it is publicly posted along with it's build pipeline pushing to Dockerhub. - -Consumption of a Docker Mod is intended to be as user friendly as possible and can be achieved with the following environment variables being passed to the container: - -* DOCKER_MODS- This can be a single endpoint `user/endpoint:tag` or an array of endpoints separated by `|` `user/endpoint:tag|user2/endpoint2:tag` -* RUN_BANNED_MODS- If this is set to any value you will bypass our centralized filter of banned Dockerhub users and run Mods regardless of a ban - -Full example: - -``` -docker create \ - --name=nzbget \ - -e DOCKER_MODS=taisun/nzbget-mod:latest \ - -e PUID=1000 \ - -e PGID=1000 \ - -e TZ=Europe/London \ - -p 6789:6789 \ - -v :/config \ - -v :/downloads \ - --restart unless-stopped \ - linuxserver/nzbget -``` - -This will spinup an nzbget container and apply the custom logic found in the following repository: - -https://github.com/Taisun-Docker/Linuxserver-Mod-Demo - -This basic demo installs Pip and a couple dependencies for plugins some users leverage with nzbget. - -## Creating and maintaining a Docker Mod - -We will always recommend to our users consuming Mods that they leverage ones from active community members or projects so transparency is key here. We understand that image layers can be pushed on the back end behind these pipelines, but every little bit helps. -In this repository we will be going over two basic methods of making a Mod along with an example of the Travis-CI.org build logic to get this into a Dockerhub endpoint. Though we are not officially endorsing Travis-CI here it is one of the most popular Open Source free build pipelines and only requires a Github account to get started. If you prefer others feel free to use them as long as build jobs are transparent. - -One of the core ideas to remember when creating a Mod is that it can only contain a single image layer, the examples below will show you how to add files standardly and how to run complex logic to assemble the files in a build layer to copy them over into this single layer. - -### Docker Mod Simple - just add scripts - -In this repository you will find the `Dockerfile` containing: - -``` -FROM scratch - -# copy local files -COPY root/ / -``` - -For most users this will suffice and anything in the root/ folder of the repository will be added to the end users Docker container / path. - -The most common paths to leverage for Linuxserver images will be: - -* root/etc/cont-init.d/<25-script-name> - Contains init logic scripts that run before the services in the container start these should exit 0 and are ordered by filename -* root/etc/services.d//run - Contains scripts that run in the foreground for persistent services IE NGINX -* root/defaults - Contains base config files that are copied/modified on first spinup - -The example files in this repo contain a script to install sshutil and a service file to run the installed utility. - -### Docker Mod Complex - Sky is the limit - -In this repository you will find the `Dockerfile.complex` containing: - -``` -## Buildstage ## -FROM lsiobase/alpine:3.9 as buildstage - -RUN \ - echo "**** install packages ****" && \ - apk add --no-cache \ - curl && \ - echo "**** grab rclone ****" && \ - mkdir -p /root-layer && \ - curl -o \ - /root-layer/rclone.deb -L \ - "https://downloads.rclone.org/v1.47.0/rclone-v1.47.0-linux-amd64.deb" - -# copy local files -COPY root/ /root-layer/ - -## Single layer deployed image ## -FROM scratch - -# Add files from buildstage -COPY --from=buildstage /root-layer/ / -``` - -Here we are leveraging a multi stage DockerFile to run custom logic and pull down an Rclone deb from the Internet to include in our image layer for distribution. Any amount of logic can be run in this build stage or even multiple build stages as long as the files in the end are combined into a single folder for the COPY command in the final output. - -## Full loop - getting a Mod to Dockerhub - -First and foremost to publish a Mod you will need the following accounts: -* Github- https://github.com/join -* DockerHub- https://hub.docker.com/signup - -We reccomend using this repositroy as a template for your first Mod, so in this section we assume the code is finished and we will only concentrate on plugging into Travis/Dockerhub. - -The only code change you need to make to the build logic file `.travis.yml` will be to modify the DOCKERHUB endpoint to your own image: -``` -env: - global: - - DOCKERHUB="user/endpoint" -``` - -User is your Dockerhub user and endpoint is your own custom name. You do not need to create this endpoint beforehand, the build logic will push it and create it on first run. - -Head over to https://travis-ci.org/ and click on signup: - -![signup](https://s3-us-west-2.amazonaws.com/linuxserver-docs/images/signup.png) - -This will use Github to auth you in. Once in the dashboard click on "Add new Repository": - -![addnew](https://s3-us-west-2.amazonaws.com/linuxserver-docs/images/addnew.png) - -Click on settings for the repo you want to add: - -![settings](https://s3-us-west-2.amazonaws.com/linuxserver-docs/images/settings.png) - -Under the "Environment Variables" section add DOCKERUSER and DOCKERPASS as shown below, these will be your live Dockerhub credentials: - -![env](https://s3-us-west-2.amazonaws.com/linuxserver-docs/images/env.png) - -Once these are set click on the "Current" tab and "Activate repository": - -![activate](https://s3-us-west-2.amazonaws.com/linuxserver-docs/images/activate.png) - -Travis will trigger a build off of your repo and will push to Dockerhub on success. This Dockerhub endpoint is the Mod variable you can use to customize your container now. - - -## Appendix - -### Inspecting mods - -To inspect the file contents of external Mods dive is a great CLI tool: - -https://github.com/wagoodman/dive - -Basic usage: - -``` -docker run --rm -it \ - -v /var/run/docker.sock:/var/run/docker.sock \ - wagoodman/dive:latest -``` +* Ask the team to create a new branch named `-`. Baseimage should be the name of the image the mod will be applied to. The new branch will be based on the `template` branch. +* Fork the repo, checkout the template branch. +* Edit the `Dockerfile` for the mod. `Dockerfile.complex` is only an example and included for reference; it should be deleted when done. +* Inspect the `root` folder contents. Edit, add and remove as necessary. +* Edit this readme with pertinent info, delete thse instructions. +* Finally edit the `travis.yml`. Customize the build branch,and the vars for `BASEIMAGE` and `MODNAME` +* Submit PR against the branch created by the team \ No newline at end of file diff --git a/blacklist.txt b/blacklist.txt deleted file mode 100644 index 9cce7e51..00000000 --- a/blacklist.txt +++ /dev/null @@ -1,2 +0,0 @@ -evilbitcoinminer -rootkitinc From e8de10488fa3a127e83fecf785d85f90836a7177 Mon Sep 17 00:00:00 2001 From: aptalca Date: Mon, 3 Feb 2020 12:37:01 -0500 Subject: [PATCH 2/3] openssh-server: add openssh-client --- .travis.yml | 8 ++++---- Dockerfile | 2 ++ Dockerfile.complex | 21 -------------------- README.md | 14 +++---------- root/etc/cont-init.d/99-openssh-client | 4 ++++ root/etc/cont-init.d/99-vpn-config | 27 -------------------------- root/etc/services.d/sshvpn/run | 3 --- 7 files changed, 13 insertions(+), 66 deletions(-) delete mode 100644 Dockerfile.complex create mode 100644 root/etc/cont-init.d/99-openssh-client delete mode 100644 root/etc/cont-init.d/99-vpn-config delete mode 100644 root/etc/services.d/sshvpn/run diff --git a/.travis.yml b/.travis.yml index e6e5b1fb..2378522a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,16 +4,16 @@ language: shell branches: only: - - - #replace variables, omit brackets + - openssh-server-openssh-client services: - docker env: global: - - DOCKERHUB="linuxserver/mods" #don't modify - - BASEIMAGE="baseimagename" #replace - - MODNAME="modname" #replace + - DOCKERHUB="linuxserver/mods" + - BASEIMAGE="openssh-server" + - MODNAME="openssh-client" jobs: include: diff --git a/Dockerfile b/Dockerfile index 2f24b209..fca6f93a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,6 @@ FROM scratch +LABEL maintainer="aptalca" + # copy local files COPY root/ / diff --git a/Dockerfile.complex b/Dockerfile.complex deleted file mode 100644 index 4463d838..00000000 --- a/Dockerfile.complex +++ /dev/null @@ -1,21 +0,0 @@ -## Buildstage ## -FROM lsiobase/alpine:3.9 as buildstage - -RUN \ - echo "**** install packages ****" && \ - apk add --no-cache \ - curl && \ - echo "**** grab rclone ****" && \ - mkdir -p /root-layer && \ - curl -o \ - /root-layer/rclone.deb -L \ - "https://downloads.rclone.org/v1.47.0/rclone-v1.47.0-linux-amd64.deb" - -# copy local files -COPY root/ /root-layer/ - -## Single layer deployed image ## -FROM scratch - -# Add files from buildstage -COPY --from=buildstage /root-layer/ / diff --git a/README.md b/README.md index 867a00c1..d6b93e76 100644 --- a/README.md +++ b/README.md @@ -1,15 +1,7 @@ # Docker mod for openssh-server -This mod adds rsync to openssh-server, to be installed/updated during container start. +This mod adds openssh-client to openssh-server, to be installed/updated during container start. -In openssh-server docker arguments, set an environment variable `DOCKER_MODS=linuxserver/mods:openssh-server-rsync` +In openssh-server docker arguments, set an environment variable `DOCKER_MODS=linuxserver/mods:openssh-server-openssh-client` -# Mod creation instructions - -* Ask the team to create a new branch named `-`. Baseimage should be the name of the image the mod will be applied to. The new branch will be based on the `template` branch. -* Fork the repo, checkout the template branch. -* Edit the `Dockerfile` for the mod. `Dockerfile.complex` is only an example and included for reference; it should be deleted when done. -* Inspect the `root` folder contents. Edit, add and remove as necessary. -* Edit this readme with pertinent info, delete thse instructions. -* Finally edit the `travis.yml`. Customize the build branch,and the vars for `BASEIMAGE` and `MODNAME` -* Submit PR against the branch created by the team \ No newline at end of file +If adding multiple mods, enter them in an array separated by `|`, such as `DOCKER_MODS=linuxserver/mods:openssh-server-openssh-client|linuxserver/mods:openssh-server-mod2` \ No newline at end of file diff --git a/root/etc/cont-init.d/99-openssh-client b/root/etc/cont-init.d/99-openssh-client new file mode 100644 index 00000000..72dbb890 --- /dev/null +++ b/root/etc/cont-init.d/99-openssh-client @@ -0,0 +1,4 @@ +#!/usr/bin/with-contenv bash + +echo "**** installing openssh-client ****" +apk add --no-cache openssh-client diff --git a/root/etc/cont-init.d/99-vpn-config b/root/etc/cont-init.d/99-vpn-config deleted file mode 100644 index a5f91276..00000000 --- a/root/etc/cont-init.d/99-vpn-config +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/with-contenv bash - -# Determine if setup is needed -if [ ! -f /usr/local/lib/python***/dist-packages/sshuttle ] && \ -[ -f /usr/bin/apt ]; then - ## Ubuntu - apt-get update - apt-get install --no-install-recommends -y \ - iptables \ - openssh-client \ - python3 \ - python3-pip - pip3 install sshuttle -fi -if [ ! -f /usr/lib/python***/site-packages/sshuttle ] && \ -[ -f /sbin/apk ]; then - # Alpine - apk add --no-cache \ - iptables \ - openssh \ - py3-pip \ - python3 - pip3 install sshuttle -fi - -chown -R root:root /root -chmod -R 600 /root/.ssh diff --git a/root/etc/services.d/sshvpn/run b/root/etc/services.d/sshvpn/run deleted file mode 100644 index 7d49e796..00000000 --- a/root/etc/services.d/sshvpn/run +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/with-contenv bash - -sshuttle --dns --remote root@${HOST}:${PORT} 0/0 -x 172.17.0.0/16 From 69c77e2442e08f4d67a4c0aa0528e309d4265f3f Mon Sep 17 00:00:00 2001 From: sth32 Date: Wed, 19 Feb 2020 21:56:29 +0800 Subject: [PATCH 3/3] openssh-server: add git --- .travis.yml | 4 ++-- README.md | 6 +++--- root/etc/cont-init.d/99-openssh-client | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.travis.yml b/.travis.yml index 2378522a..e7ca1265 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,7 +4,7 @@ language: shell branches: only: - - openssh-server-openssh-client + - openssh-server-git services: - docker @@ -13,7 +13,7 @@ env: global: - DOCKERHUB="linuxserver/mods" - BASEIMAGE="openssh-server" - - MODNAME="openssh-client" + - MODNAME="git" jobs: include: diff --git a/README.md b/README.md index d6b93e76..12ca70de 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # Docker mod for openssh-server -This mod adds openssh-client to openssh-server, to be installed/updated during container start. +This mod adds git to openssh-server, to be installed/updated during container start. -In openssh-server docker arguments, set an environment variable `DOCKER_MODS=linuxserver/mods:openssh-server-openssh-client` +In openssh-server docker arguments, set an environment variable `DOCKER_MODS=linuxserver/mods:openssh-server-git` -If adding multiple mods, enter them in an array separated by `|`, such as `DOCKER_MODS=linuxserver/mods:openssh-server-openssh-client|linuxserver/mods:openssh-server-mod2` \ No newline at end of file +If adding multiple mods, enter them in an array separated by `|`, such as `DOCKER_MODS=linuxserver/mods:openssh-server-git|linuxserver/mods:openssh-server-mod2` \ No newline at end of file diff --git a/root/etc/cont-init.d/99-openssh-client b/root/etc/cont-init.d/99-openssh-client index 72dbb890..83447fff 100644 --- a/root/etc/cont-init.d/99-openssh-client +++ b/root/etc/cont-init.d/99-openssh-client @@ -1,4 +1,4 @@ #!/usr/bin/with-contenv bash -echo "**** installing openssh-client ****" -apk add --no-cache openssh-client +echo "**** installing git ****" +apk add --no-cache git